@ryuenn3123/agentic-senior-core 2.5.22 → 3.0.0

package/.agent-context/skills/review-quality/benchmark.md

@@ -1,30 +0,0 @@
-# Benchmarking
-
-Tier: ADVANCE
-
-Benchmarking should guide release decisions with measurable evidence rather than anecdotal impressions.
-
-## Benchmark Inputs
-
-- Baseline benchmark snapshot.
-- Current candidate benchmark output.
-- Threshold policy for acceptable deltas.
-
-## Evaluation Rules
-
-- Treat regressions above threshold as release blockers.
-- Require owner assignment for all negative deltas.
-- Re-run benchmark after remediation to verify recovery.
-
-## Reporting Standard
-
-- Include benchmark summary in release bundle.
-- Keep machine-readable JSON output for automation.
-- Track trend over time, not only single-run status.
-
-## Review Checklist
-
-- [ ] Baseline and current benchmark are comparable.
-- [ ] Threshold policy is applied consistently.
-- [ ] Regressions have owner and due date.
-- [ ] Reports are archived for audit trail.

package/.agent-context/skills/review-quality/compatibility-manifest.json

@@ -1,8 +0,0 @@
-{
-  "schemaVersion": "compatibility-manifest-v1",
-  "artifactType": "skill-domain",
-  "domain": "review-quality",
-  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
-  "nodeMin": "18",
-  "platforms": ["windows", "linux", "macos"]
-}

package/.agent-context/skills/review-quality/package.json

@@ -1,5 +0,0 @@
-{
-  "name": "@agentic-skills/review-quality",
-  "version": "1.0.0",
-  "author": "agentic"
-}

package/.agent-context/skills/review-quality/planning.md

@@ -1,38 +0,0 @@
-# Planning
-
-Tier: EXPERT
-
-Planning quality determines implementation quality. Non-trivial work should start with a scoped, testable plan.
-
-## Planning Standard
-
-- Define objective, scope, and non-goals.
-- Identify architecture boundaries affected.
-- Document risk, rollback, and validation strategy.
-- Break work into reviewable increments.
-
-## Required Plan Artifacts
-
-- Implementation steps with expected output.
-- File impact map.
-- Test strategy and acceptance criteria.
-- Migration notes if behavior changes.
-
-## Scope Control
-
-- Avoid unrelated refactors in feature commits.
-- Split high-risk work into isolated checkpoints.
-- Preserve public API compatibility unless explicitly versioned.
-
-## Evidence Discipline
-
-- Attach command output for validation and test evidence.
-- Keep assumption logs explicit so reviewers can challenge unknowns early.
-- Ensure rollback path is documented before implementation starts.
-
-## Review Checklist
-
-- [ ] Plan includes explicit success criteria.
-- [ ] Risks and mitigations are documented.
-- [ ] Validation commands are defined.
-- [ ] Scope remains aligned with original objective.

package/.agent-context/skills/review-quality/release-decision.md

@@ -1,49 +0,0 @@
-# Release Decisioning
-
-Tier: EXPERT
-
-Release decisioning converts technical signals into explicit ship, hold, or rollback recommendations with ownership.
-
-## Decision Inputs
-
-Use a standardized input set for every release review:
-
-- Validation and test status.
-- Release gate and forbidden-content status.
-- Benchmark and quality trend posture.
-- Security and architecture findings.
-- Trust-tier posture for required skill domains.
-
-## Decision Outcomes
-
-Each review must conclude with one outcome:
-
-- Ship: all mandatory gates pass and no unresolved critical findings.
-- Hold: one or more blockers remain unresolved.
-- Rollback: post-release signal confirms unacceptable risk or regression.
-
-## Blocker Policy
-
-A blocker record needs:
-
-- Title and category.
-- Owner and deadline.
-- User impact statement.
-- Mitigation and validation command.
-
-No blocker should remain in implicit or undocumented state.
-
-## Escalation Rules
-
-Escalate to maintainers immediately when:
-
-- Critical security issue is detected.
-- Gate output becomes inconsistent across environments.
-- Rollback readiness cannot be proven.
-
-## Review Checklist
-
-- [ ] Decision outcome is explicit (ship/hold/rollback).
-- [ ] Blockers include owner and due date.
-- [ ] Validation evidence is attached to decision log.
-- [ ] Escalation happened for critical unresolved risks.

package/.agent-context/skills/review-quality/security.md

@@ -1,34 +0,0 @@
-# Security
-
-Tier: EXPERT
-
-Security review is a release gate. Critical vulnerabilities must halt feature rollout until resolved.
-
-## Security Halt Policy
-
-Immediately block release when any of the following are present:
-- Hardcoded credentials or tokens.
-- Injection vulnerabilities (SQL/command/template).
-- Authentication or authorization bypass.
-- Unvalidated external input entering privileged paths.
-
-## Boundary Safeguards
-
-- Validate external input at transport boundary.
-- Enforce parameterized queries.
-- Limit privilege scope for runtime credentials.
-- Keep secrets in approved secret stores.
-
-## Review Expectations
-
-- Threat model relevant attack surfaces.
-- Verify dependency vulnerability posture.
-- Confirm error messages do not leak sensitive internals.
-- Confirm audit logs exist for security-sensitive actions.
-
-## Review Checklist
-
-- [ ] No critical vulnerability remains open.
-- [ ] Input and output boundaries are validated.
-- [ ] Secret handling follows policy.
-- [ ] Least-privilege access is enforced.

package/.agent-context/skills/review-quality/tests/.gitkeep

@@ -1 +0,0 @@
-# Review-quality skill test fixtures placeholder

package/.agent-context/skills/review-quality.md

@@ -1,34 +0,0 @@
-# Review Quality Skill Pack
-
-Default tier: `expert`
-
-## Purpose
-Turn code review, planning, and benchmark output into explicit quality decisions.
-
-## In Scope
-- Plan-first workflows
-- Reviewer self-critique
-- Benchmark interpretation
-- Security and architecture audits
-- Evidence-driven approval
-- Explicit release decisions with blocker tracking and ownership
-
-## Must-Have Checks
-- Every rejection includes a reason and a fix
-- Every approval includes evidence
-- Benchmark deltas are explicit
-- Security findings stop release when critical
-- Release readiness verdict includes blockers, owner, and due date
-- Formal review artifacts use plain, human-first language and avoid AI cliches
-- No emoji in formal review output, release notes, and governance summaries
-- Claims include measurable evidence with source and timestamp
-
-## Evidence
-- PR review report
-- Security audit output
-- Benchmark report
-- Approval or rejection rationale
-- Weekly governance report and release readiness summary
-
-## Fallback
-- Standard mode can be used only for low-risk maintenance and still requires written evidence.

package/.agent-context/stacks/csharp.md

@@ -1,149 +0,0 @@
-# C# / .NET Stack Profile — Modern C#, Minimal Ceremony
-
-> C# has evolved massively. Use the modern features.
-> If your code looks like it's from 2015, it's wrong.
-
-## Language Version: C# 14+ / .NET 10 LTS
-
-.NET 10 is the latest LTS release (November 2025, 3 years support). C# 14 ships with .NET 10. Use modern features: records, primary constructors, extension members, nullable reference types.
-
-### Nullable Reference Types (Mandatory)
-```xml
-<!-- In .csproj — ALWAYS enabled -->
-<PropertyGroup>
-    <Nullable>enable</Nullable>
-    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
-</PropertyGroup>
-```
-
-### Records for DTOs and Value Objects
-```csharp
-// BANNED: Mutable class with manual properties
-public class UserDto {
-    public string Name { get; set; }
-    public string Email { get; set; }
-}
-
-// REQUIRED: Immutable record
-public record CreateUserRequest(string Name, string Email, int Age);
-public record UserResponse(Guid Id, string Name, string Email, DateTime CreatedAt);
-```
-
-### Primary Constructors (C# 12+)
-```csharp
-// Clean dependency injection
-public class UserService(IUserRepository userRepository, ILogger<UserService> logger)
-{
-    public async Task<UserResponse> CreateAsync(CreateUserRequest request)
-    {
-        logger.LogInformation("Creating user {Email}", request.Email);
-        var user = await userRepository.CreateAsync(request);
-        return user.ToResponse();
-    }
-}
-```
-
----
-
-## Validation at Boundaries
-
-### Minimal API with FluentValidation
-```csharp
-public class CreateUserValidator : AbstractValidator<CreateUserRequest>
-{
-    public CreateUserValidator()
-    {
-        RuleFor(x => x.Name).NotEmpty().MaximumLength(100);
-        RuleFor(x => x.Email).NotEmpty().EmailAddress();
-        RuleFor(x => x.Age).InclusiveBetween(13, 150);
-    }
-}
-
-app.MapPost("/users", async (CreateUserRequest request, IValidator<CreateUserRequest> validator,
-    UserService userService) =>
-{
-    var validation = await validator.ValidateAsync(request);
-    if (!validation.IsValid)
-        return Results.ValidationProblem(validation.ToDictionary());
-
-    var user = await userService.CreateAsync(request);
-    return Results.Created($"/users/{user.Id}", user);
-});
-```
-
----
-
-## Project Structure
-
-```
-ProjectName/
-├── src/
-│   ├── ProjectName.Api/                    # Presentation/Transport layer
-│   │   ├── Program.cs                      # Entry point + DI setup
-│   │   ├── Endpoints/
-│   │   │   ├── UserEndpoints.cs            # Minimal API route definitions
-│   │   │   └── OrderEndpoints.cs
-│   │   ├── Middleware/
-│   │   │   └── ExceptionMiddleware.cs
-│   │   └── appsettings.json
-│   │
-│   ├── ProjectName.Application/            # Business logic layer
-│   │   ├── Users/
-│   │   │   ├── UserService.cs
-│   │   │   ├── CreateUserRequest.cs        # DTOs / records
-│   │   │   └── UserResponse.cs
-│   │   └── Common/
-│   │       ├── AppError.cs
-│   │       └── IUnitOfWork.cs
-│   │
-│   ├── ProjectName.Domain/                 # Domain entities (no dependencies)
-│   │   ├── Entities/
-│   │   │   └── User.cs
-│   │   └── Interfaces/
-│   │       └── IUserRepository.cs          # Repository contracts
-│   │
-│   └── ProjectName.Infrastructure/         # Data access, external services
-│       ├── Persistence/
-│       │   ├── AppDbContext.cs              # EF Core DbContext
-│       │   └── UserRepository.cs           # Repository implementation
-│       ├── Migrations/
-│       └── DependencyInjection.cs          # Extension methods for DI
-│
-└── tests/
-    ├── ProjectName.UnitTests/
-    └── ProjectName.IntegrationTests/
-```
-
----
-
-## Preferred Libraries
-
-| Need | Library | Why |
-|------|---------|-----|
-| Framework | ASP.NET Core 10 Minimal APIs | LTS, lightweight, OpenAPI 3.1, passkey auth |
-| ORM | EF Core 10 | LINQ, migrations, vector search, JSON types |
-| Validation | FluentValidation | Expressive, testable, separates concerns |
-| Testing | xUnit + NSubstitute + Testcontainers | Industry standard for .NET |
-| Logging | Serilog + structured sinks | Best structured logging for .NET |
-| API docs | Swashbuckle / NSwag | OpenAPI auto-generation |
-| Mapping | Mapster or manual extension methods | Mapster faster than AutoMapper |
-| HTTP client | `IHttpClientFactory` | Pooled, resilient, built-in |
-| Configuration | Options pattern + `IOptions<T>` | Type-safe, validated config |
-| Auth | ASP.NET Core Identity / JWT / Passkeys | Built-in passkey support in .NET 10 |
-| Cloud-native | .NET Aspire | Orchestration, observability, service defaults |
-
----
-
-## Banned Patterns
-
-| Pattern | Why | Alternative |
-|---------|-----|-------------|
-| `Nullable` disabled | NRE everywhere | Always `<Nullable>enable</Nullable>` |
-| `dynamic` type | No compile-time safety | Generics or strong types |
-| Service Locator | Hidden dependencies | Constructor injection |
-| `async void` | Unhandled exceptions crash the app | `async Task` always |
-| `string.Format` for SQL | SQL injection | EF Core LINQ or parameterized |
-| AutoMapper overuse | Magic mapping hides bugs | Manual mapping or Mapster |
-| Throw in constructor | Breaks DI container | Factory methods or validation |
-| `static` classes for services | Untestable, no DI | Interface + DI registration |
-| Controllers with business logic | Layer leak | Thin controllers, services layer |

package/.agent-context/stacks/flutter.md

@@ -1,16 +0,0 @@
-# Flutter Stack
-
-Use this stack for cross-platform mobile applications built with Flutter.
-
-## Core Guidance
-
-- Keep presentation widgets small and move state orchestration into dedicated controllers or services.
-- Separate platform channels, navigation, and business rules from widget composition.
-- Validate API payloads at the boundary and avoid spreading transport concerns into UI code.
-- Optimize build and release flows early because mobile packaging regressions are costly.
-
-## Recommended Pairings
-
-- `mobile-app` blueprint for the starter architecture.
-- `frontend` skill domain for interface composition and interaction design.
-- `fullstack` skill domain when the product includes backend coordination.

package/.agent-context/stacks/go.md

@@ -1,181 +0,0 @@
-# Go Stack Profile — Simple, Explicit, Fast
-
-> Go's superpower is simplicity. Don't fight it.
-> No magic, no abstractions for the sake of abstractions.
-
-## Core Principles
-
-1. **Accept interfaces, return structs** — keep APIs flexible, implementations concrete
-2. **Errors are values** — handle them explicitly, don't panic
-3. **Stdlib first** — Go's standard library is excellent, use it before reaching for packages
-4. **Small interfaces** — 1-2 methods max. `io.Reader` has one method for a reason
-
----
-
-## Error Handling (The Go Way)
-
-### Rule: Always Check Errors, Never Ignore
-
-```go
-// BANNED: Ignoring errors
-result, _ := doSomething()
-json.Unmarshal(data, &out)  // Error silently ignored
-
-// REQUIRED: Handle every error
-result, err := doSomething()
-if err != nil {
-    return fmt.Errorf("failed to do something: %w", err)
-}
-```
-
-### Wrapping Errors for Context
-```go
-// BANNED: Bare error return
-if err != nil {
-    return err  // Caller has no idea where this came from
-}
-
-// REQUIRED: Wrap with context using %w
-if err != nil {
-    return fmt.Errorf("creating user %q: %w", req.Email, err)
-}
-// Produces: "creating user "jane@example.com": duplicate key value"
-```
-
-### Custom Error Types
-```go
-type NotFoundError struct {
-    Resource string
-    ID       string
-}
-
-func (e *NotFoundError) Error() string {
-    return fmt.Sprintf("%s not found: %s", e.Resource, e.ID)
-}
-
-// Check with errors.As
-var notFound *NotFoundError
-if errors.As(err, &notFound) {
-    http.Error(w, notFound.Error(), http.StatusNotFound)
-}
-```
-
----
-
-## Project Structure
-
-```
-project-name/
-├── cmd/
-│   └── server/
-│       └── main.go                     # Entry point
-│
-├── internal/                           # Private application code
-│   ├── user/
-│   │   ├── handler.go                  # HTTP handlers (transport)
-│   │   ├── service.go                  # Business logic
-│   │   ├── repository.go              # Data access
-│   │   ├── model.go                    # Domain types
-│   │   └── user_test.go               # Tests alongside code
-│   │
-│   ├── order/
-│   │   └── ...
-│   │
-│   └── platform/                       # Cross-cutting infrastructure
-│       ├── config/
-│       │   └── config.go               # Env-validated configuration
-│       ├── database/
-│       │   └── postgres.go             # DB connection setup
-│       ├── logger/
-│       │   └── logger.go               # Structured logging (slog)
-│       └── middleware/
-│           ├── auth.go
-│           └── logging.go
-│
-├── api/                                # API definitions (OpenAPI, proto)
-│   └── openapi.yaml
-│
-├── go.mod
-├── go.sum
-├── Makefile                            # Build/test/lint commands
-└── Dockerfile
-```
-
-### Key Rule: `internal/` is Private
-Everything in `internal/` is invisible to external importers. This is Go's built-in encapsulation. Use it.
-
----
-
-## Interface Design
-
-```go
-// BANNED: Large interfaces
-type UserService interface {
-    Create(ctx context.Context, req CreateUserReq) (*User, error)
-    Update(ctx context.Context, id string, req UpdateUserReq) (*User, error)
-    Delete(ctx context.Context, id string) error
-    GetByID(ctx context.Context, id string) (*User, error)
-    GetByEmail(ctx context.Context, email string) (*User, error)
-    ListAll(ctx context.Context) ([]*User, error)
-    // 10 more methods...
-}
-
-// REQUIRED: Small, focused interfaces (1-3 methods)
-type UserCreator interface {
-    Create(ctx context.Context, req CreateUserReq) (*User, error)
-}
-
-type UserFinder interface {
-    GetByID(ctx context.Context, id string) (*User, error)
-}
-```
-
-**Rule:** Define interfaces where they are CONSUMED, not where they are implemented.
-
----
-
-## Context Usage
-
-```go
-// REQUIRED: First parameter is always context.Context
-func (s *UserService) Create(ctx context.Context, req CreateUserReq) (*User, error) {
-    // Pass context to all downstream calls
-    user, err := s.repo.Insert(ctx, req)
-    // ...
-}
-
-// BANNED: context.Background() deep inside application code
-// Use it ONLY at the entry point (main, HTTP handler setup, test setup)
-```
-
----
-
-## Preferred Libraries
-
-| Need | Library | Why |
-|------|---------|-----|
-| HTTP router | `net/http` (Go 1.22+) / `chi` | Stdlib router is now excellent |
-| Logging | `log/slog` (stdlib) | Structured, leveled, built-in since Go 1.21 |
-| Configuration | `caarlos0/env` + struct tags | Simple, typed env parsing |
-| Database | `database/sql` + `pgx` / `sqlc` | `sqlc` generates type-safe Go from SQL |
-| Migration | `golang-migrate/migrate` | SQL-based, driver-agnostic |
-| Testing | stdlib `testing` + `testify` | `testify` for assertions only |
-| Validation | `go-playground/validator` | Struct tag validation |
-| HTTP client | `net/http` (stdlib) | Sufficient for most needs |
-| JSON | `encoding/json` (stdlib) / `json-iterator` | Stdlib first |
-| API docs | `swaggo/swag` | Auto-generates OpenAPI from comments |
-
----
-
-## Banned Patterns
-
-| Pattern | Why | Alternative |
-|---------|-----|-------------|
-| `_ = err` or ignoring error | Silent failures | Always handle `err` |
-| `panic()` in library code | Crashes the program | Return errors |
-| `init()` functions | Hidden side effects, hard to test | Explicit initialization |
-| Global mutable state | Concurrency bugs, untestable | Dependency injection |
-| `interface{}` / `any` everywhere | No type safety | Generics (Go 1.18+) or specific types |
-| ORM magic (GORM) | Hidden queries, N+1 traps | `sqlc` or raw `database/sql` |
-| Huge packages | Violates SRP | Split into focused packages |
-| Shared `utils` package | Kitchen sink, circular deps | Domain-specific helpers |

package/.agent-context/stacks/java.md

@@ -1,135 +0,0 @@
-# Java Stack Profile — Enterprise Without the Bloat
-
-> Java can be clean. It just needs discipline.
-> Stop writing 200-line classes for a 10-line operation.
-
-## Language Version: Java 25+ (LTS)
-
-Java 25 is the latest LTS release (September 2025, supported until 2033). Use modern Java features aggressively. Do not write pre-Java 21 style code.
-
-### Records Over POJOs
-```java
-// BANNED: 80-line POJO with getters, setters, equals, hashCode
-public class UserDto {
-    private String name;
-    private String email;
-    public String getName() { return name; }
-    public void setName(String name) { this.name = name; }
-    // ... 60 more lines of boilerplate
-}
-
-// REQUIRED: Record (immutable, auto-generates equals/hashCode/toString)
-public record UserDto(String name, String email) {}
-```
-
-### Sealed Classes for Domain Variants
-```java
-// Model fixed set of states or outcomes
-public sealed interface PaymentResult
-    permits PaymentResult.Success, PaymentResult.Failed, PaymentResult.Pending {
-
-    record Success(String transactionId, BigDecimal amount) implements PaymentResult {}
-    record Failed(String reason, String errorCode) implements PaymentResult {}
-    record Pending(String retryAfter) implements PaymentResult {}
-}
-```
-
-### Pattern Matching
-```java
-// Use switch expressions with pattern matching (Java 21)
-return switch (result) {
-    case Success s -> ResponseEntity.ok(s);
-    case Failed f -> ResponseEntity.badRequest().body(f.reason());
-    case Pending p -> ResponseEntity.accepted().body(p);
-};
-```
-
----
-
-## Validation at Boundaries: Jakarta Bean Validation
-
-```java
-public record CreateUserRequest(
-    @NotBlank @Size(max = 100) String name,
-    @NotBlank @Email String email,
-    @Min(13) @Max(150) int age
-) {}
-
-@PostMapping("/users")
-public ResponseEntity<UserResponse> createUser(@Valid @RequestBody CreateUserRequest request) {
-    // request is validated by the framework before reaching this method
-    return ResponseEntity.status(201).body(userService.create(request));
-}
-```
-
----
-
-## Project Structure (Spring Boot 4)
-
-```
-project-name/
-├── src/main/java/com/example/project/
-│   ├── Application.java                    # Entry point
-│   │
-│   ├── modules/
-│   │   ├── user/
-│   │   │   ├── UserController.java         # Transport (REST)
-│   │   │   ├── UserService.java            # Business logic
-│   │   │   ├── UserRepository.java         # Data access (Spring Data)
-│   │   │   ├── dto/
-│   │   │   │   ├── CreateUserRequest.java  # Input validation (record)
-│   │   │   │   └── UserResponse.java       # Output (record)
-│   │   │   ├── entity/
-│   │   │   │   └── UserEntity.java         # JPA entity
-│   │   │   └── exception/
-│   │   │       └── UserNotFoundException.java
-│   │   └── order/
-│   │       └── ...
-│   │
-│   └── shared/
-│       ├── config/                          # Configuration classes
-│       ├── exception/
-│       │   └── GlobalExceptionHandler.java  # @ControllerAdvice
-│       ├── security/                        # Security config
-│       └── util/                            # Cross-cutting utilities
-│
-├── src/main/resources/
-│   ├── application.yml
-│   └── db/migration/                        # Flyway migrations
-│
-└── src/test/java/com/example/project/
-    └── modules/user/
-        └── UserServiceTest.java
-```
-
----
-
-## Preferred Libraries
-
-| Need | Library | Why |
-|------|---------|-----|
-| Framework | Spring Boot 4.x (Spring Framework 7) | Industry standard, virtual threads native support |
-| Validation | Jakarta Bean Validation | Built into Spring Boot |
-| ORM | Spring Data JPA / Hibernate | Standard, powerful |
-| Migration | Flyway | SQL-based, version controlled |
-| Mapping | MapStruct | Compile-time, type-safe DTO mapping |
-| Testing | JUnit 5 + Mockito + Testcontainers | Standard stack |
-| HTTP client | Spring RestClient / WebClient | RestClient (sync, new in Boot 4), WebClient (reactive) |
-| Logging | SLF4J + Logback (or Log4j2) | Standard, structured JSON output |
-| Build | Gradle (Kotlin DSL) or Maven | Gradle preferred for modern projects |
-| API docs | springdoc-openapi | Auto-generates OpenAPI from code |
-
----
-
-## Banned Patterns
-
-| Pattern | Why | Alternative |
-|---------|-----|-------------|
-| Raw `String` for IDs | No type safety | `UUID` or typed ID wrapper |
-| `null` returns | NullPointerException bait | `Optional<T>` for query results |
-| Checked Exception abuse | Forces catch-or-throw chains | Unchecked `RuntimeException` subclasses |
-| Field injection (`@Autowired`) | Hidden deps, untestable | Constructor injection |
-| `System.out.println` | Not structured, not configurable | SLF4J logger |
-| Deep class hierarchies | Fragile, hard to reason | Composition + interfaces |
-| God services (500+ lines) | Violates SRP | Split into focused services |
-| `@Transactional` on controller | Layer leak | Only on service methods |