@sienklogic/plan-build-run 2.0.0

package/plugins/pbr/contexts/review.md

@@ -0,0 +1,36 @@
+# Review Mode
+
+You are in code review mode. Read thoroughly, assess critically, and prioritize by impact.
+
+## Behavioral Profile
+
+- **Primary tools**: Read, Glob, Grep
+- **Secondary tools**: Bash (for running tests to verify claims)
+- **Risk tolerance**: Very low — identify problems, do NOT fix them unless asked
+- **Verbosity**: Medium — concise issue descriptions with clear evidence
+- **Decision style**: Report findings with severity levels. Let the developer decide what to fix.
+
+## Guidelines
+
+- Read the full diff or file before commenting. Don't flag issues based on partial reads.
+- Prioritize by severity: CRITICAL > HIGH > MEDIUM > LOW. Only report CRITICAL and HIGH by default.
+- Every issue must include: what's wrong, where it is (file:line), why it matters, and a suggested fix.
+- Check for security vulnerabilities (injection, auth bypass, data exposure) before style issues.
+- Verify claims by tracing execution paths — don't flag hypothetical issues without evidence.
+- Check that tests exist and cover the changes. Note untested paths.
+- Assess whether the change achieves its stated goal, not just whether the code is clean.
+
+## Severity Levels
+
+- **CRITICAL**: Security vulnerability, data loss risk, or crash in production path
+- **HIGH**: Logic error, missing error handling in critical path, or regression
+- **MEDIUM**: Code quality issue that increases maintenance burden
+- **LOW**: Style preference, minor optimization opportunity, or nitpick
+
+## Anti-Patterns
+
+- Do NOT fix code during review — report issues for the developer to address
+- Do NOT flag style preferences as bugs
+- Do NOT report every possible issue — focus on what actually matters
+- Do NOT assume bugs without tracing the execution path
+- Do NOT write lengthy explanations for obvious issues

package/plugins/pbr/hooks/hooks.json

@@ -0,0 +1,183 @@
+{
+  "$schema": "../scripts/hooks-schema.json",
+  "description": "Plan-Build-Run workflow hooks for state tracking, validation, and auto-continuation",
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/progress-tracker.js",
+            "statusMessage": "Loading project state..."
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/post-write-dispatch.js",
+            "statusMessage": "Validating write output..."
+          }
+        ]
+      },
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/post-write-quality.js",
+            "statusMessage": "Running quality checks..."
+          }
+        ]
+      },
+      {
+        "matcher": "Task",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/check-subagent-output.js",
+            "statusMessage": "Validating agent output..."
+          }
+        ]
+      },
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/suggest-compact.js",
+            "statusMessage": "Checking context budget..."
+          }
+        ]
+      },
+      {
+        "matcher": "Read",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/track-context-budget.js",
+            "statusMessage": "Tracking context budget..."
+          }
+        ]
+      }
+    ],
+    "PostToolUseFailure": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/log-tool-failure.js",
+            "statusMessage": "Logging tool failure..."
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/pre-bash-dispatch.js",
+            "statusMessage": "Validating Bash command..."
+          }
+        ]
+      },
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/pre-write-dispatch.js",
+            "statusMessage": "Checking write rules..."
+          }
+        ]
+      }
+    ],
+    "PreCompact": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/context-budget-check.js",
+            "statusMessage": "Preserving state before compaction..."
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/auto-continue.js",
+            "statusMessage": "Checking for next command..."
+          }
+        ]
+      }
+    ],
+    "SubagentStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/log-subagent.js start",
+            "statusMessage": "Logging agent spawn..."
+          }
+        ]
+      }
+    ],
+    "SubagentStop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/log-subagent.js stop",
+            "statusMessage": "Logging agent completion...",
+            "async": true,
+            "timeout": 30
+          }
+        ]
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/event-handler.js",
+            "statusMessage": "Checking for auto-verification...",
+            "async": true,
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "TaskCompleted": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/task-completed.js",
+            "statusMessage": "Processing task completion..."
+          }
+        ]
+      }
+    ],
+    "SessionEnd": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/scripts/session-cleanup.js",
+            "statusMessage": "Cleaning up session...",
+            "async": true,
+            "timeout": 30
+          }
+        ]
+      }
+    ]
+  }
+}

package/plugins/pbr/references/agent-anti-patterns.md

@@ -0,0 +1,24 @@
+# Universal Agent Anti-Patterns
+
+These anti-patterns apply to ALL Plan-Build-Run agents. Each agent also has role-specific anti-patterns defined in its own agent file.
+
+## Evidence and Verification
+
+1. **DO NOT** guess, assume, or rely on cached knowledge when codebase evidence is available. Read the actual files.
+2. **DO NOT** trust claims in SUMMARY.md, PLAN.md, or other agent outputs without verifying against the real codebase.
+3. **DO NOT** use subjective or vague language ("seems okay", "looks fine", "probably works"). Be specific and evidence-based.
+4. **DO NOT** present training knowledge as verified fact. Flag unverified claims explicitly.
+
+## Scope and Boundaries
+
+5. **DO NOT** exceed your role. If a task belongs to another agent, stop and recommend the correct agent.
+6. **DO NOT** modify files outside your designated scope. Read-only agents must not attempt fixes. Executors must not modify plans.
+7. **DO NOT** add features, ideas, or scope not requested. Log scope creep to deferred items instead.
+8. **DO NOT** skip steps in your verification or execution protocol, even for "obvious" cases.
+
+## Context and State
+
+9. **DO NOT** contradict locked decisions in CONTEXT.md. These are non-negotiable.
+10. **DO NOT** implement deferred ideas from CONTEXT.md. They do not exist for your purposes.
+11. **DO NOT** consume more than 50% of your context window before producing output. Write incrementally.
+12. **DO NOT** read agent definition files from `agents/*.md`. Agent definitions are auto-loaded by Claude Code via `subagent_type`. Reading them wastes context.

package/plugins/pbr/references/agent-interactions.md

@@ -0,0 +1,134 @@
+# Agent Interaction Map
+
+This document shows how Plan-Build-Run agents communicate through files on disk. Agents never message each other directly -- they read and write shared files in `.planning/`.
+
+## Interaction Graph
+
+```
+                    User / Orchestrator
+                     |           ^
+                     v           |
+              +--------------+   |
+              |  researcher  |---+---> planner
+              +--------------+         |    ^
+                     |                 v    |
+              +--------------+   +--------------+
+              | synthesizer  |   | plan-checker |
+              +--------------+   +--------------+
+                                       |
+                                       v
+                                 +-----------+
+                                 |  executor  |
+                                 +-----------+
+                                       |
+                                       v
+                                 +-----------+
+                                 |  verifier  |----> planner (gap closure)
+                                 +-----------+
+                                       |
+                                       v
+                              +--------------------+
+                              | integration-checker|
+                              +--------------------+
+```
+
+## Per-Agent Interaction Details
+
+### researcher
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | User/Orchestrator | Research topics, CONTEXT.md constraints, phase goals |
+| Produces for | planner | Research documents with technology details and recommendations |
+| Produces for | synthesizer | Research documents to be combined |
+| Produces for | User | Direct reading for decision-making |
+
+### synthesizer
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | researcher | Research documents to synthesize |
+| Receives from | Orchestrator | Paths to research documents, synthesis request |
+| Produces for | planner | SUMMARY.md as consolidated research input for planning |
+| Produces for | User | High-level project/phase research overview |
+
+### planner
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | researcher | Research documents with technology details and recommendations |
+| Receives from | plan-checker | Issue reports requiring plan revision |
+| Receives from | verifier | VERIFICATION.md reports requiring gap closure plans |
+| Receives from | User/Orchestrator | Phase goals, CONTEXT.md, planning requests |
+| Produces for | plan-checker | Plan files for quality verification |
+| Produces for | executor | Plan files for execution |
+| Produces for | verifier | Must-have definitions for verification (embedded in plan frontmatter) |
+
+### plan-checker
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | Orchestrator/User | Plan files to check, phase context |
+| Receives from | planner | Newly created or revised plan files |
+| Produces for | planner | Issue reports for revision |
+| Produces for | Orchestrator/User | Pass/fail decision on plan quality |
+
+### executor
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | Orchestrator | Plan files to execute, continuation instructions |
+| Receives from | planner | The plans themselves (indirectly, via files) |
+| Produces for | verifier | SUMMARY.md for verification, committed code for inspection |
+| Produces for | Orchestrator | Checkpoint responses, completion status |
+| Produces for | planner | Deferred ideas (in SUMMARY.md) for future planning |
+
+### verifier
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | Orchestrator | Phase to verify, timing trigger |
+| Receives from | executor | Completed work (via codebase and SUMMARY.md) |
+| Receives from | Previous VERIFICATION.md | Gaps to re-check (in re-verification mode) |
+| Produces for | planner | Gap list for gap-closure planning (via VERIFICATION.md) |
+| Produces for | Orchestrator | Phase status (passed/gaps_found/human_needed) |
+| Produces for | User | Human verification items with specific test instructions |
+
+### integration-checker
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | Orchestrator | Phases to check, trigger event (milestone/review) |
+| Receives from | verifier | Phase-level verification reports (for context on per-phase status) |
+| Produces for | planner | Integration gap list for cross-phase fix plans |
+| Produces for | Orchestrator | Integration status for milestone decisions |
+| Produces for | User | Integration health overview and security issues |
+
+### debugger
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | Orchestrator/User | Bug reports, symptoms, reproduction steps |
+| Receives from | executor | Errors encountered during execution (via checkpoint responses) |
+| Receives from | verifier | Issues discovered during verification |
+| Produces for | Orchestrator/User | Root cause analysis, fix commits, checkpoint requests |
+| Produces for | planner | Findings requiring architectural changes |
+| Produces for | executor | Simple fix instructions for executor to apply |
+
+### codebase-mapper
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | Orchestrator/User | Focus area to analyze, project path |
+| Receives from | researcher | May be invoked alongside researcher for new projects |
+| Produces for | planner | STACK.md, ARCHITECTURE.md, STRUCTURE.md for informed planning |
+| Produces for | executor | CONVENTIONS.md for code style, TESTING.md for test patterns |
+| Produces for | verifier | All documents as reference for what "correct" looks like |
+| Produces for | User | Direct reading for project understanding |
+
+### general
+
+| Direction | Agent/Role | What |
+|-----------|-----------|------|
+| Receives from | Orchestrator/User | Ad-hoc task instructions |
+| Produces for | Orchestrator/User | Task output (files, formatting, config changes) |

package/plugins/pbr/references/agent-teams.md

@@ -0,0 +1,54 @@
+# Agent Teams Reference
+
+Agent Teams enable parallel specialist perspectives for critical phases. Teams are off by default.
+
+## Activation
+
+- **Global**: Set `parallelization.use_teams: true` in `.planning/config.json`
+- **Per-invocation**: Use `--teams` flag on `/pbr:plan`, `/pbr:review`, or `/pbr:build --team`
+- Per-invocation flag takes precedence over global config
+
+## Planning Teams
+
+When `/pbr:plan <N> --teams` is invoked, three specialist agents run in parallel:
+
+| Role | Agent | Focus | Output File |
+|------|-------|-------|-------------|
+| Architect | planner | Structure, dependencies, wave ordering, file boundaries | `.planning/phases/{NN}/team/architect-PLAN.md` |
+| Security Reviewer | planner | Auth, input validation, secrets handling, permission checks | `.planning/phases/{NN}/team/security-PLAN.md` |
+| Test Designer | planner | Test strategy, coverage targets, edge cases, TDD candidates | `.planning/phases/{NN}/team/test-PLAN.md` |
+
+All three use the `planner` agent with different prompts. The orchestrator includes the role and focus in the Task() spawn prompt.
+
+After all three complete, the synthesizer agent reads all team outputs and produces the final unified PLAN.md files.
+
+## Review Teams
+
+When `/pbr:review <N>` runs with teams enabled, three review agents run in parallel:
+
+| Role | Agent | Focus | Output File |
+|------|-------|-------|-------------|
+| Functional Reviewer | verifier | Must-haves met, code correctness, completeness | `.planning/phases/{NN}/team/functional-VERIFY.md` |
+| Security Auditor | verifier | Vulnerabilities, auth bypass, injection, secrets exposure | `.planning/phases/{NN}/team/security-VERIFY.md` |
+| Performance Analyst | verifier | N+1 queries, memory leaks, bundle size, unnecessary re-renders | `.planning/phases/{NN}/team/performance-VERIFY.md` |
+
+All three use the `verifier` agent with different prompts. The synthesizer combines them into a unified VERIFICATION.md.
+
+## File-Based Coordination
+
+Team members write to separate files in a `team/` subdirectory. This avoids file conflicts:
+```
+.planning/phases/{NN}-{slug}/
+  team/
+    architect-PLAN.md
+    security-PLAN.md
+    test-PLAN.md
+```
+
+The synthesizer reads all files in `team/` and produces the final artifact. The `team/` directory is kept for audit purposes but is not read by subsequent skills.
+
+## When to Use Teams
+
+- **Recommended**: Security-critical phases, architectural phases, public API design
+- **Not recommended**: Simple refactors, documentation, configuration changes
+- **Cost consideration**: Teams triple the agent spawns. Use only when the additional perspectives justify the cost.

package/plugins/pbr/references/checkpoints.md

@@ -0,0 +1,157 @@
+# Checkpoints Reference
+
+How Plan-Build-Run uses checkpoint tasks to pause execution and involve the human.
+
+---
+
+## What Are Checkpoints?
+
+Checkpoints are special task types that cause the executor agent to **stop execution** and return control to the orchestrator (or the human). They exist because some tasks require human judgment, manual action, or verification that cannot be automated.
+
+Checkpoints are defined in plan task XML via the `type` attribute. When the executor encounters a checkpoint task, it follows a specific protocol depending on the checkpoint type.
+
+---
+
+## Checkpoint Types
+
+Plan-Build-Run supports three checkpoint types:
+
+### checkpoint:human-verify
+
+**Purpose**: The executor has completed work, but a human needs to visually inspect or manually test the result before proceeding.
+
+**Executor behavior**:
+1. Execute the task's `<action>` steps normally
+2. Commit the changes
+3. **STOP execution**
+4. Return a structured `CHECKPOINT: HUMAN-VERIFY` response containing:
+   - What was done (summary of action taken)
+   - What to verify (from the task's `<done>` condition)
+   - How to verify (instructions derived from `<verify>`)
+   - Completed tasks table
+   - Remaining tasks list
+
+**Use when**: The result requires subjective judgment (UI looks correct, behavior feels right, output makes sense) that automated verification cannot cover.
+
+**Example scenario**: A template was created and needs visual review in the browser, or an API integration needs manual testing with real credentials.
+
+### checkpoint:decision
+
+**Purpose**: The plan reaches a point where a human decision is needed before the executor can continue. The task is NOT executed — execution pauses before the task starts.
+
+**Executor behavior**:
+1. **STOP before executing the task**
+2. Return a structured `CHECKPOINT: DECISION` response containing:
+   - The decision that needs to be made (from `<action>`)
+   - Available options
+   - Context to help the human decide
+   - Completed tasks table
+
+**Use when**: The plan has a fork point where different approaches are possible and the right choice depends on human preference, business context, or information the planner could not determine.
+
+**Example scenario**: Choosing between two authentication providers, deciding whether to use a specific third-party library or build in-house.
+
+### checkpoint:human-action
+
+**Purpose**: The task requires something the executor cannot do — a manual step that involves the human interacting with external systems, creating accounts, or performing physical actions.
+
+**Executor behavior**:
+1. **STOP before executing the task**
+2. Return a structured `CHECKPOINT: HUMAN-ACTION` response containing:
+   - What the human needs to do (from `<action>`)
+   - Step-by-step instructions
+   - Prompt to tell the executor when done
+   - Completed tasks table
+
+**Use when**: External setup is required — creating API keys, configuring DNS, setting up OAuth applications, or any action that requires credentials or permissions the agent does not have.
+
+**Example scenario**: The human needs to create a Discord application in the Developer Portal and paste the client ID and secret into `.env`.
+
+---
+
+## Checkpoint in Plan Format
+
+Checkpoints are declared in the task's `type` attribute in the plan XML:
+
+```xml
+<task id="02-01-T3" type="checkpoint:human-verify" tdd="false">
+  <name>Verify OAuth login flow in browser</name>
+  <files>...</files>
+  <action>...</action>
+  <verify>Open browser to localhost:3000/auth/login and complete the flow</verify>
+  <done>User can log in via Discord OAuth and see their profile</done>
+</task>
+```
+
+Valid checkpoint type values:
+- `checkpoint:human-verify`
+- `checkpoint:decision`
+- `checkpoint:human-action`
+
+Non-checkpoint task types use `type="auto"`.
+
+---
+
+## Autonomous vs Non-Autonomous Plans
+
+The plan frontmatter field `autonomous: true|false` indicates whether a plan contains checkpoint tasks:
+
+| Value | Meaning |
+|-------|---------|
+| `autonomous: true` | No checkpoint tasks. The executor can complete all tasks without human intervention. |
+| `autonomous: false` | Contains at least one checkpoint task. Execution will pause at some point. |
+
+The build orchestrator uses this field to determine execution strategy:
+- Autonomous plans can be executed in parallel with other autonomous plans in the same wave
+- Non-autonomous plans may block the wave while waiting for human input
+- The orchestrator tracks checkpoint state in `.checkpoint-manifest.json`
+
+---
+
+## Continuation Protocol
+
+After a checkpoint is resolved (human provides their answer, completes their action, or confirms verification), the orchestrator spawns a **fresh continuation executor** to resume from where the checkpoint paused.
+
+The continuation executor receives:
+1. The full plan content
+2. A table of completed tasks with their commit hashes
+3. The checkpoint resolution (what the human decided or confirmed)
+4. The task number to resume from
+5. The same project context as the original executor
+
+**Key rules for continuation**:
+- The continuation executor does NOT re-execute completed tasks
+- It reads the partial SUMMARY.md if one exists
+- It verifies prior commits exist via `git log`
+- It resumes from the next uncompleted task after the checkpoint
+
+---
+
+## Authentication Gate (Implicit Checkpoint)
+
+The executor also supports an implicit checkpoint for authentication failures. If the executor encounters an authentication error (missing API key, expired token, invalid credentials) during any task, it immediately stops and returns a `CHECKPOINT: AUTH-GATE` response.
+
+This is not declared in the plan — it triggers automatically when an auth error is detected. The response includes:
+- Which task was blocked
+- What credential is needed
+- Where to configure it
+- The actual error message
+
+---
+
+## Architectural Deviation (Implicit Checkpoint)
+
+Similarly, if the executor discovers that the plan's approach cannot work (API changed, framework limitation, dependency conflict), it stops with a `CHECKPOINT: ARCHITECTURAL-DEVIATION` response. This follows Deviation Rule 4 from the executor's deviation handling protocol.
+
+---
+
+## Best Practices for Planners
+
+When creating plans that include checkpoints:
+
+1. **Minimize checkpoint tasks** — each one pauses execution and requires human attention
+2. **Place checkpoints at natural boundaries** — after a feature is complete, not in the middle of wiring
+3. **Group manual actions** — combine related human actions into a single checkpoint rather than multiple stops
+4. **Provide clear instructions** — the `<action>` and `<verify>` elements should give the human everything they need
+5. **Consider autonomous alternatives** — if a task CAN be verified automatically, prefer `type="auto"` with a robust `<verify>` command
+6. **Set `autonomous: false`** in the plan frontmatter when any task is a checkpoint

package/plugins/pbr/references/common-bug-patterns.md

@@ -0,0 +1,13 @@
+# Common Bug Patterns
+
+Quick reference for the debugger agent. Check these patterns early — they cover ~80% of bugs.
+
+| Category | Patterns to Check |
+|----------|------------------|
+| **Off-by-one** | Loop bounds (`<` vs `<=`), 0-based vs 1-based indexing, string slice boundaries |
+| **Null/undefined** | Missing optional chaining (`?.`), default params, DB query returning null, OOB array access |
+| **Async/timing** | Missing `await`, race conditions, stale closures, handlers registered before element exists |
+| **State management** | Direct mutation vs new object, update not triggering re-render, duplicated sources of truth, stale state in closures |
+| **Import/module** | Circular imports, default vs named export mismatch, wrong file (similar names), resolution path |
+| **Environment** | Missing/wrong env var, dev vs prod differences, case sensitivity (Windows vs Linux paths) |
+| **Data shape** | API response format changed, schema/model mismatch, type mismatch between layers, missing field |