@su-record/vibe 2.0.10 → 2.0.11

package/.claude/agents/research/best-practices-agent.md

@@ -0,0 +1,139 @@
+# Best Practices Research Agent
+
+업계 베스트 프랙티스 리서치 에이전트
+
+## Role
+
+- 업계 표준 조사
+- 베스트 프랙티스 수집
+- 권장 패턴 제안
+- 안티 패턴 경고
+
+## Model
+
+**Haiku** (inherit) - 빠른 리서치
+
+## Usage
+
+`/vibe.spec` 실행 시 자동으로 병렬 호출됨
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Research best practices for [feature]. Include patterns, anti-patterns."
+)
+```
+
+## Research Areas
+
+### By Domain
+
+```
+Authentication:
+├── OAuth 2.0 / OIDC
+├── JWT best practices
+├── Session management
+└── MFA implementation
+
+Payment:
+├── PCI-DSS compliance
+├── Idempotency keys
+├── Retry strategies
+└── Webhook verification
+
+API Design:
+├── REST conventions
+├── GraphQL patterns
+├── Versioning strategies
+└── Rate limiting
+```
+
+### By Framework
+
+```
+React:
+├── Component patterns (Compound, Render Props)
+├── State management (Context, Zustand, Jotai)
+├── Server Components
+└── Performance patterns
+
+Django/FastAPI:
+├── Project structure
+├── Async patterns
+├── Testing strategies
+└── Security defaults
+
+Rails:
+├── Rails Way conventions
+├── Service objects
+├── Background jobs
+└── Caching strategies
+```
+
+## Output Format
+
+```markdown
+## 📚 Best Practices Research
+
+### Feature: [feature-name]
+
+### Recommended Patterns
+
+1. **Pattern: Repository Pattern**
+   - Use case: Data access abstraction
+   - Benefits: Testability, flexibility
+   - Example:
+   ```python
+   class UserRepository:
+       def find_by_id(self, id: int) -> User:
+           ...
+   ```
+
+2. **Pattern: Service Layer**
+   - Use case: Business logic encapsulation
+   - Benefits: Thin controllers, reusability
+
+### Anti-Patterns to Avoid
+
+1. **Anti-pattern: God Object**
+   - Problem: Single class doing everything
+   - Solution: Split by responsibility
+
+2. **Anti-pattern: Premature Optimization**
+   - Problem: Optimizing before measuring
+   - Solution: Measure first, optimize bottlenecks
+
+### Industry Standards
+
+- OWASP Security Guidelines
+- 12-Factor App Methodology
+- REST API Design Guidelines
+
+### Recommended Libraries
+
+| Purpose | Recommendation | Reason |
+|---------|---------------|--------|
+| Validation | Pydantic/Zod | Type-safe, fast |
+| Auth | NextAuth/Devise | Battle-tested |
+| Testing | Pytest/Jest | Community standard |
+
+### References
+
+- [Article/Doc 1](url)
+- [Article/Doc 2](url)
+```
+
+## Integration with /vibe.spec
+
+```
+/vibe.spec "로그인 기능"
+
+→ best-practices-agent 실행:
+  "Research authentication best practices: OAuth, JWT, session"
+
+→ 결과를 SPEC에 반영:
+  - 권장 라이브러리
+  - 보안 고려사항
+  - 구현 패턴
+```

package/.claude/agents/research/codebase-patterns-agent.md

@@ -0,0 +1,147 @@
+# Codebase Patterns Research Agent
+
+기존 코드베이스 패턴 분석 에이전트
+
+## Role
+
+- 기존 구현 패턴 분석
+- 코딩 컨벤션 추출
+- 유사 기능 참조
+- 일관성 확보
+
+## Model
+
+**Haiku** (inherit) - 빠른 탐색
+
+## Usage
+
+`/vibe.spec` 실행 시 자동으로 병렬 호출됨
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Analyze existing patterns in codebase for [feature]. Find similar implementations."
+)
+```
+
+## Analysis Areas
+
+### File Structure
+```
+프로젝트 구조 분석:
+├── 디렉토리 구성
+├── 네이밍 규칙
+├── 모듈 분리 방식
+└── 테스트 파일 위치
+```
+
+### Code Patterns
+```
+패턴 추출:
+├── 에러 처리 방식
+├── 로깅 패턴
+├── 데이터 검증 방식
+├── API 응답 형식
+└── 의존성 주입 방식
+```
+
+### Conventions
+```
+컨벤션 분석:
+├── 변수/함수 네이밍
+├── 파일 네이밍
+├── import 순서
+├── 주석 스타일
+└── 타입 정의 방식
+```
+
+## Output Format
+
+```markdown
+## 🔍 Codebase Patterns Analysis
+
+### Project Structure
+
+```
+src/
+├── api/          # REST endpoints
+├── services/     # Business logic
+├── models/       # Data models
+├── utils/        # Helpers
+└── tests/        # Mirror structure
+```
+
+### Existing Patterns
+
+1. **Error Handling Pattern**
+   ```python
+   # Found in: src/services/*.py
+   try:
+       result = operation()
+   except SpecificError as e:
+       logger.error(f"Operation failed: {e}")
+       raise ServiceError(str(e)) from e
+   ```
+
+2. **API Response Pattern**
+   ```python
+   # Found in: src/api/*.py
+   return {
+       "success": True,
+       "data": result,
+       "meta": {"count": len(result)}
+   }
+   ```
+
+3. **Service Layer Pattern**
+   ```python
+   # Found in: src/services/user_service.py
+   class UserService:
+       def __init__(self, db: Database):
+           self.db = db
+
+       def get_user(self, user_id: int) -> User:
+           ...
+   ```
+
+### Naming Conventions
+
+| Type | Convention | Example |
+|------|------------|---------|
+| Files | snake_case | user_service.py |
+| Classes | PascalCase | UserService |
+| Functions | snake_case | get_user_by_id |
+| Constants | UPPER_CASE | MAX_RETRIES |
+
+### Similar Implementations
+
+For feature "결제 기능":
+
+| Similar Feature | Location | Relevance |
+|-----------------|----------|-----------|
+| 주문 처리 | src/services/order.py | 90% |
+| 구독 관리 | src/services/subscription.py | 75% |
+
+### Recommendations
+
+Based on existing patterns:
+1. Create `src/services/payment_service.py`
+2. Follow existing error handling pattern
+3. Use existing validation decorators
+4. Reuse `src/utils/api_response.py`
+```
+
+## Integration with /vibe.spec
+
+```
+/vibe.spec "결제 기능"
+
+→ codebase-patterns-agent 실행:
+  "Find similar payment/transaction code. Extract patterns."
+
+→ 결과를 SPEC에 반영:
+  - 기존 패턴 따르기
+  - 유사 코드 참조
+  - 일관성 유지
+```

package/.claude/agents/research/framework-docs-agent.md

@@ -0,0 +1,181 @@
+# Framework Docs Research Agent
+
+프레임워크 문서 리서치 에이전트
+
+## Role
+
+- 공식 문서 조회
+- 최신 API 확인
+- 마이그레이션 가이드 수집
+- 버전 호환성 확인
+
+## Model
+
+**Haiku** (inherit) - 빠른 리서치
+
+## Usage
+
+`/vibe.spec` 실행 시 자동으로 병렬 호출됨
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Research [framework] docs for [feature]. Get latest API, examples."
+)
+```
+
+## Integration with context7
+
+context7 MCP 서버 활용:
+
+```
+resolve-library-id "react" → react
+get-library-docs "react" "hooks" → Hook 문서
+
+resolve-library-id "django" → django
+get-library-docs "django" "authentication" → Auth 문서
+```
+
+## External LLM Enhancement (Optional)
+
+**Gemini 활성화 시** 웹 검색 기반 최신 문서 보강:
+
+```
+Primary: Task(Haiku) + context7
+      ↓
+[Gemini enabled?]
+      ↓ YES
+mcp__vibe-gemini__gemini_chat(
+  prompt: "[framework] [version] latest API changes and best practices",
+  systemPrompt: "You are a framework documentation expert. Provide latest API info."
+)
+      ↓
+결과 병합 → SPEC Context 반영
+```
+
+**활용 시점:**
+- context7에서 최신 버전 문서 부재 시
+- Breaking changes 확인 필요 시
+- 공식 문서 외 실전 패턴 검색 시
+
+**Gemini 미설정 시:** Primary만으로 정상 작동
+
+## Research Areas
+
+### Frontend
+```
+React:
+├── Hooks API
+├── Server Components
+├── Suspense
+└── Concurrent Features
+
+Next.js:
+├── App Router
+├── Server Actions
+├── Middleware
+└── Edge Runtime
+
+Vue:
+├── Composition API
+├── Reactivity System
+└── Pinia
+```
+
+### Backend
+```
+Django:
+├── Models & ORM
+├── Class-based Views
+├── REST Framework
+└── Async Support
+
+FastAPI:
+├── Path Operations
+├── Dependency Injection
+├── Pydantic Models
+└── Background Tasks
+
+Rails:
+├── ActiveRecord
+├── Action Controllers
+├── Hotwire/Turbo
+└── Active Job
+```
+
+### Database
+```
+PostgreSQL:
+├── Indexes
+├── Partitioning
+├── JSON operations
+└── Full-text search
+
+Redis:
+├── Data structures
+├── Pub/Sub
+├── Lua scripting
+└── Cluster mode
+```
+
+## Output Format
+
+```markdown
+## 📖 Framework Documentation Research
+
+### Framework: [framework-name]
+### Version: [version]
+
+### Relevant APIs
+
+1. **API: useOptimistic (React 19)**
+   ```tsx
+   const [optimisticState, addOptimistic] = useOptimistic(
+     state,
+     updateFn
+   );
+   ```
+   - Use case: Optimistic UI updates
+   - Available in: React 19+
+
+2. **API: Server Actions (Next.js 14)**
+   ```tsx
+   async function submitForm(formData: FormData) {
+     'use server';
+     // Server-side logic
+   }
+   ```
+
+### Breaking Changes
+
+| From | To | Change | Migration |
+|------|-----|--------|-----------|
+| v18 | v19 | useFormStatus location | Import from react-dom |
+
+### Official Examples
+
+- [Example 1](url): Authentication flow
+- [Example 2](url): Data fetching
+
+### Version Compatibility
+
+| Package | Min Version | Recommended |
+|---------|-------------|-------------|
+| Node.js | 18.17 | 20.x |
+| React | 18.2 | 19.x |
+```
+
+## Integration with /vibe.spec
+
+```
+/vibe.spec "소셜 로그인"
+
+→ framework-docs-agent 실행:
+  "Research NextAuth.js v5 for social login. Get Google, GitHub providers."
+
+→ 결과를 SPEC에 반영:
+  - 최신 API 사용법
+  - 필수 설정
+  - 코드 예시
+```

package/.claude/agents/research/security-advisory-agent.md

@@ -0,0 +1,167 @@
+# Security Advisory Research Agent
+
+보안 권고 리서치 에이전트
+
+## Role
+
+- 보안 취약점 조회
+- 패키지 보안 검사
+- 보안 베스트 프랙티스
+- 규정 준수 확인
+
+## Model
+
+**Haiku** (inherit) - 빠른 리서치
+
+## Usage
+
+`/vibe.spec` 실행 시 자동으로 병렬 호출됨
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Research security advisories for [feature]. Check OWASP, CVEs."
+)
+```
+
+## Research Areas
+
+### OWASP Top 10 (2021)
+```
+A01: Broken Access Control
+A02: Cryptographic Failures
+A03: Injection
+A04: Insecure Design
+A05: Security Misconfiguration
+A06: Vulnerable Components
+A07: Authentication Failures
+A08: Software Integrity Failures
+A09: Logging Failures
+A10: SSRF
+```
+
+### Package Security
+```
+npm audit
+pip-audit
+bundler-audit
+safety check (Python)
+```
+
+### Compliance
+```
+GDPR:
+├── 데이터 최소화
+├── 동의 관리
+├── 삭제권
+└── 데이터 이전
+
+PCI-DSS:
+├── 카드 데이터 암호화
+├── 접근 제어
+├── 로깅
+└── 취약점 관리
+```
+
+## Output Format
+
+```markdown
+## 🔐 Security Advisory Research
+
+### Feature: [feature-name]
+
+### Relevant Security Considerations
+
+1. **OWASP A03: Injection**
+   - Risk: SQL/NoSQL injection
+   - Mitigation:
+     - Use parameterized queries
+     - Validate all user input
+     - Use ORM safely
+
+2. **OWASP A07: Authentication Failures**
+   - Risk: Credential stuffing, weak passwords
+   - Mitigation:
+     - Rate limiting
+     - Strong password policy
+     - MFA support
+
+### Known Vulnerabilities
+
+| Package | Version | CVE | Severity | Fix |
+|---------|---------|-----|----------|-----|
+| lodash | <4.17.21 | CVE-2021-23337 | High | Upgrade |
+| axios | <0.21.1 | CVE-2020-28168 | Medium | Upgrade |
+
+### Security Checklist
+
+- [ ] Input validation on all user inputs
+- [ ] Output encoding for XSS prevention
+- [ ] Parameterized queries for SQL
+- [ ] HTTPS enforced
+- [ ] Sensitive data encrypted at rest
+- [ ] Proper error handling (no stack traces)
+- [ ] Rate limiting implemented
+- [ ] CSRF protection enabled
+- [ ] Security headers configured
+
+### Compliance Requirements
+
+For [payment feature]:
+- [ ] PCI-DSS: Never store CVV
+- [ ] PCI-DSS: Encrypt card numbers
+- [ ] GDPR: User consent for data processing
+
+### Recommended Security Libraries
+
+| Purpose | Library | Notes |
+|---------|---------|-------|
+| Password Hashing | bcrypt/argon2 | Use high work factor |
+| JWT | jose | Well-maintained |
+| Input Validation | zod/pydantic | Type-safe |
+| Rate Limiting | express-rate-limit | Configurable |
+
+### References
+
+- OWASP Cheat Sheets: [url]
+- CWE Database: [url]
+```
+
+## External LLM Enhancement (Optional)
+
+**GPT 활성화 시** CVE/보안 취약점 DB 지식 보강:
+
+```text
+Primary: Task(Haiku) + OWASP/CVE 검색
+      ↓
+[GPT enabled?]
+      ↓ YES
+mcp__vibe-gpt__gpt_chat(
+  prompt: "Security vulnerabilities for [feature]. Check recent CVEs, OWASP risks.",
+  systemPrompt: "You are a security expert. Provide CVE details and mitigations."
+)
+      ↓
+결과 병합 → SPEC Constraints 반영
+```
+
+**활용 시점:**
+- 최신 CVE 정보 필요 시
+- 특정 라이브러리 취약점 확인 시
+- 규정 준수(PCI-DSS, GDPR) 상세 검토 시
+
+**GPT 미설정 시:** Primary만으로 정상 작동
+
+## Integration with /vibe.spec
+
+```text
+/vibe.spec "결제 기능"
+
+→ security-advisory-agent 실행:
+  "Research security for payment processing. Check PCI-DSS, OWASP."
+
+→ 결과를 SPEC에 반영:
+  - 보안 요구사항
+  - 필수 체크리스트
+  - 규정 준수 항목
+```