@su-record/vibe 2.16.3 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +15 -0
- package/CLAUDE.md +8 -8
- package/README.en.md +46 -29
- package/README.md +41 -24
- package/agents/acceptance-tester.md +56 -0
- package/agents/architect.md +25 -67
- package/agents/build-error-resolver.md +28 -97
- package/agents/code-reviewer.md +89 -0
- package/agents/diagrammer.md +34 -165
- package/agents/documenter.md +43 -0
- package/agents/e2e-tester.md +46 -277
- package/agents/event/event-ops.md +54 -77
- package/agents/event/event-planner.md +63 -0
- package/agents/figma/figma-engineer.md +76 -0
- package/agents/implementer.md +26 -41
- package/agents/security-reviewer.md +56 -0
- package/agents/tester.md +37 -33
- package/agents/ui/design-reviewer.md +62 -0
- package/agents/ui/design-system-gen.md +63 -0
- package/dist/__tests__/agent-model-sync.test.d.ts +2 -0
- package/dist/__tests__/agent-model-sync.test.d.ts.map +1 -0
- package/dist/__tests__/agent-model-sync.test.js +71 -0
- package/dist/__tests__/agent-model-sync.test.js.map +1 -0
- package/dist/cli/auth.d.ts.map +1 -1
- package/dist/cli/auth.js +8 -1
- package/dist/cli/auth.js.map +1 -1
- package/dist/cli/commands/index.d.ts +1 -0
- package/dist/cli/commands/index.d.ts.map +1 -1
- package/dist/cli/commands/index.js +1 -0
- package/dist/cli/commands/index.js.map +1 -1
- package/dist/cli/commands/info.d.ts.map +1 -1
- package/dist/cli/commands/info.js +2 -0
- package/dist/cli/commands/info.js.map +1 -1
- package/dist/cli/commands/llm.d.ts +11 -0
- package/dist/cli/commands/llm.d.ts.map +1 -0
- package/dist/cli/commands/llm.js +62 -0
- package/dist/cli/commands/llm.js.map +1 -0
- package/dist/cli/commands/remove.d.ts.map +1 -1
- package/dist/cli/commands/remove.js +8 -10
- package/dist/cli/commands/remove.js.map +1 -1
- package/dist/cli/commands/setup.d.ts.map +1 -1
- package/dist/cli/commands/setup.js +35 -1
- package/dist/cli/commands/setup.js.map +1 -1
- package/dist/cli/index.d.ts +0 -4
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +59 -6
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/llm/config.d.ts.map +1 -1
- package/dist/cli/llm/config.js +7 -0
- package/dist/cli/llm/config.js.map +1 -1
- package/dist/cli/llm/index.d.ts +1 -0
- package/dist/cli/llm/index.d.ts.map +1 -1
- package/dist/cli/llm/index.js +1 -0
- package/dist/cli/llm/index.js.map +1 -1
- package/dist/cli/llm/model-refresh.d.ts +29 -0
- package/dist/cli/llm/model-refresh.d.ts.map +1 -0
- package/dist/cli/llm/model-refresh.js +139 -0
- package/dist/cli/llm/model-refresh.js.map +1 -0
- package/dist/cli/llm/zai-commands.d.ts +15 -0
- package/dist/cli/llm/zai-commands.d.ts.map +1 -0
- package/dist/cli/llm/zai-commands.js +64 -0
- package/dist/cli/llm/zai-commands.js.map +1 -0
- package/dist/cli/postinstall/claude-agents.d.ts.map +1 -1
- package/dist/cli/postinstall/claude-agents.js +16 -77
- package/dist/cli/postinstall/claude-agents.js.map +1 -1
- package/dist/cli/postinstall/constants.d.ts.map +1 -1
- package/dist/cli/postinstall/constants.js +81 -296
- package/dist/cli/postinstall/constants.js.map +1 -1
- package/dist/cli/postinstall/cursor-agents.d.ts +5 -0
- package/dist/cli/postinstall/cursor-agents.d.ts.map +1 -1
- package/dist/cli/postinstall/cursor-agents.js +26 -68
- package/dist/cli/postinstall/cursor-agents.js.map +1 -1
- package/dist/cli/postinstall/cursor-skills.d.ts.map +1 -1
- package/dist/cli/postinstall/cursor-skills.js +26 -30
- package/dist/cli/postinstall/cursor-skills.js.map +1 -1
- package/dist/cli/postinstall/main.d.ts.map +1 -1
- package/dist/cli/postinstall/main.js +0 -2
- package/dist/cli/postinstall/main.js.map +1 -1
- package/dist/cli/setup/Provisioner.d.ts.map +1 -1
- package/dist/cli/setup/Provisioner.js +19 -21
- package/dist/cli/setup/Provisioner.js.map +1 -1
- package/dist/cli/types.d.ts +15 -0
- package/dist/cli/types.d.ts.map +1 -1
- package/dist/cli/utils.d.ts +4 -1
- package/dist/cli/utils.d.ts.map +1 -1
- package/dist/cli/utils.js +4 -1
- package/dist/cli/utils.js.map +1 -1
- package/dist/infra/lib/FrameworkDetector.js +4 -4
- package/dist/infra/lib/FrameworkDetector.js.map +1 -1
- package/dist/infra/lib/OrchestrateWorkflow.js +2 -2
- package/dist/infra/lib/OrchestrateWorkflow.js.map +1 -1
- package/dist/infra/lib/browser/launch.js +1 -1
- package/dist/infra/lib/browser/launch.js.map +1 -1
- package/dist/infra/lib/browser/types.d.ts +1 -1
- package/dist/infra/lib/browser/types.js +1 -1
- package/dist/infra/lib/config/GlobalConfigManager.d.ts +2 -0
- package/dist/infra/lib/config/GlobalConfigManager.d.ts.map +1 -1
- package/dist/infra/lib/config/GlobalConfigManager.js +6 -0
- package/dist/infra/lib/config/GlobalConfigManager.js.map +1 -1
- package/dist/infra/lib/constants.d.ts +1 -1
- package/dist/infra/lib/constants.d.ts.map +1 -1
- package/dist/infra/lib/constants.js +4 -5
- package/dist/infra/lib/constants.js.map +1 -1
- package/dist/infra/lib/evolution/__tests__/integration.test.js +7 -7
- package/dist/infra/lib/evolution/__tests__/integration.test.js.map +1 -1
- package/dist/infra/lib/llm-availability.d.ts +4 -0
- package/dist/infra/lib/llm-availability.d.ts.map +1 -1
- package/dist/infra/lib/llm-availability.js +9 -1
- package/dist/infra/lib/llm-availability.js.map +1 -1
- package/dist/infra/lib/memory/index.d.ts +0 -2
- package/dist/infra/lib/memory/index.d.ts.map +1 -1
- package/dist/infra/lib/memory/index.js +0 -2
- package/dist/infra/lib/memory/index.js.map +1 -1
- package/dist/infra/lib/telemetry/SkillTelemetry.test.js +1 -1
- package/dist/infra/lib/telemetry/SkillTelemetry.test.js.map +1 -1
- package/dist/infra/lib/zai/client.d.ts +30 -0
- package/dist/infra/lib/zai/client.d.ts.map +1 -0
- package/dist/infra/lib/zai/client.js +124 -0
- package/dist/infra/lib/zai/client.js.map +1 -0
- package/dist/infra/lib/zai/index.d.ts +11 -0
- package/dist/infra/lib/zai/index.d.ts.map +1 -0
- package/dist/infra/lib/zai/index.js +10 -0
- package/dist/infra/lib/zai/index.js.map +1 -0
- package/dist/infra/lib/zai/orchestration.d.ts +15 -0
- package/dist/infra/lib/zai/orchestration.d.ts.map +1 -0
- package/dist/infra/lib/zai/orchestration.js +54 -0
- package/dist/infra/lib/zai/orchestration.js.map +1 -0
- package/dist/infra/lib/zai/types.d.ts +40 -0
- package/dist/infra/lib/zai/types.d.ts.map +1 -0
- package/dist/infra/lib/zai/types.js +5 -0
- package/dist/infra/lib/zai/types.js.map +1 -0
- package/dist/infra/orchestrator/SmartRouter.d.ts.map +1 -1
- package/dist/infra/orchestrator/SmartRouter.js +16 -34
- package/dist/infra/orchestrator/SmartRouter.js.map +1 -1
- package/dist/infra/orchestrator/index.d.ts +1 -0
- package/dist/infra/orchestrator/index.d.ts.map +1 -1
- package/dist/infra/orchestrator/index.js +11 -9
- package/dist/infra/orchestrator/index.js.map +1 -1
- package/dist/infra/orchestrator/types.d.ts +32 -9
- package/dist/infra/orchestrator/types.d.ts.map +1 -1
- package/dist/infra/orchestrator/types.js +68 -37
- package/dist/infra/orchestrator/types.js.map +1 -1
- package/dist/infra/orchestrator/types.test.d.ts +2 -0
- package/dist/infra/orchestrator/types.test.d.ts.map +1 -0
- package/dist/infra/orchestrator/types.test.js +57 -0
- package/dist/infra/orchestrator/types.test.js.map +1 -0
- package/dist/tools/index.d.ts +0 -4
- package/dist/tools/index.d.ts.map +1 -1
- package/dist/tools/index.js +0 -4
- package/dist/tools/index.js.map +1 -1
- package/dist/tools/memory/autoSaveContext.d.ts +0 -1
- package/dist/tools/memory/autoSaveContext.d.ts.map +1 -1
- package/dist/tools/memory/autoSaveContext.js +13 -27
- package/dist/tools/memory/autoSaveContext.js.map +1 -1
- package/hooks/scripts/__tests__/code-check-detectors.test.js +2 -2
- package/hooks/scripts/__tests__/run-ledger.test.js +1 -1
- package/hooks/scripts/__tests__/scope-from-spec.test.js +12 -12
- package/hooks/scripts/__tests__/step-counter.test.js +1 -1
- package/hooks/scripts/code-check.js +16 -203
- package/hooks/scripts/context-save.js +0 -11
- package/hooks/scripts/lib/scope-from-spec.js +9 -6
- package/hooks/scripts/llm-orchestrate.js +49 -0
- package/hooks/scripts/post-edit-dispatcher.js +1 -1
- package/hooks/scripts/prompt-dispatcher.js +7 -18
- package/hooks/scripts/session-start.js +25 -35
- package/package.json +4 -4
- package/skills/agents-md/SKILL.md +62 -15
- package/skills/arch-guard/SKILL.md +1 -1
- package/skills/brand-assets/SKILL.md +2 -2
- package/skills/capability-loop/SKILL.md +1 -1
- package/skills/chub-usage/SKILL.md +1 -1
- package/skills/commerce-patterns/SKILL.md +2 -2
- package/skills/commit-push-pr/SKILL.md +0 -1
- package/skills/context7-usage/SKILL.md +1 -1
- package/skills/create-prd/agents/edge-case-finder.md +4 -4
- package/skills/create-prd/agents/prioritizer.md +4 -4
- package/skills/create-prd/agents/requirements-writer.md +3 -3
- package/skills/create-prd/agents/researcher.md +3 -3
- package/skills/create-prd/agents/reviewer.md +3 -3
- package/skills/create-prd/orchestrator.md +2 -0
- package/skills/design-refine/SKILL.md +140 -0
- package/skills/{design-polish → design-refine}/templates/polish-report.md +1 -1
- package/skills/{design-normalize → design-refine}/templates/token-audit.md +3 -3
- package/skills/design-review/SKILL.md +143 -0
- package/skills/{design-audit → design-review}/agents/a11y-auditor.md +1 -1
- package/skills/{design-audit → design-review}/agents/performance-auditor.md +1 -1
- package/skills/{design-audit → design-review}/agents/responsive-auditor.md +1 -1
- package/skills/{design-audit → design-review}/agents/slop-detector.md +1 -1
- package/skills/{design-audit → design-review}/frameworks/core-web-vitals.md +1 -1
- package/skills/{design-audit → design-review}/frameworks/wcag-checklist.md +1 -1
- package/skills/{design-audit → design-review}/orchestrator.md +5 -3
- package/skills/{design-critique → design-review}/templates/critique-report.md +3 -3
- package/skills/{design-audit → design-review}/templates/report.md +3 -3
- package/skills/design-teach/SKILL.md +11 -11
- package/skills/docs/SKILL.md +14 -16
- package/skills/e2e-commerce/SKILL.md +1 -1
- package/skills/event-comms/SKILL.md +1 -1
- package/skills/event-ops/SKILL.md +2 -2
- package/skills/event-planning/SKILL.md +1 -1
- package/skills/exec-plan/SKILL.md +2 -2
- package/skills/exec-plan/orchestrator.md +2 -0
- package/skills/figma/SKILL.md +240 -148
- package/skills/figma/rubrics/css-mapping.md +125 -0
- package/skills/git-worktree/SKILL.md +1 -1
- package/skills/handoff/SKILL.md +1 -1
- package/skills/parallel-research/SKILL.md +14 -28
- package/skills/parallel-research/orchestrator.md +2 -0
- package/skills/priority-todos/SKILL.md +1 -1
- package/skills/regress/SKILL.md +11 -0
- package/skills/restraint/SKILL.md +72 -0
- package/skills/seo-checklist/SKILL.md +2 -2
- package/skills/spec/SKILL.md +65 -836
- package/skills/test/SKILL.md +3 -3
- package/skills/tool-fallback/SKILL.md +2 -2
- package/skills/vercel-react-best-practices/SKILL.md +1 -1
- package/skills/vibe/SKILL.md +20 -35
- package/skills/vibe.analyze/SKILL.md +7 -9
- package/skills/vibe.docs/SKILL.md +1 -1
- package/skills/vibe.event/SKILL.md +27 -27
- package/skills/vibe.figma/SKILL.md +14 -18
- package/skills/vibe.harness/SKILL.md +5 -5
- package/skills/vibe.llm/SKILL.md +50 -0
- package/skills/vibe.reason/SKILL.md +0 -2
- package/skills/vibe.review/SKILL.md +45 -49
- package/skills/vibe.run/SKILL.md +2 -5
- package/skills/vibe.run/references/parallel-agents.md +33 -98
- package/skills/vibe.spec/SKILL.md +38 -535
- package/skills/vibe.utils/SKILL.md +3 -3
- package/skills/vibe.verify/SKILL.md +70 -542
- package/skills/video-production/SKILL.md +1 -1
- package/vibe/rules/orchestrator-contract.md +57 -0
- package/vibe/rules/quality/performance.md +1 -1
- package/vibe/templates/claudemd-template.md +1 -1
- package/vibe/templates/spec-template.md +35 -185
- package/agents/architect-low.md +0 -41
- package/agents/architect-medium.md +0 -59
- package/agents/compounder.md +0 -261
- package/agents/docs/api-documenter.md +0 -99
- package/agents/docs/changelog-writer.md +0 -93
- package/agents/event/event-comms.md +0 -78
- package/agents/event/event-content.md +0 -68
- package/agents/event/event-image.md +0 -95
- package/agents/event/event-scheduler.md +0 -69
- package/agents/event/event-speaker.md +0 -86
- package/agents/explorer-low.md +0 -42
- package/agents/explorer-medium.md +0 -59
- package/agents/explorer.md +0 -48
- package/agents/figma/figma-analyst.md +0 -52
- package/agents/figma/figma-architect.md +0 -112
- package/agents/figma/figma-auditor.md +0 -82
- package/agents/figma/figma-builder.md +0 -100
- package/agents/implementer-low.md +0 -43
- package/agents/implementer-medium.md +0 -52
- package/agents/junior-mentor.md +0 -141
- package/agents/planning/requirements-analyst.md +0 -84
- package/agents/planning/ux-advisor.md +0 -83
- package/agents/qa/acceptance-tester.md +0 -86
- package/agents/qa/edge-case-finder.md +0 -93
- package/agents/qa/qa-coordinator.md +0 -131
- package/agents/refactor-cleaner.md +0 -143
- package/agents/research/best-practices.md +0 -199
- package/agents/research/codebase-patterns.md +0 -157
- package/agents/research/framework-docs.md +0 -188
- package/agents/research/security-advisory.md +0 -213
- package/agents/review/architecture-reviewer.md +0 -107
- package/agents/review/complexity-reviewer.md +0 -116
- package/agents/review/data-integrity-reviewer.md +0 -88
- package/agents/review/git-history-reviewer.md +0 -103
- package/agents/review/performance-reviewer.md +0 -86
- package/agents/review/python-reviewer.md +0 -150
- package/agents/review/rails-reviewer.md +0 -139
- package/agents/review/react-reviewer.md +0 -144
- package/agents/review/security-reviewer.md +0 -80
- package/agents/review/simplicity-reviewer.md +0 -140
- package/agents/review/test-coverage-reviewer.md +0 -116
- package/agents/review/typescript-reviewer.md +0 -127
- package/agents/searcher.md +0 -54
- package/agents/simplifier.md +0 -120
- package/agents/teams/debug-team.md +0 -70
- package/agents/teams/dev-team.md +0 -88
- package/agents/teams/docs-team.md +0 -80
- package/agents/teams/figma-team.md +0 -85
- package/agents/teams/fullstack-team.md +0 -83
- package/agents/teams/lite-team.md +0 -69
- package/agents/teams/migration-team.md +0 -78
- package/agents/teams/refactor-team.md +0 -94
- package/agents/teams/research-team.md +0 -86
- package/agents/teams/review-debate-team.md +0 -125
- package/agents/teams/security-team.md +0 -81
- package/agents/ui/ui-a11y-auditor.md +0 -93
- package/agents/ui/ui-antipattern-detector.md +0 -102
- package/agents/ui/ui-dataviz-advisor.md +0 -69
- package/agents/ui/ui-design-system-gen.md +0 -57
- package/agents/ui/ui-industry-analyzer.md +0 -49
- package/agents/ui/ui-layout-architect.md +0 -65
- package/agents/ui/ui-stack-implementer.md +0 -68
- package/agents/ui/ux-compliance-reviewer.md +0 -81
- package/agents/ui-previewer.md +0 -258
- package/hooks/scripts/__tests__/keyword-detector.test.js +0 -242
- package/hooks/scripts/keyword-detector.js +0 -226
- package/skills/characterization-test/SKILL.md +0 -209
- package/skills/characterization-test/agents/behavior-capturer.md +0 -50
- package/skills/characterization-test/agents/coverage-checker.md +0 -54
- package/skills/characterization-test/agents/reporter.md +0 -50
- package/skills/characterization-test/agents/test-writer.md +0 -49
- package/skills/characterization-test/rubrics/coverage-criteria.md +0 -53
- package/skills/characterization-test/templates/test-template.ts +0 -101
- package/skills/claude-md-guide/SKILL.md +0 -353
- package/skills/claude-md-guide/rubrics/anti-patterns.md +0 -88
- package/skills/design-audit/SKILL.md +0 -154
- package/skills/design-critique/SKILL.md +0 -140
- package/skills/design-distill/SKILL.md +0 -131
- package/skills/design-normalize/SKILL.md +0 -135
- package/skills/design-polish/SKILL.md +0 -132
- package/skills/figma-convert/SKILL.md +0 -236
- package/skills/figma-extract/SKILL.md +0 -242
- package/skills/interview/SKILL.md +0 -358
- package/skills/interview/checklists/api.md +0 -101
- package/skills/interview/checklists/feature.md +0 -88
- package/skills/interview/checklists/library.md +0 -95
- package/skills/interview/checklists/mobile.md +0 -89
- package/skills/interview/checklists/webapp.md +0 -97
- package/skills/interview/checklists/website.md +0 -99
- package/skills/plan/SKILL.md +0 -254
- package/skills/rob-pike/SKILL.md +0 -66
- package/skills/spec/references/askuser-examples.md +0 -57
- package/skills/spec/references/example-session.md +0 -87
- package/skills/spec/references/templates.md +0 -194
- package/skills/spec-review/SKILL.md +0 -725
- package/skills/systematic-debugging/SKILL.md +0 -142
- package/skills/techdebt/SKILL.md +0 -126
- package/skills/techdebt/agents/analyzer.md +0 -50
- package/skills/techdebt/agents/fixer.md +0 -41
- package/skills/techdebt/agents/reviewer.md +0 -47
- package/skills/techdebt/agents/scanner.md +0 -44
- package/skills/techdebt/orchestrator.md +0 -70
- package/skills/techdebt/rubrics/severity.md +0 -51
- package/skills/techdebt/scripts/scan.js +0 -90
- package/skills/techdebt/templates/report.md +0 -86
- package/skills/typescript-advanced-types/SKILL.md +0 -68
- package/skills/typescript-advanced-types/rubrics/type-patterns.md +0 -109
- package/skills/yagni-ladder/SKILL.md +0 -90
- /package/skills/{claude-md-guide → agents-md}/templates/claude-md.md +0 -0
- /package/skills/{design-polish → design-refine}/rubrics/polish-checklist.md +0 -0
- /package/skills/{design-normalize → design-refine}/rubrics/token-naming.md +0 -0
- /package/skills/{design-distill → design-refine}/templates/design-system.md +0 -0
- /package/skills/{design-audit → design-review}/agents/scorer.md +0 -0
- /package/skills/{design-audit → design-review}/rubrics/ai-slop-patterns.md +0 -0
- /package/skills/{design-audit → design-review}/rubrics/scoring.md +0 -0
- /package/skills/{design-critique → design-review}/rubrics/ux-heuristics.md +0 -0
- /package/skills/{figma-convert → figma}/rubrics/conversion-rules.md +0 -0
- /package/skills/{figma-extract → figma}/rubrics/image-rules.md +0 -0
- /package/skills/{figma-convert → figma}/templates/component.md +0 -0
|
@@ -1,213 +0,0 @@
|
|
|
1
|
-
# Security Advisory Research Agent
|
|
2
|
-
|
|
3
|
-
<!-- Security Advisory Research Agent -->
|
|
4
|
-
|
|
5
|
-
## Role
|
|
6
|
-
|
|
7
|
-
- Security vulnerability lookup
|
|
8
|
-
- Package security inspection
|
|
9
|
-
- Security best practices
|
|
10
|
-
- Compliance verification
|
|
11
|
-
|
|
12
|
-
## Model
|
|
13
|
-
|
|
14
|
-
**Haiku** (inherit) - Fast research
|
|
15
|
-
|
|
16
|
-
## ⚠️ CRITICAL: NO FILE CREATION
|
|
17
|
-
|
|
18
|
-
**THIS AGENT MUST NEVER CREATE FILES.**
|
|
19
|
-
|
|
20
|
-
- ❌ DO NOT use Write tool
|
|
21
|
-
- ❌ DO NOT create any files in project root
|
|
22
|
-
- ❌ DO NOT create SECURITY_*.md files
|
|
23
|
-
- ✅ ONLY return research results as text output
|
|
24
|
-
- ✅ Results will be merged into SPEC by core.spec command
|
|
25
|
-
|
|
26
|
-
## Usage
|
|
27
|
-
|
|
28
|
-
Automatically called in parallel when `/vibe.spec` is executed
|
|
29
|
-
|
|
30
|
-
```
|
|
31
|
-
Task(
|
|
32
|
-
model: "haiku",
|
|
33
|
-
subagent_type: "Explore",
|
|
34
|
-
prompt: "Research security advisories for [feature]. Check OWASP, CVEs."
|
|
35
|
-
)
|
|
36
|
-
```
|
|
37
|
-
|
|
38
|
-
## Research Areas
|
|
39
|
-
|
|
40
|
-
### OWASP Top 10 (2021)
|
|
41
|
-
```
|
|
42
|
-
A01: Broken Access Control
|
|
43
|
-
A02: Cryptographic Failures
|
|
44
|
-
A03: Injection
|
|
45
|
-
A04: Insecure Design
|
|
46
|
-
A05: Security Misconfiguration
|
|
47
|
-
A06: Vulnerable Components
|
|
48
|
-
A07: Authentication Failures
|
|
49
|
-
A08: Software Integrity Failures
|
|
50
|
-
A09: Logging Failures
|
|
51
|
-
A10: SSRF
|
|
52
|
-
```
|
|
53
|
-
|
|
54
|
-
### Package Security
|
|
55
|
-
```
|
|
56
|
-
npm audit
|
|
57
|
-
pip-audit
|
|
58
|
-
bundler-audit
|
|
59
|
-
safety check (Python)
|
|
60
|
-
```
|
|
61
|
-
|
|
62
|
-
### Compliance
|
|
63
|
-
```
|
|
64
|
-
GDPR:
|
|
65
|
-
├── Data minimization
|
|
66
|
-
├── Consent management
|
|
67
|
-
├── Right to deletion
|
|
68
|
-
└── Data portability
|
|
69
|
-
|
|
70
|
-
PCI-DSS:
|
|
71
|
-
├── Card data encryption
|
|
72
|
-
├── Access control
|
|
73
|
-
├── Logging
|
|
74
|
-
└── Vulnerability management
|
|
75
|
-
```
|
|
76
|
-
|
|
77
|
-
## Output Format
|
|
78
|
-
|
|
79
|
-
```markdown
|
|
80
|
-
## 🔐 Security Advisory Research
|
|
81
|
-
|
|
82
|
-
### Feature: [feature-name]
|
|
83
|
-
|
|
84
|
-
### Relevant Security Considerations
|
|
85
|
-
|
|
86
|
-
1. **OWASP A03: Injection**
|
|
87
|
-
- Risk: SQL/NoSQL injection
|
|
88
|
-
- Mitigation:
|
|
89
|
-
- Use parameterized queries
|
|
90
|
-
- Validate all user input
|
|
91
|
-
- Use ORM safely
|
|
92
|
-
|
|
93
|
-
2. **OWASP A07: Authentication Failures**
|
|
94
|
-
- Risk: Credential stuffing, weak passwords
|
|
95
|
-
- Mitigation:
|
|
96
|
-
- Rate limiting
|
|
97
|
-
- Strong password policy
|
|
98
|
-
- MFA support
|
|
99
|
-
|
|
100
|
-
### Known Vulnerabilities
|
|
101
|
-
|
|
102
|
-
| Package | Version | CVE | Severity | Fix |
|
|
103
|
-
|---------|---------|-----|----------|-----|
|
|
104
|
-
| lodash | <4.17.21 | CVE-2021-23337 | High | Upgrade |
|
|
105
|
-
| axios | <0.21.1 | CVE-2020-28168 | Medium | Upgrade |
|
|
106
|
-
|
|
107
|
-
### Security Checklist
|
|
108
|
-
|
|
109
|
-
- [ ] Input validation on all user inputs
|
|
110
|
-
- [ ] Output encoding for XSS prevention
|
|
111
|
-
- [ ] Parameterized queries for SQL
|
|
112
|
-
- [ ] HTTPS enforced
|
|
113
|
-
- [ ] Sensitive data encrypted at rest
|
|
114
|
-
- [ ] Proper error handling (no stack traces)
|
|
115
|
-
- [ ] Rate limiting implemented
|
|
116
|
-
- [ ] CSRF protection enabled
|
|
117
|
-
- [ ] Security headers configured
|
|
118
|
-
|
|
119
|
-
### Compliance Requirements
|
|
120
|
-
|
|
121
|
-
For [payment feature]:
|
|
122
|
-
- [ ] PCI-DSS: Never store CVV
|
|
123
|
-
- [ ] PCI-DSS: Encrypt card numbers
|
|
124
|
-
- [ ] GDPR: User consent for data processing
|
|
125
|
-
|
|
126
|
-
### Recommended Security Libraries
|
|
127
|
-
|
|
128
|
-
| Purpose | Library | Notes |
|
|
129
|
-
|---------|---------|-------|
|
|
130
|
-
| Password Hashing | bcrypt/argon2 | Use high work factor |
|
|
131
|
-
| JWT | jose | Well-maintained |
|
|
132
|
-
| Input Validation | zod/pydantic | Type-safe |
|
|
133
|
-
| Rate Limiting | express-rate-limit | Configurable |
|
|
134
|
-
|
|
135
|
-
### References
|
|
136
|
-
|
|
137
|
-
- OWASP Cheat Sheets: [url]
|
|
138
|
-
- CWE Database: [url]
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
## Multi-LLM Enhancement (Quality Assurance)
|
|
142
|
-
|
|
143
|
-
**core = Quality Assurance Framework**
|
|
144
|
-
|
|
145
|
-
Security research uses **3 perspectives in parallel** for comprehensive coverage:
|
|
146
|
-
|
|
147
|
-
```
|
|
148
|
-
┌─────────────────────────────────────────────────────────────┐
|
|
149
|
-
│ PARALLEL SECURITY RESEARCH │
|
|
150
|
-
├─────────────────────────────────────────────────────────────┤
|
|
151
|
-
│ Claude (Haiku) │ OWASP Top 10, security patterns │
|
|
152
|
-
│ GPT │ CVE database, vulnerability details │
|
|
153
|
-
│ Gemini │ Latest security advisories, patches │
|
|
154
|
-
└─────────────────────────────────────────────────────────────┘
|
|
155
|
-
↓
|
|
156
|
-
Merge & Prioritize
|
|
157
|
-
↓
|
|
158
|
-
SPEC Constraints
|
|
159
|
-
```
|
|
160
|
-
|
|
161
|
-
**Execution flow:**
|
|
162
|
-
|
|
163
|
-
```bash
|
|
164
|
-
# 1. Claude (Primary) - Always runs
|
|
165
|
-
Task(haiku, "Research security advisories for [feature]. Check OWASP, common vulnerabilities.")
|
|
166
|
-
|
|
167
|
-
# 2. GPT (Parallel) - When enabled
|
|
168
|
-
node "[LLM_SCRIPT]" gpt-codex orchestrate-json \
|
|
169
|
-
"Security vulnerabilities for [feature] with [stack]. Focus: CVE database, known exploits, mitigation strategies. Return JSON: {vulnerabilities: [], mitigations: [], checklist: []}"
|
|
170
|
-
|
|
171
|
-
# 3. Gemini (Parallel) - When enabled
|
|
172
|
-
node "[LLM_SCRIPT]" gemini orchestrate-json \
|
|
173
|
-
"Security advisories for [feature] with [stack]. Focus: latest patches, security updates, recent incidents. Return JSON: {advisories: [], patches: [], incidents: []}"
|
|
174
|
-
```
|
|
175
|
-
|
|
176
|
-
**Result merge strategy:**
|
|
177
|
-
|
|
178
|
-
| Source | Priority | Focus Area |
|
|
179
|
-
|--------|----------|------------|
|
|
180
|
-
| Claude | High | OWASP, security patterns |
|
|
181
|
-
| GPT | High | CVE details, exploits |
|
|
182
|
-
| Gemini | Medium | Latest advisories, patches |
|
|
183
|
-
|
|
184
|
-
**Security-specific merge rules:**
|
|
185
|
-
|
|
186
|
-
- All vulnerabilities included (no deduplication for safety)
|
|
187
|
-
- Highest severity rating kept when duplicated
|
|
188
|
-
- All mitigations preserved
|
|
189
|
-
- Compliance requirements merged
|
|
190
|
-
|
|
191
|
-
**Use cases:**
|
|
192
|
-
|
|
193
|
-
- Latest CVE information needed
|
|
194
|
-
- Checking vulnerabilities for specific libraries
|
|
195
|
-
- Detailed compliance review (PCI-DSS, GDPR, HIPAA)
|
|
196
|
-
- Zero-day vulnerability awareness
|
|
197
|
-
|
|
198
|
-
## Integration with /vibe.spec
|
|
199
|
-
|
|
200
|
-
```text
|
|
201
|
-
/vibe.spec "payment feature"
|
|
202
|
-
|
|
203
|
-
→ security-advisory execution (3 LLMs parallel):
|
|
204
|
-
- Claude: "Research security for payment processing. Check PCI-DSS, OWASP."
|
|
205
|
-
- GPT: "CVE lookup for payment libraries, known exploits"
|
|
206
|
-
- Gemini: "Latest payment security advisories, recent breaches"
|
|
207
|
-
|
|
208
|
-
→ Merged results reflected in SPEC:
|
|
209
|
-
- Security requirements (all sources)
|
|
210
|
-
- Vulnerability checklist (comprehensive)
|
|
211
|
-
- Compliance items (PCI-DSS, GDPR)
|
|
212
|
-
- Mitigation strategies (deduplicated)
|
|
213
|
-
```
|
|
@@ -1,107 +0,0 @@
|
|
|
1
|
-
# Architecture Reviewer Agent
|
|
2
|
-
|
|
3
|
-
<!-- Architecture Design Expert Review Agent -->
|
|
4
|
-
|
|
5
|
-
## Role
|
|
6
|
-
|
|
7
|
-
- Layer violation detection
|
|
8
|
-
- Circular dependency detection
|
|
9
|
-
- SOLID principles verification
|
|
10
|
-
- Pattern consistency check
|
|
11
|
-
|
|
12
|
-
## Model
|
|
13
|
-
|
|
14
|
-
**Sonnet** — Accurate code analysis for quality gates
|
|
15
|
-
|
|
16
|
-
## Checklist
|
|
17
|
-
|
|
18
|
-
### Layer Violations
|
|
19
|
-
- [ ] Controller directly accessing DB?
|
|
20
|
-
- [ ] Service generating HTTP responses?
|
|
21
|
-
- [ ] Model containing business logic?
|
|
22
|
-
- [ ] Util with external dependencies?
|
|
23
|
-
|
|
24
|
-
### Circular Dependencies
|
|
25
|
-
- [ ] Circular imports between modules?
|
|
26
|
-
- [ ] Mutual references between services?
|
|
27
|
-
- [ ] Circular dependencies between packages?
|
|
28
|
-
|
|
29
|
-
### SOLID Principles
|
|
30
|
-
- [ ] Single Responsibility: One role?
|
|
31
|
-
- [ ] Open/Closed: Open to extension?
|
|
32
|
-
- [ ] Liskov Substitution: Substitutable?
|
|
33
|
-
- [ ] Interface Segregation: Interfaces separated?
|
|
34
|
-
- [ ] Dependency Inversion: Depending on abstractions?
|
|
35
|
-
|
|
36
|
-
### Consistency
|
|
37
|
-
- [ ] Matches existing patterns?
|
|
38
|
-
- [ ] Naming conventions followed?
|
|
39
|
-
- [ ] Directory structure consistency?
|
|
40
|
-
- [ ] Error handling patterns?
|
|
41
|
-
|
|
42
|
-
### Coupling & Cohesion
|
|
43
|
-
- [ ] Loose coupling?
|
|
44
|
-
- [ ] High cohesion?
|
|
45
|
-
- [ ] Dependency injection used?
|
|
46
|
-
- [ ] Interfaces defined?
|
|
47
|
-
|
|
48
|
-
### Scalability
|
|
49
|
-
- [ ] State management appropriate?
|
|
50
|
-
- [ ] Horizontal scaling possible?
|
|
51
|
-
- [ ] Bottlenecks present?
|
|
52
|
-
- [ ] Cache layer?
|
|
53
|
-
|
|
54
|
-
## Output Format
|
|
55
|
-
|
|
56
|
-
```markdown
|
|
57
|
-
## 🏗️ Architecture Review
|
|
58
|
-
|
|
59
|
-
### 🔴 P1 Critical
|
|
60
|
-
1. **Circular Dependency Detected**
|
|
61
|
-
- 📍 Location:
|
|
62
|
-
- src/services/user.py → src/services/order.py
|
|
63
|
-
- src/services/order.py → src/services/user.py
|
|
64
|
-
- 💡 Fix: Extract shared logic to src/services/common.py
|
|
65
|
-
|
|
66
|
-
### 🟡 P2 Important
|
|
67
|
-
2. **Layer Violation**
|
|
68
|
-
- 📍 Location: src/controllers/api.py:45
|
|
69
|
-
- 🚫 Controller directly accessing database
|
|
70
|
-
- 💡 Fix: Move to service layer
|
|
71
|
-
|
|
72
|
-
### 🔵 P3 Suggestions
|
|
73
|
-
3. **Consider Dependency Injection**
|
|
74
|
-
- 📍 Location: src/services/payment.py
|
|
75
|
-
- 💡 Inject PaymentGateway instead of importing
|
|
76
|
-
```
|
|
77
|
-
|
|
78
|
-
## Dependency Graph
|
|
79
|
-
|
|
80
|
-
Generate dependency graph when needed:
|
|
81
|
-
|
|
82
|
-
```
|
|
83
|
-
┌─────────────┐ ┌─────────────┐
|
|
84
|
-
│ Controller │────▶│ Service │
|
|
85
|
-
└─────────────┘ └─────────────┘
|
|
86
|
-
│
|
|
87
|
-
▼
|
|
88
|
-
┌─────────────┐
|
|
89
|
-
│ Repository │
|
|
90
|
-
└─────────────┘
|
|
91
|
-
│
|
|
92
|
-
❌ Violation │
|
|
93
|
-
▼
|
|
94
|
-
┌─────────────┐
|
|
95
|
-
│ Database │
|
|
96
|
-
└─────────────┘
|
|
97
|
-
```
|
|
98
|
-
|
|
99
|
-
## Usage
|
|
100
|
-
|
|
101
|
-
```
|
|
102
|
-
Task(
|
|
103
|
-
model: "sonnet",
|
|
104
|
-
subagent_type: "Explore",
|
|
105
|
-
prompt: "Architecture review for [files]. Check layers, dependencies, SOLID."
|
|
106
|
-
)
|
|
107
|
-
```
|
|
@@ -1,116 +0,0 @@
|
|
|
1
|
-
# Complexity Reviewer Agent
|
|
2
|
-
|
|
3
|
-
<!-- Code Complexity Expert Review Agent -->
|
|
4
|
-
|
|
5
|
-
## Role
|
|
6
|
-
|
|
7
|
-
- Cyclomatic complexity check
|
|
8
|
-
- Function/class length limits
|
|
9
|
-
- Nesting depth analysis
|
|
10
|
-
- Cognitive complexity evaluation
|
|
11
|
-
|
|
12
|
-
## Model
|
|
13
|
-
|
|
14
|
-
**Sonnet** — Accurate code analysis for quality gates
|
|
15
|
-
|
|
16
|
-
## Metrics & Thresholds
|
|
17
|
-
|
|
18
|
-
### Function Level
|
|
19
|
-
| Metric | Good | Warning | Critical |
|
|
20
|
-
|--------|------|---------|----------|
|
|
21
|
-
| Lines | ≤20 | 21-40 | >40 |
|
|
22
|
-
| Cyclomatic | ≤10 | 11-15 | >15 |
|
|
23
|
-
| Parameters | ≤4 | 5-6 | >6 |
|
|
24
|
-
| Nesting | ≤3 | 4 | >4 |
|
|
25
|
-
|
|
26
|
-
### Class Level
|
|
27
|
-
| Metric | Good | Warning | Critical |
|
|
28
|
-
|--------|------|---------|----------|
|
|
29
|
-
| Lines | ≤200 | 201-400 | >400 |
|
|
30
|
-
| Methods | ≤10 | 11-15 | >15 |
|
|
31
|
-
| Dependencies | ≤5 | 6-8 | >8 |
|
|
32
|
-
|
|
33
|
-
### File Level
|
|
34
|
-
| Metric | Good | Warning | Critical |
|
|
35
|
-
|--------|------|---------|----------|
|
|
36
|
-
| Lines | ≤300 | 301-500 | >500 |
|
|
37
|
-
| Functions | ≤15 | 16-25 | >25 |
|
|
38
|
-
| Imports | ≤15 | 16-20 | >20 |
|
|
39
|
-
|
|
40
|
-
## Checklist
|
|
41
|
-
|
|
42
|
-
### Cognitive Load
|
|
43
|
-
- [ ] Function name clearly explains the action?
|
|
44
|
-
- [ ] Conditionals too complex?
|
|
45
|
-
- [ ] Magic numbers/strings used?
|
|
46
|
-
- [ ] Understandable without comments?
|
|
47
|
-
|
|
48
|
-
### Refactoring Signals
|
|
49
|
-
- [ ] Duplicate code blocks?
|
|
50
|
-
- [ ] Long parameter lists?
|
|
51
|
-
- [ ] Feature envy (excessive calls to other class methods)?
|
|
52
|
-
- [ ] God class/function?
|
|
53
|
-
|
|
54
|
-
### Simplification Opportunities
|
|
55
|
-
- [ ] Early return applicable?
|
|
56
|
-
- [ ] Guard clause usable?
|
|
57
|
-
- [ ] Simplify with ternary operator?
|
|
58
|
-
- [ ] Extract helper function?
|
|
59
|
-
|
|
60
|
-
## Output Format
|
|
61
|
-
|
|
62
|
-
```markdown
|
|
63
|
-
## 🧮 Complexity Review
|
|
64
|
-
|
|
65
|
-
### 🔴 P1 Critical
|
|
66
|
-
1. **Function Too Complex**
|
|
67
|
-
- 📍 Location: src/services/order.py:process_order()
|
|
68
|
-
- 📊 Metrics:
|
|
69
|
-
- Lines: 85 (limit: 40)
|
|
70
|
-
- Cyclomatic: 18 (limit: 15)
|
|
71
|
-
- Nesting: 5 (limit: 3)
|
|
72
|
-
- 💡 Fix: Extract into smaller functions
|
|
73
|
-
|
|
74
|
-
### 🟡 P2 Important
|
|
75
|
-
2. **High Cognitive Complexity**
|
|
76
|
-
- 📍 Location: src/utils/validator.py:validate()
|
|
77
|
-
- 📊 Nested conditionals: 4 levels
|
|
78
|
-
- 💡 Fix: Use early returns, extract conditions
|
|
79
|
-
|
|
80
|
-
### 🔵 P3 Suggestions
|
|
81
|
-
3. **Consider Extracting Helper**
|
|
82
|
-
- 📍 Location: src/api/users.py:45-60
|
|
83
|
-
- 💡 Repeated pattern found 3 times
|
|
84
|
-
```
|
|
85
|
-
|
|
86
|
-
## Visualization
|
|
87
|
-
|
|
88
|
-
```
|
|
89
|
-
📊 Complexity Distribution
|
|
90
|
-
|
|
91
|
-
Functions by Cyclomatic Complexity:
|
|
92
|
-
├── 1-5: ████████████████ 32 (good)
|
|
93
|
-
├── 6-10: ████████ 16 (ok)
|
|
94
|
-
├── 11-15: ████ 8 (warning)
|
|
95
|
-
└── 16+: ██ 4 (critical) ⚠️
|
|
96
|
-
```
|
|
97
|
-
|
|
98
|
-
## Usage
|
|
99
|
-
|
|
100
|
-
```
|
|
101
|
-
Task(
|
|
102
|
-
model: "sonnet",
|
|
103
|
-
subagent_type: "Explore",
|
|
104
|
-
prompt: "Complexity review for [files]. Check function length, nesting, cyclomatic."
|
|
105
|
-
)
|
|
106
|
-
```
|
|
107
|
-
|
|
108
|
-
## Integration
|
|
109
|
-
|
|
110
|
-
Works with `core_analyze_complexity` tool:
|
|
111
|
-
|
|
112
|
-
```
|
|
113
|
-
1. Execute core_analyze_complexity
|
|
114
|
-
2. Analyze results
|
|
115
|
-
3. Generate refactoring suggestions
|
|
116
|
-
```
|
|
@@ -1,88 +0,0 @@
|
|
|
1
|
-
# Data Integrity Reviewer Agent
|
|
2
|
-
|
|
3
|
-
<!-- Data Integrity Expert Review Agent -->
|
|
4
|
-
|
|
5
|
-
## Role
|
|
6
|
-
|
|
7
|
-
- Transaction management verification
|
|
8
|
-
- Data validation logic review
|
|
9
|
-
- Migration safety check
|
|
10
|
-
- Concurrency issue detection
|
|
11
|
-
|
|
12
|
-
## Model
|
|
13
|
-
|
|
14
|
-
**Sonnet** — Accurate code analysis for quality gates
|
|
15
|
-
|
|
16
|
-
## Checklist
|
|
17
|
-
|
|
18
|
-
### Transaction Management
|
|
19
|
-
- [ ] Transaction scope appropriate?
|
|
20
|
-
- [ ] Rollback handling exists?
|
|
21
|
-
- [ ] Nested transaction handling?
|
|
22
|
-
- [ ] Transaction isolation level?
|
|
23
|
-
|
|
24
|
-
### Data Validation
|
|
25
|
-
- [ ] Input data validation?
|
|
26
|
-
- [ ] Boundary value checks?
|
|
27
|
-
- [ ] Type validation?
|
|
28
|
-
- [ ] Business rule validation?
|
|
29
|
-
|
|
30
|
-
### Concurrency
|
|
31
|
-
- [ ] Race condition possibility?
|
|
32
|
-
- [ ] Deadlock risk?
|
|
33
|
-
- [ ] Optimistic/pessimistic locking?
|
|
34
|
-
- [ ] Atomicity guaranteed?
|
|
35
|
-
|
|
36
|
-
### Migration Safety
|
|
37
|
-
- [ ] Data loss risk?
|
|
38
|
-
- [ ] Rollback possible?
|
|
39
|
-
- [ ] Large table handling?
|
|
40
|
-
- [ ] Downtime minimization?
|
|
41
|
-
|
|
42
|
-
### Constraints
|
|
43
|
-
- [ ] NOT NULL constraints?
|
|
44
|
-
- [ ] Foreign key integrity?
|
|
45
|
-
- [ ] Unique constraints?
|
|
46
|
-
- [ ] Check constraints?
|
|
47
|
-
|
|
48
|
-
### Backup & Recovery
|
|
49
|
-
- [ ] Backup strategy?
|
|
50
|
-
- [ ] Recovery testing?
|
|
51
|
-
- [ ] Data retention policy?
|
|
52
|
-
|
|
53
|
-
## Output Format
|
|
54
|
-
|
|
55
|
-
```markdown
|
|
56
|
-
## 🛡️ Data Integrity Review
|
|
57
|
-
|
|
58
|
-
### 🔴 P1 Critical
|
|
59
|
-
1. **Missing Transaction Rollback**
|
|
60
|
-
- 📍 Location: src/services/payment.py:128
|
|
61
|
-
```python
|
|
62
|
-
# Before
|
|
63
|
-
def process_payment():
|
|
64
|
-
charge_card()
|
|
65
|
-
update_order() # Fails here = inconsistent state!
|
|
66
|
-
|
|
67
|
-
# After
|
|
68
|
-
def process_payment():
|
|
69
|
-
with transaction.atomic():
|
|
70
|
-
charge_card()
|
|
71
|
-
update_order()
|
|
72
|
-
```
|
|
73
|
-
|
|
74
|
-
### 🟡 P2 Important
|
|
75
|
-
2. **Race Condition Risk**
|
|
76
|
-
- 📍 Location: src/services/inventory.py:45
|
|
77
|
-
- 💡 Fix: Add pessimistic locking or optimistic retry
|
|
78
|
-
```
|
|
79
|
-
|
|
80
|
-
## Usage
|
|
81
|
-
|
|
82
|
-
```
|
|
83
|
-
Task(
|
|
84
|
-
model: "sonnet",
|
|
85
|
-
subagent_type: "Explore",
|
|
86
|
-
prompt: "Data integrity review for [files]. Check transactions, validation."
|
|
87
|
-
)
|
|
88
|
-
```
|
|
@@ -1,103 +0,0 @@
|
|
|
1
|
-
# Git History Reviewer Agent
|
|
2
|
-
|
|
3
|
-
<!-- Git History Analysis Expert Review Agent -->
|
|
4
|
-
|
|
5
|
-
## Role
|
|
6
|
-
|
|
7
|
-
- Frequently modified file identification
|
|
8
|
-
- Risk pattern detection
|
|
9
|
-
- Technical debt tracking
|
|
10
|
-
- Code ownership analysis
|
|
11
|
-
|
|
12
|
-
## Model
|
|
13
|
-
|
|
14
|
-
**Sonnet** — Accurate code analysis for quality gates
|
|
15
|
-
|
|
16
|
-
## Analysis Areas
|
|
17
|
-
|
|
18
|
-
### Hotspot Detection
|
|
19
|
-
- Frequently modified files identified
|
|
20
|
-
- Bug fix concentration areas
|
|
21
|
-
- Areas needing refactoring
|
|
22
|
-
|
|
23
|
-
### Risk Patterns
|
|
24
|
-
- Immediate fixes after large changes
|
|
25
|
-
- Repeated modifications to same files
|
|
26
|
-
- Revert patterns
|
|
27
|
-
- Hotfix frequency
|
|
28
|
-
|
|
29
|
-
### Code Ownership
|
|
30
|
-
- Single developer dependent files
|
|
31
|
-
- Knowledge silo risks
|
|
32
|
-
- Team distribution
|
|
33
|
-
|
|
34
|
-
### Commit Quality
|
|
35
|
-
- Commit message quality
|
|
36
|
-
- Commit size appropriateness
|
|
37
|
-
- Unrelated changes mixed
|
|
38
|
-
|
|
39
|
-
## Commands Used
|
|
40
|
-
|
|
41
|
-
```bash
|
|
42
|
-
# Frequently modified files
|
|
43
|
-
git log --name-only --pretty=format: | sort | uniq -c | sort -rn | head -20
|
|
44
|
-
|
|
45
|
-
# Change frequency for specific file
|
|
46
|
-
git log --oneline -- path/to/file
|
|
47
|
-
|
|
48
|
-
# Contribution by author
|
|
49
|
-
git shortlog -sn -- path/to/file
|
|
50
|
-
|
|
51
|
-
# Recent bug fixes
|
|
52
|
-
git log --grep="fix" --oneline
|
|
53
|
-
|
|
54
|
-
# Revert patterns
|
|
55
|
-
git log --grep="revert" --oneline
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
## Output Format
|
|
59
|
-
|
|
60
|
-
```markdown
|
|
61
|
-
## 📜 Git History Review
|
|
62
|
-
|
|
63
|
-
### 🔴 P1 Critical
|
|
64
|
-
1. **High-Risk Hotspot**
|
|
65
|
-
- 📍 File: src/services/order.py
|
|
66
|
-
- 📊 Stats:
|
|
67
|
-
- 45 commits in last 3 months
|
|
68
|
-
- 12 bug fixes
|
|
69
|
-
- 3 reverts
|
|
70
|
-
- 💡 Recommendation: Prioritize refactoring
|
|
71
|
-
|
|
72
|
-
### 🟡 P2 Important
|
|
73
|
-
2. **Single Owner Risk**
|
|
74
|
-
- 📍 File: src/vibe/billing.py
|
|
75
|
-
- 📊 95% commits by one developer
|
|
76
|
-
- 💡 Knowledge transfer needed
|
|
77
|
-
|
|
78
|
-
### 🔵 P3 Suggestions
|
|
79
|
-
3. **Related Files Often Changed Together**
|
|
80
|
-
- 📍 Files:
|
|
81
|
-
- src/models/user.py
|
|
82
|
-
- src/services/user.py
|
|
83
|
-
- src/api/user.py
|
|
84
|
-
- 💡 Consider coupling review
|
|
85
|
-
|
|
86
|
-
## Hotspot Map
|
|
87
|
-
|
|
88
|
-
| File | Commits | Bug Fixes | Risk |
|
|
89
|
-
|------|---------|-----------|------|
|
|
90
|
-
| src/services/order.py | 45 | 12 | 🔴 High |
|
|
91
|
-
| src/utils/parser.py | 32 | 8 | 🟡 Medium |
|
|
92
|
-
| src/api/auth.py | 28 | 3 | 🟢 Low |
|
|
93
|
-
```
|
|
94
|
-
|
|
95
|
-
## Usage
|
|
96
|
-
|
|
97
|
-
```
|
|
98
|
-
Task(
|
|
99
|
-
model: "sonnet",
|
|
100
|
-
subagent_type: "Explore",
|
|
101
|
-
prompt: "Git history review for this PR. Find hotspots, risk patterns."
|
|
102
|
-
)
|
|
103
|
-
```
|
|
@@ -1,86 +0,0 @@
|
|
|
1
|
-
# Performance Reviewer Agent
|
|
2
|
-
|
|
3
|
-
<!-- Performance Optimization Expert Review Agent -->
|
|
4
|
-
|
|
5
|
-
## Role
|
|
6
|
-
|
|
7
|
-
- N+1 query detection
|
|
8
|
-
- Memory leak detection
|
|
9
|
-
- Unnecessary computation identification
|
|
10
|
-
- Caching opportunity suggestions
|
|
11
|
-
|
|
12
|
-
## Model
|
|
13
|
-
|
|
14
|
-
**Sonnet** — Accurate code analysis for quality gates
|
|
15
|
-
|
|
16
|
-
## Checklist
|
|
17
|
-
|
|
18
|
-
### Database
|
|
19
|
-
- [ ] N+1 query: Individual queries inside loops?
|
|
20
|
-
- [ ] Missing index: WHERE/ORDER BY columns?
|
|
21
|
-
- [ ] Excessive SELECT *?
|
|
22
|
-
- [ ] Unnecessary joins?
|
|
23
|
-
- [ ] Pagination implemented?
|
|
24
|
-
|
|
25
|
-
### Memory
|
|
26
|
-
- [ ] Large data loaded into memory?
|
|
27
|
-
- [ ] Event listeners cleaned up?
|
|
28
|
-
- [ ] Circular references?
|
|
29
|
-
- [ ] Buffer used instead of stream?
|
|
30
|
-
|
|
31
|
-
### Computation
|
|
32
|
-
- [ ] Unnecessary computation inside loops?
|
|
33
|
-
- [ ] Regex pre-compiled?
|
|
34
|
-
- [ ] Memoization opportunities?
|
|
35
|
-
- [ ] Async processing possible?
|
|
36
|
-
|
|
37
|
-
### Caching
|
|
38
|
-
- [ ] Repeated API calls?
|
|
39
|
-
- [ ] Static data caching?
|
|
40
|
-
- [ ] Cache invalidation strategy?
|
|
41
|
-
- [ ] CDN utilized?
|
|
42
|
-
|
|
43
|
-
### Frontend
|
|
44
|
-
- [ ] Bundle size increase?
|
|
45
|
-
- [ ] Image optimization?
|
|
46
|
-
- [ ] Lazy loading?
|
|
47
|
-
- [ ] Unnecessary re-renders?
|
|
48
|
-
|
|
49
|
-
### Network
|
|
50
|
-
- [ ] Unnecessary API calls?
|
|
51
|
-
- [ ] Request batching possible?
|
|
52
|
-
- [ ] Compression used?
|
|
53
|
-
- [ ] Connection pooling?
|
|
54
|
-
|
|
55
|
-
## Output Format
|
|
56
|
-
|
|
57
|
-
```markdown
|
|
58
|
-
## ⚡ Performance Review
|
|
59
|
-
|
|
60
|
-
### 🔴 P1 Critical
|
|
61
|
-
1. **N+1 Query Detected**
|
|
62
|
-
- 📍 Location: src/services/orders.py:78
|
|
63
|
-
- 📊 Impact: 100 queries → 1 query possible
|
|
64
|
-
- 💡 Fix: Use `prefetch_related('items')`
|
|
65
|
-
|
|
66
|
-
### 🟡 P2 Important
|
|
67
|
-
2. **Missing Database Index**
|
|
68
|
-
- 📍 Location: migrations/0042_add_status.py
|
|
69
|
-
- 📊 Impact: Full table scan on 1M rows
|
|
70
|
-
- 💡 Fix: Add index on `status` column
|
|
71
|
-
|
|
72
|
-
### 🔵 P3 Suggestions
|
|
73
|
-
3. **Consider memoization**
|
|
74
|
-
- 📍 Location: src/utils/calculate.py:23
|
|
75
|
-
- 📊 Impact: ~50ms saved per request
|
|
76
|
-
```
|
|
77
|
-
|
|
78
|
-
## Usage
|
|
79
|
-
|
|
80
|
-
```
|
|
81
|
-
Task(
|
|
82
|
-
model: "sonnet",
|
|
83
|
-
subagent_type: "Explore",
|
|
84
|
-
prompt: "Performance review for [files]. Check N+1, memory leaks, caching."
|
|
85
|
-
)
|
|
86
|
-
```
|