@su-record/vibe 2.16.4 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (267) hide show
  1. package/CLAUDE.md +8 -8
  2. package/README.en.md +46 -29
  3. package/README.md +41 -24
  4. package/agents/acceptance-tester.md +56 -0
  5. package/agents/architect.md +25 -67
  6. package/agents/build-error-resolver.md +28 -97
  7. package/agents/code-reviewer.md +89 -0
  8. package/agents/diagrammer.md +34 -169
  9. package/agents/documenter.md +43 -0
  10. package/agents/e2e-tester.md +46 -281
  11. package/agents/event/event-ops.md +54 -77
  12. package/agents/event/event-planner.md +63 -0
  13. package/agents/figma/figma-engineer.md +76 -0
  14. package/agents/implementer.md +26 -41
  15. package/agents/security-reviewer.md +56 -0
  16. package/agents/tester.md +37 -33
  17. package/agents/ui/design-reviewer.md +62 -0
  18. package/agents/ui/design-system-gen.md +63 -0
  19. package/dist/cli/commands/remove.d.ts.map +1 -1
  20. package/dist/cli/commands/remove.js +8 -10
  21. package/dist/cli/commands/remove.js.map +1 -1
  22. package/dist/cli/index.d.ts +0 -4
  23. package/dist/cli/index.d.ts.map +1 -1
  24. package/dist/cli/index.js +0 -4
  25. package/dist/cli/index.js.map +1 -1
  26. package/dist/cli/llm/model-refresh.js +1 -1
  27. package/dist/cli/llm/model-refresh.js.map +1 -1
  28. package/dist/cli/postinstall/claude-agents.d.ts.map +1 -1
  29. package/dist/cli/postinstall/claude-agents.js +16 -77
  30. package/dist/cli/postinstall/claude-agents.js.map +1 -1
  31. package/dist/cli/postinstall/constants.d.ts.map +1 -1
  32. package/dist/cli/postinstall/constants.js +80 -296
  33. package/dist/cli/postinstall/constants.js.map +1 -1
  34. package/dist/cli/postinstall/cursor-agents.d.ts +5 -0
  35. package/dist/cli/postinstall/cursor-agents.d.ts.map +1 -1
  36. package/dist/cli/postinstall/cursor-agents.js +26 -68
  37. package/dist/cli/postinstall/cursor-agents.js.map +1 -1
  38. package/dist/cli/postinstall/cursor-skills.d.ts.map +1 -1
  39. package/dist/cli/postinstall/cursor-skills.js +26 -30
  40. package/dist/cli/postinstall/cursor-skills.js.map +1 -1
  41. package/dist/cli/postinstall/main.d.ts.map +1 -1
  42. package/dist/cli/postinstall/main.js +0 -2
  43. package/dist/cli/postinstall/main.js.map +1 -1
  44. package/dist/cli/setup/Provisioner.d.ts.map +1 -1
  45. package/dist/cli/setup/Provisioner.js +19 -21
  46. package/dist/cli/setup/Provisioner.js.map +1 -1
  47. package/dist/cli/utils.d.ts +4 -1
  48. package/dist/cli/utils.d.ts.map +1 -1
  49. package/dist/cli/utils.js +4 -1
  50. package/dist/cli/utils.js.map +1 -1
  51. package/dist/infra/lib/FrameworkDetector.js +4 -4
  52. package/dist/infra/lib/FrameworkDetector.js.map +1 -1
  53. package/dist/infra/lib/OrchestrateWorkflow.js +2 -2
  54. package/dist/infra/lib/OrchestrateWorkflow.js.map +1 -1
  55. package/dist/infra/lib/browser/launch.js +1 -1
  56. package/dist/infra/lib/browser/launch.js.map +1 -1
  57. package/dist/infra/lib/browser/types.d.ts +1 -1
  58. package/dist/infra/lib/browser/types.js +1 -1
  59. package/dist/infra/lib/constants.d.ts +1 -1
  60. package/dist/infra/lib/constants.d.ts.map +1 -1
  61. package/dist/infra/lib/constants.js +4 -5
  62. package/dist/infra/lib/constants.js.map +1 -1
  63. package/dist/infra/lib/evolution/__tests__/integration.test.js +7 -7
  64. package/dist/infra/lib/evolution/__tests__/integration.test.js.map +1 -1
  65. package/dist/infra/lib/memory/index.d.ts +0 -2
  66. package/dist/infra/lib/memory/index.d.ts.map +1 -1
  67. package/dist/infra/lib/memory/index.js +0 -2
  68. package/dist/infra/lib/memory/index.js.map +1 -1
  69. package/dist/infra/lib/telemetry/SkillTelemetry.test.js +1 -1
  70. package/dist/infra/lib/telemetry/SkillTelemetry.test.js.map +1 -1
  71. package/dist/tools/index.d.ts +0 -4
  72. package/dist/tools/index.d.ts.map +1 -1
  73. package/dist/tools/index.js +0 -4
  74. package/dist/tools/index.js.map +1 -1
  75. package/dist/tools/memory/autoSaveContext.d.ts +0 -1
  76. package/dist/tools/memory/autoSaveContext.d.ts.map +1 -1
  77. package/dist/tools/memory/autoSaveContext.js +13 -27
  78. package/dist/tools/memory/autoSaveContext.js.map +1 -1
  79. package/hooks/scripts/__tests__/code-check-detectors.test.js +2 -2
  80. package/hooks/scripts/__tests__/run-ledger.test.js +1 -1
  81. package/hooks/scripts/__tests__/scope-from-spec.test.js +12 -12
  82. package/hooks/scripts/__tests__/step-counter.test.js +1 -1
  83. package/hooks/scripts/code-check.js +16 -203
  84. package/hooks/scripts/context-save.js +0 -11
  85. package/hooks/scripts/lib/scope-from-spec.js +9 -6
  86. package/hooks/scripts/post-edit-dispatcher.js +1 -1
  87. package/hooks/scripts/prompt-dispatcher.js +7 -18
  88. package/hooks/scripts/session-start.js +25 -35
  89. package/package.json +2 -4
  90. package/skills/agents-md/SKILL.md +62 -15
  91. package/skills/arch-guard/SKILL.md +1 -1
  92. package/skills/brand-assets/SKILL.md +2 -2
  93. package/skills/capability-loop/SKILL.md +1 -1
  94. package/skills/chub-usage/SKILL.md +1 -1
  95. package/skills/commerce-patterns/SKILL.md +2 -2
  96. package/skills/commit-push-pr/SKILL.md +0 -1
  97. package/skills/context7-usage/SKILL.md +1 -1
  98. package/skills/design-refine/SKILL.md +140 -0
  99. package/skills/{design-polish → design-refine}/templates/polish-report.md +1 -1
  100. package/skills/{design-normalize → design-refine}/templates/token-audit.md +3 -3
  101. package/skills/design-review/SKILL.md +143 -0
  102. package/skills/{design-audit → design-review}/agents/a11y-auditor.md +1 -1
  103. package/skills/{design-audit → design-review}/agents/performance-auditor.md +1 -1
  104. package/skills/{design-audit → design-review}/agents/responsive-auditor.md +1 -1
  105. package/skills/{design-audit → design-review}/agents/slop-detector.md +1 -1
  106. package/skills/{design-audit → design-review}/frameworks/core-web-vitals.md +1 -1
  107. package/skills/{design-audit → design-review}/frameworks/wcag-checklist.md +1 -1
  108. package/skills/{design-audit → design-review}/orchestrator.md +3 -3
  109. package/skills/{design-critique → design-review}/templates/critique-report.md +3 -3
  110. package/skills/{design-audit → design-review}/templates/report.md +3 -3
  111. package/skills/design-teach/SKILL.md +11 -11
  112. package/skills/docs/SKILL.md +14 -16
  113. package/skills/e2e-commerce/SKILL.md +1 -1
  114. package/skills/event-comms/SKILL.md +1 -1
  115. package/skills/event-ops/SKILL.md +2 -2
  116. package/skills/event-planning/SKILL.md +1 -1
  117. package/skills/exec-plan/SKILL.md +2 -2
  118. package/skills/figma/SKILL.md +240 -148
  119. package/skills/figma/rubrics/css-mapping.md +125 -0
  120. package/skills/git-worktree/SKILL.md +1 -1
  121. package/skills/handoff/SKILL.md +1 -1
  122. package/skills/parallel-research/SKILL.md +14 -28
  123. package/skills/priority-todos/SKILL.md +1 -1
  124. package/skills/regress/SKILL.md +11 -0
  125. package/skills/restraint/SKILL.md +72 -0
  126. package/skills/seo-checklist/SKILL.md +2 -2
  127. package/skills/spec/SKILL.md +65 -836
  128. package/skills/test/SKILL.md +3 -3
  129. package/skills/tool-fallback/SKILL.md +2 -2
  130. package/skills/vercel-react-best-practices/SKILL.md +1 -1
  131. package/skills/vibe/SKILL.md +20 -35
  132. package/skills/vibe.analyze/SKILL.md +7 -9
  133. package/skills/vibe.docs/SKILL.md +1 -1
  134. package/skills/vibe.event/SKILL.md +27 -27
  135. package/skills/vibe.figma/SKILL.md +14 -18
  136. package/skills/vibe.harness/SKILL.md +5 -5
  137. package/skills/vibe.reason/SKILL.md +0 -2
  138. package/skills/vibe.review/SKILL.md +45 -49
  139. package/skills/vibe.run/SKILL.md +2 -5
  140. package/skills/vibe.run/references/parallel-agents.md +33 -98
  141. package/skills/vibe.spec/SKILL.md +38 -535
  142. package/skills/vibe.utils/SKILL.md +3 -3
  143. package/skills/vibe.verify/SKILL.md +70 -542
  144. package/skills/video-production/SKILL.md +1 -1
  145. package/vibe/rules/orchestrator-contract.md +5 -4
  146. package/vibe/rules/quality/performance.md +1 -1
  147. package/vibe/templates/claudemd-template.md +1 -1
  148. package/vibe/templates/spec-template.md +35 -185
  149. package/agents/architect-low.md +0 -41
  150. package/agents/architect-medium.md +0 -59
  151. package/agents/compounder.md +0 -265
  152. package/agents/docs/api-documenter.md +0 -99
  153. package/agents/docs/changelog-writer.md +0 -93
  154. package/agents/event/event-comms.md +0 -78
  155. package/agents/event/event-content.md +0 -68
  156. package/agents/event/event-image.md +0 -95
  157. package/agents/event/event-scheduler.md +0 -69
  158. package/agents/event/event-speaker.md +0 -86
  159. package/agents/explorer-low.md +0 -42
  160. package/agents/explorer-medium.md +0 -59
  161. package/agents/explorer.md +0 -48
  162. package/agents/figma/figma-analyst.md +0 -56
  163. package/agents/figma/figma-architect.md +0 -116
  164. package/agents/figma/figma-auditor.md +0 -86
  165. package/agents/figma/figma-builder.md +0 -104
  166. package/agents/implementer-low.md +0 -43
  167. package/agents/implementer-medium.md +0 -52
  168. package/agents/junior-mentor.md +0 -141
  169. package/agents/planning/requirements-analyst.md +0 -84
  170. package/agents/planning/ux-advisor.md +0 -83
  171. package/agents/qa/acceptance-tester.md +0 -86
  172. package/agents/qa/edge-case-finder.md +0 -93
  173. package/agents/qa/qa-coordinator.md +0 -131
  174. package/agents/refactor-cleaner.md +0 -143
  175. package/agents/research/best-practices.md +0 -199
  176. package/agents/research/codebase-patterns.md +0 -157
  177. package/agents/research/framework-docs.md +0 -188
  178. package/agents/research/security-advisory.md +0 -213
  179. package/agents/review/architecture-reviewer.md +0 -107
  180. package/agents/review/complexity-reviewer.md +0 -116
  181. package/agents/review/data-integrity-reviewer.md +0 -88
  182. package/agents/review/git-history-reviewer.md +0 -103
  183. package/agents/review/performance-reviewer.md +0 -86
  184. package/agents/review/python-reviewer.md +0 -150
  185. package/agents/review/rails-reviewer.md +0 -139
  186. package/agents/review/react-reviewer.md +0 -144
  187. package/agents/review/security-reviewer.md +0 -80
  188. package/agents/review/simplicity-reviewer.md +0 -140
  189. package/agents/review/test-coverage-reviewer.md +0 -116
  190. package/agents/review/typescript-reviewer.md +0 -127
  191. package/agents/searcher.md +0 -54
  192. package/agents/simplifier.md +0 -124
  193. package/agents/teams/debug-team.md +0 -74
  194. package/agents/teams/dev-team.md +0 -92
  195. package/agents/teams/docs-team.md +0 -84
  196. package/agents/teams/figma-team.md +0 -89
  197. package/agents/teams/fullstack-team.md +0 -87
  198. package/agents/teams/lite-team.md +0 -73
  199. package/agents/teams/migration-team.md +0 -82
  200. package/agents/teams/refactor-team.md +0 -98
  201. package/agents/teams/research-team.md +0 -90
  202. package/agents/teams/review-debate-team.md +0 -129
  203. package/agents/teams/security-team.md +0 -85
  204. package/agents/ui/ui-a11y-auditor.md +0 -93
  205. package/agents/ui/ui-antipattern-detector.md +0 -102
  206. package/agents/ui/ui-dataviz-advisor.md +0 -69
  207. package/agents/ui/ui-design-system-gen.md +0 -57
  208. package/agents/ui/ui-industry-analyzer.md +0 -49
  209. package/agents/ui/ui-layout-architect.md +0 -65
  210. package/agents/ui/ui-stack-implementer.md +0 -68
  211. package/agents/ui/ux-compliance-reviewer.md +0 -81
  212. package/agents/ui-previewer.md +0 -262
  213. package/hooks/scripts/__tests__/keyword-detector.test.js +0 -242
  214. package/hooks/scripts/keyword-detector.js +0 -226
  215. package/skills/characterization-test/SKILL.md +0 -209
  216. package/skills/characterization-test/agents/behavior-capturer.md +0 -50
  217. package/skills/characterization-test/agents/coverage-checker.md +0 -54
  218. package/skills/characterization-test/agents/reporter.md +0 -50
  219. package/skills/characterization-test/agents/test-writer.md +0 -49
  220. package/skills/characterization-test/rubrics/coverage-criteria.md +0 -53
  221. package/skills/characterization-test/templates/test-template.ts +0 -101
  222. package/skills/claude-md-guide/SKILL.md +0 -353
  223. package/skills/claude-md-guide/rubrics/anti-patterns.md +0 -88
  224. package/skills/design-audit/SKILL.md +0 -154
  225. package/skills/design-critique/SKILL.md +0 -140
  226. package/skills/design-distill/SKILL.md +0 -131
  227. package/skills/design-normalize/SKILL.md +0 -135
  228. package/skills/design-polish/SKILL.md +0 -132
  229. package/skills/figma-convert/SKILL.md +0 -236
  230. package/skills/figma-extract/SKILL.md +0 -242
  231. package/skills/interview/SKILL.md +0 -358
  232. package/skills/interview/checklists/api.md +0 -101
  233. package/skills/interview/checklists/feature.md +0 -88
  234. package/skills/interview/checklists/library.md +0 -95
  235. package/skills/interview/checklists/mobile.md +0 -89
  236. package/skills/interview/checklists/webapp.md +0 -97
  237. package/skills/interview/checklists/website.md +0 -99
  238. package/skills/plan/SKILL.md +0 -254
  239. package/skills/rob-pike/SKILL.md +0 -66
  240. package/skills/spec/references/askuser-examples.md +0 -57
  241. package/skills/spec/references/example-session.md +0 -87
  242. package/skills/spec/references/templates.md +0 -194
  243. package/skills/spec-review/SKILL.md +0 -725
  244. package/skills/systematic-debugging/SKILL.md +0 -142
  245. package/skills/techdebt/SKILL.md +0 -126
  246. package/skills/techdebt/agents/analyzer.md +0 -50
  247. package/skills/techdebt/agents/fixer.md +0 -41
  248. package/skills/techdebt/agents/reviewer.md +0 -47
  249. package/skills/techdebt/agents/scanner.md +0 -44
  250. package/skills/techdebt/orchestrator.md +0 -72
  251. package/skills/techdebt/rubrics/severity.md +0 -51
  252. package/skills/techdebt/scripts/scan.js +0 -90
  253. package/skills/techdebt/templates/report.md +0 -86
  254. package/skills/typescript-advanced-types/SKILL.md +0 -68
  255. package/skills/typescript-advanced-types/rubrics/type-patterns.md +0 -109
  256. package/skills/yagni-ladder/SKILL.md +0 -90
  257. /package/skills/{claude-md-guide → agents-md}/templates/claude-md.md +0 -0
  258. /package/skills/{design-polish → design-refine}/rubrics/polish-checklist.md +0 -0
  259. /package/skills/{design-normalize → design-refine}/rubrics/token-naming.md +0 -0
  260. /package/skills/{design-distill → design-refine}/templates/design-system.md +0 -0
  261. /package/skills/{design-audit → design-review}/agents/scorer.md +0 -0
  262. /package/skills/{design-audit → design-review}/rubrics/ai-slop-patterns.md +0 -0
  263. /package/skills/{design-audit → design-review}/rubrics/scoring.md +0 -0
  264. /package/skills/{design-critique → design-review}/rubrics/ux-heuristics.md +0 -0
  265. /package/skills/{figma-convert → figma}/rubrics/conversion-rules.md +0 -0
  266. /package/skills/{figma-extract → figma}/rubrics/image-rules.md +0 -0
  267. /package/skills/{figma-convert → figma}/templates/component.md +0 -0
@@ -1,213 +0,0 @@
1
- # Security Advisory Research Agent
2
-
3
- <!-- Security Advisory Research Agent -->
4
-
5
- ## Role
6
-
7
- - Security vulnerability lookup
8
- - Package security inspection
9
- - Security best practices
10
- - Compliance verification
11
-
12
- ## Model
13
-
14
- **Haiku** — Fast research
15
-
16
- ## ⚠️ CRITICAL: NO FILE CREATION
17
-
18
- **THIS AGENT MUST NEVER CREATE FILES.**
19
-
20
- - ❌ DO NOT use Write tool
21
- - ❌ DO NOT create any files in project root
22
- - ❌ DO NOT create SECURITY_*.md files
23
- - ✅ ONLY return research results as text output
24
- - ✅ Results will be merged into SPEC by core.spec command
25
-
26
- ## Usage
27
-
28
- Automatically called in parallel when `/vibe.spec` is executed
29
-
30
- ```
31
- Task(
32
- model: "haiku",
33
- subagent_type: "Explore",
34
- prompt: "Research security advisories for [feature]. Check OWASP, CVEs."
35
- )
36
- ```
37
-
38
- ## Research Areas
39
-
40
- ### OWASP Top 10 (2021)
41
- ```
42
- A01: Broken Access Control
43
- A02: Cryptographic Failures
44
- A03: Injection
45
- A04: Insecure Design
46
- A05: Security Misconfiguration
47
- A06: Vulnerable Components
48
- A07: Authentication Failures
49
- A08: Software Integrity Failures
50
- A09: Logging Failures
51
- A10: SSRF
52
- ```
53
-
54
- ### Package Security
55
- ```
56
- npm audit
57
- pip-audit
58
- bundler-audit
59
- safety check (Python)
60
- ```
61
-
62
- ### Compliance
63
- ```
64
- GDPR:
65
- ├── Data minimization
66
- ├── Consent management
67
- ├── Right to deletion
68
- └── Data portability
69
-
70
- PCI-DSS:
71
- ├── Card data encryption
72
- ├── Access control
73
- ├── Logging
74
- └── Vulnerability management
75
- ```
76
-
77
- ## Output Format
78
-
79
- ```markdown
80
- ## 🔐 Security Advisory Research
81
-
82
- ### Feature: [feature-name]
83
-
84
- ### Relevant Security Considerations
85
-
86
- 1. **OWASP A03: Injection**
87
- - Risk: SQL/NoSQL injection
88
- - Mitigation:
89
- - Use parameterized queries
90
- - Validate all user input
91
- - Use ORM safely
92
-
93
- 2. **OWASP A07: Authentication Failures**
94
- - Risk: Credential stuffing, weak passwords
95
- - Mitigation:
96
- - Rate limiting
97
- - Strong password policy
98
- - MFA support
99
-
100
- ### Known Vulnerabilities
101
-
102
- | Package | Version | CVE | Severity | Fix |
103
- |---------|---------|-----|----------|-----|
104
- | lodash | <4.17.21 | CVE-2021-23337 | High | Upgrade |
105
- | axios | <0.21.1 | CVE-2020-28168 | Medium | Upgrade |
106
-
107
- ### Security Checklist
108
-
109
- - [ ] Input validation on all user inputs
110
- - [ ] Output encoding for XSS prevention
111
- - [ ] Parameterized queries for SQL
112
- - [ ] HTTPS enforced
113
- - [ ] Sensitive data encrypted at rest
114
- - [ ] Proper error handling (no stack traces)
115
- - [ ] Rate limiting implemented
116
- - [ ] CSRF protection enabled
117
- - [ ] Security headers configured
118
-
119
- ### Compliance Requirements
120
-
121
- For [payment feature]:
122
- - [ ] PCI-DSS: Never store CVV
123
- - [ ] PCI-DSS: Encrypt card numbers
124
- - [ ] GDPR: User consent for data processing
125
-
126
- ### Recommended Security Libraries
127
-
128
- | Purpose | Library | Notes |
129
- |---------|---------|-------|
130
- | Password Hashing | bcrypt/argon2 | Use high work factor |
131
- | JWT | jose | Well-maintained |
132
- | Input Validation | zod/pydantic | Type-safe |
133
- | Rate Limiting | express-rate-limit | Configurable |
134
-
135
- ### References
136
-
137
- - OWASP Cheat Sheets: [url]
138
- - CWE Database: [url]
139
- ```
140
-
141
- ## Multi-LLM Enhancement (Quality Assurance)
142
-
143
- **core = Quality Assurance Framework**
144
-
145
- Security research uses **3 perspectives in parallel** for comprehensive coverage:
146
-
147
- ```
148
- ┌─────────────────────────────────────────────────────────────┐
149
- │ PARALLEL SECURITY RESEARCH │
150
- ├─────────────────────────────────────────────────────────────┤
151
- │ Claude (Haiku) │ OWASP Top 10, security patterns │
152
- │ GPT │ CVE database, vulnerability details │
153
- │ Gemini │ Latest security advisories, patches │
154
- └─────────────────────────────────────────────────────────────┘
155
-
156
- Merge & Prioritize
157
-
158
- SPEC Constraints
159
- ```
160
-
161
- **Execution flow:**
162
-
163
- ```bash
164
- # 1. Claude (Primary) - Always runs
165
- Task(haiku, "Research security advisories for [feature]. Check OWASP, common vulnerabilities.")
166
-
167
- # 2. GPT (Parallel) - When enabled
168
- node "[LLM_SCRIPT]" gpt-codex orchestrate-json \
169
- "Security vulnerabilities for [feature] with [stack]. Focus: CVE database, known exploits, mitigation strategies. Return JSON: {vulnerabilities: [], mitigations: [], checklist: []}"
170
-
171
- # 3. Gemini (Parallel) - When enabled
172
- node "[LLM_SCRIPT]" gemini orchestrate-json \
173
- "Security advisories for [feature] with [stack]. Focus: latest patches, security updates, recent incidents. Return JSON: {advisories: [], patches: [], incidents: []}"
174
- ```
175
-
176
- **Result merge strategy:**
177
-
178
- | Source | Priority | Focus Area |
179
- |--------|----------|------------|
180
- | Claude | High | OWASP, security patterns |
181
- | GPT | High | CVE details, exploits |
182
- | Gemini | Medium | Latest advisories, patches |
183
-
184
- **Security-specific merge rules:**
185
-
186
- - All vulnerabilities included (no deduplication for safety)
187
- - Highest severity rating kept when duplicated
188
- - All mitigations preserved
189
- - Compliance requirements merged
190
-
191
- **Use cases:**
192
-
193
- - Latest CVE information needed
194
- - Checking vulnerabilities for specific libraries
195
- - Detailed compliance review (PCI-DSS, GDPR, HIPAA)
196
- - Zero-day vulnerability awareness
197
-
198
- ## Integration with /vibe.spec
199
-
200
- ```text
201
- /vibe.spec "payment feature"
202
-
203
- → security-advisory execution (3 LLMs parallel):
204
- - Claude: "Research security for payment processing. Check PCI-DSS, OWASP."
205
- - GPT: "CVE lookup for payment libraries, known exploits"
206
- - Gemini: "Latest payment security advisories, recent breaches"
207
-
208
- → Merged results reflected in SPEC:
209
- - Security requirements (all sources)
210
- - Vulnerability checklist (comprehensive)
211
- - Compliance items (PCI-DSS, GDPR)
212
- - Mitigation strategies (deduplicated)
213
- ```
@@ -1,107 +0,0 @@
1
- # Architecture Reviewer Agent
2
-
3
- <!-- Architecture Design Expert Review Agent -->
4
-
5
- ## Role
6
-
7
- - Layer violation detection
8
- - Circular dependency detection
9
- - SOLID principles verification
10
- - Pattern consistency check
11
-
12
- ## Model
13
-
14
- **Sonnet** — Accurate code analysis for quality gates
15
-
16
- ## Checklist
17
-
18
- ### Layer Violations
19
- - [ ] Controller directly accessing DB?
20
- - [ ] Service generating HTTP responses?
21
- - [ ] Model containing business logic?
22
- - [ ] Util with external dependencies?
23
-
24
- ### Circular Dependencies
25
- - [ ] Circular imports between modules?
26
- - [ ] Mutual references between services?
27
- - [ ] Circular dependencies between packages?
28
-
29
- ### SOLID Principles
30
- - [ ] Single Responsibility: One role?
31
- - [ ] Open/Closed: Open to extension?
32
- - [ ] Liskov Substitution: Substitutable?
33
- - [ ] Interface Segregation: Interfaces separated?
34
- - [ ] Dependency Inversion: Depending on abstractions?
35
-
36
- ### Consistency
37
- - [ ] Matches existing patterns?
38
- - [ ] Naming conventions followed?
39
- - [ ] Directory structure consistency?
40
- - [ ] Error handling patterns?
41
-
42
- ### Coupling & Cohesion
43
- - [ ] Loose coupling?
44
- - [ ] High cohesion?
45
- - [ ] Dependency injection used?
46
- - [ ] Interfaces defined?
47
-
48
- ### Scalability
49
- - [ ] State management appropriate?
50
- - [ ] Horizontal scaling possible?
51
- - [ ] Bottlenecks present?
52
- - [ ] Cache layer?
53
-
54
- ## Output Format
55
-
56
- ```markdown
57
- ## 🏗️ Architecture Review
58
-
59
- ### 🔴 P1 Critical
60
- 1. **Circular Dependency Detected**
61
- - 📍 Location:
62
- - src/services/user.py → src/services/order.py
63
- - src/services/order.py → src/services/user.py
64
- - 💡 Fix: Extract shared logic to src/services/common.py
65
-
66
- ### 🟡 P2 Important
67
- 2. **Layer Violation**
68
- - 📍 Location: src/controllers/api.py:45
69
- - 🚫 Controller directly accessing database
70
- - 💡 Fix: Move to service layer
71
-
72
- ### 🔵 P3 Suggestions
73
- 3. **Consider Dependency Injection**
74
- - 📍 Location: src/services/payment.py
75
- - 💡 Inject PaymentGateway instead of importing
76
- ```
77
-
78
- ## Dependency Graph
79
-
80
- Generate dependency graph when needed:
81
-
82
- ```
83
- ┌─────────────┐ ┌─────────────┐
84
- │ Controller │────▶│ Service │
85
- └─────────────┘ └─────────────┘
86
-
87
-
88
- ┌─────────────┐
89
- │ Repository │
90
- └─────────────┘
91
-
92
- ❌ Violation │
93
-
94
- ┌─────────────┐
95
- │ Database │
96
- └─────────────┘
97
- ```
98
-
99
- ## Usage
100
-
101
- ```
102
- Task(
103
- model: "sonnet",
104
- subagent_type: "Explore",
105
- prompt: "Architecture review for [files]. Check layers, dependencies, SOLID."
106
- )
107
- ```
@@ -1,116 +0,0 @@
1
- # Complexity Reviewer Agent
2
-
3
- <!-- Code Complexity Expert Review Agent -->
4
-
5
- ## Role
6
-
7
- - Cyclomatic complexity check
8
- - Function/class length limits
9
- - Nesting depth analysis
10
- - Cognitive complexity evaluation
11
-
12
- ## Model
13
-
14
- **Sonnet** — Accurate code analysis for quality gates
15
-
16
- ## Metrics & Thresholds
17
-
18
- ### Function Level
19
- | Metric | Good | Warning | Critical |
20
- |--------|------|---------|----------|
21
- | Lines | ≤20 | 21-40 | >40 |
22
- | Cyclomatic | ≤10 | 11-15 | >15 |
23
- | Parameters | ≤4 | 5-6 | >6 |
24
- | Nesting | ≤3 | 4 | >4 |
25
-
26
- ### Class Level
27
- | Metric | Good | Warning | Critical |
28
- |--------|------|---------|----------|
29
- | Lines | ≤200 | 201-400 | >400 |
30
- | Methods | ≤10 | 11-15 | >15 |
31
- | Dependencies | ≤5 | 6-8 | >8 |
32
-
33
- ### File Level
34
- | Metric | Good | Warning | Critical |
35
- |--------|------|---------|----------|
36
- | Lines | ≤300 | 301-500 | >500 |
37
- | Functions | ≤15 | 16-25 | >25 |
38
- | Imports | ≤15 | 16-20 | >20 |
39
-
40
- ## Checklist
41
-
42
- ### Cognitive Load
43
- - [ ] Function name clearly explains the action?
44
- - [ ] Conditionals too complex?
45
- - [ ] Magic numbers/strings used?
46
- - [ ] Understandable without comments?
47
-
48
- ### Refactoring Signals
49
- - [ ] Duplicate code blocks?
50
- - [ ] Long parameter lists?
51
- - [ ] Feature envy (excessive calls to other class methods)?
52
- - [ ] God class/function?
53
-
54
- ### Simplification Opportunities
55
- - [ ] Early return applicable?
56
- - [ ] Guard clause usable?
57
- - [ ] Simplify with ternary operator?
58
- - [ ] Extract helper function?
59
-
60
- ## Output Format
61
-
62
- ```markdown
63
- ## 🧮 Complexity Review
64
-
65
- ### 🔴 P1 Critical
66
- 1. **Function Too Complex**
67
- - 📍 Location: src/services/order.py:process_order()
68
- - 📊 Metrics:
69
- - Lines: 85 (limit: 40)
70
- - Cyclomatic: 18 (limit: 15)
71
- - Nesting: 5 (limit: 3)
72
- - 💡 Fix: Extract into smaller functions
73
-
74
- ### 🟡 P2 Important
75
- 2. **High Cognitive Complexity**
76
- - 📍 Location: src/utils/validator.py:validate()
77
- - 📊 Nested conditionals: 4 levels
78
- - 💡 Fix: Use early returns, extract conditions
79
-
80
- ### 🔵 P3 Suggestions
81
- 3. **Consider Extracting Helper**
82
- - 📍 Location: src/api/users.py:45-60
83
- - 💡 Repeated pattern found 3 times
84
- ```
85
-
86
- ## Visualization
87
-
88
- ```
89
- 📊 Complexity Distribution
90
-
91
- Functions by Cyclomatic Complexity:
92
- ├── 1-5: ████████████████ 32 (good)
93
- ├── 6-10: ████████ 16 (ok)
94
- ├── 11-15: ████ 8 (warning)
95
- └── 16+: ██ 4 (critical) ⚠️
96
- ```
97
-
98
- ## Usage
99
-
100
- ```
101
- Task(
102
- model: "sonnet",
103
- subagent_type: "Explore",
104
- prompt: "Complexity review for [files]. Check function length, nesting, cyclomatic."
105
- )
106
- ```
107
-
108
- ## Integration
109
-
110
- Works with `core_analyze_complexity` tool:
111
-
112
- ```
113
- 1. Execute core_analyze_complexity
114
- 2. Analyze results
115
- 3. Generate refactoring suggestions
116
- ```
@@ -1,88 +0,0 @@
1
- # Data Integrity Reviewer Agent
2
-
3
- <!-- Data Integrity Expert Review Agent -->
4
-
5
- ## Role
6
-
7
- - Transaction management verification
8
- - Data validation logic review
9
- - Migration safety check
10
- - Concurrency issue detection
11
-
12
- ## Model
13
-
14
- **Sonnet** — Accurate code analysis for quality gates
15
-
16
- ## Checklist
17
-
18
- ### Transaction Management
19
- - [ ] Transaction scope appropriate?
20
- - [ ] Rollback handling exists?
21
- - [ ] Nested transaction handling?
22
- - [ ] Transaction isolation level?
23
-
24
- ### Data Validation
25
- - [ ] Input data validation?
26
- - [ ] Boundary value checks?
27
- - [ ] Type validation?
28
- - [ ] Business rule validation?
29
-
30
- ### Concurrency
31
- - [ ] Race condition possibility?
32
- - [ ] Deadlock risk?
33
- - [ ] Optimistic/pessimistic locking?
34
- - [ ] Atomicity guaranteed?
35
-
36
- ### Migration Safety
37
- - [ ] Data loss risk?
38
- - [ ] Rollback possible?
39
- - [ ] Large table handling?
40
- - [ ] Downtime minimization?
41
-
42
- ### Constraints
43
- - [ ] NOT NULL constraints?
44
- - [ ] Foreign key integrity?
45
- - [ ] Unique constraints?
46
- - [ ] Check constraints?
47
-
48
- ### Backup & Recovery
49
- - [ ] Backup strategy?
50
- - [ ] Recovery testing?
51
- - [ ] Data retention policy?
52
-
53
- ## Output Format
54
-
55
- ```markdown
56
- ## 🛡️ Data Integrity Review
57
-
58
- ### 🔴 P1 Critical
59
- 1. **Missing Transaction Rollback**
60
- - 📍 Location: src/services/payment.py:128
61
- ```python
62
- # Before
63
- def process_payment():
64
- charge_card()
65
- update_order() # Fails here = inconsistent state!
66
-
67
- # After
68
- def process_payment():
69
- with transaction.atomic():
70
- charge_card()
71
- update_order()
72
- ```
73
-
74
- ### 🟡 P2 Important
75
- 2. **Race Condition Risk**
76
- - 📍 Location: src/services/inventory.py:45
77
- - 💡 Fix: Add pessimistic locking or optimistic retry
78
- ```
79
-
80
- ## Usage
81
-
82
- ```
83
- Task(
84
- model: "sonnet",
85
- subagent_type: "Explore",
86
- prompt: "Data integrity review for [files]. Check transactions, validation."
87
- )
88
- ```
@@ -1,103 +0,0 @@
1
- # Git History Reviewer Agent
2
-
3
- <!-- Git History Analysis Expert Review Agent -->
4
-
5
- ## Role
6
-
7
- - Frequently modified file identification
8
- - Risk pattern detection
9
- - Technical debt tracking
10
- - Code ownership analysis
11
-
12
- ## Model
13
-
14
- **Sonnet** — Accurate code analysis for quality gates
15
-
16
- ## Analysis Areas
17
-
18
- ### Hotspot Detection
19
- - Frequently modified files identified
20
- - Bug fix concentration areas
21
- - Areas needing refactoring
22
-
23
- ### Risk Patterns
24
- - Immediate fixes after large changes
25
- - Repeated modifications to same files
26
- - Revert patterns
27
- - Hotfix frequency
28
-
29
- ### Code Ownership
30
- - Single developer dependent files
31
- - Knowledge silo risks
32
- - Team distribution
33
-
34
- ### Commit Quality
35
- - Commit message quality
36
- - Commit size appropriateness
37
- - Unrelated changes mixed
38
-
39
- ## Commands Used
40
-
41
- ```bash
42
- # Frequently modified files
43
- git log --name-only --pretty=format: | sort | uniq -c | sort -rn | head -20
44
-
45
- # Change frequency for specific file
46
- git log --oneline -- path/to/file
47
-
48
- # Contribution by author
49
- git shortlog -sn -- path/to/file
50
-
51
- # Recent bug fixes
52
- git log --grep="fix" --oneline
53
-
54
- # Revert patterns
55
- git log --grep="revert" --oneline
56
- ```
57
-
58
- ## Output Format
59
-
60
- ```markdown
61
- ## 📜 Git History Review
62
-
63
- ### 🔴 P1 Critical
64
- 1. **High-Risk Hotspot**
65
- - 📍 File: src/services/order.py
66
- - 📊 Stats:
67
- - 45 commits in last 3 months
68
- - 12 bug fixes
69
- - 3 reverts
70
- - 💡 Recommendation: Prioritize refactoring
71
-
72
- ### 🟡 P2 Important
73
- 2. **Single Owner Risk**
74
- - 📍 File: src/vibe/billing.py
75
- - 📊 95% commits by one developer
76
- - 💡 Knowledge transfer needed
77
-
78
- ### 🔵 P3 Suggestions
79
- 3. **Related Files Often Changed Together**
80
- - 📍 Files:
81
- - src/models/user.py
82
- - src/services/user.py
83
- - src/api/user.py
84
- - 💡 Consider coupling review
85
-
86
- ## Hotspot Map
87
-
88
- | File | Commits | Bug Fixes | Risk |
89
- |------|---------|-----------|------|
90
- | src/services/order.py | 45 | 12 | 🔴 High |
91
- | src/utils/parser.py | 32 | 8 | 🟡 Medium |
92
- | src/api/auth.py | 28 | 3 | 🟢 Low |
93
- ```
94
-
95
- ## Usage
96
-
97
- ```
98
- Task(
99
- model: "sonnet",
100
- subagent_type: "Explore",
101
- prompt: "Git history review for this PR. Find hotspots, risk patterns."
102
- )
103
- ```
@@ -1,86 +0,0 @@
1
- # Performance Reviewer Agent
2
-
3
- <!-- Performance Optimization Expert Review Agent -->
4
-
5
- ## Role
6
-
7
- - N+1 query detection
8
- - Memory leak detection
9
- - Unnecessary computation identification
10
- - Caching opportunity suggestions
11
-
12
- ## Model
13
-
14
- **Sonnet** — Accurate code analysis for quality gates
15
-
16
- ## Checklist
17
-
18
- ### Database
19
- - [ ] N+1 query: Individual queries inside loops?
20
- - [ ] Missing index: WHERE/ORDER BY columns?
21
- - [ ] Excessive SELECT *?
22
- - [ ] Unnecessary joins?
23
- - [ ] Pagination implemented?
24
-
25
- ### Memory
26
- - [ ] Large data loaded into memory?
27
- - [ ] Event listeners cleaned up?
28
- - [ ] Circular references?
29
- - [ ] Buffer used instead of stream?
30
-
31
- ### Computation
32
- - [ ] Unnecessary computation inside loops?
33
- - [ ] Regex pre-compiled?
34
- - [ ] Memoization opportunities?
35
- - [ ] Async processing possible?
36
-
37
- ### Caching
38
- - [ ] Repeated API calls?
39
- - [ ] Static data caching?
40
- - [ ] Cache invalidation strategy?
41
- - [ ] CDN utilized?
42
-
43
- ### Frontend
44
- - [ ] Bundle size increase?
45
- - [ ] Image optimization?
46
- - [ ] Lazy loading?
47
- - [ ] Unnecessary re-renders?
48
-
49
- ### Network
50
- - [ ] Unnecessary API calls?
51
- - [ ] Request batching possible?
52
- - [ ] Compression used?
53
- - [ ] Connection pooling?
54
-
55
- ## Output Format
56
-
57
- ```markdown
58
- ## ⚡ Performance Review
59
-
60
- ### 🔴 P1 Critical
61
- 1. **N+1 Query Detected**
62
- - 📍 Location: src/services/orders.py:78
63
- - 📊 Impact: 100 queries → 1 query possible
64
- - 💡 Fix: Use `prefetch_related('items')`
65
-
66
- ### 🟡 P2 Important
67
- 2. **Missing Database Index**
68
- - 📍 Location: migrations/0042_add_status.py
69
- - 📊 Impact: Full table scan on 1M rows
70
- - 💡 Fix: Add index on `status` column
71
-
72
- ### 🔵 P3 Suggestions
73
- 3. **Consider memoization**
74
- - 📍 Location: src/utils/calculate.py:23
75
- - 📊 Impact: ~50ms saved per request
76
- ```
77
-
78
- ## Usage
79
-
80
- ```
81
- Task(
82
- model: "sonnet",
83
- subagent_type: "Explore",
84
- prompt: "Performance review for [files]. Check N+1, memory leaks, caching."
85
- )
86
- ```