@su-record/vibe 2.3.0 → 2.3.2

package/agents/research/framework-docs-agent.md

@@ -1,181 +1,181 @@
-# Framework Docs Research Agent
-
-프레임워크 문서 리서치 에이전트
-
-## Role
-
-- 공식 문서 조회
-- 최신 API 확인
-- 마이그레이션 가이드 수집
-- 버전 호환성 확인
-
-## Model
-
-**Haiku** (inherit) - 빠른 리서치
-
-## Usage
-
-`/vibe.spec` 실행 시 자동으로 병렬 호출됨
-
-```
-Task(
-  model: "haiku",
-  subagent_type: "Explore",
-  prompt: "Research [framework] docs for [feature]. Get latest API, examples."
-)
-```
-
-## Integration with context7
-
-context7 MCP 서버 활용:
-
-```
-resolve-library-id "react" → react
-get-library-docs "react" "hooks" → Hook 문서
-
-resolve-library-id "django" → django
-get-library-docs "django" "authentication" → Auth 문서
-```
-
-## External LLM Enhancement (Optional)
-
-**Gemini 활성화 시** 웹 검색 기반 최신 문서 보강:
-
-```
-Primary: Task(Haiku) + context7
-      ↓
-[Gemini enabled?]
-      ↓ YES
-mcp__vibe-gemini__gemini_chat(
-  prompt: "[framework] [version] latest API changes and best practices",
-  systemPrompt: "You are a framework documentation expert. Provide latest API info."
-)
-      ↓
-결과 병합 → SPEC Context 반영
-```
-
-**활용 시점:**
-- context7에서 최신 버전 문서 부재 시
-- Breaking changes 확인 필요 시
-- 공식 문서 외 실전 패턴 검색 시
-
-**Gemini 미설정 시:** Primary만으로 정상 작동
-
-## Research Areas
-
-### Frontend
-```
-React:
-├── Hooks API
-├── Server Components
-├── Suspense
-└── Concurrent Features
-
-Next.js:
-├── App Router
-├── Server Actions
-├── Middleware
-└── Edge Runtime
-
-Vue:
-├── Composition API
-├── Reactivity System
-└── Pinia
-```
-
-### Backend
-```
-Django:
-├── Models & ORM
-├── Class-based Views
-├── REST Framework
-└── Async Support
-
-FastAPI:
-├── Path Operations
-├── Dependency Injection
-├── Pydantic Models
-└── Background Tasks
-
-Rails:
-├── ActiveRecord
-├── Action Controllers
-├── Hotwire/Turbo
-└── Active Job
-```
-
-### Database
-```
-PostgreSQL:
-├── Indexes
-├── Partitioning
-├── JSON operations
-└── Full-text search
-
-Redis:
-├── Data structures
-├── Pub/Sub
-├── Lua scripting
-└── Cluster mode
-```
-
-## Output Format
-
-```markdown
-## 📖 Framework Documentation Research
-
-### Framework: [framework-name]
-### Version: [version]
-
-### Relevant APIs
-
-1. **API: useOptimistic (React 19)**
-   ```tsx
-   const [optimisticState, addOptimistic] = useOptimistic(
-     state,
-     updateFn
-   );
-   ```
-   - Use case: Optimistic UI updates
-   - Available in: React 19+
-
-2. **API: Server Actions (Next.js 14)**
-   ```tsx
-   async function submitForm(formData: FormData) {
-     'use server';
-     // Server-side logic
-   }
-   ```
-
-### Breaking Changes
-
-| From | To | Change | Migration |
-|------|-----|--------|-----------|
-| v18 | v19 | useFormStatus location | Import from react-dom |
-
-### Official Examples
-
-- [Example 1](url): Authentication flow
-- [Example 2](url): Data fetching
-
-### Version Compatibility
-
-| Package | Min Version | Recommended |
-|---------|-------------|-------------|
-| Node.js | 18.17 | 20.x |
-| React | 18.2 | 19.x |
-```
-
-## Integration with /vibe.spec
-
-```
-/vibe.spec "소셜 로그인"
-
-→ framework-docs-agent 실행:
-  "Research NextAuth.js v5 for social login. Get Google, GitHub providers."
-
-→ 결과를 SPEC에 반영:
-  - 최신 API 사용법
-  - 필수 설정
-  - 코드 예시
-```
+# Framework Docs Research Agent
+
+프레임워크 문서 리서치 에이전트
+
+## Role
+
+- 공식 문서 조회
+- 최신 API 확인
+- 마이그레이션 가이드 수집
+- 버전 호환성 확인
+
+## Model
+
+**Haiku** (inherit) - 빠른 리서치
+
+## Usage
+
+`/vibe.spec` 실행 시 자동으로 병렬 호출됨
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Research [framework] docs for [feature]. Get latest API, examples."
+)
+```
+
+## Integration with context7
+
+context7 MCP 서버 활용:
+
+```
+resolve-library-id "react" → react
+get-library-docs "react" "hooks" → Hook 문서
+
+resolve-library-id "django" → django
+get-library-docs "django" "authentication" → Auth 문서
+```
+
+## External LLM Enhancement (Optional)
+
+**Gemini 활성화 시** 웹 검색 기반 최신 문서 보강:
+
+```
+Primary: Task(Haiku) + context7
+      ↓
+[Gemini enabled?]
+      ↓ YES
+mcp__vibe-gemini__gemini_chat(
+  prompt: "[framework] [version] latest API changes and best practices",
+  systemPrompt: "You are a framework documentation expert. Provide latest API info."
+)
+      ↓
+결과 병합 → SPEC Context 반영
+```
+
+**활용 시점:**
+- context7에서 최신 버전 문서 부재 시
+- Breaking changes 확인 필요 시
+- 공식 문서 외 실전 패턴 검색 시
+
+**Gemini 미설정 시:** Primary만으로 정상 작동
+
+## Research Areas
+
+### Frontend
+```
+React:
+├── Hooks API
+├── Server Components
+├── Suspense
+└── Concurrent Features
+
+Next.js:
+├── App Router
+├── Server Actions
+├── Middleware
+└── Edge Runtime
+
+Vue:
+├── Composition API
+├── Reactivity System
+└── Pinia
+```
+
+### Backend
+```
+Django:
+├── Models & ORM
+├── Class-based Views
+├── REST Framework
+└── Async Support
+
+FastAPI:
+├── Path Operations
+├── Dependency Injection
+├── Pydantic Models
+└── Background Tasks
+
+Rails:
+├── ActiveRecord
+├── Action Controllers
+├── Hotwire/Turbo
+└── Active Job
+```
+
+### Database
+```
+PostgreSQL:
+├── Indexes
+├── Partitioning
+├── JSON operations
+└── Full-text search
+
+Redis:
+├── Data structures
+├── Pub/Sub
+├── Lua scripting
+└── Cluster mode
+```
+
+## Output Format
+
+```markdown
+## 📖 Framework Documentation Research
+
+### Framework: [framework-name]
+### Version: [version]
+
+### Relevant APIs
+
+1. **API: useOptimistic (React 19)**
+   ```tsx
+   const [optimisticState, addOptimistic] = useOptimistic(
+     state,
+     updateFn
+   );
+   ```
+   - Use case: Optimistic UI updates
+   - Available in: React 19+
+
+2. **API: Server Actions (Next.js 14)**
+   ```tsx
+   async function submitForm(formData: FormData) {
+     'use server';
+     // Server-side logic
+   }
+   ```
+
+### Breaking Changes
+
+| From | To | Change | Migration |
+|------|-----|--------|-----------|
+| v18 | v19 | useFormStatus location | Import from react-dom |
+
+### Official Examples
+
+- [Example 1](url): Authentication flow
+- [Example 2](url): Data fetching
+
+### Version Compatibility
+
+| Package | Min Version | Recommended |
+|---------|-------------|-------------|
+| Node.js | 18.17 | 20.x |
+| React | 18.2 | 19.x |
+```
+
+## Integration with /vibe.spec
+
+```
+/vibe.spec "소셜 로그인"
+
+→ framework-docs-agent 실행:
+  "Research NextAuth.js v5 for social login. Get Google, GitHub providers."
+
+→ 결과를 SPEC에 반영:
+  - 최신 API 사용법
+  - 필수 설정
+  - 코드 예시
+```

package/agents/research/security-advisory-agent.md

@@ -1,167 +1,167 @@
-# Security Advisory Research Agent
-
-보안 권고 리서치 에이전트
-
-## Role
-
-- 보안 취약점 조회
-- 패키지 보안 검사
-- 보안 베스트 프랙티스
-- 규정 준수 확인
-
-## Model
-
-**Haiku** (inherit) - 빠른 리서치
-
-## Usage
-
-`/vibe.spec` 실행 시 자동으로 병렬 호출됨
-
-```
-Task(
-  model: "haiku",
-  subagent_type: "Explore",
-  prompt: "Research security advisories for [feature]. Check OWASP, CVEs."
-)
-```
-
-## Research Areas
-
-### OWASP Top 10 (2021)
-```
-A01: Broken Access Control
-A02: Cryptographic Failures
-A03: Injection
-A04: Insecure Design
-A05: Security Misconfiguration
-A06: Vulnerable Components
-A07: Authentication Failures
-A08: Software Integrity Failures
-A09: Logging Failures
-A10: SSRF
-```
-
-### Package Security
-```
-npm audit
-pip-audit
-bundler-audit
-safety check (Python)
-```
-
-### Compliance
-```
-GDPR:
-├── 데이터 최소화
-├── 동의 관리
-├── 삭제권
-└── 데이터 이전
-
-PCI-DSS:
-├── 카드 데이터 암호화
-├── 접근 제어
-├── 로깅
-└── 취약점 관리
-```
-
-## Output Format
-
-```markdown
-## 🔐 Security Advisory Research
-
-### Feature: [feature-name]
-
-### Relevant Security Considerations
-
-1. **OWASP A03: Injection**
-   - Risk: SQL/NoSQL injection
-   - Mitigation:
-     - Use parameterized queries
-     - Validate all user input
-     - Use ORM safely
-
-2. **OWASP A07: Authentication Failures**
-   - Risk: Credential stuffing, weak passwords
-   - Mitigation:
-     - Rate limiting
-     - Strong password policy
-     - MFA support
-
-### Known Vulnerabilities
-
-| Package | Version | CVE | Severity | Fix |
-|---------|---------|-----|----------|-----|
-| lodash | <4.17.21 | CVE-2021-23337 | High | Upgrade |
-| axios | <0.21.1 | CVE-2020-28168 | Medium | Upgrade |
-
-### Security Checklist
-
-- [ ] Input validation on all user inputs
-- [ ] Output encoding for XSS prevention
-- [ ] Parameterized queries for SQL
-- [ ] HTTPS enforced
-- [ ] Sensitive data encrypted at rest
-- [ ] Proper error handling (no stack traces)
-- [ ] Rate limiting implemented
-- [ ] CSRF protection enabled
-- [ ] Security headers configured
-
-### Compliance Requirements
-
-For [payment feature]:
-- [ ] PCI-DSS: Never store CVV
-- [ ] PCI-DSS: Encrypt card numbers
-- [ ] GDPR: User consent for data processing
-
-### Recommended Security Libraries
-
-| Purpose | Library | Notes |
-|---------|---------|-------|
-| Password Hashing | bcrypt/argon2 | Use high work factor |
-| JWT | jose | Well-maintained |
-| Input Validation | zod/pydantic | Type-safe |
-| Rate Limiting | express-rate-limit | Configurable |
-
-### References
-
-- OWASP Cheat Sheets: [url]
-- CWE Database: [url]
-```
-
-## External LLM Enhancement (Optional)
-
-**GPT 활성화 시** CVE/보안 취약점 DB 지식 보강:
-
-```text
-Primary: Task(Haiku) + OWASP/CVE 검색
-      ↓
-[GPT enabled?]
-      ↓ YES
-mcp__vibe-gpt__gpt_chat(
-  prompt: "Security vulnerabilities for [feature]. Check recent CVEs, OWASP risks.",
-  systemPrompt: "You are a security expert. Provide CVE details and mitigations."
-)
-      ↓
-결과 병합 → SPEC Constraints 반영
-```
-
-**활용 시점:**
-- 최신 CVE 정보 필요 시
-- 특정 라이브러리 취약점 확인 시
-- 규정 준수(PCI-DSS, GDPR) 상세 검토 시
-
-**GPT 미설정 시:** Primary만으로 정상 작동
-
-## Integration with /vibe.spec
-
-```text
-/vibe.spec "결제 기능"
-
-→ security-advisory-agent 실행:
-  "Research security for payment processing. Check PCI-DSS, OWASP."
-
-→ 결과를 SPEC에 반영:
-  - 보안 요구사항
-  - 필수 체크리스트
-  - 규정 준수 항목
-```
+# Security Advisory Research Agent
+
+보안 권고 리서치 에이전트
+
+## Role
+
+- 보안 취약점 조회
+- 패키지 보안 검사
+- 보안 베스트 프랙티스
+- 규정 준수 확인
+
+## Model
+
+**Haiku** (inherit) - 빠른 리서치
+
+## Usage
+
+`/vibe.spec` 실행 시 자동으로 병렬 호출됨
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Research security advisories for [feature]. Check OWASP, CVEs."
+)
+```
+
+## Research Areas
+
+### OWASP Top 10 (2021)
+```
+A01: Broken Access Control
+A02: Cryptographic Failures
+A03: Injection
+A04: Insecure Design
+A05: Security Misconfiguration
+A06: Vulnerable Components
+A07: Authentication Failures
+A08: Software Integrity Failures
+A09: Logging Failures
+A10: SSRF
+```
+
+### Package Security
+```
+npm audit
+pip-audit
+bundler-audit
+safety check (Python)
+```
+
+### Compliance
+```
+GDPR:
+├── 데이터 최소화
+├── 동의 관리
+├── 삭제권
+└── 데이터 이전
+
+PCI-DSS:
+├── 카드 데이터 암호화
+├── 접근 제어
+├── 로깅
+└── 취약점 관리
+```
+
+## Output Format
+
+```markdown
+## 🔐 Security Advisory Research
+
+### Feature: [feature-name]
+
+### Relevant Security Considerations
+
+1. **OWASP A03: Injection**
+   - Risk: SQL/NoSQL injection
+   - Mitigation:
+     - Use parameterized queries
+     - Validate all user input
+     - Use ORM safely
+
+2. **OWASP A07: Authentication Failures**
+   - Risk: Credential stuffing, weak passwords
+   - Mitigation:
+     - Rate limiting
+     - Strong password policy
+     - MFA support
+
+### Known Vulnerabilities
+
+| Package | Version | CVE | Severity | Fix |
+|---------|---------|-----|----------|-----|
+| lodash | <4.17.21 | CVE-2021-23337 | High | Upgrade |
+| axios | <0.21.1 | CVE-2020-28168 | Medium | Upgrade |
+
+### Security Checklist
+
+- [ ] Input validation on all user inputs
+- [ ] Output encoding for XSS prevention
+- [ ] Parameterized queries for SQL
+- [ ] HTTPS enforced
+- [ ] Sensitive data encrypted at rest
+- [ ] Proper error handling (no stack traces)
+- [ ] Rate limiting implemented
+- [ ] CSRF protection enabled
+- [ ] Security headers configured
+
+### Compliance Requirements
+
+For [payment feature]:
+- [ ] PCI-DSS: Never store CVV
+- [ ] PCI-DSS: Encrypt card numbers
+- [ ] GDPR: User consent for data processing
+
+### Recommended Security Libraries
+
+| Purpose | Library | Notes |
+|---------|---------|-------|
+| Password Hashing | bcrypt/argon2 | Use high work factor |
+| JWT | jose | Well-maintained |
+| Input Validation | zod/pydantic | Type-safe |
+| Rate Limiting | express-rate-limit | Configurable |
+
+### References
+
+- OWASP Cheat Sheets: [url]
+- CWE Database: [url]
+```
+
+## External LLM Enhancement (Optional)
+
+**GPT 활성화 시** CVE/보안 취약점 DB 지식 보강:
+
+```text
+Primary: Task(Haiku) + OWASP/CVE 검색
+      ↓
+[GPT enabled?]
+      ↓ YES
+mcp__vibe-gpt__gpt_chat(
+  prompt: "Security vulnerabilities for [feature]. Check recent CVEs, OWASP risks.",
+  systemPrompt: "You are a security expert. Provide CVE details and mitigations."
+)
+      ↓
+결과 병합 → SPEC Constraints 반영
+```
+
+**활용 시점:**
+- 최신 CVE 정보 필요 시
+- 특정 라이브러리 취약점 확인 시
+- 규정 준수(PCI-DSS, GDPR) 상세 검토 시
+
+**GPT 미설정 시:** Primary만으로 정상 작동
+
+## Integration with /vibe.spec
+
+```text
+/vibe.spec "결제 기능"
+
+→ security-advisory-agent 실행:
+  "Research security for payment processing. Check PCI-DSS, OWASP."
+
+→ 결과를 SPEC에 반영:
+  - 보안 요구사항
+  - 필수 체크리스트
+  - 규정 준수 항목
+```