@su-record/vibe 2.4.5 β†’ 2.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (171) hide show
  1. package/.claude/settings.json +48 -48
  2. package/.claude/settings.local.json +3 -1
  3. package/.claude/vibe/constitution.md +184 -184
  4. package/.claude/vibe/rules/core/communication-guide.md +104 -104
  5. package/.claude/vibe/rules/core/development-philosophy.md +52 -52
  6. package/.claude/vibe/rules/core/quick-start.md +120 -120
  7. package/.claude/vibe/rules/languages/dart-flutter.md +509 -509
  8. package/.claude/vibe/rules/languages/go.md +396 -396
  9. package/.claude/vibe/rules/languages/java-spring.md +586 -586
  10. package/.claude/vibe/rules/languages/kotlin-android.md +491 -491
  11. package/.claude/vibe/rules/languages/python-django.md +371 -371
  12. package/.claude/vibe/rules/languages/python-fastapi.md +386 -386
  13. package/.claude/vibe/rules/languages/rust.md +425 -425
  14. package/.claude/vibe/rules/languages/swift-ios.md +516 -516
  15. package/.claude/vibe/rules/languages/typescript-nextjs.md +441 -441
  16. package/.claude/vibe/rules/languages/typescript-node.md +375 -375
  17. package/.claude/vibe/rules/languages/typescript-nuxt.md +521 -521
  18. package/.claude/vibe/rules/languages/typescript-react-native.md +446 -446
  19. package/.claude/vibe/rules/languages/typescript-react.md +525 -525
  20. package/.claude/vibe/rules/languages/typescript-vue.md +353 -353
  21. package/.claude/vibe/rules/quality/bdd-contract-testing.md +388 -388
  22. package/.claude/vibe/rules/quality/checklist.md +276 -276
  23. package/.claude/vibe/rules/quality/testing-strategy.md +437 -437
  24. package/.claude/vibe/rules/standards/anti-patterns.md +369 -369
  25. package/.claude/vibe/rules/standards/code-structure.md +291 -291
  26. package/.claude/vibe/rules/standards/complexity-metrics.md +312 -312
  27. package/.claude/vibe/rules/standards/naming-conventions.md +198 -198
  28. package/.claude/vibe/setup.sh +31 -31
  29. package/.claude/vibe/templates/constitution-template.md +184 -184
  30. package/.claude/vibe/templates/contract-backend-template.md +517 -517
  31. package/.claude/vibe/templates/contract-frontend-template.md +594 -594
  32. package/.claude/vibe/templates/feature-template.md +96 -96
  33. package/.claude/vibe/templates/spec-template.md +199 -199
  34. package/CLAUDE.md +345 -345
  35. package/LICENSE +21 -21
  36. package/README.md +181 -164
  37. package/agents/compounder.md +261 -261
  38. package/agents/diagrammer.md +178 -178
  39. package/agents/e2e-tester.md +266 -266
  40. package/agents/explorer.md +48 -48
  41. package/agents/implementer.md +53 -53
  42. package/agents/research/best-practices-agent.md +139 -139
  43. package/agents/research/codebase-patterns-agent.md +147 -147
  44. package/agents/research/framework-docs-agent.md +181 -181
  45. package/agents/research/security-advisory-agent.md +167 -167
  46. package/agents/review/architecture-reviewer.md +107 -107
  47. package/agents/review/complexity-reviewer.md +116 -116
  48. package/agents/review/data-integrity-reviewer.md +88 -88
  49. package/agents/review/git-history-reviewer.md +103 -103
  50. package/agents/review/performance-reviewer.md +86 -86
  51. package/agents/review/python-reviewer.md +152 -152
  52. package/agents/review/rails-reviewer.md +139 -139
  53. package/agents/review/react-reviewer.md +144 -144
  54. package/agents/review/security-reviewer.md +80 -80
  55. package/agents/review/simplicity-reviewer.md +140 -140
  56. package/agents/review/test-coverage-reviewer.md +116 -116
  57. package/agents/review/typescript-reviewer.md +127 -127
  58. package/agents/searcher.md +54 -54
  59. package/agents/simplifier.md +119 -119
  60. package/agents/tester.md +49 -49
  61. package/agents/ui-previewer.md +137 -137
  62. package/commands/vibe.analyze.md +260 -260
  63. package/commands/vibe.reason.md +223 -223
  64. package/commands/vibe.review.md +213 -213
  65. package/commands/vibe.run.md +935 -842
  66. package/commands/vibe.spec.md +442 -442
  67. package/commands/vibe.utils.md +101 -101
  68. package/commands/vibe.verify.md +282 -282
  69. package/dist/cli/auth.d.ts +13 -0
  70. package/dist/cli/auth.d.ts.map +1 -0
  71. package/dist/cli/auth.js +118 -0
  72. package/dist/cli/auth.js.map +1 -0
  73. package/dist/cli/collaborator.d.ts +8 -0
  74. package/dist/cli/collaborator.d.ts.map +1 -0
  75. package/dist/cli/collaborator.js +136 -0
  76. package/dist/cli/collaborator.js.map +1 -0
  77. package/dist/cli/detect.d.ts +35 -0
  78. package/dist/cli/detect.d.ts.map +1 -0
  79. package/dist/cli/detect.js +376 -0
  80. package/dist/cli/detect.js.map +1 -0
  81. package/dist/cli/index.d.ts.map +1 -1
  82. package/dist/cli/index.js +73 -1873
  83. package/dist/cli/index.js.map +1 -1
  84. package/dist/cli/llm.d.ts +49 -0
  85. package/dist/cli/llm.d.ts.map +1 -0
  86. package/dist/cli/llm.js +464 -0
  87. package/dist/cli/llm.js.map +1 -0
  88. package/dist/cli/mcp.d.ts +49 -0
  89. package/dist/cli/mcp.d.ts.map +1 -0
  90. package/dist/cli/mcp.js +169 -0
  91. package/dist/cli/mcp.js.map +1 -0
  92. package/dist/cli/setup.d.ts +53 -0
  93. package/dist/cli/setup.d.ts.map +1 -0
  94. package/dist/cli/setup.js +455 -0
  95. package/dist/cli/setup.js.map +1 -0
  96. package/dist/cli/types.d.ts +83 -0
  97. package/dist/cli/types.d.ts.map +1 -0
  98. package/dist/cli/types.js +5 -0
  99. package/dist/cli/types.js.map +1 -0
  100. package/dist/cli/utils.d.ts +40 -0
  101. package/dist/cli/utils.d.ts.map +1 -0
  102. package/dist/cli/utils.js +112 -0
  103. package/dist/cli/utils.js.map +1 -0
  104. package/dist/lib/MemoryManager.js +1 -1
  105. package/dist/lib/MemoryManager.js.map +1 -1
  106. package/dist/lib/ProjectCache.d.ts.map +1 -1
  107. package/dist/lib/ProjectCache.js +2 -1
  108. package/dist/lib/ProjectCache.js.map +1 -1
  109. package/dist/lib/PythonParser.js +1 -1
  110. package/dist/lib/PythonParser.js.map +1 -1
  111. package/dist/lib/constants.d.ts +31 -0
  112. package/dist/lib/constants.d.ts.map +1 -0
  113. package/dist/lib/constants.js +36 -0
  114. package/dist/lib/constants.js.map +1 -0
  115. package/dist/lib/gemini-api.d.ts.map +1 -1
  116. package/dist/lib/gemini-api.js +1 -6
  117. package/dist/lib/gemini-api.js.map +1 -1
  118. package/dist/lib/gemini-oauth.js +1 -1
  119. package/dist/lib/gemini-oauth.js.map +1 -1
  120. package/dist/lib/gpt-api.d.ts.map +1 -1
  121. package/dist/lib/gpt-api.js +6 -11
  122. package/dist/lib/gpt-api.js.map +1 -1
  123. package/dist/lib/gpt-oauth.js +1 -1
  124. package/dist/lib/gpt-oauth.js.map +1 -1
  125. package/dist/lib/utils.d.ts +21 -0
  126. package/dist/lib/utils.d.ts.map +1 -0
  127. package/dist/lib/utils.js +51 -0
  128. package/dist/lib/utils.js.map +1 -0
  129. package/dist/orchestrator/agentDiscovery.d.ts.map +1 -1
  130. package/dist/orchestrator/agentDiscovery.js +3 -2
  131. package/dist/orchestrator/agentDiscovery.js.map +1 -1
  132. package/dist/orchestrator/backgroundAgent.d.ts.map +1 -1
  133. package/dist/orchestrator/backgroundAgent.js +4 -16
  134. package/dist/orchestrator/backgroundAgent.js.map +1 -1
  135. package/dist/orchestrator/orchestrator.d.ts.map +1 -1
  136. package/dist/orchestrator/orchestrator.js +5 -3
  137. package/dist/orchestrator/orchestrator.js.map +1 -1
  138. package/dist/orchestrator/parallelResearch.d.ts.map +1 -1
  139. package/dist/orchestrator/parallelResearch.js +6 -20
  140. package/dist/orchestrator/parallelResearch.js.map +1 -1
  141. package/dist/orchestrator/types.d.ts +3 -2
  142. package/dist/orchestrator/types.d.ts.map +1 -1
  143. package/dist/tools/analytics/getUsageAnalytics.js +1 -1
  144. package/dist/tools/analytics/getUsageAnalytics.js.map +1 -1
  145. package/dist/tools/convention/getCodingGuide.js +2 -2
  146. package/dist/tools/convention/getCodingGuide.js.map +1 -1
  147. package/dist/tools/memory/createMemoryTimeline.js +1 -1
  148. package/dist/tools/memory/createMemoryTimeline.js.map +1 -1
  149. package/dist/tools/memory/getSessionContext.js +1 -1
  150. package/dist/tools/memory/getSessionContext.js.map +1 -1
  151. package/dist/tools/memory/restoreSessionContext.js +2 -2
  152. package/dist/tools/memory/restoreSessionContext.js.map +1 -1
  153. package/dist/tools/memory/searchMemoriesAdvanced.js +1 -1
  154. package/dist/tools/memory/searchMemoriesAdvanced.js.map +1 -1
  155. package/dist/tools/memory/startSession.js +3 -3
  156. package/dist/tools/memory/startSession.js.map +1 -1
  157. package/dist/tools/semantic/findReferences.d.ts.map +1 -1
  158. package/dist/tools/semantic/findReferences.js +2 -1
  159. package/dist/tools/semantic/findReferences.js.map +1 -1
  160. package/dist/tools/semantic/findSymbol.d.ts.map +1 -1
  161. package/dist/tools/semantic/findSymbol.js +2 -1
  162. package/dist/tools/semantic/findSymbol.js.map +1 -1
  163. package/hooks/hooks.json +191 -189
  164. package/package.json +87 -85
  165. package/skills/context7-usage.md +82 -82
  166. package/skills/git-worktree.md +181 -181
  167. package/skills/multi-llm-orchestration.md +97 -97
  168. package/skills/parallel-research.md +77 -77
  169. package/skills/priority-todos.md +239 -239
  170. package/skills/tool-fallback.md +126 -126
  171. package/skills/vibe-capabilities.md +127 -127
package/skills/priority-todos.md CHANGED
@@ -1,239 +1,239 @@
1
- ---
2
- description: Priority-based TODO management (P1/P2/P3). Auto-activates when managing tasks, reviewing issues, or organizing work by priority.
3
- ---
4
- # Priority-Based Todo Management Skill
5
-
6
- μš°μ„ μˆœμœ„ 기반 TODO 관리 μ‹œμŠ€ν…œ
7
-
8
- ## Overview
9
-
10
- P1/P2/P3 μš°μ„ μˆœμœ„λ‘œ νƒœμŠ€ν¬λ₯Ό λΆ„λ₯˜ν•˜μ—¬ μ€‘μš”ν•œ 것 λ¨Όμ € 처리
11
-
12
- ## Priority Levels
13
-
14
- ```
15
- β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
16
- β”‚ Priority Levels β”‚
17
- β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
18
- β”‚ β”‚
19
- β”‚ πŸ”΄ P1 (Critical) β”‚
20
- β”‚ β”œβ”€β”€ λ³΄μ•ˆ 취약점 β”‚
21
- β”‚ β”œβ”€β”€ 데이터 손싀 μœ„ν—˜ β”‚
22
- β”‚ β”œβ”€β”€ ν”„λ‘œλ•μ…˜ μž₯μ•  β”‚
23
- β”‚ └── 머지 차단 이슈 β”‚
24
- β”‚ β”‚
25
- β”‚ 🟑 P2 (Important) β”‚
26
- β”‚ β”œβ”€β”€ μ„±λŠ₯ 문제 β”‚
27
- β”‚ β”œβ”€β”€ ν…ŒμŠ€νŠΈ λˆ„λ½ β”‚
28
- β”‚ β”œβ”€β”€ μ•„ν‚€ν…μ²˜ μœ„λ°˜ β”‚
29
- β”‚ └── 기술 뢀채 β”‚
30
- β”‚ β”‚
31
- β”‚ πŸ”΅ P3 (Nice-to-have) β”‚
32
- β”‚ β”œβ”€β”€ μ½”λ“œ μŠ€νƒ€μΌ β”‚
33
- β”‚ β”œβ”€β”€ λ¦¬νŒ©ν† λ§ μ œμ•ˆ β”‚
34
- β”‚ β”œβ”€β”€ λ¬Έμ„œν™” β”‚
35
- β”‚ └── μ΅œμ ν™” 기회 β”‚
36
- β”‚ β”‚
37
- β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
38
- ```
39
-
40
- ## File-Based Todo System
41
-
42
- ### Directory Structure
43
-
44
- ```
45
- .claude/vibe/todos/
46
- β”œβ”€β”€ P1-security-sql-injection.md
47
- β”œβ”€β”€ P1-data-transaction-missing.md
48
- β”œβ”€β”€ P2-perf-n1-query.md
49
- β”œβ”€β”€ P2-test-missing-edge-case.md
50
- β”œβ”€β”€ P2-arch-circular-dependency.md
51
- β”œβ”€β”€ P3-style-extract-helper.md
52
- β”œβ”€β”€ P3-docs-add-readme.md
53
- └── index.md
54
- ```
55
-
56
- ### Todo File Format
57
-
58
- ```markdown
59
- # [P1] SQL Injection Vulnerability
60
-
61
- ## Summary
62
- User input directly concatenated in SQL query without sanitization.
63
-
64
- ## Priority Justification
65
- - πŸ”΄ P1 (Critical)
66
- - Category: Security
67
- - Impact: High (data breach risk)
68
- - Effort: Low (simple fix)
69
-
70
- ## Location
71
- - **File**: src/api/users.py
72
- - **Line**: 42-45
73
- - **Function**: `get_user_by_email()`
74
-
75
- ## Current Code
76
- ```python
77
- def get_user_by_email(email: str):
78
- query = f"SELECT * FROM users WHERE email = '{email}'"
79
- return db.execute(query)
80
- ```
81
-
82
- ## Suggested Fix
83
- ```python
84
- def get_user_by_email(email: str):
85
- query = "SELECT * FROM users WHERE email = %s"
86
- return db.execute(query, (email,))
87
- ```
88
-
89
- ## Checklist
90
- - [ ] Fix implemented
91
- - [ ] Unit test added
92
- - [ ] Security test added
93
- - [ ] Code reviewed
94
- - [ ] Merged
95
-
96
- ## References
97
- - OWASP SQL Injection: https://owasp.org/www-community/attacks/SQL_Injection
98
- - Project Security Guide: docs/security.md
99
-
100
- ## Metadata
101
- - Created: 2026-01-11
102
- - Author: Claude
103
- - Review: /vibe.review PR#123
104
- ```
105
-
106
- ### Index File
107
-
108
- ```markdown
109
- # Todo Index
110
-
111
- ## Summary
112
- | Priority | Count | Status |
113
- |----------|-------|--------|
114
- | πŸ”΄ P1 | 2 | 🚨 Blocks merge |
115
- | 🟑 P2 | 5 | ⚠️ Should fix |
116
- | πŸ”΅ P3 | 3 | πŸ’‘ Backlog |
117
-
118
- ## πŸ”΄ P1 Critical (Blocks Merge)
119
-
120
- | # | Title | Location | Status |
121
- |---|-------|----------|--------|
122
- | 1 | SQL Injection | users.py:42 | ❌ Open |
123
- | 2 | Missing Rollback | payment.py:128 | ❌ Open |
124
-
125
- ## 🟑 P2 Important
126
-
127
- | # | Title | Location | Status |
128
- |---|-------|----------|--------|
129
- | 3 | N+1 Query | orders.py:78 | ❌ Open |
130
- | 4 | Missing Tests | auth.py | ❌ Open |
131
- | 5 | Circular Dep | services/ | ❌ Open |
132
-
133
- ## πŸ”΅ P3 Nice-to-have
134
-
135
- | # | Title | Location | Status |
136
- |---|-------|----------|--------|
137
- | 6 | Extract Helper | utils.py:45 | πŸ’€ Backlog |
138
- | 7 | Add README | /payment | πŸ’€ Backlog |
139
-
140
- ---
141
-
142
- Last updated: 2026-01-11 10:30
143
- ```
144
-
145
- ## Workflow Commands
146
-
147
- ### Create Todo
148
-
149
- ```bash
150
- # /vibe.review κ²°κ³Όμ—μ„œ μžλ™ 생성
151
- /vibe.review PR#123
152
- # β†’ .claude/vibe/todos/ 에 파일 생성
153
-
154
- # μˆ˜λ™ 생성
155
- vibe todo add "SQL Injection in users.py" --priority P1 --category security
156
- ```
157
-
158
- ### List Todos
159
-
160
- ```bash
161
- # 전체 λͺ©λ‘
162
- vibe todo list
163
-
164
- # μš°μ„ μˆœμœ„λ³„
165
- vibe todo list --priority P1
166
- vibe todo list --priority P2
167
-
168
- # μΉ΄ν…Œκ³ λ¦¬λ³„
169
- vibe todo list --category security
170
- vibe todo list --category performance
171
- ```
172
-
173
- ### Complete Todo
174
-
175
- ```bash
176
- # μ™„λ£Œ 처리
177
- vibe todo done P1-security-sql-injection
178
-
179
- # νŒŒμΌμ— 체크 ν‘œμ‹œ + index μ—…λ°μ΄νŠΈ
180
- ```
181
-
182
- ### Clean Up
183
-
184
- ```bash
185
- # μ™„λ£Œλœ ν•­λͺ© μ•„μΉ΄μ΄λΈŒ
186
- vibe todo archive
187
-
188
- # κ²°κ³Ό:
189
- # .claude/vibe/todos/P1-security-sql-injection.md
190
- # β†’ .claude/vibe/todos/done/2026-01-11-P1-security-sql-injection.md
191
- ```
192
-
193
- ## Integration with TodoWrite
194
-
195
- κΈ°μ‘΄ TodoWrite 도ꡬ와 연동:
196
-
197
- ```javascript
198
- TodoWrite({
199
- todos: [
200
- {
201
- content: "[P1] Fix SQL injection in users.py:42",
202
- status: "in_progress",
203
- activeForm: "Fixing SQL injection vulnerability",
204
- priority: "P1", // ν™•μž₯ ν•„λ“œ
205
- category: "security" // ν™•μž₯ ν•„λ“œ
206
- },
207
- {
208
- content: "[P2] Add missing tests for auth",
209
- status: "pending",
210
- activeForm: "Adding auth tests",
211
- priority: "P2",
212
- category: "testing"
213
- }
214
- ]
215
- })
216
- ```
217
-
218
- ## Auto-Blocking Rules
219
-
220
- ```yaml
221
- # .claude/vibe/config.yaml
222
- merge_blocking:
223
- P1: true # P1 있으면 머지 차단
224
- P2: false # P2λŠ” 경고만
225
- P3: false # P3λŠ” λ¬΄μ‹œ
226
-
227
- notifications:
228
- P1: immediate # μ¦‰μ‹œ μ•Œλ¦Ό
229
- P2: daily # 일일 μš”μ•½
230
- P3: weekly # μ£Όκ°„ μš”μ•½
231
- ```
232
-
233
- ## Best Practices
234
-
235
- 1. **P1은 μ¦‰μ‹œ 처리**: λ‹€λ₯Έ μž‘μ—… μ€‘λ‹¨ν•˜κ³  μˆ˜μ •
236
- 2. **P2λŠ” PR μ „ 처리**: 머지 μ „ ν•΄κ²° ꢌμž₯
237
- 3. **P3λŠ” 백둜그**: μ‹œκ°„ λ‚  λ•Œ 처리
238
- 4. **μ •κΈ° 정리**: μ£Ό 1회 todo 리뷰
239
- 5. **μ™„λ£Œ 기둝**: ν•΄κ²° 방법 λ¬Έμ„œν™”
1
+ ---
2
+ description: Priority-based TODO management (P1/P2/P3). Auto-activates when managing tasks, reviewing issues, or organizing work by priority.
3
+ ---
4
+ # Priority-Based Todo Management Skill
5
+
6
+ μš°μ„ μˆœμœ„ 기반 TODO 관리 μ‹œμŠ€ν…œ
7
+
8
+ ## Overview
9
+
10
+ P1/P2/P3 μš°μ„ μˆœμœ„λ‘œ νƒœμŠ€ν¬λ₯Ό λΆ„λ₯˜ν•˜μ—¬ μ€‘μš”ν•œ 것 λ¨Όμ € 처리
11
+
12
+ ## Priority Levels
13
+
14
+ ```
15
+ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
16
+ β”‚ Priority Levels β”‚
17
+ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
18
+ β”‚ β”‚
19
+ β”‚ πŸ”΄ P1 (Critical) β”‚
20
+ β”‚ β”œβ”€β”€ λ³΄μ•ˆ 취약점 β”‚
21
+ β”‚ β”œβ”€β”€ 데이터 손싀 μœ„ν—˜ β”‚
22
+ β”‚ β”œβ”€β”€ ν”„λ‘œλ•μ…˜ μž₯μ•  β”‚
23
+ β”‚ └── 머지 차단 이슈 β”‚
24
+ β”‚ β”‚
25
+ β”‚ 🟑 P2 (Important) β”‚
26
+ β”‚ β”œβ”€β”€ μ„±λŠ₯ 문제 β”‚
27
+ β”‚ β”œβ”€β”€ ν…ŒμŠ€νŠΈ λˆ„λ½ β”‚
28
+ β”‚ β”œβ”€β”€ μ•„ν‚€ν…μ²˜ μœ„λ°˜ β”‚
29
+ β”‚ └── 기술 뢀채 β”‚
30
+ β”‚ β”‚
31
+ β”‚ πŸ”΅ P3 (Nice-to-have) β”‚
32
+ β”‚ β”œβ”€β”€ μ½”λ“œ μŠ€νƒ€μΌ β”‚
33
+ β”‚ β”œβ”€β”€ λ¦¬νŒ©ν† λ§ μ œμ•ˆ β”‚
34
+ β”‚ β”œβ”€β”€ λ¬Έμ„œν™” β”‚
35
+ β”‚ └── μ΅œμ ν™” 기회 β”‚
36
+ β”‚ β”‚
37
+ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
38
+ ```
39
+
40
+ ## File-Based Todo System
41
+
42
+ ### Directory Structure
43
+
44
+ ```
45
+ .claude/vibe/todos/
46
+ β”œβ”€β”€ P1-security-sql-injection.md
47
+ β”œβ”€β”€ P1-data-transaction-missing.md
48
+ β”œβ”€β”€ P2-perf-n1-query.md
49
+ β”œβ”€β”€ P2-test-missing-edge-case.md
50
+ β”œβ”€β”€ P2-arch-circular-dependency.md
51
+ β”œβ”€β”€ P3-style-extract-helper.md
52
+ β”œβ”€β”€ P3-docs-add-readme.md
53
+ └── index.md
54
+ ```
55
+
56
+ ### Todo File Format
57
+
58
+ ```markdown
59
+ # [P1] SQL Injection Vulnerability
60
+
61
+ ## Summary
62
+ User input directly concatenated in SQL query without sanitization.
63
+
64
+ ## Priority Justification
65
+ - πŸ”΄ P1 (Critical)
66
+ - Category: Security
67
+ - Impact: High (data breach risk)
68
+ - Effort: Low (simple fix)
69
+
70
+ ## Location
71
+ - **File**: src/api/users.py
72
+ - **Line**: 42-45
73
+ - **Function**: `get_user_by_email()`
74
+
75
+ ## Current Code
76
+ ```python
77
+ def get_user_by_email(email: str):
78
+ query = f"SELECT * FROM users WHERE email = '{email}'"
79
+ return db.execute(query)
80
+ ```
81
+
82
+ ## Suggested Fix
83
+ ```python
84
+ def get_user_by_email(email: str):
85
+ query = "SELECT * FROM users WHERE email = %s"
86
+ return db.execute(query, (email,))
87
+ ```
88
+
89
+ ## Checklist
90
+ - [ ] Fix implemented
91
+ - [ ] Unit test added
92
+ - [ ] Security test added
93
+ - [ ] Code reviewed
94
+ - [ ] Merged
95
+
96
+ ## References
97
+ - OWASP SQL Injection: https://owasp.org/www-community/attacks/SQL_Injection
98
+ - Project Security Guide: docs/security.md
99
+
100
+ ## Metadata
101
+ - Created: 2026-01-11
102
+ - Author: Claude
103
+ - Review: /vibe.review PR#123
104
+ ```
105
+
106
+ ### Index File
107
+
108
+ ```markdown
109
+ # Todo Index
110
+
111
+ ## Summary
112
+ | Priority | Count | Status |
113
+ |----------|-------|--------|
114
+ | πŸ”΄ P1 | 2 | 🚨 Blocks merge |
115
+ | 🟑 P2 | 5 | ⚠️ Should fix |
116
+ | πŸ”΅ P3 | 3 | πŸ’‘ Backlog |
117
+
118
+ ## πŸ”΄ P1 Critical (Blocks Merge)
119
+
120
+ | # | Title | Location | Status |
121
+ |---|-------|----------|--------|
122
+ | 1 | SQL Injection | users.py:42 | ❌ Open |
123
+ | 2 | Missing Rollback | payment.py:128 | ❌ Open |
124
+
125
+ ## 🟑 P2 Important
126
+
127
+ | # | Title | Location | Status |
128
+ |---|-------|----------|--------|
129
+ | 3 | N+1 Query | orders.py:78 | ❌ Open |
130
+ | 4 | Missing Tests | auth.py | ❌ Open |
131
+ | 5 | Circular Dep | services/ | ❌ Open |
132
+
133
+ ## πŸ”΅ P3 Nice-to-have
134
+
135
+ | # | Title | Location | Status |
136
+ |---|-------|----------|--------|
137
+ | 6 | Extract Helper | utils.py:45 | πŸ’€ Backlog |
138
+ | 7 | Add README | /payment | πŸ’€ Backlog |
139
+
140
+ ---
141
+
142
+ Last updated: 2026-01-11 10:30
143
+ ```
144
+
145
+ ## Workflow Commands
146
+
147
+ ### Create Todo
148
+
149
+ ```bash
150
+ # /vibe.review κ²°κ³Όμ—μ„œ μžλ™ 생성
151
+ /vibe.review PR#123
152
+ # β†’ .claude/vibe/todos/ 에 파일 생성
153
+
154
+ # μˆ˜λ™ 생성
155
+ vibe todo add "SQL Injection in users.py" --priority P1 --category security
156
+ ```
157
+
158
+ ### List Todos
159
+
160
+ ```bash
161
+ # 전체 λͺ©λ‘
162
+ vibe todo list
163
+
164
+ # μš°μ„ μˆœμœ„λ³„
165
+ vibe todo list --priority P1
166
+ vibe todo list --priority P2
167
+
168
+ # μΉ΄ν…Œκ³ λ¦¬λ³„
169
+ vibe todo list --category security
170
+ vibe todo list --category performance
171
+ ```
172
+
173
+ ### Complete Todo
174
+
175
+ ```bash
176
+ # μ™„λ£Œ 처리
177
+ vibe todo done P1-security-sql-injection
178
+
179
+ # νŒŒμΌμ— 체크 ν‘œμ‹œ + index μ—…λ°μ΄νŠΈ
180
+ ```
181
+
182
+ ### Clean Up
183
+
184
+ ```bash
185
+ # μ™„λ£Œλœ ν•­λͺ© μ•„μΉ΄μ΄λΈŒ
186
+ vibe todo archive
187
+
188
+ # κ²°κ³Ό:
189
+ # .claude/vibe/todos/P1-security-sql-injection.md
190
+ # β†’ .claude/vibe/todos/done/2026-01-11-P1-security-sql-injection.md
191
+ ```
192
+
193
+ ## Integration with TodoWrite
194
+
195
+ κΈ°μ‘΄ TodoWrite 도ꡬ와 연동:
196
+
197
+ ```javascript
198
+ TodoWrite({
199
+ todos: [
200
+ {
201
+ content: "[P1] Fix SQL injection in users.py:42",
202
+ status: "in_progress",
203
+ activeForm: "Fixing SQL injection vulnerability",
204
+ priority: "P1", // ν™•μž₯ ν•„λ“œ
205
+ category: "security" // ν™•μž₯ ν•„λ“œ
206
+ },
207
+ {
208
+ content: "[P2] Add missing tests for auth",
209
+ status: "pending",
210
+ activeForm: "Adding auth tests",
211
+ priority: "P2",
212
+ category: "testing"
213
+ }
214
+ ]
215
+ })
216
+ ```
217
+
218
+ ## Auto-Blocking Rules
219
+
220
+ ```yaml
221
+ # .claude/vibe/config.yaml
222
+ merge_blocking:
223
+ P1: true # P1 있으면 머지 차단
224
+ P2: false # P2λŠ” 경고만
225
+ P3: false # P3λŠ” λ¬΄μ‹œ
226
+
227
+ notifications:
228
+ P1: immediate # μ¦‰μ‹œ μ•Œλ¦Ό
229
+ P2: daily # 일일 μš”μ•½
230
+ P3: weekly # μ£Όκ°„ μš”μ•½
231
+ ```
232
+
233
+ ## Best Practices
234
+
235
+ 1. **P1은 μ¦‰μ‹œ 처리**: λ‹€λ₯Έ μž‘μ—… μ€‘λ‹¨ν•˜κ³  μˆ˜μ •
236
+ 2. **P2λŠ” PR μ „ 처리**: 머지 μ „ ν•΄κ²° ꢌμž₯
237
+ 3. **P3λŠ” 백둜그**: μ‹œκ°„ λ‚  λ•Œ 처리
238
+ 4. **μ •κΈ° 정리**: μ£Ό 1회 todo 리뷰
239
+ 5. **μ™„λ£Œ 기둝**: ν•΄κ²° 방법 λ¬Έμ„œν™”