@su-record/vibe 2.4.72 → 2.4.76

package/agents/review/test-coverage-reviewer.md

@@ -1,56 +1,56 @@
 # Test Coverage Reviewer Agent
 
-테스트 커버리지 전문 리뷰 에이전트
+<!-- Test Coverage Expert Review Agent -->
 
 ## Role
 
-- 테스트 누락 탐지
-- 엣지 케이스 식별
-- 테스트 품질 평가
-- 모킹 전략 검토
+- Missing test detection
+- Edge case identification
+- Test quality evaluation
+- Mocking strategy review
 
 ## Model
 
-**Haiku** (inherit) - 빠른 병렬 실행
+**Haiku** (inherit) - Fast parallel execution
 
 ## Checklist
 
 ### Coverage Gaps
-- [ ] 새 코드에 테스트 존재?
-- [ ] 분기 커버리지 충분?
-- [ ] 에러 경로 테스트?
-- [ ] 경계값 테스트?
+- [ ] Tests exist for new code?
+- [ ] Branch coverage sufficient?
+- [ ] Error paths tested?
+- [ ] Boundary values tested?
 
 ### Edge Cases
-- [ ] null/undefined 처리?
-- [ ] 빈 배열/객체?
-- [ ] 최대/최소값?
-- [ ] 특수 문자?
-- [ ] 동시성 시나리오?
+- [ ] null/undefined handling?
+- [ ] Empty arrays/objects?
+- [ ] Maximum/minimum values?
+- [ ] Special characters?
+- [ ] Concurrency scenarios?
 
 ### Test Quality
-- [ ] 테스트 독립성?
-- [ ] 의미 있는 어설션?
-- [ ] 테스트 이름 명확?
-- [ ] AAA 패턴 (Arrange-Act-Assert)?
+- [ ] Test independence?
+- [ ] Meaningful assertions?
+- [ ] Test names clear?
+- [ ] AAA pattern (Arrange-Act-Assert)?
 
 ### Mocking
-- [ ] 외부 의존성 모킹?
-- [ ] 과도한 모킹 금지?
-- [ ] 모킹 현실성?
-- [ ] 테스트 더블 적절?
+- [ ] External dependencies mocked?
+- [ ] No excessive mocking?
+- [ ] Mock realism?
+- [ ] Test doubles appropriate?
 
 ### Integration
-- [ ] 통합 테스트 존재?
-- [ ] API 계약 테스트?
-- [ ] 데이터베이스 테스트?
-- [ ] E2E 시나리오?
+- [ ] Integration tests exist?
+- [ ] API contract tests?
+- [ ] Database tests?
+- [ ] E2E scenarios?
 
 ### Flakiness
-- [ ] 시간 의존성?
-- [ ] 랜덤 데이터?
-- [ ] 외부 서비스 의존?
-- [ ] 비동기 처리?
+- [ ] Time dependency?
+- [ ] Random data?
+- [ ] External service dependency?
+- [ ] Async handling?
 
 ## Output Format
 

package/agents/review/typescript-reviewer.md

@@ -1,77 +1,77 @@
 # TypeScript Reviewer Agent
 
-TypeScript 코드 전문 리뷰 에이전트
+<!-- TypeScript Code Expert Review Agent -->
 
 ## Role
 
-- 타입 안전성 검증
-- ESLint/Prettier 규칙 준수
-- 모던 TS 패턴 제안
-- React/Node.js 베스트 프랙티스
+- Type safety verification
+- ESLint/Prettier rule compliance
+- Modern TS pattern suggestions
+- React/Node.js best practices
 
 ## Model
 
-**Haiku** (inherit) - 빠른 병렬 실행
+**Haiku** (inherit) - Fast parallel execution
 
 ## Checklist
 
 ### Type Safety
-- [ ] `any` 타입 사용 최소화?
-- [ ] 타입 가드 적절히 사용?
-- [ ] `unknown` 대신 `any`?
-- [ ] 유니온 타입 narrowing?
-- [ ] 제네릭 적절히 활용?
+- [ ] `any` type usage minimized?
+- [ ] Type guards used appropriately?
+- [ ] `unknown` instead of `any`?
+- [ ] Union type narrowing?
+- [ ] Generics utilized appropriately?
 
 ### Strict Mode
-- [ ] strictNullChecks 준수?
-- [ ] noImplicitAny 준수?
-- [ ] optional chaining (?.) 활용?
-- [ ] nullish coalescing (??) 활용?
+- [ ] strictNullChecks compliant?
+- [ ] noImplicitAny compliant?
+- [ ] Optional chaining (?.) utilized?
+- [ ] Nullish coalescing (??) utilized?
 
 ### Modern Patterns
 - [ ] const assertion (as const)?
-- [ ] satisfies 연산자?
+- [ ] satisfies operator?
 - [ ] Template literal types?
 - [ ] Discriminated unions?
 
 ### Error Handling
-- [ ] 에러 타입 정의?
-- [ ] Result/Either 패턴?
-- [ ] async 에러 처리?
-- [ ] 사용자 친화적 에러 메시지?
+- [ ] Error types defined?
+- [ ] Result/Either pattern?
+- [ ] Async error handling?
+- [ ] User-friendly error messages?
 
 ### Imports/Exports
-- [ ] 배럴 exports 사용?
-- [ ] 순환 의존성 없음?
-- [ ] 타입 전용 import (import type)?
-- [ ] 사용하지 않는 import?
+- [ ] Barrel exports used?
+- [ ] No circular dependencies?
+- [ ] Type-only import (import type)?
+- [ ] Unused imports?
 
 ### Performance
-- [ ] 불필요한 리렌더링?
-- [ ] 메모이제이션 (useMemo, useCallback)?
-- [ ] 번들 사이즈 영향?
-- [ ] 동적 import 활용?
+- [ ] Unnecessary re-renders?
+- [ ] Memoization (useMemo, useCallback)?
+- [ ] Bundle size impact?
+- [ ] Dynamic import utilized?
 
 ## Framework Specific
 
 ### React
-- [ ] 훅 규칙 준수 (Rules of Hooks)?
-- [ ] 의존성 배열 완전?
-- [ ] key prop 적절?
-- [ ] 컴포넌트 분리 적절?
-- [ ] 상태 관리 적절?
+- [ ] Rules of Hooks followed?
+- [ ] Dependency array complete?
+- [ ] Key prop appropriate?
+- [ ] Component separation appropriate?
+- [ ] State management appropriate?
 
 ### Node.js/Express
-- [ ] async 에러 미들웨어?
-- [ ] 입력 검증 (zod, joi)?
-- [ ] 환경 변수 타입 안전?
-- [ ] 로깅 적절?
+- [ ] Async error middleware?
+- [ ] Input validation (zod, joi)?
+- [ ] Environment variables type-safe?
+- [ ] Logging appropriate?
 
 ### Next.js
-- [ ] App Router 패턴?
-- [ ] Server/Client 컴포넌트 구분?
-- [ ] 메타데이터 설정?
-- [ ] 이미지 최적화?
+- [ ] App Router patterns?
+- [ ] Server/Client component distinction?
+- [ ] Metadata configuration?
+- [ ] Image optimization?
 
 ## Output Format
 

package/commands/vibe.analyze.md

@@ -136,17 +136,17 @@ After analysis:
 ```
 ## Next Steps
 
-개발을 진행하려면 워크플로우를 선택하세요:
+Choose a workflow to proceed with development:
 
-| 작업 규모 | 권장 방식 |
+| Task Scope | Recommended Approach |
 |----------|----------|
-| 간단한 수정 (1-2 파일) | Plan Mode |
-| 복잡한 기능 (3+ 파일, 리서치/검증 필요) | /vibe.spec |
+| Simple fix (1-2 files) | Plan Mode |
+| Complex feature (3+ files, research/verification needed) | /vibe.spec |
 
-1. `/vibe.spec "feature-name"` - VIBE 워크플로우 (병렬 리서치 + SPEC 검증)
-2. Plan Mode - 빠른 구현 (간단한 작업용)
+1. `/vibe.spec "feature-name"` - VIBE workflow (parallel research + SPEC verification)
+2. Plan Mode - Quick implementation (for simple tasks)
 
-어떤 방식으로 진행할까요?
+Which approach would you like to use?
 ```
 
 3. Wait for user's choice before proceeding
@@ -257,4 +257,100 @@ node -e "import('@su-record/vibe/tools').then(t => t.saveMemory({key: 'analysis-
 
 ---
 
+## Quality Gate (Mandatory)
+
+### Analysis Quality Checklist
+
+Before completing analysis, ALL items must be checked:
+
+| Category | Check Item | Weight |
+|----------|------------|--------|
+| **Completeness** | All related files identified | 20% |
+| **Completeness** | All API endpoints documented | 15% |
+| **Completeness** | All data models mapped | 15% |
+| **Accuracy** | File paths verified to exist | 10% |
+| **Accuracy** | Line numbers accurate | 10% |
+| **Depth** | Business logic explained | 10% |
+| **Depth** | Dependencies mapped | 10% |
+| **Actionability** | Next steps clearly defined | 10% |
+
+### Analysis Score Calculation
+
+```
+Score = Σ(checked items × weight) / 100
+
+Grades:
+- 95-100: ✅ EXCELLENT - Comprehensive analysis
+- 85-94:  ✅ GOOD - Ready for development
+- 70-84:  ⚠️ FAIR - Needs more exploration
+- 0-69:   ❌ POOR - Incomplete, re-analyze
+```
+
+### Analysis Depth Levels
+
+| Level | Scope | Output |
+|-------|-------|--------|
+| **L1: Surface** | File names, basic structure | File list only |
+| **L2: Structure** | Functions, classes, imports | Structure map |
+| **L3: Logic** | Business logic, data flow | Flow diagrams |
+| **L4: Deep** | Edge cases, dependencies, risks | Full analysis |
+
+**Minimum required: L3 for feature analysis, L2 for project overview**
+
+### Analysis Output Requirements
+
+Every analysis MUST include:
+
+1. **Overview Section**
+   - Feature description (1 sentence)
+   - Implementation status (Complete/In progress/Not implemented)
+   - Related file count
+
+2. **Structure Section**
+   - API endpoints table (Method, Path, Description, Auth)
+   - Core services list with key methods
+   - Data models with fields and relationships
+
+3. **Reference File List**
+   - Absolute or relative paths
+   - Line number ranges for key sections
+   - Brief description per file
+
+4. **Next Steps**
+   - Workflow choice prompt (Plan Mode vs VIBE)
+   - Specific action items if applicable
+
+### Forbidden Incomplete Patterns
+
+| Pattern | Issue | Required Fix |
+|---------|-------|--------------|
+| "and more..." | Incomplete list | List all items |
+| "etc." | Vague scope | Be specific |
+| "related files" without list | Missing details | Provide file paths |
+| Missing line numbers | Hard to navigate | Add `:L10-50` format |
+| No auth info on endpoints | Security gap | Always specify auth |
+
+### Code Quality Analysis Thresholds
+
+When running `--code` analysis:
+
+| Metric | Good | Warning | Critical |
+|--------|------|---------|----------|
+| Avg Complexity | ≤10 | 11-15 | >15 |
+| Max Function Length | ≤30 | 31-50 | >50 |
+| High Complexity Files | 0 | 1-3 | >3 |
+| Circular Dependencies | 0 | 1 | >1 |
+
+### Dependency Analysis Thresholds
+
+When running `--deps` analysis:
+
+| Metric | Good | Warning | Critical |
+|--------|------|---------|----------|
+| Outdated Packages | 0-3 | 4-10 | >10 |
+| Security Vulnerabilities | 0 | 1-2 (low) | Any high/critical |
+| Major Version Behind | 0 | 1-2 | >2 |
+
+---
+
 ARGUMENTS: $ARGUMENTS

package/commands/vibe.reason.md

@@ -220,4 +220,110 @@ node -e "import('@su-record/vibe/tools').then(t => t.saveMemory({key: 'hypothesi
 
 ---
 
+## Quality Gate (Mandatory)
+
+### Reasoning Quality Checklist
+
+Before completing reasoning analysis, ALL steps must be verified:
+
+| Step | Check Item | Weight |
+|------|------------|--------|
+| **Step 1** | Logical dependencies and constraints identified | 10% |
+| **Step 2** | Risk assessment completed with rollback plan | 10% |
+| **Step 3** | At least 3 hypotheses generated with likelihood | 15% |
+| **Step 4** | Verification method defined for each hypothesis | 10% |
+| **Step 5** | All available tools and resources listed | 10% |
+| **Step 6** | Evidence cited with exact sources | 15% |
+| **Step 7** | All alternatives explored | 10% |
+| **Step 8** | Error handling strategy defined | 10% |
+| **Step 9** | Action plan documented before execution | 10% |
+
+### Reasoning Score Calculation
+
+```
+Score = (completed_steps / 9) × 100
+
+Grades:
+- 9/9 (100%): ✅ THOROUGH - Ready to act
+- 7-8/9 (78-89%): ⚠️ ADEQUATE - Minor gaps
+- 5-6/9 (56-67%): ❌ INCOMPLETE - More analysis needed
+- <5/9 (<56%): ❌ INSUFFICIENT - Start over
+```
+
+### Hypothesis Quality Standards
+
+Each hypothesis MUST include:
+
+| Component | Requirement | Example |
+|-----------|-------------|---------|
+| **Description** | Clear, testable statement | "Session data is incomplete due to race condition" |
+| **Likelihood** | High/Medium/Low with justification | "High - intermittent = timing issue" |
+| **Evidence** | Supporting observations | "Error only on concurrent logins" |
+| **Verification** | Specific test method | "Add logging to session.save()" |
+| **Disproof criteria** | What would rule it out | "Logs show complete data every time" |
+
+### Minimum Hypothesis Count
+
+| Problem Complexity | Minimum Hypotheses |
+|--------------------|-------------------|
+| Simple (single component) | 2 |
+| Medium (cross-component) | 3 |
+| Complex (system-wide) | 5 |
+
+### Evidence Standards
+
+All claims MUST include:
+
+| Evidence Type | Required Format |
+|---------------|-----------------|
+| Code reference | `filename.ts:L42` |
+| Log/metric | Exact value with timestamp |
+| Documentation | Document name + section |
+| Prior knowledge | Memory key or conversation reference |
+
+### Risk Assessment Matrix
+
+| Risk Level | Rollback Required | Approval Required |
+|------------|-------------------|-------------------|
+| **Low** | Optional | No |
+| **Medium** | Yes, automated | No |
+| **High** | Yes, tested | User confirmation |
+| **Critical** | Yes, verified | User + backup plan |
+
+### Forbidden Reasoning Patterns
+
+| Pattern | Issue | Required Fix |
+|---------|-------|--------------|
+| "Probably X" without evidence | Unsubstantiated claim | Add supporting evidence |
+| Single hypothesis | Tunnel vision | Generate alternatives |
+| Skipping risk assessment | Dangerous changes | Always assess risk |
+| "I think" without verification | Assumption | Verify before claiming |
+| Acting before reasoning complete | Premature action | Complete all 9 steps |
+
+### Reasoning Output Requirements
+
+Every reasoning analysis MUST include:
+
+1. **Problem Statement**
+   - Clear description
+   - Context and constraints
+   - Steps applied count (X/9)
+
+2. **Hypothesis Table**
+   - Ranked by likelihood
+   - All 5 components per hypothesis
+   - Verification status
+
+3. **Risk Assessment**
+   - Risk level classification
+   - Rollback possibility
+   - Approval requirements
+
+4. **Recommended Actions**
+   - Immediate (low risk, high confidence)
+   - Short-term (medium priority)
+   - Long-term (systemic fix)
+
+---
+
 ARGUMENTS: $ARGUMENTS

package/commands/vibe.review.md

@@ -101,35 +101,35 @@ P3 NICE-TO-HAVE (Enhancement) - N issues
 
 ### Phase 5: Auto-Fix (P1/P2)
 
-**자동 수정 가능한 이슈는 바로 해결:**
+**Auto-fixable issues are resolved immediately:**
 
 ```
-🔧 AUTO-FIX 시작...
+🔧 AUTO-FIX Starting...
 
 P1 Critical:
-  1. [SECURITY] SQL Injection → parameterized query로 수정 ✅
-  2. [DATA] Transaction rollback 누락 → try-finally 추가 ✅
+  1. [SECURITY] SQL Injection → Fixed with parameterized query ✅
+  2. [DATA] Missing transaction rollback → Added try-finally ✅
 
 P2 Important:
-  3. [PERF] N+1 query → select_related 추가 ✅
-  4. [ARCH] Circular dependency → 의존성 분리 ✅
-  5. [TEST] Missing edge case → 테스트 추가 ✅
+  3. [PERF] N+1 query → Added select_related ✅
+  4. [ARCH] Circular dependency → Separated dependencies ✅
+  5. [TEST] Missing edge case → Added test ✅
 
-🔍 재검증 중...
-  ✅ 빌드 성공
-  ✅ 테스트 통과
+🔍 Re-validating...
+  ✅ Build successful
+  ✅ Tests passed
 
-✅ 5개 이슈 자동 수정 완료!
+✅ 5 issues auto-fixed!
 ```
 
-**자동 수정 불가능한 경우:**
-- 아키텍처 대규모 변경 필요
-- 비즈니스 로직 결정 필요
-- 사용자 확인 필요한 경우
+**Cases that cannot be auto-fixed:**
+- Requires large-scale architecture changes
+- Requires business logic decisions
+- Requires user confirmation
 
-→ Phase 6에서 수동 처리 안내
+→ Manual handling instructions in Phase 6
 
-### Phase 6: Todo File Creation (수동 처리 필요 항목)
+### Phase 6: Todo File Creation (Items Requiring Manual Handling)
 
 Save **remaining** findings to `.claude/vibe/todos/`:
 
@@ -137,8 +137,8 @@ Save **remaining** findings to `.claude/vibe/todos/`:
 {priority}-{category}-{short-desc}.md
 
 Examples:
-- P2-arch-large-refactor.md  (자동 수정 불가)
-- P3-style-extract-helper.md (백로그)
+- P2-arch-large-refactor.md  (Cannot be auto-fixed)
+- P3-style-extract-helper.md (Backlog)
 ```
 
 ## Output
@@ -149,12 +149,12 @@ PR #123: Add user authentication
 
 Reviewers: 13 agents | Duration: 45s
 
-Score: 92/100 (Good) ← 자동 수정 후 점수
+Score: 92/100 (Good) ← Score after auto-fix
 
 Issues Found:
-- P1 Critical: 2 → 0 (✅ 자동 수정)
-- P2 Important: 5 → 1 (✅ 4개 자동 수정)
-- P3 Nice-to-have: 3 (백로그)
+- P1 Critical: 2 → 0 (✅ Auto-fixed)
+- P2 Important: 5 → 1 (✅ 4 auto-fixed)
+- P3 Nice-to-have: 3 (Backlog)
 
 Auto-Fixed: 6 issues
 - [SECURITY] SQL Injection ✅
@@ -164,32 +164,32 @@ Auto-Fixed: 6 issues
 - [PERF] Unnecessary loop ✅
 - [TEST] Missing edge case ✅
 
-Remaining (수동 처리 필요):
-- P2-arch-large-refactor.md (아키텍처 결정 필요)
-- P3-style-extract-helper.md (백로그)
-- P3-docs-add-readme.md (백로그)
+Remaining (Manual handling required):
+- P2-arch-large-refactor.md (Architecture decision required)
+- P3-style-extract-helper.md (Backlog)
+- P3-docs-add-readme.md (Backlog)
 
-✅ MERGE READY (P1/P2 해결됨)
+✅ MERGE READY (P1/P2 resolved)
 ```
 
-### Phase 7: Guide to Fix Workflow (수동 처리 항목)
+### Phase 7: Guide to Fix Workflow (Manual Handling Items)
 
-**남은 이슈 처리 시 워크플로우 선택:**
+**Choose workflow when handling remaining issues:**
 
 ```
 ## Fix Workflow
 
-발견된 이슈를 수정하려면 워크플로우를 선택하세요:
+Choose a workflow to fix the discovered issues:
 
-| 작업 규모 | 권장 방식 |
-|----------|----------|
-| 간단한 수정 (1-2 파일) | Plan Mode |
-| 복잡한 수정 (3+ 파일, 검증 필요) | /vibe.spec |
+| Task Scale | Recommended Approach |
+|------------|---------------------|
+| Simple fix (1-2 files) | Plan Mode |
+| Complex fix (3+ files, validation needed) | /vibe.spec |
 
-1. `/vibe.spec "fix: issue-name"` - VIBE 워크플로우 (SPEC 검증 + 재리뷰)
-2. Plan Mode - 빠른 수정 (간단한 작업용)
+1. `/vibe.spec "fix: issue-name"` - VIBE workflow (SPEC validation + re-review)
+2. Plan Mode - Quick fix (for simple tasks)
 
-어떤 방식으로 진행할까요?
+Which approach would you like to proceed with?
 ```
 
 - Wait for user's choice before proceeding
@@ -238,4 +238,89 @@ node -e "import('@su-record/vibe/tools').then(t => t.saveMemory({key: 'review-pr
 
 ---
 
+## Quality Gate (Mandatory)
+
+### Review Quality Checklist
+
+Before completing review, ALL items must be verified:
+
+| Category | Check Item | Weight |
+|----------|------------|--------|
+| **Security** | OWASP Top 10 vulnerabilities scanned | 20% |
+| **Security** | Authentication/authorization verified | 10% |
+| **Security** | Sensitive data exposure checked | 10% |
+| **Performance** | N+1 queries detected and flagged | 10% |
+| **Performance** | Memory leaks checked | 5% |
+| **Architecture** | Layer violations detected | 10% |
+| **Architecture** | Circular dependencies checked | 5% |
+| **Code Quality** | Complexity limits enforced | 10% |
+| **Code Quality** | Forbidden patterns detected | 10% |
+| **Testing** | Test coverage gaps identified | 5% |
+| **Documentation** | Public API documentation checked | 5% |
+
+### Review Score Calculation
+
+```
+Score = 100 - (P1 × 20) - (P2 × 5) - (P3 × 1)
+
+Grades:
+- 95-100: ✅ EXCELLENT - Merge ready
+- 85-94:  ✅ GOOD - Minor fixes recommended
+- 70-84:  ⚠️ FAIR - Must fix P2 issues
+- 0-69:   ❌ POOR - Block merge, fix P1/P2
+```
+
+### Merge Decision Matrix
+
+| P1 Count | P2 Count | Decision |
+|----------|----------|----------|
+| 0 | 0-2 | ✅ MERGE READY |
+| 0 | 3+ | ⚠️ FIX P2 FIRST |
+| 1+ | Any | ❌ BLOCKED |
+
+### Auto-Fix Capability Matrix
+
+| Issue Type | Auto-Fixable | Method |
+|------------|--------------|--------|
+| SQL Injection | ✅ Yes | Parameterized query |
+| Missing transaction | ✅ Yes | Add try-finally |
+| N+1 query | ✅ Yes | Add eager loading |
+| Circular dependency | ⚠️ Partial | Suggest restructure |
+| Missing tests | ✅ Yes | Generate test skeleton |
+| Hardcoded secrets | ❌ No | Flag for manual review |
+| Architecture violation | ❌ No | Suggest refactoring plan |
+
+### Forbidden Patterns (P1 Critical)
+
+| Pattern | Risk Level | Detection Method |
+|---------|------------|------------------|
+| Hardcoded credentials | Critical | Regex + entropy scan |
+| SQL string concatenation | Critical | AST analysis |
+| `eval()` or `exec()` | Critical | AST analysis |
+| Disabled CSRF protection | Critical | Config scan |
+| Debug mode in production | Critical | Config scan |
+| Unvalidated redirects | High | URL pattern scan |
+
+### Review Output Requirements
+
+Every review MUST produce:
+
+1. **Summary Statistics**
+   - Total issues by priority (P1/P2/P3)
+   - Auto-fixed count
+   - Remaining manual fixes
+
+2. **Detailed Findings**
+   - File path and line number
+   - Issue description
+   - Recommended fix
+   - Auto-fix status (applied/pending/manual)
+
+3. **Quality Score**
+   - Numerical score (0-100)
+   - Grade (EXCELLENT/GOOD/FAIR/POOR)
+   - Merge recommendation
+
+---
+
 ARGUMENTS: $ARGUMENTS