npm - @su-record/vibe - Versions diffs - 2.7.13 → 2.7.15 - Mend

@su-record/vibe 2.7.13 → 2.7.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (232) hide show

package/.env.example +37 -37
package/CLAUDE.md +134 -126
package/LICENSE +21 -21
package/README.md +449 -449
package/agents/architect-low.md +41 -41
package/agents/architect-medium.md +59 -59
package/agents/architect.md +80 -80
package/agents/build-error-resolver.md +115 -115
package/agents/compounder.md +261 -261
package/agents/diagrammer.md +178 -178
package/agents/docs/api-documenter.md +99 -99
package/agents/docs/changelog-writer.md +93 -93
package/agents/e2e-tester.md +294 -294
package/agents/explorer-low.md +42 -42
package/agents/explorer-medium.md +59 -59
package/agents/explorer.md +48 -48
package/agents/implementer-low.md +43 -43
package/agents/implementer-medium.md +52 -52
package/agents/implementer.md +54 -54
package/agents/junior-mentor.md +141 -141
package/agents/planning/requirements-analyst.md +84 -84
package/agents/planning/ux-advisor.md +83 -83
package/agents/qa/acceptance-tester.md +86 -86
package/agents/qa/edge-case-finder.md +93 -93
package/agents/refactor-cleaner.md +143 -143
package/agents/research/best-practices-agent.md +199 -199
package/agents/research/codebase-patterns-agent.md +157 -157
package/agents/research/framework-docs-agent.md +188 -188
package/agents/research/security-advisory-agent.md +213 -213
package/agents/review/architecture-reviewer.md +107 -107
package/agents/review/complexity-reviewer.md +116 -116
package/agents/review/data-integrity-reviewer.md +88 -88
package/agents/review/git-history-reviewer.md +103 -103
package/agents/review/performance-reviewer.md +86 -86
package/agents/review/python-reviewer.md +150 -150
package/agents/review/rails-reviewer.md +139 -139
package/agents/review/react-reviewer.md +144 -144
package/agents/review/security-reviewer.md +80 -80
package/agents/review/simplicity-reviewer.md +140 -140
package/agents/review/test-coverage-reviewer.md +116 -116
package/agents/review/typescript-reviewer.md +127 -127
package/agents/searcher.md +54 -54
package/agents/simplifier.md +120 -120
package/agents/tester.md +49 -49
package/agents/ui/ui-a11y-auditor.md +93 -93
package/agents/ui/ui-antipattern-detector.md +94 -94
package/agents/ui/ui-dataviz-advisor.md +69 -69
package/agents/ui/ui-design-system-gen.md +57 -57
package/agents/ui/ui-industry-analyzer.md +49 -49
package/agents/ui/ui-layout-architect.md +65 -65
package/agents/ui/ui-stack-implementer.md +68 -68
package/agents/ui/ux-compliance-reviewer.md +81 -81
package/agents/ui-previewer.md +258 -260
package/commands/vibe.analyze.md +11 -13
package/commands/vibe.review.md +43 -1
package/commands/vibe.run.md +2124 -2078
package/commands/vibe.spec.md +9 -4
package/commands/vibe.spec.review.md +569 -565
package/commands/vibe.utils.md +413 -413
package/commands/vibe.verify.md +33 -8
package/dist/cli/collaborator.js +52 -52
package/dist/cli/commands/evolution.js +12 -12
package/dist/cli/commands/info.js +54 -54
package/dist/cli/commands/init.js +5 -5
package/dist/cli/commands/remove.js +14 -14
package/dist/cli/commands/sentinel.js +27 -27
package/dist/cli/commands/skills.js +5 -5
package/dist/cli/commands/slack.js +10 -10
package/dist/cli/commands/telegram.js +12 -12
package/dist/cli/detect.js +32 -32
package/dist/cli/index.js +51 -51
package/dist/cli/llm/claude-commands.js +16 -16
package/dist/cli/llm/config.js +19 -19
package/dist/cli/llm/config.js.map +1 -1
package/dist/cli/llm/gemini-commands.js +16 -16
package/dist/cli/llm/gpt-commands.js +19 -19
package/dist/cli/llm/help.js +21 -21
package/dist/cli/postinstall/cursor-agents.js +32 -32
package/dist/cli/postinstall/cursor-rules.js +83 -83
package/dist/cli/postinstall/cursor-skills.js +743 -743
package/dist/cli/setup/Provisioner.js +42 -42
package/dist/cli/types.d.ts +0 -2
package/dist/cli/types.d.ts.map +1 -1
package/dist/infra/lib/DeepInit.js +24 -24
package/dist/infra/lib/IterationTracker.js +11 -11
package/dist/infra/lib/PythonParser.js +108 -108
package/dist/infra/lib/ReviewRace.js +96 -96
package/dist/infra/lib/SkillFrontmatter.js +28 -28
package/dist/infra/lib/SkillQualityGate.js +9 -9
package/dist/infra/lib/SkillRepository.js +159 -159
package/dist/infra/lib/UltraQA.js +99 -99
package/dist/infra/lib/autonomy/AuditStore.js +41 -41
package/dist/infra/lib/autonomy/ConfirmationStore.js +30 -30
package/dist/infra/lib/autonomy/EventOutbox.js +38 -38
package/dist/infra/lib/autonomy/PolicyEngine.js +18 -18
package/dist/infra/lib/autonomy/SecuritySentinel.js +1 -1
package/dist/infra/lib/autonomy/SuggestionStore.js +33 -33
package/dist/infra/lib/embedding/VectorStore.js +22 -22
package/dist/infra/lib/evolution/AgentAnalyzer.js +10 -10
package/dist/infra/lib/evolution/DescriptionOptimizer.js +21 -21
package/dist/infra/lib/evolution/GenerationRegistry.js +36 -36
package/dist/infra/lib/evolution/InsightStore.js +90 -90
package/dist/infra/lib/evolution/RollbackManager.js +5 -5
package/dist/infra/lib/evolution/SkillBenchmark.js +23 -23
package/dist/infra/lib/evolution/SkillEvalRunner.js +50 -50
package/dist/infra/lib/evolution/SkillGapDetector.js +10 -10
package/dist/infra/lib/evolution/UsageTracker.js +28 -28
package/dist/infra/lib/gemini/orchestration.js +5 -5
package/dist/infra/lib/gpt/orchestration.js +4 -4
package/dist/infra/lib/memory/KnowledgeGraph.js +4 -4
package/dist/infra/lib/memory/MemorySearch.js +57 -57
package/dist/infra/lib/memory/MemoryStorage.js +181 -181
package/dist/infra/lib/memory/ObservationStore.js +28 -28
package/dist/infra/lib/memory/ReflectionStore.js +30 -30
package/dist/infra/lib/memory/SessionRAGRetriever.js +7 -7
package/dist/infra/lib/memory/SessionRAGStore.js +225 -225
package/dist/infra/lib/memory/SessionSummarizer.js +9 -9
package/dist/infra/orchestrator/AgentManager.js +12 -12
package/dist/infra/orchestrator/AgentRegistry.js +65 -65
package/dist/infra/orchestrator/MultiLlmResearch.js +8 -8
package/dist/infra/orchestrator/SwarmOrchestrator.test.js +16 -16
package/dist/infra/orchestrator/parallelResearch.js +24 -24
package/dist/tools/convention/analyzeComplexity.test.js +115 -115
package/dist/tools/convention/validateCodeQuality.test.js +104 -104
package/dist/tools/memory/createMemoryTimeline.js +10 -10
package/dist/tools/memory/getMemoryGraph.js +12 -12
package/dist/tools/memory/getSessionContext.js +9 -9
package/dist/tools/memory/linkMemories.js +14 -14
package/dist/tools/memory/listMemories.js +4 -4
package/dist/tools/memory/recallMemory.js +4 -4
package/dist/tools/memory/saveMemory.js +4 -4
package/dist/tools/memory/searchMemoriesAdvanced.js +23 -23
package/dist/tools/semantic/analyzeDependencyGraph.js +12 -12
package/dist/tools/semantic/astGrep.test.js +6 -6
package/dist/tools/spec/prdParser.test.js +171 -171
package/dist/tools/spec/specGenerator.js +169 -169
package/dist/tools/spec/traceabilityMatrix.js +64 -64
package/dist/tools/spec/traceabilityMatrix.test.js +28 -28
package/hooks/gemini-hooks.json +73 -73
package/hooks/hooks.json +137 -137
package/hooks/scripts/code-check.js +77 -70
package/hooks/scripts/context-save.js +212 -212
package/hooks/scripts/hud-status.js +291 -291
package/hooks/scripts/keyword-detector.js +214 -214
package/hooks/scripts/llm-orchestrate.js +475 -475
package/hooks/scripts/post-edit.js +32 -32
package/hooks/scripts/pre-tool-guard.js +125 -125
package/hooks/scripts/prompt-dispatcher.js +185 -185
package/hooks/scripts/sentinel-guard.js +104 -104
package/hooks/scripts/session-start.js +106 -106
package/hooks/scripts/stop-notify.js +209 -209
package/hooks/scripts/utils.js +100 -100
package/languages/csharp-unity.md +515 -515
package/languages/gdscript-godot.md +470 -470
package/languages/ruby-rails.md +489 -489
package/languages/typescript-angular.md +433 -433
package/languages/typescript-astro.md +416 -416
package/languages/typescript-electron.md +406 -406
package/languages/typescript-nestjs.md +524 -524
package/languages/typescript-svelte.md +407 -407
package/languages/typescript-tauri.md +365 -365
package/package.json +121 -121
package/skills/agents-md/SKILL.md +120 -120
package/skills/arch-guard/SKILL.md +180 -180
package/skills/brand-assets/SKILL.md +146 -146
package/skills/capability-loop/SKILL.md +167 -167
package/skills/characterization-test/SKILL.md +206 -206
package/skills/commerce-patterns/SKILL.md +59 -59
package/skills/commit-push-pr/SKILL.md +75 -75
package/skills/context7-usage/SKILL.md +105 -105
package/skills/core-capabilities/SKILL.md +48 -48
package/skills/e2e-commerce/SKILL.md +57 -57
package/skills/exec-plan/SKILL.md +147 -147
package/skills/frontend-design/SKILL.md +73 -73
package/skills/git-worktree/SKILL.md +72 -72
package/skills/handoff/SKILL.md +109 -109
package/skills/parallel-research/SKILL.md +87 -87
package/skills/priority-todos/SKILL.md +63 -63
package/skills/seo-checklist/SKILL.md +57 -57
package/skills/techdebt/SKILL.md +122 -122
package/skills/tool-fallback/SKILL.md +103 -103
package/skills/typescript-advanced-types/SKILL.md +66 -65
package/skills/ui-ux-pro-max/SKILL.md +206 -206
package/skills/vercel-react-best-practices/SKILL.md +59 -59
package/skills/video-production/SKILL.md +51 -51
package/vibe/config.json +29 -29
package/vibe/constitution.md +227 -227
package/vibe/rules/principles/communication-guide.md +98 -98
package/vibe/rules/principles/development-philosophy.md +52 -52
package/vibe/rules/principles/quick-start.md +102 -102
package/vibe/rules/quality/bdd-contract-testing.md +393 -393
package/vibe/rules/quality/checklist.md +276 -276
package/vibe/rules/quality/performance.md +236 -236
package/vibe/rules/quality/testing-strategy.md +440 -440
package/vibe/rules/standards/anti-patterns.md +541 -541
package/vibe/rules/standards/code-structure.md +291 -291
package/vibe/rules/standards/complexity-metrics.md +313 -313
package/vibe/rules/standards/git-workflow.md +237 -237
package/vibe/rules/standards/naming-conventions.md +198 -198
package/vibe/rules/standards/security.md +305 -305
package/vibe/rules/writing/document-style.md +74 -74
package/vibe/setup.sh +31 -31
package/vibe/templates/constitution-template.md +252 -252
package/vibe/templates/contract-backend-template.md +526 -526
package/vibe/templates/contract-frontend-template.md +599 -599
package/vibe/templates/feature-template.md +96 -96
package/vibe/templates/spec-template.md +221 -221
package/vibe/ui-ux-data/charts.csv +26 -26
package/vibe/ui-ux-data/colors.csv +97 -97
package/vibe/ui-ux-data/icons.csv +101 -101
package/vibe/ui-ux-data/landing.csv +31 -31
package/vibe/ui-ux-data/products.csv +96 -96
package/vibe/ui-ux-data/react-performance.csv +45 -45
package/vibe/ui-ux-data/stacks/astro.csv +54 -54
package/vibe/ui-ux-data/stacks/flutter.csv +53 -53
package/vibe/ui-ux-data/stacks/html-tailwind.csv +56 -56
package/vibe/ui-ux-data/stacks/jetpack-compose.csv +53 -53
package/vibe/ui-ux-data/stacks/nextjs.csv +53 -53
package/vibe/ui-ux-data/stacks/nuxt-ui.csv +51 -51
package/vibe/ui-ux-data/stacks/nuxtjs.csv +59 -59
package/vibe/ui-ux-data/stacks/react-native.csv +52 -52
package/vibe/ui-ux-data/stacks/react.csv +54 -54
package/vibe/ui-ux-data/stacks/shadcn.csv +61 -61
package/vibe/ui-ux-data/stacks/svelte.csv +54 -54
package/vibe/ui-ux-data/stacks/swiftui.csv +51 -51
package/vibe/ui-ux-data/stacks/vue.csv +50 -50
package/vibe/ui-ux-data/styles.csv +68 -68
package/vibe/ui-ux-data/typography.csv +57 -57
package/vibe/ui-ux-data/ui-reasoning.csv +101 -101
package/vibe/ui-ux-data/ux-guidelines.csv +99 -99
package/vibe/ui-ux-data/version.json +31 -31
package/vibe/ui-ux-data/web-interface.csv +31 -31

package/agents/research/security-advisory-agent.md CHANGED Viewed

@@ -1,213 +1,213 @@
-# Security Advisory Research Agent
-<!-- Security Advisory Research Agent -->
-## Role
-- Security vulnerability lookup
-- Package security inspection
-- Security best practices
-- Compliance verification
-## Model
-**Haiku** (inherit) - Fast research
-## ⚠️ CRITICAL: NO FILE CREATION
-**THIS AGENT MUST NEVER CREATE FILES.**
-- ❌ DO NOT use Write tool
-- ❌ DO NOT create any files in project root
-- ❌ DO NOT create SECURITY_*.md files
-- ✅ ONLY return research results as text output
-- ✅ Results will be merged into SPEC by core.spec command
-## Usage
-Automatically called in parallel when `/vibe.spec` is executed
-```
-Task(
-  model: "haiku",
-  subagent_type: "Explore",
-  prompt: "Research security advisories for [feature]. Check OWASP, CVEs."
-)
-```
-## Research Areas
-### OWASP Top 10 (2021)
-```
-A01: Broken Access Control
-A02: Cryptographic Failures
-A03: Injection
-A04: Insecure Design
-A05: Security Misconfiguration
-A06: Vulnerable Components
-A07: Authentication Failures
-A08: Software Integrity Failures
-A09: Logging Failures
-A10: SSRF
-```
-### Package Security
-```
-npm audit
-pip-audit
-bundler-audit
-safety check (Python)
-```
-### Compliance
-```
-GDPR:
-├── Data minimization
-├── Consent management
-├── Right to deletion
-└── Data portability
-PCI-DSS:
-├── Card data encryption
-├── Access control
-├── Logging
-└── Vulnerability management
-```
-## Output Format
-```markdown
-## 🔐 Security Advisory Research
-### Feature: [feature-name]
-### Relevant Security Considerations
-1. **OWASP A03: Injection**
-   - Risk: SQL/NoSQL injection
-   - Mitigation:
-     - Use parameterized queries
-     - Validate all user input
-     - Use ORM safely
-2. **OWASP A07: Authentication Failures**
-   - Risk: Credential stuffing, weak passwords
-   - Mitigation:
-     - Rate limiting
-     - Strong password policy
-     - MFA support
-### Known Vulnerabilities
-| Package | Version | CVE | Severity | Fix |
-|---------|---------|-----|----------|-----|
-| lodash | <4.17.21 | CVE-2021-23337 | High | Upgrade |
-| axios | <0.21.1 | CVE-2020-28168 | Medium | Upgrade |
-### Security Checklist
-- [ ] Input validation on all user inputs
-- [ ] Output encoding for XSS prevention
-- [ ] Parameterized queries for SQL
-- [ ] HTTPS enforced
-- [ ] Sensitive data encrypted at rest
-- [ ] Proper error handling (no stack traces)
-- [ ] Rate limiting implemented
-- [ ] CSRF protection enabled
-- [ ] Security headers configured
-### Compliance Requirements
-For [payment feature]:
-- [ ] PCI-DSS: Never store CVV
-- [ ] PCI-DSS: Encrypt card numbers
-- [ ] GDPR: User consent for data processing
-### Recommended Security Libraries
-| Purpose | Library | Notes |
-|---------|---------|-------|
-| Password Hashing | bcrypt/argon2 | Use high work factor |
-| JWT | jose | Well-maintained |
-| Input Validation | zod/pydantic | Type-safe |
-| Rate Limiting | express-rate-limit | Configurable |
-### References
-- OWASP Cheat Sheets: [url]
-- CWE Database: [url]
-```
-## Multi-LLM Enhancement (Quality Assurance)
-**core = Quality Assurance Framework**
-Security research uses **3 perspectives in parallel** for comprehensive coverage:
-```
-┌─────────────────────────────────────────────────────────────┐
-│  PARALLEL SECURITY RESEARCH                                 │
-├─────────────────────────────────────────────────────────────┤
-│  Claude (Haiku)  │ OWASP Top 10, security patterns          │
-│  GPT             │ CVE database, vulnerability details      │
-│  Gemini          │ Latest security advisories, patches      │
-└─────────────────────────────────────────────────────────────┘
-        ↓
-    Merge & Prioritize
-        ↓
-    SPEC Constraints
-```
-**Execution flow:**
-```bash
-# 1. Claude (Primary) - Always runs
-Task(haiku, "Research security advisories for [feature]. Check OWASP, common vulnerabilities.")
-# 2. GPT (Parallel) - When enabled
-node "[LLM_SCRIPT]" gpt-codex orchestrate-json \
-  "Security vulnerabilities for [feature] with [stack]. Focus: CVE database, known exploits, mitigation strategies. Return JSON: {vulnerabilities: [], mitigations: [], checklist: []}"
-# 3. Gemini (Parallel) - When enabled
-node "[LLM_SCRIPT]" gemini orchestrate-json \
-  "Security advisories for [feature] with [stack]. Focus: latest patches, security updates, recent incidents. Return JSON: {advisories: [], patches: [], incidents: []}"
-```
-**Result merge strategy:**
-| Source | Priority | Focus Area |
-|--------|----------|------------|
-| Claude | High | OWASP, security patterns |
-| GPT | High | CVE details, exploits |
-| Gemini | Medium | Latest advisories, patches |
-**Security-specific merge rules:**
-- All vulnerabilities included (no deduplication for safety)
-- Highest severity rating kept when duplicated
-- All mitigations preserved
-- Compliance requirements merged
-**Use cases:**
-- Latest CVE information needed
-- Checking vulnerabilities for specific libraries
-- Detailed compliance review (PCI-DSS, GDPR, HIPAA)
-- Zero-day vulnerability awareness
-## Integration with /vibe.spec
-```text
-/vibe.spec "payment feature"
-→ security-advisory-agent execution (3 LLMs parallel):
-  - Claude: "Research security for payment processing. Check PCI-DSS, OWASP."
-  - GPT: "CVE lookup for payment libraries, known exploits"
-  - Gemini: "Latest payment security advisories, recent breaches"
-→ Merged results reflected in SPEC:
-  - Security requirements (all sources)
-  - Vulnerability checklist (comprehensive)
-  - Compliance items (PCI-DSS, GDPR)
-  - Mitigation strategies (deduplicated)
-```
+# Security Advisory Research Agent
+<!-- Security Advisory Research Agent -->
+## Role
+- Security vulnerability lookup
+- Package security inspection
+- Security best practices
+- Compliance verification
+## Model
+**Haiku** (inherit) - Fast research
+## ⚠️ CRITICAL: NO FILE CREATION
+**THIS AGENT MUST NEVER CREATE FILES.**
+- ❌ DO NOT use Write tool
+- ❌ DO NOT create any files in project root
+- ❌ DO NOT create SECURITY_*.md files
+- ✅ ONLY return research results as text output
+- ✅ Results will be merged into SPEC by core.spec command
+## Usage
+Automatically called in parallel when `/vibe.spec` is executed
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Research security advisories for [feature]. Check OWASP, CVEs."
+)
+```
+## Research Areas
+### OWASP Top 10 (2021)
+```
+A01: Broken Access Control
+A02: Cryptographic Failures
+A03: Injection
+A04: Insecure Design
+A05: Security Misconfiguration
+A06: Vulnerable Components
+A07: Authentication Failures
+A08: Software Integrity Failures
+A09: Logging Failures
+A10: SSRF
+```
+### Package Security
+```
+npm audit
+pip-audit
+bundler-audit
+safety check (Python)
+```
+### Compliance
+```
+GDPR:
+├── Data minimization
+├── Consent management
+├── Right to deletion
+└── Data portability
+PCI-DSS:
+├── Card data encryption
+├── Access control
+├── Logging
+└── Vulnerability management
+```
+## Output Format
+```markdown
+## 🔐 Security Advisory Research
+### Feature: [feature-name]
+### Relevant Security Considerations
+1. **OWASP A03: Injection**
+   - Risk: SQL/NoSQL injection
+   - Mitigation:
+     - Use parameterized queries
+     - Validate all user input
+     - Use ORM safely
+2. **OWASP A07: Authentication Failures**
+   - Risk: Credential stuffing, weak passwords
+   - Mitigation:
+     - Rate limiting
+     - Strong password policy
+     - MFA support
+### Known Vulnerabilities
+| Package | Version | CVE | Severity | Fix |
+|---------|---------|-----|----------|-----|
+| lodash | <4.17.21 | CVE-2021-23337 | High | Upgrade |
+| axios | <0.21.1 | CVE-2020-28168 | Medium | Upgrade |
+### Security Checklist
+- [ ] Input validation on all user inputs
+- [ ] Output encoding for XSS prevention
+- [ ] Parameterized queries for SQL
+- [ ] HTTPS enforced
+- [ ] Sensitive data encrypted at rest
+- [ ] Proper error handling (no stack traces)
+- [ ] Rate limiting implemented
+- [ ] CSRF protection enabled
+- [ ] Security headers configured
+### Compliance Requirements
+For [payment feature]:
+- [ ] PCI-DSS: Never store CVV
+- [ ] PCI-DSS: Encrypt card numbers
+- [ ] GDPR: User consent for data processing
+### Recommended Security Libraries
+| Purpose | Library | Notes |
+|---------|---------|-------|
+| Password Hashing | bcrypt/argon2 | Use high work factor |
+| JWT | jose | Well-maintained |
+| Input Validation | zod/pydantic | Type-safe |
+| Rate Limiting | express-rate-limit | Configurable |
+### References
+- OWASP Cheat Sheets: [url]
+- CWE Database: [url]
+```
+## Multi-LLM Enhancement (Quality Assurance)
+**core = Quality Assurance Framework**
+Security research uses **3 perspectives in parallel** for comprehensive coverage:
+```
+┌─────────────────────────────────────────────────────────────┐
+│  PARALLEL SECURITY RESEARCH                                 │
+├─────────────────────────────────────────────────────────────┤
+│  Claude (Haiku)  │ OWASP Top 10, security patterns          │
+│  GPT             │ CVE database, vulnerability details      │
+│  Gemini          │ Latest security advisories, patches      │
+└─────────────────────────────────────────────────────────────┘
+        ↓
+    Merge & Prioritize
+        ↓
+    SPEC Constraints
+```
+**Execution flow:**
+```bash
+# 1. Claude (Primary) - Always runs
+Task(haiku, "Research security advisories for [feature]. Check OWASP, common vulnerabilities.")
+# 2. GPT (Parallel) - When enabled
+node "[LLM_SCRIPT]" gpt-codex orchestrate-json \
+  "Security vulnerabilities for [feature] with [stack]. Focus: CVE database, known exploits, mitigation strategies. Return JSON: {vulnerabilities: [], mitigations: [], checklist: []}"
+# 3. Gemini (Parallel) - When enabled
+node "[LLM_SCRIPT]" gemini orchestrate-json \
+  "Security advisories for [feature] with [stack]. Focus: latest patches, security updates, recent incidents. Return JSON: {advisories: [], patches: [], incidents: []}"
+```
+**Result merge strategy:**
+| Source | Priority | Focus Area |
+|--------|----------|------------|
+| Claude | High | OWASP, security patterns |
+| GPT | High | CVE details, exploits |
+| Gemini | Medium | Latest advisories, patches |
+**Security-specific merge rules:**
+- All vulnerabilities included (no deduplication for safety)
+- Highest severity rating kept when duplicated
+- All mitigations preserved
+- Compliance requirements merged
+**Use cases:**
+- Latest CVE information needed
+- Checking vulnerabilities for specific libraries
+- Detailed compliance review (PCI-DSS, GDPR, HIPAA)
+- Zero-day vulnerability awareness
+## Integration with /vibe.spec
+```text
+/vibe.spec "payment feature"
+→ security-advisory-agent execution (3 LLMs parallel):
+  - Claude: "Research security for payment processing. Check PCI-DSS, OWASP."
+  - GPT: "CVE lookup for payment libraries, known exploits"
+  - Gemini: "Latest payment security advisories, recent breaches"
+→ Merged results reflected in SPEC:
+  - Security requirements (all sources)
+  - Vulnerability checklist (comprehensive)
+  - Compliance items (PCI-DSS, GDPR)
+  - Mitigation strategies (deduplicated)
+```

package/agents/review/architecture-reviewer.md CHANGED Viewed

@@ -1,107 +1,107 @@
-# Architecture Reviewer Agent
-<!-- Architecture Design Expert Review Agent -->
-## Role
-- Layer violation detection
-- Circular dependency detection
-- SOLID principles verification
-- Pattern consistency check
-## Model
-**Haiku** (inherit) - Fast parallel execution
-## Checklist
-### Layer Violations
-- [ ] Controller directly accessing DB?
-- [ ] Service generating HTTP responses?
-- [ ] Model containing business logic?
-- [ ] Util with external dependencies?
-### Circular Dependencies
-- [ ] Circular imports between modules?
-- [ ] Mutual references between services?
-- [ ] Circular dependencies between packages?
-### SOLID Principles
-- [ ] Single Responsibility: One role?
-- [ ] Open/Closed: Open to extension?
-- [ ] Liskov Substitution: Substitutable?
-- [ ] Interface Segregation: Interfaces separated?
-- [ ] Dependency Inversion: Depending on abstractions?
-### Consistency
-- [ ] Matches existing patterns?
-- [ ] Naming conventions followed?
-- [ ] Directory structure consistency?
-- [ ] Error handling patterns?
-### Coupling & Cohesion
-- [ ] Loose coupling?
-- [ ] High cohesion?
-- [ ] Dependency injection used?
-- [ ] Interfaces defined?
-### Scalability
-- [ ] State management appropriate?
-- [ ] Horizontal scaling possible?
-- [ ] Bottlenecks present?
-- [ ] Cache layer?
-## Output Format
-```markdown
-## 🏗️ Architecture Review
-### 🔴 P1 Critical
-1. **Circular Dependency Detected**
-   - 📍 Location:
-     - src/services/user.py → src/services/order.py
-     - src/services/order.py → src/services/user.py
-   - 💡 Fix: Extract shared logic to src/services/common.py
-### 🟡 P2 Important
-2. **Layer Violation**
-   - 📍 Location: src/controllers/api.py:45
-   - 🚫 Controller directly accessing database
-   - 💡 Fix: Move to service layer
-### 🔵 P3 Suggestions
-3. **Consider Dependency Injection**
-   - 📍 Location: src/services/payment.py
-   - 💡 Inject PaymentGateway instead of importing
-```
-## Dependency Graph
-Generate dependency graph when needed:
-```
-┌─────────────┐     ┌─────────────┐
-│  Controller │────▶│   Service   │
-└─────────────┘     └─────────────┘
-                           │
-                           ▼
-                    ┌─────────────┐
-                    │ Repository  │
-                    └─────────────┘
-                           │
-              ❌ Violation │
-                           ▼
-                    ┌─────────────┐
-                    │   Database  │
-                    └─────────────┘
-```
-## Usage
-```
-Task(
-  model: "haiku",
-  subagent_type: "Explore",
-  prompt: "Architecture review for [files]. Check layers, dependencies, SOLID."
-)
-```
+# Architecture Reviewer Agent
+<!-- Architecture Design Expert Review Agent -->
+## Role
+- Layer violation detection
+- Circular dependency detection
+- SOLID principles verification
+- Pattern consistency check
+## Model
+**Haiku** (inherit) - Fast parallel execution
+## Checklist
+### Layer Violations
+- [ ] Controller directly accessing DB?
+- [ ] Service generating HTTP responses?
+- [ ] Model containing business logic?
+- [ ] Util with external dependencies?
+### Circular Dependencies
+- [ ] Circular imports between modules?
+- [ ] Mutual references between services?
+- [ ] Circular dependencies between packages?
+### SOLID Principles
+- [ ] Single Responsibility: One role?
+- [ ] Open/Closed: Open to extension?
+- [ ] Liskov Substitution: Substitutable?
+- [ ] Interface Segregation: Interfaces separated?
+- [ ] Dependency Inversion: Depending on abstractions?
+### Consistency
+- [ ] Matches existing patterns?
+- [ ] Naming conventions followed?
+- [ ] Directory structure consistency?
+- [ ] Error handling patterns?
+### Coupling & Cohesion
+- [ ] Loose coupling?
+- [ ] High cohesion?
+- [ ] Dependency injection used?
+- [ ] Interfaces defined?
+### Scalability
+- [ ] State management appropriate?
+- [ ] Horizontal scaling possible?
+- [ ] Bottlenecks present?
+- [ ] Cache layer?
+## Output Format
+```markdown
+## 🏗️ Architecture Review
+### 🔴 P1 Critical
+1. **Circular Dependency Detected**
+   - 📍 Location:
+     - src/services/user.py → src/services/order.py
+     - src/services/order.py → src/services/user.py
+   - 💡 Fix: Extract shared logic to src/services/common.py
+### 🟡 P2 Important
+2. **Layer Violation**
+   - 📍 Location: src/controllers/api.py:45
+   - 🚫 Controller directly accessing database
+   - 💡 Fix: Move to service layer
+### 🔵 P3 Suggestions
+3. **Consider Dependency Injection**
+   - 📍 Location: src/services/payment.py
+   - 💡 Inject PaymentGateway instead of importing
+```
+## Dependency Graph
+Generate dependency graph when needed:
+```
+┌─────────────┐     ┌─────────────┐
+│  Controller │────▶│   Service   │
+└─────────────┘     └─────────────┘
+                           │
+                           ▼
+                    ┌─────────────┐
+                    │ Repository  │
+                    └─────────────┘
+                           │
+              ❌ Violation │
+                           ▼
+                    ┌─────────────┐
+                    │   Database  │
+                    └─────────────┘
+```
+## Usage
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Architecture review for [files]. Check layers, dependencies, SOLID."
+)
+```