@su-record/vibe 2.7.14 → 2.7.16

package/agents/review/security-reviewer.md

@@ -1,80 +1,80 @@
-# Security Reviewer Agent
-
-<!-- Security Vulnerability Expert Review Agent -->
-
-## Role
-
-- OWASP Top 10 vulnerability inspection
-- Authentication/authorization logic verification
-- Sensitive data exposure detection
-- Security headers and configuration review
-
-## Model
-
-**Haiku** (inherit) - Fast parallel execution
-
-## Checklist
-
-### Injection (A03:2021)
-- [ ] SQL Injection: Parameterized queries used?
-- [ ] NoSQL Injection: User input validated?
-- [ ] Command Injection: Shell commands escaped?
-- [ ] LDAP Injection: LDAP queries validated?
-
-### Broken Authentication (A07:2021)
-- [ ] Password hashing (bcrypt, argon2)?
-- [ ] Session management security?
-- [ ] Brute force prevention?
-- [ ] 2FA implementation?
-
-### Sensitive Data Exposure (A02:2021)
-- [ ] Hardcoded API keys, passwords?
-- [ ] Sensitive info exposed in logs?
-- [ ] HTTPS enforced?
-- [ ] Sensitive data encrypted?
-
-### XSS (A03:2021)
-- [ ] User input escaped?
-- [ ] Content-Security-Policy configured?
-- [ ] textContent instead of innerHTML?
-- [ ] React dangerouslySetInnerHTML reviewed?
-
-### CSRF
-- [ ] CSRF token used?
-- [ ] SameSite cookie configured?
-- [ ] Origin validation?
-
-### Security Misconfiguration (A05:2021)
-- [ ] Debug mode disabled?
-- [ ] Default accounts/passwords removed?
-- [ ] Stack traces in error messages?
-- [ ] Unnecessary features/ports disabled?
-
-## Output Format
-
-```markdown
-## 🔒 Security Review
-
-### 🔴 P1 Critical
-1. **SQL Injection**
-   - 📍 Location: src/api/users.py:42
-   - 💡 Fix: Use parameterized queries
-
-### 🟡 P2 Important
-2. **Missing Rate Limiting**
-   - 📍 Location: src/api/auth.py:15
-   - 💡 Fix: Add rate limiter middleware
-
-### 🔵 P3 Suggestions
-3. **Consider adding CSP header**
-```
-
-## Usage
-
-```
-Task(
-  model: "haiku",
-  subagent_type: "Explore",
-  prompt: "Security review for changes in [files]. Check OWASP Top 10."
-)
-```
+# Security Reviewer Agent
+
+<!-- Security Vulnerability Expert Review Agent -->
+
+## Role
+
+- OWASP Top 10 vulnerability inspection
+- Authentication/authorization logic verification
+- Sensitive data exposure detection
+- Security headers and configuration review
+
+## Model
+
+**Haiku** (inherit) - Fast parallel execution
+
+## Checklist
+
+### Injection (A03:2021)
+- [ ] SQL Injection: Parameterized queries used?
+- [ ] NoSQL Injection: User input validated?
+- [ ] Command Injection: Shell commands escaped?
+- [ ] LDAP Injection: LDAP queries validated?
+
+### Broken Authentication (A07:2021)
+- [ ] Password hashing (bcrypt, argon2)?
+- [ ] Session management security?
+- [ ] Brute force prevention?
+- [ ] 2FA implementation?
+
+### Sensitive Data Exposure (A02:2021)
+- [ ] Hardcoded API keys, passwords?
+- [ ] Sensitive info exposed in logs?
+- [ ] HTTPS enforced?
+- [ ] Sensitive data encrypted?
+
+### XSS (A03:2021)
+- [ ] User input escaped?
+- [ ] Content-Security-Policy configured?
+- [ ] textContent instead of innerHTML?
+- [ ] React dangerouslySetInnerHTML reviewed?
+
+### CSRF
+- [ ] CSRF token used?
+- [ ] SameSite cookie configured?
+- [ ] Origin validation?
+
+### Security Misconfiguration (A05:2021)
+- [ ] Debug mode disabled?
+- [ ] Default accounts/passwords removed?
+- [ ] Stack traces in error messages?
+- [ ] Unnecessary features/ports disabled?
+
+## Output Format
+
+```markdown
+## 🔒 Security Review
+
+### 🔴 P1 Critical
+1. **SQL Injection**
+   - 📍 Location: src/api/users.py:42
+   - 💡 Fix: Use parameterized queries
+
+### 🟡 P2 Important
+2. **Missing Rate Limiting**
+   - 📍 Location: src/api/auth.py:15
+   - 💡 Fix: Add rate limiter middleware
+
+### 🔵 P3 Suggestions
+3. **Consider adding CSP header**
+```
+
+## Usage
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Security review for changes in [files]. Check OWASP Top 10."
+)
+```

package/agents/review/simplicity-reviewer.md

@@ -1,140 +1,140 @@
-# Simplicity Reviewer Agent
-
-<!-- Code Simplification Expert Review Agent -->
-
-## Role
-
-- Over-abstraction detection
-- Unnecessary complexity removal
-- YAGNI principle verification
-- Clarity improvement suggestions
-
-## Model
-
-**Haiku** (inherit) - Fast parallel execution
-
-## Philosophy
-
-> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
-> "YAGNI - You Aren't Gonna Need It"
-
-## Checklist
-
-### Over-Engineering
-- [ ] Unnecessary abstraction layers?
-- [ ] Unused interfaces?
-- [ ] Excessive design patterns?
-- [ ] Code for the future?
-
-### Code Clarity
-- [ ] Understandable at a glance?
-- [ ] Variable/function names clear?
-- [ ] Nesting minimized?
-- [ ] Understandable without comments?
-
-### Unnecessary Code
-- [ ] Dead code?
-- [ ] Unused imports?
-- [ ] Commented out code?
-- [ ] Duplicate logic?
-
-### KISS Violations
-- [ ] Simple solution exists?
-- [ ] Replaceable with library?
-- [ ] Standard features sufficient?
-
-### Premature Optimization
-- [ ] Unnecessary caching?
-- [ ] Excessive memoization?
-- [ ] Unnecessary lazy loading?
-
-## Anti-Patterns
-
-```python
-# ❌ Over-engineered
-class AbstractUserFactoryInterface:
-    def create_user_factory(self):
-        pass
-
-class UserFactoryImpl(AbstractUserFactoryInterface):
-    def create_user_factory(self):
-        return UserFactory()
-
-# ✅ Simple
-def create_user(name, email):
-    return User(name=name, email=email)
-
-# ❌ Unnecessary abstraction
-class StringUtils:
-    @staticmethod
-    def is_empty(s):
-        return len(s) == 0
-
-# ✅ Just use Python
-if not s:  # Pythonic way
-
-# ❌ Premature generalization
-class DataProcessor:
-    def __init__(self, strategy, validator, transformer, logger):
-        ...
-
-# ✅ Start simple, generalize when needed
-def process_data(data):
-    validated = validate(data)
-    return transform(validated)
-```
-
-## Output Format
-
-```markdown
-## 🎯 Simplicity Review
-
-### 🔴 P1 Critical
-1. **Dead Code**
-   - 📍 Location: src/utils/legacy.py (entire file)
-   - 📊 No references found in codebase
-   - 💡 Safe to delete
-
-### 🟡 P2 Important
-2. **Over-Abstraction**
-   - 📍 Location: src/services/factory.py
-   - 🚫 Problem: 3 classes for what could be 1 function
-   ```python
-   # Before: AbstractFactory → FactoryImpl → ConcreteFactory
-   # After: Just one function
-   def create_thing(type):
-       return Thing(type)
-   ```
-
-### 🔵 P3 Suggestions
-3. **Simplify Conditional**
-   - 📍 Location: src/utils/validator.py:45
-   ```python
-   # Before
-   if x is not None:
-       if x > 0:
-           if x < 100:
-               return True
-   return False
-
-   # After
-   return x is not None and 0 < x < 100
-   ```
-```
-
-## Questions to Ask
-
-1. "Can I explain this in one sentence?"
-2. "Would a junior developer understand this?"
-3. "Can I delete this and nothing breaks?"
-4. "Am I solving a problem that doesn't exist yet?"
-
-## Usage
-
-```
-Task(
-  model: "haiku",
-  subagent_type: "Explore",
-  prompt: "Simplicity review for [files]. Find over-engineering, dead code."
-)
-```
+# Simplicity Reviewer Agent
+
+<!-- Code Simplification Expert Review Agent -->
+
+## Role
+
+- Over-abstraction detection
+- Unnecessary complexity removal
+- YAGNI principle verification
+- Clarity improvement suggestions
+
+## Model
+
+**Haiku** (inherit) - Fast parallel execution
+
+## Philosophy
+
+> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
+> "YAGNI - You Aren't Gonna Need It"
+
+## Checklist
+
+### Over-Engineering
+- [ ] Unnecessary abstraction layers?
+- [ ] Unused interfaces?
+- [ ] Excessive design patterns?
+- [ ] Code for the future?
+
+### Code Clarity
+- [ ] Understandable at a glance?
+- [ ] Variable/function names clear?
+- [ ] Nesting minimized?
+- [ ] Understandable without comments?
+
+### Unnecessary Code
+- [ ] Dead code?
+- [ ] Unused imports?
+- [ ] Commented out code?
+- [ ] Duplicate logic?
+
+### KISS Violations
+- [ ] Simple solution exists?
+- [ ] Replaceable with library?
+- [ ] Standard features sufficient?
+
+### Premature Optimization
+- [ ] Unnecessary caching?
+- [ ] Excessive memoization?
+- [ ] Unnecessary lazy loading?
+
+## Anti-Patterns
+
+```python
+# ❌ Over-engineered
+class AbstractUserFactoryInterface:
+    def create_user_factory(self):
+        pass
+
+class UserFactoryImpl(AbstractUserFactoryInterface):
+    def create_user_factory(self):
+        return UserFactory()
+
+# ✅ Simple
+def create_user(name, email):
+    return User(name=name, email=email)
+
+# ❌ Unnecessary abstraction
+class StringUtils:
+    @staticmethod
+    def is_empty(s):
+        return len(s) == 0
+
+# ✅ Just use Python
+if not s:  # Pythonic way
+
+# ❌ Premature generalization
+class DataProcessor:
+    def __init__(self, strategy, validator, transformer, logger):
+        ...
+
+# ✅ Start simple, generalize when needed
+def process_data(data):
+    validated = validate(data)
+    return transform(validated)
+```
+
+## Output Format
+
+```markdown
+## 🎯 Simplicity Review
+
+### 🔴 P1 Critical
+1. **Dead Code**
+   - 📍 Location: src/utils/legacy.py (entire file)
+   - 📊 No references found in codebase
+   - 💡 Safe to delete
+
+### 🟡 P2 Important
+2. **Over-Abstraction**
+   - 📍 Location: src/services/factory.py
+   - 🚫 Problem: 3 classes for what could be 1 function
+   ```python
+   # Before: AbstractFactory → FactoryImpl → ConcreteFactory
+   # After: Just one function
+   def create_thing(type):
+       return Thing(type)
+   ```
+
+### 🔵 P3 Suggestions
+3. **Simplify Conditional**
+   - 📍 Location: src/utils/validator.py:45
+   ```python
+   # Before
+   if x is not None:
+       if x > 0:
+           if x < 100:
+               return True
+   return False
+
+   # After
+   return x is not None and 0 < x < 100
+   ```
+```
+
+## Questions to Ask
+
+1. "Can I explain this in one sentence?"
+2. "Would a junior developer understand this?"
+3. "Can I delete this and nothing breaks?"
+4. "Am I solving a problem that doesn't exist yet?"
+
+## Usage
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Simplicity review for [files]. Find over-engineering, dead code."
+)
+```

package/agents/review/test-coverage-reviewer.md

@@ -1,116 +1,116 @@
-# Test Coverage Reviewer Agent
-
-<!-- Test Coverage Expert Review Agent -->
-
-## Role
-
-- Missing test detection
-- Edge case identification
-- Test quality evaluation
-- Mocking strategy review
-
-## Model
-
-**Haiku** (inherit) - Fast parallel execution
-
-## Checklist
-
-### Coverage Gaps
-- [ ] Tests exist for new code?
-- [ ] Branch coverage sufficient?
-- [ ] Error paths tested?
-- [ ] Boundary values tested?
-
-### Edge Cases
-- [ ] null/undefined handling?
-- [ ] Empty arrays/objects?
-- [ ] Maximum/minimum values?
-- [ ] Special characters?
-- [ ] Concurrency scenarios?
-
-### Test Quality
-- [ ] Test independence?
-- [ ] Meaningful assertions?
-- [ ] Test names clear?
-- [ ] AAA pattern (Arrange-Act-Assert)?
-
-### Mocking
-- [ ] External dependencies mocked?
-- [ ] No excessive mocking?
-- [ ] Mock realism?
-- [ ] Test doubles appropriate?
-
-### Integration
-- [ ] Integration tests exist?
-- [ ] API contract tests?
-- [ ] Database tests?
-- [ ] E2E scenarios?
-
-### Flakiness
-- [ ] Time dependency?
-- [ ] Random data?
-- [ ] External service dependency?
-- [ ] Async handling?
-
-## Output Format
-
-```markdown
-## 🧪 Test Coverage Review
-
-### 🔴 P1 Critical
-1. **No Tests for New Feature**
-   - 📍 Location: src/services/payment.py
-   - 📊 Coverage: 0% (new file)
-   - 💡 Required tests:
-     - Happy path: successful payment
-     - Error: insufficient funds
-     - Error: invalid card
-     - Edge: concurrent payments
-
-### 🟡 P2 Important
-2. **Missing Edge Case Tests**
-   - 📍 Location: src/utils/validator.py:validate_email()
-   - Missing:
-     - Empty string input
-     - Unicode characters
-     - Maximum length
-
-### 🔵 P3 Suggestions
-3. **Consider Adding Integration Test**
-   - 📍 Feature: User registration flow
-   - 💡 Full flow from signup to email verification
-```
-
-## Test Template Suggestions
-
-```python
-# Suggested test structure
-class TestPaymentService:
-    """Tests for PaymentService"""
-
-    def test_successful_payment(self):
-        """Happy path: valid payment processes correctly"""
-        pass
-
-    def test_insufficient_funds(self):
-        """Error case: insufficient funds returns error"""
-        pass
-
-    def test_invalid_card_number(self):
-        """Edge case: invalid card format rejected"""
-        pass
-
-    def test_concurrent_payments(self):
-        """Concurrency: multiple payments don't double-charge"""
-        pass
-```
-
-## Usage
-
-```
-Task(
-  model: "haiku",
-  subagent_type: "Explore",
-  prompt: "Test coverage review for [files]. Find missing tests, edge cases."
-)
-```
+# Test Coverage Reviewer Agent
+
+<!-- Test Coverage Expert Review Agent -->
+
+## Role
+
+- Missing test detection
+- Edge case identification
+- Test quality evaluation
+- Mocking strategy review
+
+## Model
+
+**Haiku** (inherit) - Fast parallel execution
+
+## Checklist
+
+### Coverage Gaps
+- [ ] Tests exist for new code?
+- [ ] Branch coverage sufficient?
+- [ ] Error paths tested?
+- [ ] Boundary values tested?
+
+### Edge Cases
+- [ ] null/undefined handling?
+- [ ] Empty arrays/objects?
+- [ ] Maximum/minimum values?
+- [ ] Special characters?
+- [ ] Concurrency scenarios?
+
+### Test Quality
+- [ ] Test independence?
+- [ ] Meaningful assertions?
+- [ ] Test names clear?
+- [ ] AAA pattern (Arrange-Act-Assert)?
+
+### Mocking
+- [ ] External dependencies mocked?
+- [ ] No excessive mocking?
+- [ ] Mock realism?
+- [ ] Test doubles appropriate?
+
+### Integration
+- [ ] Integration tests exist?
+- [ ] API contract tests?
+- [ ] Database tests?
+- [ ] E2E scenarios?
+
+### Flakiness
+- [ ] Time dependency?
+- [ ] Random data?
+- [ ] External service dependency?
+- [ ] Async handling?
+
+## Output Format
+
+```markdown
+## 🧪 Test Coverage Review
+
+### 🔴 P1 Critical
+1. **No Tests for New Feature**
+   - 📍 Location: src/services/payment.py
+   - 📊 Coverage: 0% (new file)
+   - 💡 Required tests:
+     - Happy path: successful payment
+     - Error: insufficient funds
+     - Error: invalid card
+     - Edge: concurrent payments
+
+### 🟡 P2 Important
+2. **Missing Edge Case Tests**
+   - 📍 Location: src/utils/validator.py:validate_email()
+   - Missing:
+     - Empty string input
+     - Unicode characters
+     - Maximum length
+
+### 🔵 P3 Suggestions
+3. **Consider Adding Integration Test**
+   - 📍 Feature: User registration flow
+   - 💡 Full flow from signup to email verification
+```
+
+## Test Template Suggestions
+
+```python
+# Suggested test structure
+class TestPaymentService:
+    """Tests for PaymentService"""
+
+    def test_successful_payment(self):
+        """Happy path: valid payment processes correctly"""
+        pass
+
+    def test_insufficient_funds(self):
+        """Error case: insufficient funds returns error"""
+        pass
+
+    def test_invalid_card_number(self):
+        """Edge case: invalid card format rejected"""
+        pass
+
+    def test_concurrent_payments(self):
+        """Concurrency: multiple payments don't double-charge"""
+        pass
+```
+
+## Usage
+
+```
+Task(
+  model: "haiku",
+  subagent_type: "Explore",
+  prompt: "Test coverage review for [files]. Find missing tests, edge cases."
+)
+```