@su-record/vibe 2.7.6 → 2.7.9

package/skills/commit-push-pr/SKILL.md

@@ -5,94 +5,53 @@ triggers: [commit, push, PR, pull request, merge]
 priority: 70
 ---
 
-# Commit-Push-PR — From Commit to PR in One Step
-
-Commit current changes, push to the remote branch, and create a GitHub PR.
+# Commit-Push-PR
 
 ## Pre-checks
 
 ```bash
-# Check current state
-git status
-git diff --stat
-git log --oneline -5
+git status            # What's changed
+git diff --stat       # Review changes
+git log --oneline -5  # Recent commits for style
 ```
 
 ## Workflow
 
 1. Review and stage changed files
-2. Write commit message (Conventional Commits format)
+2. Write commit message (Conventional Commits)
 3. Push to remote branch
 4. Create PR with `gh pr create`
-5. Write PR title/body
 
 ## Commit Message Format
 
 ```
 [type] title (under 50 chars)
 
-body (optional, 72 char line wrap)
-- What was changed
-- Why it was changed
-
-Co-Authored-By: Claude <noreply@anthropic.com>
-```
-
-### Type List
-
-| Type | Description |
-|------|-------------|
-| `feat` | New feature |
-| `fix` | Bug fix |
-| `docs` | Documentation changes |
-| `style` | Formatting (no code changes) |
-| `refactor` | Refactoring |
-| `test` | Add/modify tests |
-| `chore` | Build, config changes |
-| `perf` | Performance improvement |
-
-## Co-Authored-By Rule
-
-Always add for AI-generated/modified code:
+body (optional, 72 char wrap)
 
-```
 Co-Authored-By: Claude <noreply@anthropic.com>
 ```
 
-## Security File Check
+Types: `feat` | `fix` | `docs` | `style` | `refactor` | `test` | `chore` | `perf`
 
-Always verify before committing:
+## Security Checks (CRITICAL)
 
 ```bash
-# Detect sensitive files
+# Before committing — detect sensitive files
 git diff --cached --name-only | grep -E '\.(env|pem|key)$|credentials|secret'
 ```
 
-### Never Commit These Files
-
-| File Pattern | Reason |
-|-------------|--------|
-| `.env`, `.env.local` | Environment variables (contains secrets) |
-| `*.pem`, `*.key` | Certificates/keys |
-| `credentials.json` | Authentication info |
-| `service-account.json` | Service account |
-
-> If any of these files are staged, immediately warn and abort the commit.
-
-## Branch Protection Rules
+**Never commit:** `.env`, `.env.local`, `*.pem`, `*.key`, `credentials.json`, `service-account.json`
 
-### main/master Branch Protection
+> If sensitive files are staged, **immediately warn and abort**.
 
-```bash
-# Check current branch
-git branch --show-current
-```
+## Branch Protection
 
 - **No direct commits/pushes to main/master**
-- If on main/master: recommend creating a new branch and abort
-- **Never** `--force` push (main/master)
+- If on main: create a new branch first
+- **Never** `--force` push to main/master
 
-## PR Creation Format
+## PR Format
 
 ```bash
 gh pr create \
@@ -107,12 +66,10 @@ gh pr create \
 - Test methods and results"
 ```
 
-## git-workflow Rule Integration
-
-This skill follows rules from `.claude/vibe/rules/standards/git-workflow.md`:
-
-- Conventional Commits format
-- PR checklist compliance
-- Prohibited actions (force push, .env commits, etc.)
+## Done Criteria (K4)
 
-> **VIBE tool integration**: `/vibe.review`'s git-history agent automatically validates commit quality
+- [ ] No sensitive files in commit
+- [ ] Commit message follows Conventional Commits
+- [ ] Co-Authored-By line included
+- [ ] Not pushing directly to main/master
+- [ ] PR created with clear description

package/skills/core-capabilities/SKILL.md

@@ -4,161 +4,45 @@ description: "Core framework capabilities overview. Auto-activates when working
 triggers: [core, capabilities, features, workflow, framework guide]
 priority: 50
 ---
-# Core Capabilities
-
-Complete guide to core's scenario-driven development framework.
-
-## Core Workflow
-
-```
-/vibe.spec → /vibe.run → /vibe.verify → /vibe.review
-```
-
-## Slash Commands
-
-| Command | Purpose |
-|---------|---------|
-| `/vibe.spec "feature"` | Create SPEC with PTCF structure + 8 parallel research |
-| `/vibe.spec "feature" split` | Create multiple SPECs for large scope features |
-| `/vibe.run "feature"` | Implement based on SPEC |
-| `/vibe.run "feature" ultrawork` | Maximum performance mode |
-| `/vibe.verify "feature"` | BDD scenario verification |
-| `/vibe.review` | Parallel code review (13+ agents) |
-| `/vibe.analyze` | Project analysis |
-| `/vibe.reason "problem"` | Systematic reasoning |
-| `/vibe.utils --e2e` | Playwright E2E testing |
-| `/vibe.utils --diagram` | Generate diagrams |
-| `/vibe.utils --ui "description"` | UI preview |
-| `/vibe.utils --continue` | Session restore (load previous context) |
-| `/vibe.utils --compound` | Document solutions |
-
-## Built-in Tools
-
-### Semantic Code Analysis
-
-```bash
-node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.TOOL_NAME({...}))"
-```
-
-| Tool | Purpose |
-|------|---------|
-| `findSymbol` | Find symbol definitions |
-| `findReferences` | Find all references |
-| `analyzeComplexity` | Code complexity analysis |
-| `validateCodeQuality` | Quality validation |
-
-### Memory Management
 
-| Tool | Purpose |
-|------|---------|
-| `startSession` | Start session (restore previous context) |
-| `autoSaveContext` | Save current state |
-| `saveMemory` | Save important decisions |
-| `recallMemory` | Recall saved memory |
-| `listMemories` | List saved memories |
-
-## Orchestrator
-
-### Background Agents
-
-```bash
-node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/infra/orchestrator/index.js').then(o =>
-  o.launchBackgroundAgent({ prompt: '...', agentName: '...' })
-)"
-```
+# Core Capabilities
 
-## Multi-LLM Research (v2.5.0)
+## Pre-check (K1)
 
-GPT/Gemini are automatically called within `/vibe.spec`:
+> Need to call VIBE tools directly or understand orchestrator patterns? For slash commands and workflow, check CLAUDE.md first — it covers `/vibe.spec`, `/vibe.run`, `/vibe.review`, etc.
 
-```text
-/vibe.spec "feature"
-      ↓
-[Claude] Draft SPEC
-      ↓
-[Parallel Research] 8 parallel tasks:
-  - 4x Bash: GPT/Gemini (best practices + security)
-  - 4x Task: Claude agents (docs, patterns, advisories)
-      ↓
-[SPEC Review] GPT + Gemini parallel review
-      ↓
-[Claude] Finalize SPEC
-```
+## Direct Tool Invocation (Not in CLAUDE.md)
 
-| Phase | Method | Tasks |
-|-------|--------|-------- |
-| Research | `llm-orchestrate.js` via Bash | GPT best practices, GPT security, Gemini best practices, Gemini security |
-| Research | Task tool (Claude agents) | framework-docs, codebase-patterns, best-practices, security-advisory |
-| SPEC Review | `llm-orchestrate.js` via Bash | SPEC quality validation |
-| Docs | context7 MCP | Latest library documentation |
+Call built-in tools without slash commands:
 
-**Setup:**
 ```bash
-vibe gpt auth       # Enable GPT
-vibe gemini auth    # Enable Gemini
-vibe status         # Check current settings
-```
+# Semantic code analysis
+node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.findSymbol({symbol: 'UserService'}))"
+node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.analyzeComplexity({filePath: 'src/service.ts'}))"
 
-## ULTRAWORK Mode
-
-Add `ultrawork` or `ulw` for maximum performance:
-
-- Parallel subagent exploration (3+ concurrent)
-- Background agents preparing next phase
-- Phase pipelining (no wait between phases)
-- Boulder Loop (auto-progress until complete)
-- Auto-retry on errors (max 3 times)
-- Auto-compress at 70%+ context
-
-## Review Agents (13+)
-
-| Category | Agents |
-|----------|--------|
-| Security | security-reviewer, data-integrity-reviewer |
-| Performance | performance-reviewer, complexity-reviewer |
-| Architecture | architecture-reviewer, simplicity-reviewer |
-| Language | python, typescript, rails, react reviewers |
-| Context | git-history, test-coverage reviewers |
-
-## Project Structure
+# Background agent via orchestrator
+node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/infra/orchestrator/index.js').then(o => o.launchBackgroundAgent({prompt: '...', agentName: '...'}))"
 
+# Parallel research
+node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/infra/orchestrator/index.js').then(o => o.research('topic', ['React']).then(r => console.log(r.content[0].text)))"
 ```
-# Global (~/.claude/)
-~/.claude/
-├── commands/          # Slash commands
-├── agents/            # Sub-agents
-├── skills/            # Auto-activated guides
-└── core/
-    ├── rules/         # Coding rules
-    ├── languages/     # Language guides
-    └── templates/     # Templates
-
-# Global (%APPDATA%/vibe/ or ~/.config/vibe/)
-core/
-├── hooks/scripts/     # Hook scripts (llm-orchestrate.js)
-├── gpt.json           # GPT credentials
-└── gemini.json        # Gemini credentials
 
-# Project (.claude/)
-.claude/
-├── settings.local.json  # Hooks config (personal, gitignored)
-└── core/
-    ├── specs/           # SPEC documents
-    ├── features/        # BDD scenarios
-    ├── config.json      # Project config
-    └── constitution.md  # Project rules
-```
+## Available Tools
 
-## Context Management
+| Category | Tools |
+|----------|-------|
+| Code Analysis | `findSymbol`, `findReferences`, `analyzeComplexity`, `validateCodeQuality` |
+| Memory | `startSession`, `autoSaveContext`, `saveMemory`, `recallMemory`, `listMemories` |
 
-- Session start: Auto-restore previous context
-- 70/80/90%: Auto-save checkpoints
-- Context overflow: Use `saveMemory` → `/new`
+## Context Thresholds
 
-## Without Commands
+| Threshold | Action |
+|-----------|--------|
+| 70% | `autoSaveContext` checkpoint |
+| 80% | Warning + save |
+| 90% | Critical — `saveMemory` → `/new` → `/vibe.utils --continue` |
 
-Even without `/vibe.*` commands, you can:
+## Done Criteria (K4)
 
-1. Call tools directly via node commands
-2. Reference skills for guidance
-3. Apply coding rules from `~/.claude/vibe/rules/` (global)
+- [ ] Tool call executed successfully (non-empty result)
+- [ ] Context saved before reaching 90% threshold

package/skills/e2e-commerce/SKILL.md

@@ -4,301 +4,54 @@ description: "E2E test scenarios for commerce checkout and payment flows"
 triggers: [e2e commerce, checkout test, payment test, order flow test]
 priority: 65
 ---
-# E2E Commerce Test Scenarios
-
-Playwright-based E2E testing for commerce checkout flows.
-
-## When to Use
-
-- After implementing checkout/payment features
-- Before production deployment
-- CI/CD pipeline quality gate
-- Regression testing after changes
-
-## Test Scenarios
-
-### 1. Happy Path - Complete Checkout
-
-```typescript
-// tests/e2e/checkout.spec.ts
-import { test, expect } from '@playwright/test';
-
-test.describe('Checkout Flow', () => {
-  test('complete purchase - happy path', async ({ page }) => {
-    // 1. Add to cart
-    await page.goto('/products/test-product');
-    await page.click('[data-testid="add-to-cart"]');
-    await expect(page.locator('[data-testid="cart-count"]')).toHaveText('1');
-
-    // 2. Go to cart
-    await page.click('[data-testid="cart-icon"]');
-    await expect(page).toHaveURL('/cart');
-
-    // 3. Proceed to checkout
-    await page.click('[data-testid="checkout-button"]');
-    await expect(page).toHaveURL('/checkout');
-
-    // 4. Fill shipping info
-    await page.fill('[name="name"]', 'Test User');
-    await page.fill('[name="phone"]', '010-1234-5678');
-    await page.fill('[name="address"]', 'Test Address 123');
-
-    // 5. Select payment method
-    await page.click('[data-testid="payment-card"]');
-
-    // 6. Complete payment (sandbox/mock)
-    await page.click('[data-testid="pay-button"]');
-
-    // 7. Verify order complete
-    await expect(page).toHaveURL(/\/orders\/\w+/);
-    await expect(page.locator('[data-testid="order-status"]')).toHaveText('결제 완료');
-  });
-});
-```
-
-### 2. Stock Validation
-
-```typescript
-test('prevent checkout when out of stock', async ({ page }) => {
-  // Setup: Product with stock = 1, another user reserves it
-  await page.goto('/products/low-stock-product');
-  await page.click('[data-testid="add-to-cart"]');
-  await page.goto('/checkout');
-
-  // Simulate stock depletion during checkout
-  await page.evaluate(async () => {
-    await fetch('/api/test/deplete-stock', { method: 'POST' });
-  });
-
-  // Attempt payment
-  await page.click('[data-testid="pay-button"]');
-
-  // Should show out of stock error
-  await expect(page.locator('[data-testid="error-message"]'))
-    .toContainText('재고가 부족합니다');
-});
-```
-
-### 3. Payment Failure Handling
-
-```typescript
-test('handle payment failure gracefully', async ({ page }) => {
-  await page.goto('/products/test-product');
-  await page.click('[data-testid="add-to-cart"]');
-  await page.goto('/checkout');
-
-  // Fill form
-  await page.fill('[name="name"]', 'Test User');
-  await page.fill('[name="address"]', 'Test Address');
-
-  // Use test card that triggers failure
-  await page.fill('[name="card-number"]', '4000000000000002'); // Decline card
-  await page.click('[data-testid="pay-button"]');
-
-  // Verify error handling
-  await expect(page.locator('[data-testid="payment-error"]'))
-    .toContainText('결제가 거절되었습니다');
-
-  // Stock should be released
-  await page.goto('/products/test-product');
-  await expect(page.locator('[data-testid="stock-status"]'))
-    .not.toContainText('품절');
-});
-```
-
-### 4. Duplicate Payment Prevention
 
-```typescript
-test('prevent duplicate payment on double click', async ({ page }) => {
-  await page.goto('/checkout');
-  // Fill checkout form...
-
-  // Double click pay button rapidly
-  const payButton = page.locator('[data-testid="pay-button"]');
-  await Promise.all([
-    payButton.click(),
-    payButton.click(),
-  ]);
-
-  // Wait for completion
-  await page.waitForURL(/\/orders\/\w+/);
-
-  // Verify only one order created
-  const orderId = page.url().split('/').pop();
-  const response = await page.request.get(`/api/orders?userId=test`);
-  const orders = await response.json();
-
-  expect(orders.filter(o => o.id === orderId)).toHaveLength(1);
-});
-```
-
-### 5. Coupon Application
-
-```typescript
-test('apply coupon and verify discount', async ({ page }) => {
-  await page.goto('/products/test-product'); // Price: 10,000
-  await page.click('[data-testid="add-to-cart"]');
-  await page.goto('/checkout');
-
-  // Original price
-  await expect(page.locator('[data-testid="total-price"]'))
-    .toHaveText('10,000원');
-
-  // Apply 10% coupon
-  await page.fill('[name="coupon"]', 'DISCOUNT10');
-  await page.click('[data-testid="apply-coupon"]');
-
-  // Verify discount applied
-  await expect(page.locator('[data-testid="discount-amount"]'))
-    .toHaveText('-1,000원');
-  await expect(page.locator('[data-testid="total-price"]'))
-    .toHaveText('9,000원');
-});
-```
-
-### 6. Webhook Resilience
-
-```typescript
-test('order completes even with webhook delay', async ({ page, request }) => {
-  // Configure webhook delay in test environment
-  await request.post('/api/test/configure-webhook', {
-    data: { delay: 5000 } // 5 second delay
-  });
-
-  // Complete checkout
-  await page.goto('/checkout');
-  // ... fill form
-  await page.click('[data-testid="pay-button"]');
-
-  // Should show processing state
-  await expect(page.locator('[data-testid="order-status"]'))
-    .toHaveText('처리 중');
-
-  // Wait for webhook
-  await page.waitForSelector('[data-testid="order-status"]:has-text("결제 완료")', {
-    timeout: 10000
-  });
-});
-```
-
-## CLI Usage
-
-```bash
-# Run all commerce e2e tests
-/vibe.utils --e2e commerce
-
-# Run specific scenario
-/vibe.utils --e2e checkout-flow
-
-# Run with visual recording
-/vibe.utils --e2e commerce --record
-
-# Run against staging
-/vibe.utils --e2e commerce --env staging
-```
-
-## Test Environment Setup
-
-### Mock PG Server
-```typescript
-// tests/mocks/pg-server.ts
-import { setupServer } from 'msw/node';
-import { http, HttpResponse } from 'msw';
-
-export const pgMockServer = setupServer(
-  // Success response
-  http.post('/payments/authorize', () => {
-    return HttpResponse.json({
-      success: true,
-      transactionId: `txn_${Date.now()}`,
-      status: 'AUTHORIZED',
-    });
-  }),
-
-  // Failure simulation
-  http.post('/payments/authorize', ({ request }) => {
-    const body = request.json();
-    if (body.cardNumber === '4000000000000002') {
-      return HttpResponse.json({
-        success: false,
-        error: 'CARD_DECLINED',
-      }, { status: 400 });
-    }
-  }),
-);
-```
-
-### Database Seeding
-```typescript
-// tests/fixtures/commerce.ts
-export async function seedCommerceData(db: Database) {
-  // Create test products
-  await db.products.createMany([
-    { id: 'test-product', name: 'Test Product', price: 10000, stock: 100 },
-    { id: 'low-stock', name: 'Low Stock', price: 5000, stock: 1 },
-  ]);
+# E2E Commerce Test Scenarios
 
-  // Create test coupons
-  await db.coupons.create({
-    code: 'DISCOUNT10',
-    discountPercent: 10,
-    expiresAt: addDays(new Date(), 30),
-  });
-}
-```
+## Pre-check (K1)
 
-## CI/CD Integration
+> Are you testing a checkout/payment/order flow? If testing simple CRUD or non-transactional features, standard E2E patterns suffice — this skill is not needed.
 
-```yaml
-# .github/workflows/e2e.yml
-name: E2E Commerce Tests
+## Must-Test Scenarios
 
-on:
-  pull_request:
-    paths:
-      - 'src/checkout/**'
-      - 'src/payment/**'
-      - 'src/cart/**'
+### P0 — Blocks Deployment
 
-jobs:
-  e2e:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
+| Scenario | What to Verify | Gotcha |
+|----------|---------------|--------|
+| **Happy path checkout** | Cart → Shipping → Payment → Order confirmation | Verify order status text, not just URL change |
+| **Payment failure** | Error message shown, stock released | Check stock is RELEASED after failure, not just error displayed |
+| **Duplicate payment** | Only 1 order created on double-click | `Promise.all([click(), click()])` then verify order count via API |
+| **Out of stock** | Blocks checkout with clear message | Simulate stock depletion mid-checkout via test API |
 
-      - name: Install dependencies
-        run: npm ci
+### P1 — Should Pass
 
-      - name: Start test server
-        run: npm run start:test &
+| Scenario | What to Verify | Gotcha |
+|----------|---------------|--------|
+| **Coupon calculation** | Discount amount and total correct | Test percentage AND fixed amount coupons separately |
+| **Webhook resilience** | Order completes even with delayed webhook | Configure 5s delay, verify processing→complete transition |
+| **Cart merge on login** | Guest cart merged into user cart | User cart takes priority for duplicate items |
+| **Partial refund** | Refunded amount correct, order updated | Verify remaining amount, not just refund event |
 
-      - name: Run E2E tests
-        run: npx playwright test tests/e2e/commerce/
+### P2 — Nice to Have
 
-      - name: Upload test results
-        if: failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: playwright-report
-          path: playwright-report/
-```
+| Scenario | What to Verify |
+|----------|---------------|
+| Multiple payment methods | Each method completes checkout |
+| Guest checkout | Full flow without login |
+| Order cancellation | Refund triggered, stock restored |
 
-## Quality Checklist
+## Test Environment Gotchas
 
-### Must Pass (P0)
-- [ ] Happy path checkout completes
-- [ ] Payment failure releases stock
-- [ ] Duplicate payment prevented
-- [ ] Out of stock blocks checkout
+| Gotcha | Fix |
+|--------|-----|
+| Using real PG sandbox in CI | Use MSW (`setupServer`) for mock PG responses |
+| Flaky tests from timing | Use `waitForSelector`/`waitForURL`, never `sleep` |
+| Test data leaks between tests | Seed in `beforeAll`, clean in `afterAll` |
+| Hardcoded test card numbers | Document: `4000000000000002` = decline |
 
-### Should Pass (P1)
-- [ ] Coupon calculation correct
-- [ ] Webhook retry handled
-- [ ] Cart merge on login works
-- [ ] Partial refund processed
+## Done Criteria (K4)
 
-### Nice to Have (P2)
-- [ ] Multiple payment methods
-- [ ] Guest checkout flow
-- [ ] Order cancellation
-- [ ] Subscription renewal
+- [ ] All P0 scenarios pass in CI
+- [ ] P1 scenarios written and tracked
+- [ ] Test data seeded/cleaned per suite
+- [ ] No flaky tests (no arbitrary waits)
+- [ ] Mock PG server configured for CI