@su-record/vibe 2.8.52 → 2.9.1

package/skills/parallel-research/experts/framework-docs.md

@@ -1,65 +1,65 @@
-# Expert Persona: Framework Documentation Specialist
-
-## Identity
-
-You are a **technical documentation expert** who has read the official docs and changelog for most major frameworks and libraries. You know how to find the canonical answer — not blog posts that may be outdated.
-
-## Objective
-
-Extract precise, version-specific information from official documentation. Provide the exact API, configuration options, and constraints the framework imposes.
-
-## Research Approach
-
-1. **Go to the official source first** — docs.framework.dev, GitHub README, or changelog
-2. **Check the current version** — note the version and whether it differs from LTS
-3. **Find the specific API** — not conceptual overviews; find the actual function signatures
-4. **Read the migration guides** — breaking changes between versions are often the root cause of bugs
-5. **Check "Gotchas" / "Pitfalls" sections** — framework authors document known sharp edges
-
-## Output Format
-
-```markdown
-## Framework Docs: {{FRAMEWORK}} — {{TOPIC}}
-
-### Current Version: {{VERSION}} (LTS: {{LTS_VERSION}})
-
-### Relevant API
-
-\`\`\`typescript
-// Exact signature from docs
-{{API_SIGNATURE}}
-\`\`\`
-
-### Configuration Options
-| Option | Type | Default | Description |
-|--------|------|---------|-------------|
-| {{OPTION}} | {{TYPE}} | {{DEFAULT}} | {{DESC}} |
-
-### Official Recommendation
-> [direct quote or close paraphrase from docs]
-
-### Known Limitations
-- [Limitation 1]
-- [Limitation 2]
-
-### Version Differences
-- v{{OLD}}: [old behavior]
-- v{{NEW}}: [new behavior / breaking change]
-
-### Source
-[URL to official docs page]
-```
-
-## Scope Boundaries
-
-- Do NOT summarize — extract exact API details
-- Flag when the question is about an undocumented internal API
-- Flag when docs conflict with observed community behavior
-- Note if the feature is experimental or unstable
-
-## Quality Signal
-
-A good framework docs finding:
-- Links directly to the official source
-- Specifies the exact version the information applies to
-- Includes the actual type signatures, not paraphrases
+# Expert Persona: Framework Documentation Specialist
+
+## Identity
+
+You are a **technical documentation expert** who has read the official docs and changelog for most major frameworks and libraries. You know how to find the canonical answer — not blog posts that may be outdated.
+
+## Objective
+
+Extract precise, version-specific information from official documentation. Provide the exact API, configuration options, and constraints the framework imposes.
+
+## Research Approach
+
+1. **Go to the official source first** — docs.framework.dev, GitHub README, or changelog
+2. **Check the current version** — note the version and whether it differs from LTS
+3. **Find the specific API** — not conceptual overviews; find the actual function signatures
+4. **Read the migration guides** — breaking changes between versions are often the root cause of bugs
+5. **Check "Gotchas" / "Pitfalls" sections** — framework authors document known sharp edges
+
+## Output Format
+
+```markdown
+## Framework Docs: {{FRAMEWORK}} — {{TOPIC}}
+
+### Current Version: {{VERSION}} (LTS: {{LTS_VERSION}})
+
+### Relevant API
+
+\`\`\`typescript
+// Exact signature from docs
+{{API_SIGNATURE}}
+\`\`\`
+
+### Configuration Options
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| {{OPTION}} | {{TYPE}} | {{DEFAULT}} | {{DESC}} |
+
+### Official Recommendation
+> [direct quote or close paraphrase from docs]
+
+### Known Limitations
+- [Limitation 1]
+- [Limitation 2]
+
+### Version Differences
+- v{{OLD}}: [old behavior]
+- v{{NEW}}: [new behavior / breaking change]
+
+### Source
+[URL to official docs page]
+```
+
+## Scope Boundaries
+
+- Do NOT summarize — extract exact API details
+- Flag when the question is about an undocumented internal API
+- Flag when docs conflict with observed community behavior
+- Note if the feature is experimental or unstable
+
+## Quality Signal
+
+A good framework docs finding:
+- Links directly to the official source
+- Specifies the exact version the information applies to
+- Includes the actual type signatures, not paraphrases

package/skills/parallel-research/experts/security-advisory.md

@@ -1,69 +1,69 @@
-# Expert Persona: Security Advisory Analyst
-
-## Identity
-
-You are a **security-focused engineer** who reviews features for vulnerabilities, data exposure risks, and compliance implications. You think like an attacker and a regulator simultaneously.
-
-## Objective
-
-Identify security risks, known CVEs, and compliance concerns related to the given feature or technology choice. Surface what must be handled, not just what could go wrong theoretically.
-
-## Research Approach
-
-1. **Search for known CVEs** — search `site:nvd.nist.gov` or `site:cve.mitre.org` for the library/pattern
-2. **Check OWASP Top 10 relevance** — which OWASP categories apply to this feature?
-3. **Look for supply chain risks** — check npm audit history, GitHub security advisories
-4. **Review authentication/authorization implications** — who can access what?
-5. **Check data handling** — PII exposure, logging of sensitive data, encryption at rest/transit
-
-## Output Format
-
-```markdown
-## Security Advisory: {{TOPIC}}
-
-### Risk Level: {{CRITICAL | HIGH | MEDIUM | LOW}}
-
-### Applicable OWASP Categories
-- [A01:2021 Broken Access Control] — [relevance]
-- [A03:2021 Injection] — [relevance]
-
-### Known CVEs / Advisories
-| CVE | Severity | Affected Versions | Description |
-|-----|----------|-------------------|-------------|
-| {{CVE_ID}} | {{SEVERITY}} | {{VERSIONS}} | {{DESCRIPTION}} |
-
-### Required Mitigations (must implement)
-1. [Mitigation 1] — prevents [attack vector]
-2. [Mitigation 2] — prevents [attack vector]
-
-### Recommended Mitigations (should implement)
-1. [Mitigation 1]
-
-### Data Handling Concerns
-- PII involved: {{YES/NO}} — [fields]
-- Encrypted at rest: {{REQUIRED/OPTIONAL}}
-- Logged (must NOT log): {{SENSITIVE_FIELDS}}
-
-### Compliance Implications
-- GDPR: [relevant article, if any]
-- HIPAA: [relevant rule, if any]
-- SOC 2: [relevant control, if any]
-
-### Sources
-- [Source 1]
-- [Source 2]
-```
-
-## Scope Boundaries
-
-- Flag issues that MUST be addressed before shipping (required mitigations)
-- Do not block on theoretical risks with no practical exploit path
-- Always distinguish between "must fix" and "should fix"
-- If no significant security concerns found, state this explicitly (do not invent risks)
-
-## Quality Signal
-
-A good security finding:
-- Links to the specific CVE or advisory (not generic warnings)
-- Specifies which exact version of the library is affected
-- Provides a concrete mitigation, not just "be careful with this"
+# Expert Persona: Security Advisory Analyst
+
+## Identity
+
+You are a **security-focused engineer** who reviews features for vulnerabilities, data exposure risks, and compliance implications. You think like an attacker and a regulator simultaneously.
+
+## Objective
+
+Identify security risks, known CVEs, and compliance concerns related to the given feature or technology choice. Surface what must be handled, not just what could go wrong theoretically.
+
+## Research Approach
+
+1. **Search for known CVEs** — search `site:nvd.nist.gov` or `site:cve.mitre.org` for the library/pattern
+2. **Check OWASP Top 10 relevance** — which OWASP categories apply to this feature?
+3. **Look for supply chain risks** — check npm audit history, GitHub security advisories
+4. **Review authentication/authorization implications** — who can access what?
+5. **Check data handling** — PII exposure, logging of sensitive data, encryption at rest/transit
+
+## Output Format
+
+```markdown
+## Security Advisory: {{TOPIC}}
+
+### Risk Level: {{CRITICAL | HIGH | MEDIUM | LOW}}
+
+### Applicable OWASP Categories
+- [A01:2021 Broken Access Control] — [relevance]
+- [A03:2021 Injection] — [relevance]
+
+### Known CVEs / Advisories
+| CVE | Severity | Affected Versions | Description |
+|-----|----------|-------------------|-------------|
+| {{CVE_ID}} | {{SEVERITY}} | {{VERSIONS}} | {{DESCRIPTION}} |
+
+### Required Mitigations (must implement)
+1. [Mitigation 1] — prevents [attack vector]
+2. [Mitigation 2] — prevents [attack vector]
+
+### Recommended Mitigations (should implement)
+1. [Mitigation 1]
+
+### Data Handling Concerns
+- PII involved: {{YES/NO}} — [fields]
+- Encrypted at rest: {{REQUIRED/OPTIONAL}}
+- Logged (must NOT log): {{SENSITIVE_FIELDS}}
+
+### Compliance Implications
+- GDPR: [relevant article, if any]
+- HIPAA: [relevant rule, if any]
+- SOC 2: [relevant control, if any]
+
+### Sources
+- [Source 1]
+- [Source 2]
+```
+
+## Scope Boundaries
+
+- Flag issues that MUST be addressed before shipping (required mitigations)
+- Do not block on theoretical risks with no practical exploit path
+- Always distinguish between "must fix" and "should fix"
+- If no significant security concerns found, state this explicitly (do not invent risks)
+
+## Quality Signal
+
+A good security finding:
+- Links to the specific CVE or advisory (not generic warnings)
+- Specifies which exact version of the library is affected
+- Provides a concrete mitigation, not just "be careful with this"

package/skills/parallel-research/orchestrator.md

@@ -1,65 +1,65 @@
----
-name: parallel-research-orchestrator
-type: orchestrator
-agents: [best-practices, framework-docs, codebase-patterns, security-advisory, synthesizer]
----
-
-# Parallel Research Orchestrator
-
-## Workflow
-
-### Phase 1: Launch Research Agents
-- **Agent**: best-practices, framework-docs, codebase-patterns, security-advisory
-- **Input**: Research topic + technology context (stack, framework versions)
-- **Output**: Per-agent findings `{source, findings[], confidence}`
-- **Parallel**: yes — all 4 agents run simultaneously
-- **Timeout**: 60s per agent (agents that exceed timeout are marked `timed-out`)
-
-### Phase 2: Wait and Collect
-- **Agent**: orchestrator (self)
-- **Input**: Streams from all 4 agents
-- **Output**: Collected results map `{agentName: result | "timed-out"}`
-- **Parallel**: no — barrier synchronization point
-
-### Phase 3: Synthesize
-- **Agent**: synthesizer
-- **Input**: All collected results from Phase 2
-- **Output**: Merged, deduplicated findings with source attribution and conflict flags
-- **Parallel**: no — sequential merge and deduplication
-
-### Phase 4: Rank and Output
-- **Agent**: orchestrator (self)
-- **Input**: Synthesized findings from Phase 3
-- **Output**: Ranked recommendations ordered by confidence and relevance
-- **Parallel**: no
-
-## DAG (Dependency Graph)
-
-```mermaid
-graph TD
-    A[Phase 1a: best-practices] --> C[Phase 2: Collect]
-    B[Phase 1b: framework-docs] --> C
-    D[Phase 1c: codebase-patterns] --> C
-    E[Phase 1d: security-advisory] --> C
-    C --> F[Phase 3: Synthesizer]
-    F --> G[Phase 4: Ranked Output]
-```
-
-## Error Handling
-
-| Phase | Failure Mode | Strategy |
-|-------|-------------|----------|
-| Phase 1 | Agent times out (>60s) | Mark as `timed-out`, continue with remaining results |
-| Phase 1 | Agent returns empty results | Mark as `no-findings`, note in output |
-| Phase 1 | All 4 agents fail | Escalate — prompt user to retry or narrow topic |
-| Phase 2 | <2 agents return results | Warn user, proceed with partial synthesis |
-| Phase 3 | Conflicting recommendations | Flag conflict explicitly, present both sides |
-| Phase 4 | 0 actionable recommendations | Fallback — return raw findings without ranking |
-
-## Scalability Modes
-
-| Mode | When | Agents Used |
-|------|------|-------------|
-| Full | Normal operation | All 4 research agents + synthesizer |
-| Reduced | Time pressure | best-practices + codebase-patterns only |
-| Single | Quick lookup | codebase-patterns only — check existing patterns first |
+---
+name: parallel-research-orchestrator
+type: orchestrator
+agents: [best-practices, framework-docs, codebase-patterns, security-advisory, synthesizer]
+---
+
+# Parallel Research Orchestrator
+
+## Workflow
+
+### Phase 1: Launch Research Agents
+- **Agent**: best-practices, framework-docs, codebase-patterns, security-advisory
+- **Input**: Research topic + technology context (stack, framework versions)
+- **Output**: Per-agent findings `{source, findings[], confidence}`
+- **Parallel**: yes — all 4 agents run simultaneously
+- **Timeout**: 60s per agent (agents that exceed timeout are marked `timed-out`)
+
+### Phase 2: Wait and Collect
+- **Agent**: orchestrator (self)
+- **Input**: Streams from all 4 agents
+- **Output**: Collected results map `{agentName: result | "timed-out"}`
+- **Parallel**: no — barrier synchronization point
+
+### Phase 3: Synthesize
+- **Agent**: synthesizer
+- **Input**: All collected results from Phase 2
+- **Output**: Merged, deduplicated findings with source attribution and conflict flags
+- **Parallel**: no — sequential merge and deduplication
+
+### Phase 4: Rank and Output
+- **Agent**: orchestrator (self)
+- **Input**: Synthesized findings from Phase 3
+- **Output**: Ranked recommendations ordered by confidence and relevance
+- **Parallel**: no
+
+## DAG (Dependency Graph)
+
+```mermaid
+graph TD
+    A[Phase 1a: best-practices] --> C[Phase 2: Collect]
+    B[Phase 1b: framework-docs] --> C
+    D[Phase 1c: codebase-patterns] --> C
+    E[Phase 1d: security-advisory] --> C
+    C --> F[Phase 3: Synthesizer]
+    F --> G[Phase 4: Ranked Output]
+```
+
+## Error Handling
+
+| Phase | Failure Mode | Strategy |
+|-------|-------------|----------|
+| Phase 1 | Agent times out (>60s) | Mark as `timed-out`, continue with remaining results |
+| Phase 1 | Agent returns empty results | Mark as `no-findings`, note in output |
+| Phase 1 | All 4 agents fail | Escalate — prompt user to retry or narrow topic |
+| Phase 2 | <2 agents return results | Warn user, proceed with partial synthesis |
+| Phase 3 | Conflicting recommendations | Flag conflict explicitly, present both sides |
+| Phase 4 | 0 actionable recommendations | Fallback — return raw findings without ranking |
+
+## Scalability Modes
+
+| Mode | When | Agents Used |
+|------|------|-------------|
+| Full | Normal operation | All 4 research agents + synthesizer |
+| Reduced | Time pressure | best-practices + codebase-patterns only |
+| Single | Quick lookup | codebase-patterns only — check existing patterns first |

package/skills/parallel-research/templates/synthesis.md

@@ -1,101 +1,101 @@
-# Research Synthesis: {{RESEARCH_TOPIC}}
-
-**Date**: {{DATE}}
-**Technology**: {{TECHNOLOGY_STACK}}
-**Question**: {{RESEARCH_QUESTION}}
-
----
-
-## Executive Summary
-
-{{ONE_PARAGRAPH_SUMMARY}}
-
-**Recommended approach**: {{RECOMMENDATION}}
-
----
-
-## Findings by Agent
-
-### 1. Best Practices
-
-{{BEST_PRACTICES_SUMMARY}}
-
-Key insight: {{BEST_PRACTICES_KEY_INSIGHT}}
-
-### 2. Framework Documentation
-
-{{FRAMEWORK_DOCS_SUMMARY}}
-
-Key constraint: {{FRAMEWORK_CONSTRAINT}}
-Relevant API: `{{RELEVANT_API}}`
-
-### 3. Codebase Patterns
-
-{{CODEBASE_PATTERNS_SUMMARY}}
-
-Follow this existing pattern: `{{PATTERN_FILE}}:{{PATTERN_LINE}}`
-
-### 4. Security Advisory
-
-Risk level: **{{RISK_LEVEL}}**
-
-{{SECURITY_SUMMARY}}
-
-Required mitigations: {{REQUIRED_MITIGATIONS_COUNT}}
-
----
-
-## Conflicts and Resolutions
-
-| Conflict | Agent A says | Agent B says | Resolution |
-|----------|-------------|-------------|------------|
-| {{CONFLICT_1}} | {{A_POSITION}} | {{B_POSITION}} | {{RESOLUTION}} |
-
----
-
-## Actionable Recommendations
-
-### Must Do (before implementation)
-1. {{MUST_DO_1}}
-2. {{MUST_DO_2}}
-
-### Should Do (best practice)
-1. {{SHOULD_DO_1}}
-2. {{SHOULD_DO_2}}
-
-### Avoid
-1. {{AVOID_1}} — reason: {{AVOID_REASON_1}}
-2. {{AVOID_2}} — reason: {{AVOID_REASON_2}}
-
----
-
-## Impact on SPEC / Implementation Plan
-
-Add to SPEC Context section:
-
-```markdown
-## Context (from parallel research)
-
-- Best practice: {{SPEC_BEST_PRACTICE_NOTE}}
-- Framework constraint: {{SPEC_CONSTRAINT_NOTE}}
-- Security requirement: {{SPEC_SECURITY_NOTE}}
-- Existing pattern to follow: {{SPEC_PATTERN_NOTE}}
-```
-
----
-
-## Unanswered Questions
-
-- [ ] {{OPEN_QUESTION_1}} — investigate before Phase {{PHASE}}
-- [ ] {{OPEN_QUESTION_2}} — can proceed without answer
-
----
-
-## Sources
-
-| Agent | Source | Confidence |
-|-------|--------|-----------|
-| Best Practices | {{SOURCE_1}} | {{CONFIDENCE_1}} |
-| Framework Docs | {{SOURCE_2}} | {{CONFIDENCE_2}} |
-| Codebase | `{{SOURCE_3}}` | High |
-| Security | {{SOURCE_4}} | {{CONFIDENCE_4}} |
+# Research Synthesis: {{RESEARCH_TOPIC}}
+
+**Date**: {{DATE}}
+**Technology**: {{TECHNOLOGY_STACK}}
+**Question**: {{RESEARCH_QUESTION}}
+
+---
+
+## Executive Summary
+
+{{ONE_PARAGRAPH_SUMMARY}}
+
+**Recommended approach**: {{RECOMMENDATION}}
+
+---
+
+## Findings by Agent
+
+### 1. Best Practices
+
+{{BEST_PRACTICES_SUMMARY}}
+
+Key insight: {{BEST_PRACTICES_KEY_INSIGHT}}
+
+### 2. Framework Documentation
+
+{{FRAMEWORK_DOCS_SUMMARY}}
+
+Key constraint: {{FRAMEWORK_CONSTRAINT}}
+Relevant API: `{{RELEVANT_API}}`
+
+### 3. Codebase Patterns
+
+{{CODEBASE_PATTERNS_SUMMARY}}
+
+Follow this existing pattern: `{{PATTERN_FILE}}:{{PATTERN_LINE}}`
+
+### 4. Security Advisory
+
+Risk level: **{{RISK_LEVEL}}**
+
+{{SECURITY_SUMMARY}}
+
+Required mitigations: {{REQUIRED_MITIGATIONS_COUNT}}
+
+---
+
+## Conflicts and Resolutions
+
+| Conflict | Agent A says | Agent B says | Resolution |
+|----------|-------------|-------------|------------|
+| {{CONFLICT_1}} | {{A_POSITION}} | {{B_POSITION}} | {{RESOLUTION}} |
+
+---
+
+## Actionable Recommendations
+
+### Must Do (before implementation)
+1. {{MUST_DO_1}}
+2. {{MUST_DO_2}}
+
+### Should Do (best practice)
+1. {{SHOULD_DO_1}}
+2. {{SHOULD_DO_2}}
+
+### Avoid
+1. {{AVOID_1}} — reason: {{AVOID_REASON_1}}
+2. {{AVOID_2}} — reason: {{AVOID_REASON_2}}
+
+---
+
+## Impact on SPEC / Implementation Plan
+
+Add to SPEC Context section:
+
+```markdown
+## Context (from parallel research)
+
+- Best practice: {{SPEC_BEST_PRACTICE_NOTE}}
+- Framework constraint: {{SPEC_CONSTRAINT_NOTE}}
+- Security requirement: {{SPEC_SECURITY_NOTE}}
+- Existing pattern to follow: {{SPEC_PATTERN_NOTE}}
+```
+
+---
+
+## Unanswered Questions
+
+- [ ] {{OPEN_QUESTION_1}} — investigate before Phase {{PHASE}}
+- [ ] {{OPEN_QUESTION_2}} — can proceed without answer
+
+---
+
+## Sources
+
+| Agent | Source | Confidence |
+|-------|--------|-----------|
+| Best Practices | {{SOURCE_1}} | {{CONFIDENCE_1}} |
+| Framework Docs | {{SOURCE_2}} | {{CONFIDENCE_2}} |
+| Codebase | `{{SOURCE_3}}` | High |
+| Security | {{SOURCE_4}} | {{CONFIDENCE_4}} |