@su-record/vibe 2.9.2 → 2.9.3

package/hooks/scripts/figma-guard.js

@@ -0,0 +1,220 @@
+#!/usr/bin/env node
+/**
+ * Figma Guard — vibe.figma 작업 시 스킬 우회 차단
+ *
+ * 차단 대상:
+ *   1. /tmp/{feature}/ 하위에 자체 정제/생성 스크립트(.mjs/.js) 작성
+ *      → figma-refine.js / figma-to-scss.js 호출하라고 차단
+ *   2. SCSS 파일을 직접 작성 (figma-to-scss.js 호출 흔적 없이)
+ *   3. Vue/React <style> 블록에 figma 관련 SCSS 클래스 직접 작성
+ *
+ * 작동 조건:
+ *   - tool: Write 또는 Edit
+ *   - file_path가 figma 작업 컨텍스트에 해당
+ *
+ * Exit codes:
+ *   0 — 통과
+ *   2 — 차단
+ */
+
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+// ─── stdin 읽기 ─────────────────────────────────────────────────────
+
+function readStdinSync() {
+  try {
+    if (process.stdin.isTTY) return null;
+    const fd = fs.openSync('/dev/stdin', 'r');
+    const buf = Buffer.alloc(1024 * 1024); // 1MB
+    const bytesRead = fs.readSync(fd, buf, 0, buf.length, null);
+    fs.closeSync(fd);
+    if (bytesRead > 0) {
+      return JSON.parse(buf.toString('utf-8', 0, bytesRead));
+    }
+  } catch { /* fallback */ }
+  return null;
+}
+
+// ─── 검사 1: /tmp/{feature}/ 자체 작성 스크립트 ─────────────────────
+
+const FORBIDDEN_TMP_SCRIPT_PATTERNS = [
+  /\/tmp\/[^/]+\/refine[\w-]*\.(mjs|js)$/i,
+  /\/tmp\/[^/]+\/.*sections.*\.(mjs|js)$/i,
+  /\/tmp\/[^/]+\/.*to-scss.*\.(mjs|js)$/i,
+  /\/tmp\/[^/]+\/.*generate-scss.*\.(mjs|js)$/i,
+  /\/tmp\/[^/]+\/analyze-tree\.(mjs|js)$/i,
+  /\/tmp\/[^/]+\/analyze-section\.(mjs|js)$/i,
+];
+
+function checkForbiddenTmpScript(filePath) {
+  if (!filePath) return null;
+  for (const pattern of FORBIDDEN_TMP_SCRIPT_PATTERNS) {
+    if (pattern.test(filePath)) {
+      return {
+        block: true,
+        reason: `자체 작성 figma 스크립트 금지: ${path.basename(filePath)}`,
+        suggestion: 'figma-refine.js / figma-to-scss.js / figma-validate.js 사용. ' +
+                    '결과가 마음에 안 들면 ~/.vibe/hooks/scripts/figma-*.js 자체를 수정하세요.'
+      };
+    }
+  }
+  return null;
+}
+
+// ─── 검사 2: SCSS 직접 작성 ─────────────────────────────────────────
+
+/**
+ * Figma 작업 컨텍스트인지 판단:
+ *   - 현재 작업 디렉토리 또는 file_path에 figma 관련 흔적이 있어야 함
+ *   - /tmp/ 하위에 sections.json이 존재 → 활성 figma 작업으로 판단
+ */
+function isFigmaContext() {
+  try {
+    const tmpDirs = fs.readdirSync('/tmp', { withFileTypes: true });
+    for (const entry of tmpDirs) {
+      if (!entry.isDirectory()) continue;
+      const moSections = path.join('/tmp', entry.name, 'mo-main', 'sections.json');
+      const pcSections = path.join('/tmp', entry.name, 'pc-main', 'sections.json');
+      if (fs.existsSync(moSections) || fs.existsSync(pcSections)) {
+        return { active: true, feature: entry.name };
+      }
+    }
+  } catch { /* ignore */ }
+  return { active: false };
+}
+
+/**
+ * SCSS 파일 작성 시도 검사
+ */
+function checkScssWrite(filePath, content) {
+  if (!filePath) return null;
+  if (!filePath.endsWith('.scss')) return null;
+
+  // figma 컨텍스트가 아니면 통과
+  const ctx = isFigmaContext();
+  if (!ctx.active) return null;
+
+  // 자동 생성 표시 코멘트 있으면 통과
+  if (typeof content === 'string' && content.includes('Auto-generated from sections.json')) {
+    return null;
+  }
+
+  // 빈 파일 또는 @import만 있는 경우 통과
+  if (typeof content === 'string') {
+    const meaningfulLines = content
+      .split('\n')
+      .map(l => l.trim())
+      .filter(l => l && !l.startsWith('//') && !l.startsWith('/*'));
+    const hasOnlyImports = meaningfulLines.every(l =>
+      l.startsWith('@import') || l.startsWith('@use') || l.startsWith('@forward')
+    );
+    if (hasOnlyImports) return null;
+  }
+
+  return {
+    block: true,
+    reason: `SCSS 직접 작성 금지: ${filePath}`,
+    suggestion: `figma-to-scss.js로 생성하세요:\n` +
+                `  node ~/.vibe/hooks/scripts/figma-to-scss.js \\\n` +
+                `    /tmp/${ctx.feature}/{bp}-main/sections.json \\\n` +
+                `    --out=$(dirname ${filePath})`
+  };
+}
+
+// ─── 검사 3: Vue/React <style> 블록에 CSS 값 작성 ───────────────────
+
+function checkVueStyleBlock(filePath, content) {
+  if (!filePath) return null;
+  if (!/\.(vue|jsx|tsx)$/.test(filePath)) return null;
+
+  const ctx = isFigmaContext();
+  if (!ctx.active) return null;
+
+  // 파일 경로에 feature 이름이 있는지 확인
+  if (!filePath.includes(ctx.feature)) return null;
+
+  if (typeof content !== 'string') return null;
+
+  // <style ...> ... </style> 블록 추출
+  const styleBlocks = content.match(/<style[^>]*>([\s\S]*?)<\/style>/g);
+  if (!styleBlocks || styleBlocks.length === 0) return null;
+
+  for (const block of styleBlocks) {
+    const inner = block.replace(/<style[^>]*>/, '').replace(/<\/style>/, '');
+    const meaningfulLines = inner
+      .split('\n')
+      .map(l => l.trim())
+      .filter(l => l && !l.startsWith('//') && !l.startsWith('/*'));
+
+    // @import / @use 만 있으면 통과
+    const hasOnlyImports = meaningfulLines.every(l =>
+      l.startsWith('@import') || l.startsWith('@use') || l.startsWith('@forward')
+    );
+    if (hasOnlyImports) continue;
+
+    // CSS 값으로 보이는 라인 검출 (px, rem, color, flex 등)
+    const hasCssValue = meaningfulLines.some(l =>
+      /:\s*[^;]*(?:px|rem|em|%|vh|vw|#[0-9a-fA-F]|rgba?\(|flex|grid|absolute|relative|inherit)/.test(l)
+    );
+    if (hasCssValue) {
+      return {
+        block: true,
+        reason: `Vue/React <style> 블록에 CSS 직접 작성 금지: ${path.basename(filePath)}`,
+        suggestion: `<style> 블록은 @import만 허용:\n` +
+                    `  <style lang="scss" scoped>\n` +
+                    `  @import '~/assets/scss/${ctx.feature}/index.scss';\n` +
+                    `  </style>`
+      };
+    }
+  }
+
+  return null;
+}
+
+// ─── 메인 ───────────────────────────────────────────────────────────
+
+const stdinPayload = readStdinSync();
+if (!stdinPayload) {
+  process.exit(0);
+}
+
+const toolName = stdinPayload.tool_name || '';
+const toolInput = stdinPayload.tool_input || {};
+
+// Write 또는 Edit만 검사
+if (toolName !== 'Write' && toolName !== 'Edit') {
+  process.exit(0);
+}
+
+const filePath = toolInput.file_path || '';
+const content = toolInput.content || toolInput.new_string || '';
+
+// 3단계 검사
+const checks = [
+  checkForbiddenTmpScript(filePath),
+  checkScssWrite(filePath, content),
+  checkVueStyleBlock(filePath, content),
+];
+
+const violations = checks.filter(c => c !== null);
+
+if (violations.length === 0) {
+  process.exit(0);
+}
+
+// 차단
+const messages = ['🚫 FIGMA GUARD: 스킬 규칙 위반'];
+for (const v of violations) {
+  messages.push('');
+  messages.push(`  ${v.reason}`);
+  messages.push(`  💡 ${v.suggestion}`);
+}
+messages.push('');
+messages.push('⛔ vibe.figma 작업 중에는 스크립트 파이프라인을 우회하지 마세요.');
+messages.push('   ~/.vibe/hooks/scripts/figma-{refine,to-scss,validate}.js만 사용.');
+
+// PreToolUse hook은 stderr 출력 + exit 2로 차단
+console.error(messages.join('\n'));
+process.exit(2);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@su-record/vibe",
-  "version": "2.9.2",
+  "version": "2.9.3",
   "description": "AI Coding Framework for Claude Code — 56 agents, 45 skills, multi-LLM orchestration",
   "type": "module",
   "main": "dist/cli/index.js",

package/skills/arch-guard/SKILL.md

@@ -178,4 +178,4 @@ The test generator reads this file and adds custom rules to the test suite.
 - `vibe init` → auto-detect and generate initial arch-guard tests
 - `vibe update` → refresh rules if directory structure changed
 - Pre-commit hook → run arch-guard tests before commit
-- `/vibe.review` → architecture-reviewer checks against arch-rules.json
+- `vibe.review` (skill) → architecture-reviewer checks against arch-rules.json

package/skills/capability-loop/SKILL.md

@@ -107,6 +107,92 @@ Based on classification, build the appropriate artifact:
 4. If the capability is a test, verify it FAILS without the fix
 ```
 
+**Termination branches:**
+- ✅ **Capability prevents the failure** → Step 5 PERSIST
+- ❌ **Capability does NOT prevent the failure** → Step 4.5 ESCALATE (re-diagnose or ask user)
+
+### Step 4.5: ESCALATE — When VERIFY Fails
+
+> **Problem**: The built capability didn't actually prevent the failure. This usually means the initial diagnosis was wrong (picked `Tool` when it needed `Guardrail`), or the failure has multiple missing capabilities.
+>
+> **Do NOT silently proceed** — a sub-standard capability log pollutes `.claude/vibe/capabilities-log.md` and the failure will recur.
+
+**Escalation loop:**
+
+```python
+tried = [current_diagnosis.category]  # e.g., ["Tool"]
+
+while True:
+    # Re-diagnose excluding already-tried categories
+    next_diagnosis = diagnose(failure, exclude=tried)
+
+    if next_diagnosis is None:
+        # All 5 categories (Tool/Guardrail/Abstraction/Documentation/Feedback) exhausted
+        escalate_to_user(failure, tried)
+        break
+
+    if next_diagnosis.category in tried:
+        # Stuck: diagnose keeps returning the same category
+        escalate_to_user(failure, tried)
+        break
+
+    tried.append(next_diagnosis.category)
+    capability = build(next_diagnosis)
+
+    if verify(capability, failure):
+        persist(capability)
+        return  # Success — go to Step 5
+
+    # Still failing — next iteration
+```
+
+**User escalation prompt (interactive mode):**
+
+```
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+⚠️ CAPABILITY LOOP STUCK
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Failure: {original failure description}
+
+Tried capabilities (all failed to prevent the failure):
+  ❌ Tool: {what was built, why it didn't work}
+  ❌ Guardrail: {what was built, why it didn't work}
+  ❌ Documentation: {what was built, why it didn't work}
+
+Automated diagnosis has run out of angles. This failure may require
+human judgment (process issue, cross-category solution, or external factor).
+
+How would you like to proceed?
+  1. Suggest a different angle (e.g., "this is a process issue", "needs Tool+Guardrail combination")
+     → Attempt custom approach per user instruction, then enter next verify
+  2. "manual" — resolve this failure via manual intervention, end capability loop
+     (record "escalated to manual" in capabilities-log.md)
+  3. "abort" — give up, record failure only
+     (record "diagnosis exhausted" in capabilities-log.md, do not halt the rest of the workflow)
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+```
+
+**ultrawork mode exception:**
+
+```python
+if ultrawork_mode:
+    # Skip user prompt: try all 5 categories in sequence, record final state
+    all_tried_exhausted = exhaust_all_categories(failure, tried)
+    record_failure_to_log(
+        status="diagnosis_exhausted",
+        tried=all_tried_exhausted,
+        failure=failure
+    )
+    return  # Proceed without blocking downstream workflow
+```
+
+**Rollback of failed builds:**
+
+- Each failed capability build should be rolled back before trying the next category (unless it's non-destructive documentation).
+- For code additions (tool/guardrail/abstraction): `git checkout -- {files}` or delete created files.
+- For docs-only additions: leave in place (low risk) but note in escalation prompt.
+
 ### Step 5: PERSIST — Record for Future Reference
 
 Save the capability-building decision:
@@ -126,11 +212,14 @@ Update `.claude/vibe/capabilities-log.md`:
 ```markdown
 ## {date} — {capability-name}
 
+**Status**: resolved | escalated_to_manual | diagnosis_exhausted
 **Failure**: {what happened}
 **Missing**: {what capability was absent}
-**Built**: {what was created}
+**Tried**: {list of categories attempted, e.g., [Tool, Guardrail]}
+**Built**: {what was created (if resolved)}
 **Files**: {list}
-**Prevents**: {what class of failures this prevents}
+**Prevents**: {what class of failures this prevents (if resolved)}
+**Notes**: {for escalated/exhausted — what the user decided or what remains unsolved}
 ```
 
 ## Decision Tree
@@ -152,6 +241,21 @@ Agent failed
     │
     └─ Did the agent not KNOW it was wrong?
         YES → Build feedback (types/errors/tests)
+
+    ↓
+VERIFY: Does the built capability actually prevent the failure?
+    │
+    ├─ YES → PERSIST (log as "resolved")
+    │
+    └─ NO  → ESCALATE (Step 4.5)
+              │
+              ├─ Other categories untried? → Re-diagnose with exclusion list
+              │                              → BUILD next category → VERIFY
+              │
+              └─ All categories tried OR same diagnosis loops:
+                   │
+                   ├─ Interactive: Ask user (custom angle / manual / abort)
+                   └─ ultrawork: Auto-record "diagnosis_exhausted" → continue
 ```
 
 ## Anti-patterns

package/skills/chub-usage/SKILL.md

@@ -1,86 +1,86 @@
 ---
 name: chub-usage
 tier: optional
-description: "Context Hub (chub) — 검수된 최신 API 문서 조회. 외부 API/SDK 코드 작성 시 training data 대신 최신 문서를 기반으로 정확한 코드 작성."
+description: "Context Hub (chub) — fetch vetted, up-to-date API documentation. Write accurate code based on the latest docs instead of training data when working with external APIs/SDKs."
 triggers: [chub, context hub, API docs, latest API, deprecated API, SDK documentation, api reference, 최신 문서]
 priority: 65
 ---
 
 # Context Hub (chub) Usage
 
-외부 API/SDK 코드 작성 전 검수된 최신 문서를 가져오는 스킬.
-Training data의 지식 컷오프 문제를 해결합니다.
+A skill for fetching vetted, up-to-date documentation before writing external API/SDK code.
+Solves the knowledge cutoff problem inherent in training data.
 
 ## Why?
 
 | Problem | Solution |
 |---------|----------|
-| Training data에 의존 → deprecated API 사용 | chub get → 검수된 최신 문서 기반 코드 |
-| 웹 검색 → 노이즈 섞인 결과 | chub search → 큐레이션된 문서만 |
-| 세션마다 같은 실수 반복 | chub annotate → 학습 누적 |
+| Relying on training data → using deprecated APIs | chub get → code based on vetted latest docs |
+| Web search → noisy results | chub search → curated docs only |
+| Repeating the same mistakes every session | chub annotate → accumulated learnings |
 
 ## When to Use
 
 | Situation | Example |
 |-----------|---------|
-| 외부 API 코드 작성 | "Stripe 결제 연동해줘" |
-| SDK 최신 버전 확인 | "OpenAI 최신 모델 호출" |
-| 공식 문서 필요 | "Supabase auth 설정" |
-| Deprecated 패턴 방지 | "Firebase v10 마이그레이션" |
+| Writing external API code | "Integrate Stripe payments" |
+| Checking latest SDK version | "Call the latest OpenAI model" |
+| Need official documentation | "Set up Supabase auth" |
+| Preventing deprecated patterns | "Firebase v10 migration" |
 
 ## Workflow
 
 ```
-외부 API/SDK 코드 작성 요청
+Request to write external API/SDK code
     ↓
-Step 0: chub 설치 확인 (없으면 자동 설치)
+Step 0: Check if chub is installed (auto-install if not)
     ↓
-Step 1: chub search "<라이브러리명>"
+Step 1: chub search "<library name>"
     ↓
 Step 2: chub get <id> --lang ts
     ↓
-Step 3: 문서 기반 코드 작성
+Step 3: Write code based on the docs
     ↓
-Step 4: gotcha 발견 시 chub annotate
+Step 4: chub annotate when a gotcha is discovered
 ```
 
-## Step 0 — 자동 설치 (Auto-install)
+## Step 0 — Auto-install
 
-**스킬 실행 전 반드시 먼저 수행한다.**
+**Always perform this step before running the skill.**
 
 ```bash
-# 1. chub 존재 여부 확인
+# 1. Check if chub exists
 which chub || command -v chub
 ```
 
-chub이 없으면 자동 설치를 시도한다:
+If chub is not found, attempt automatic installation:
 
 ```bash
 npm install -g @aisuite/chub
 ```
 
-설치 실패 시 `npx @aisuite/chub`로 대체 실행한다:
+If installation fails, fall back to running via `npx @aisuite/chub`:
 
 ```bash
-# search 예시
+# search example
 npx @aisuite/chub search "stripe"
-# get 예시
+# get example
 npx @aisuite/chub get stripe/api --lang ts
 ```
 
-`npx`도 실패하면 context7 또는 Web Search로 폴백한다 (Fallback Chain 참조).
+If `npx` also fails, fall back to context7 or Web Search (see Fallback Chain).
 
 ## Usage
 
-### Step 1 — 문서 검색
+### Step 1 — Search for docs
 
 ```bash
 chub search "stripe"
 chub search "openai"
-chub search ""           # 전체 목록 확인
+chub search ""           # View full list
 ```
 
-### Step 2 — 최신 문서 fetch
+### Step 2 — Fetch latest docs
 
 ```bash
 chub get stripe/api --lang ts
@@ -88,26 +88,26 @@ chub get openai/chat --lang py
 chub get supabase/auth --lang js
 ```
 
-### Step 3 — 문서 기반 코드 작성
+### Step 3 — Write code based on the docs
 
-fetch한 문서 내용을 기반으로 정확한 코드 작성.
-**절대 training data에 의존하지 않는다. 문서 먼저, 코드 나중.**
+Write accurate code based on the fetched documentation.
+**Never rely on training data. Docs first, code second.**
 
-### Step 4 — 학습 내용 기록
+### Step 4 — Record learnings
 
-작업 중 발견한 gotcha, workaround, 버전 이슈:
+Gotchas, workarounds, and version issues discovered during work:
 
 ```bash
-chub annotate stripe/api "한국 결제는 pg 파라미터 필수"
-chub annotate openai/chat "streaming에서 tool_calls는 delta로 옴"
-chub annotate firebase/auth "v10에서 getAuth() import 경로 변경"
+chub annotate stripe/api "pg parameter is required for Korean payments"
+chub annotate openai/chat "tool_calls in streaming comes as delta"
+chub annotate firebase/auth "getAuth() import path changed in v10"
 ```
 
-Annotation은 로컬 저장, 다음 세션에서 `chub get` 시 자동으로 같이 나옴.
+Annotations are stored locally and automatically included the next time you run `chub get`.
 
 ## Implementation Pattern (Subagent)
 
-컨텍스트 블로트 방지를 위해 서브에이전트에서 실행:
+Run via subagent to prevent context bloat:
 
 ```
 Task tool call:
@@ -116,24 +116,24 @@ Task tool call:
 - prompt: "Run `chub search <library>` then `chub get <id> --lang <lang>` to fetch latest API documentation for [topic]. Return only the relevant API usage examples, key changes from previous versions, and any annotations."
 ```
 
-서브에이전트가 chub 호출을 처리하고 요약만 반환 → 메인 컨텍스트 깨끗하게 유지.
+The subagent handles the chub calls and returns only a summary — keeping the main context clean.
 
 ## Supported APIs (1,000+)
 
-OpenAI, Anthropic, Stripe, Firebase, Supabase, Vercel, AWS S3, Cloudflare Workers, Auth0, Clerk 등.
+OpenAI, Anthropic, Stripe, Firebase, Supabase, Vercel, AWS S3, Cloudflare Workers, Auth0, Clerk, and more.
 
 ```bash
-chub search    # 인자 없이 실행하면 전체 목록 확인 가능
+chub search    # Run without arguments to view the full list
 ```
 
 ## Fallback Chain
 
 ```
-which chub 실패
+which chub fails
     ↓
-npm install -g @aisuite/chub (자동 시도)
+npm install -g @aisuite/chub (auto attempt)
     ↓
-실패 시 npx @aisuite/chub <command> (임시 실행)
+On failure: npx @aisuite/chub <command> (temporary execution)
     ↓
-npx도 실패 시 context7 또는 Web Search fallback
+If npx also fails: context7 or Web Search fallback
 ```