@su-record/vibe 2.9.22 → 2.9.23

package/skills/seo-checklist/rubrics/technical-seo.md

@@ -1,48 +1,48 @@
-# Technical SEO Checklist
-
-## Meta Tags
-
-- [ ] `<title>` unique per page, 50-60 characters
-- [ ] `<meta name="description">` unique per page, 150-160 characters
-- [ ] `<link rel="canonical">` on every page (including paginated, filtered)
-- [ ] `<meta name="robots" content="index,follow">` — verify `noindex` is NOT in production
-- [ ] `<html lang="{{LOCALE}}">` set correctly
-
-## Open Graph / Social
-
-- [ ] `og:title` — matches page title or optimized variant
-- [ ] `og:description` — matches meta description or optimized variant
-- [ ] `og:image` — exactly **1200x630px**, under 8MB
-- [ ] `og:type` — `website` for homepage, `article` for posts, `product` for products
-- [ ] `og:url` — canonical URL
-- [ ] `twitter:card` — `summary_large_image` for image-rich pages
-- [ ] `twitter:image` — same as og:image (some crawlers check separately)
-
-## Structured Data (JSON-LD)
-
-- [ ] Correct `@type` for content: `Article`, `Product`, `FAQPage`, `LocalBusiness`, `BreadcrumbList`
-- [ ] `BreadcrumbList` on all non-root pages
-- [ ] Validated with [Google Rich Results Test](https://search.google.com/test/rich-results)
-- [ ] No structured data describing content not visible on the page
-
-## Crawlability
-
-- [ ] `robots.txt` present at domain root
-  - `Allow: /` for public pages
-  - `Disallow: /api/`, `/admin/`, `/_next/` (static assets excepted)
-  - `Sitemap: https://{{DOMAIN}}/sitemap.xml`
-- [ ] `sitemap.xml` auto-generated, includes `<lastmod>` with real dates
-- [ ] Sitemap submitted to Google Search Console
-
-## Performance (Core Web Vitals)
-
-| Metric | Target | Common Fix |
-|--------|--------|------------|
-| LCP | ≤ 2.5s | `<link rel="preload">` on hero image |
-| INP | ≤ 200ms | Defer non-critical JS |
-| CLS | ≤ 0.1 | Set `width`/`height` on all images; `min-height` on dynamic containers |
-
-- [ ] Images have explicit `width` and `height` attributes
-- [ ] Below-fold images use `loading="lazy"`
-- [ ] Hero/LCP image uses `fetchpriority="high"` (not lazy)
-- [ ] No render-blocking scripts without `defer` or `async`
+# Technical SEO Checklist
+
+## Meta Tags
+
+- [ ] `<title>` unique per page, 50-60 characters
+- [ ] `<meta name="description">` unique per page, 150-160 characters
+- [ ] `<link rel="canonical">` on every page (including paginated, filtered)
+- [ ] `<meta name="robots" content="index,follow">` — verify `noindex` is NOT in production
+- [ ] `<html lang="{{LOCALE}}">` set correctly
+
+## Open Graph / Social
+
+- [ ] `og:title` — matches page title or optimized variant
+- [ ] `og:description` — matches meta description or optimized variant
+- [ ] `og:image` — exactly **1200x630px**, under 8MB
+- [ ] `og:type` — `website` for homepage, `article` for posts, `product` for products
+- [ ] `og:url` — canonical URL
+- [ ] `twitter:card` — `summary_large_image` for image-rich pages
+- [ ] `twitter:image` — same as og:image (some crawlers check separately)
+
+## Structured Data (JSON-LD)
+
+- [ ] Correct `@type` for content: `Article`, `Product`, `FAQPage`, `LocalBusiness`, `BreadcrumbList`
+- [ ] `BreadcrumbList` on all non-root pages
+- [ ] Validated with [Google Rich Results Test](https://search.google.com/test/rich-results)
+- [ ] No structured data describing content not visible on the page
+
+## Crawlability
+
+- [ ] `robots.txt` present at domain root
+  - `Allow: /` for public pages
+  - `Disallow: /api/`, `/admin/`, `/_next/` (static assets excepted)
+  - `Sitemap: https://{{DOMAIN}}/sitemap.xml`
+- [ ] `sitemap.xml` auto-generated, includes `<lastmod>` with real dates
+- [ ] Sitemap submitted to Google Search Console
+
+## Performance (Core Web Vitals)
+
+| Metric | Target | Common Fix |
+|--------|--------|------------|
+| LCP | ≤ 2.5s | `<link rel="preload">` on hero image |
+| INP | ≤ 200ms | Defer non-critical JS |
+| CLS | ≤ 0.1 | Set `width`/`height` on all images; `min-height` on dynamic containers |
+
+- [ ] Images have explicit `width` and `height` attributes
+- [ ] Below-fold images use `loading="lazy"`
+- [ ] Hero/LCP image uses `fetchpriority="high"` (not lazy)
+- [ ] No render-blocking scripts without `defer` or `async`

package/skills/techdebt/SKILL.md

@@ -1,124 +1,124 @@
----
-name: techdebt
-tier: core
-description: "Technical debt cleanup — detect and fix duplicate code, console.log, unused imports, any types, etc. Recommended before session end. Activates on techdebt, cleanup, debt keywords."
-triggers: [techdebt, cleanup, debt, unused imports, console.log, dead code]
-priority: 60
-chain-next: [commit-push-pr]
----
-
-# Techdebt — Technical Debt Cleanup
-
-Detect and clean up technical debt in the codebase before session end or periodically.
-
-## Inspection Items
-
-### 1. Duplicate Code
-
-- Check for similar functions/logic across multiple files
-- Identify code extractable into common utilities
-- Method: Detect similar code with `core_analyze_complexity`
-
-### 2. Unused Code
-
-- Unused import statements
-- Unused variables/functions
-- Commented-out code blocks
-
-Detection tools:
-
-```
-# Detect unused imports (using Grep tool)
-Grep: pattern="^import .+ from" → cross-reference usage
-
-# Detect commented-out code blocks
-Grep: pattern="^\\s*//.*\\b(function|const|let|var|class|import)\\b"
-```
-
-### 3. Debug Code
-
-- `console.log` / `console.error` / `console.warn`
-- `debugger` statements
-- Temporary comments: `// TODO`, `// FIXME`, `// HACK`, `// XXX`
-
-Detection tools:
-
-```
-# Detect console statements (using Grep tool)
-Grep: pattern="console\\.(log|error|warn|debug)" glob="*.{ts,tsx}"
-
-# Detect TODO/FIXME
-Grep: pattern="(TODO|FIXME|HACK|XXX)" glob="*.{ts,tsx}"
-
-# Detect debugger statements
-Grep: pattern="\\bdebugger\\b" glob="*.{ts,tsx}"
-```
-
-### 4. Code Quality
-
-- `any` type usage (TypeScript)
-- Hardcoded values (magic numbers/strings)
-- Functions exceeding 50 lines
-- Nesting deeper than 4 levels
-
-Detection tools:
-
-```
-# Detect any types (using Grep tool)
-Grep: pattern=": any\\b|as any\\b" glob="*.{ts,tsx}"
-
-# Analyze complexity with built-in VIBE tools
-core_analyze_complexity: filePath="src/**/*.ts"
-core_validate_code_quality: filePath="src/**/*.ts"
-```
-
-## Output Format
-
-```markdown
-## Technical Debt Report
-
-### Duplicate Code (N items)
-- src/utils.ts:formatDate ↔ src/helpers.ts:formatDateTime
-
-### Unused Imports (N items)
-- src/components/Button.tsx:3 — React (unused)
-
-### Debug Code (N items)
-- src/api/auth.ts:23 — console.log
-
-### Code Quality Issues (N items)
-- src/services/user.ts:45 — any type usage
-- src/utils/calc.ts:10 — magic number (hardcoded 365)
-
-Total: N technical debt items found.
-```
-
-## Auto-fix Scope
-
-### Auto-fixable (Safe)
-
-| Item | Fix Method |
-|------|-----------|
-| Unused imports | Delete the import statement |
-| `console.log` / `debugger` | Delete the line |
-| Trailing whitespace / blank lines | Apply formatter |
-
-### Requires Manual Review (Safety Guard)
-
-| Item | Reason |
-|------|--------|
-| Duplicate code extraction | Need to verify logic equivalence |
-| `any` type fixes | Need proper type design |
-| Magic number extraction | Need to decide constant names and locations |
-| Long function splitting | Need to decide logic separation criteria |
-
-> Always show the scope of changes to the user and get confirmation before auto-fixing.
-
-## VIBE Tool Integration
-
-| Tool | Purpose |
-|------|---------|
-| `core_analyze_complexity` | Measure function complexity (nesting, line count) |
-| `core_validate_code_quality` | Detect code quality rule violations |
-| `core_suggest_improvements` | Generate improvement suggestions |
-| `core_check_coupling_cohesion` | Analyze module coupling/cohesion |
+---
+name: techdebt
+tier: core
+description: "Technical debt cleanup — detect and fix duplicate code, console.log, unused imports, any types, etc. Recommended before session end. Activates on techdebt, cleanup, debt keywords."
+triggers: [techdebt, cleanup, debt, unused imports, console.log, dead code]
+priority: 60
+chain-next: [commit-push-pr]
+---
+
+# Techdebt — Technical Debt Cleanup
+
+Detect and clean up technical debt in the codebase before session end or periodically.
+
+## Inspection Items
+
+### 1. Duplicate Code
+
+- Check for similar functions/logic across multiple files
+- Identify code extractable into common utilities
+- Method: Detect similar code with `core_analyze_complexity`
+
+### 2. Unused Code
+
+- Unused import statements
+- Unused variables/functions
+- Commented-out code blocks
+
+Detection tools:
+
+```
+# Detect unused imports (using Grep tool)
+Grep: pattern="^import .+ from" → cross-reference usage
+
+# Detect commented-out code blocks
+Grep: pattern="^\\s*//.*\\b(function|const|let|var|class|import)\\b"
+```
+
+### 3. Debug Code
+
+- `console.log` / `console.error` / `console.warn`
+- `debugger` statements
+- Temporary comments: `// TODO`, `// FIXME`, `// HACK`, `// XXX`
+
+Detection tools:
+
+```
+# Detect console statements (using Grep tool)
+Grep: pattern="console\\.(log|error|warn|debug)" glob="*.{ts,tsx}"
+
+# Detect TODO/FIXME
+Grep: pattern="(TODO|FIXME|HACK|XXX)" glob="*.{ts,tsx}"
+
+# Detect debugger statements
+Grep: pattern="\\bdebugger\\b" glob="*.{ts,tsx}"
+```
+
+### 4. Code Quality
+
+- `any` type usage (TypeScript)
+- Hardcoded values (magic numbers/strings)
+- Functions exceeding 50 lines
+- Nesting deeper than 4 levels
+
+Detection tools:
+
+```
+# Detect any types (using Grep tool)
+Grep: pattern=": any\\b|as any\\b" glob="*.{ts,tsx}"
+
+# Analyze complexity with built-in VIBE tools
+core_analyze_complexity: filePath="src/**/*.ts"
+core_validate_code_quality: filePath="src/**/*.ts"
+```
+
+## Output Format
+
+```markdown
+## Technical Debt Report
+
+### Duplicate Code (N items)
+- src/utils.ts:formatDate ↔ src/helpers.ts:formatDateTime
+
+### Unused Imports (N items)
+- src/components/Button.tsx:3 — React (unused)
+
+### Debug Code (N items)
+- src/api/auth.ts:23 — console.log
+
+### Code Quality Issues (N items)
+- src/services/user.ts:45 — any type usage
+- src/utils/calc.ts:10 — magic number (hardcoded 365)
+
+Total: N technical debt items found.
+```
+
+## Auto-fix Scope
+
+### Auto-fixable (Safe)
+
+| Item | Fix Method |
+|------|-----------|
+| Unused imports | Delete the import statement |
+| `console.log` / `debugger` | Delete the line |
+| Trailing whitespace / blank lines | Apply formatter |
+
+### Requires Manual Review (Safety Guard)
+
+| Item | Reason |
+|------|--------|
+| Duplicate code extraction | Need to verify logic equivalence |
+| `any` type fixes | Need proper type design |
+| Magic number extraction | Need to decide constant names and locations |
+| Long function splitting | Need to decide logic separation criteria |
+
+> Always show the scope of changes to the user and get confirmation before auto-fixing.
+
+## VIBE Tool Integration
+
+| Tool | Purpose |
+|------|---------|
+| `core_analyze_complexity` | Measure function complexity (nesting, line count) |
+| `core_validate_code_quality` | Detect code quality rule violations |
+| `core_suggest_improvements` | Generate improvement suggestions |
+| `core_check_coupling_cohesion` | Analyze module coupling/cohesion |

package/skills/techdebt/agents/analyzer.md

@@ -1,50 +1,50 @@
----
-name: techdebt-analyzer
-role: Analyzes severity and blast radius of each scanned finding
-tools: [Read, Grep]
----
-
-# Techdebt Analyzer
-
-## Role
-Receives raw scan findings and evaluates each item's severity, effort to fix, and risk of breakage. Classifies findings into auto-fixable vs. manual-review categories and assigns a priority score to guide the fixer.
-
-## Responsibilities
-- Classify each finding by severity: Critical / High / Medium / Low
-- Assess auto-fix safety: safe (delete line), risky (needs refactor), manual-only
-- Estimate fix effort: trivial (1 line), minor (< 10 lines), major (multi-file)
-- Detect clusters — multiple related findings that should be fixed together
-- Flag findings in test files separately (lower priority, different rules apply)
-
-## Input
-Raw findings JSON array from `techdebt-scanner` with file, line, category, and snippet fields.
-
-## Output
-Enriched findings list with severity and fix metadata:
-```json
-[
-  {
-    "category": "console-log",
-    "file": "src/api/auth.ts",
-    "line": 12,
-    "snippet": "console.log(token)",
-    "severity": "High",
-    "autoFixable": true,
-    "effort": "trivial",
-    "fixMethod": "delete-line"
-  }
-]
-```
-Plus a summary: total counts by severity, estimated total fix time.
-
-## Communication
-- Reports enriched findings to: `techdebt-fixer` (auto-fixable items) and orchestrator (manual items)
-- Receives instructions from: techdebt orchestrator (SKILL.md)
-
-## Domain Knowledge
-Severity heuristics:
-- **Critical**: `any` in public API surface, `console.log` logging credentials/tokens
-- **High**: `any` in business logic, `console.log` in production paths
-- **Medium**: magic numbers, unused imports, commented-out blocks
-- **Low**: unused imports in test files, minor style issues
-Auto-fix safety rules: never auto-fix type changes, logic extractions, or multi-file changes.
+---
+name: techdebt-analyzer
+role: Analyzes severity and blast radius of each scanned finding
+tools: [Read, Grep]
+---
+
+# Techdebt Analyzer
+
+## Role
+Receives raw scan findings and evaluates each item's severity, effort to fix, and risk of breakage. Classifies findings into auto-fixable vs. manual-review categories and assigns a priority score to guide the fixer.
+
+## Responsibilities
+- Classify each finding by severity: Critical / High / Medium / Low
+- Assess auto-fix safety: safe (delete line), risky (needs refactor), manual-only
+- Estimate fix effort: trivial (1 line), minor (< 10 lines), major (multi-file)
+- Detect clusters — multiple related findings that should be fixed together
+- Flag findings in test files separately (lower priority, different rules apply)
+
+## Input
+Raw findings JSON array from `techdebt-scanner` with file, line, category, and snippet fields.
+
+## Output
+Enriched findings list with severity and fix metadata:
+```json
+[
+  {
+    "category": "console-log",
+    "file": "src/api/auth.ts",
+    "line": 12,
+    "snippet": "console.log(token)",
+    "severity": "High",
+    "autoFixable": true,
+    "effort": "trivial",
+    "fixMethod": "delete-line"
+  }
+]
+```
+Plus a summary: total counts by severity, estimated total fix time.
+
+## Communication
+- Reports enriched findings to: `techdebt-fixer` (auto-fixable items) and orchestrator (manual items)
+- Receives instructions from: techdebt orchestrator (SKILL.md)
+
+## Domain Knowledge
+Severity heuristics:
+- **Critical**: `any` in public API surface, `console.log` logging credentials/tokens
+- **High**: `any` in business logic, `console.log` in production paths
+- **Medium**: magic numbers, unused imports, commented-out blocks
+- **Low**: unused imports in test files, minor style issues
+Auto-fix safety rules: never auto-fix type changes, logic extractions, or multi-file changes.

package/skills/techdebt/agents/fixer.md

@@ -1,41 +1,41 @@
----
-name: techdebt-fixer
-role: Generates safe auto-fix patches for trivially fixable techdebt items
-tools: [Read, Edit]
----
-
-# Techdebt Fixer
-
-## Role
-Applies safe, deterministic fixes to auto-fixable findings identified by the analyzer. Operates strictly within the boundaries set by the analyzer — never attempts fixes marked `manual-only` or `risky`. Each fix is atomic and targets a single file at a time.
-
-## Responsibilities
-- Delete `console.log`, `console.error`, `console.warn`, and `debugger` lines
-- Remove unused import statements (single-identifier and named imports)
-- Delete commented-out code blocks that contain dead code constructs
-- Preserve surrounding blank lines and indentation conventions
-- Record every change made for the reviewer's diff check
-
-## Input
-Filtered findings list from `techdebt-analyzer` where `autoFixable: true` and `effort: "trivial"`, plus the full file content via Read.
-
-## Output
-A change log of all edits applied:
-```json
-[
-  { "file": "src/api/auth.ts", "line": 12, "action": "deleted", "was": "console.log(token)" },
-  { "file": "src/components/Button.tsx", "line": 3, "action": "deleted", "was": "import React from 'react'" }
-]
-```
-Edited files are modified in place using the Edit tool.
-
-## Communication
-- Reports change log to: `techdebt-reviewer`
-- Receives instructions from: techdebt orchestrator (SKILL.md)
-
-## Domain Knowledge
-Fix safety rules:
-- Only delete lines — never rewrite or rearrange code
-- When removing a named import `{ A, B }`, if only `A` is unused, rewrite to `{ B }`, not delete the line
-- Never remove imports flagged as side-effect imports (e.g., `import './styles.css'`)
-- Stop and escalate if a file has been modified by another agent in the same session
+---
+name: techdebt-fixer
+role: Generates safe auto-fix patches for trivially fixable techdebt items
+tools: [Read, Edit]
+---
+
+# Techdebt Fixer
+
+## Role
+Applies safe, deterministic fixes to auto-fixable findings identified by the analyzer. Operates strictly within the boundaries set by the analyzer — never attempts fixes marked `manual-only` or `risky`. Each fix is atomic and targets a single file at a time.
+
+## Responsibilities
+- Delete `console.log`, `console.error`, `console.warn`, and `debugger` lines
+- Remove unused import statements (single-identifier and named imports)
+- Delete commented-out code blocks that contain dead code constructs
+- Preserve surrounding blank lines and indentation conventions
+- Record every change made for the reviewer's diff check
+
+## Input
+Filtered findings list from `techdebt-analyzer` where `autoFixable: true` and `effort: "trivial"`, plus the full file content via Read.
+
+## Output
+A change log of all edits applied:
+```json
+[
+  { "file": "src/api/auth.ts", "line": 12, "action": "deleted", "was": "console.log(token)" },
+  { "file": "src/components/Button.tsx", "line": 3, "action": "deleted", "was": "import React from 'react'" }
+]
+```
+Edited files are modified in place using the Edit tool.
+
+## Communication
+- Reports change log to: `techdebt-reviewer`
+- Receives instructions from: techdebt orchestrator (SKILL.md)
+
+## Domain Knowledge
+Fix safety rules:
+- Only delete lines — never rewrite or rearrange code
+- When removing a named import `{ A, B }`, if only `A` is unused, rewrite to `{ B }`, not delete the line
+- Never remove imports flagged as side-effect imports (e.g., `import './styles.css'`)
+- Stop and escalate if a file has been modified by another agent in the same session

package/skills/techdebt/agents/reviewer.md

@@ -1,47 +1,47 @@
----
-name: techdebt-reviewer
-role: Reviews auto-fix patches for correctness and safety before presenting to user
-tools: [Read, Grep]
----
-
-# Techdebt Reviewer
-
-## Role
-Acts as the final quality gate before fixes are presented to the user for confirmation. Re-reads every modified file, verifies that only the intended lines were changed, and checks that no new issues were introduced. Produces a human-readable summary with before/after context.
-
-## Responsibilities
-- Re-read each modified file and diff against the change log from `techdebt-fixer`
-- Verify no unintended lines were altered (scope creep check)
-- Confirm removed imports were genuinely unused by re-scanning usage in file body
-- Check that removing a `console.log` did not break a surrounding `if` block structure
-- Produce a formatted summary grouped by category for user confirmation
-
-## Input
-Change log JSON from `techdebt-fixer` plus current file content from Read tool.
-
-## Output
-Human-readable review report:
-```markdown
-## Techdebt Fix Review
-
-### Ready to Apply (N changes)
-- src/api/auth.ts:12 — removed console.log(token) [verified safe]
-- src/components/Button.tsx:3 — removed unused React import [verified safe]
-
-### Flagged for Manual Review (N items)
-- src/services/user.ts:45 — any type, needs proper interface definition
-
-All changes are reversible with git checkout.
-```
-Final confirmation prompt to user before any edits are committed.
-
-## Communication
-- Reports review summary to: orchestrator / user
-- Receives instructions from: techdebt orchestrator (SKILL.md)
-
-## Domain Knowledge
-Verification checklist:
-- Import removal: identifier must appear zero times outside the import line
-- Console removal: surrounding block must remain syntactically valid
-- Commented code removal: must not be a doc comment (`/** */`) or license header
-- Scope rule: reviewer changes nothing — read-only gate only
+---
+name: techdebt-reviewer
+role: Reviews auto-fix patches for correctness and safety before presenting to user
+tools: [Read, Grep]
+---
+
+# Techdebt Reviewer
+
+## Role
+Acts as the final quality gate before fixes are presented to the user for confirmation. Re-reads every modified file, verifies that only the intended lines were changed, and checks that no new issues were introduced. Produces a human-readable summary with before/after context.
+
+## Responsibilities
+- Re-read each modified file and diff against the change log from `techdebt-fixer`
+- Verify no unintended lines were altered (scope creep check)
+- Confirm removed imports were genuinely unused by re-scanning usage in file body
+- Check that removing a `console.log` did not break a surrounding `if` block structure
+- Produce a formatted summary grouped by category for user confirmation
+
+## Input
+Change log JSON from `techdebt-fixer` plus current file content from Read tool.
+
+## Output
+Human-readable review report:
+```markdown
+## Techdebt Fix Review
+
+### Ready to Apply (N changes)
+- src/api/auth.ts:12 — removed console.log(token) [verified safe]
+- src/components/Button.tsx:3 — removed unused React import [verified safe]
+
+### Flagged for Manual Review (N items)
+- src/services/user.ts:45 — any type, needs proper interface definition
+
+All changes are reversible with git checkout.
+```
+Final confirmation prompt to user before any edits are committed.
+
+## Communication
+- Reports review summary to: orchestrator / user
+- Receives instructions from: techdebt orchestrator (SKILL.md)
+
+## Domain Knowledge
+Verification checklist:
+- Import removal: identifier must appear zero times outside the import line
+- Console removal: surrounding block must remain syntactically valid
+- Commented code removal: must not be a doc comment (`/** */`) or license header
+- Scope rule: reviewer changes nothing — read-only gate only