@su-record/vibe 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/CLAUDE.md +2 -2
  2. package/README.en.md +6 -4
  3. package/README.md +5 -3
  4. package/dist/__tests__/wiring-integrity.test.d.ts +2 -0
  5. package/dist/__tests__/wiring-integrity.test.d.ts.map +1 -0
  6. package/dist/__tests__/wiring-integrity.test.js +160 -0
  7. package/dist/__tests__/wiring-integrity.test.js.map +1 -0
  8. package/dist/cli/commands/info.d.ts.map +1 -1
  9. package/dist/cli/commands/info.js +2 -1
  10. package/dist/cli/commands/info.js.map +1 -1
  11. package/dist/cli/commands/init.d.ts.map +1 -1
  12. package/dist/cli/commands/init.js +4 -2
  13. package/dist/cli/commands/init.js.map +1 -1
  14. package/dist/cli/index.js +102 -128
  15. package/dist/cli/index.js.map +1 -1
  16. package/dist/cli/postinstall/claude-agents.d.ts.map +1 -1
  17. package/dist/cli/postinstall/claude-agents.js +0 -5
  18. package/dist/cli/postinstall/claude-agents.js.map +1 -1
  19. package/dist/cli/postinstall/constants.d.ts +6 -0
  20. package/dist/cli/postinstall/constants.d.ts.map +1 -1
  21. package/dist/cli/postinstall/constants.js +42 -60
  22. package/dist/cli/postinstall/constants.js.map +1 -1
  23. package/dist/cli/postinstall/inline-skills.js +2 -2
  24. package/dist/cli/postinstall/inline-skills.js.map +1 -1
  25. package/dist/cli/postinstall/main.d.ts.map +1 -1
  26. package/dist/cli/postinstall/main.js +2 -0
  27. package/dist/cli/postinstall/main.js.map +1 -1
  28. package/dist/cli/postinstall.d.ts +6 -1
  29. package/dist/cli/postinstall.d.ts.map +1 -1
  30. package/dist/cli/postinstall.js +6 -1
  31. package/dist/cli/postinstall.js.map +1 -1
  32. package/dist/cli/setup/GlobalInstaller.d.ts +1 -15
  33. package/dist/cli/setup/GlobalInstaller.d.ts.map +1 -1
  34. package/dist/cli/setup/GlobalInstaller.js +16 -115
  35. package/dist/cli/setup/GlobalInstaller.js.map +1 -1
  36. package/dist/cli/setup/GlobalInstaller.test.d.ts +2 -0
  37. package/dist/cli/setup/GlobalInstaller.test.d.ts.map +1 -0
  38. package/dist/cli/setup/GlobalInstaller.test.js +16 -0
  39. package/dist/cli/setup/GlobalInstaller.test.js.map +1 -0
  40. package/dist/cli/setup/ProjectSetup.js +2 -2
  41. package/dist/cli/setup/ProjectSetup.js.map +1 -1
  42. package/dist/cli/setup.d.ts +1 -1
  43. package/dist/cli/setup.d.ts.map +1 -1
  44. package/dist/cli/setup.js +1 -1
  45. package/dist/cli/setup.js.map +1 -1
  46. package/dist/infra/lib/SkillRepository.js +1 -1
  47. package/dist/infra/lib/evolution/__tests__/integration.test.js +0 -42
  48. package/dist/infra/lib/evolution/__tests__/integration.test.js.map +1 -1
  49. package/hooks/scripts/__tests__/.vibe/command-log.txt +3 -3
  50. package/hooks/scripts/__tests__/clone-behaviors.test.js +33 -1
  51. package/hooks/scripts/__tests__/code-check-memory-write.test.js +81 -0
  52. package/hooks/scripts/__tests__/step-counter.test.js +21 -0
  53. package/hooks/scripts/auto-format.js +2 -11
  54. package/hooks/scripts/auto-test.js +2 -11
  55. package/hooks/scripts/clone-extract.js +146 -10
  56. package/hooks/scripts/code-check.js +27 -55
  57. package/hooks/scripts/lib/glob.js +32 -0
  58. package/hooks/scripts/lib/hook-context.js +19 -2
  59. package/hooks/scripts/post-edit.js +2 -3
  60. package/hooks/scripts/prompt-dispatcher.js +1 -1
  61. package/hooks/scripts/scope-guard.js +3 -42
  62. package/hooks/scripts/sentinel-guard.js +5 -20
  63. package/hooks/scripts/session-start.js +2 -2
  64. package/hooks/scripts/step-counter.js +35 -57
  65. package/package.json +2 -3
  66. package/skills/clone/SKILL.md +10 -216
  67. package/skills/clone/references/capture-rules.md +48 -0
  68. package/skills/clone/references/legal-and-error-recovery.md +40 -0
  69. package/skills/clone/references/refine-rules.md +61 -0
  70. package/skills/clone/references/scaffold-phases.md +59 -0
  71. package/skills/clone/references/setup-and-layout.md +30 -0
  72. package/skills/docs/SKILL.md +39 -4
  73. package/skills/docs/references/api-docs-changelog.md +34 -0
  74. package/skills/docs/references/codemaps-output.md +23 -0
  75. package/{agents/diagrammer.md → skills/docs/references/diagram-spec.md} +2 -15
  76. package/skills/exec-plan/SKILL.md +1 -1
  77. package/skills/exec-plan/templates/plan.md +1 -1
  78. package/skills/handoff/SKILL.md +3 -3
  79. package/skills/handoff/templates/handoff.md +1 -1
  80. package/skills/vibe/SKILL.md +3 -2
  81. package/skills/vibe.analyze/SKILL.md +12 -249
  82. package/skills/vibe.analyze/references/output-templates.md +188 -0
  83. package/skills/vibe.analyze/references/quality-gate.md +93 -0
  84. package/skills/vibe.clone/SKILL.md +14 -1
  85. package/skills/vibe.continue/SKILL.md +32 -0
  86. package/skills/vibe.design/SKILL.md +23 -1
  87. package/skills/vibe.design/references/ui-preview.md +20 -0
  88. package/skills/vibe.docs/SKILL.md +4 -2
  89. package/skills/vibe.figma/SKILL.md +33 -260
  90. package/skills/vibe.figma/references/branch-phases.md +113 -0
  91. package/skills/vibe.figma/references/state-schema.md +42 -0
  92. package/skills/vibe.figma/references/step-algorithms.md +204 -0
  93. package/skills/vibe.image/SKILL.md +62 -0
  94. package/skills/vibe.image/references/image-generation-examples.md +39 -0
  95. package/skills/vibe.reason/SKILL.md +3 -183
  96. package/skills/vibe.reason/references/output-format-template.md +57 -0
  97. package/skills/vibe.reason/references/quality-rubrics.md +94 -0
  98. package/skills/vibe.reason/references/worked-example.md +45 -0
  99. package/skills/vibe.review/SKILL.md +13 -348
  100. package/skills/vibe.review/references/boundary-check.md +25 -0
  101. package/skills/vibe.review/references/output-template.md +74 -0
  102. package/skills/vibe.review/references/quality-gate.md +84 -0
  103. package/skills/vibe.review/references/race-mode.md +117 -0
  104. package/skills/vibe.review/references/worked-examples.md +94 -0
  105. package/vibe/templates/claudemd-template.md +1 -1
  106. package/agents/acceptance-tester.md +0 -56
  107. package/agents/documenter.md +0 -43
  108. package/agents/figma/figma-engineer.md +0 -76
  109. package/dist/cli/postinstall/index.d.ts +0 -23
  110. package/dist/cli/postinstall/index.d.ts.map +0 -1
  111. package/dist/cli/postinstall/index.js +0 -23
  112. package/dist/cli/postinstall/index.js.map +0 -1
  113. package/dist/cli/setup/index.d.ts +0 -9
  114. package/dist/cli/setup/index.d.ts.map +0 -1
  115. package/dist/cli/setup/index.js +0 -12
  116. package/dist/cli/setup/index.js.map +0 -1
  117. package/hooks/scripts/__tests__/.vibe/memories/memories.db +0 -0
  118. package/hooks/scripts/__tests__/.vibe/memories/memories.db-shm +0 -0
  119. package/hooks/scripts/__tests__/.vibe/memories/memories.db-wal +0 -0
  120. package/hooks/scripts/evolution-engine.js +0 -91
  121. package/hooks/scripts/hud-status.js +0 -321
  122. package/hooks/scripts/skill-injector.js +0 -83
  123. package/skills/vibe.utils/SKILL.md +0 -415
@@ -0,0 +1,57 @@
1
+ # vibe.reason — Output Format Template
2
+
3
+ > Loaded by vibe.reason SKILL.md Output Format — full markdown report template for the 9-step reasoning framework analysis.
4
+
5
+ ## Output Format
6
+
7
+ ```markdown
8
+ # Reasoning Framework Analysis
9
+
10
+ **Problem**: [problem description]
11
+ **Context**: [relevant information]
12
+ **Steps Applied**: 9/9
13
+ **⏱️ Started**: {start_time}
14
+ **⏱️ Completed**: {getCurrentTime 결과}
15
+
16
+ ---
17
+
18
+ ## 1. Logical Dependencies and Constraints
19
+
20
+ **Constraint Analysis**:
21
+ [analysis content]
22
+
23
+ ---
24
+
25
+ ## 2. Risk Assessment
26
+
27
+ **Risk Assessment**:
28
+ - Task type: [risk level]
29
+ - Rollback possibility: [assessment]
30
+ - Compatibility/Security/Performance risks
31
+
32
+ ---
33
+
34
+ ## 3. Inductive Reasoning and Hypothesis Exploration
35
+
36
+ **Hypothesis Generation**:
37
+ 1. **Hypothesis 1**: [description] (Likelihood: High/Medium/Low)
38
+ - Evidence: [supporting evidence]
39
+ - Verification: [how to verify]
40
+
41
+ 2. **Hypothesis 2**: ...
42
+
43
+ ---
44
+
45
+ [Steps 4-9...]
46
+
47
+ ---
48
+
49
+ ## Summary
50
+
51
+ [Overall reasoning results summary and recommendations]
52
+
53
+ **Recommended Actions**:
54
+ 1. Immediate: [low risk action]
55
+ 2. Short-term: [medium priority]
56
+ 3. Medium-term: [long-term fix]
57
+ ```
@@ -0,0 +1,94 @@
1
+ # vibe.reason — Quality Rubrics
2
+
3
+ > Loaded by vibe.reason SKILL.md Quality Gate (Mandatory) — full reasoning quality checklist, hypothesis quality standards, minimum hypothesis count, evidence standards, risk assessment matrix, forbidden reasoning patterns, and reasoning output requirements. Reasoning Score Calculation (the deterministic gate threshold) stays in SKILL.md.
4
+
5
+ ### Reasoning Quality Checklist
6
+
7
+ Before completing reasoning analysis, ALL steps must be verified:
8
+
9
+ | Step | Check Item | Weight |
10
+ |------|------------|--------|
11
+ | **Step 1** | Logical dependencies and constraints identified | 10% |
12
+ | **Step 2** | Risk assessment completed with rollback plan | 10% |
13
+ | **Step 3** | At least 3 hypotheses generated with likelihood | 15% |
14
+ | **Step 4** | Verification method defined for each hypothesis | 10% |
15
+ | **Step 5** | All available tools and resources listed | 10% |
16
+ | **Step 6** | Evidence cited with exact sources | 15% |
17
+ | **Step 7** | All alternatives explored | 10% |
18
+ | **Step 8** | Error handling strategy defined | 10% |
19
+ | **Step 9** | Action plan documented before execution | 10% |
20
+
21
+
22
+ ### Hypothesis Quality Standards
23
+
24
+ Each hypothesis MUST include:
25
+
26
+ | Component | Requirement | Example |
27
+ |-----------|-------------|---------|
28
+ | **Description** | Clear, testable statement | "Session data is incomplete due to race condition" |
29
+ | **Likelihood** | High/Medium/Low with justification | "High - intermittent = timing issue" |
30
+ | **Evidence** | Supporting observations | "Error only on concurrent logins" |
31
+ | **Verification** | Specific test method | "Add logging to session.save()" |
32
+ | **Disproof criteria** | What would rule it out | "Logs show complete data every time" |
33
+
34
+ ### Minimum Hypothesis Count
35
+
36
+ | Problem Complexity | Minimum Hypotheses |
37
+ |--------------------|-------------------|
38
+ | Simple (single component) | 2 |
39
+ | Medium (cross-component) | 3 |
40
+ | Complex (system-wide) | 5 |
41
+
42
+ ### Evidence Standards
43
+
44
+ All claims MUST include:
45
+
46
+ | Evidence Type | Required Format |
47
+ |---------------|-----------------|
48
+ | Code reference | `filename.ts:L42` |
49
+ | Log/metric | Exact value with timestamp |
50
+ | Documentation | Document name + section |
51
+ | Prior knowledge | Memory key or conversation reference |
52
+
53
+ ### Risk Assessment Matrix
54
+
55
+ | Risk Level | Rollback Required | Approval Required |
56
+ |------------|-------------------|-------------------|
57
+ | **Low** | Optional | No |
58
+ | **Medium** | Yes, automated | No |
59
+ | **High** | Yes, tested | User confirmation |
60
+ | **Critical** | Yes, verified | User + backup plan |
61
+
62
+ ### Forbidden Reasoning Patterns
63
+
64
+ | Pattern | Issue | Required Fix |
65
+ |---------|-------|--------------|
66
+ | "Probably X" without evidence | Unsubstantiated claim | Add supporting evidence |
67
+ | Single hypothesis | Tunnel vision | Generate alternatives |
68
+ | Skipping risk assessment | Dangerous changes | Always assess risk |
69
+ | "I think" without verification | Assumption | Verify before claiming |
70
+ | Acting before reasoning complete | Premature action | Complete all 9 steps |
71
+
72
+ ### Reasoning Output Requirements
73
+
74
+ Every reasoning analysis MUST include:
75
+
76
+ 1. **Problem Statement**
77
+ - Clear description
78
+ - Context and constraints
79
+ - Steps applied count (X/9)
80
+
81
+ 2. **Hypothesis Table**
82
+ - Ranked by likelihood
83
+ - All 5 components per hypothesis
84
+ - Verification status
85
+
86
+ 3. **Risk Assessment**
87
+ - Risk level classification
88
+ - Rollback possibility
89
+ - Approval requirements
90
+
91
+ 4. **Recommended Actions**
92
+ - Immediate (low risk, high confidence)
93
+ - Short-term (medium priority)
94
+ - Long-term (systemic fix)
@@ -0,0 +1,45 @@
1
+ # vibe.reason — Worked Example
2
+
3
+ > Loaded by vibe.reason SKILL.md Example — full worked example applying the 9-step reasoning framework to a debugging scenario.
4
+
5
+ ## Example
6
+
7
+ ```
8
+ User: /vibe.reason "After user login, profile page intermittently returns 500 error"
9
+
10
+ AI: Analyzing with 9-step reasoning framework...
11
+
12
+ # Reasoning Framework Analysis
13
+
14
+ **Problem**: Intermittent 500 error on profile page after login
15
+ **Context**: Intermittent occurrence, happens after successful login
16
+
17
+ ## 1. Logical Dependencies and Constraints
18
+
19
+ **Constraint Analysis**:
20
+ - Policy/Rules: Need to check auth/authz system policies
21
+ - Task Order: Verify login -> session creation -> profile fetch order
22
+ - Prerequisites: Need to identify error reproduction conditions
23
+
24
+ ## 3. Inductive Reasoning and Hypothesis Exploration
25
+
26
+ **Hypothesis Generation**:
27
+ 1. **Hypothesis 1: Incomplete session data** (Likelihood: High)
28
+ - Evidence: Intermittent = timing issue or data consistency problem
29
+ - Verification: Add logging to session save logic
30
+
31
+ 2. **Hypothesis 2: Async processing order issue** (Likelihood: Medium)
32
+ - Evidence: undefined = accessing data before load
33
+ - Verification: Check Promise chain, missing await
34
+
35
+ ## Summary
36
+
37
+ **Key Findings**:
38
+ - Most likely cause: Incomplete session data
39
+ - Verification priority: 1) Session logging -> 2) Async review -> 3) DB check
40
+
41
+ **Recommended Actions**:
42
+ 1. Immediate: Add detailed logging to session save/fetch
43
+ 2. Short-term: Code review async processing
44
+ 3. Medium-term: Strengthen session store monitoring
45
+ ```
@@ -36,119 +36,7 @@ user-invocable: true
36
36
 
37
37
  **Multi-LLM competitive review** - Same review task runs on GPT + Antigravity in parallel, results are cross-validated.
38
38
 
39
- ### How It Works
40
-
41
- ```
42
- /vibe.review --race
43
-
44
- security-review:
45
- ├─ GPT Codex → [SQL injection, XSS]
46
- └─ Antigravity → [SQL injection, CSRF]
47
-
48
- Cross-validation:
49
- - SQL injection (2/2) → 🔴 P1 (100% confidence)
50
- - XSS (1/2) → 🟡 P2 (50% confidence)
51
- - CSRF (1/2) → 🟡 P2 (50% confidence)
52
- ```
53
-
54
- ### Confidence-Based Priority
55
-
56
- | Confidence | Priority | Meaning |
57
- |------------|----------|---------|
58
- | 100% (2/2) | P1 | Both models agree - high confidence |
59
- | 50% (1/2) | P2 | One model found - needs verification |
60
-
61
- ### Race Mode Options
62
-
63
- ```
64
- /vibe.review --race # All review types
65
- /vibe.review --race security # Security only
66
- /vibe.review --race performance # Performance only
67
- /vibe.review --race architecture # Architecture only
68
- ```
69
-
70
- ### Race Mode Output
71
-
72
- ```
73
- ## SECURITY Review (Race Mode)
74
-
75
- **Duration**: 3420ms
76
- **Models**: GPT Codex, Antigravity
77
-
78
- ### Model Results
79
-
80
- | Model | Issues Found | Duration | Status |
81
- |-------|--------------|----------|--------|
82
- | gpt | 3 | 1823ms | OK |
83
- | antigravity | 2 | 2156ms | OK |
84
-
85
- ### Cross-Validated Issues
86
-
87
- **Summary**: 3 issues (P1: 1, P2: 2)
88
- **Consensus Rate**: 67%
89
-
90
- #### 🔴 P1 - SQL Injection in user query
91
-
92
- - **Confidence**: 100% (gpt, antigravity)
93
- - **Severity**: critical
94
- - **Location**: `src/api/users.ts:42`
95
- - **Suggestion**: Use parameterized queries
96
-
97
- #### 🟡 P2 - XSS vulnerability in render
98
-
99
- - **Confidence**: 50% (gpt)
100
- - **Severity**: high
101
- - **Location**: `src/components/Comment.tsx:15`
102
- ```
103
-
104
- ### Codex Review (Codex 플러그인 활성화 시)
105
-
106
- Race Mode에서 GPT+Antigravity와 **동시에** Codex review 실행하여 3중 교차 검증:
107
-
108
- ```
109
- /codex:review
110
- ```
111
-
112
- 교차 검증 테이블:
113
-
114
- ```markdown
115
- | Issue | GPT | Antigravity | Codex | Confidence |
116
- |-------|-----|--------|-------|------------|
117
- | {이슈} | ✅/❌ | ✅/❌ | ✅/❌ | {%} |
118
- ```
119
-
120
- - 3개 모델 중 2개 이상 동의 → **High Confidence** (P1 자동 수정)
121
- - Codex만 발견 → **Medium Confidence** (P2 수동 검토)
122
-
123
- ### When to Use Race Mode
124
-
125
- | Scenario | Recommended |
126
- |----------|-------------|
127
- | Critical security review | ✅ `--race security` |
128
- | Pre-production audit | ✅ `--race` |
129
- | Quick iteration | ❌ Standard review |
130
- | API cost concerns | ❌ Standard review |
131
-
132
- ### Tool Invocation (Race Mode - GPT + Antigravity in parallel via Bash)
133
-
134
- **🚨 Use --input file to avoid CLI argument length limits and Windows pipe issues.**
135
-
136
- 1. Save code to review into `[SCRATCHPAD]/review-code.txt` (using Write tool)
137
- 2. Write JSON input file `[SCRATCHPAD]/review-input.json` (using Write tool):
138
- - `{"prompt": "Review this code for [REVIEW_TYPE]. Return JSON: {issues: [{id, title, description, severity, suggestion}]}. Code: [CODE_CONTENT]"}`
139
- - Where `[CODE_CONTENT]` is the code text (properly JSON-escaped inside the prompt string)
140
- 3. Script path: `[LLM_SCRIPT]` = `{{VIBE_PATH}}/hooks/scripts/llm-orchestrate.js`
141
- 4. Run GPT + Antigravity in PARALLEL (two Bash tool calls at once):
142
-
143
- ```bash
144
- # GPT review (Bash tool call 1)
145
- node "[LLM_SCRIPT]" gpt orchestrate-json --input "[SCRATCHPAD]/review-input.json"
146
- ```
147
-
148
- ```bash
149
- # Antigravity review (Bash tool call 2 - run in parallel)
150
- node "[LLM_SCRIPT]" antigravity orchestrate-json --input "[SCRATCHPAD]/review-input.json"
151
- ```
39
+ > Read `references/race-mode.md` for the full workflow diagram, confidence-based priority table, race mode options/output templates, Codex 3-way cross-validation, and tool invocation details.
152
40
 
153
41
  ## File Reading Policy (Mandatory)
154
42
 
@@ -199,16 +87,9 @@ node "[LLM_SCRIPT]" antigravity orchestrate-json --input "[SCRATCHPAD]/review-in
199
87
 
200
88
  ### Phase 1: Tech Stack Detection
201
89
 
202
- Detect project tech stack FIRST before launching reviewers:
90
+ Detect project tech stack FIRST before launching reviewers.
203
91
 
204
- ```
205
- Read package.json -> TypeScript, React, Node.js
206
- Read pyproject.toml -> Python, FastAPI, Django
207
- Read Gemfile -> Ruby, Rails
208
- Read pubspec.yaml -> Flutter, Dart
209
- Read go.mod -> Go
210
- Read CLAUDE.md -> Explicit tech stack declaration
211
- ```
92
+ > Read `references/worked-examples.md` for the full file-to-stack detection list (package.json, pyproject.toml, Gemfile, pubspec.yaml, go.mod, CLAUDE.md).
212
93
 
213
94
  ### Phase 1.5: SPEC ↔ Code Alignment Check
214
95
 
@@ -302,12 +183,7 @@ Task(subagent_type="design-reviewer",
302
183
 
303
184
  반드시 **생산자와 소비자 코드를 동시에** Read하여 교차 비교한다.
304
185
 
305
- | 검증 영역 | 생산자 (왼쪽) | 소비자 (오른쪽) | 검증 내용 |
306
- |----------|-------------|---------------|----------|
307
- | API ↔ 훅 타입 | route의 Response.json() shape | hooks의 fetch\<T\> 타입 | shape 일치, 래핑 unwrap, case 변환 |
308
- | 라우팅 정합성 | src/app/ page 파일 경로 | href, router.push 값 | 경로 매칭, route group 처리, 동적 세그먼트 |
309
- | 상태 전이 | STATE_TRANSITIONS 맵 | .update({ status }) 코드 | 죽은 전이, 무단 전이, 중간→최종 누락 |
310
- | 데이터 흐름 | DB 스키마 필드명 | API 응답 → 프론트 타입 | 필드명 일치, optional 처리 일관성 |
186
+ > Read `references/boundary-check.md` for the full verification-area table and checklist.
311
187
 
312
188
  **실행 방식 — 변경 파일 기반 자동 판별:**
313
189
 
@@ -317,17 +193,6 @@ Task(subagent_type="design-reviewer",
317
193
  3. 짝이 없는 경우 (API만 또는 프론트만 변경) → "대응 파일 미변경" 경고 후 스킵
318
194
  ```
319
195
 
320
- **검증 체크리스트:**
321
-
322
- - [ ] API 응답 shape과 대응 훅의 제네릭 타입이 일치
323
- - [ ] 래핑된 응답(`{ items: [...] }`)은 훅에서 unwrap하는지 확인
324
- - [ ] snake_case ↔ camelCase 변환이 일관되게 적용
325
- - [ ] 모든 API 엔드포인트에 대응하는 프론트 훅이 존재하고 실제 호출됨
326
- - [ ] 코드 내 모든 href/router.push 값이 실제 page 파일 경로와 매칭
327
- - [ ] 정의된 모든 상태 전이가 코드에서 실행됨 (죽은 전이 없음)
328
- - [ ] 프론트에서 상태 기반 분기의 값이 실제 도달 가능한 상태
329
- - [ ] DB 필드명 → API 응답 필드명 → 프론트 타입 정의 간 매핑 일관
330
-
331
196
  **Findings 분류:**
332
197
  - 경계면 불일치 → **P1** (런타임 에러의 주요 원인)
333
198
  - 대응 파일 미존재 (API 있으나 훅 없음) → **P2**
@@ -344,76 +209,20 @@ After agent results:
344
209
 
345
210
  ### Phase 4: Findings Synthesis
346
211
 
347
- ```
348
- REVIEW FINDINGS
349
-
350
- P1 CRITICAL (Blocks Merge) - N issues
351
- 1. [SECURITY] SQL Injection in user query
352
- Location: src/api/users.py:42
353
- Fix: Use parameterized queries
354
-
355
- P2 IMPORTANT (Should Fix) - N issues
356
- 2. [PERF] N+1 query in user list
357
- 3. [ARCH] Circular dependency detected
358
-
359
- P3 NICE-TO-HAVE (Enhancement) - N issues
360
- 4. [STYLE] Consider extracting helper function
361
- ```
212
+ > Read `references/output-template.md` for the full findings synthesis format.
362
213
 
363
214
  ### Phase 4.5: Review Debate (parallel native subagents)
364
215
 
365
216
  > P1/P2 findings 를 검증하기 위해 네이티브 서브에이전트를 병렬로 스폰한다 —
366
217
  > `security-reviewer` + `code-reviewer` 인스턴스(서로 다른 focus)가 각 finding 을 교차 검증(validate / upgrade / downgrade / remove)한다.
367
218
 
368
- **토론 결과 예시:**
369
-
370
- ```
371
- 🤝 REVIEW DEBATE RESULTS
372
-
373
- Consensus (4 parallel reviewers):
374
-
375
- ✅ Validated P1 (unanimous):
376
- 1. [SECURITY] SQL Injection — 4/4 agree critical
377
-
378
- ⬆️ Upgraded P2→P1 (debate result):
379
- 2. [PERF] Unbounded query — code-reviewer (focus: architecture) pointed out
380
- cascading failure risk under load → agreed P1
381
-
382
- ⬇️ Downgraded P1→P2 (debate result):
383
- 3. [SECURITY] CSRF on read-only endpoint — code-reviewer (focus: complexity)
384
- noted endpoint has no side effects → agreed P2
385
-
386
- ❌ Removed (false positive):
387
- 4. [ARCH] "Circular dependency" — code-reviewer (focus: architecture) confirmed
388
- this is intentional bi-directional reference, not a cycle
389
-
390
- 🆕 New findings (cross-review discussion):
391
- 5. [DATA] Race condition in concurrent updates — emerged from
392
- security + performance cross-review
393
- ```
219
+ > Read `references/worked-examples.md` for the full Review Debate example output.
394
220
 
395
221
  ### Phase 5: Auto-Fix (P1/P2)
396
222
 
397
223
  **Auto-fixable issues are resolved immediately:**
398
224
 
399
- ```
400
- 🔧 AUTO-FIX Starting...
401
-
402
- P1 Critical:
403
- 1. [SECURITY] SQL Injection → Fixed with parameterized query ✅
404
- 2. [DATA] Missing transaction rollback → Added try-finally ✅
405
-
406
- P2 Important:
407
- 3. [PERF] N+1 query → Added select_related ✅
408
- 4. [ARCH] Circular dependency → Separated dependencies ✅
409
- 5. [TEST] Missing edge case → Added test ✅
410
-
411
- 🔍 Re-validating...
412
- ✅ Build successful
413
- ✅ Tests passed
414
-
415
- ✅ 5 issues auto-fixed!
416
- ```
225
+ > Read `references/worked-examples.md` for the full Auto-Fix example output.
417
226
 
418
227
  **Cases that cannot be auto-fixed:**
419
228
  - Requires large-scale architecture changes
@@ -436,66 +245,17 @@ Codex 수정 완료 후 해당 리뷰 에이전트가 재검증.
436
245
 
437
246
  Save **remaining** findings to `.vibe/todos/`:
438
247
 
439
- ```
440
- {priority}-{category}-{short-desc}.md
441
-
442
- Examples:
443
- - P2-arch-large-refactor.md (Cannot be auto-fixed)
444
- - P3-style-extract-helper.md (Backlog)
445
- ```
248
+ > Read `references/worked-examples.md` for the Todo file naming example.
446
249
 
447
250
  ## Output
448
251
 
449
- ```
450
- CODE REVIEW SUMMARY
451
- PR #123: Add user authentication
452
-
453
- Reviewers: security-reviewer + 8 code-reviewer instances (per-focus) + 3 design-reviewer instances (UI)
454
- ⏱️ Started: {start_time}
455
- ⏱️ Completed: {getCurrentTime 결과}
456
-
457
- Score: 92/100 (Good) ← Score after auto-fix
458
-
459
- Issues Found:
460
- - P1 Critical: 2 → 0 (✅ Auto-fixed)
461
- - P2 Important: 5 → 1 (✅ 4 auto-fixed)
462
- - P3 Nice-to-have: 3 (Backlog)
463
-
464
- Auto-Fixed: 6 issues
465
- - [SECURITY] SQL Injection ✅
466
- - [DATA] Transaction rollback ✅
467
- - [PERF] N+1 query ✅
468
- - [ARCH] Circular dependency ✅
469
- - [PERF] Unnecessary loop ✅
470
- - [TEST] Missing edge case ✅
471
-
472
- Remaining (Manual handling required):
473
- - P2-arch-large-refactor.md (Architecture decision required)
474
- - P3-style-extract-helper.md (Backlog)
475
- - P3-docs-add-readme.md (Backlog)
476
-
477
- ✅ MERGE READY (P1/P2 resolved)
478
- ```
252
+ > Read `references/output-template.md` for the full review summary output format.
479
253
 
480
254
  ### Phase 7: Guide to Fix Workflow (Manual Handling Items)
481
255
 
482
256
  **Choose workflow when handling remaining issues:**
483
257
 
484
- ```
485
- ## Fix Workflow
486
-
487
- Choose a workflow to fix the discovered issues:
488
-
489
- | Task Scale | Recommended Approach |
490
- |------------|---------------------|
491
- | Simple fix (1-2 files) | Plan Mode |
492
- | Complex fix (3+ files, validation needed) | /vibe.spec |
493
-
494
- 1. `/vibe.spec "fix: issue-name"` - VIBE workflow (SPEC validation + re-review)
495
- 2. Plan Mode - Quick fix (for simple tasks)
496
-
497
- Which approach would you like to proceed with?
498
- ```
258
+ > Read `references/output-template.md` for the full Fix Workflow prompt template.
499
259
 
500
260
  - Wait for user's choice before proceeding
501
261
  - If user chooses VIBE → wait for `/vibe.spec` command
@@ -519,110 +279,15 @@ node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index
519
279
  | `analyzeComplexity` | Complexity metrics | Check function complexity |
520
280
  | `saveMemory` | Save findings | Store important review findings |
521
281
 
522
- ### Example Tool Usage in Review
523
-
524
- **1. Validate code quality before review:**
525
-
526
- ```bash
527
- node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.validateCodeQuality({targetPath: 'src/', projectPath: process.cwd()}).then(r => console.log(r.content[0].text)))"
528
- ```
529
-
530
- **2. Analyze complexity of changed files:**
531
-
532
- ```bash
533
- node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.analyzeComplexity({targetPath: 'src/api/users.ts', projectPath: process.cwd()}).then(r => console.log(r.content[0].text)))"
534
- ```
535
-
536
- **3. Save critical finding for reference:**
537
-
538
- ```bash
539
- node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.saveMemory({key: 'review-pr123-critical', value: 'SQL injection in users.py:42', category: 'review', projectPath: process.cwd()}).then(r => console.log(r.content[0].text)))"
540
- ```
282
+ > Read `references/worked-examples.md` for example tool usage in review (validateCodeQuality, analyzeComplexity, saveMemory).
541
283
 
542
284
  ---
543
285
 
544
286
  ## Quality Gate (Mandatory)
545
287
 
546
- ### Review Quality Checklist
547
-
548
- Before completing review, check P1-critical items. P2/P3 items are best-effort:
549
-
550
- | Category | Check Item | Weight |
551
- |----------|------------|--------|
552
- | **Security** | OWASP Top 10 vulnerabilities scanned | 20% |
553
- | **Security** | Authentication/authorization verified | 10% |
554
- | **Security** | Sensitive data exposure checked | 10% |
555
- | **Performance** | N+1 queries detected and flagged | 10% |
556
- | **Performance** | Memory leaks checked | 5% |
557
- | **Architecture** | Layer violations detected | 10% |
558
- | **Architecture** | Circular dependencies checked | 5% |
559
- | **Code Quality** | Complexity limits enforced | 10% |
560
- | **Code Quality** | Forbidden patterns detected | 10% |
561
- | **Testing** | Test coverage gaps identified | 5% |
562
- | **Documentation** | Public API documentation checked | 5% |
563
-
564
- ### Review Score Calculation
565
-
566
- ```
567
- Score = 100 - (P1 × 20) - (P2 × 5) - (P3 × 1)
568
-
569
- Grades:
570
- - 95-100: ✅ EXCELLENT - Merge ready
571
- - 90-94: ⚠️ GOOD - Minor fixes required before merge
572
- - 80-89: ⚠️ FAIR - Must fix P2 issues
573
- - 0-79: ❌ POOR - Block merge, fix P1/P2
574
- ```
288
+ Before completing review, check P1-critical items (P2/P3 are best-effort). Score = 100 - (P1 × 20) - (P2 × 5) - (P3 × 1). **P1 = 0 required for MERGE READY.**
575
289
 
576
- ### Merge Decision Matrix
577
-
578
- | P1 Count | P2 Count | Decision |
579
- |----------|----------|----------|
580
- | 0 | 0-2 | ✅ MERGE READY |
581
- | 0 | 3+ | ⚠️ FIX P2 FIRST |
582
- | 1+ | Any | ❌ BLOCKED |
583
-
584
- ### Auto-Fix Capability Matrix
585
-
586
- | Issue Type | Auto-Fixable | Method |
587
- |------------|--------------|--------|
588
- | SQL Injection | ✅ Yes | Parameterized query |
589
- | Missing transaction | ✅ Yes | Add try-finally |
590
- | N+1 query | ✅ Yes | Add eager loading |
591
- | Circular dependency | ⚠️ Partial | Suggest restructure |
592
- | Missing tests | ✅ Yes | Generate test skeleton |
593
- | Hardcoded secrets | ❌ No | Flag for manual review |
594
- | Architecture violation | ❌ No | Suggest refactoring plan |
595
-
596
- ### Forbidden Patterns (P1 Critical)
597
-
598
- | Pattern | Risk Level | Detection Method |
599
- |---------|------------|------------------|
600
- | Hardcoded credentials | Critical | Regex + entropy scan |
601
- | SQL string concatenation | Critical | AST analysis |
602
- | `eval()` or `exec()` | Critical | AST analysis |
603
- | Disabled CSRF protection | Critical | Config scan |
604
- | Debug mode in production | Critical | Config scan |
605
- | Unvalidated redirects | High | URL pattern scan |
606
-
607
- ### Review Output Requirements
608
-
609
- Every review MUST produce:
610
-
611
- 1. **Summary Statistics**
612
- - Total issues by priority (P1/P2/P3)
613
- - Auto-fixed count
614
- - Remaining manual fixes
615
-
616
- 2. **Detailed Findings**
617
- - File path and line number
618
- - Issue description
619
- - Recommended fix
620
- - Auto-fix status (applied/pending/manual)
621
-
622
- 3. **Quality Score**
623
- - Numerical score (0-100)
624
- - Grade (EXCELLENT/GOOD/FAIR/POOR)
625
- - Merge recommendation
290
+ > Read `references/quality-gate.md` for the full weighted checklist, score grades, merge decision matrix, auto-fix capability matrix, forbidden-patterns table, and output requirements.
626
291
 
627
292
  ---
628
293
 
@@ -0,0 +1,25 @@
1
+ # Boundary Mismatch Detection — Full Reference
2
+
3
+ > Loaded by vibe.review SKILL.md Phase 2.7 for the full verification-area table and checklist.
4
+
5
+ **검증 방법: "양쪽 동시 읽기"**
6
+
7
+ 반드시 **생산자와 소비자 코드를 동시에** Read하여 교차 비교한다.
8
+
9
+ | 검증 영역 | 생산자 (왼쪽) | 소비자 (오른쪽) | 검증 내용 |
10
+ |----------|-------------|---------------|----------|
11
+ | API ↔ 훅 타입 | route의 Response.json() shape | hooks의 fetch\<T\> 타입 | shape 일치, 래핑 unwrap, case 변환 |
12
+ | 라우팅 정합성 | src/app/ page 파일 경로 | href, router.push 값 | 경로 매칭, route group 처리, 동적 세그먼트 |
13
+ | 상태 전이 | STATE_TRANSITIONS 맵 | .update({ status }) 코드 | 죽은 전이, 무단 전이, 중간→최종 누락 |
14
+ | 데이터 흐름 | DB 스키마 필드명 | API 응답 → 프론트 타입 | 필드명 일치, optional 처리 일관성 |
15
+
16
+ **검증 체크리스트:**
17
+
18
+ - [ ] API 응답 shape과 대응 훅의 제네릭 타입이 일치
19
+ - [ ] 래핑된 응답(`{ items: [...] }`)은 훅에서 unwrap하는지 확인
20
+ - [ ] snake_case ↔ camelCase 변환이 일관되게 적용
21
+ - [ ] 모든 API 엔드포인트에 대응하는 프론트 훅이 존재하고 실제 호출됨
22
+ - [ ] 코드 내 모든 href/router.push 값이 실제 page 파일 경로와 매칭
23
+ - [ ] 정의된 모든 상태 전이가 코드에서 실행됨 (죽은 전이 없음)
24
+ - [ ] 프론트에서 상태 기반 분기의 값이 실제 도달 가능한 상태
25
+ - [ ] DB 필드명 → API 응답 필드명 → 프론트 타입 정의 간 매핑 일관