@su-record/vibe 3.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLAUDE.md +2 -2
- package/README.en.md +6 -4
- package/README.md +5 -3
- package/dist/__tests__/wiring-integrity.test.d.ts +2 -0
- package/dist/__tests__/wiring-integrity.test.d.ts.map +1 -0
- package/dist/__tests__/wiring-integrity.test.js +160 -0
- package/dist/__tests__/wiring-integrity.test.js.map +1 -0
- package/dist/cli/commands/info.d.ts.map +1 -1
- package/dist/cli/commands/info.js +2 -1
- package/dist/cli/commands/info.js.map +1 -1
- package/dist/cli/commands/init.d.ts.map +1 -1
- package/dist/cli/commands/init.js +4 -2
- package/dist/cli/commands/init.js.map +1 -1
- package/dist/cli/index.js +102 -128
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/postinstall/claude-agents.d.ts.map +1 -1
- package/dist/cli/postinstall/claude-agents.js +0 -5
- package/dist/cli/postinstall/claude-agents.js.map +1 -1
- package/dist/cli/postinstall/constants.d.ts +6 -0
- package/dist/cli/postinstall/constants.d.ts.map +1 -1
- package/dist/cli/postinstall/constants.js +42 -60
- package/dist/cli/postinstall/constants.js.map +1 -1
- package/dist/cli/postinstall/inline-skills.js +2 -2
- package/dist/cli/postinstall/inline-skills.js.map +1 -1
- package/dist/cli/postinstall/main.d.ts.map +1 -1
- package/dist/cli/postinstall/main.js +2 -0
- package/dist/cli/postinstall/main.js.map +1 -1
- package/dist/cli/postinstall.d.ts +6 -1
- package/dist/cli/postinstall.d.ts.map +1 -1
- package/dist/cli/postinstall.js +6 -1
- package/dist/cli/postinstall.js.map +1 -1
- package/dist/cli/setup/GlobalInstaller.d.ts +1 -15
- package/dist/cli/setup/GlobalInstaller.d.ts.map +1 -1
- package/dist/cli/setup/GlobalInstaller.js +16 -115
- package/dist/cli/setup/GlobalInstaller.js.map +1 -1
- package/dist/cli/setup/GlobalInstaller.test.d.ts +2 -0
- package/dist/cli/setup/GlobalInstaller.test.d.ts.map +1 -0
- package/dist/cli/setup/GlobalInstaller.test.js +16 -0
- package/dist/cli/setup/GlobalInstaller.test.js.map +1 -0
- package/dist/cli/setup/ProjectSetup.js +2 -2
- package/dist/cli/setup/ProjectSetup.js.map +1 -1
- package/dist/cli/setup.d.ts +1 -1
- package/dist/cli/setup.d.ts.map +1 -1
- package/dist/cli/setup.js +1 -1
- package/dist/cli/setup.js.map +1 -1
- package/dist/infra/lib/SkillRepository.js +1 -1
- package/dist/infra/lib/evolution/__tests__/integration.test.js +0 -42
- package/dist/infra/lib/evolution/__tests__/integration.test.js.map +1 -1
- package/hooks/scripts/__tests__/.vibe/command-log.txt +3 -3
- package/hooks/scripts/__tests__/clone-behaviors.test.js +33 -1
- package/hooks/scripts/__tests__/code-check-memory-write.test.js +81 -0
- package/hooks/scripts/__tests__/step-counter.test.js +21 -0
- package/hooks/scripts/auto-format.js +2 -11
- package/hooks/scripts/auto-test.js +2 -11
- package/hooks/scripts/clone-extract.js +146 -10
- package/hooks/scripts/code-check.js +27 -55
- package/hooks/scripts/lib/glob.js +32 -0
- package/hooks/scripts/lib/hook-context.js +19 -2
- package/hooks/scripts/post-edit.js +2 -3
- package/hooks/scripts/prompt-dispatcher.js +1 -1
- package/hooks/scripts/scope-guard.js +3 -42
- package/hooks/scripts/sentinel-guard.js +5 -20
- package/hooks/scripts/session-start.js +2 -2
- package/hooks/scripts/step-counter.js +35 -57
- package/package.json +2 -3
- package/skills/clone/SKILL.md +10 -216
- package/skills/clone/references/capture-rules.md +48 -0
- package/skills/clone/references/legal-and-error-recovery.md +40 -0
- package/skills/clone/references/refine-rules.md +61 -0
- package/skills/clone/references/scaffold-phases.md +59 -0
- package/skills/clone/references/setup-and-layout.md +30 -0
- package/skills/docs/SKILL.md +39 -4
- package/skills/docs/references/api-docs-changelog.md +34 -0
- package/skills/docs/references/codemaps-output.md +23 -0
- package/{agents/diagrammer.md → skills/docs/references/diagram-spec.md} +2 -15
- package/skills/exec-plan/SKILL.md +1 -1
- package/skills/exec-plan/templates/plan.md +1 -1
- package/skills/handoff/SKILL.md +3 -3
- package/skills/handoff/templates/handoff.md +1 -1
- package/skills/vibe/SKILL.md +3 -2
- package/skills/vibe.analyze/SKILL.md +12 -249
- package/skills/vibe.analyze/references/output-templates.md +188 -0
- package/skills/vibe.analyze/references/quality-gate.md +93 -0
- package/skills/vibe.clone/SKILL.md +14 -1
- package/skills/vibe.continue/SKILL.md +32 -0
- package/skills/vibe.design/SKILL.md +23 -1
- package/skills/vibe.design/references/ui-preview.md +20 -0
- package/skills/vibe.docs/SKILL.md +4 -2
- package/skills/vibe.figma/SKILL.md +33 -260
- package/skills/vibe.figma/references/branch-phases.md +113 -0
- package/skills/vibe.figma/references/state-schema.md +42 -0
- package/skills/vibe.figma/references/step-algorithms.md +204 -0
- package/skills/vibe.image/SKILL.md +62 -0
- package/skills/vibe.image/references/image-generation-examples.md +39 -0
- package/skills/vibe.reason/SKILL.md +3 -183
- package/skills/vibe.reason/references/output-format-template.md +57 -0
- package/skills/vibe.reason/references/quality-rubrics.md +94 -0
- package/skills/vibe.reason/references/worked-example.md +45 -0
- package/skills/vibe.review/SKILL.md +13 -348
- package/skills/vibe.review/references/boundary-check.md +25 -0
- package/skills/vibe.review/references/output-template.md +74 -0
- package/skills/vibe.review/references/quality-gate.md +84 -0
- package/skills/vibe.review/references/race-mode.md +117 -0
- package/skills/vibe.review/references/worked-examples.md +94 -0
- package/vibe/templates/claudemd-template.md +1 -1
- package/agents/acceptance-tester.md +0 -56
- package/agents/documenter.md +0 -43
- package/agents/figma/figma-engineer.md +0 -76
- package/dist/cli/postinstall/index.d.ts +0 -23
- package/dist/cli/postinstall/index.d.ts.map +0 -1
- package/dist/cli/postinstall/index.js +0 -23
- package/dist/cli/postinstall/index.js.map +0 -1
- package/dist/cli/setup/index.d.ts +0 -9
- package/dist/cli/setup/index.d.ts.map +0 -1
- package/dist/cli/setup/index.js +0 -12
- package/dist/cli/setup/index.js.map +0 -1
- package/hooks/scripts/__tests__/.vibe/memories/memories.db +0 -0
- package/hooks/scripts/__tests__/.vibe/memories/memories.db-shm +0 -0
- package/hooks/scripts/__tests__/.vibe/memories/memories.db-wal +0 -0
- package/hooks/scripts/evolution-engine.js +0 -91
- package/hooks/scripts/hud-status.js +0 -321
- package/hooks/scripts/skill-injector.js +0 -83
- package/skills/vibe.utils/SKILL.md +0 -415
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# vibe.reason — Output Format Template
|
|
2
|
+
|
|
3
|
+
> Loaded by vibe.reason SKILL.md Output Format — full markdown report template for the 9-step reasoning framework analysis.
|
|
4
|
+
|
|
5
|
+
## Output Format
|
|
6
|
+
|
|
7
|
+
```markdown
|
|
8
|
+
# Reasoning Framework Analysis
|
|
9
|
+
|
|
10
|
+
**Problem**: [problem description]
|
|
11
|
+
**Context**: [relevant information]
|
|
12
|
+
**Steps Applied**: 9/9
|
|
13
|
+
**⏱️ Started**: {start_time}
|
|
14
|
+
**⏱️ Completed**: {getCurrentTime 결과}
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## 1. Logical Dependencies and Constraints
|
|
19
|
+
|
|
20
|
+
**Constraint Analysis**:
|
|
21
|
+
[analysis content]
|
|
22
|
+
|
|
23
|
+
---
|
|
24
|
+
|
|
25
|
+
## 2. Risk Assessment
|
|
26
|
+
|
|
27
|
+
**Risk Assessment**:
|
|
28
|
+
- Task type: [risk level]
|
|
29
|
+
- Rollback possibility: [assessment]
|
|
30
|
+
- Compatibility/Security/Performance risks
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
## 3. Inductive Reasoning and Hypothesis Exploration
|
|
35
|
+
|
|
36
|
+
**Hypothesis Generation**:
|
|
37
|
+
1. **Hypothesis 1**: [description] (Likelihood: High/Medium/Low)
|
|
38
|
+
- Evidence: [supporting evidence]
|
|
39
|
+
- Verification: [how to verify]
|
|
40
|
+
|
|
41
|
+
2. **Hypothesis 2**: ...
|
|
42
|
+
|
|
43
|
+
---
|
|
44
|
+
|
|
45
|
+
[Steps 4-9...]
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## Summary
|
|
50
|
+
|
|
51
|
+
[Overall reasoning results summary and recommendations]
|
|
52
|
+
|
|
53
|
+
**Recommended Actions**:
|
|
54
|
+
1. Immediate: [low risk action]
|
|
55
|
+
2. Short-term: [medium priority]
|
|
56
|
+
3. Medium-term: [long-term fix]
|
|
57
|
+
```
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
# vibe.reason — Quality Rubrics
|
|
2
|
+
|
|
3
|
+
> Loaded by vibe.reason SKILL.md Quality Gate (Mandatory) — full reasoning quality checklist, hypothesis quality standards, minimum hypothesis count, evidence standards, risk assessment matrix, forbidden reasoning patterns, and reasoning output requirements. Reasoning Score Calculation (the deterministic gate threshold) stays in SKILL.md.
|
|
4
|
+
|
|
5
|
+
### Reasoning Quality Checklist
|
|
6
|
+
|
|
7
|
+
Before completing reasoning analysis, ALL steps must be verified:
|
|
8
|
+
|
|
9
|
+
| Step | Check Item | Weight |
|
|
10
|
+
|------|------------|--------|
|
|
11
|
+
| **Step 1** | Logical dependencies and constraints identified | 10% |
|
|
12
|
+
| **Step 2** | Risk assessment completed with rollback plan | 10% |
|
|
13
|
+
| **Step 3** | At least 3 hypotheses generated with likelihood | 15% |
|
|
14
|
+
| **Step 4** | Verification method defined for each hypothesis | 10% |
|
|
15
|
+
| **Step 5** | All available tools and resources listed | 10% |
|
|
16
|
+
| **Step 6** | Evidence cited with exact sources | 15% |
|
|
17
|
+
| **Step 7** | All alternatives explored | 10% |
|
|
18
|
+
| **Step 8** | Error handling strategy defined | 10% |
|
|
19
|
+
| **Step 9** | Action plan documented before execution | 10% |
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
### Hypothesis Quality Standards
|
|
23
|
+
|
|
24
|
+
Each hypothesis MUST include:
|
|
25
|
+
|
|
26
|
+
| Component | Requirement | Example |
|
|
27
|
+
|-----------|-------------|---------|
|
|
28
|
+
| **Description** | Clear, testable statement | "Session data is incomplete due to race condition" |
|
|
29
|
+
| **Likelihood** | High/Medium/Low with justification | "High - intermittent = timing issue" |
|
|
30
|
+
| **Evidence** | Supporting observations | "Error only on concurrent logins" |
|
|
31
|
+
| **Verification** | Specific test method | "Add logging to session.save()" |
|
|
32
|
+
| **Disproof criteria** | What would rule it out | "Logs show complete data every time" |
|
|
33
|
+
|
|
34
|
+
### Minimum Hypothesis Count
|
|
35
|
+
|
|
36
|
+
| Problem Complexity | Minimum Hypotheses |
|
|
37
|
+
|--------------------|-------------------|
|
|
38
|
+
| Simple (single component) | 2 |
|
|
39
|
+
| Medium (cross-component) | 3 |
|
|
40
|
+
| Complex (system-wide) | 5 |
|
|
41
|
+
|
|
42
|
+
### Evidence Standards
|
|
43
|
+
|
|
44
|
+
All claims MUST include:
|
|
45
|
+
|
|
46
|
+
| Evidence Type | Required Format |
|
|
47
|
+
|---------------|-----------------|
|
|
48
|
+
| Code reference | `filename.ts:L42` |
|
|
49
|
+
| Log/metric | Exact value with timestamp |
|
|
50
|
+
| Documentation | Document name + section |
|
|
51
|
+
| Prior knowledge | Memory key or conversation reference |
|
|
52
|
+
|
|
53
|
+
### Risk Assessment Matrix
|
|
54
|
+
|
|
55
|
+
| Risk Level | Rollback Required | Approval Required |
|
|
56
|
+
|------------|-------------------|-------------------|
|
|
57
|
+
| **Low** | Optional | No |
|
|
58
|
+
| **Medium** | Yes, automated | No |
|
|
59
|
+
| **High** | Yes, tested | User confirmation |
|
|
60
|
+
| **Critical** | Yes, verified | User + backup plan |
|
|
61
|
+
|
|
62
|
+
### Forbidden Reasoning Patterns
|
|
63
|
+
|
|
64
|
+
| Pattern | Issue | Required Fix |
|
|
65
|
+
|---------|-------|--------------|
|
|
66
|
+
| "Probably X" without evidence | Unsubstantiated claim | Add supporting evidence |
|
|
67
|
+
| Single hypothesis | Tunnel vision | Generate alternatives |
|
|
68
|
+
| Skipping risk assessment | Dangerous changes | Always assess risk |
|
|
69
|
+
| "I think" without verification | Assumption | Verify before claiming |
|
|
70
|
+
| Acting before reasoning complete | Premature action | Complete all 9 steps |
|
|
71
|
+
|
|
72
|
+
### Reasoning Output Requirements
|
|
73
|
+
|
|
74
|
+
Every reasoning analysis MUST include:
|
|
75
|
+
|
|
76
|
+
1. **Problem Statement**
|
|
77
|
+
- Clear description
|
|
78
|
+
- Context and constraints
|
|
79
|
+
- Steps applied count (X/9)
|
|
80
|
+
|
|
81
|
+
2. **Hypothesis Table**
|
|
82
|
+
- Ranked by likelihood
|
|
83
|
+
- All 5 components per hypothesis
|
|
84
|
+
- Verification status
|
|
85
|
+
|
|
86
|
+
3. **Risk Assessment**
|
|
87
|
+
- Risk level classification
|
|
88
|
+
- Rollback possibility
|
|
89
|
+
- Approval requirements
|
|
90
|
+
|
|
91
|
+
4. **Recommended Actions**
|
|
92
|
+
- Immediate (low risk, high confidence)
|
|
93
|
+
- Short-term (medium priority)
|
|
94
|
+
- Long-term (systemic fix)
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# vibe.reason — Worked Example
|
|
2
|
+
|
|
3
|
+
> Loaded by vibe.reason SKILL.md Example — full worked example applying the 9-step reasoning framework to a debugging scenario.
|
|
4
|
+
|
|
5
|
+
## Example
|
|
6
|
+
|
|
7
|
+
```
|
|
8
|
+
User: /vibe.reason "After user login, profile page intermittently returns 500 error"
|
|
9
|
+
|
|
10
|
+
AI: Analyzing with 9-step reasoning framework...
|
|
11
|
+
|
|
12
|
+
# Reasoning Framework Analysis
|
|
13
|
+
|
|
14
|
+
**Problem**: Intermittent 500 error on profile page after login
|
|
15
|
+
**Context**: Intermittent occurrence, happens after successful login
|
|
16
|
+
|
|
17
|
+
## 1. Logical Dependencies and Constraints
|
|
18
|
+
|
|
19
|
+
**Constraint Analysis**:
|
|
20
|
+
- Policy/Rules: Need to check auth/authz system policies
|
|
21
|
+
- Task Order: Verify login -> session creation -> profile fetch order
|
|
22
|
+
- Prerequisites: Need to identify error reproduction conditions
|
|
23
|
+
|
|
24
|
+
## 3. Inductive Reasoning and Hypothesis Exploration
|
|
25
|
+
|
|
26
|
+
**Hypothesis Generation**:
|
|
27
|
+
1. **Hypothesis 1: Incomplete session data** (Likelihood: High)
|
|
28
|
+
- Evidence: Intermittent = timing issue or data consistency problem
|
|
29
|
+
- Verification: Add logging to session save logic
|
|
30
|
+
|
|
31
|
+
2. **Hypothesis 2: Async processing order issue** (Likelihood: Medium)
|
|
32
|
+
- Evidence: undefined = accessing data before load
|
|
33
|
+
- Verification: Check Promise chain, missing await
|
|
34
|
+
|
|
35
|
+
## Summary
|
|
36
|
+
|
|
37
|
+
**Key Findings**:
|
|
38
|
+
- Most likely cause: Incomplete session data
|
|
39
|
+
- Verification priority: 1) Session logging -> 2) Async review -> 3) DB check
|
|
40
|
+
|
|
41
|
+
**Recommended Actions**:
|
|
42
|
+
1. Immediate: Add detailed logging to session save/fetch
|
|
43
|
+
2. Short-term: Code review async processing
|
|
44
|
+
3. Medium-term: Strengthen session store monitoring
|
|
45
|
+
```
|
|
@@ -36,119 +36,7 @@ user-invocable: true
|
|
|
36
36
|
|
|
37
37
|
**Multi-LLM competitive review** - Same review task runs on GPT + Antigravity in parallel, results are cross-validated.
|
|
38
38
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
```
|
|
42
|
-
/vibe.review --race
|
|
43
|
-
|
|
44
|
-
security-review:
|
|
45
|
-
├─ GPT Codex → [SQL injection, XSS]
|
|
46
|
-
└─ Antigravity → [SQL injection, CSRF]
|
|
47
|
-
↓
|
|
48
|
-
Cross-validation:
|
|
49
|
-
- SQL injection (2/2) → 🔴 P1 (100% confidence)
|
|
50
|
-
- XSS (1/2) → 🟡 P2 (50% confidence)
|
|
51
|
-
- CSRF (1/2) → 🟡 P2 (50% confidence)
|
|
52
|
-
```
|
|
53
|
-
|
|
54
|
-
### Confidence-Based Priority
|
|
55
|
-
|
|
56
|
-
| Confidence | Priority | Meaning |
|
|
57
|
-
|------------|----------|---------|
|
|
58
|
-
| 100% (2/2) | P1 | Both models agree - high confidence |
|
|
59
|
-
| 50% (1/2) | P2 | One model found - needs verification |
|
|
60
|
-
|
|
61
|
-
### Race Mode Options
|
|
62
|
-
|
|
63
|
-
```
|
|
64
|
-
/vibe.review --race # All review types
|
|
65
|
-
/vibe.review --race security # Security only
|
|
66
|
-
/vibe.review --race performance # Performance only
|
|
67
|
-
/vibe.review --race architecture # Architecture only
|
|
68
|
-
```
|
|
69
|
-
|
|
70
|
-
### Race Mode Output
|
|
71
|
-
|
|
72
|
-
```
|
|
73
|
-
## SECURITY Review (Race Mode)
|
|
74
|
-
|
|
75
|
-
**Duration**: 3420ms
|
|
76
|
-
**Models**: GPT Codex, Antigravity
|
|
77
|
-
|
|
78
|
-
### Model Results
|
|
79
|
-
|
|
80
|
-
| Model | Issues Found | Duration | Status |
|
|
81
|
-
|-------|--------------|----------|--------|
|
|
82
|
-
| gpt | 3 | 1823ms | OK |
|
|
83
|
-
| antigravity | 2 | 2156ms | OK |
|
|
84
|
-
|
|
85
|
-
### Cross-Validated Issues
|
|
86
|
-
|
|
87
|
-
**Summary**: 3 issues (P1: 1, P2: 2)
|
|
88
|
-
**Consensus Rate**: 67%
|
|
89
|
-
|
|
90
|
-
#### 🔴 P1 - SQL Injection in user query
|
|
91
|
-
|
|
92
|
-
- **Confidence**: 100% (gpt, antigravity)
|
|
93
|
-
- **Severity**: critical
|
|
94
|
-
- **Location**: `src/api/users.ts:42`
|
|
95
|
-
- **Suggestion**: Use parameterized queries
|
|
96
|
-
|
|
97
|
-
#### 🟡 P2 - XSS vulnerability in render
|
|
98
|
-
|
|
99
|
-
- **Confidence**: 50% (gpt)
|
|
100
|
-
- **Severity**: high
|
|
101
|
-
- **Location**: `src/components/Comment.tsx:15`
|
|
102
|
-
```
|
|
103
|
-
|
|
104
|
-
### Codex Review (Codex 플러그인 활성화 시)
|
|
105
|
-
|
|
106
|
-
Race Mode에서 GPT+Antigravity와 **동시에** Codex review 실행하여 3중 교차 검증:
|
|
107
|
-
|
|
108
|
-
```
|
|
109
|
-
/codex:review
|
|
110
|
-
```
|
|
111
|
-
|
|
112
|
-
교차 검증 테이블:
|
|
113
|
-
|
|
114
|
-
```markdown
|
|
115
|
-
| Issue | GPT | Antigravity | Codex | Confidence |
|
|
116
|
-
|-------|-----|--------|-------|------------|
|
|
117
|
-
| {이슈} | ✅/❌ | ✅/❌ | ✅/❌ | {%} |
|
|
118
|
-
```
|
|
119
|
-
|
|
120
|
-
- 3개 모델 중 2개 이상 동의 → **High Confidence** (P1 자동 수정)
|
|
121
|
-
- Codex만 발견 → **Medium Confidence** (P2 수동 검토)
|
|
122
|
-
|
|
123
|
-
### When to Use Race Mode
|
|
124
|
-
|
|
125
|
-
| Scenario | Recommended |
|
|
126
|
-
|----------|-------------|
|
|
127
|
-
| Critical security review | ✅ `--race security` |
|
|
128
|
-
| Pre-production audit | ✅ `--race` |
|
|
129
|
-
| Quick iteration | ❌ Standard review |
|
|
130
|
-
| API cost concerns | ❌ Standard review |
|
|
131
|
-
|
|
132
|
-
### Tool Invocation (Race Mode - GPT + Antigravity in parallel via Bash)
|
|
133
|
-
|
|
134
|
-
**🚨 Use --input file to avoid CLI argument length limits and Windows pipe issues.**
|
|
135
|
-
|
|
136
|
-
1. Save code to review into `[SCRATCHPAD]/review-code.txt` (using Write tool)
|
|
137
|
-
2. Write JSON input file `[SCRATCHPAD]/review-input.json` (using Write tool):
|
|
138
|
-
- `{"prompt": "Review this code for [REVIEW_TYPE]. Return JSON: {issues: [{id, title, description, severity, suggestion}]}. Code: [CODE_CONTENT]"}`
|
|
139
|
-
- Where `[CODE_CONTENT]` is the code text (properly JSON-escaped inside the prompt string)
|
|
140
|
-
3. Script path: `[LLM_SCRIPT]` = `{{VIBE_PATH}}/hooks/scripts/llm-orchestrate.js`
|
|
141
|
-
4. Run GPT + Antigravity in PARALLEL (two Bash tool calls at once):
|
|
142
|
-
|
|
143
|
-
```bash
|
|
144
|
-
# GPT review (Bash tool call 1)
|
|
145
|
-
node "[LLM_SCRIPT]" gpt orchestrate-json --input "[SCRATCHPAD]/review-input.json"
|
|
146
|
-
```
|
|
147
|
-
|
|
148
|
-
```bash
|
|
149
|
-
# Antigravity review (Bash tool call 2 - run in parallel)
|
|
150
|
-
node "[LLM_SCRIPT]" antigravity orchestrate-json --input "[SCRATCHPAD]/review-input.json"
|
|
151
|
-
```
|
|
39
|
+
> Read `references/race-mode.md` for the full workflow diagram, confidence-based priority table, race mode options/output templates, Codex 3-way cross-validation, and tool invocation details.
|
|
152
40
|
|
|
153
41
|
## File Reading Policy (Mandatory)
|
|
154
42
|
|
|
@@ -199,16 +87,9 @@ node "[LLM_SCRIPT]" antigravity orchestrate-json --input "[SCRATCHPAD]/review-in
|
|
|
199
87
|
|
|
200
88
|
### Phase 1: Tech Stack Detection
|
|
201
89
|
|
|
202
|
-
Detect project tech stack FIRST before launching reviewers
|
|
90
|
+
Detect project tech stack FIRST before launching reviewers.
|
|
203
91
|
|
|
204
|
-
|
|
205
|
-
Read package.json -> TypeScript, React, Node.js
|
|
206
|
-
Read pyproject.toml -> Python, FastAPI, Django
|
|
207
|
-
Read Gemfile -> Ruby, Rails
|
|
208
|
-
Read pubspec.yaml -> Flutter, Dart
|
|
209
|
-
Read go.mod -> Go
|
|
210
|
-
Read CLAUDE.md -> Explicit tech stack declaration
|
|
211
|
-
```
|
|
92
|
+
> Read `references/worked-examples.md` for the full file-to-stack detection list (package.json, pyproject.toml, Gemfile, pubspec.yaml, go.mod, CLAUDE.md).
|
|
212
93
|
|
|
213
94
|
### Phase 1.5: SPEC ↔ Code Alignment Check
|
|
214
95
|
|
|
@@ -302,12 +183,7 @@ Task(subagent_type="design-reviewer",
|
|
|
302
183
|
|
|
303
184
|
반드시 **생산자와 소비자 코드를 동시에** Read하여 교차 비교한다.
|
|
304
185
|
|
|
305
|
-
|
|
306
|
-
|----------|-------------|---------------|----------|
|
|
307
|
-
| API ↔ 훅 타입 | route의 Response.json() shape | hooks의 fetch\<T\> 타입 | shape 일치, 래핑 unwrap, case 변환 |
|
|
308
|
-
| 라우팅 정합성 | src/app/ page 파일 경로 | href, router.push 값 | 경로 매칭, route group 처리, 동적 세그먼트 |
|
|
309
|
-
| 상태 전이 | STATE_TRANSITIONS 맵 | .update({ status }) 코드 | 죽은 전이, 무단 전이, 중간→최종 누락 |
|
|
310
|
-
| 데이터 흐름 | DB 스키마 필드명 | API 응답 → 프론트 타입 | 필드명 일치, optional 처리 일관성 |
|
|
186
|
+
> Read `references/boundary-check.md` for the full verification-area table and checklist.
|
|
311
187
|
|
|
312
188
|
**실행 방식 — 변경 파일 기반 자동 판별:**
|
|
313
189
|
|
|
@@ -317,17 +193,6 @@ Task(subagent_type="design-reviewer",
|
|
|
317
193
|
3. 짝이 없는 경우 (API만 또는 프론트만 변경) → "대응 파일 미변경" 경고 후 스킵
|
|
318
194
|
```
|
|
319
195
|
|
|
320
|
-
**검증 체크리스트:**
|
|
321
|
-
|
|
322
|
-
- [ ] API 응답 shape과 대응 훅의 제네릭 타입이 일치
|
|
323
|
-
- [ ] 래핑된 응답(`{ items: [...] }`)은 훅에서 unwrap하는지 확인
|
|
324
|
-
- [ ] snake_case ↔ camelCase 변환이 일관되게 적용
|
|
325
|
-
- [ ] 모든 API 엔드포인트에 대응하는 프론트 훅이 존재하고 실제 호출됨
|
|
326
|
-
- [ ] 코드 내 모든 href/router.push 값이 실제 page 파일 경로와 매칭
|
|
327
|
-
- [ ] 정의된 모든 상태 전이가 코드에서 실행됨 (죽은 전이 없음)
|
|
328
|
-
- [ ] 프론트에서 상태 기반 분기의 값이 실제 도달 가능한 상태
|
|
329
|
-
- [ ] DB 필드명 → API 응답 필드명 → 프론트 타입 정의 간 매핑 일관
|
|
330
|
-
|
|
331
196
|
**Findings 분류:**
|
|
332
197
|
- 경계면 불일치 → **P1** (런타임 에러의 주요 원인)
|
|
333
198
|
- 대응 파일 미존재 (API 있으나 훅 없음) → **P2**
|
|
@@ -344,76 +209,20 @@ After agent results:
|
|
|
344
209
|
|
|
345
210
|
### Phase 4: Findings Synthesis
|
|
346
211
|
|
|
347
|
-
|
|
348
|
-
REVIEW FINDINGS
|
|
349
|
-
|
|
350
|
-
P1 CRITICAL (Blocks Merge) - N issues
|
|
351
|
-
1. [SECURITY] SQL Injection in user query
|
|
352
|
-
Location: src/api/users.py:42
|
|
353
|
-
Fix: Use parameterized queries
|
|
354
|
-
|
|
355
|
-
P2 IMPORTANT (Should Fix) - N issues
|
|
356
|
-
2. [PERF] N+1 query in user list
|
|
357
|
-
3. [ARCH] Circular dependency detected
|
|
358
|
-
|
|
359
|
-
P3 NICE-TO-HAVE (Enhancement) - N issues
|
|
360
|
-
4. [STYLE] Consider extracting helper function
|
|
361
|
-
```
|
|
212
|
+
> Read `references/output-template.md` for the full findings synthesis format.
|
|
362
213
|
|
|
363
214
|
### Phase 4.5: Review Debate (parallel native subagents)
|
|
364
215
|
|
|
365
216
|
> P1/P2 findings 를 검증하기 위해 네이티브 서브에이전트를 병렬로 스폰한다 —
|
|
366
217
|
> `security-reviewer` + `code-reviewer` 인스턴스(서로 다른 focus)가 각 finding 을 교차 검증(validate / upgrade / downgrade / remove)한다.
|
|
367
218
|
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
```
|
|
371
|
-
🤝 REVIEW DEBATE RESULTS
|
|
372
|
-
|
|
373
|
-
Consensus (4 parallel reviewers):
|
|
374
|
-
|
|
375
|
-
✅ Validated P1 (unanimous):
|
|
376
|
-
1. [SECURITY] SQL Injection — 4/4 agree critical
|
|
377
|
-
|
|
378
|
-
⬆️ Upgraded P2→P1 (debate result):
|
|
379
|
-
2. [PERF] Unbounded query — code-reviewer (focus: architecture) pointed out
|
|
380
|
-
cascading failure risk under load → agreed P1
|
|
381
|
-
|
|
382
|
-
⬇️ Downgraded P1→P2 (debate result):
|
|
383
|
-
3. [SECURITY] CSRF on read-only endpoint — code-reviewer (focus: complexity)
|
|
384
|
-
noted endpoint has no side effects → agreed P2
|
|
385
|
-
|
|
386
|
-
❌ Removed (false positive):
|
|
387
|
-
4. [ARCH] "Circular dependency" — code-reviewer (focus: architecture) confirmed
|
|
388
|
-
this is intentional bi-directional reference, not a cycle
|
|
389
|
-
|
|
390
|
-
🆕 New findings (cross-review discussion):
|
|
391
|
-
5. [DATA] Race condition in concurrent updates — emerged from
|
|
392
|
-
security + performance cross-review
|
|
393
|
-
```
|
|
219
|
+
> Read `references/worked-examples.md` for the full Review Debate example output.
|
|
394
220
|
|
|
395
221
|
### Phase 5: Auto-Fix (P1/P2)
|
|
396
222
|
|
|
397
223
|
**Auto-fixable issues are resolved immediately:**
|
|
398
224
|
|
|
399
|
-
|
|
400
|
-
🔧 AUTO-FIX Starting...
|
|
401
|
-
|
|
402
|
-
P1 Critical:
|
|
403
|
-
1. [SECURITY] SQL Injection → Fixed with parameterized query ✅
|
|
404
|
-
2. [DATA] Missing transaction rollback → Added try-finally ✅
|
|
405
|
-
|
|
406
|
-
P2 Important:
|
|
407
|
-
3. [PERF] N+1 query → Added select_related ✅
|
|
408
|
-
4. [ARCH] Circular dependency → Separated dependencies ✅
|
|
409
|
-
5. [TEST] Missing edge case → Added test ✅
|
|
410
|
-
|
|
411
|
-
🔍 Re-validating...
|
|
412
|
-
✅ Build successful
|
|
413
|
-
✅ Tests passed
|
|
414
|
-
|
|
415
|
-
✅ 5 issues auto-fixed!
|
|
416
|
-
```
|
|
225
|
+
> Read `references/worked-examples.md` for the full Auto-Fix example output.
|
|
417
226
|
|
|
418
227
|
**Cases that cannot be auto-fixed:**
|
|
419
228
|
- Requires large-scale architecture changes
|
|
@@ -436,66 +245,17 @@ Codex 수정 완료 후 해당 리뷰 에이전트가 재검증.
|
|
|
436
245
|
|
|
437
246
|
Save **remaining** findings to `.vibe/todos/`:
|
|
438
247
|
|
|
439
|
-
|
|
440
|
-
{priority}-{category}-{short-desc}.md
|
|
441
|
-
|
|
442
|
-
Examples:
|
|
443
|
-
- P2-arch-large-refactor.md (Cannot be auto-fixed)
|
|
444
|
-
- P3-style-extract-helper.md (Backlog)
|
|
445
|
-
```
|
|
248
|
+
> Read `references/worked-examples.md` for the Todo file naming example.
|
|
446
249
|
|
|
447
250
|
## Output
|
|
448
251
|
|
|
449
|
-
|
|
450
|
-
CODE REVIEW SUMMARY
|
|
451
|
-
PR #123: Add user authentication
|
|
452
|
-
|
|
453
|
-
Reviewers: security-reviewer + 8 code-reviewer instances (per-focus) + 3 design-reviewer instances (UI)
|
|
454
|
-
⏱️ Started: {start_time}
|
|
455
|
-
⏱️ Completed: {getCurrentTime 결과}
|
|
456
|
-
|
|
457
|
-
Score: 92/100 (Good) ← Score after auto-fix
|
|
458
|
-
|
|
459
|
-
Issues Found:
|
|
460
|
-
- P1 Critical: 2 → 0 (✅ Auto-fixed)
|
|
461
|
-
- P2 Important: 5 → 1 (✅ 4 auto-fixed)
|
|
462
|
-
- P3 Nice-to-have: 3 (Backlog)
|
|
463
|
-
|
|
464
|
-
Auto-Fixed: 6 issues
|
|
465
|
-
- [SECURITY] SQL Injection ✅
|
|
466
|
-
- [DATA] Transaction rollback ✅
|
|
467
|
-
- [PERF] N+1 query ✅
|
|
468
|
-
- [ARCH] Circular dependency ✅
|
|
469
|
-
- [PERF] Unnecessary loop ✅
|
|
470
|
-
- [TEST] Missing edge case ✅
|
|
471
|
-
|
|
472
|
-
Remaining (Manual handling required):
|
|
473
|
-
- P2-arch-large-refactor.md (Architecture decision required)
|
|
474
|
-
- P3-style-extract-helper.md (Backlog)
|
|
475
|
-
- P3-docs-add-readme.md (Backlog)
|
|
476
|
-
|
|
477
|
-
✅ MERGE READY (P1/P2 resolved)
|
|
478
|
-
```
|
|
252
|
+
> Read `references/output-template.md` for the full review summary output format.
|
|
479
253
|
|
|
480
254
|
### Phase 7: Guide to Fix Workflow (Manual Handling Items)
|
|
481
255
|
|
|
482
256
|
**Choose workflow when handling remaining issues:**
|
|
483
257
|
|
|
484
|
-
|
|
485
|
-
## Fix Workflow
|
|
486
|
-
|
|
487
|
-
Choose a workflow to fix the discovered issues:
|
|
488
|
-
|
|
489
|
-
| Task Scale | Recommended Approach |
|
|
490
|
-
|------------|---------------------|
|
|
491
|
-
| Simple fix (1-2 files) | Plan Mode |
|
|
492
|
-
| Complex fix (3+ files, validation needed) | /vibe.spec |
|
|
493
|
-
|
|
494
|
-
1. `/vibe.spec "fix: issue-name"` - VIBE workflow (SPEC validation + re-review)
|
|
495
|
-
2. Plan Mode - Quick fix (for simple tasks)
|
|
496
|
-
|
|
497
|
-
Which approach would you like to proceed with?
|
|
498
|
-
```
|
|
258
|
+
> Read `references/output-template.md` for the full Fix Workflow prompt template.
|
|
499
259
|
|
|
500
260
|
- Wait for user's choice before proceeding
|
|
501
261
|
- If user chooses VIBE → wait for `/vibe.spec` command
|
|
@@ -519,110 +279,15 @@ node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index
|
|
|
519
279
|
| `analyzeComplexity` | Complexity metrics | Check function complexity |
|
|
520
280
|
| `saveMemory` | Save findings | Store important review findings |
|
|
521
281
|
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
**1. Validate code quality before review:**
|
|
525
|
-
|
|
526
|
-
```bash
|
|
527
|
-
node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.validateCodeQuality({targetPath: 'src/', projectPath: process.cwd()}).then(r => console.log(r.content[0].text)))"
|
|
528
|
-
```
|
|
529
|
-
|
|
530
|
-
**2. Analyze complexity of changed files:**
|
|
531
|
-
|
|
532
|
-
```bash
|
|
533
|
-
node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.analyzeComplexity({targetPath: 'src/api/users.ts', projectPath: process.cwd()}).then(r => console.log(r.content[0].text)))"
|
|
534
|
-
```
|
|
535
|
-
|
|
536
|
-
**3. Save critical finding for reference:**
|
|
537
|
-
|
|
538
|
-
```bash
|
|
539
|
-
node -e "import('{{VIBE_PATH_URL}}/node_modules/@su-record/vibe/dist/tools/index.js').then(t => t.saveMemory({key: 'review-pr123-critical', value: 'SQL injection in users.py:42', category: 'review', projectPath: process.cwd()}).then(r => console.log(r.content[0].text)))"
|
|
540
|
-
```
|
|
282
|
+
> Read `references/worked-examples.md` for example tool usage in review (validateCodeQuality, analyzeComplexity, saveMemory).
|
|
541
283
|
|
|
542
284
|
---
|
|
543
285
|
|
|
544
286
|
## Quality Gate (Mandatory)
|
|
545
287
|
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
Before completing review, check P1-critical items. P2/P3 items are best-effort:
|
|
549
|
-
|
|
550
|
-
| Category | Check Item | Weight |
|
|
551
|
-
|----------|------------|--------|
|
|
552
|
-
| **Security** | OWASP Top 10 vulnerabilities scanned | 20% |
|
|
553
|
-
| **Security** | Authentication/authorization verified | 10% |
|
|
554
|
-
| **Security** | Sensitive data exposure checked | 10% |
|
|
555
|
-
| **Performance** | N+1 queries detected and flagged | 10% |
|
|
556
|
-
| **Performance** | Memory leaks checked | 5% |
|
|
557
|
-
| **Architecture** | Layer violations detected | 10% |
|
|
558
|
-
| **Architecture** | Circular dependencies checked | 5% |
|
|
559
|
-
| **Code Quality** | Complexity limits enforced | 10% |
|
|
560
|
-
| **Code Quality** | Forbidden patterns detected | 10% |
|
|
561
|
-
| **Testing** | Test coverage gaps identified | 5% |
|
|
562
|
-
| **Documentation** | Public API documentation checked | 5% |
|
|
563
|
-
|
|
564
|
-
### Review Score Calculation
|
|
565
|
-
|
|
566
|
-
```
|
|
567
|
-
Score = 100 - (P1 × 20) - (P2 × 5) - (P3 × 1)
|
|
568
|
-
|
|
569
|
-
Grades:
|
|
570
|
-
- 95-100: ✅ EXCELLENT - Merge ready
|
|
571
|
-
- 90-94: ⚠️ GOOD - Minor fixes required before merge
|
|
572
|
-
- 80-89: ⚠️ FAIR - Must fix P2 issues
|
|
573
|
-
- 0-79: ❌ POOR - Block merge, fix P1/P2
|
|
574
|
-
```
|
|
288
|
+
Before completing review, check P1-critical items (P2/P3 are best-effort). Score = 100 - (P1 × 20) - (P2 × 5) - (P3 × 1). **P1 = 0 required for MERGE READY.**
|
|
575
289
|
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
| P1 Count | P2 Count | Decision |
|
|
579
|
-
|----------|----------|----------|
|
|
580
|
-
| 0 | 0-2 | ✅ MERGE READY |
|
|
581
|
-
| 0 | 3+ | ⚠️ FIX P2 FIRST |
|
|
582
|
-
| 1+ | Any | ❌ BLOCKED |
|
|
583
|
-
|
|
584
|
-
### Auto-Fix Capability Matrix
|
|
585
|
-
|
|
586
|
-
| Issue Type | Auto-Fixable | Method |
|
|
587
|
-
|------------|--------------|--------|
|
|
588
|
-
| SQL Injection | ✅ Yes | Parameterized query |
|
|
589
|
-
| Missing transaction | ✅ Yes | Add try-finally |
|
|
590
|
-
| N+1 query | ✅ Yes | Add eager loading |
|
|
591
|
-
| Circular dependency | ⚠️ Partial | Suggest restructure |
|
|
592
|
-
| Missing tests | ✅ Yes | Generate test skeleton |
|
|
593
|
-
| Hardcoded secrets | ❌ No | Flag for manual review |
|
|
594
|
-
| Architecture violation | ❌ No | Suggest refactoring plan |
|
|
595
|
-
|
|
596
|
-
### Forbidden Patterns (P1 Critical)
|
|
597
|
-
|
|
598
|
-
| Pattern | Risk Level | Detection Method |
|
|
599
|
-
|---------|------------|------------------|
|
|
600
|
-
| Hardcoded credentials | Critical | Regex + entropy scan |
|
|
601
|
-
| SQL string concatenation | Critical | AST analysis |
|
|
602
|
-
| `eval()` or `exec()` | Critical | AST analysis |
|
|
603
|
-
| Disabled CSRF protection | Critical | Config scan |
|
|
604
|
-
| Debug mode in production | Critical | Config scan |
|
|
605
|
-
| Unvalidated redirects | High | URL pattern scan |
|
|
606
|
-
|
|
607
|
-
### Review Output Requirements
|
|
608
|
-
|
|
609
|
-
Every review MUST produce:
|
|
610
|
-
|
|
611
|
-
1. **Summary Statistics**
|
|
612
|
-
- Total issues by priority (P1/P2/P3)
|
|
613
|
-
- Auto-fixed count
|
|
614
|
-
- Remaining manual fixes
|
|
615
|
-
|
|
616
|
-
2. **Detailed Findings**
|
|
617
|
-
- File path and line number
|
|
618
|
-
- Issue description
|
|
619
|
-
- Recommended fix
|
|
620
|
-
- Auto-fix status (applied/pending/manual)
|
|
621
|
-
|
|
622
|
-
3. **Quality Score**
|
|
623
|
-
- Numerical score (0-100)
|
|
624
|
-
- Grade (EXCELLENT/GOOD/FAIR/POOR)
|
|
625
|
-
- Merge recommendation
|
|
290
|
+
> Read `references/quality-gate.md` for the full weighted checklist, score grades, merge decision matrix, auto-fix capability matrix, forbidden-patterns table, and output requirements.
|
|
626
291
|
|
|
627
292
|
---
|
|
628
293
|
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Boundary Mismatch Detection — Full Reference
|
|
2
|
+
|
|
3
|
+
> Loaded by vibe.review SKILL.md Phase 2.7 for the full verification-area table and checklist.
|
|
4
|
+
|
|
5
|
+
**검증 방법: "양쪽 동시 읽기"**
|
|
6
|
+
|
|
7
|
+
반드시 **생산자와 소비자 코드를 동시에** Read하여 교차 비교한다.
|
|
8
|
+
|
|
9
|
+
| 검증 영역 | 생산자 (왼쪽) | 소비자 (오른쪽) | 검증 내용 |
|
|
10
|
+
|----------|-------------|---------------|----------|
|
|
11
|
+
| API ↔ 훅 타입 | route의 Response.json() shape | hooks의 fetch\<T\> 타입 | shape 일치, 래핑 unwrap, case 변환 |
|
|
12
|
+
| 라우팅 정합성 | src/app/ page 파일 경로 | href, router.push 값 | 경로 매칭, route group 처리, 동적 세그먼트 |
|
|
13
|
+
| 상태 전이 | STATE_TRANSITIONS 맵 | .update({ status }) 코드 | 죽은 전이, 무단 전이, 중간→최종 누락 |
|
|
14
|
+
| 데이터 흐름 | DB 스키마 필드명 | API 응답 → 프론트 타입 | 필드명 일치, optional 처리 일관성 |
|
|
15
|
+
|
|
16
|
+
**검증 체크리스트:**
|
|
17
|
+
|
|
18
|
+
- [ ] API 응답 shape과 대응 훅의 제네릭 타입이 일치
|
|
19
|
+
- [ ] 래핑된 응답(`{ items: [...] }`)은 훅에서 unwrap하는지 확인
|
|
20
|
+
- [ ] snake_case ↔ camelCase 변환이 일관되게 적용
|
|
21
|
+
- [ ] 모든 API 엔드포인트에 대응하는 프론트 훅이 존재하고 실제 호출됨
|
|
22
|
+
- [ ] 코드 내 모든 href/router.push 값이 실제 page 파일 경로와 매칭
|
|
23
|
+
- [ ] 정의된 모든 상태 전이가 코드에서 실행됨 (죽은 전이 없음)
|
|
24
|
+
- [ ] 프론트에서 상태 기반 분기의 값이 실제 도달 가능한 상태
|
|
25
|
+
- [ ] DB 필드명 → API 응답 필드명 → 프론트 타입 정의 간 매핑 일관
|