@syntesseraai/opencode-feature-factory 0.1.23 → 0.1.25

package/package.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@syntesseraai/opencode-feature-factory",
-  "version": "0.1.23",
+  "version": "0.1.25",
   "description": "OpenCode plugin for Feature Factory agents - provides planning, implementation, review, testing, and validation agents",
   "type": "module",
   "license": "MIT",

package/src/stop-quality-gate.ts

@@ -325,7 +325,9 @@ export async function createQualityGateHooks(input: PluginInput): Promise<Partia
         const sanitizedOutput = truncateOutput(sanitizeOutput(ciOutput), 20);
         const instructions = `
 
-**Important:** Do not interrupt your current task. Add "Fix quality gate failures" to your todo list and continue with what you were doing. Address the quality gate issues after completing your current task.`;
+**Important:** Do not interrupt your current task. Add "Fix quality gate failures" to your todo list and continue with what you were doing. Address the quality gate issues after completing your current task.
+
+If the failure details are missing or truncated, run "management/ci.sh" to get the full output.`;
         const message = timedOut
           ? `⏱️ Quality gate timed out\n\nThe CI execution exceeded the ${CI_TIMEOUT_MS / 1000} second timeout. The build may be hanging or taking too long.\n\n\`\`\`\n${sanitizedOutput}\n\`\`\`${instructions}`
           : `❌ Quality gate failed\n\nThe CI checks did not pass. Please review the output below and fix the issues:\n\n\`\`\`\n${sanitizedOutput}\n\`\`\`${instructions}`;

package/src/tools/ffAcceptance.ts

@@ -58,52 +58,47 @@ You are an acceptance criteria validator for Feature Factory. Your role is to st
 
 ## Output Format
 
-Output your validation as structured JSON:
-
-\`\`\`json
-{
-  "accepted": true,
-  "confidence": 95,
-  "coverage": 95,
-  "summary": "Validation summary and key findings",
-  "criteriaMet": [
-    {
-      "criterion": "User authentication implemented",
-      "evidence": "AuthMiddleware.ts lines 45-78",
-      "status": "fully_implemented"
-    }
-  ],
-  "criteriaNotMet": [
-    {
-      "criterion": "Password reset functionality",
-      "severity": "high",
-      "reason": "No password reset endpoint found",
-      "suggestion": "Implement password reset endpoint and email service",
-      "location": "AuthController.ts - missing"
-    }
-  ],
-  "edgeCasesMissed": [
-    {
-      "case": "Empty password field",
-      "severity": "medium",
-      "suggestion": "Add validation for empty passwords",
-      "currentBehavior": "Returns generic error"
-    }
-  ],
-  "integrationIssues": [
-    {
-      "issue": "Database schema mismatch",
-      "component": "UserModel vs users table",
-      "severity": "high",
-      "fix": "Update migration to include new columns"
-    }
-  ],
-  "recommendations": [
-    "Add comprehensive error messages for validation failures",
-    "Implement missing password reset workflow",
-    "Add unit tests for edge cases"
-  ]
-}
+Output your validation as a structured Markdown report:
+
+\`\`\`markdown
+# Acceptance Criteria Report
+
+**Status:** Accepted / Changes Requested
+**Confidence:** 95%
+**Coverage:** 95%
+
+**Summary:** Validation summary and key findings
+
+## ✅ Criteria Met
+
+- **User authentication implemented**
+  - Evidence: \`AuthMiddleware.ts\` (lines 45-78)
+  - Status: Fully Implemented
+
+## ❌ Criteria Not Met
+
+- **Password reset functionality** (High Severity)
+  - Reason: No password reset endpoint found
+  - Location: \`AuthController.ts\` - missing
+  - Suggestion: Implement password reset endpoint and email service
+
+## ⚠️ Edge Cases & Integration
+
+**Edge Cases Missed:**
+- **Empty password field** (Medium Severity)
+  - Current Behavior: Returns generic error
+  - Suggestion: Add validation for empty passwords
+
+**Integration Issues:**
+- **Database schema mismatch** (High Severity)
+  - Component: UserModel vs users table
+  - Fix: Update migration to include new columns
+
+## 📋 Recommendations
+
+- Add comprehensive error messages for validation failures
+- Implement missing password reset workflow
+- Add unit tests for edge cases
 \`\`\`
 
 ## Severity Levels
@@ -135,7 +130,8 @@ export const FFAcceptancePlugin: Plugin = async () => {
   return {
     tool: {
       ff_acceptance: tool({
-        description: 'Validates implementation against acceptance criteria',
+        description:
+          'Validates implementation against acceptance criteria (@ff-acceptance), checks if code meets all requirements',
         args: {
           task: tool.schema
             .string()

package/src/tools/ffMiniPlan.ts

@@ -33,35 +33,51 @@ Recommend \`@ff-plan\` when:
 
 ## Output Format
 
-Output your plan as structured JSON:
-
-\`\`\`json
-{
-  "steps": [
-    {
-      "title": "Step title",
-      "description": "What to do in this step",
-      "files": ["file1.ts", "file2.ts"],
-      "estimatedTime": "5-10 minutes"
-    }
-  ],
-  "filesToChange": ["list", "of", "files"],
-  "complexity": "simple|standard|complex",
-  "estimatedTime": "Total estimated time",
-  "quickWins": ["Optional", "improvements"],
-  "escalate": false,
-  "escalateReason": null
-}
+Output your plan as a structured Markdown report:
+
+\`\`\`markdown
+# Mini Plan
+
+**Status:** Ready / Escalate to @ff-plan
+**Time Estimate:** 5-10 minutes total
+**Complexity:** Simple
+
+## 📋 Steps
+
+1. **Step Title**
+   - What to do in this step
+   - *Files:* \`file1.ts\`, \`file2.ts\`
+
+2. **Another Step**
+   - Action description
+   - *Files:* \`file.ts\`
+
+## ⚡ Quick Wins
+
+- Optional improvement 1
+- Optional improvement 2
+
+## 📄 Files to Change
+
+- \`file1.ts\`
+- \`file2.ts\`
 \`\`\`
 
 If the task is too complex, output:
 
-\`\`\`json
-{
-  "escalate": true,
-  "escalateReason": "Requires architecture decisions across multiple services",
-  "recommendedAgent": "@ff-plan"
-}
+\`\`\`markdown
+# Mini Plan - Escalation Required
+
+**Status:** Escalate to @ff-plan
+
+## 🔄 Escalation Reason
+
+This task requires architecture decisions across multiple services and exceeds the 5-step limit for mini-plans.
+
+## 📋 Recommended Agent
+
+- **Agent:** @ff-plan
+- **Reason:** Requires architecture decisions across multiple services
 \`\`\`
 
 ## Guidelines
@@ -78,7 +94,8 @@ export const FFMiniPlanPlugin: Plugin = async () => {
   return {
     tool: {
       ff_mini_plan: tool({
-        description: 'Creates mini implementation plans for smaller tasks (2-5 steps)',
+        description:
+          'Creates mini implementation plans for smaller tasks (2-5 steps) (@ff-mini-plan), quick planning, small fixes',
         args: {
           task: tool.schema.string().describe('The simple task or issue description to plan for'),
         },

package/src/tools/ffReview.ts

@@ -65,32 +65,38 @@ You are a code review specialist for Feature Factory. Your role is to review cod
 
 ## Review Output Format
 
-Output your review as structured JSON:
-
-\`\`\`json
-{
-  "approved": true,
-  "confidence": 95,
-  "summary": "Brief summary of the review findings",
-  "issues": [
-    {
-      "severity": "high",
-      "file": "path/to/file.ts",
-      "line": 42,
-      "description": "Description of the issue",
-      "suggestion": "How to fix the issue"
-    }
-  ],
-  "improvements": [
-    {
-      "file": "path/to/file.ts",
-      "line": 100,
-      "suggestion": "Optional improvement suggestion"
-    }
-  ],
-  "positives": ["List of things done well"],
-  "delegateTo": ["@ff-security if security concerns found"]
-}
+Output your review as a structured Markdown report:
+
+\`\`\`markdown
+# Code Review
+
+**Status:** Approved / Request Changes
+**Confidence:** 95%
+
+**Summary:** Brief summary of the review findings
+
+## 🔴 Issues (High Severity)
+
+- **Issue Description**
+  - *File:* \`path/to/file.ts\` (Line 42)
+  - *Description:* Description of the issue
+  - *Suggestion:* How to fix the issue
+
+## 🟡 Improvements (Medium/Low Severity)
+
+- **Improvement Title**
+  - *File:* \`path/to/file.ts\` (Line 100)
+  - *Suggestion:* Optional improvement suggestion
+
+## 🟢 Positives
+
+- Code is well-structured and readable
+- Good error handling throughout
+- Proper separation of concerns
+
+## 📌 Delegate To
+
+- @ff-security if security concerns found
 \`\`\`
 
 ## Severity Levels
@@ -120,7 +126,8 @@ export const FFReviewPlugin: Plugin = async () => {
   return {
     tool: {
       ff_review: tool({
-        description: 'Reviews code changes for correctness, quality, and test coverage',
+        description:
+          'Reviews code changes for correctness, quality, and test coverage (@ff-review), code review, quality check',
         args: {
           task: tool.schema.string().describe('The code review task or diff to analyze'),
         },

package/src/tools/ffSecurity.ts

@@ -110,34 +110,44 @@ app.get('/admin', (req, res) => { ... });
 
 ## Audit Output Format
 
-Output your audit as structured JSON:
-
-\`\`\`json
-{
-  "approved": false,
-  "confidence": 85,
-  "summary": "Security audit summary",
-  "vulnerabilities": [
-    {
-      "severity": "high",
-      "category": "injection",
-      "file": "path/to/file.ts",
-      "line": 42,
-      "description": "SQL injection vulnerability",
-      "impact": "Data breach, unauthorized access",
-      "remediation": "Use parameterized queries",
-      "references": ["OWASP A03:2021"]
-    }
-  ],
-  "recommendations": [
-    {
-      "category": "best-practice",
-      "description": "Consider implementing rate limiting",
-      "priority": "medium"
-    }
-  ],
-  "complianceNotes": ["GDPR: Ensure PII handling is documented"]
-}
+Output your audit as a structured Markdown report:
+
+\`\`\`markdown
+# Security Audit
+
+**Status:** Approved / Failed
+**Confidence:** 85%
+
+**Summary:** Security audit summary
+
+## 🛡️ Vulnerabilities
+
+| Severity | Category | File | Line | Description |
+|----------|----------|------|------|-------------|
+| Critical | Injection | \`path/to/file.ts\` | 42 | SQL injection vulnerability |
+
+### Vulnerability Details
+
+- **SQL Injection Vulnerability** (High Severity)
+  - *File:* \`path/to/file.ts\` (Line 42)
+  - *Category:* Injection
+  - *Description:* SQL injection vulnerability
+  - *Impact:* Data breach, unauthorized access
+  - *Remediation:* Use parameterized queries
+  - *References:* OWASP A03:2021
+
+## 💡 Recommendations
+
+1. **Best Practice** (Medium Priority)
+   - Consider implementing rate limiting
+
+2. **Authentication** (High Priority)
+   - Add multi-factor authentication checks
+
+## 📋 Compliance Notes
+
+- GDPR: Ensure PII handling is documented
+- HIPAA: Verify data encryption standards
 \`\`\`
 
 ## Severity Classifications
@@ -160,7 +170,8 @@ export const FFSecurityPlugin: Plugin = async () => {
   return {
     tool: {
       ff_security: tool({
-        description: 'Performs deep security audits on code changes',
+        description:
+          'Performs deep security audits on code changes (@ff-security), security check, vulnerability audit',
         args: {
           task: tool.schema.string().describe('The security audit task or code to analyze'),
         },

package/src/tools/ffValidate.ts

@@ -55,81 +55,66 @@ Launch these agents **in parallel** using the Task tool:
    - Determine overall pass/fail status
    - Provide clear rationale
    - List blocking vs non-blocking issues
+   - **Generate a Consolidated Todo List** with actionable checkboxes for all issues
 
 ## Output Format
 
-Output your validation results as structured JSON:
-
-\`\`\`json
-{
-  "approved": false,
-  "confidence": 75,
-  "summary": "Validation found 2 blocking issues that must be addressed",
-  "verdict": {
-    "status": "changes_requested",
-    "blocking_issues": 2,
-    "total_issues": 8,
-    "rationale": "Security vulnerability and failing tests must be fixed"
-  },
-  "agents": {
-    "review": {
-      "status": "passed",
-      "summary": "Code quality acceptable with minor suggestions",
-      "blocking": false
-    },
-    "security": {
-      "status": "failed",
-      "summary": "SQL injection vulnerability detected",
-      "blocking": true
-    },
-    "acceptance": {
-      "status": "passed",
-      "summary": "All acceptance criteria met",
-      "blocking": false
-    },
-    "wellArchitected": {
-      "status": "passed",
-      "summary": "Architecture follows best practices",
-      "blocking": false
-    }
-  },
-  "issues": {
-    "blocking": [
-      {
-        "source": "ff-security",
-        "severity": "critical",
-        "title": "SQL injection vulnerability",
-        "file": "lib/database.ts",
-        "line": 45,
-        "description": "User input directly concatenated in SQL query",
-        "fix": "Use parameterized queries"
-      }
-    ],
-    "nonBlocking": [
-      {
-        "source": "ff-review",
-        "severity": "medium",
-        "title": "Missing error handling",
-        "file": "lib/api.ts",
-        "line": 78,
-        "suggestion": "Add try-catch around async operation"
-      }
-    ]
-  },
-  "recommendations": [
-    "Fix SQL injection before merging",
-    "Update failing tests",
-    "Consider adding error handling in API layer"
-  ],
-  "metrics": {
-    "testsPassed": "139/142",
-    "coverage": "87%",
-    "securityScore": 45,
-    "codeQualityScore": 85,
-    "acceptanceScore": 100,
-    "architectureScore": 88
-  }
-}
+Output your validation results as a structured Markdown report:
+
+\`\`\`markdown
+# Validation Report
+
+**Verdict:** Changes Requested / Approved
+**Confidence:** 75%
+**Summary:** Validation found 2 blocking issues that must be addressed
+
+## 📊 Metrics
+
+- **Tests Passed:** 139/142
+- **Coverage:** 87%
+- **Security Score:** 45/100
+- **Code Quality Score:** 85/100
+- **Acceptance Score:** 100/100
+- **Architecture Score:** 88/100
+
+## 🤖 Agent Results
+
+| Agent | Status | Summary | Blocking |
+|-------|--------|---------|----------|
+| Review | ✅ Passed | Code quality acceptable with minor suggestions | No |
+| Security | ❌ Failed | SQL injection vulnerability detected | Yes |
+| Acceptance | ✅ Passed | All acceptance criteria met | No |
+| Well-Architected | ✅ Passed | Architecture follows best practices | No |
+
+## 🚨 Blocking Issues (Must Fix)
+
+- **[ff-security] SQL Injection Vulnerability**
+  - *File:* \`lib/database.ts\` (Line 45)
+  - *Description:* User input directly concatenated in SQL query
+  - *Fix:* Use parameterized queries
+  - *Severity:* CRITICAL
+
+## ⚠️ Non-Blocking Issues (Should Address)
+
+- **[ff-review] Missing Error Handling**
+  - *File:* \`lib/api.ts\` (Line 78)
+  - *Description:* No error handling in async operation
+  - *Suggestion:* Add try-catch around async operation
+  - *Severity:* Medium
+
+## ✅ Consolidated Todo List
+
+### 🔴 Critical - Must Complete Before Merge
+- [ ] Fix SQL injection vulnerability in \`lib/database.ts:45\` - Use parameterized queries
+
+### 🟡 High Priority - Should Complete
+- [ ] Add error handling in \`lib/api.ts:78\` - Wrap async operation in try-catch
+
+### 📝 Recommendations
+
+1. Fix SQL injection before merging
+2. Update failing tests
+3. Consider adding error handling in API layer
 \`\`\`
 
 ## Approval Criteria
@@ -170,7 +155,7 @@ export const FFValidatePlugin: Plugin = async () => {
     tool: {
       ff_validate: tool({
         description:
-          'Orchestrates comprehensive validation by running multiple review agents in parallel',
+          'Orchestrates comprehensive validation by running multiple review agents in parallel (@ff-validate), validate changes, comprehensive review',
         args: {
           task: tool.schema.string().describe('The validation task description'),
         },

package/src/tools/ffWellArchitected.ts

@@ -63,80 +63,93 @@ For each pillar, assess:
 
 ## Output Format
 
-Output your review as structured JSON:
-
-\`\`\`json
-{
-  "approved": true,
-  "confidence": 95,
-  "summary": "Overall assessment of the Well-Architected review",
-  "pillars": {
-    "operationalExcellence": {
-      "score": 85,
-      "findings": [
-        {
-          "severity": "medium",
-          "title": "Missing monitoring",
-          "description": "Lack of adequate logging and monitoring",
-          "recommendation": "Add structured logging and metrics"
-        }
-      ],
-      "strengths": ["Uses established patterns", "Good error handling"]
-    },
-    "security": {
-      "score": 90,
-      "findings": [],
-      "strengths": ["Proper input validation", "No hardcoded secrets"]
-    },
-    "reliability": {
-      "score": 75,
-      "findings": [
-        {
-          "severity": "high",
-          "title": "Single point of failure",
-          "description": "No redundancy for critical component",
-          "recommendation": "Implement failover mechanism"
-        }
-      ],
-      "strengths": ["Good error recovery"]
-    },
-    "performanceEfficiency": {
-      "score": 80,
-      "findings": [
-        {
-          "severity": "medium",
-          "title": "Inefficient database query",
-          "description": "N+1 query pattern detected",
-          "recommendation": "Use efficient joining or batch queries"
-        }
-      ],
-      "strengths": ["Proper caching strategy"]
-    },
-    "costOptimization": {
-      "score": 85,
-      "findings": [],
-      "strengths": ["Appropriate resource sizing", "No over-provisioning"]
-    },
-    "sustainability": {
-      "score": 70,
-      "findings": [
-        {
-          "severity": "low",
-          "title": "Resource waste",
-          "description": "Unused resources in idle periods",
-          "recommendation": "Implement auto-scaling or sleep mode"
-        }
-      ],
-      "strengths": ["Efficient algorithm choice"]
-    }
-  },
-  "overallScore": 83,
-  "recommendations": [
-    "Add comprehensive monitoring and logging",
-    "Implement redundancy for critical paths",
-    "Optimize database queries for efficiency"
-  ]
-}
+Output your review as a structured Markdown report:
+
+\`\`\`markdown
+# Well-Architected Review
+
+**Overall Score:** 83/100
+**Status:** Approved / Changes Requested
+**Confidence:** 95%
+
+**Summary:** Overall assessment of the Well-Architected review
+
+## 🏛️ Pillar Reviews
+
+### 1️⃣ Operational Excellence (Score: 85)
+
+✅ **Strengths:**
+- Uses established patterns
+- Good error handling
+
+⚠️ **Findings:**
+- **Missing Monitoring** (Medium Severity)
+  - *Description:* Lack of adequate logging and monitoring
+  - *Recommendation:* Add structured logging and metrics
+
+---
+
+### 2️⃣ Security (Score: 90)
+
+✅ **Strengths:**
+- Proper input validation
+- No hardcoded secrets
+
+⚠️ **Findings:** None
+
+---
+
+### 3️⃣ Reliability (Score: 75)
+
+✅ **Strengths:**
+- Good error recovery
+
+⚠️ **Findings:**
+- **Single Point of Failure** (High Severity)
+  - *Description:* No redundancy for critical component
+  - *Recommendation:* Implement failover mechanism
+
+---
+
+### 4️⃣ Performance Efficiency (Score: 80)
+
+✅ **Strengths:**
+- Proper caching strategy
+
+⚠️ **Findings:**
+- **Inefficient Database Query** (Medium Severity)
+  - *Description:* N+1 query pattern detected
+  - *Recommendation:* Use efficient joining or batch queries
+
+---
+
+### 5️⃣ Cost Optimization (Score: 85)
+
+✅ **Strengths:**
+- Appropriate resource sizing
+- No over-provisioning
+
+⚠️ **Findings:** None
+
+---
+
+### 6️⃣ Sustainability (Score: 70)
+
+✅ **Strengths:**
+- Efficient algorithm choice
+
+⚠️ **Findings:**
+- **Resource Waste** (Low Severity)
+  - *Description:* Unused resources in idle periods
+  - *Recommendation:* Implement auto-scaling or sleep mode
+
+---
+
+## 📝 Recommendations
+
+1. Add comprehensive monitoring and logging
+2. Implement redundancy for critical paths
+3. Optimize database queries for efficiency
 \`\`\`
 
 ## Severity Levels
@@ -161,7 +174,8 @@ export const FFWellArchitectedPlugin: Plugin = async () => {
   return {
     tool: {
       ff_well_architected: tool({
-        description: 'Reviews code against AWS Well-Architected Framework pillars',
+        description:
+          'Reviews code against AWS Well-Architected Framework pillars (@ff-well-architected), architecture review, AWS best practices',
         args: {
           task: tool.schema
             .string()