@uluops/setup 0.2.0 → 0.6.0

package/assets/{commands → claude-code/commands}/agents/security.md

@@ -1,137 +1,156 @@
----
-name: security
-description: Run comprehensive security audit on a project. Use as FINAL gate before deployment. Scans for vulnerabilities, OWASP compliance, and security best practices.
----
-
-# Security Analyst
-Run comprehensive security audit on a project. Use as FINAL gate before deployment. Scans for vulnerabilities, OWASP compliance, and security best practices.
-
-## Arguments
-
-**Usage:** `/agents:security <directory>`
-
-**Examples:**
-- `/agents:security ./src`
-- `/agents:security ./services/auth`
-- `/agents:security .`
-
-**Target Directory:** $ARGUMENTS
-
----
-
-## Pre-Flight
-
-```bash
-echo "Running security audit on $ARGUMENTS..."
-echo "======================================="
-```
-
-Verify the target directory exists:
-
-```bash
-test -d "$ARGUMENTS" && echo "✓ Directory exists: $ARGUMENTS" || echo "ERROR: Directory '$ARGUMENTS' not found"
-```
-
-Enter and confirm location:
-
-```bash
-cd "$ARGUMENTS" && pwd
-```
-
-Check path exists:
-
-```bash
-[ -e "$ARGUMENTS" ] && echo "✓ $ARGUMENTS exists" || echo "Target directory does not exist"
-```
-
-
----
-
-## Agent Invocation
-
-Run the Security Analyst agent on the validated target directory:
-
-**Agent:** security-analyst-agent.md
-**Model:** Sonnet
-**Target:** $ARGUMENTS
-
-The agent performs code quality validation across 6 categories (100 points total):
-
-| Category | Points | Focus |
-|----------|--------|-------|
-| Secrets & Credentials | 20 | No hardcoded keys, passwords, or tokens in code |
-| Injection Prevention | 20 | SQL, command, XSS, and path traversal prevention |
-| Authentication & Authorization | 20 | JWT handling, password hashing, and access control |
-| Data Protection | 15 | Secure cookies, encryption, and PII handling |
-| Dependencies | 15 | npm audit clean and no known vulnerabilities |
-| Security Configuration | 10 | Headers, CORS, error handling, debug mode |
-
----
-
-## Auto-Fail Conditions
-
-Critical issues that trigger immediate FAIL regardless of score:
-
-| ID | Condition |
-|----|-----------|
-| **AF-001** | Hardcoded secrets or API keys in source code |
-| **AF-002** | SQL injection or command injection confirmed |
-| **AF-003** | Authentication bypass possible |
-| **AF-004** | Critical npm vulnerability (CVSS >= 9.0) |
-| **AF-005** | Secrets committed in git history |
-| **AF-006** | RCE (Remote Code Execution) vector identified |
-
----
-
-## Decision Thresholds
-
-| Score | Decision | Meaning |
-|-------|----------|---------|
-| **>=85** | ✅ PASS | Validation passed, proceed to next phase |
-| **<85** | ❌ FAIL | Validation failed, fix issues before proceeding |
-
-**Note:** Any critical issue triggers FAIL regardless of score.
-
----
-
-
-## PERSIST TO TRACKER (Required)
-
-> **IMPORTANT:** Save to tracker IMMEDIATELY after agent completes, BEFORE presenting the summary to the user. The workflow is not complete until results are persisted.
-**1. Get token metrics from buffer:**
-```bash
-agent-metrics buffer list --since 5m -f tracker
-```
-
-**2. Save to tracker (DO THIS FIRST):**
-
-mcp__uluops-tracker__save_features_list
-
-**3. Verify saved:** Compare `json.summary.total_issues` with saved count.
-
-**4. THEN present summary to user.**
-
-### Field Mappings
-
-**From JSON OUTPUT to Tracker:**
-| Source | Tracker Field | Notes |
-|--------|---------------|-------|
-| `json.result.score` | `validators[].score` | Total score |
-| `json.result.decision` | `validators[].status` | PASS/FAIL |
-| `buffer.model` | `validators[].model` | From agent-metrics buffer |
-| `buffer.tokens.input_tokens` | `input_tokens` | Raw input tokens |
-| `buffer.tokens.output_tokens` | `output_tokens` | Output tokens |
-| `buffer.tokens.cache_creation_tokens` | `cache_creation_tokens` | Cache creation |
-| `buffer.tokens.cache_read_tokens` | `cache_read_tokens` | Cache reads |
-| `buffer.tokens.total_effective_tokens` | `total_effective_tokens` | Effective total |
-| `json.categories[].findings[].issues[]` | `recommendations[]` | Flatten nested structure |
-
-**Note:** `json` = agent's JSON OUTPUT, `buffer` = `agent-metrics buffer list -f tracker`
-
----
-
-## Source
-
-**CDL Schema:** `udl/definition-languages/cdl-schema-v1.1.0.json`
-**CDL Source:** `/home/alexs/uluops/uluops-agent-workflows/udl/cdl/v1/security.command.yaml`
-**Agent:** `agents/security-analyst-agent.md`
+---
+name: security
+description: Run comprehensive security audit on a project. Use as FINAL gate before deployment. Scans for vulnerabilities, OWASP compliance, and security best practices.
+---
+
+# Security Analyst v1
+Run comprehensive security audit on a project. Use as FINAL gate before deployment. Scans for vulnerabilities, OWASP compliance, and security best practices.
+
+## What's New in v1
+
+| Feature | Description |
+|---------|-------------|
+| **Calibration Examples** | Reference scenarios for consistent scoring |
+| **Failure Code Examples** | Worked examples mapping issues to taxonomy codes |
+| **Token Budget** | Output length guidance |
+| **Display IDs** | Auto-fail conditions have numbered IDs |
+
+## Arguments
+
+**Usage:** `/agents:security <directory>`
+
+**Examples:**
+- `/agents:security ./src`
+- `/agents:security ./services/auth`
+- `/agents:security .`
+
+**Target Directory:** $ARGUMENTS
+
+
+---
+
+## Pre-Flight
+
+```bash
+echo "Running security audit on $ARGUMENTS..."
+echo "======================================="
+```
+
+Verify the target directory exists:
+
+```bash
+test -d "$ARGUMENTS" && echo "✓ Directory exists: $ARGUMENTS" || echo "ERROR: Directory '$ARGUMENTS' not found"
+```
+
+Enter and confirm location:
+
+```bash
+cd "$ARGUMENTS" && pwd
+```
+
+Check path exists:
+
+```bash
+[ -e "$ARGUMENTS" ] && echo "✓ $ARGUMENTS exists" || echo "Target directory does not exist"
+```
+
+
+---
+
+## Agent Invocation
+
+Run the Security Analyst agent on the validated target directory:
+
+**Agent:** security-analyst-agent.md
+**Model:** Sonnet
+**Target:** $ARGUMENTS
+
+
+---
+
+## Decision Thresholds
+
+| Score | Decision | Meaning |
+|-------|----------|---------|
+| **>=85** | ✅ PASS | Validation passed, proceed to next phase |
+| **<85** | ❌ FAIL | Validation failed, fix issues before proceeding |
+
+**Note:** Any critical issue triggers FAIL regardless of score.
+
+---
+
+## Post-Flight Actions
+
+### On Success
+
+Security audit passed with score >= 85
+
+```bash
+exit 0
+```
+
+### On Failure
+
+Security audit failed. Review vulnerabilities above.
+
+```bash
+exit 1
+```
+
+
+---
+
+
+## PERSIST TO TRACKER (Required)
+
+> **IMPORTANT:** Save to tracker IMMEDIATELY after agent completes, BEFORE presenting the summary to the user. The workflow is not complete until results are persisted.
+**1. Get token metrics from buffer:**
+```bash
+agent-metrics buffer list --since 5m -f tracker
+```
+
+**2. Save to tracker (DO THIS FIRST):**
+
+mcp__uluops-tracker__save_run
+
+**3. Verify saved:** Compare `json.summary.total_issues` with saved count.
+
+**4. THEN present summary to user.**
+
+### Field Mappings
+
+**Definition identity (REQUIRED for execution tracking):**
+| Tracker Field | Value | Notes |
+|---------------|-------|-------|
+| `definition_type` | `command` | From CDL interface |
+| `definition_name` | `security` | From CDL interface |
+| `definition_version` | `1.0.2` | From CDL interface |
+
+**From JSON OUTPUT to Tracker:**
+| Source | Tracker Field | Notes |
+|--------|---------------|-------|
+| `json.result.score` | `agents[].score` | Total score |
+| `json.result.decision` | `agents[].decision` | PASS/FAIL |
+| `buffer.model` | `validators[].model` | From agent-metrics buffer |
+| `buffer.tokens.input_tokens` | `input_tokens` | Raw input tokens |
+| `buffer.tokens.output_tokens` | `output_tokens` | Output tokens |
+| `buffer.tokens.cache_creation_tokens` | `cache_creation_tokens` | Cache creation |
+| `buffer.tokens.cache_read_tokens` | `cache_read_tokens` | Cache reads |
+| `buffer.tokens.total_effective_tokens` | `total_effective_tokens` | Effective total |
+| `json.categories[].findings[].issues[]` | `recommendations[]` | Flatten nested structure |
+| `json.analysis.records[]` | `analysis_records[]` | Structured analysis records (v1.4.0) |
+| `json.analysis.system_metrics` | `analysis_summary.system_metrics` | Agent-type-specific metrics |
+| `json.analysis.category_scores[]` | `analysis_summary.category_scores[]` | Category score breakdown |
+| `json.analysis.epistemic_assessment` | `analysis_summary.epistemic_assessment` | Failure signature risk ratings |
+| `json.analysis.audit_implications[]` | `analysis_summary.audit_implications[]` | Trajectory projections |
+
+**Note:** `json` = agent's JSON OUTPUT, `buffer` = `agent-metrics buffer list -f tracker`
+**Note:** `analysis_records` and `analysis_summary` are optional (v1.4.0). Omit if agent output has no `analysis` section.
+
+---
+
+## Source
+
+**CDL Schema:** `udl/definition-languages/cdl-schema-v1_3_0.json`
+**CDL Source:** `/Users/aself/uluops/uluops-agent-workflows/udl/cdl/v1/security.command.yaml`
+**Agent:** `agents/security-analyst-agent.md`

package/assets/{commands → claude-code/commands}/agents/test-review.md

@@ -1,136 +1,156 @@
----
-name: test-review
-description: Run Test Architect agent to validate test quality and coverage. Use after implementation passes code validator.
----
-
-# Test Architect
-Run Test Architect agent to validate test quality and coverage. Use after implementation passes code validator.
-
-## Arguments
-
-**Usage:** `/agents:test-review <directory>`
-
-**Examples:**
-- `/agents:test-review ./tests`
-- `/agents:test-review ./src`
-- `/agents:test-review .`
-
-**Target Directory:** $ARGUMENTS
-
----
-
-## Pre-Flight
-
-```bash
-echo "Running test architecture review on $ARGUMENTS..."
-echo "================================================="
-```
-
-Verify the target directory exists:
-
-```bash
-test -d "$ARGUMENTS" && echo "✓ Directory exists: $ARGUMENTS" || echo "ERROR: Directory '$ARGUMENTS' not found"
-```
-
-Enter and confirm location:
-
-```bash
-cd "$ARGUMENTS" && pwd
-```
-
-Check path exists:
-
-```bash
-[ -e "$ARGUMENTS" ] && echo "✓ $ARGUMENTS exists" || echo "Target directory does not exist"
-```
-
-
----
-
-## Agent Invocation
-
-Run the Test Architect agent on the validated target directory:
-
-**Agent:** test-architect-agent.md
-**Model:** Sonnet
-**Target:** $ARGUMENTS
-
-The agent performs code quality validation across 5 categories (100 points total):
-
-| Category | Points | Focus |
-|----------|--------|-------|
-| Coverage Quality | 30 | Public function coverage, edge cases, error conditions, boundaries |
-| Test Design | 25 | Behavior verification, single purpose, naming, AAA pattern |
-| Test Independence | 20 | Order independence, no shared state, isolation, proper scoping |
-| Mutation Resistance | 15 | Tests catch logic inversions, boundary errors, removed validation |
-| Maintainability | 10 | No magic values, meaningful test data, appropriate DRY |
-
----
-
-## Auto-Fail Conditions
-
-Critical issues that trigger immediate FAIL regardless of score:
-
-| ID | Condition |
-|----|-----------|
-| **AF-001** | Core functionality has no tests |
-| **AF-002** | Tests pass regardless of implementation correctness |
-| **AF-003** | Tests are coupled to implementation details |
-| **AF-004** | Non-deterministic (flaky) tests detected |
-| **AF-005** | Shared state causing test interference |
-| **AF-006** | Error paths completely untested |
-
----
-
-## Decision Thresholds
-
-| Score | Decision | Meaning |
-|-------|----------|---------|
-| **>=70** | ✅ PASS | Validation passed, proceed to next phase |
-| **<70** | ❌ FAIL | Validation failed, fix issues before proceeding |
-
-**Note:** Any critical issue triggers FAIL regardless of score.
-
----
-
-
-## PERSIST TO TRACKER (Required)
-
-> **IMPORTANT:** Save to tracker IMMEDIATELY after agent completes, BEFORE presenting the summary to the user. The workflow is not complete until results are persisted.
-**1. Get token metrics from buffer:**
-```bash
-agent-metrics buffer list --since 5m -f tracker
-```
-
-**2. Save to tracker (DO THIS FIRST):**
-
-mcp__uluops-tracker__save_features_list
-
-**3. Verify saved:** Compare `json.summary.total_issues` with saved count.
-
-**4. THEN present summary to user.**
-
-### Field Mappings
-
-**From JSON OUTPUT to Tracker:**
-| Source | Tracker Field | Notes |
-|--------|---------------|-------|
-| `json.result.score` | `validators[].score` | Total score |
-| `json.result.decision` | `validators[].status` | PASS/FAIL |
-| `buffer.model` | `validators[].model` | From agent-metrics buffer |
-| `buffer.tokens.input_tokens` | `input_tokens` | Raw input tokens |
-| `buffer.tokens.output_tokens` | `output_tokens` | Output tokens |
-| `buffer.tokens.cache_creation_tokens` | `cache_creation_tokens` | Cache creation |
-| `buffer.tokens.cache_read_tokens` | `cache_read_tokens` | Cache reads |
-| `buffer.tokens.total_effective_tokens` | `total_effective_tokens` | Effective total |
-| `json.categories[].findings[].issues[]` | `recommendations[]` | Flatten nested structure |
-
-**Note:** `json` = agent's JSON OUTPUT, `buffer` = `agent-metrics buffer list -f tracker`
-
----
-
-## Source
-
-**CDL Schema:** `udl/definition-languages/cdl-schema-v1.1.0.json`
-**CDL Source:** `/home/alexs/uluops/uluops-agent-workflows/udl/cdl/v1/test-review.command.yaml`
-**Agent:** `agents/test-architect-agent.md`
+---
+name: test-review
+description: Run Test Architect agent to validate test quality and coverage. Use after implementation passes code validator.
+---
+
+# Test Architect v1
+Run Test Architect agent to validate test quality and coverage. Use after implementation passes code validator.
+
+## What's New in v1
+
+| Feature | Description |
+|---------|-------------|
+| **Calibration Examples** | Reference scenarios for consistent scoring |
+| **Failure Code Examples** | Worked examples mapping issues to taxonomy codes |
+| **Token Budget** | Output length guidance |
+| **Display IDs** | Auto-fail conditions have numbered IDs |
+
+## Arguments
+
+**Usage:** `/agents:test-review <directory>`
+
+**Examples:**
+- `/agents:test-review ./tests`
+- `/agents:test-review ./src`
+- `/agents:test-review .`
+
+**Target Directory:** $ARGUMENTS
+
+
+---
+
+## Pre-Flight
+
+```bash
+echo "Running test architecture review on $ARGUMENTS..."
+echo "================================================="
+```
+
+Verify the target directory exists:
+
+```bash
+test -d "$ARGUMENTS" && echo "✓ Directory exists: $ARGUMENTS" || echo "ERROR: Directory '$ARGUMENTS' not found"
+```
+
+Enter and confirm location:
+
+```bash
+cd "$ARGUMENTS" && pwd
+```
+
+Check path exists:
+
+```bash
+[ -e "$ARGUMENTS" ] && echo "✓ $ARGUMENTS exists" || echo "Target directory does not exist"
+```
+
+
+---
+
+## Agent Invocation
+
+Run the Test Architect agent on the validated target directory:
+
+**Agent:** test-architect-agent.md
+**Model:** Sonnet
+**Target:** $ARGUMENTS
+
+
+---
+
+## Decision Thresholds
+
+| Score | Decision | Meaning |
+|-------|----------|---------|
+| **>=70** | ✅ PASS | Validation passed, proceed to next phase |
+| **<70** | ❌ FAIL | Validation failed, fix issues before proceeding |
+
+**Note:** Any critical issue triggers FAIL regardless of score.
+
+---
+
+## Post-Flight Actions
+
+### On Success
+
+Test review passed with score >= 70
+
+```bash
+exit 0
+```
+
+### On Failure
+
+Test review failed. Review issues above.
+
+```bash
+exit 1
+```
+
+
+---
+
+
+## PERSIST TO TRACKER (Required)
+
+> **IMPORTANT:** Save to tracker IMMEDIATELY after agent completes, BEFORE presenting the summary to the user. The workflow is not complete until results are persisted.
+**1. Get token metrics from buffer:**
+```bash
+agent-metrics buffer list --since 5m -f tracker
+```
+
+**2. Save to tracker (DO THIS FIRST):**
+
+mcp__uluops-tracker__save_run
+
+**3. Verify saved:** Compare `json.summary.total_issues` with saved count.
+
+**4. THEN present summary to user.**
+
+### Field Mappings
+
+**Definition identity (REQUIRED for execution tracking):**
+| Tracker Field | Value | Notes |
+|---------------|-------|-------|
+| `definition_type` | `command` | From CDL interface |
+| `definition_name` | `test-review` | From CDL interface |
+| `definition_version` | `1.0.2` | From CDL interface |
+
+**From JSON OUTPUT to Tracker:**
+| Source | Tracker Field | Notes |
+|--------|---------------|-------|
+| `json.result.score` | `agents[].score` | Total score |
+| `json.result.decision` | `agents[].decision` | PASS/FAIL |
+| `buffer.model` | `validators[].model` | From agent-metrics buffer |
+| `buffer.tokens.input_tokens` | `input_tokens` | Raw input tokens |
+| `buffer.tokens.output_tokens` | `output_tokens` | Output tokens |
+| `buffer.tokens.cache_creation_tokens` | `cache_creation_tokens` | Cache creation |
+| `buffer.tokens.cache_read_tokens` | `cache_read_tokens` | Cache reads |
+| `buffer.tokens.total_effective_tokens` | `total_effective_tokens` | Effective total |
+| `json.categories[].findings[].issues[]` | `recommendations[]` | Flatten nested structure |
+| `json.analysis.records[]` | `analysis_records[]` | Structured analysis records (v1.4.0) |
+| `json.analysis.system_metrics` | `analysis_summary.system_metrics` | Agent-type-specific metrics |
+| `json.analysis.category_scores[]` | `analysis_summary.category_scores[]` | Category score breakdown |
+| `json.analysis.epistemic_assessment` | `analysis_summary.epistemic_assessment` | Failure signature risk ratings |
+| `json.analysis.audit_implications[]` | `analysis_summary.audit_implications[]` | Trajectory projections |
+
+**Note:** `json` = agent's JSON OUTPUT, `buffer` = `agent-metrics buffer list -f tracker`
+**Note:** `analysis_records` and `analysis_summary` are optional (v1.4.0). Omit if agent output has no `analysis` section.
+
+---
+
+## Source
+
+**CDL Schema:** `udl/definition-languages/cdl-schema-v1_3_0.json`
+**CDL Source:** `/Users/aself/uluops/uluops-agent-workflows/udl/cdl/v1/test-review.command.yaml`
+**Agent:** `agents/test-architect-agent.md`