@wrongstack/core 0.6.4 → 0.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. package/dist/{agent-bridge-eb7qnNrd.d.ts → agent-bridge-BBXK_ppx.d.ts} +1 -1
  2. package/dist/agent-subagent-runner-DsSm9lKN.d.ts +174 -0
  3. package/dist/{compactor-RIPuTtWK.d.ts → compactor-C8NhpSt5.d.ts} +1 -1
  4. package/dist/{config-BGGuP_Ar.d.ts → config-DfC6g6KV.d.ts} +1 -1
  5. package/dist/{context-CDRyrkKQ.d.ts → context-DN5v-uQX.d.ts} +11 -0
  6. package/dist/coordination/index.d.ts +10 -9
  7. package/dist/coordination/index.js +113 -20
  8. package/dist/coordination/index.js.map +1 -1
  9. package/dist/defaults/index.d.ts +21 -20
  10. package/dist/defaults/index.js +1329 -925
  11. package/dist/defaults/index.js.map +1 -1
  12. package/dist/{events-BHuIHekD.d.ts → events-CJqwQl8G.d.ts} +17 -1
  13. package/dist/execution/index.d.ts +82 -13
  14. package/dist/execution/index.js +1366 -74
  15. package/dist/execution/index.js.map +1 -1
  16. package/dist/extension/index.d.ts +6 -6
  17. package/dist/{goal-store-DVCfj7Ff.d.ts → goal-store-_Er467ya.d.ts} +2 -2
  18. package/dist/{index-CPcDqvZh.d.ts → index-CXnWsGBp.d.ts} +11 -175
  19. package/dist/{index-BOn9NK7D.d.ts → index-DcnXDPdY.d.ts} +6 -6
  20. package/dist/index.d.ts +28 -27
  21. package/dist/index.js +1068 -664
  22. package/dist/index.js.map +1 -1
  23. package/dist/infrastructure/index.d.ts +6 -6
  24. package/dist/kernel/index.d.ts +9 -9
  25. package/dist/kernel/index.js.map +1 -1
  26. package/dist/{mcp-servers-DBdh3cee.d.ts → mcp-servers-CevFHHM1.d.ts} +3 -3
  27. package/dist/models/index.d.ts +2 -2
  28. package/dist/models/index.js +5 -16
  29. package/dist/models/index.js.map +1 -1
  30. package/dist/{multi-agent-CxSb-9dQ.d.ts → multi-agent-D5IbASk_.d.ts} +16 -4
  31. package/dist/observability/index.d.ts +2 -2
  32. package/dist/{path-resolver-CMGNadvq.d.ts → path-resolver-CBx_q1HA.d.ts} +2 -2
  33. package/dist/{plan-templates-BJflQY2i.d.ts → plan-templates-BEOllUJV.d.ts} +5 -4
  34. package/dist/{provider-runner-BFgNXpaP.d.ts → provider-runner-Byh5TcJs.d.ts} +3 -3
  35. package/dist/{retry-policy-LKS8MHsB.d.ts → retry-policy-BZSIMxrJ.d.ts} +1 -1
  36. package/dist/sdd/index.d.ts +3 -3
  37. package/dist/{secret-scrubber-CfMdAJ_l.d.ts → secret-scrubber-CT7wefiO.d.ts} +1 -1
  38. package/dist/{secret-scrubber-BzQR5BiL.d.ts → secret-scrubber-I0QHY_ob.d.ts} +1 -1
  39. package/dist/security/index.d.ts +3 -3
  40. package/dist/{selector-C7HqnZJU.d.ts → selector-DDb_mq9X.d.ts} +1 -1
  41. package/dist/{session-reader-CzfRA6Vk.d.ts → session-reader-B9nVkziM.d.ts} +1 -1
  42. package/dist/storage/index.d.ts +6 -6
  43. package/dist/storage/index.js +27 -2
  44. package/dist/storage/index.js.map +1 -1
  45. package/dist/{system-prompt-Dl2QY1_B.d.ts → system-prompt-gL06H9P4.d.ts} +1 -1
  46. package/dist/{tool-executor-FoxBjULX.d.ts → tool-executor-BF7QfYVE.d.ts} +4 -4
  47. package/dist/types/index.d.ts +15 -15
  48. package/dist/types/index.js +5 -16
  49. package/dist/types/index.js.map +1 -1
  50. package/dist/utils/index.d.ts +1 -1
  51. package/package.json +1 -1
  52. package/skills/audit-log/SKILL.md +57 -28
  53. package/skills/bug-hunter/SKILL.md +85 -61
  54. package/skills/git-flow/SKILL.md +73 -18
  55. package/skills/multi-agent/SKILL.md +69 -40
  56. package/skills/node-modern/SKILL.md +111 -19
  57. package/skills/prompt-engineering/SKILL.md +97 -16
  58. package/skills/react-modern/SKILL.md +104 -18
  59. package/skills/refactor-planner/SKILL.md +73 -43
  60. package/skills/sdd/SKILL.md +54 -112
  61. package/skills/security-scanner/SKILL.md +95 -93
  62. package/skills/skill-creator/SKILL.md +58 -25
  63. package/skills/typescript-strict/SKILL.md +107 -15
@@ -1,41 +1,133 @@
1
1
  ---
2
2
  name: node-modern
3
3
  description: |
4
- Use this skill for Node.js >= 22 idioms: ESM-only, native fetch, AbortSignal,
5
- node: protocol imports, structuredClone, Web Streams, and modern async patterns.
6
- version: 1.0.0
4
+ Use this skill when writing, reviewing, or refactoring Node.js >= 22
5
+ TypeScript code in WrongStack. Triggers: ESM imports, fetch usage, AbortSignal,
6
+ node: protocol, Web Streams, or any async patterns.
7
+ version: 1.1.0
7
8
  ---
8
9
 
9
- # Modern Node.js (>= 22)
10
+ # Modern Node.js (>= 22) — WrongStack
10
11
 
11
- ## Imports
12
+ ## Imports — always ESM
12
13
 
13
- - Always use `node:` protocol for built-ins: `import * as fs from 'node:fs/promises'`.
14
- - ESM onlyno CommonJS in new code. Use `.js` extension in relative imports.
15
- - Prefer `import.meta` over `__dirname` (compute via `fileURLToPath`).
14
+ ```ts
15
+ // Alwaysnode: protocol for built-ins
16
+ import * as fs from 'node:fs/promises';
17
+ import { createServer } from 'node:http';
18
+ import { join, resolve } from 'node:path';
19
+
20
+ // ✅ ESM with .js extension in relative imports
21
+ import { helper } from './helper.js';
22
+ import { types } from '../types/index.js';
23
+
24
+ // ❌ Never — CommonJS
25
+ const fs = require('fs/promises');
26
+ ```
16
27
 
17
- ## I/O
28
+ ## fetch — native only
18
29
 
19
- - Use `fs.promises` (or `node:fs/promises`). Avoid the callback API.
20
- - Use native `fetch` no axios, no node-fetch.
21
- - Use `AbortSignal` everywhere that takes time: fetch, child_process spawn, timers (via `setTimeout(..., { signal })`).
30
+ ```ts
31
+ // Native fetch (Node 18+)
32
+ const res = await fetch('https://api.example.com/data', {
33
+ signal: AbortSignal.timeout(5000),
34
+ });
35
+
36
+ // ❌ Never — axios, node-fetch, got
37
+ const res = await axios.get('https://api.example.com/data');
38
+ ```
22
39
 
23
- ## Patterns
40
+ ## AbortSignal — everywhere that takes time
24
41
 
25
42
  ```ts
26
- // Combine signals
43
+ // Timeout on fetch
44
+ await fetch(url, { signal: AbortSignal.timeout(5000) });
45
+
46
+ // ✅ Timeout on child_process
47
+ const child = spawn('pnpm', ['test'], { signal: AbortSignal.timeout(30_000) });
48
+
49
+ // ✅ Combined signals
27
50
  const combined = AbortSignal.any([userSignal, timeoutSignal]);
28
51
 
29
- // Atomic write
52
+ // setTimeout with signal (Node 22+)
53
+ setTimeout(handler, 1000, { signal: userSignal });
54
+ ```
55
+
56
+ ## Async patterns
57
+
58
+ ```ts
59
+ // ✅ Atomic write pattern
30
60
  import { rename, writeFile } from 'node:fs/promises';
31
61
  const tmp = `${target}.${randomBytes(4).toString('hex')}.tmp`;
32
62
  await writeFile(tmp, data);
33
63
  await rename(tmp, target);
64
+
65
+ // ✅ Sequential with error handling
66
+ for (const file of files) {
67
+ try {
68
+ await processFile(file);
69
+ } catch (err) {
70
+ console.error(`Failed ${file}: ${err}`);
71
+ }
72
+ }
73
+
74
+ // ✅ Parallel with allSettled (when partial failure is ok)
75
+ const results = await Promise.allSettled(tasks.map(t => t.run()));
76
+ const failures = results.filter(r => r.status === 'rejected');
77
+ ```
78
+
79
+ ## Web Streams
80
+
81
+ ```ts
82
+ // ✅ Readable stream from fetch
83
+ const response = await fetch('https://api.example.com/stream');
84
+ const reader = response.body!.getReader();
85
+ const decoder = new TextDecoder();
86
+ while (true) {
87
+ const { done, value } = await reader.read();
88
+ if (done) break;
89
+ process.stdout.write(decoder.decode(value));
90
+ }
34
91
  ```
35
92
 
36
93
  ## Anti-patterns
37
94
 
38
- - `require()` in new code
39
- - `__dirname` without `fileURLToPath`
40
- - Mixing `fs.readFile` callback with `await`
41
- - Swallowing AbortError silently
95
+ | Anti-pattern | Why bad | Fix |
96
+ |---|---|---|
97
+ | `require()` in new code | WrongStack uses ESM | Use `import` with `.js` extension |
98
+ | `__dirname` without `fileURLToPath` | ESM doesn't have `__dirname` | `path.dirname(fileURLToPath(import.meta.url))` |
99
+ | Mixing `fs.readFile` callback with `await` | Callback API doesn't return a promise | Use `fs.promises.readFile` |
100
+ | Swallowing `AbortError` silently | Means timeout/abort happened | Log it or handle explicitly |
101
+ | `process.cwd()` without fallback | May not match user's cwd | Accept `cwd` as a parameter |
102
+ | Not handling `ENOENT` on file reads | File may not exist | Use try/catch or `access` first |
103
+
104
+ ## package.json scripts
105
+
106
+ ```json
107
+ {
108
+ "scripts": {
109
+ "dev": "tsx watch src/index.ts",
110
+ "build": "tsup",
111
+ "test": "vitest run"
112
+ }
113
+ }
114
+ ```
115
+
116
+ ## TypeScript config for Node 22+
117
+
118
+ ```json
119
+ {
120
+ "compilerOptions": {
121
+ "target": "ES2022",
122
+ "module": "NodeNext",
123
+ "moduleResolution": "NodeNext",
124
+ "strict": true
125
+ }
126
+ }
127
+ ```
128
+
129
+ ## Skills in scope
130
+
131
+ - `typescript-strict` — strict TypeScript patterns
132
+ - `react-modern` — React Server Components with Node.js
133
+ - `bug-hunter` — catching async/await bugs, unhandled rejections
@@ -1,28 +1,109 @@
1
1
  ---
2
2
  name: prompt-engineering
3
3
  description: |
4
- Use this skill when designing system prompts, tool descriptions, or task
5
- instructions for LLM agents. Covers structure, specificity, and common pitfalls.
6
- version: 1.0.0
4
+ Use this skill when designing, critiquing, or fixing system prompts,
5
+ tool descriptions, skill definitions, or LLM instruction text in WrongStack.
6
+ Triggers: user mentions "prompt", "system instruction", "skill description", "tool hint", "usage hint", "system prompt".
7
+ version: 1.1.0
7
8
  ---
8
9
 
9
- # Prompt engineering
10
+ # Prompt Engineering — WrongStack
10
11
 
11
- ## Structure
12
+ ## WrongStack's 4-layer structure
12
13
 
13
- - Identity → principles → environment → memory. (WrongStack's 4-layer system prompt.)
14
- - Static content first (cacheable), volatile last.
15
- - Markdown headings help models parse structure.
14
+ ```
15
+ Layer 1: Identity — Who you are (static, cacheable)
16
+ Layer 2: Tool usage — Available tools and their usage hints (static)
17
+ Layer 3: Environment — Project context, skills, modes, plan (semistatic)
18
+ Layer 4: Volatile — Session state, recent errors, mode prompt (dynamic)
19
+ ```
16
20
 
17
- ## Tool descriptions
21
+ Static content first. Volatile content last. Cache-friendly prompts cost less per token.
18
22
 
19
- - Describe *when* to use, not just *what*. "Use `read` before `edit`" is more useful than "reads files".
20
- - Include schema constraints in prose; the JSON schema alone is rarely enough.
21
- - Give one example for non-obvious tools.
23
+ ## Trigger sentences (skill descriptions)
24
+
25
+ The **first sentence** of a skill description is its trigger. This is the only thing the skill loader matches on.
26
+
27
+ ```
28
+ # Good — specific trigger
29
+ Use this skill when deploying Docker containers to staging.
30
+
31
+ # Bad — vague
32
+ This skill is about Docker.
33
+
34
+ # Good — pattern matchable
35
+ Use this skill when writing or reviewing React 19+ code.
36
+
37
+ # Bad — not actionable
38
+ This skill covers modern React patterns.
39
+ ```
40
+
41
+ ## Tool description rules
42
+
43
+ Every tool in WrongStack has: `name`, `description`, `usageHint`, `inputSchema`.
44
+
45
+ The `usageHint` is what appears in the system prompt. It must say:
46
+ 1. **When to use it** — not just what it does
47
+ 2. **Key parameters** — the important inputs
48
+ 3. **What it returns** — so the model knows what to do next
49
+
50
+ ```
51
+ # Good
52
+ Search file contents with regex. Pattern is regex. Use output_mode to select
53
+ content (matched lines), files_with_matches (file list), or count (line counts).
54
+ Always read before edit — grep first to locate the target.
55
+
56
+ # Bad
57
+ Search files using grep.
58
+ ```
59
+
60
+ ## Common tool chain patterns (for system prompt builder)
61
+
62
+ ```
63
+ Inspect → Edit: glob/read → locate → edit
64
+ Search → Operate: grep/glob → identify → batch_tool_use or edit
65
+ Verify → Report: write/edit/patch → read back → confirm
66
+ Batch Replace: grep with pattern → replace with glob → verify
67
+ ```
22
68
 
23
69
  ## Anti-patterns
24
70
 
25
- - "Please" / "kindly" adds tokens, no benefit.
26
- - "You are a helpful AI assistant" — already implied, wastes tokens.
27
- - Long preamble before the actual question.
28
- - Ambiguous pronouns ("do it again") names beat pronouns.
71
+ | Anti-pattern | Why it's bad | Fix |
72
+ |---|---|---|
73
+ | "Please be helpful" | Wastes tokens, implies the model isn't | Remove it |
74
+ | "You are a helpful AI" | Already implied by default identity | Remove it |
75
+ | "Sure, I'd be happy to" | Same — filler, no information | Remove it |
76
+ | Vague parameter docs | Model doesn't know when to use tool | Add concrete examples |
77
+ | Long preamble before the question | Model reads it, then reads the actual question | Put question first |
78
+ | Ambiguous pronouns | "do it again" — which tool, which file? | Name the specific thing |
79
+
80
+ ## Skill SKILL.md rules
81
+
82
+ See `skill-creator` skill for the format. Key points:
83
+ - First sentence = trigger condition
84
+ - Include concrete code examples in "Do" and "Don't" sections
85
+ - End with "Skills in scope" so agents know to delegate
86
+
87
+ ## Anti-patterns for skill descriptions
88
+
89
+ ```
90
+ # Bad — doesn't say when to use it
91
+ This skill helps with code review.
92
+
93
+ # Good — specific trigger
94
+ Use this skill when reviewing a pull request or reviewing code changes
95
+ before committing. Covers bug detection, style, and security.
96
+
97
+ # Bad — too long, no trigger
98
+ This skill is a comprehensive guide to writing effective prompts...
99
+
100
+ # Good — short trigger + description
101
+ Use this skill when designing system prompts or tool descriptions
102
+ for LLM agents. Covers structure, specificity, and common pitfalls.
103
+ ```
104
+
105
+ ## Skills in scope
106
+
107
+ - `skill-creator` — for creating new skills
108
+ - `typescript-strict` — for TypeScript-specific prompt typing
109
+ - `react-modern` — for React component prompt conventions
@@ -1,34 +1,120 @@
1
1
  ---
2
2
  name: react-modern
3
3
  description: |
4
- Use this skill when writing or reviewing React 19+ code. Covers Server
5
- Components vs Client Components, useTransition, Suspense, the `use` hook,
6
- Actions, and form state.
7
- version: 1.0.0
4
+ Use this skill when writing or reviewing React 19+ code in WrongStack.
5
+ Triggers: user mentions "React", "component", "useState", "useEffect",
6
+ "Server Component", "Client Component", "Suspense", "useTransition", "use hook".
7
+ version: 1.1.0
8
8
  ---
9
9
 
10
- # Modern React (19+)
10
+ # Modern React (19+) — WrongStack
11
11
 
12
12
  ## Component types
13
13
 
14
- - Default to Server Components for data fetching and static UI.
15
- - Mark interactive code with `'use client'` and keep it minimal.
16
- - Don't pass Server Components into Client Component children unless serialized.
14
+ ```tsx
15
+ // Server Component (default) for data fetching and static UI
16
+ async function UserList() {
17
+ const users = await db.query('SELECT * FROM users');
18
+ return <ul>{users.map(u => <li key={u.id}>{u.name}</li>)}</ul>;
19
+ }
20
+
21
+ // ❌ Client Component — mark only when needed
22
+ 'use client';
23
+ import { useState } from 'react';
24
+ function Counter() {
25
+ const [count, setCount] = useState(0);
26
+ return <button onClick={() => setCount(c => c + 1)}>{count}</button>;
27
+ }
28
+ ```
29
+
30
+ Rule: Default to Server Components. Mark `'use client'` only for interactive code. Keep the client boundary minimal.
17
31
 
18
32
  ## Data fetching
19
33
 
20
- - In Server Components: `await fetch(...)`, server-side caching is automatic with framework support.
21
- - In Client Components: use a library (TanStack Query) or `use(promise)` for awaitable thenables.
34
+ ```tsx
35
+ // Server Component direct await
36
+ async function Profile({ userId }: { userId: string }) {
37
+ const user = await fetch(`/api/users/${userId}`).then(r => r.json());
38
+ return <div>{user.name}</div>;
39
+ }
40
+
41
+ // ✅ Client Component — use(promise) for thenables
42
+ import { use } from 'react';
43
+ function UserData({ promise }: { promise: Promise<User> }) {
44
+ const user = use(promise);
45
+ return <div>{user.name}</div>;
46
+ }
47
+
48
+ // ❌ Bad — useEffect for data fetching
49
+ useEffect(() => { fetchData().then(setData); }, []);
50
+ ```
51
+
52
+ ## State management
53
+
54
+ ```tsx
55
+ // ✅ useState for local state
56
+ const [count, setCount] = useState(0);
57
+
58
+ // ✅ useTransition for non-urgent updates
59
+ const [isPending, startTransition] = useTransition();
60
+ startTransition(() => {
61
+ setPage(page + 1);
62
+ });
63
+
64
+ // ✅ useReducer for state machines
65
+ const [state, dispatch] = useReducer(reducer, initialState);
66
+
67
+ // ❌ useEffect for derived state
68
+ // Bad: compute during render instead
69
+ const fullName = firstName + ' ' + lastName;
70
+ ```
22
71
 
23
- ## State
72
+ ## Hook rules
24
73
 
25
- - `useState` for local state. `useReducer` for state machines.
26
- - `useTransition` for non-urgent updates that should not block input.
27
- - Avoid `useEffect` for derived state compute during render.
74
+ | Hook | When to use | Anti-pattern |
75
+ |------|-------------|--------------|
76
+ | `useState` | Local component state | Don't sync with props via useEffect |
77
+ | `useReducer` | Complex state logic | Don't chain useState for related state |
78
+ | `useTransition` | Non-blocking updates | Don't use for urgent state changes |
79
+ | `use` | Awaiting promises in render | Don't use outside component render |
80
+ | `useEffect` | Side effects only | Don't use for data fetching or derived state |
81
+
82
+ ## Common React 19 changes
83
+
84
+ - `ref` is a regular prop — no more `forwardRef`
85
+ - Server Components can be nested without serialization
86
+ - `use(promise)` — await thenables directly in components
87
+ - Actions — server functions callable from client
28
88
 
29
89
  ## Anti-patterns
30
90
 
31
- - `useEffect` to sync local state with props
32
- - Class components in new code
33
- - `forwardRef` in new code (React 19 makes `ref` a regular prop)
34
- - Default exports for components (named exports help refactor tools)
91
+ | Anti-pattern | Why bad | Fix |
92
+ |---|---|---|
93
+ | `useEffect` to sync props to state | Causes extra render, stale data | Use controlled component or lift state |
94
+ | Class components in new code | Deprecated | Use function components + hooks |
95
+ | `forwardRef` in new code | `ref` is a regular prop in React 19 | Pass `ref` as a normal prop |
96
+ | Default exports for components | Hinders refactoring | Named exports |
97
+ | Mixing Server/Client boundaries | Serialization errors | Keep boundary clean |
98
+
99
+ ## TypeScript patterns
100
+
101
+ ```tsx
102
+ // ✅ Props with explicit type
103
+ interface ButtonProps {
104
+ children: React.ReactNode;
105
+ onClick?: () => void;
106
+ variant?: 'primary' | 'secondary';
107
+ }
108
+
109
+ // ✅ Event handler types
110
+ const handleClick = (e: React.MouseEvent<HTMLButtonElement>) => { ... };
111
+
112
+ // ✅ useRef with nullable initial
113
+ const inputRef = useRef<HTMLInputElement>(null);
114
+ ```
115
+
116
+ ## Skills in scope
117
+
118
+ - `typescript-strict` — for TypeScript patterns
119
+ - `node-modern` — for React server components with Node.js
120
+ - `bug-hunter` — for React-specific bugs (stale closures, memory leaks)
@@ -1,49 +1,84 @@
1
1
  ---
2
2
  name: refactor-planner
3
3
  description: |
4
- Structured refactoring planning from code analysis. Covers dependency mapping,
5
- risk assessment, phased planning, and migration strategy.
6
- Use before large rewrites or when technical debt is blocking progress.
7
- version: 1.0.0
4
+ Use this skill when planning a multi-file refactor, code modernization,
5
+ or technical debt resolution in WrongStack. Triggers: user says "refactor",
6
+ "technical debt", "modernize", "clean up", "restructure", "decompose".
7
+ version: 1.1.0
8
8
  ---
9
9
 
10
- # Refactor Planner Agent
10
+ # Refactor Planner — WrongStack
11
11
 
12
- Analyzes code structure and produces a concrete, phased refactoring plan with
13
- risk assessment, dependency ordering, and rollback considerations.
12
+ Analyzes code structure and produces a phased refactoring plan with risk assessment, dependency ordering, and rollback strategy.
14
13
 
15
- ## Capabilities
14
+ ## When to use
16
15
 
17
- - Map module-level dependencies (import graph)
18
- - Identify coupling hotspots (high fan-in/out modules)
19
- - Assess refactoring risk by cyclomatic complexity and test coverage
20
- - Generate phased plans with checkpoint milestones
21
- - Produce diff-friendly task lists (one task = one concern)
16
+ - Multi-file refactors
17
+ - Breaking up large modules
18
+ - Changing public APIs
19
+ - Addressing technical debt
20
+ - Migration to new patterns
22
21
 
23
22
  ## Workflow
24
23
 
25
- 1. **Analyze** — Build dependency graph, count coupling
26
- 2. **Score** — Rate each module by: size, complexity, test coverage, change frequency
27
- 3. **Plan** Order tasks by risk, dependency, and payoff
28
- 4. **Document** Output phased markdown plan
24
+ ```
25
+ 1. Analyze: Build dependency graph, identify coupling
26
+ 2. Score: Rate each module by size, complexity, test coverage
27
+ 3. Plan: Order tasks by risk, dependency, payoff
28
+ 4. Document: Phased markdown plan with checkpoints
29
+ ```
30
+
31
+ ## Risk criteria
32
+
33
+ | Factor | Low Risk | Medium Risk | High Risk |
34
+ |--------|----------|-------------|-----------|
35
+ | Cyclomatic complexity | <10 | 10-20 | >20 |
36
+ | Test coverage | >80% | 50-80% | <50% |
37
+ | Fan-out (imports) | <5 | 5-15 | >15 |
38
+ | Public API surface | unchanged | modified | removed |
39
+
40
+ ## Phase structure
41
+
42
+ Good refactors have 3 phases:
29
43
 
30
- ## Input
44
+ ```
45
+ Phase 1: Low Risk / High Payoff
46
+ - No behavior change
47
+ - Tests already pass
48
+ - Quick wins
49
+
50
+ Phase 2: Medium Risk (test heavily)
51
+ - Some behavior may change
52
+ - Significant test coverage needed
53
+ - May need rollback plan
54
+
55
+ Phase 3: High Risk (full regression)
56
+ - Behavior changes expected
57
+ - Integration tests required
58
+ - Coordinate with team
59
+ ```
60
+
61
+ ## Risk assessment checklist
31
62
 
32
63
  ```json
33
64
  {
34
- "task": "plan | assess | roadmap",
35
- "target": "src/core | packages/tools | .",
36
- "constraint": "no-breaking-changes | minimal-downtime | full-rewrite",
37
- "focus": "architecture | performance | maintainability"
65
+ "module": "src/auth/session.ts",
66
+ "size": 450,
67
+ "cyclomatic": 12,
68
+ "testCoverage": 65,
69
+ "fanOut": 8,
70
+ "publicAPI": true,
71
+ "dependencies": ["core", "providers"],
72
+ "dependents": ["cli", "tui", "webui"]
38
73
  }
39
74
  ```
40
75
 
41
- ## Output Format
76
+ ## Phased plan output
42
77
 
43
78
  ```
44
79
  ## Refactor Plan — <target>
45
80
 
46
- ### Phase 1: Low Risk / High Payoff (do first)
81
+ ### Phase 1: Low Risk / High Payoff
47
82
  | # | Task | Module | Risk | Est. Time |
48
83
  |---|------|--------|------|-----------|
49
84
  | 1 | Extract `ToolExecutor` interface | core/tool-executor.ts | low | 2h |
@@ -53,12 +88,8 @@ risk assessment, dependency ordering, and rollback considerations.
53
88
  | # | Task | Module | Risk | Est. Time |
54
89
  |---|------|--------|------|-----------|
55
90
  | 3 | Break circular dep: Config ↔ Logger | core/config.ts | medium | 6h |
56
- | 4 | Split `Context` into read/write slices | core/context.ts | medium | 8h |
57
91
 
58
- ### Phase 3: High Risk (requires full regression)
59
- ...
60
-
61
- ### Dependency Graph (abbreviated)
92
+ ### Dependency Graph
62
93
  ```
63
94
  config.ts → logger.ts → path-resolver.ts
64
95
  ↓ ↓
@@ -68,8 +99,9 @@ config.ts → logger.ts → path-resolver.ts
68
99
  ```
69
100
 
70
101
  ### Rollback Strategy
71
- Each phase commits independently. On failure: `git checkout phase<N>`.
72
- Run `pnpm test` before advancing.
102
+ - Phase 1: `git checkout` if tests fail
103
+ - Phase 2: Feature flag, can disable
104
+ - Phase 3: Blue-green deployment
73
105
 
74
106
  ### Exit Criteria
75
107
  - [ ] All Phase 1 tasks pass `pnpm test`
@@ -77,18 +109,16 @@ Run `pnpm test` before advancing.
77
109
  - [ ] `Context` interface < 20 methods
78
110
  ```
79
111
 
80
- ## Risk Criteria
112
+ ## Anti-patterns
81
113
 
82
- | Factor | Low Risk | Medium Risk | High Risk |
83
- |--------|----------|-------------|-----------|
84
- | Cyclomatic complexity | <10 | 10-20 | >20 |
85
- | Test coverage | >80% | 50-80% | <50% |
86
- | Fan-out (imports) | <5 | 5-15 | >15 |
87
- | Change frequency | low | medium | high |
114
+ - **Don't plan without analyzing** assumptions cause wasted work
115
+ - **Don't skip rollback strategy** — every refactor can fail
116
+ - **Don't over-phase** if a task takes <1h, merge it
117
+ - **Don't ignore team constraints** parallelization only works if reviewers exist
118
+ - **Don't skip the dependency graph** the most important part
88
119
 
89
- ## Anti-patterns
120
+ ## Skills in scope
90
121
 
91
- - Don't plan without analyzing assumptions cause wasted work
92
- - Don't skip rollback strategy every refactor can fail
93
- - Don't over-phaseif a task takes <1h, merge it
94
- - Don't ignore team constraints — parallelization only works if reviewers exist
122
+ - `bug-hunter` for finding bugs exposed by the refactor
123
+ - `git-flow` for committing each phase properly
124
+ - `multi-agent`for parallel analysis of multiple modules