ag-cortex 0.1.0

package/.agent/workflows/review-synthesis.md

@@ -0,0 +1,262 @@
+---
+name: review-synthesis
+description: "Internal sub-workflow for the Review Synthesis phase. Synthesizes findings and generates artifacts."
+---
+
+# Review - Synthesis Phase
+
+<review_target> #$ARGUMENTS </review_target>
+
+## Main Tasks
+
+### 1. Findings Synthesis and Todo Creation Using file-todos Skill
+
+<critical_requirement> ALL findings MUST be stored in the todos/ directory using the file-todos skill. Create todo files immediately after synthesis - do NOT present findings for user approval first. Use the skill for structured todo management. </critical_requirement>
+
+#### Step 1: Synthesize All Findings
+
+<thinking>
+Consolidate all agent reports into a categorized list of findings.
+Remove duplicates, prioritize by severity and impact.
+</thinking>
+
+<synthesis_tasks>
+- [ ] Collect findings from all parallel agents
+- [ ] Categorize by type: security, performance, architecture, quality, etc.
+- [ ] Assign severity levels: 🔴 CRITICAL (P1), 🟡 IMPORTANT (P2), 🔵 NICE-TO-HAVE (P3)
+- [ ] Remove duplicate or overlapping findings
+- [ ] Estimate effort for each finding (Small/Medium/Large)
+</synthesis_tasks>
+
+#### Step 2: Create Todo Files Using file-todos Skill
+
+<critical_instruction> Use the file-todos skill to create todo files for ALL findings immediately. Do NOT present findings one-by-one asking for user approval. Create all todo files in parallel using the skill, then summarize results to user. </critical_instruction>
+
+**Implementation Options:**
+
+**Option A: Direct File Creation (Fast)**
+- Create todo files directly using Write tool
+- All findings in parallel for speed
+- Use standard template from `.agent/skills/file-todos/assets/todo-template.md`
+- Follow naming convention: `{issue_id}-pending-{priority}-{description}.md`
+
+**Option B: Sub-Agents in Parallel (Recommended for Scale)** For large PRs with 15+ findings, use sub-agents to create finding files in parallel:
+
+```bash
+# Launch multiple finding-creator agents in parallel
+Task() - Create todos for first finding
+Task() - Create todos for second finding
+Task() - Create todos for third finding
+etc. for each finding.
+```
+
+Sub-agents can:
+- Process multiple findings simultaneously
+- Write detailed todo files with all sections filled
+- Organize findings by severity
+- Create comprehensive Proposed Solutions
+- Add acceptance criteria and work logs
+- Complete much faster than sequential processing
+
+**Process (Using file-todos Skill):**
+
+1. For each finding:
+   - Determine severity (P1/P2/P3)
+   - Write detailed Problem Statement and Findings
+   - Create 2-3 Proposed Solutions with pros/cons/effort/risk
+   - Estimate effort (Small/Medium/Large)
+   - Add acceptance criteria and work log
+
+2. Use file-todos skill for structured todo management:
+   ```bash
+   skill: file-todos
+   ```
+   The skill provides:
+   - Template location: `.agent/skills/file-todos/assets/todo-template.md`
+   - Naming convention: `{issue_id}-{status}-{priority}-{description}.md`
+   - YAML frontmatter structure: status, priority, issue_id, tags, dependencies
+   - All required sections: Problem Statement, Findings, Solutions, etc.
+
+3. Create todo files in parallel:
+   ```bash
+   {next_id}-pending-{priority}-{description}.md
+   ```
+
+4. Examples:
+   ```
+   001-pending-p1-path-traversal-vulnerability.md
+   002-pending-p1-api-response-validation.md
+   003-pending-p2-concurrency-limit.md
+   004-pending-p3-unused-parameter.md
+   ```
+
+5. Follow template structure from file-todos skill: `.agent/skills/file-todos/assets/todo-template.md`
+
+**Todo File Structure (from template):**
+
+Each todo must include:
+- **YAML frontmatter**: status, priority, issue_id, tags, dependencies
+- **Problem Statement**: What's broken/missing, why it matters
+- **Findings**: Discoveries from agents with evidence/location
+- **Proposed Solutions**: 2-3 options, each with pros/cons/effort/risk
+- **Recommended Action**: (Filled during triage, leave blank initially)
+- **Technical Details**: Affected files, components, database changes
+- **Acceptance Criteria**: Testable checklist items
+- **Work Log**: Dated record with actions and learnings
+- **Resources**: Links to PR, issues, documentation, similar patterns
+
+**Status values:**
+- `pending` - New findings, needs triage/decision
+- `ready` - Approved by manager, ready to work
+- `complete` - Work finished
+
+**Priority values:**
+- `p1` - Critical (blocks merge, security/data issues)
+- `p2` - Important (should fix, architectural/performance)
+- `p3` - Nice-to-have (enhancements, cleanup)
+
+**Tagging:** Always add `code-review` tag, plus: `security`, `performance`, `architecture`, `rails`, `quality`, etc.
+
+#### Step 3: Summary Report
+
+After creating all todo files, present comprehensive summary:
+
+````markdown
+## ✅ Code Review Complete
+
+**Review Target:** PR #XXXX - [PR Title] **Branch:** [branch-name]
+
+### Findings Summary:
+
+- **Total Findings:** [X]
+- **🔴 CRITICAL (P1):** [count] - BLOCKS MERGE
+- **🟡 IMPORTANT (P2):** [count] - Should Fix
+- **🔵 NICE-TO-HAVE (P3):** [count] - Enhancements
+
+### Created Todo Files:
+
+**P1 - Critical (BLOCKS MERGE):**
+- `001-pending-p1-{finding}.md` - {description}
+- `002-pending-p1-{finding}.md` - {description}
+
+**P2 - Important:**
+- `003-pending-p2-{finding}.md` - {description}
+
+**P3 - Nice-to-Have:**
+- `005-pending-p3-{finding}.md` - {description}
+
+### Review Agents Used:
+- kieran-rails-reviewer
+- security-sentinel
+- [other agents]
+
+### Next Steps:
+
+1. **Address P1 Findings**: CRITICAL - must be fixed before merge
+   - Review each P1 todo in detail
+   - Implement fixes or request exemption
+   - Verify fixes before merging PR
+
+2. **Triage All Todos**:
+   ```bash
+   ls todos/*-pending-*.md  # View all pending todos
+   /triage                  # Use slash command for interactive triage
+   ```
+
+3. **Work on Approved Todos**:
+   ```bash
+   /resolve_todo_parallel  # Fix all approved items efficiently
+   ```
+
+4. **Track Progress**:
+   - Rename file when status changes: pending → ready → complete
+   - Update Work Log as you work
+   - Commit todos: `git add todos/ && git commit -m "refactor: add code review findings"`
+````
+
+### 2. End-to-End Testing (Optional)
+
+<detect_project_type>
+
+**First, detect the project type from PR files:**
+
+| Indicator | Project Type |
+|-----------|--------------|
+| `*.xcodeproj`, `*.xcworkspace`, `Package.swift` (iOS) | iOS/macOS |
+| `Gemfile`, `package.json`, `app/views/*`, `*.html.*` | Web |
+| Both iOS files AND web files | Hybrid (test both) |
+
+</detect_project_type>
+
+<offer_testing>
+
+After presenting the Summary Report, offer appropriate testing based on project type:
+
+**For Web Projects:**
+```markdown
+**"Want to run agent-browser tests on the affected pages?"**
+1. Yes - run `/test-browser`
+2. No - skip
+```
+
+**For iOS Projects:**
+```markdown
+**"Want to run Xcode simulator tests on the app?"**
+1. Yes - run `/xcode-test`
+2. No - skip
+```
+
+**For Hybrid Projects (e.g., Rails + Hotwire Native):**
+```markdown
+**"Want to run end-to-end tests?"**
+1. Web only - run `/test-browser`
+2. iOS only - run `/xcode-test`
+3. Both - run both commands
+4. No - skip
+```
+
+</offer_testing>
+
+#### If User Accepts Web Testing:
+
+Spawn a subagent to run agent-browser tests (preserves main context):
+
+```
+Task general-purpose("Run /test-browser for PR #[number]. Test all affected pages, check for console errors, handle failures by creating todos and fixing.")
+```
+
+The subagent will:
+1. Identify pages affected by the PR
+2. Navigate to each page and capture snapshots
+3. Check for console errors
+4. Test critical interactions
+5. Pause for human verification on OAuth/email/payment flows
+6. Create P1 todos for any failures
+7. Fix and retry until all tests pass
+
+**Standalone:** `/test-browser [PR number]`
+
+#### If User Accepts iOS Testing:
+
+Spawn a subagent to run Xcode tests (preserves main context):
+
+```
+Task general-purpose("Run /xcode-test for scheme [name]. Build for simulator, install, launch, take screenshots, check for crashes.")
+```
+
+The subagent will:
+1. Verify XcodeBuildMCP is installed
+2. Discover project and schemes
+3. Build for iOS Simulator
+4. Install and launch app
+5. Take screenshots of key screens
+6. Capture console logs for errors
+7. Pause for human verification (Sign in with Apple, push, IAP)
+8. Create P1 todos for any failures
+9. Fix and retry until all tests pass
+
+**Standalone:** `/xcode-test [scheme]`
+
+### 3. Important: P1 Findings Block Merge
+
+Any **🔴 P1 (CRITICAL)** findings must be addressed before merging the PR. Present these prominently and ensure they're resolved before accepting the PR.

package/.agent/workflows/review.md

@@ -0,0 +1,64 @@
+---
+name: review
+description: Perform exhaustive code reviews using multi-agent analysis, ultra-thinking, and worktrees
+argument-hint: "[PR number, GitHub URL, branch name, or latest]"
+---
+
+# Review Command - Orchestrator
+
+<command_purpose> Coordinator for exhaustive code reviews. Delegates analysis and synthesis to sub-workflows. </command_purpose>
+
+## Introduction
+
+<role>Senior Code Review Architect</role>
+
+## Prerequisites
+
+<requirements>
+- Git repository with GitHub CLI (`gh`) installed
+- Clean main/master branch
+- Proper permissions
+</requirements>
+
+## Main Tasks
+
+### 1. Determine Review Target & Setup
+
+<review_target> #$ARGUMENTS </review_target>
+
+<thinking>
+Determine review target and ensure environment is ready.
+</thinking>
+
+#### Actions:
+
+- [ ] **Identify Target**:
+    - PR number / URL / File path / Empty (current branch)
+- [ ] **Check Branch**:
+    - If ALREADY on PR branch → proceed.
+    - If DIFFERENT branch → offer `skill: git-worktree` for isolation.
+- [ ] **Fetch Metadata**:
+    - `gh pr view --json title,body,files,headRefName`
+- [ ] **Checkout**:
+    - Ensure we are on the correct branch/worktree.
+
+**Verification:**
+Execute `git status` and `gh pr view` to confirm we are inspecting the correct code.
+
+### 2. Perform Comprehensive Analysis
+
+<thinking>
+Delegate deep analysis to the Analysis Sub-Workflow.
+Passing arguments: #$ARGUMENTS
+</thinking>
+
+Call /review-analysis(#$ARGUMENTS)
+
+### 3. Synthesize and Report
+
+<thinking>
+Delegate synthesis, artifact creation, and reporting to the Synthesis Sub-Workflow.
+Passing arguments: #$ARGUMENTS
+</thinking>
+
+Call /review-synthesis(#$ARGUMENTS)

package/.agent/workflows/ship.md

@@ -0,0 +1,90 @@
+---
+name: ship
+description: Securely ship code with security scans, local verification, and PR creation.
+argument-hint: "None"
+---
+
+# Ship It - Secure Delivery Workflow
+
+This workflow handles the safe delivery of code: committing, checking for secrets, pushing, and creating a PR.
+
+## Workflow Steps
+
+### 1. Create Commit
+
+```bash
+git add .
+git status  # Review what's being committed
+git diff --staged  # Check the changes
+
+# Commit with conventional format
+git commit -m "$(cat <<'EOF'
+feat(scope): description of what and why
+
+Brief explanation if needed.
+
+🤖 Generated with [Antigravity](http://antigravity.google/)
+
+Co-Authored-By: Antigravity <noreply@antigravity.google>
+EOF
+)"
+```
+
+### 2. Prepare Review Packet & Security Scan
+
+**Security Check (Fail Fast):**
+Before asking for review, scan for common secrets to prevent accidental leaks.
+
+```bash
+# Quick grep for obvious secrets (API keys, tokens)
+if grep -rE "sk-[a-zA-Z0-9]{20,}|ghp_[a-zA-Z0-9]{20,}|xox[baprs]-[a-zA-Z0-9]{10,}" . --exclude-dir={.git,node_modules,vendor,tmp}; then
+    echo "❌ CRITICAL: Possible secrets detected! Workflow aborted."
+    echo "Please clean up the history/files before proceeding."
+    exit 1
+fi
+```
+
+**Capture Screenshots (Local Only):**
+For UI changes, capture screenshots to a local directory.
+
+```bash
+mkdir -p tmp/screenshots
+# If dev server is needed: bin/dev
+# agent-browser open http://localhost:3000/...
+# agent-browser screenshot tmp/screenshots/after.png
+echo "Screenshots saved to $(pwd)/tmp/screenshots/"
+```
+
+### 3. Push & PR
+
+**Security & Verification Passed. Shipping...**
+
+
+### 4. Push & PR
+
+
+
+```bash
+git push -u origin HEAD
+
+gh pr create --title "Feature: [Description from commit]" --body "$(cat <<'EOF'
+## Summary
+- What was built
+- Why it was needed
+
+## Testing
+- Tests added/modified
+
+## Verification
+- Local screenshots passed verification
+- Security scan passed
+
+---
+
+[![Antigravity Cortex](https://img.shields.io/badge/Antigravity-Cortex-6366f1)](https://github.com/i3ringit/antigravity-cortex) 🤖 Generated with [Antigravity](http://antigravity.google/)
+EOF
+)"
+```
+
+## Success
+Notify the user that the PR is live.

package/.agent/workflows/test-command.md

@@ -0,0 +1,3 @@
+---
+description: A test command
+---