agcel 1.0.1

package/.agent/workflows/refactor.md

@@ -0,0 +1,63 @@
+# /refactor - Refactoring Command
+
+## Purpose
+
+Improve code structure, readability, or performance without changing behavior.
+
+## Usage
+
+```
+/refactor [file or function] [goal: clean | extract | simplify | optimize]
+```
+
+---
+
+Refactor: **$ARGUMENTS**
+
+## Workflow
+
+### Step 1: Understand Current Code
+
+1. Read the code thoroughly
+2. Identify what it does
+3. Note existing tests
+
+### Step 2: Plan Refactoring
+
+1. Identify improvement opportunities
+2. Ensure tests exist
+3. Plan incremental changes
+
+### Step 3: Execute
+
+1. Make small, focused changes
+2. Run tests after each change
+3. Commit incrementally
+
+## Refactoring Types
+
+- **Extract**: Pull out reusable functions
+- **Simplify**: Reduce complexity
+- **Rename**: Improve clarity
+- **Clean**: Remove dead code
+
+## Output
+
+```markdown
+## Refactoring Complete
+
+### Changes Made
+- Extracted `validateInput()` function
+- Simplified conditional logic
+- Renamed `x` to `userCount`
+
+### Before/After
+[Code comparison]
+
+### Tests
+All passing
+```
+
+
+## Gap Analysis Rule
+Always identify gaps and suggest next steps to users. In case there is no gaps anymore, then AI should clearly state that there is no gap left.

package/.agent/workflows/research.md

@@ -0,0 +1,116 @@
+# /research - Research Command
+
+## Purpose
+
+Research a technology, library, or approach with comprehensive analysis.
+
+## Usage
+
+```
+/research [topic or technology]
+```
+
+---
+
+Research: **$ARGUMENTS**
+
+## Workflow
+
+1. **Gather Information**
+   - Official documentation
+   - Community resources
+   - Comparisons
+
+2. **Analyze**
+   - Pros and cons
+   - Best practices
+   - Alternatives
+
+3. **Recommend**
+   - Summary
+   - Recommendation
+   - Next steps
+
+## Flags
+
+| Flag | Description | Example |
+|------|-------------|---------|
+| `--mode=[mode]` | Use specific behavioral mode | `--mode=deep-research` |
+| `--depth=[1-5]` | Research thoroughness level | `--depth=5` |
+| `--format=[fmt]` | Output format (concise/detailed/json) | `--format=detailed` |
+| `--save=[path]` | Save research to file | `--save=docs/research.md` |
+| `--compare` | Focus on comparing alternatives | `--compare` |
+| `--sequential` | Use sequential thinking methodology | `--sequential` |
+
+### Flag Usage Examples
+
+```bash
+/research --depth=5 "authentication libraries for Node.js"
+/research --compare "React vs Vue vs Svelte"
+/research --sequential "root cause of memory leak"
+/research --save=docs/orm-research.md "ORM comparison"
+```
+
+### Depth Levels
+
+| Level | Behavior |
+|-------|----------|
+| 1 | Quick overview, key points only |
+| 2 | Standard analysis |
+| 3 | Thorough with examples |
+| 4 | Comprehensive with trade-offs |
+| 5 | Exhaustive with citations |
+
+## MCP Integration
+
+This command leverages MCP servers for enhanced research:
+
+### Web Search - Library Documentation (Primary)
+```
+ALWAYS use Web Search for library/framework research:
+1. Use resolve-library-id to find the library ID
+2. Use get-library-docs with topic parameter for focused docs
+3. Use mode='code' for API references, mode='info' for concepts
+```
+
+### Reasoning - Structured Analysis
+```
+For complex research requiring step-by-step reasoning:
+- Use sequentialthinking tool to break down analysis
+- Track confidence scores for each finding
+- Revise conclusions as new information emerges
+```
+
+### Memory - Persistent Research
+```
+Store research findings for future reference:
+- Create entities for researched technologies
+- Add observations with pros/cons/recommendations
+- Link related technologies with relations
+```
+
+## Output
+
+```markdown
+## Research: [Topic]
+
+### Summary
+[Overview]
+
+### Pros
+- [Pro 1]
+- [Pro 2]
+
+### Cons
+- [Con 1]
+
+### Alternatives
+[Comparison table]
+
+### Recommendation
+[Clear recommendation]
+```
+
+
+## Gap Analysis Rule
+Always identify gaps and suggest next steps to users. In case there is no gaps anymore, then AI should clearly state that there is no gap left.

package/.agent/workflows/review.md

@@ -0,0 +1,344 @@
+# /review - Code Review Command
+
+## Purpose
+
+Comprehensive code review with focus on quality, security, performance, and maintainability.
+
+## Usage
+
+```
+/review [file path | 'staged' | 'pr' | PR number]
+```
+
+## Arguments
+
+- `$ARGUMENTS`:
+  - File path: Review specific file(s)
+  - `staged`: Review all staged changes
+  - `pr`: Review current branch changes vs main
+  - PR number: Review specific pull request
+
+---
+
+Perform a comprehensive code review for: **$ARGUMENTS**
+
+## Workflow
+
+### Phase 1: Identify Review Scope
+
+1. **Determine What to Review**
+   - Single file: Read the specified file
+   - `staged`: Get staged changes with `git diff --staged`
+   - `pr`: Get branch diff with `git diff main...HEAD`
+   - PR number: Fetch PR details with `gh pr view`
+
+2. **Gather Context**
+   - Understand the purpose of changes
+   - Check related tests
+   - Review CLAUDE.md for project standards
+
+### Phase 2: Code Quality Review
+
+Check each file for:
+
+1. **Correctness**
+   - Logic errors and bugs
+   - Edge case handling
+   - Null/undefined safety
+   - Type correctness
+
+2. **Clarity**
+   - Clear naming (variables, functions, classes)
+   - Readable structure
+   - Appropriate comments
+   - Self-documenting code
+
+3. **Consistency**
+   - Follows project conventions
+   - Matches existing patterns
+   - Style guide compliance
+
+4. **Complexity**
+   - Function length (prefer <30 lines)
+   - Cyclomatic complexity
+   - Nesting depth
+
+### Phase 3: Security Review
+
+Check for security issues:
+
+1. **Input Validation**
+   - User input sanitization
+   - Type validation
+   - Size/length limits
+
+2. **Authentication/Authorization**
+   - Proper auth checks
+   - Role-based access control
+   - Session management
+
+3. **Data Protection**
+   - Sensitive data handling
+   - Encryption where needed
+   - PII protection
+
+4. **Injection Prevention**
+   - SQL injection
+   - XSS vulnerabilities
+   - Command injection
+
+5. **Secrets**
+   - No hardcoded credentials
+   - No API keys in code
+   - Proper env var usage
+
+### Phase 4: Performance Review
+
+Check for performance issues:
+
+1. **Algorithmic Efficiency**
+   - Time complexity
+   - Unnecessary loops
+   - Redundant operations
+
+2. **Memory Usage**
+   - Large object creation
+   - Memory leaks
+   - Unbounded caches
+
+3. **Database**
+   - N+1 queries
+   - Missing indexes
+   - Large result sets
+
+4. **Async Operations**
+   - Proper async/await
+   - Parallel where possible
+   - Timeout handling
+
+### Phase 5: Maintainability Review
+
+Check for maintainability:
+
+1. **SOLID Principles**
+   - Single responsibility
+   - Open/closed
+   - Dependency injection
+
+2. **DRY**
+   - Code duplication
+   - Opportunity for reuse
+
+3. **Testing**
+   - Test coverage
+   - Test quality
+   - Edge case tests
+
+4. **Documentation**
+   - API documentation
+   - Complex logic explanation
+   - Usage examples
+
+## Output Format
+
+```markdown
+## Code Review: [Target]
+
+**Reviewed**: [files/changes]
+**Verdict**: [Approve | Request Changes | Needs Discussion]
+
+---
+
+### Critical Issues (Must Fix)
+
+#### 1. [Security] SQL Injection Risk
+**File**: `src/api/users.ts:42`
+**Severity**: Critical
+
+```typescript
+// Current code
+const query = `SELECT * FROM users WHERE id = ${userId}`;
+```
+
+**Issue**: User input directly interpolated into SQL query.
+
+**Fix**:
+```typescript
+const query = 'SELECT * FROM users WHERE id = $1';
+const result = await db.query(query, [userId]);
+```
+
+---
+
+### Recommendations (Should Fix)
+
+#### 1. Missing Error Handling
+**File**: `src/services/auth.ts:78`
+
+```typescript
+// Current
+const user = await db.findUser(email);
+return user.password; // May throw if user is null
+```
+
+**Suggestion**:
+```typescript
+const user = await db.findUser(email);
+if (!user) {
+  throw new NotFoundError('User not found');
+}
+return user.password;
+```
+
+---
+
+### Suggestions (Nice to Have)
+
+1. Consider extracting the validation logic in `src/utils/validate.ts:23` into a separate function for reusability.
+
+2. The constant `MAX_RETRIES` in `src/api/client.ts` could be moved to configuration.
+
+---
+
+### What's Good
+
+- Clean separation of concerns between controller and service layers
+- Comprehensive error handling in the authentication flow
+- Good test coverage for edge cases in `auth.test.ts`
+
+---
+
+### Summary
+
+Found **1 critical issue** (security), **2 recommendations**, and **2 suggestions**.
+
+**Priority Actions**:
+1. Fix SQL injection vulnerability immediately
+2. Add null check for user lookup
+
+**Ready for merge**: No - Critical issues must be addressed first
+```
+
+## Review Checklist
+
+### Security
+- [ ] No hardcoded secrets
+- [ ] Input validation present
+- [ ] Output encoding for rendered content
+- [ ] SQL parameterization
+- [ ] Proper auth checks
+- [ ] No eval() or dynamic code execution
+
+### Quality
+- [ ] Clear naming conventions
+- [ ] Functions are focused (single responsibility)
+- [ ] Error handling is complete
+- [ ] No commented-out code
+- [ ] No debug statements left
+
+### Testing
+- [ ] New code has tests
+- [ ] Edge cases covered
+- [ ] Tests are deterministic
+
+### Documentation
+- [ ] Public APIs documented
+- [ ] Complex logic explained
+- [ ] Breaking changes noted
+
+## Example
+
+**Input**: `/review staged`
+
+**Output**: Complete review of all staged changes with security scan, code quality assessment, and actionable feedback organized by severity.
+
+## Flags
+
+| Flag | Description | Example |
+|------|-------------|---------|
+| `--mode=[mode]` | Use specific behavioral mode | `--mode=review` |
+| `--persona=[type]` | Apply persona expertise | `--persona=security` |
+| `--depth=[1-5]` | Review thoroughness level | `--depth=5` |
+| `--format=[fmt]` | Output format (concise/detailed/json) | `--format=detailed` |
+| `--focus=[area]` | Focus on specific area | `--focus=performance` |
+| `--save` | Save review to file | `--save` |
+
+### Flag Usage Examples
+
+```bash
+/review --persona=security src/auth/
+/review --depth=5 --format=detailed staged
+/review --focus=performance src/services/heavy-computation.ts
+/review --mode=deep-research --save pr
+```
+
+### Persona Options
+
+| Persona | Focus Area |
+|---------|------------|
+| `security` | Vulnerabilities, auth, data protection |
+| `performance` | Efficiency, queries, caching |
+| `architecture` | Patterns, coupling, SOLID |
+| `testing` | Coverage, test quality |
+| `accessibility` | A11y compliance |
+
+### Focus Areas
+
+| Focus | Checks |
+|-------|--------|
+| `security` | OWASP top 10, auth, input validation |
+| `performance` | N+1, complexity, memory |
+| `quality` | Readability, maintainability |
+| `testing` | Coverage, test patterns |
+
+## MCP Integration
+
+This command leverages MCP servers for enhanced code review:
+
+### Browser tools - Visual/UI Review
+```
+For reviewing UI changes:
+- Render and screenshot components
+- Compare visual changes across browsers
+- Verify responsive behavior
+- Check accessibility in real browser
+```
+
+### Memory - Review Context
+```
+Store and recall review context:
+- Remember past review decisions
+- Recall user's coding standards
+- Store patterns approved/rejected previously
+- Track recurring issues across reviews
+```
+
+### Reasoning - Systematic Analysis
+```
+For thorough code analysis:
+- Step through complex logic systematically
+- Track multiple concerns in parallel
+- Build comprehensive issue list
+- Revise severity as context emerges
+```
+
+### Filesystem - Code Access
+```
+For reviewing file changes:
+- Use view_file to examine code
+- Use grep_search to find related patterns
+- Check for similar issues across codebase
+```
+
+<!-- CUSTOMIZATION POINT -->
+## Variations
+
+Modify behavior via CLAUDE.md:
+- Set required review checklist items
+- Define severity levels
+- Configure approval criteria
+- Set documentation requirements
+
+
+## Gap Analysis Rule
+Always identify gaps and suggest next steps to users. In case there is no gaps anymore, then AI should clearly state that there is no gap left.

package/.agent/workflows/security-scan.md

@@ -0,0 +1,56 @@
+# /security-scan - Security Scanning Command
+
+## Purpose
+
+Scan code and dependencies for security vulnerabilities.
+
+## Usage
+
+```
+/security-scan [scope: deps | code | secrets | all]
+```
+
+---
+
+Run security scan: **$ARGUMENTS**
+
+## Workflow
+
+### Dependency Scan
+
+```bash
+npm audit
+pip-audit
+```
+
+### Code Scan
+
+- SQL injection patterns
+- XSS vulnerabilities
+- Command injection
+
+### Secret Detection
+
+- API keys
+- Passwords
+- Tokens
+
+## Output
+
+```markdown
+## Security Scan Results
+
+### Summary
+| Type | Critical | High | Medium |
+|------|----------|------|--------|
+| Dependencies | 0 | 2 | 5 |
+| Code | 0 | 1 | 3 |
+| Secrets | 0 | 0 | 0 |
+
+### Findings
+[Detailed findings with remediation]
+```
+
+
+## Gap Analysis Rule
+Always identify gaps and suggest next steps to users. In case there is no gaps anymore, then AI should clearly state that there is no gap left.