agents-templated 2.2.11 → 2.2.12

package/templates/agents/commands/test.md

@@ -1,34 +1,58 @@
-# /test
-
-## A. Intent
-Generate or execute deterministic test plans and test artifacts.
-
-## B. When to Use
-Use for feature validation, regression prevention, and release readiness.
-
-## C. Required Inputs
-- Target scope
-- Test level
-- Expected behavior
-
-## D. Deterministic Execution Flow
-1. Resolve test scope.
-2. Map behavior to test cases.
-3. Execute or generate tests.
-4. Capture pass/fail artifacts.
-5. Classify failures.
-6. Emit test report.
-
-## E. Structured Output Template
-- `scope`
-- `test_matrix[]`
-- `execution_results[]`
-- `coverage_delta`
-- `failures[]`
-
-## F. Stop Conditions
-- Unavailable runtime.
-- Undefined scope.
-
-## G. Safety Constraints
-- Do not mark success if critical tests are skipped.
+# /test
+
+## A. Intent
+Run deterministic validation and gate release readiness based on test evidence.
+
+## B. When to Use
+- Use when validating behavior after implementation or before merge/release.
+- This command now includes quality-gate behavior; do not use /quality-gate.
+
+## C. Context Assumptions
+- Test targets are defined.
+- Required environments are available.
+- Pass/fail criteria are explicit.
+
+## D. Required Inputs
+| Input | Type | Example |
+|---------------------|------------|----------------------------------|
+| `test_scope` | string | "api regression" |
+| `test_suites` | string[] | ["unit", "integration", "critical-flow"] |
+| `evidence_artifact` | artifact | test report path or CI run URL |
+
+## E. Pre-Execution Guards <- fail fast, check ALL before running
+- [ ] test scope is non-empty
+- [ ] critical test suites are executable
+- [ ] pass criteria are declared
+
+## F. Execution Flow
+1. Collect test targets and runtime config.
+2. Execute suites in deterministic order.
+3. Aggregate results and failures.
+4. Decision point ->
+   - condition A -> critical failures present -> gate = blocked
+   - condition B ->  no critical failures -> gate = pass.
+5. Build validation evidence and remediation list.
+6. Emit test and gate report.
+
+## G. Output Schema
+
+```json
+{
+  "test_run_id": "string",
+  "results": ["array","of","strings"],
+  "gate_status": "low | medium | high",
+  "blocker": "string | null"
+}
+```
+
+## H. Output Target
+- Default delivery: stdout
+- Override flag: --output=<target>
+
+## I. Stop Conditions <- abort with error message, never emit partial output
+- critical test suite cannot run
+- result schema cannot be produced
+
+## J. Safety Constraints
+- Hard block: hard block when critical flow tests fail
+- Warn only: warn when flaky tests are excluded with justification

package/templates/agents/commands/ux-bar.md

@@ -1,33 +1,58 @@
-# /ux-bar
-
-## A. Intent
-Set a minimum UX quality bar with clear criteria before UI implementation.
-
-## B. When to Use
-Use when a feature has user-facing interaction or visual design impact.
-
-## C. Required Inputs
-- Target user flow
-- Existing design language
-- Accessibility requirements
-
-## D. Deterministic Execution Flow
-1. Evaluate key interaction states.
-2. Check visual hierarchy and clarity.
-3. Validate accessibility coverage.
-4. Identify UX risks and gaps.
-5. Emit UX quality checklist.
-
-## E. Structured Output Template
-- `ux_scorecard[]`
-- `interaction_states[]`
-- `accessibility_checks[]`
-- `ux_gaps[]`
-- `improvements[]`
-
-## F. Stop Conditions
-- Critical flow has undefined state handling.
-- Accessibility constraints are missing.
-
-## G. Safety Constraints
-- Preserve existing design system patterns unless an explicit redesign is approved.
+# /ux-bar
+
+## A. Intent
+Assess UX quality bar and guarantee core interaction states are defined before build.
+
+## B. When to Use
+- Use when UX quality and accessibility need pre-implementation validation.
+- Do not use as a replacement for visual design exploration.
+
+## C. Context Assumptions
+- Scope and architecture are available.
+- Primary user flows are identified.
+- Design references exist.
+
+## D. Required Inputs
+| Input | Type | Example |
+|---------------------|------------|----------------------------------|
+| `ux_goal` | string | "reduce checkout friction" |
+| `flows` | string[] | ["cart", "payment", "confirmation"] |
+| `design_artifact` | artifact | wireframes, Figma link, screenshots |
+
+## E. Pre-Execution Guards <- fail fast, check ALL before running
+- [ ] critical flows are enumerated
+- [ ] interaction states include loading/error/empty
+- [ ] accessibility checks are defined
+
+## F. Execution Flow
+1. Review flows and interaction states.
+2. Evaluate accessibility and usability risks.
+3. Score UX gaps by severity.
+4. Decision point ->
+   - condition A -> critical UX gap -> block readiness
+   - condition B ->  manageable gaps -> continue.
+5. Build prioritized improvement list.
+6. Emit UX quality package.
+
+## G. Output Schema
+
+```json
+{
+  "ux_review_id": "string",
+  "ux_gaps": ["array","of","strings"],
+  "severity": "low | medium | high",
+  "blocker": "string | null"
+}
+```
+
+## H. Output Target
+- Default delivery: stdout
+- Override flag: --output=<target>
+
+## I. Stop Conditions <- abort with error message, never emit partial output
+- critical flow lacks defined interaction states
+- accessibility baseline is not addressed
+
+## J. Safety Constraints
+- Hard block: hard block on unaddressed critical accessibility failures
+- Warn only: warn when medium UX issues are deferred

package/templates/agents/skills/README.md

@@ -61,6 +61,12 @@ To create a new skill for your specific domain:
 │   └── SKILL.md              # Systematic feature scoping and execution contracts
 ├── bug-triage/
 │   └── SKILL.md              # Reproduction-first debugging and regression workflows
+├── debug-skill/
+│   └── SKILL.md              # Breakpoint-first debugging and execution tracing
+├── secure-code-guardian/
+│   └── SKILL.md              # Secure-by-default coding for auth and input boundaries
+├── feature-forge/
+│   └── SKILL.md              # Requirements forging before implementation starts
 ├── error-patterns/
 │   └── SKILL.md              # Persistent debugging memory and known-fix application
 ├── app-hardening/
@@ -102,6 +108,9 @@ Consider creating skills for:
 
 - `feature-delivery`: Use when user asks are broad and you need objective, scope, acceptance criteria, and validation plan.
 - `bug-triage`: Use for defects and regressions requiring reproducible evidence, root-cause isolation, and minimal safe patches.
+- `debug-skill`: Use for breakpoint-driven debugging, execution tracing, and variable-state inspection.
+- `secure-code-guardian`: Use for secure-by-default implementation across auth, secrets, and untrusted input.
+- `feature-forge`: Use before coding to turn rough asks into execution-ready requirements and acceptance criteria.
 - `error-patterns`: Use when errors repeat to apply known fixes from lessons-learned and automatically record new resolutions.
 - `app-hardening`: Use for high-risk/distributed runtimes to enforce hardening profile, obfuscation decisions, and release evidence.
 - `shadcn-ui`: Use for shadcn/ui installation, component composition, form patterns, and theme customization.

package/templates/agents/skills/debug-skill/SKILL.md

@@ -0,0 +1,39 @@
+---
+name: debug-skill
+description: Enables breakpoint-driven debugging workflows with execution tracing, state inspection, and root-cause proof before patching.
+---
+
+# Debug Skill
+
+Use this skill when the user is stuck on a bug and needs debugger-style investigation instead of print-guessing.
+
+## Trigger Conditions
+
+- User asks to debug, set breakpoints, step through code, or inspect runtime state.
+- A bug is intermittent, difficult to localize, or likely branch/state dependent.
+- Existing logs are insufficient to prove root cause.
+
+## Workflow
+
+1. Confirm a reproducible scenario and expected vs actual behavior.
+2. Define a checkpoint plan (breakpoints/log points/frames).
+3. Trace execution order across checkpoints.
+4. Capture variable-state transitions at failure boundaries.
+5. Prove root cause with execution evidence.
+6. Apply the smallest safe patch and run focused regressions.
+
+## Output Contract
+
+- Reproduction summary
+- Checkpoint plan
+- Execution trace highlights
+- State snapshots at critical steps
+- Root-cause finding
+- Minimal patch plan
+- Regression checks and residual risk
+
+## Guardrails
+
+- Do not ship speculative fixes without trace-backed evidence.
+- Do not skip regression validation after state-sensitive fixes.
+- If reproduction fails, stop and request missing runtime context.

package/templates/agents/skills/feature-forge/SKILL.md

@@ -0,0 +1,39 @@
+---
+name: feature-forge
+description: Turns vague feature requests into execution-ready requirements, acceptance criteria, and validation plans before coding starts.
+---
+
+# Feature Forge
+
+Use this skill before implementation when feature requests are high-level, ambiguous, or under-specified.
+
+## Trigger Conditions
+
+- User says build/add/create/implement without a full spec.
+- Requirements are broad or mixed between business and technical language.
+- Scope boundaries and acceptance criteria are unclear.
+
+## Workflow
+
+1. Restate objective and target user outcome.
+2. Define in-scope and out-of-scope boundaries.
+3. Convert asks into concrete functional requirements.
+4. Produce testable acceptance criteria.
+5. Split work into dependency-ordered slices.
+6. Define validation approach and rollback notes.
+
+## Output Contract
+
+- Objective summary
+- Scope in/out
+- Functional requirements
+- Acceptance criteria
+- Implementation slices
+- Validation plan
+- Risks, assumptions, and rollback notes
+
+## Guardrails
+
+- Do not move to implementation planning without explicit scope boundaries.
+- Keep acceptance criteria measurable and testable.
+- Raise blockers when requirements conflict or remain ambiguous.

package/templates/agents/skills/secure-code-guardian/SKILL.md

@@ -0,0 +1,39 @@
+---
+name: secure-code-guardian
+description: Enforces secure-by-default implementation for auth, credentials, and untrusted input paths with OWASP-aligned controls.
+---
+
+# Secure Code Guardian
+
+Use this skill when building or reviewing features that touch authentication, secrets, session logic, or user-controlled input.
+
+## Trigger Conditions
+
+- User asks for secure implementation, auth, JWT, password handling, or OWASP checks.
+- New endpoints, forms, or integrations expose untrusted input boundaries.
+- A feature handles sensitive data, identity, or permissions.
+
+## Workflow
+
+1. Map trust boundaries, actors, and attack surface.
+2. Define authentication and authorization requirements.
+3. Apply input validation and injection defenses at boundaries.
+4. Enforce credential/secrets handling and safe logging rules.
+5. Add abuse protection controls (rate limiting, lockouts, replay defenses where relevant).
+6. Define security tests and residual risk before ship recommendation.
+
+## Output Contract
+
+- Attack surface map
+- Security requirements
+- Applied controls by boundary
+- OWASP alignment notes
+- Security validation checklist
+- Residual risks and mitigations
+- Ship/block recommendation
+
+## Guardrails
+
+- Never trust client-side validation alone.
+- Never expose secrets, credentials, or sensitive payloads in logs.
+- Block release recommendation if critical controls are missing.

package/agents/commands/docs-sync.md

@@ -1,33 +0,0 @@
-# /docs-sync
-
-## A. Intent
-Keep documentation aligned with shipped behavior and contract changes.
-
-## B. When to Use
-Use after implementation or release-prep changes.
-
-## C. Required Inputs
-- Code changes summary
-- Updated behavior/contracts
-- Target documentation set
-
-## D. Deterministic Execution Flow
-1. Identify behavior and API changes.
-2. Locate affected docs.
-3. Update docs with minimal accurate edits.
-4. Verify examples and command references.
-5. Emit documentation update summary.
-
-## E. Structured Output Template
-- `docs_updated[]`
-- `behavior_changes[]`
-- `contract_updates[]`
-- `example_checks[]`
-- `remaining_doc_gaps[]`
-
-## F. Stop Conditions
-- Behavior changed with no corresponding doc update.
-- Example commands are unverified.
-
-## G. Safety Constraints
-- Do not publish stale setup or command instructions.

package/agents/commands/perf-scan.md

@@ -1,33 +0,0 @@
-# /perf-scan
-
-## A. Intent
-Measure baseline performance and detect regressions with deterministic thresholds.
-
-## B. When to Use
-Use before and after performance-sensitive changes.
-
-## C. Required Inputs
-- Baseline context
-- Target endpoints or flows
-- Performance thresholds
-
-## D. Deterministic Execution Flow
-1. Capture baseline metrics.
-2. Execute candidate workload.
-3. Compare p95/p99 latency and error rates.
-4. Flag regressions with threshold deltas.
-5. Emit optimization priorities.
-
-## E. Structured Output Template
-- `baseline_metrics`
-- `candidate_metrics`
-- `regressions[]`
-- `threshold_checks[]`
-- `recommendations[]`
-
-## F. Stop Conditions
-- Baseline missing.
-- Thresholds undefined.
-
-## G. Safety Constraints
-- Avoid performance claims without before/after evidence.

package/agents/commands/quality-gate.md

@@ -1,33 +0,0 @@
-# /quality-gate
-
-## A. Intent
-Enforce quality gates using test signals, behavior checks, and regression controls.
-
-## B. When to Use
-Use before release, and after major bug fixes.
-
-## C. Required Inputs
-- Target build/revision
-- Test scope
-- Critical user flows
-
-## D. Deterministic Execution Flow
-1. Run required test layers.
-2. Validate critical user flows.
-3. Inspect flaky or unstable results.
-4. Define required remediations.
-5. Emit pass/conditional/block outcome.
-
-## E. Structured Output Template
-- `test_results[]`
-- `critical_flow_status[]`
-- `quality_findings[]`
-- `required_fixes[]`
-- `gate_status`
-
-## F. Stop Conditions
-- Critical flow untested.
-- Required tests failed.
-
-## G. Safety Constraints
-- Do not mark pass when critical regressions remain open.

package/agents/commands/refactor.md

@@ -1,34 +0,0 @@
-# /refactor
-
-## A. Intent
-Improve internal structure without changing externally observable behavior.
-
-## B. When to Use
-Use for maintainability and modularity improvements.
-
-## C. Required Inputs
-- Target component/module
-- Non-functional goals
-- Behavior invariants
-
-## D. Deterministic Execution Flow
-1. Capture behavior invariants.
-2. Define refactor units.
-3. Apply one unit at a time.
-4. Verify invariants after each unit.
-5. Measure complexity delta.
-6. Emit refactor report.
-
-## E. Structured Output Template
-- `target`
-- `invariants[]`
-- `transformations[]`
-- `behavior_check_results[]`
-- `complexity_delta`
-
-## F. Stop Conditions
-- Invariant violation.
-- Missing baseline behavior.
-
-## G. Safety Constraints
-- Abort on behavior-change risk.

package/agents/commands/scaffold.md

@@ -1,34 +0,0 @@
-# /scaffold
-
-## A. Intent
-Create deterministic project/module boilerplate with secure defaults.
-
-## B. When to Use
-Use to initialize new modules/features with approved structure.
-
-## C. Required Inputs
-- Target module name
-- Runtime/stack
-- Required patterns
-
-## D. Deterministic Execution Flow
-1. Validate target path non-conflict.
-2. Resolve scaffold template.
-3. Generate file tree.
-4. Apply secure defaults.
-5. Generate baseline tests.
-6. Emit scaffold manifest.
-
-## E. Structured Output Template
-- `target`
-- `template_source`
-- `files_created[]`
-- `secure_defaults[]`
-- `tests_created[]`
-
-## F. Stop Conditions
-- Path collision.
-- Unsupported template/runtime.
-
-## G. Safety Constraints
-- Do not overwrite existing files without explicit confirmation.

package/templates/agents/commands/docs-sync.md

@@ -1,33 +0,0 @@
-# /docs-sync
-
-## A. Intent
-Keep documentation aligned with shipped behavior and contract changes.
-
-## B. When to Use
-Use after implementation or release-prep changes.
-
-## C. Required Inputs
-- Code changes summary
-- Updated behavior/contracts
-- Target documentation set
-
-## D. Deterministic Execution Flow
-1. Identify behavior and API changes.
-2. Locate affected docs.
-3. Update docs with minimal accurate edits.
-4. Verify examples and command references.
-5. Emit documentation update summary.
-
-## E. Structured Output Template
-- `docs_updated[]`
-- `behavior_changes[]`
-- `contract_updates[]`
-- `example_checks[]`
-- `remaining_doc_gaps[]`
-
-## F. Stop Conditions
-- Behavior changed with no corresponding doc update.
-- Example commands are unverified.
-
-## G. Safety Constraints
-- Do not publish stale setup or command instructions.

package/templates/agents/commands/perf-scan.md

@@ -1,33 +0,0 @@
-# /perf-scan
-
-## A. Intent
-Measure baseline performance and detect regressions with deterministic thresholds.
-
-## B. When to Use
-Use before and after performance-sensitive changes.
-
-## C. Required Inputs
-- Baseline context
-- Target endpoints or flows
-- Performance thresholds
-
-## D. Deterministic Execution Flow
-1. Capture baseline metrics.
-2. Execute candidate workload.
-3. Compare p95/p99 latency and error rates.
-4. Flag regressions with threshold deltas.
-5. Emit optimization priorities.
-
-## E. Structured Output Template
-- `baseline_metrics`
-- `candidate_metrics`
-- `regressions[]`
-- `threshold_checks[]`
-- `recommendations[]`
-
-## F. Stop Conditions
-- Baseline missing.
-- Thresholds undefined.
-
-## G. Safety Constraints
-- Avoid performance claims without before/after evidence.

package/templates/agents/commands/quality-gate.md

@@ -1,33 +0,0 @@
-# /quality-gate
-
-## A. Intent
-Enforce quality gates using test signals, behavior checks, and regression controls.
-
-## B. When to Use
-Use before release, and after major bug fixes.
-
-## C. Required Inputs
-- Target build/revision
-- Test scope
-- Critical user flows
-
-## D. Deterministic Execution Flow
-1. Run required test layers.
-2. Validate critical user flows.
-3. Inspect flaky or unstable results.
-4. Define required remediations.
-5. Emit pass/conditional/block outcome.
-
-## E. Structured Output Template
-- `test_results[]`
-- `critical_flow_status[]`
-- `quality_findings[]`
-- `required_fixes[]`
-- `gate_status`
-
-## F. Stop Conditions
-- Critical flow untested.
-- Required tests failed.
-
-## G. Safety Constraints
-- Do not mark pass when critical regressions remain open.

package/templates/agents/commands/refactor.md

@@ -1,34 +0,0 @@
-# /refactor
-
-## A. Intent
-Improve internal structure without changing externally observable behavior.
-
-## B. When to Use
-Use for maintainability and modularity improvements.
-
-## C. Required Inputs
-- Target component/module
-- Non-functional goals
-- Behavior invariants
-
-## D. Deterministic Execution Flow
-1. Capture behavior invariants.
-2. Define refactor units.
-3. Apply one unit at a time.
-4. Verify invariants after each unit.
-5. Measure complexity delta.
-6. Emit refactor report.
-
-## E. Structured Output Template
-- `target`
-- `invariants[]`
-- `transformations[]`
-- `behavior_check_results[]`
-- `complexity_delta`
-
-## F. Stop Conditions
-- Invariant violation.
-- Missing baseline behavior.
-
-## G. Safety Constraints
-- Abort on behavior-change risk.

package/templates/agents/commands/scaffold.md

@@ -1,34 +0,0 @@
-# /scaffold
-
-## A. Intent
-Create deterministic project/module boilerplate with secure defaults.
-
-## B. When to Use
-Use to initialize new modules/features with approved structure.
-
-## C. Required Inputs
-- Target module name
-- Runtime/stack
-- Required patterns
-
-## D. Deterministic Execution Flow
-1. Validate target path non-conflict.
-2. Resolve scaffold template.
-3. Generate file tree.
-4. Apply secure defaults.
-5. Generate baseline tests.
-6. Emit scaffold manifest.
-
-## E. Structured Output Template
-- `target`
-- `template_source`
-- `files_created[]`
-- `secure_defaults[]`
-- `tests_created[]`
-
-## F. Stop Conditions
-- Path collision.
-- Unsupported template/runtime.
-
-## G. Safety Constraints
-- Do not overwrite existing files without explicit confirmation.