aiblueprint-cli 1.4.42 → 1.4.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/claude-code-config/skills/apex/SKILL.md +229 -84
  2. package/claude-code-config/skills/apex/scripts/setup-templates.sh +6 -50
  3. package/claude-code-config/skills/apex/steps/step-00-init.md +33 -39
  4. package/claude-code-config/skills/apex/steps/step-00b-interactive.md +1 -13
  5. package/claude-code-config/skills/apex/steps/step-01-analyze.md +17 -36
  6. package/claude-code-config/skills/apex/steps/step-02-plan.md +24 -353
  7. package/claude-code-config/skills/apex/steps/step-03-execute.md +0 -1
  8. package/claude-code-config/skills/apex/steps/step-04-validate.md +26 -41
  9. package/claude-code-config/skills/apex/templates/00-context.md +0 -10
  10. package/claude-code-config/skills/apex/templates/README.md +6 -25
  11. package/dist/cli.js +27 -1
  12. package/package.json +1 -1
  13. package/claude-code-config/skills/apex/steps/step-00b-save.md +0 -123
  14. package/claude-code-config/skills/apex/steps/step-02b-tasks.md +0 -301
  15. package/claude-code-config/skills/apex/steps/step-03-execute-teams.md +0 -296
  16. package/claude-code-config/skills/apex/steps/step-05-examine.md +0 -351
  17. package/claude-code-config/skills/apex/steps/step-06-resolve.md +0 -238
  18. package/claude-code-config/skills/apex/steps/step-07-tests.md +0 -250
  19. package/claude-code-config/skills/apex/steps/step-08-run-tests.md +0 -308
  20. package/claude-code-config/skills/apex/steps/step-09-finish.md +0 -223
  21. package/claude-code-config/skills/apex/templates/05-examine.md +0 -10
  22. package/claude-code-config/skills/apex/templates/06-resolve.md +0 -10
  23. package/claude-code-config/skills/apex/templates/07-tests.md +0 -10
  24. package/claude-code-config/skills/apex/templates/08-run-tests.md +0 -10
  25. package/claude-code-config/skills/apex/templates/09-finish.md +0 -10
@@ -1,351 +0,0 @@
1
- ---
2
- name: step-05-examine
3
- description: Adversarial code review - security, logic, and quality analysis
4
- prev_step: steps/step-04-validate.md
5
- next_step: steps/step-06-resolve.md
6
- ---
7
-
8
- # Step 5: Examine (Adversarial Review)
9
-
10
- ## MANDATORY EXECUTION RULES (READ FIRST):
11
-
12
- - 🛑 NEVER skip security review
13
- - 🛑 NEVER dismiss findings without justification
14
- - 🛑 NEVER auto-approve without thorough review
15
- - ✅ ALWAYS check OWASP top 10 vulnerabilities
16
- - ✅ ALWAYS classify findings by severity and validity
17
- - ✅ ALWAYS present findings table to user
18
- - 📋 YOU ARE A SKEPTICAL REVIEWER, not a defender
19
- - 💬 FOCUS on "What could go wrong?"
20
- - 🚫 FORBIDDEN to approve without thorough analysis
21
-
22
- ## EXECUTION PROTOCOLS:
23
-
24
- - 🎯 Launch 3+ parallel review agents via Task tool in ONE message (unless economy_mode)
25
- - 🛑 NEVER launch only 1 review agent — you MUST launch Security + Logic + Clean Code as separate agents
26
- - 💾 Document all findings with severity
27
- - 📖 Create todos for each finding
28
- - 🚫 FORBIDDEN to skip security analysis
29
- - 🚫 FORBIDDEN to combine review categories into a single agent
30
-
31
- ## CONTEXT BOUNDARIES:
32
-
33
- - Implementation is complete and validated
34
- - All tests pass
35
- - Now looking for issues that tests miss
36
- - Adversarial mindset - assume bugs exist
37
- - **If `{teams_mode}` = true:** Agent team is still alive. Do NOT shutdown teammates — that happens in step-09-finish only.
38
-
39
- ## YOUR TASK:
40
-
41
- Conduct an adversarial code review to identify security vulnerabilities, logic flaws, and quality issues.
42
-
43
- ---
44
-
45
- <available_state>
46
- From previous steps:
47
-
48
- | Variable | Description |
49
- |----------|-------------|
50
- | `{task_description}` | What was implemented |
51
- | `{task_id}` | Kebab-case identifier |
52
- | `{auto_mode}` | Auto-fix Real findings |
53
- | `{save_mode}` | Save outputs to files |
54
- | `{economy_mode}` | No subagents, direct review |
55
- | `{output_dir}` | Path to output (if save_mode) |
56
- | Files modified | From step-03 |
57
- </available_state>
58
-
59
- ---
60
-
61
- ## EXECUTION SEQUENCE:
62
-
63
- ### 1. Initialize Save Output (if save_mode)
64
-
65
- **If `{save_mode}` = true:**
66
-
67
- ```bash
68
- bash {skill_dir}/scripts/update-progress.sh "{task_id}" "05" "examine" "in_progress"
69
- ```
70
-
71
- Append findings to `{output_dir}/05-examine.md` as you work.
72
-
73
- ### 2. Gather Changes
74
-
75
- ```bash
76
- git diff --name-only HEAD~1
77
- git status --porcelain
78
- ```
79
-
80
- Group files: source, tests, config, other.
81
-
82
- ### 3. Conduct Review
83
-
84
- **If `{economy_mode}` = true:**
85
- → Self-review with checklist:
86
-
87
- ```markdown
88
- ## Security Checklist
89
- - [ ] No SQL injection (parameterized queries)
90
- - [ ] No XSS (output encoding)
91
- - [ ] No secrets in code
92
- - [ ] Input validation present
93
- - [ ] Auth checks on protected routes
94
-
95
- ## Logic Checklist
96
- - [ ] Error handling for all failure modes
97
- - [ ] Edge cases handled
98
- - [ ] Null/undefined checks
99
- - [ ] Race conditions considered
100
-
101
- ## Quality Checklist
102
- - [ ] Follows existing patterns
103
- - [ ] No code duplication
104
- - [ ] Clear naming
105
- ```
106
-
107
- **If `{economy_mode}` = false:**
108
- → Launch parallel review agents using the **Task tool**
109
-
110
- **🛑 CRITICAL: You MUST launch ALL 3 agents (or 4 if Next.js) in a SINGLE message using MULTIPLE Task tool calls. DO NOT launch them one at a time. DO NOT use only 1 agent. Each agent reviews a DIFFERENT aspect.**
111
-
112
- First, gather the list of modified files:
113
- ```bash
114
- git diff --name-only HEAD~1
115
- ```
116
-
117
- Then, in **ONE message with 3+ parallel Task tool calls**, launch:
118
-
119
- ---
120
-
121
- **Agent 1: Security Review** — `subagent_type: "code-reviewer"`
122
- ```
123
- prompt: |
124
- You are a SECURITY reviewer. Review ONLY the following files for security vulnerabilities:
125
- {list of modified files}
126
-
127
- Focus exclusively on:
128
- - OWASP Top 10: injection flaws (SQL, command, XSS)
129
- - Authentication and authorization issues
130
- - Sensitive data exposure (secrets, tokens, PII in logs)
131
- - Security misconfiguration
132
- - Insecure deserialization
133
- - Missing input validation at system boundaries
134
-
135
- For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
136
- If no security issues found, explicitly state "No security issues found."
137
- ```
138
-
139
- ---
140
-
141
- **Agent 2: Logic & Edge Cases Review** — `subagent_type: "code-reviewer"`
142
- ```
143
- prompt: |
144
- You are a LOGIC reviewer. Review ONLY the following files for logic correctness:
145
- {list of modified files}
146
-
147
- Focus exclusively on:
148
- - Edge cases not handled (empty arrays, null/undefined, boundary values)
149
- - Race conditions and concurrency issues
150
- - Incorrect conditional logic or off-by-one errors
151
- - Missing error handling for failure modes
152
- - State management bugs
153
- - Incorrect assumptions about data shape or types
154
-
155
- For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
156
- If no logic issues found, explicitly state "No logic issues found."
157
- ```
158
-
159
- ---
160
-
161
- **Agent 3: Clean Code & Quality Review** — `subagent_type: "code-reviewer"`
162
- ```
163
- prompt: |
164
- You are a CLEAN CODE reviewer. Review ONLY the following files for code quality:
165
- {list of modified files}
166
-
167
- Focus exclusively on:
168
- - SOLID principle violations
169
- - Code smells (long methods, god objects, feature envy)
170
- - Cyclomatic complexity > 10
171
- - Code duplication > 20 lines
172
- - Naming that doesn't communicate intent
173
- - Functions doing too many things
174
-
175
- For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
176
- If no quality issues found, explicitly state "No quality issues found."
177
- ```
178
-
179
- ---
180
-
181
- **Agent 4: Vercel/Next.js Best Practices** (CONDITIONAL — launch alongside Agents 1-3)
182
-
183
- → **Detection:** Check if modified files match Next.js/Vercel patterns:
184
- ```
185
- - *.tsx, *.jsx files in app/, pages/, components/
186
- - next.config.* files
187
- - Server actions (use server)
188
- - API routes (app/api/*, pages/api/*)
189
- - Middleware (middleware.ts)
190
- - Server components, client components
191
- ```
192
-
193
- → **If Next.js/Vercel code detected:** Add a 4th parallel Task tool call:
194
-
195
- `subagent_type: "code-reviewer"`
196
- ```
197
- prompt: |
198
- You are a NEXT.JS / REACT PERFORMANCE reviewer. Review ONLY the following files:
199
- {list of modified files}
200
-
201
- Focus exclusively on:
202
- - Sequential awaits that should use Promise.all for parallel fetching
203
- - Barrel imports causing bundle bloat (import from index files)
204
- - Missing dynamic imports for heavy client components
205
- - Server-side caching opportunities (React cache, unstable_cache)
206
- - Unnecessary re-renders (missing memo, useMemo, useCallback)
207
- - Wrong Server vs Client component boundaries
208
- - Data fetching patterns (preloading, parallel fetching, waterfall detection)
209
-
210
- For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
211
- If no performance issues found, explicitly state "No performance issues found."
212
- ```
213
-
214
- → **If NOT Next.js/Vercel code:** Skip this agent (launch only Agents 1-3)
215
-
216
- ---
217
-
218
- **🛑 REMINDER: You MUST have 3+ Task tool calls in a SINGLE response. If you only launched 1 agent, you are doing it WRONG. Go back and launch all agents.**
219
-
220
- ### 4. Classify Findings
221
-
222
- For each finding:
223
-
224
- **Severity:**
225
- - CRITICAL: Security vulnerability, data loss risk
226
- - HIGH: Significant bug, will cause issues
227
- - MEDIUM: Should fix, not urgent
228
- - LOW: Minor improvement
229
-
230
- **Validity:**
231
- - Real: Definitely needs fixing
232
- - Noise: Not actually a problem
233
- - Uncertain: Needs discussion
234
-
235
- ### 5. Present Findings Table
236
-
237
- ```markdown
238
- ## Findings
239
-
240
- | ID | Severity | Category | Location | Issue | Validity |
241
- |----|----------|----------|----------|-------|----------|
242
- | F1 | CRITICAL | Security | auth.ts:42 | SQL injection | Real |
243
- | F2 | HIGH | Logic | handler.ts:78 | Missing null check | Real |
244
- | F3 | MEDIUM | Quality | utils.ts:15 | Complex function | Uncertain |
245
-
246
- **Summary:** {count} findings ({blocking} blocking)
247
- ```
248
-
249
- ### 6. Create Finding Todos
250
-
251
- ```
252
- - [ ] F1 [CRITICAL] Fix SQL injection in auth.ts:42
253
- - [ ] F2 [HIGH] Add null check in handler.ts:78
254
- ```
255
-
256
- ### 7. Get User Approval (review → resolve/test)
257
-
258
- **If `{auto_mode}` = true:**
259
- → Proceed automatically based on findings
260
-
261
- **If `{auto_mode}` = false:**
262
-
263
- ```yaml
264
- questions:
265
- - header: "Review"
266
- question: "Review complete. How would you like to proceed?"
267
- options:
268
- - label: "Resolve findings (Recommended)"
269
- description: "Address the identified issues"
270
- - label: "Skip to tests"
271
- description: "Skip resolution, proceed to test creation"
272
- - label: "Skip resolution"
273
- description: "Accept findings, don't make changes"
274
- - label: "Discuss findings"
275
- description: "I want to discuss specific findings"
276
- multiSelect: false
277
- ```
278
-
279
- <critical>
280
- This is one of the THREE transition points that requires user confirmation:
281
- 1. plan → execute
282
- 2. validate → review
283
- 3. review → resolve/test (THIS ONE)
284
- </critical>
285
-
286
- ### 8. Complete Save Output (if save_mode)
287
-
288
- **If `{save_mode}` = true:**
289
-
290
- Append to `{output_dir}/05-examine.md`:
291
- ```markdown
292
- ---
293
- ## Step Complete
294
- **Status:** ✓ Complete
295
- **Findings:** {count}
296
- **Critical:** {count}
297
- **Next:** step-06-resolve.md
298
- **Timestamp:** {ISO timestamp}
299
- ```
300
-
301
- ---
302
-
303
- ## SUCCESS METRICS:
304
-
305
- ✅ All modified files reviewed
306
- ✅ Security checklist completed
307
- ✅ Findings classified by severity
308
- ✅ Validity assessed for each finding
309
- ✅ Findings table presented
310
- ✅ Todos created for tracking
311
- ✅ Next.js/Vercel best practices checked (if applicable)
312
-
313
- ## FAILURE MODES:
314
-
315
- ❌ **CRITICAL**: Launching only 1 review agent instead of 3+ — each category (Security, Logic, Clean Code) MUST be a separate agent
316
- ❌ Combining multiple review categories into a single agent prompt
317
- ❌ Skipping security review
318
- ❌ Not classifying by severity
319
- ❌ Auto-dismissing findings
320
- ❌ Launching agents sequentially instead of in parallel
321
- ❌ Using subagents when economy_mode
322
- ❌ Skipping Vercel/Next.js review when React/Next.js files are modified
323
- ❌ **CRITICAL**: Not using AskUserQuestion for review → resolve/test transition
324
-
325
- ## REVIEW PROTOCOLS:
326
-
327
- - Adversarial mindset - assume bugs exist
328
- - Check security FIRST
329
- - Every finding gets severity and validity
330
- - Don't dismiss without justification
331
- - Present clear summary
332
-
333
- ---
334
-
335
- ## NEXT STEP:
336
-
337
- After user confirms via AskUserQuestion (or auto-proceed):
338
-
339
- **If user chooses "Resolve findings":** → Load `./step-06-resolve.md`
340
-
341
- **If user chooses "Skip to tests" (and test_mode):** → Load `./step-07-tests.md`
342
-
343
- **If user chooses "Skip resolution":**
344
- - **If test_mode:** → Load `./step-07-tests.md`
345
- - **If pr_mode:** → Load `./step-09-finish.md` to create pull request
346
- - **Otherwise:** → Workflow complete - show summary
347
-
348
- <critical>
349
- Remember: Be SKEPTICAL - your job is to find problems, not approve code!
350
- This step MUST ask before proceeding (unless auto_mode).
351
- </critical>
@@ -1,238 +0,0 @@
1
- ---
2
- name: step-06-resolve
3
- description: Resolve findings - interactively address review issues
4
- prev_step: steps/step-05-examine.md
5
- next_step: COMPLETE
6
- ---
7
-
8
- # Step 6: Resolve Findings
9
-
10
- ## MANDATORY EXECUTION RULES (READ FIRST):
11
-
12
- - 🛑 NEVER auto-fix Noise or Uncertain findings
13
- - 🛑 NEVER skip validation after fixes
14
- - ✅ ALWAYS present resolution options to user (unless auto_mode)
15
- - ✅ ALWAYS validate after applying fixes
16
- - ✅ ALWAYS provide clear completion summary
17
- - 📋 YOU ARE A RESOLVER, addressing identified issues
18
- - 💬 FOCUS on "How do we fix these issues?"
19
- - 🚫 FORBIDDEN to proceed with failing validation
20
-
21
- ## EXECUTION PROTOCOLS:
22
-
23
- - 🎯 Present resolution options first
24
- - 💾 Log each fix applied (if save_mode)
25
- - 📖 Validate after all fixes
26
- - 🚫 FORBIDDEN to skip post-fix validation
27
-
28
- ## CONTEXT BOUNDARIES:
29
-
30
- - Findings from step-05 are classified
31
- - Some are Real, some Noise, some Uncertain
32
- - User may want different resolution strategies
33
- - Must validate after any changes
34
- - **If `{teams_mode}` = true:** Agent team is still alive. Do NOT shutdown teammates — that happens in step-09-finish only.
35
-
36
- ## YOUR TASK:
37
-
38
- Address adversarial review findings interactively - fix real issues, dismiss noise, discuss uncertain items.
39
-
40
- ---
41
-
42
- <available_state>
43
- From previous steps:
44
-
45
- | Variable | Description |
46
- |----------|-------------|
47
- | `{task_description}` | What was implemented |
48
- | `{task_id}` | Kebab-case identifier |
49
- | `{auto_mode}` | Auto-fix Real findings |
50
- | `{save_mode}` | Save outputs to files |
51
- | `{output_dir}` | Path to output (if save_mode) |
52
- | Findings table | IDs, severity, validity |
53
- | Finding todos | For tracking |
54
- </available_state>
55
-
56
- ---
57
-
58
- ## EXECUTION SEQUENCE:
59
-
60
- ### 1. Initialize Save Output (if save_mode)
61
-
62
- **If `{save_mode}` = true:**
63
-
64
- ```bash
65
- bash {skill_dir}/scripts/update-progress.sh "{task_id}" "06" "resolve" "in_progress"
66
- ```
67
-
68
- Append logs to `{output_dir}/06-resolve.md` as you work.
69
-
70
- ### 2. Present Resolution Options
71
-
72
- **If `{auto_mode}` = true:**
73
- → Auto-fix all "Real" findings, skip Noise/Uncertain
74
-
75
- **If `{auto_mode}` = false:**
76
-
77
- ```yaml
78
- questions:
79
- - header: "Resolution"
80
- question: "How would you like to handle these findings?"
81
- options:
82
- - label: "Auto-fix Real issues (Recommended)"
83
- description: "Fix 'Real' findings, skip noise/uncertain"
84
- - label: "Walk through each finding"
85
- description: "Decide on each finding individually"
86
- - label: "Fix only critical"
87
- description: "Only fix CRITICAL/BLOCKING issues"
88
- - label: "Skip all"
89
- description: "Acknowledge but don't change"
90
- multiSelect: false
91
- ```
92
-
93
- ### 3. Apply Fixes Based on Choice
94
-
95
- **Auto-fix Real:**
96
- 1. Filter to Real findings only
97
- 2. For each: Read file → Apply fix → Verify
98
- 3. Log each fix
99
-
100
- **Walk through each:**
101
- For each finding in severity order:
102
-
103
- ```yaml
104
- questions:
105
- - header: "F1"
106
- question: "How should we handle this finding?"
107
- options:
108
- - label: "Fix now (Recommended)"
109
- description: "Apply the suggested fix"
110
- - label: "Skip"
111
- description: "Acknowledge but don't fix"
112
- - label: "Discuss"
113
- description: "Need more context"
114
- - label: "Mark as noise"
115
- description: "Not a real issue"
116
- multiSelect: false
117
- ```
118
-
119
- **Fix only critical:**
120
- 1. Filter to CRITICAL/BLOCKING only
121
- 2. Auto-fix those, skip others
122
-
123
- **Skip all:**
124
- 1. Acknowledge findings
125
- 2. If Critical/High exist, confirm:
126
-
127
- ```yaml
128
- questions:
129
- - header: "Confirm"
130
- question: "You have unresolved Critical/High findings. Proceed anyway?"
131
- options:
132
- - label: "Go back and fix"
133
- description: "Return to resolution options"
134
- - label: "Proceed anyway"
135
- description: "Accept risks, continue"
136
- - label: "Fix only critical"
137
- description: "Just fix critical issues"
138
- multiSelect: false
139
- ```
140
-
141
- ### 4. Post-Resolution Validation
142
-
143
- After any fixes:
144
-
145
- ```bash
146
- pnpm run typecheck && pnpm run lint
147
- ```
148
-
149
- Both MUST pass.
150
-
151
- ### 5. Resolution Summary
152
-
153
- ```
154
- **Resolution Complete**
155
-
156
- **Fixed:** {count}
157
- - F1: Parameterized SQL query in auth.ts:42
158
- - F2: Added null check in handler.ts:78
159
-
160
- **Skipped:** {count}
161
- - F3: Complex function (uncertain)
162
-
163
- **Validation:** ✓ Passed
164
- ```
165
-
166
- ### 6. Complete Save Output (if save_mode)
167
-
168
- **If `{save_mode}` = true:**
169
-
170
- Append to `{output_dir}/06-resolve.md`:
171
- ```markdown
172
- ---
173
- ## Step Complete
174
- **Status:** ✓ Complete
175
- **Findings fixed:** {count}
176
- **Findings skipped:** {count}
177
- **Validation:** ✓ Passed
178
- **Timestamp:** {ISO timestamp}
179
- ```
180
-
181
- ### 7. Completion Summary
182
-
183
- ```
184
- **APEX Workflow Complete**
185
-
186
- **Task:** {task_description}
187
-
188
- **Implementation:**
189
- - Files modified: {count}
190
- - All checks passing: ✓
191
-
192
- **Review:**
193
- - Findings identified: {total}
194
- - Findings resolved: {fixed}
195
- - Findings skipped: {skipped}
196
-
197
- **Next Steps:**
198
- - [ ] Commit changes
199
- - [ ] Run full test suite
200
- - [ ] Deploy when ready
201
- ```
202
-
203
- ---
204
-
205
- ## SUCCESS METRICS:
206
-
207
- ✅ User chose resolution approach
208
- ✅ All chosen fixes applied correctly
209
- ✅ Validation passes after fixes
210
- ✅ Clear summary of resolved/skipped
211
- ✅ User understands next steps
212
-
213
- ## FAILURE MODES:
214
-
215
- ❌ Auto-fixing Noise or Uncertain findings
216
- ❌ Not validating after fixes
217
- ❌ No clear completion summary
218
- ❌ Proceeding with failing validation
219
- ❌ **CRITICAL**: Not using AskUserQuestion for decisions
220
-
221
- ## RESOLUTION PROTOCOLS:
222
-
223
- - Only auto-fix Real findings
224
- - Validate after EVERY fix round
225
- - Clear summary at the end
226
- - User controls final decision
227
-
228
- ---
229
-
230
- ## NEXT STEP:
231
-
232
- Based on flags:
233
- - **If pr_mode:** Load `./step-09-finish.md` to create pull request
234
- - **Otherwise:** Workflow complete - show summary
235
-
236
- <critical>
237
- Remember: Always validate after fixes - never proceed with failing checks!
238
- </critical>