aiblueprint-cli 1.4.88 → 1.4.89
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/agents-config/skills/agents-manager/SKILL.md +14 -3
- package/agents-config/skills/agents-manager/references/writing-agent-prompts.md +1 -1
- package/agents-config/skills/apex/SKILL.md +116 -55
- package/agents-config/skills/apex/scripts/setup-templates.sh +154 -0
- package/agents-config/skills/apex/scripts/update-progress.sh +80 -0
- package/agents-config/skills/apex/steps/step-00-init.md +278 -0
- package/agents-config/skills/apex/steps/step-00b-branch.md +126 -0
- package/agents-config/skills/apex/steps/step-00b-economy.md +247 -0
- package/agents-config/skills/apex/steps/step-00b-interactive.md +170 -0
- package/agents-config/skills/apex/steps/step-00b-save.md +125 -0
- package/agents-config/skills/apex/steps/step-01-analyze.md +388 -0
- package/agents-config/skills/apex/steps/step-02-plan.md +593 -0
- package/agents-config/skills/apex/steps/step-02b-tasks.md +301 -0
- package/agents-config/skills/apex/steps/step-03-execute-teams.md +296 -0
- package/agents-config/skills/apex/steps/step-03-execute.md +240 -0
- package/agents-config/skills/apex/steps/step-04-validate.md +272 -0
- package/agents-config/skills/apex/steps/step-05-examine.md +400 -0
- package/agents-config/skills/apex/steps/step-06-resolve.md +239 -0
- package/agents-config/skills/apex/steps/step-07-tests.md +250 -0
- package/agents-config/skills/apex/steps/step-08-run-tests.md +314 -0
- package/agents-config/skills/apex/steps/step-09-finish.md +223 -0
- package/agents-config/skills/apex/steps/step-10-verify.md +296 -0
- package/agents-config/skills/apex/templates/00-context.md +55 -0
- package/agents-config/skills/apex/templates/01-analyze.md +10 -0
- package/agents-config/skills/apex/templates/02-plan.md +10 -0
- package/agents-config/skills/apex/templates/03-execute.md +10 -0
- package/agents-config/skills/apex/templates/04-validate.md +10 -0
- package/agents-config/skills/apex/templates/05-examine.md +10 -0
- package/agents-config/skills/apex/templates/06-resolve.md +10 -0
- package/agents-config/skills/apex/templates/07-tests.md +10 -0
- package/agents-config/skills/apex/templates/08-run-tests.md +10 -0
- package/agents-config/skills/apex/templates/09-finish.md +10 -0
- package/agents-config/skills/apex/templates/10-verify.md +9 -0
- package/agents-config/skills/apex/templates/README.md +195 -0
- package/agents-config/skills/apex/templates/step-complete.md +7 -0
- package/agents-config/skills/appstore-connect/SKILL.md +3 -9
- package/agents-config/skills/environments-manager/SKILL.md +86 -94
- package/agents-config/skills/environments-manager/examples/{skills/dev/SKILL.md → claude/commands/dev.md} +1 -2
- package/agents-config/skills/environments-manager/examples/{skills/lint/SKILL.md → claude/commands/lint.md} +1 -2
- package/agents-config/skills/environments-manager/examples/{skills/test/SKILL.md → claude/commands/test.md} +1 -2
- package/agents-config/skills/environments-manager/examples/{skills/typecheck/SKILL.md → claude/commands/typecheck.md} +1 -2
- package/agents-config/skills/environments-manager/examples/scripts/worktree-down.sh +5 -12
- package/agents-config/skills/environments-manager/examples/scripts/worktree-up.sh +11 -21
- package/agents-config/skills/environments-manager/references/claude.md +9 -13
- package/agents-config/skills/environments-manager/references/convex.md +120 -0
- package/agents-config/skills/environments-manager/references/cursor.md +2 -2
- package/agents-config/skills/environments-manager/references/postgresql.md +89 -0
- package/agents-config/skills/oneshot/SKILL.md +21 -37
- package/agents-config/skills/rules-manager/SKILL.md +15 -2
- package/agents-config/skills/skill-manager/SKILL.md +30 -2
- package/agents-config/skills/ultrathink/SKILL.md +1 -1
- package/agents-config/skills/use-fable/SKILL.md +64 -0
- package/package.json +1 -1
- package/agents-config/skills/appstore-connect/references/setup.md +0 -156
- package/agents-config/skills/appstore-connect/references/testflight.md +0 -212
|
@@ -0,0 +1,400 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: step-05-examine
|
|
3
|
+
description: Adversarial code review - security, logic, and quality analysis
|
|
4
|
+
prev_step: steps/step-04-validate.md
|
|
5
|
+
next_step: steps/step-06-resolve.md
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Step 5: Examine (Adversarial Review)
|
|
9
|
+
|
|
10
|
+
## MANDATORY EXECUTION RULES (READ FIRST):
|
|
11
|
+
|
|
12
|
+
- 🛑 NEVER skip security review
|
|
13
|
+
- 🛑 NEVER dismiss findings without justification
|
|
14
|
+
- 🛑 NEVER auto-approve without thorough review
|
|
15
|
+
- ✅ ALWAYS check OWASP top 10 vulnerabilities
|
|
16
|
+
- ✅ ALWAYS classify findings by severity and validity
|
|
17
|
+
- ✅ ALWAYS present findings table to user
|
|
18
|
+
- 📋 YOU ARE A SKEPTICAL REVIEWER, not a defender
|
|
19
|
+
- 💬 FOCUS on "What could go wrong?"
|
|
20
|
+
- 🚫 FORBIDDEN to approve without thorough analysis
|
|
21
|
+
|
|
22
|
+
## EXECUTION PROTOCOLS:
|
|
23
|
+
|
|
24
|
+
- 🎯 Launch 4+ parallel review sub-agents in ONE message (unless economy_mode)
|
|
25
|
+
- 🛑 NEVER launch only 1 review agent - you MUST launch Security + Logic + Clean Code + Thermo-Nuclear as separate agents
|
|
26
|
+
- 🛑 NEVER skip the Thermo-Nuclear quality audit - it is the final maintainability gate
|
|
27
|
+
- 💾 Document all findings with severity
|
|
28
|
+
- 📖 Create todos for each finding
|
|
29
|
+
- 🚫 FORBIDDEN to skip security analysis
|
|
30
|
+
- 🚫 FORBIDDEN to skip thermo-nuclear maintainability review
|
|
31
|
+
- 🚫 FORBIDDEN to combine review categories into a single agent
|
|
32
|
+
|
|
33
|
+
## CONTEXT BOUNDARIES:
|
|
34
|
+
|
|
35
|
+
- Implementation is complete and validated
|
|
36
|
+
- All tests pass
|
|
37
|
+
- Now looking for issues that tests miss
|
|
38
|
+
- Adversarial mindset - assume bugs exist
|
|
39
|
+
- **If `{teams_mode}` = true:** Agent team is still alive. Do NOT shutdown teammates - that happens in step-09-finish only.
|
|
40
|
+
|
|
41
|
+
## YOUR TASK:
|
|
42
|
+
|
|
43
|
+
Conduct an adversarial code review to identify security vulnerabilities, logic flaws, and quality issues.
|
|
44
|
+
|
|
45
|
+
---
|
|
46
|
+
|
|
47
|
+
<available_state>
|
|
48
|
+
From previous steps:
|
|
49
|
+
|
|
50
|
+
| Variable | Description |
|
|
51
|
+
|----------|-------------|
|
|
52
|
+
| `{task_description}` | What was implemented |
|
|
53
|
+
| `{task_id}` | Kebab-case identifier |
|
|
54
|
+
| `{auto_mode}` | Auto-fix Real findings |
|
|
55
|
+
| `{save_mode}` | Save outputs to files |
|
|
56
|
+
| `{economy_mode}` | No subagents, direct review |
|
|
57
|
+
| `{output_dir}` | Path to output (if save_mode) |
|
|
58
|
+
| Files modified | From step-03 |
|
|
59
|
+
</available_state>
|
|
60
|
+
|
|
61
|
+
---
|
|
62
|
+
|
|
63
|
+
## EXECUTION SEQUENCE:
|
|
64
|
+
|
|
65
|
+
### 1. Initialize Save Output (if save_mode)
|
|
66
|
+
|
|
67
|
+
**If `{save_mode}` = true:**
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
bash {skill_dir}/scripts/update-progress.sh "{task_id}" "05" "examine" "in_progress"
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
Append findings to `{output_dir}/05-examine.md` as you work.
|
|
74
|
+
|
|
75
|
+
### 2. Gather Changes
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
git diff --name-only HEAD~1
|
|
79
|
+
git status --porcelain
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
Group files: source, tests, config, other.
|
|
83
|
+
|
|
84
|
+
### 3. Conduct Review
|
|
85
|
+
|
|
86
|
+
**If `{economy_mode}` = true:**
|
|
87
|
+
→ Self-review with checklist:
|
|
88
|
+
|
|
89
|
+
```markdown
|
|
90
|
+
## Security Checklist
|
|
91
|
+
- [ ] No SQL injection (parameterized queries)
|
|
92
|
+
- [ ] No XSS (output encoding)
|
|
93
|
+
- [ ] No secrets in code
|
|
94
|
+
- [ ] Input validation present
|
|
95
|
+
- [ ] Auth checks on protected routes
|
|
96
|
+
|
|
97
|
+
## Logic Checklist
|
|
98
|
+
- [ ] Error handling for all failure modes
|
|
99
|
+
- [ ] Edge cases handled
|
|
100
|
+
- [ ] Null/undefined checks
|
|
101
|
+
- [ ] Race conditions considered
|
|
102
|
+
|
|
103
|
+
## Quality Checklist
|
|
104
|
+
- [ ] Follows existing patterns
|
|
105
|
+
- [ ] No code duplication
|
|
106
|
+
- [ ] Clear naming
|
|
107
|
+
|
|
108
|
+
## Thermo-Nuclear Maintainability Checklist
|
|
109
|
+
- [ ] No file pushed from under 1k lines to over 1k lines without strong justification
|
|
110
|
+
- [ ] No new ad-hoc conditionals / spaghetti branches in unrelated flows
|
|
111
|
+
- [ ] No thin abstractions, identity wrappers, or "magic" mechanisms added
|
|
112
|
+
- [ ] No unnecessary casts / `any` / `unknown` / optional params muddying contracts
|
|
113
|
+
- [ ] Feature logic stays in the canonical layer (no leaking into shared paths)
|
|
114
|
+
- [ ] Reuses existing canonical helpers instead of bespoke near-duplicates
|
|
115
|
+
- [ ] No "code judo" simplification was missed (could this be dramatically simpler?)
|
|
116
|
+
- [ ] Orchestration is parallel / atomic where the cleaner structure is obvious
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
**If `{economy_mode}` = false:**
|
|
120
|
+
→ Launch parallel review sub-agents.
|
|
121
|
+
|
|
122
|
+
**🛑 CRITICAL: You MUST launch ALL 4 agents (or 5 if Next.js) in a SINGLE message using MULTIPLE sub-agent launches. DO NOT launch them one at a time. DO NOT use only 1 agent. Each agent reviews a DIFFERENT aspect. The Thermo-Nuclear agent is MANDATORY and runs alongside the others.**
|
|
123
|
+
|
|
124
|
+
First, gather the list of modified files:
|
|
125
|
+
```bash
|
|
126
|
+
git diff --name-only HEAD~1
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
Then, in **ONE message with 4+ parallel sub-agent launches**, launch:
|
|
130
|
+
|
|
131
|
+
---
|
|
132
|
+
|
|
133
|
+
**Agent 1: Security Review** - sub-agent profile/type: `code-reviewer`
|
|
134
|
+
```
|
|
135
|
+
prompt: |
|
|
136
|
+
You are a SECURITY reviewer. Review ONLY the following files for security vulnerabilities:
|
|
137
|
+
{list of modified files}
|
|
138
|
+
|
|
139
|
+
Focus exclusively on:
|
|
140
|
+
- OWASP Top 10: injection flaws (SQL, command, XSS)
|
|
141
|
+
- Authentication and authorization issues
|
|
142
|
+
- Sensitive data exposure (secrets, tokens, PII in logs)
|
|
143
|
+
- Security misconfiguration
|
|
144
|
+
- Insecure deserialization
|
|
145
|
+
- Missing input validation at system boundaries
|
|
146
|
+
|
|
147
|
+
For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
|
|
148
|
+
If no security issues found, explicitly state "No security issues found."
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
---
|
|
152
|
+
|
|
153
|
+
**Agent 2: Logic & Edge Cases Review** - sub-agent profile/type: `code-reviewer`
|
|
154
|
+
```
|
|
155
|
+
prompt: |
|
|
156
|
+
You are a LOGIC reviewer. Review ONLY the following files for logic correctness:
|
|
157
|
+
{list of modified files}
|
|
158
|
+
|
|
159
|
+
Focus exclusively on:
|
|
160
|
+
- Edge cases not handled (empty arrays, null/undefined, boundary values)
|
|
161
|
+
- Race conditions and concurrency issues
|
|
162
|
+
- Incorrect conditional logic or off-by-one errors
|
|
163
|
+
- Missing error handling for failure modes
|
|
164
|
+
- State management bugs
|
|
165
|
+
- Incorrect assumptions about data shape or types
|
|
166
|
+
|
|
167
|
+
For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
|
|
168
|
+
If no logic issues found, explicitly state "No logic issues found."
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
---
|
|
172
|
+
|
|
173
|
+
**Agent 3: Clean Code & Quality Review** - sub-agent profile/type: `code-reviewer`
|
|
174
|
+
```
|
|
175
|
+
prompt: |
|
|
176
|
+
You are a CLEAN CODE reviewer. Review ONLY the following files for code quality:
|
|
177
|
+
{list of modified files}
|
|
178
|
+
|
|
179
|
+
Focus exclusively on:
|
|
180
|
+
- SOLID principle violations
|
|
181
|
+
- Code smells (long methods, god objects, feature envy)
|
|
182
|
+
- Cyclomatic complexity > 10
|
|
183
|
+
- Code duplication > 20 lines
|
|
184
|
+
- Naming that doesn't communicate intent
|
|
185
|
+
- Functions doing too many things
|
|
186
|
+
|
|
187
|
+
For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
|
|
188
|
+
If no quality issues found, explicitly state "No quality issues found."
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
---
|
|
192
|
+
|
|
193
|
+
**Agent 4: Thermo-Nuclear Code Quality Review** (MANDATORY - launch alongside Agents 1-3)
|
|
194
|
+
|
|
195
|
+
This is the **final verification gate**. After the other reviewers find issues, this agent performs an extremely strict maintainability audit using the `thermo-nuclear-code-quality-review` skill. It is **not optional** and must run on every examine pass.
|
|
196
|
+
|
|
197
|
+
Sub-agent profile/type: `thermo-nuclear-code-quality-review`
|
|
198
|
+
```
|
|
199
|
+
prompt: |
|
|
200
|
+
Perform a Thermo-Nuclear Code Quality Review on the current branch's changes.
|
|
201
|
+
|
|
202
|
+
Modified files to audit:
|
|
203
|
+
{list of modified files}
|
|
204
|
+
|
|
205
|
+
Load and strictly apply the rubric from the `thermo-nuclear-code-quality-review` skill.
|
|
206
|
+
|
|
207
|
+
Verify and challenge:
|
|
208
|
+
- Structural code-quality regressions and missed "code judo" opportunities
|
|
209
|
+
- Any file pushed from under 1k lines to over 1k lines (presumptive blocker)
|
|
210
|
+
- New ad-hoc conditionals or spaghetti branching bolted onto unrelated flows
|
|
211
|
+
- Thin abstractions, identity wrappers, pass-through helpers, "magic" mechanisms
|
|
212
|
+
- Unnecessary casts, `any`, `unknown`, optional params obscuring real contracts
|
|
213
|
+
- Feature logic leaking into shared/canonical paths
|
|
214
|
+
- Bespoke helpers duplicating existing canonical utilities
|
|
215
|
+
- Unnecessary sequential orchestration or non-atomic update flows
|
|
216
|
+
- Whether the implementation could be dramatically simpler / smaller / more direct
|
|
217
|
+
|
|
218
|
+
For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and a concrete restructuring suggestion (prefer DELETING complexity over rearranging it).
|
|
219
|
+
|
|
220
|
+
Be ambitious, direct, and demanding. Do not soften major maintainability issues.
|
|
221
|
+
Apply the skill's Approval Bar strictly - flag presumptive blockers explicitly.
|
|
222
|
+
|
|
223
|
+
If no significant maintainability issues found, explicitly state "No thermo-nuclear findings."
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
---
|
|
227
|
+
|
|
228
|
+
**Agent 5: Vercel/Next.js Best Practices** (CONDITIONAL - launch alongside Agents 1-4)
|
|
229
|
+
|
|
230
|
+
→ **Detection:** Check if modified files match Next.js/Vercel patterns:
|
|
231
|
+
```
|
|
232
|
+
- *.tsx, *.jsx files in app/, pages/, components/
|
|
233
|
+
- next.config.* files
|
|
234
|
+
- Server actions (use server)
|
|
235
|
+
- API routes (app/api/*, pages/api/*)
|
|
236
|
+
- Middleware (middleware.ts)
|
|
237
|
+
- Server components, client components
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
→ **If Next.js/Vercel code detected:** Add a 5th parallel review sub-agent:
|
|
241
|
+
|
|
242
|
+
Sub-agent profile/type: `code-reviewer`
|
|
243
|
+
```
|
|
244
|
+
prompt: |
|
|
245
|
+
You are a NEXT.JS / REACT PERFORMANCE reviewer. Review ONLY the following files:
|
|
246
|
+
{list of modified files}
|
|
247
|
+
|
|
248
|
+
Focus exclusively on:
|
|
249
|
+
- Sequential awaits that should use Promise.all for parallel fetching
|
|
250
|
+
- Barrel imports causing bundle bloat (import from index files)
|
|
251
|
+
- Missing dynamic imports for heavy client components
|
|
252
|
+
- Server-side caching opportunities (React cache, unstable_cache)
|
|
253
|
+
- Unnecessary re-renders (missing memo, useMemo, useCallback)
|
|
254
|
+
- Wrong Server vs Client component boundaries
|
|
255
|
+
- Data fetching patterns (preloading, parallel fetching, waterfall detection)
|
|
256
|
+
|
|
257
|
+
For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
|
|
258
|
+
If no performance issues found, explicitly state "No performance issues found."
|
|
259
|
+
```
|
|
260
|
+
|
|
261
|
+
→ **If NOT Next.js/Vercel code:** Skip this agent (launch only Agents 1-4)
|
|
262
|
+
|
|
263
|
+
---
|
|
264
|
+
|
|
265
|
+
**🛑 REMINDER: You MUST have 4+ sub-agent launches in a SINGLE response (Security + Logic + Clean Code + Thermo-Nuclear, plus Next.js if applicable). If you only launched 1-3 agents, you are doing it WRONG. Go back and launch all agents. The Thermo-Nuclear agent is MANDATORY - never skip it.**
|
|
266
|
+
|
|
267
|
+
### 4. Classify Findings
|
|
268
|
+
|
|
269
|
+
For each finding:
|
|
270
|
+
|
|
271
|
+
**Severity:**
|
|
272
|
+
- CRITICAL: Security vulnerability, data loss risk
|
|
273
|
+
- HIGH: Significant bug, will cause issues
|
|
274
|
+
- MEDIUM: Should fix, not urgent
|
|
275
|
+
- LOW: Minor improvement
|
|
276
|
+
|
|
277
|
+
**Validity:**
|
|
278
|
+
- Real: Definitely needs fixing
|
|
279
|
+
- Noise: Not actually a problem
|
|
280
|
+
- Uncertain: Needs discussion
|
|
281
|
+
|
|
282
|
+
### 5. Present Findings Table
|
|
283
|
+
|
|
284
|
+
```markdown
|
|
285
|
+
## Findings
|
|
286
|
+
|
|
287
|
+
| ID | Severity | Category | Location | Issue | Validity |
|
|
288
|
+
|----|----------|----------|----------|-------|----------|
|
|
289
|
+
| F1 | CRITICAL | Security | auth.ts:42 | SQL injection | Real |
|
|
290
|
+
| F2 | HIGH | Logic | handler.ts:78 | Missing null check | Real |
|
|
291
|
+
| F3 | MEDIUM | Quality | utils.ts:15 | Complex function | Uncertain |
|
|
292
|
+
|
|
293
|
+
**Summary:** {count} findings ({blocking} blocking)
|
|
294
|
+
```
|
|
295
|
+
|
|
296
|
+
### 6. Create Finding Todos
|
|
297
|
+
|
|
298
|
+
```
|
|
299
|
+
- [ ] F1 [CRITICAL] Fix SQL injection in auth.ts:42
|
|
300
|
+
- [ ] F2 [HIGH] Add null check in handler.ts:78
|
|
301
|
+
```
|
|
302
|
+
|
|
303
|
+
### 7. Get User Approval (review → resolve/test)
|
|
304
|
+
|
|
305
|
+
**If `{auto_mode}` = true:**
|
|
306
|
+
→ Proceed automatically based on findings
|
|
307
|
+
|
|
308
|
+
**If `{auto_mode}` = false:**
|
|
309
|
+
|
|
310
|
+
```yaml
|
|
311
|
+
questions:
|
|
312
|
+
- header: "Review"
|
|
313
|
+
question: "Review complete. How would you like to proceed?"
|
|
314
|
+
options:
|
|
315
|
+
- label: "Resolve findings (Recommended)"
|
|
316
|
+
description: "Address the identified issues"
|
|
317
|
+
- label: "Skip to tests"
|
|
318
|
+
description: "Skip resolution, proceed to test creation"
|
|
319
|
+
- label: "Skip resolution"
|
|
320
|
+
description: "Accept findings, don't make changes"
|
|
321
|
+
- label: "Discuss findings"
|
|
322
|
+
description: "I want to discuss specific findings"
|
|
323
|
+
multiSelect: false
|
|
324
|
+
```
|
|
325
|
+
|
|
326
|
+
<critical>
|
|
327
|
+
This is one of the THREE transition points that requires user confirmation:
|
|
328
|
+
1. plan → execute
|
|
329
|
+
2. validate → review
|
|
330
|
+
3. review → resolve/test (THIS ONE)
|
|
331
|
+
</critical>
|
|
332
|
+
|
|
333
|
+
### 8. Complete Save Output (if save_mode)
|
|
334
|
+
|
|
335
|
+
**If `{save_mode}` = true:**
|
|
336
|
+
|
|
337
|
+
Append to `{output_dir}/05-examine.md`:
|
|
338
|
+
```markdown
|
|
339
|
+
---
|
|
340
|
+
## Step Complete
|
|
341
|
+
**Status:** ✓ Complete
|
|
342
|
+
**Findings:** {count}
|
|
343
|
+
**Critical:** {count}
|
|
344
|
+
**Next:** step-06-resolve.md
|
|
345
|
+
**Timestamp:** {ISO timestamp}
|
|
346
|
+
```
|
|
347
|
+
|
|
348
|
+
---
|
|
349
|
+
|
|
350
|
+
## SUCCESS METRICS:
|
|
351
|
+
|
|
352
|
+
✅ All modified files reviewed
|
|
353
|
+
✅ Security checklist completed
|
|
354
|
+
✅ Findings classified by severity
|
|
355
|
+
✅ Validity assessed for each finding
|
|
356
|
+
✅ Findings table presented
|
|
357
|
+
✅ Todos created for tracking
|
|
358
|
+
✅ Thermo-Nuclear maintainability audit completed (mandatory final gate)
|
|
359
|
+
✅ Next.js/Vercel best practices checked (if applicable)
|
|
360
|
+
|
|
361
|
+
## FAILURE MODES:
|
|
362
|
+
|
|
363
|
+
❌ **CRITICAL**: Launching only 1 review agent instead of 4+ - each category (Security, Logic, Clean Code, Thermo-Nuclear) MUST be a separate agent
|
|
364
|
+
❌ **CRITICAL**: Skipping the Thermo-Nuclear maintainability review - it is the mandatory final verification gate
|
|
365
|
+
❌ Combining multiple review categories into a single agent prompt
|
|
366
|
+
❌ Skipping security review
|
|
367
|
+
❌ Not classifying by severity
|
|
368
|
+
❌ Auto-dismissing findings
|
|
369
|
+
❌ Launching agents sequentially instead of in parallel
|
|
370
|
+
❌ Using subagents when economy_mode
|
|
371
|
+
❌ Skipping Vercel/Next.js review when React/Next.js files are modified
|
|
372
|
+
❌ **CRITICAL**: Not using AskUserQuestion for review → resolve/test transition
|
|
373
|
+
|
|
374
|
+
## REVIEW PROTOCOLS:
|
|
375
|
+
|
|
376
|
+
- Adversarial mindset - assume bugs exist
|
|
377
|
+
- Check security FIRST
|
|
378
|
+
- Every finding gets severity and validity
|
|
379
|
+
- Don't dismiss without justification
|
|
380
|
+
- Present clear summary
|
|
381
|
+
|
|
382
|
+
---
|
|
383
|
+
|
|
384
|
+
## NEXT STEP:
|
|
385
|
+
|
|
386
|
+
After user confirms via AskUserQuestion (or auto-proceed):
|
|
387
|
+
|
|
388
|
+
**If user chooses "Resolve findings":** → Load `./step-06-resolve.md`
|
|
389
|
+
|
|
390
|
+
**If user chooses "Skip to tests" (and test_mode):** → Load `./step-07-tests.md`
|
|
391
|
+
|
|
392
|
+
**If user chooses "Skip resolution":**
|
|
393
|
+
- **If test_mode:** → Load `./step-07-tests.md`
|
|
394
|
+
- **If pr_mode:** → Load `./step-09-finish.md` to create pull request
|
|
395
|
+
- **Otherwise:** → Workflow complete - show summary
|
|
396
|
+
|
|
397
|
+
<critical>
|
|
398
|
+
Remember: Be SKEPTICAL - your job is to find problems, not approve code!
|
|
399
|
+
This step MUST ask before proceeding (unless auto_mode).
|
|
400
|
+
</critical>
|
|
@@ -0,0 +1,239 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: step-06-resolve
|
|
3
|
+
description: Resolve findings - interactively address review issues
|
|
4
|
+
prev_step: steps/step-05-examine.md
|
|
5
|
+
next_step: COMPLETE
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Step 6: Resolve Findings
|
|
9
|
+
|
|
10
|
+
## MANDATORY EXECUTION RULES (READ FIRST):
|
|
11
|
+
|
|
12
|
+
- 🛑 NEVER auto-fix Noise or Uncertain findings
|
|
13
|
+
- 🛑 NEVER skip validation after fixes
|
|
14
|
+
- ✅ ALWAYS present resolution options to user (unless auto_mode)
|
|
15
|
+
- ✅ ALWAYS validate after applying fixes
|
|
16
|
+
- ✅ ALWAYS provide clear completion summary
|
|
17
|
+
- 📋 YOU ARE A RESOLVER, addressing identified issues
|
|
18
|
+
- 💬 FOCUS on "How do we fix these issues?"
|
|
19
|
+
- 🚫 FORBIDDEN to proceed with failing validation
|
|
20
|
+
|
|
21
|
+
## EXECUTION PROTOCOLS:
|
|
22
|
+
|
|
23
|
+
- 🎯 Present resolution options first
|
|
24
|
+
- 💾 Log each fix applied (if save_mode)
|
|
25
|
+
- 📖 Validate after all fixes
|
|
26
|
+
- 🚫 FORBIDDEN to skip post-fix validation
|
|
27
|
+
|
|
28
|
+
## CONTEXT BOUNDARIES:
|
|
29
|
+
|
|
30
|
+
- Findings from step-05 are classified
|
|
31
|
+
- Some are Real, some Noise, some Uncertain
|
|
32
|
+
- User may want different resolution strategies
|
|
33
|
+
- Must validate after any changes
|
|
34
|
+
- **If `{teams_mode}` = true:** Agent team is still alive. Do NOT shutdown teammates - that happens in step-09-finish only.
|
|
35
|
+
|
|
36
|
+
## YOUR TASK:
|
|
37
|
+
|
|
38
|
+
Address adversarial review findings interactively - fix real issues, dismiss noise, discuss uncertain items.
|
|
39
|
+
|
|
40
|
+
---
|
|
41
|
+
|
|
42
|
+
<available_state>
|
|
43
|
+
From previous steps:
|
|
44
|
+
|
|
45
|
+
| Variable | Description |
|
|
46
|
+
|----------|-------------|
|
|
47
|
+
| `{task_description}` | What was implemented |
|
|
48
|
+
| `{task_id}` | Kebab-case identifier |
|
|
49
|
+
| `{auto_mode}` | Auto-fix Real findings |
|
|
50
|
+
| `{save_mode}` | Save outputs to files |
|
|
51
|
+
| `{output_dir}` | Path to output (if save_mode) |
|
|
52
|
+
| Findings table | IDs, severity, validity |
|
|
53
|
+
| Finding todos | For tracking |
|
|
54
|
+
</available_state>
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## EXECUTION SEQUENCE:
|
|
59
|
+
|
|
60
|
+
### 1. Initialize Save Output (if save_mode)
|
|
61
|
+
|
|
62
|
+
**If `{save_mode}` = true:**
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
bash {skill_dir}/scripts/update-progress.sh "{task_id}" "06" "resolve" "in_progress"
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
Append logs to `{output_dir}/06-resolve.md` as you work.
|
|
69
|
+
|
|
70
|
+
### 2. Present Resolution Options
|
|
71
|
+
|
|
72
|
+
**If `{auto_mode}` = true:**
|
|
73
|
+
→ Auto-fix all "Real" findings, skip Noise/Uncertain
|
|
74
|
+
|
|
75
|
+
**If `{auto_mode}` = false:**
|
|
76
|
+
|
|
77
|
+
```yaml
|
|
78
|
+
questions:
|
|
79
|
+
- header: "Resolution"
|
|
80
|
+
question: "How would you like to handle these findings?"
|
|
81
|
+
options:
|
|
82
|
+
- label: "Auto-fix Real issues (Recommended)"
|
|
83
|
+
description: "Fix 'Real' findings, skip noise/uncertain"
|
|
84
|
+
- label: "Walk through each finding"
|
|
85
|
+
description: "Decide on each finding individually"
|
|
86
|
+
- label: "Fix only critical"
|
|
87
|
+
description: "Only fix CRITICAL/BLOCKING issues"
|
|
88
|
+
- label: "Skip all"
|
|
89
|
+
description: "Acknowledge but don't change"
|
|
90
|
+
multiSelect: false
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
### 3. Apply Fixes Based on Choice
|
|
94
|
+
|
|
95
|
+
**Auto-fix Real:**
|
|
96
|
+
1. Filter to Real findings only
|
|
97
|
+
2. For each: Read file → Apply fix → Verify
|
|
98
|
+
3. Log each fix
|
|
99
|
+
|
|
100
|
+
**Walk through each:**
|
|
101
|
+
For each finding in severity order:
|
|
102
|
+
|
|
103
|
+
```yaml
|
|
104
|
+
questions:
|
|
105
|
+
- header: "F1"
|
|
106
|
+
question: "How should we handle this finding?"
|
|
107
|
+
options:
|
|
108
|
+
- label: "Fix now (Recommended)"
|
|
109
|
+
description: "Apply the suggested fix"
|
|
110
|
+
- label: "Skip"
|
|
111
|
+
description: "Acknowledge but don't fix"
|
|
112
|
+
- label: "Discuss"
|
|
113
|
+
description: "Need more context"
|
|
114
|
+
- label: "Mark as noise"
|
|
115
|
+
description: "Not a real issue"
|
|
116
|
+
multiSelect: false
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
**Fix only critical:**
|
|
120
|
+
1. Filter to CRITICAL/BLOCKING only
|
|
121
|
+
2. Auto-fix those, skip others
|
|
122
|
+
|
|
123
|
+
**Skip all:**
|
|
124
|
+
1. Acknowledge findings
|
|
125
|
+
2. If Critical/High exist, confirm:
|
|
126
|
+
|
|
127
|
+
```yaml
|
|
128
|
+
questions:
|
|
129
|
+
- header: "Confirm"
|
|
130
|
+
question: "You have unresolved Critical/High findings. Proceed anyway?"
|
|
131
|
+
options:
|
|
132
|
+
- label: "Go back and fix"
|
|
133
|
+
description: "Return to resolution options"
|
|
134
|
+
- label: "Proceed anyway"
|
|
135
|
+
description: "Accept risks, continue"
|
|
136
|
+
- label: "Fix only critical"
|
|
137
|
+
description: "Just fix critical issues"
|
|
138
|
+
multiSelect: false
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
### 4. Post-Resolution Validation
|
|
142
|
+
|
|
143
|
+
After any fixes:
|
|
144
|
+
|
|
145
|
+
```bash
|
|
146
|
+
pnpm run typecheck && pnpm run lint
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
Both MUST pass.
|
|
150
|
+
|
|
151
|
+
### 5. Resolution Summary
|
|
152
|
+
|
|
153
|
+
```
|
|
154
|
+
**Resolution Complete**
|
|
155
|
+
|
|
156
|
+
**Fixed:** {count}
|
|
157
|
+
- F1: Parameterized SQL query in auth.ts:42
|
|
158
|
+
- F2: Added null check in handler.ts:78
|
|
159
|
+
|
|
160
|
+
**Skipped:** {count}
|
|
161
|
+
- F3: Complex function (uncertain)
|
|
162
|
+
|
|
163
|
+
**Validation:** ✓ Passed
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
### 6. Complete Save Output (if save_mode)
|
|
167
|
+
|
|
168
|
+
**If `{save_mode}` = true:**
|
|
169
|
+
|
|
170
|
+
Append to `{output_dir}/06-resolve.md`:
|
|
171
|
+
```markdown
|
|
172
|
+
---
|
|
173
|
+
## Step Complete
|
|
174
|
+
**Status:** ✓ Complete
|
|
175
|
+
**Findings fixed:** {count}
|
|
176
|
+
**Findings skipped:** {count}
|
|
177
|
+
**Validation:** ✓ Passed
|
|
178
|
+
**Timestamp:** {ISO timestamp}
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
### 7. Completion Summary
|
|
182
|
+
|
|
183
|
+
```
|
|
184
|
+
**APEX Workflow Complete**
|
|
185
|
+
|
|
186
|
+
**Task:** {task_description}
|
|
187
|
+
|
|
188
|
+
**Implementation:**
|
|
189
|
+
- Files modified: {count}
|
|
190
|
+
- All checks passing: ✓
|
|
191
|
+
|
|
192
|
+
**Review:**
|
|
193
|
+
- Findings identified: {total}
|
|
194
|
+
- Findings resolved: {fixed}
|
|
195
|
+
- Findings skipped: {skipped}
|
|
196
|
+
|
|
197
|
+
**Next Steps:**
|
|
198
|
+
- [ ] Commit changes
|
|
199
|
+
- [ ] Run full test suite
|
|
200
|
+
- [ ] Deploy when ready
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
---
|
|
204
|
+
|
|
205
|
+
## SUCCESS METRICS:
|
|
206
|
+
|
|
207
|
+
✅ User chose resolution approach
|
|
208
|
+
✅ All chosen fixes applied correctly
|
|
209
|
+
✅ Validation passes after fixes
|
|
210
|
+
✅ Clear summary of resolved/skipped
|
|
211
|
+
✅ User understands next steps
|
|
212
|
+
|
|
213
|
+
## FAILURE MODES:
|
|
214
|
+
|
|
215
|
+
❌ Auto-fixing Noise or Uncertain findings
|
|
216
|
+
❌ Not validating after fixes
|
|
217
|
+
❌ No clear completion summary
|
|
218
|
+
❌ Proceeding with failing validation
|
|
219
|
+
❌ **CRITICAL**: Not using AskUserQuestion for decisions
|
|
220
|
+
|
|
221
|
+
## RESOLUTION PROTOCOLS:
|
|
222
|
+
|
|
223
|
+
- Only auto-fix Real findings
|
|
224
|
+
- Validate after EVERY fix round
|
|
225
|
+
- Clear summary at the end
|
|
226
|
+
- User controls final decision
|
|
227
|
+
|
|
228
|
+
---
|
|
229
|
+
|
|
230
|
+
## NEXT STEP:
|
|
231
|
+
|
|
232
|
+
Based on flags:
|
|
233
|
+
- **If verify_mode:** Load `./step-10-verify.md` to verify feature
|
|
234
|
+
- **If pr_mode:** Load `./step-09-finish.md` to create pull request
|
|
235
|
+
- **Otherwise:** Workflow complete - show summary
|
|
236
|
+
|
|
237
|
+
<critical>
|
|
238
|
+
Remember: Always validate after fixes - never proceed with failing checks!
|
|
239
|
+
</critical>
|