aiblueprint-cli 1.4.88 → 1.4.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/agents-config/skills/agents-manager/SKILL.md +14 -3
  2. package/agents-config/skills/agents-manager/references/writing-agent-prompts.md +1 -1
  3. package/agents-config/skills/apex/SKILL.md +116 -55
  4. package/agents-config/skills/apex/scripts/setup-templates.sh +154 -0
  5. package/agents-config/skills/apex/scripts/update-progress.sh +80 -0
  6. package/agents-config/skills/apex/steps/step-00-init.md +278 -0
  7. package/agents-config/skills/apex/steps/step-00b-branch.md +126 -0
  8. package/agents-config/skills/apex/steps/step-00b-economy.md +247 -0
  9. package/agents-config/skills/apex/steps/step-00b-interactive.md +170 -0
  10. package/agents-config/skills/apex/steps/step-00b-save.md +125 -0
  11. package/agents-config/skills/apex/steps/step-01-analyze.md +388 -0
  12. package/agents-config/skills/apex/steps/step-02-plan.md +593 -0
  13. package/agents-config/skills/apex/steps/step-02b-tasks.md +301 -0
  14. package/agents-config/skills/apex/steps/step-03-execute-teams.md +296 -0
  15. package/agents-config/skills/apex/steps/step-03-execute.md +240 -0
  16. package/agents-config/skills/apex/steps/step-04-validate.md +272 -0
  17. package/agents-config/skills/apex/steps/step-05-examine.md +400 -0
  18. package/agents-config/skills/apex/steps/step-06-resolve.md +239 -0
  19. package/agents-config/skills/apex/steps/step-07-tests.md +250 -0
  20. package/agents-config/skills/apex/steps/step-08-run-tests.md +314 -0
  21. package/agents-config/skills/apex/steps/step-09-finish.md +223 -0
  22. package/agents-config/skills/apex/steps/step-10-verify.md +296 -0
  23. package/agents-config/skills/apex/templates/00-context.md +55 -0
  24. package/agents-config/skills/apex/templates/01-analyze.md +10 -0
  25. package/agents-config/skills/apex/templates/02-plan.md +10 -0
  26. package/agents-config/skills/apex/templates/03-execute.md +10 -0
  27. package/agents-config/skills/apex/templates/04-validate.md +10 -0
  28. package/agents-config/skills/apex/templates/05-examine.md +10 -0
  29. package/agents-config/skills/apex/templates/06-resolve.md +10 -0
  30. package/agents-config/skills/apex/templates/07-tests.md +10 -0
  31. package/agents-config/skills/apex/templates/08-run-tests.md +10 -0
  32. package/agents-config/skills/apex/templates/09-finish.md +10 -0
  33. package/agents-config/skills/apex/templates/10-verify.md +9 -0
  34. package/agents-config/skills/apex/templates/README.md +195 -0
  35. package/agents-config/skills/apex/templates/step-complete.md +7 -0
  36. package/agents-config/skills/appstore-connect/SKILL.md +3 -9
  37. package/agents-config/skills/environments-manager/SKILL.md +86 -94
  38. package/agents-config/skills/environments-manager/examples/{skills/dev/SKILL.md → claude/commands/dev.md} +1 -2
  39. package/agents-config/skills/environments-manager/examples/{skills/lint/SKILL.md → claude/commands/lint.md} +1 -2
  40. package/agents-config/skills/environments-manager/examples/{skills/test/SKILL.md → claude/commands/test.md} +1 -2
  41. package/agents-config/skills/environments-manager/examples/{skills/typecheck/SKILL.md → claude/commands/typecheck.md} +1 -2
  42. package/agents-config/skills/environments-manager/examples/scripts/worktree-down.sh +5 -12
  43. package/agents-config/skills/environments-manager/examples/scripts/worktree-up.sh +11 -21
  44. package/agents-config/skills/environments-manager/references/claude.md +9 -13
  45. package/agents-config/skills/environments-manager/references/convex.md +120 -0
  46. package/agents-config/skills/environments-manager/references/cursor.md +2 -2
  47. package/agents-config/skills/environments-manager/references/postgresql.md +89 -0
  48. package/agents-config/skills/oneshot/SKILL.md +21 -37
  49. package/agents-config/skills/rules-manager/SKILL.md +15 -2
  50. package/agents-config/skills/skill-manager/SKILL.md +30 -2
  51. package/agents-config/skills/ultrathink/SKILL.md +1 -1
  52. package/agents-config/skills/use-fable/SKILL.md +64 -0
  53. package/package.json +1 -1
  54. package/agents-config/skills/appstore-connect/references/setup.md +0 -156
  55. package/agents-config/skills/appstore-connect/references/testflight.md +0 -212
@@ -0,0 +1,400 @@
1
+ ---
2
+ name: step-05-examine
3
+ description: Adversarial code review - security, logic, and quality analysis
4
+ prev_step: steps/step-04-validate.md
5
+ next_step: steps/step-06-resolve.md
6
+ ---
7
+
8
+ # Step 5: Examine (Adversarial Review)
9
+
10
+ ## MANDATORY EXECUTION RULES (READ FIRST):
11
+
12
+ - 🛑 NEVER skip security review
13
+ - 🛑 NEVER dismiss findings without justification
14
+ - 🛑 NEVER auto-approve without thorough review
15
+ - ✅ ALWAYS check OWASP top 10 vulnerabilities
16
+ - ✅ ALWAYS classify findings by severity and validity
17
+ - ✅ ALWAYS present findings table to user
18
+ - 📋 YOU ARE A SKEPTICAL REVIEWER, not a defender
19
+ - 💬 FOCUS on "What could go wrong?"
20
+ - 🚫 FORBIDDEN to approve without thorough analysis
21
+
22
+ ## EXECUTION PROTOCOLS:
23
+
24
+ - 🎯 Launch 4+ parallel review sub-agents in ONE message (unless economy_mode)
25
+ - 🛑 NEVER launch only 1 review agent - you MUST launch Security + Logic + Clean Code + Thermo-Nuclear as separate agents
26
+ - 🛑 NEVER skip the Thermo-Nuclear quality audit - it is the final maintainability gate
27
+ - 💾 Document all findings with severity
28
+ - 📖 Create todos for each finding
29
+ - 🚫 FORBIDDEN to skip security analysis
30
+ - 🚫 FORBIDDEN to skip thermo-nuclear maintainability review
31
+ - 🚫 FORBIDDEN to combine review categories into a single agent
32
+
33
+ ## CONTEXT BOUNDARIES:
34
+
35
+ - Implementation is complete and validated
36
+ - All tests pass
37
+ - Now looking for issues that tests miss
38
+ - Adversarial mindset - assume bugs exist
39
+ - **If `{teams_mode}` = true:** Agent team is still alive. Do NOT shutdown teammates - that happens in step-09-finish only.
40
+
41
+ ## YOUR TASK:
42
+
43
+ Conduct an adversarial code review to identify security vulnerabilities, logic flaws, and quality issues.
44
+
45
+ ---
46
+
47
+ <available_state>
48
+ From previous steps:
49
+
50
+ | Variable | Description |
51
+ |----------|-------------|
52
+ | `{task_description}` | What was implemented |
53
+ | `{task_id}` | Kebab-case identifier |
54
+ | `{auto_mode}` | Auto-fix Real findings |
55
+ | `{save_mode}` | Save outputs to files |
56
+ | `{economy_mode}` | No subagents, direct review |
57
+ | `{output_dir}` | Path to output (if save_mode) |
58
+ | Files modified | From step-03 |
59
+ </available_state>
60
+
61
+ ---
62
+
63
+ ## EXECUTION SEQUENCE:
64
+
65
+ ### 1. Initialize Save Output (if save_mode)
66
+
67
+ **If `{save_mode}` = true:**
68
+
69
+ ```bash
70
+ bash {skill_dir}/scripts/update-progress.sh "{task_id}" "05" "examine" "in_progress"
71
+ ```
72
+
73
+ Append findings to `{output_dir}/05-examine.md` as you work.
74
+
75
+ ### 2. Gather Changes
76
+
77
+ ```bash
78
+ git diff --name-only HEAD~1
79
+ git status --porcelain
80
+ ```
81
+
82
+ Group files: source, tests, config, other.
83
+
84
+ ### 3. Conduct Review
85
+
86
+ **If `{economy_mode}` = true:**
87
+ → Self-review with checklist:
88
+
89
+ ```markdown
90
+ ## Security Checklist
91
+ - [ ] No SQL injection (parameterized queries)
92
+ - [ ] No XSS (output encoding)
93
+ - [ ] No secrets in code
94
+ - [ ] Input validation present
95
+ - [ ] Auth checks on protected routes
96
+
97
+ ## Logic Checklist
98
+ - [ ] Error handling for all failure modes
99
+ - [ ] Edge cases handled
100
+ - [ ] Null/undefined checks
101
+ - [ ] Race conditions considered
102
+
103
+ ## Quality Checklist
104
+ - [ ] Follows existing patterns
105
+ - [ ] No code duplication
106
+ - [ ] Clear naming
107
+
108
+ ## Thermo-Nuclear Maintainability Checklist
109
+ - [ ] No file pushed from under 1k lines to over 1k lines without strong justification
110
+ - [ ] No new ad-hoc conditionals / spaghetti branches in unrelated flows
111
+ - [ ] No thin abstractions, identity wrappers, or "magic" mechanisms added
112
+ - [ ] No unnecessary casts / `any` / `unknown` / optional params muddying contracts
113
+ - [ ] Feature logic stays in the canonical layer (no leaking into shared paths)
114
+ - [ ] Reuses existing canonical helpers instead of bespoke near-duplicates
115
+ - [ ] No "code judo" simplification was missed (could this be dramatically simpler?)
116
+ - [ ] Orchestration is parallel / atomic where the cleaner structure is obvious
117
+ ```
118
+
119
+ **If `{economy_mode}` = false:**
120
+ → Launch parallel review sub-agents.
121
+
122
+ **🛑 CRITICAL: You MUST launch ALL 4 agents (or 5 if Next.js) in a SINGLE message using MULTIPLE sub-agent launches. DO NOT launch them one at a time. DO NOT use only 1 agent. Each agent reviews a DIFFERENT aspect. The Thermo-Nuclear agent is MANDATORY and runs alongside the others.**
123
+
124
+ First, gather the list of modified files:
125
+ ```bash
126
+ git diff --name-only HEAD~1
127
+ ```
128
+
129
+ Then, in **ONE message with 4+ parallel sub-agent launches**, launch:
130
+
131
+ ---
132
+
133
+ **Agent 1: Security Review** - sub-agent profile/type: `code-reviewer`
134
+ ```
135
+ prompt: |
136
+ You are a SECURITY reviewer. Review ONLY the following files for security vulnerabilities:
137
+ {list of modified files}
138
+
139
+ Focus exclusively on:
140
+ - OWASP Top 10: injection flaws (SQL, command, XSS)
141
+ - Authentication and authorization issues
142
+ - Sensitive data exposure (secrets, tokens, PII in logs)
143
+ - Security misconfiguration
144
+ - Insecure deserialization
145
+ - Missing input validation at system boundaries
146
+
147
+ For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
148
+ If no security issues found, explicitly state "No security issues found."
149
+ ```
150
+
151
+ ---
152
+
153
+ **Agent 2: Logic & Edge Cases Review** - sub-agent profile/type: `code-reviewer`
154
+ ```
155
+ prompt: |
156
+ You are a LOGIC reviewer. Review ONLY the following files for logic correctness:
157
+ {list of modified files}
158
+
159
+ Focus exclusively on:
160
+ - Edge cases not handled (empty arrays, null/undefined, boundary values)
161
+ - Race conditions and concurrency issues
162
+ - Incorrect conditional logic or off-by-one errors
163
+ - Missing error handling for failure modes
164
+ - State management bugs
165
+ - Incorrect assumptions about data shape or types
166
+
167
+ For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
168
+ If no logic issues found, explicitly state "No logic issues found."
169
+ ```
170
+
171
+ ---
172
+
173
+ **Agent 3: Clean Code & Quality Review** - sub-agent profile/type: `code-reviewer`
174
+ ```
175
+ prompt: |
176
+ You are a CLEAN CODE reviewer. Review ONLY the following files for code quality:
177
+ {list of modified files}
178
+
179
+ Focus exclusively on:
180
+ - SOLID principle violations
181
+ - Code smells (long methods, god objects, feature envy)
182
+ - Cyclomatic complexity > 10
183
+ - Code duplication > 20 lines
184
+ - Naming that doesn't communicate intent
185
+ - Functions doing too many things
186
+
187
+ For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
188
+ If no quality issues found, explicitly state "No quality issues found."
189
+ ```
190
+
191
+ ---
192
+
193
+ **Agent 4: Thermo-Nuclear Code Quality Review** (MANDATORY - launch alongside Agents 1-3)
194
+
195
+ This is the **final verification gate**. After the other reviewers find issues, this agent performs an extremely strict maintainability audit using the `thermo-nuclear-code-quality-review` skill. It is **not optional** and must run on every examine pass.
196
+
197
+ Sub-agent profile/type: `thermo-nuclear-code-quality-review`
198
+ ```
199
+ prompt: |
200
+ Perform a Thermo-Nuclear Code Quality Review on the current branch's changes.
201
+
202
+ Modified files to audit:
203
+ {list of modified files}
204
+
205
+ Load and strictly apply the rubric from the `thermo-nuclear-code-quality-review` skill.
206
+
207
+ Verify and challenge:
208
+ - Structural code-quality regressions and missed "code judo" opportunities
209
+ - Any file pushed from under 1k lines to over 1k lines (presumptive blocker)
210
+ - New ad-hoc conditionals or spaghetti branching bolted onto unrelated flows
211
+ - Thin abstractions, identity wrappers, pass-through helpers, "magic" mechanisms
212
+ - Unnecessary casts, `any`, `unknown`, optional params obscuring real contracts
213
+ - Feature logic leaking into shared/canonical paths
214
+ - Bespoke helpers duplicating existing canonical utilities
215
+ - Unnecessary sequential orchestration or non-atomic update flows
216
+ - Whether the implementation could be dramatically simpler / smaller / more direct
217
+
218
+ For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and a concrete restructuring suggestion (prefer DELETING complexity over rearranging it).
219
+
220
+ Be ambitious, direct, and demanding. Do not soften major maintainability issues.
221
+ Apply the skill's Approval Bar strictly - flag presumptive blockers explicitly.
222
+
223
+ If no significant maintainability issues found, explicitly state "No thermo-nuclear findings."
224
+ ```
225
+
226
+ ---
227
+
228
+ **Agent 5: Vercel/Next.js Best Practices** (CONDITIONAL - launch alongside Agents 1-4)
229
+
230
+ → **Detection:** Check if modified files match Next.js/Vercel patterns:
231
+ ```
232
+ - *.tsx, *.jsx files in app/, pages/, components/
233
+ - next.config.* files
234
+ - Server actions (use server)
235
+ - API routes (app/api/*, pages/api/*)
236
+ - Middleware (middleware.ts)
237
+ - Server components, client components
238
+ ```
239
+
240
+ → **If Next.js/Vercel code detected:** Add a 5th parallel review sub-agent:
241
+
242
+ Sub-agent profile/type: `code-reviewer`
243
+ ```
244
+ prompt: |
245
+ You are a NEXT.JS / REACT PERFORMANCE reviewer. Review ONLY the following files:
246
+ {list of modified files}
247
+
248
+ Focus exclusively on:
249
+ - Sequential awaits that should use Promise.all for parallel fetching
250
+ - Barrel imports causing bundle bloat (import from index files)
251
+ - Missing dynamic imports for heavy client components
252
+ - Server-side caching opportunities (React cache, unstable_cache)
253
+ - Unnecessary re-renders (missing memo, useMemo, useCallback)
254
+ - Wrong Server vs Client component boundaries
255
+ - Data fetching patterns (preloading, parallel fetching, waterfall detection)
256
+
257
+ For each finding, provide: file:line, severity (CRITICAL/HIGH/MEDIUM/LOW), description, and suggested fix.
258
+ If no performance issues found, explicitly state "No performance issues found."
259
+ ```
260
+
261
+ → **If NOT Next.js/Vercel code:** Skip this agent (launch only Agents 1-4)
262
+
263
+ ---
264
+
265
+ **🛑 REMINDER: You MUST have 4+ sub-agent launches in a SINGLE response (Security + Logic + Clean Code + Thermo-Nuclear, plus Next.js if applicable). If you only launched 1-3 agents, you are doing it WRONG. Go back and launch all agents. The Thermo-Nuclear agent is MANDATORY - never skip it.**
266
+
267
+ ### 4. Classify Findings
268
+
269
+ For each finding:
270
+
271
+ **Severity:**
272
+ - CRITICAL: Security vulnerability, data loss risk
273
+ - HIGH: Significant bug, will cause issues
274
+ - MEDIUM: Should fix, not urgent
275
+ - LOW: Minor improvement
276
+
277
+ **Validity:**
278
+ - Real: Definitely needs fixing
279
+ - Noise: Not actually a problem
280
+ - Uncertain: Needs discussion
281
+
282
+ ### 5. Present Findings Table
283
+
284
+ ```markdown
285
+ ## Findings
286
+
287
+ | ID | Severity | Category | Location | Issue | Validity |
288
+ |----|----------|----------|----------|-------|----------|
289
+ | F1 | CRITICAL | Security | auth.ts:42 | SQL injection | Real |
290
+ | F2 | HIGH | Logic | handler.ts:78 | Missing null check | Real |
291
+ | F3 | MEDIUM | Quality | utils.ts:15 | Complex function | Uncertain |
292
+
293
+ **Summary:** {count} findings ({blocking} blocking)
294
+ ```
295
+
296
+ ### 6. Create Finding Todos
297
+
298
+ ```
299
+ - [ ] F1 [CRITICAL] Fix SQL injection in auth.ts:42
300
+ - [ ] F2 [HIGH] Add null check in handler.ts:78
301
+ ```
302
+
303
+ ### 7. Get User Approval (review → resolve/test)
304
+
305
+ **If `{auto_mode}` = true:**
306
+ → Proceed automatically based on findings
307
+
308
+ **If `{auto_mode}` = false:**
309
+
310
+ ```yaml
311
+ questions:
312
+ - header: "Review"
313
+ question: "Review complete. How would you like to proceed?"
314
+ options:
315
+ - label: "Resolve findings (Recommended)"
316
+ description: "Address the identified issues"
317
+ - label: "Skip to tests"
318
+ description: "Skip resolution, proceed to test creation"
319
+ - label: "Skip resolution"
320
+ description: "Accept findings, don't make changes"
321
+ - label: "Discuss findings"
322
+ description: "I want to discuss specific findings"
323
+ multiSelect: false
324
+ ```
325
+
326
+ <critical>
327
+ This is one of the THREE transition points that requires user confirmation:
328
+ 1. plan → execute
329
+ 2. validate → review
330
+ 3. review → resolve/test (THIS ONE)
331
+ </critical>
332
+
333
+ ### 8. Complete Save Output (if save_mode)
334
+
335
+ **If `{save_mode}` = true:**
336
+
337
+ Append to `{output_dir}/05-examine.md`:
338
+ ```markdown
339
+ ---
340
+ ## Step Complete
341
+ **Status:** ✓ Complete
342
+ **Findings:** {count}
343
+ **Critical:** {count}
344
+ **Next:** step-06-resolve.md
345
+ **Timestamp:** {ISO timestamp}
346
+ ```
347
+
348
+ ---
349
+
350
+ ## SUCCESS METRICS:
351
+
352
+ ✅ All modified files reviewed
353
+ ✅ Security checklist completed
354
+ ✅ Findings classified by severity
355
+ ✅ Validity assessed for each finding
356
+ ✅ Findings table presented
357
+ ✅ Todos created for tracking
358
+ ✅ Thermo-Nuclear maintainability audit completed (mandatory final gate)
359
+ ✅ Next.js/Vercel best practices checked (if applicable)
360
+
361
+ ## FAILURE MODES:
362
+
363
+ ❌ **CRITICAL**: Launching only 1 review agent instead of 4+ - each category (Security, Logic, Clean Code, Thermo-Nuclear) MUST be a separate agent
364
+ ❌ **CRITICAL**: Skipping the Thermo-Nuclear maintainability review - it is the mandatory final verification gate
365
+ ❌ Combining multiple review categories into a single agent prompt
366
+ ❌ Skipping security review
367
+ ❌ Not classifying by severity
368
+ ❌ Auto-dismissing findings
369
+ ❌ Launching agents sequentially instead of in parallel
370
+ ❌ Using subagents when economy_mode
371
+ ❌ Skipping Vercel/Next.js review when React/Next.js files are modified
372
+ ❌ **CRITICAL**: Not using AskUserQuestion for review → resolve/test transition
373
+
374
+ ## REVIEW PROTOCOLS:
375
+
376
+ - Adversarial mindset - assume bugs exist
377
+ - Check security FIRST
378
+ - Every finding gets severity and validity
379
+ - Don't dismiss without justification
380
+ - Present clear summary
381
+
382
+ ---
383
+
384
+ ## NEXT STEP:
385
+
386
+ After user confirms via AskUserQuestion (or auto-proceed):
387
+
388
+ **If user chooses "Resolve findings":** → Load `./step-06-resolve.md`
389
+
390
+ **If user chooses "Skip to tests" (and test_mode):** → Load `./step-07-tests.md`
391
+
392
+ **If user chooses "Skip resolution":**
393
+ - **If test_mode:** → Load `./step-07-tests.md`
394
+ - **If pr_mode:** → Load `./step-09-finish.md` to create pull request
395
+ - **Otherwise:** → Workflow complete - show summary
396
+
397
+ <critical>
398
+ Remember: Be SKEPTICAL - your job is to find problems, not approve code!
399
+ This step MUST ask before proceeding (unless auto_mode).
400
+ </critical>
@@ -0,0 +1,239 @@
1
+ ---
2
+ name: step-06-resolve
3
+ description: Resolve findings - interactively address review issues
4
+ prev_step: steps/step-05-examine.md
5
+ next_step: COMPLETE
6
+ ---
7
+
8
+ # Step 6: Resolve Findings
9
+
10
+ ## MANDATORY EXECUTION RULES (READ FIRST):
11
+
12
+ - 🛑 NEVER auto-fix Noise or Uncertain findings
13
+ - 🛑 NEVER skip validation after fixes
14
+ - ✅ ALWAYS present resolution options to user (unless auto_mode)
15
+ - ✅ ALWAYS validate after applying fixes
16
+ - ✅ ALWAYS provide clear completion summary
17
+ - 📋 YOU ARE A RESOLVER, addressing identified issues
18
+ - 💬 FOCUS on "How do we fix these issues?"
19
+ - 🚫 FORBIDDEN to proceed with failing validation
20
+
21
+ ## EXECUTION PROTOCOLS:
22
+
23
+ - 🎯 Present resolution options first
24
+ - 💾 Log each fix applied (if save_mode)
25
+ - 📖 Validate after all fixes
26
+ - 🚫 FORBIDDEN to skip post-fix validation
27
+
28
+ ## CONTEXT BOUNDARIES:
29
+
30
+ - Findings from step-05 are classified
31
+ - Some are Real, some Noise, some Uncertain
32
+ - User may want different resolution strategies
33
+ - Must validate after any changes
34
+ - **If `{teams_mode}` = true:** Agent team is still alive. Do NOT shutdown teammates - that happens in step-09-finish only.
35
+
36
+ ## YOUR TASK:
37
+
38
+ Address adversarial review findings interactively - fix real issues, dismiss noise, discuss uncertain items.
39
+
40
+ ---
41
+
42
+ <available_state>
43
+ From previous steps:
44
+
45
+ | Variable | Description |
46
+ |----------|-------------|
47
+ | `{task_description}` | What was implemented |
48
+ | `{task_id}` | Kebab-case identifier |
49
+ | `{auto_mode}` | Auto-fix Real findings |
50
+ | `{save_mode}` | Save outputs to files |
51
+ | `{output_dir}` | Path to output (if save_mode) |
52
+ | Findings table | IDs, severity, validity |
53
+ | Finding todos | For tracking |
54
+ </available_state>
55
+
56
+ ---
57
+
58
+ ## EXECUTION SEQUENCE:
59
+
60
+ ### 1. Initialize Save Output (if save_mode)
61
+
62
+ **If `{save_mode}` = true:**
63
+
64
+ ```bash
65
+ bash {skill_dir}/scripts/update-progress.sh "{task_id}" "06" "resolve" "in_progress"
66
+ ```
67
+
68
+ Append logs to `{output_dir}/06-resolve.md` as you work.
69
+
70
+ ### 2. Present Resolution Options
71
+
72
+ **If `{auto_mode}` = true:**
73
+ → Auto-fix all "Real" findings, skip Noise/Uncertain
74
+
75
+ **If `{auto_mode}` = false:**
76
+
77
+ ```yaml
78
+ questions:
79
+ - header: "Resolution"
80
+ question: "How would you like to handle these findings?"
81
+ options:
82
+ - label: "Auto-fix Real issues (Recommended)"
83
+ description: "Fix 'Real' findings, skip noise/uncertain"
84
+ - label: "Walk through each finding"
85
+ description: "Decide on each finding individually"
86
+ - label: "Fix only critical"
87
+ description: "Only fix CRITICAL/BLOCKING issues"
88
+ - label: "Skip all"
89
+ description: "Acknowledge but don't change"
90
+ multiSelect: false
91
+ ```
92
+
93
+ ### 3. Apply Fixes Based on Choice
94
+
95
+ **Auto-fix Real:**
96
+ 1. Filter to Real findings only
97
+ 2. For each: Read file → Apply fix → Verify
98
+ 3. Log each fix
99
+
100
+ **Walk through each:**
101
+ For each finding in severity order:
102
+
103
+ ```yaml
104
+ questions:
105
+ - header: "F1"
106
+ question: "How should we handle this finding?"
107
+ options:
108
+ - label: "Fix now (Recommended)"
109
+ description: "Apply the suggested fix"
110
+ - label: "Skip"
111
+ description: "Acknowledge but don't fix"
112
+ - label: "Discuss"
113
+ description: "Need more context"
114
+ - label: "Mark as noise"
115
+ description: "Not a real issue"
116
+ multiSelect: false
117
+ ```
118
+
119
+ **Fix only critical:**
120
+ 1. Filter to CRITICAL/BLOCKING only
121
+ 2. Auto-fix those, skip others
122
+
123
+ **Skip all:**
124
+ 1. Acknowledge findings
125
+ 2. If Critical/High exist, confirm:
126
+
127
+ ```yaml
128
+ questions:
129
+ - header: "Confirm"
130
+ question: "You have unresolved Critical/High findings. Proceed anyway?"
131
+ options:
132
+ - label: "Go back and fix"
133
+ description: "Return to resolution options"
134
+ - label: "Proceed anyway"
135
+ description: "Accept risks, continue"
136
+ - label: "Fix only critical"
137
+ description: "Just fix critical issues"
138
+ multiSelect: false
139
+ ```
140
+
141
+ ### 4. Post-Resolution Validation
142
+
143
+ After any fixes:
144
+
145
+ ```bash
146
+ pnpm run typecheck && pnpm run lint
147
+ ```
148
+
149
+ Both MUST pass.
150
+
151
+ ### 5. Resolution Summary
152
+
153
+ ```
154
+ **Resolution Complete**
155
+
156
+ **Fixed:** {count}
157
+ - F1: Parameterized SQL query in auth.ts:42
158
+ - F2: Added null check in handler.ts:78
159
+
160
+ **Skipped:** {count}
161
+ - F3: Complex function (uncertain)
162
+
163
+ **Validation:** ✓ Passed
164
+ ```
165
+
166
+ ### 6. Complete Save Output (if save_mode)
167
+
168
+ **If `{save_mode}` = true:**
169
+
170
+ Append to `{output_dir}/06-resolve.md`:
171
+ ```markdown
172
+ ---
173
+ ## Step Complete
174
+ **Status:** ✓ Complete
175
+ **Findings fixed:** {count}
176
+ **Findings skipped:** {count}
177
+ **Validation:** ✓ Passed
178
+ **Timestamp:** {ISO timestamp}
179
+ ```
180
+
181
+ ### 7. Completion Summary
182
+
183
+ ```
184
+ **APEX Workflow Complete**
185
+
186
+ **Task:** {task_description}
187
+
188
+ **Implementation:**
189
+ - Files modified: {count}
190
+ - All checks passing: ✓
191
+
192
+ **Review:**
193
+ - Findings identified: {total}
194
+ - Findings resolved: {fixed}
195
+ - Findings skipped: {skipped}
196
+
197
+ **Next Steps:**
198
+ - [ ] Commit changes
199
+ - [ ] Run full test suite
200
+ - [ ] Deploy when ready
201
+ ```
202
+
203
+ ---
204
+
205
+ ## SUCCESS METRICS:
206
+
207
+ ✅ User chose resolution approach
208
+ ✅ All chosen fixes applied correctly
209
+ ✅ Validation passes after fixes
210
+ ✅ Clear summary of resolved/skipped
211
+ ✅ User understands next steps
212
+
213
+ ## FAILURE MODES:
214
+
215
+ ❌ Auto-fixing Noise or Uncertain findings
216
+ ❌ Not validating after fixes
217
+ ❌ No clear completion summary
218
+ ❌ Proceeding with failing validation
219
+ ❌ **CRITICAL**: Not using AskUserQuestion for decisions
220
+
221
+ ## RESOLUTION PROTOCOLS:
222
+
223
+ - Only auto-fix Real findings
224
+ - Validate after EVERY fix round
225
+ - Clear summary at the end
226
+ - User controls final decision
227
+
228
+ ---
229
+
230
+ ## NEXT STEP:
231
+
232
+ Based on flags:
233
+ - **If verify_mode:** Load `./step-10-verify.md` to verify feature
234
+ - **If pr_mode:** Load `./step-09-finish.md` to create pull request
235
+ - **Otherwise:** Workflow complete - show summary
236
+
237
+ <critical>
238
+ Remember: Always validate after fixes - never proceed with failing checks!
239
+ </critical>