all-for-claudecode 2.4.0 → 2.6.0

package/.claude-plugin/marketplace.json

@@ -6,14 +6,14 @@
   },
   "metadata": {
     "description": "Automated pipeline for Claude Code — spec → plan → implement → review → clean",
-    "version": "2.4.0"
+    "version": "2.6.0"
   },
   "plugins": [
     {
       "name": "afc",
       "source": "./",
       "description": "Automated pipeline for Claude Code. Automates the full development cycle: spec → plan → implement → review → clean.",
-      "version": "2.4.0",
+      "version": "2.6.0",
       "category": "automation",
       "tags": ["pipeline", "automation", "spec", "plan", "implement", "review", "critic-loop"]
     }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "afc",
-  "version": "2.4.0",
+  "version": "2.6.0",
   "description": "Automated pipeline for Claude Code. Automates the full development cycle: spec → plan → implement → review → clean.",
   "author": { "name": "jhlee0409", "email": "relee6203@gmail.com" },
   "homepage": "https://github.com/jhlee0409/all-for-claudecode",

package/README.md

@@ -6,10 +6,11 @@
 
 **Claude Code plugin that automates the full development cycle — spec → plan → implement → review → clean.**
 
+[![CI](https://github.com/jhlee0409/all-for-claudecode/actions/workflows/ci.yml/badge.svg)](https://github.com/jhlee0409/all-for-claudecode/actions/workflows/ci.yml)
 [![npm version](https://img.shields.io/npm/v/all-for-claudecode)](https://www.npmjs.com/package/all-for-claudecode)
 [![npm downloads](https://img.shields.io/npm/dm/all-for-claudecode)](https://www.npmjs.com/package/all-for-claudecode)
 [![license](https://img.shields.io/github/license/jhlee0409/all-for-claudecode)](./LICENSE)
-[![test](https://img.shields.io/badge/tests-passing-brightgreen)](#how-it-works)
+[![GitHub stars](https://img.shields.io/github/stars/jhlee0409/all-for-claudecode?style=social)](https://github.com/jhlee0409/all-for-claudecode)
 
 > One command (`/afc:auto`) runs the entire cycle. Zero runtime dependencies — pure markdown commands + bash hook scripts.
 
@@ -121,7 +122,11 @@ Performance: ✓ no N+1 queries
 | `/afc:launch` | Generate release artifacts (changelog, tag, publish) |
 | `/afc:validate` | Verify artifact consistency |
 | `/afc:analyze` | General-purpose code and component analysis |
+| `/afc:qa` | Project quality audit — test confidence, error resilience, code health |
 | `/afc:consult` | Expert consultation (backend, infra, PM, design, marketing) |
+| `/afc:triage` | Analyze open PRs and issues in parallel |
+| `/afc:pr-comment` | Generate structured PR review comments |
+| `/afc:release-notes` | Generate release notes from git history |
 | `/afc:clarify` | Resolve spec ambiguities |
 
 ### Individual Command Examples
@@ -141,6 +146,12 @@ Performance: ✓ no N+1 queries
 
 # Explore and structure a product idea
 /afc:ideate "real-time collaboration feature"
+
+# Triage open PRs and issues
+/afc:triage              # all open PRs + issues
+/afc:triage --pr         # PRs only
+/afc:triage --deep       # deep analysis with diff review
+/afc:triage 42 99        # specific items by number
 ```
 
 ## Hook Events
@@ -160,7 +171,7 @@ Every hook fires automatically — no configuration needed after install.
 | `Notification` | Desktop alerts (macOS/Linux) |
 | `TaskCompleted` | CI gate (shell) + acceptance criteria verification (LLM) |
 | `SubagentStop` | Tracks subagent completion in pipeline log |
-| `UserPromptSubmit` | Injects Phase/Feature context per prompt |
+| `UserPromptSubmit` | Injects Phase/Feature context + drift checkpoint during active pipeline |
 | `PermissionRequest` | Auto-allows CI commands during implement/review |
 | `ConfigChange` | Audits/blocks settings changes during active pipeline |
 | `TeammateIdle` | Prevents Agent Teams idle during implement/review |
@@ -175,7 +186,8 @@ Handler types: `command` (shell scripts, all events), `prompt` (LLM single-turn,
 |---|---|
 | `afc-architect` | Remembers ADR decisions and architecture patterns across sessions. Auto-invoked during Plan (ADR recording) and Review (architecture compliance). |
 | `afc-security` | Remembers vulnerability patterns and false positives across sessions. Auto-invoked during Review (security scanning). Runs in isolated worktree. |
-| `afc-impl-worker` | Parallel implementation worker. Receives pre-assigned tasks from orchestrator. Ephemeral (no memory). |
+| `afc-impl-worker` | Parallel implementation worker. Receives pre-assigned tasks from orchestrator. Ephemeral (no memory). Max 50 turns, auto-approve edits. |
+| `afc-pr-analyst` | PR deep analysis worker for triage. Runs in isolated worktree with diff access. Max 15 turns. |
 
 ## Expert Consultation
 

package/agents/afc-impl-worker.md

@@ -9,6 +9,8 @@ tools:
   - Glob
   - Grep
 model: sonnet
+maxTurns: 50
+permissionMode: acceptEdits
 ---
 
 You are a parallel implementation worker for the all-for-claudecode pipeline.

package/agents/afc-pr-analyst.md

@@ -0,0 +1,57 @@
+---
+name: afc-pr-analyst
+description: "PR deep analysis worker — performs build/test/lint verification in an isolated worktree for triage."
+tools:
+  - Read
+  - Bash
+  - Glob
+  - Grep
+model: sonnet
+maxTurns: 15
+---
+
+You are a PR deep-analysis worker for the all-for-claudecode triage pipeline.
+
+## Purpose
+
+You run inside an **isolated worktree** to perform deep analysis that requires checking out the PR branch: building, testing, linting, and architectural impact assessment.
+
+## Workflow
+
+1. **Checkout the PR branch** using `gh pr checkout {number}` (provided in your prompt)
+2. **Detect project tooling**:
+   - Read `.claude/afc.config.md` for CI commands (if present)
+   - Read `CLAUDE.md` for build/test commands
+   - Read `package.json`, `Makefile`, `Cargo.toml`, etc. for standard commands
+3. **Run verification** (skip steps if commands are not available):
+   a. **Build**: run the project build command
+   b. **Lint**: run the project lint command
+   c. **Test**: run the project test command
+4. **Analyze results**:
+   - Parse build/test/lint output for errors and warnings
+   - Identify files with issues
+   - Assess architectural impact (does the PR cross layer boundaries?)
+5. **Return structured report**
+
+## Output Format
+
+```
+BUILD_STATUS: pass|fail|skip
+BUILD_OUTPUT: {first 20 lines of errors if failed, otherwise "clean"}
+TEST_STATUS: pass|fail|skip (N passed, M failed)
+TEST_OUTPUT: {failed test names and first error lines if failed}
+LINT_STATUS: pass|fail|skip
+LINT_OUTPUT: {lint warnings/errors if any}
+ARCHITECTURE_IMPACT: {assessment of cross-cutting changes}
+DEEP_FINDINGS: {key findings from deep analysis, numbered list}
+RECOMMENDATION: merge|request-changes|needs-discussion
+RECOMMENDATION_REASON: {one sentence explanation}
+```
+
+## Rules
+
+- **Read-only intent**: you are analyzing, not fixing. Do not modify code.
+- **Time budget**: keep total execution under 2 minutes. Skip long-running test suites (use `timeout 90s` wrapper).
+- **Error resilience**: if a command fails to run (missing tool, permissions), report `skip` and continue.
+- **No network calls**: do not install dependencies unless the build step explicitly requires it and it completes within the time budget.
+- Follow the project's shell script conventions when running commands.

package/agents/afc-security.md

@@ -8,6 +8,11 @@ tools:
   - Bash
   - Task
   - WebSearch
+disallowedTools:
+  - Write
+  - Edit
+  - MultiEdit
+  - NotebookEdit
 model: sonnet
 memory: project
 isolation: worktree

package/commands/auto.md

@@ -499,7 +499,7 @@ Artifact cleanup and codebase hygiene check after implementation and review:
      ```
    - Create `.claude/afc/memory/quality-history/` directory if it does not exist
 6. **Checkpoint reset**:
-   - Clear `.claude/afc/memory/checkpoint.md` **and** `~/.claude/projects/{ENCODED_PATH}/auto-memory/checkpoint.md` (pipeline complete = session goal achieved, dual-delete prevents stale checkpoint in either location; `ENCODED_PATH` = project path with `/` replaced by `-`)
+   - Clear `.claude/afc/memory/checkpoint.md` **and** `~/.claude/projects/{ENCODED_PATH}/memory/checkpoint.md` (pipeline complete = session goal achieved, dual-delete prevents stale checkpoint in either location; `ENCODED_PATH` = project path with `/` replaced by `-`)
 7. **Timeline finalize**:
    ```bash
    "${CLAUDE_PLUGIN_ROOT}/scripts/afc-pipeline-manage.sh" log pipeline-end "Pipeline complete: {feature}"

package/commands/doctor.md

@@ -59,7 +59,7 @@ Run ALL checks regardless of earlier failures. Do not short-circuit.
 |-------|-----|------|------|
 | Global CLAUDE.md exists | Read `~/.claude/CLAUDE.md` | File exists | ⚠ Warning: no global CLAUDE.md. all-for-claudecode skills won't auto-trigger from intent. Fix: run `/afc:init` |
 | all-for-claudecode block present | Grep for `<!-- AFC:START -->` and `<!-- AFC:END -->` in `~/.claude/CLAUDE.md` | Both markers found | Fix: run `/afc:init` to inject all-for-claudecode block |
-| all-for-claudecode block version | Extract version from `<!-- AFC:VERSION:X.Y.Z -->` in CLAUDE.md. Then read `${CLAUDE_PLUGIN_ROOT}/package.json` to get the actual plugin version. Compare the two. | Block version ≥ plugin version | ⚠ Warning: all-for-claudecode block is outdated (found {block_version}, current {plugin_version}). Fix: run `/afc:init` to update |
+| all-for-claudecode block version | Extract version from `<!-- AFC:VERSION:X.Y.Z -->` in CLAUDE.md. Read `${CLAUDE_PLUGIN_ROOT}/package.json` (`.version`) to get the actual plugin version. Compare the two. | Block version = plugin version | ⚠ Warning: all-for-claudecode block is outdated (found {block_version}, current {plugin_version}). Fix: run `/afc:init` to update |
 | No conflicting routing | Grep for conflicting agent patterns (`executor`, `deep-executor`, `debugger`, `code-reviewer`) outside all-for-claudecode block that could intercept afc intents | No conflicts or conflicts are inside other tool blocks | ⚠ Warning: found agent routing that may conflict with afc skills. Review `~/.claude/CLAUDE.md` |
 
 ### Category 4: Legacy Migration (v1.x → v2.0)
@@ -112,36 +112,56 @@ Run ALL checks regardless of earlier failures. Do not short-circuit.
 
 | Check | How | Pass | Fail |
 |-------|-----|------|------|
-| Version triple match | Compare versions in `package.json`, `.claude-plugin/plugin.json`, `.claude-plugin/marketplace.json` (both `metadata.version` and `plugins[0].version`) | All identical | ✗ Fix: update mismatched files to the same version |
+| Version triple match | Compare versions in `package.json` (`.version`), `.claude-plugin/plugin.json` (`.version`), `.claude-plugin/marketplace.json` (`.metadata.version` and `.plugins[0].version`) | All identical | ✗ Fix: update mismatched files to the same version |
 | Cache in sync | Compare `commands/auto.md` content between source and `~/.claude/plugins/cache/all-for-claudecode/afc/{version}/commands/auto.md` | Content matches | ⚠ Warning: plugin cache is stale. Fix: copy source files to cache directory |
 
+### Category 9: Command Definitions (development only)
+
+> Only run if current directory is the all-for-claudecode source repo (same condition as Category 8).
+
+| Check | How | Pass | Fail |
+|-------|-----|------|------|
+| Frontmatter exists | Each `commands/*.md` file has opening and closing `---` block | All files have frontmatter | ✗ Fix: add YAML frontmatter block to `commands/{file}.md` |
+| Required fields | Each command frontmatter contains `name:` and `description:` | All files have both fields | ✗ Fix: add missing `name:` or `description:` to `commands/{file}.md` |
+| Name-filename match | `name:` value follows `afc:{filename}` pattern (e.g. `auto.md` → `name: afc:auto`) | All names match filenames | ✗ Fix: rename `name:` field in `commands/{file}.md` to `afc:{filename}` |
+| Fork-agent reference | Commands with `context: fork` and `agent:` field reference a file that exists in `agents/` (e.g. `agent: afc-architect` → `agents/afc-architect.md` exists) | All agent references resolve | ✗ Fix: create missing agent file `agents/{name}.md` or fix `agent:` field in `commands/{file}.md` |
+
+### Category 10: Agent Definitions (development only)
+
+> Only run if current directory is the all-for-claudecode source repo (same condition as Category 8).
+
+| Check | How | Pass | Fail |
+|-------|-----|------|------|
+| Frontmatter exists | Each `agents/*.md` file has opening and closing `---` block | All files have frontmatter | ✗ Fix: add YAML frontmatter block to `agents/{file}.md` |
+| Required fields | Each agent frontmatter contains `name:`, `description:`, and `model:` | All files have all 3 fields | ✗ Fix: add missing field to `agents/{file}.md` |
+| Name-filename match | `name:` value equals the filename without extension (e.g. `afc-architect.md` → `name: afc-architect`) | All names match filenames | ✗ Fix: rename `name:` field in `agents/{file}.md` to match filename |
+| Expert memory | All 8 expert consultation agents (`afc-backend-expert`, `afc-infra-expert`, `afc-pm-expert`, `afc-design-expert`, `afc-marketing-expert`, `afc-legal-expert`, `afc-appsec-expert`, `afc-tech-advisor`) have `memory: project` | All experts have memory field | ✗ Fix: add `memory: project` to `agents/{name}.md` frontmatter |
+| Worker maxTurns | `afc-impl-worker` and `afc-pr-analyst` have `maxTurns:` field | Both workers have maxTurns | ✗ Fix: add `maxTurns:` to `agents/{name}.md` frontmatter |
+
+### Category 11: Doc References (development only)
+
+> Only run if current directory is the all-for-claudecode source repo (same condition as Category 8).
+
+| Check | How | Pass | Fail |
+|-------|-----|------|------|
+| Referenced docs exist | Scan commands and agents for file references to `docs/` (e.g. `docs/critic-loop-rules.md`, `docs/phase-gate-protocol.md`). Each referenced file must exist. | All referenced docs found | ✗ Fix: create missing `docs/{file}.md` or fix the reference |
+| Domain adapters exist | `docs/domain-adapters/` directory contains at least one `.md` file | ≥ 1 adapter file found | ✗ Fix: add domain adapter files to `docs/domain-adapters/` |
+
 ---
 
 ## Execution
 
-1. Print header:
+1. Run the automated health check script:
    ```
-   all-for-claudecode Doctor
-   =======================
+   "${CLAUDE_PLUGIN_ROOT}/scripts/afc-doctor.sh" $ARGUMENTS
    ```
+   This covers Categories 1-8 automatically.
 
-2. Run each category in order. For each check:
-   - Print `  ✓ {check name}` on pass
-   - Print `  ⚠ {check name}: {brief reason}` on warning
-   - Print `  ✗ {check name}: {brief reason}` on fail
-   - On fail/warning, print `    Fix: {command}` indented below
+2. Print the script's stdout output as-is (already formatted with pass/warn/fail markers).
 
-3. If `--verbose` is in `$ARGUMENTS`:
-   - Print additional details for each check (command output, file paths, versions found)
+3. If in the source repo (package.json `name` = `"all-for-claudecode"`), continue with Categories 9-11 manually using the check tables above.
 
-4. Print summary:
-   ```
-   ─────────────────────────
-   Results: {pass} passed, {warn} warnings, {fail} failures
-   ```
-   - If all pass: `No issues found!`
-   - If warnings only: `{N} warnings found. Non-blocking but review recommended.`
-   - If any failures: `{N} issues need attention. Run the Fix commands above.`
+4. Print combined summary (script summary + any additional findings from Categories 9-11).
 
 ## Example Output
 
@@ -178,8 +198,29 @@ Hook Health
   ✓ All scripts exist
   ✓ All scripts executable
 
+Version Sync (dev)
+  ✓ Version triple match
+  ✓ Cache in sync
+
+Command Definitions (dev)
+  ✓ Frontmatter exists (25 files)
+  ✓ Required fields present
+  ✓ Name-filename match
+  ✓ Fork-agent references valid
+
+Agent Definitions (dev)
+  ✓ Frontmatter exists (12 files)
+  ✓ Required fields present
+  ✓ Name-filename match
+  ✓ Expert memory configured (8/8)
+  ✓ Worker maxTurns configured (2/2)
+
+Doc References (dev)
+  ✓ Referenced docs exist
+  ✓ Domain adapters exist (3 files)
+
 ─────────────────────────
-Results: 14 passed, 2 warnings, 0 failures
+Results: 28 passed, 2 warnings, 0 failures
 2 warnings found. Non-blocking but review recommended.
 ```
 
@@ -189,4 +230,4 @@ Results: 14 passed, 2 warnings, 0 failures
 - **Always run all checks**: do not stop on first failure. The full picture is the value.
 - **Actionable fixes**: every non-pass result must include a Fix line. Never report a problem without a solution.
 - **Fast execution**: skip CI/gate command checks if `--fast` is in arguments (these are the slowest checks).
-- **Development checks**: Category 7 (Version Sync) only runs when inside the all-for-claudecode source repo.
+- **Development checks**: Categories 8–11 (Version Sync, Command Definitions, Agent Definitions, Doc References) only run when inside the all-for-claudecode source repo.

package/commands/implement.md

@@ -180,11 +180,13 @@ Task("T004: Create AuthService", subagent_type: "afc:afc-impl-worker", isolation
 
 **Failure Recovery** (per-task, not per-batch):
 1. Identify the failed task from the agent's error return
-2. Reset: `TaskUpdate(taskId, status: "pending")`
-3. Track: `TaskUpdate(taskId, metadata: { retryCount: N })`
-4. If retryCount < 3 → re-launch in the next batch round (not immediately — wait for current batch to finish)
-5. If retryCount >= 3 → mark as failed, report: `"T{ID} failed after 3 attempts: {last error}"`
-6. Continue with remaining tasks — a single failure does not block the entire phase
+2. Capture the `agentId` from the failed agent's result (returned in Task tool output)
+3. Reset: `TaskUpdate(taskId, status: "pending")`
+4. Track: `TaskUpdate(taskId, metadata: { retryCount: N, lastAgentId: agentId })`
+5. If retryCount < 3 → re-launch with `resume: lastAgentId` in the next batch round. The resumed agent retains full context from the previous attempt (what it tried, what failed, partial progress), enabling more targeted retry instead of starting from scratch.
+   - **Worktree caveat**: if the failed worker made no file changes, its worktree is auto-cleaned and `resume` will fail. In this case, fall back to a fresh launch (omit `resume`) for the retry.
+6. If retryCount >= 3 → mark as failed, report: `"T{ID} failed after 3 attempts: {last error}"`
+7. Continue with remaining tasks — a single failure does not block the entire phase
 
 #### Swarm Mode (6+ [P] tasks)
 
@@ -247,11 +249,13 @@ Task("Worker 2: T008, T010, T012", subagent_type: "afc:afc-impl-worker", isolati
 When a worker agent returns an error:
 1. Identify which tasks the worker was assigned (from the pre-assigned list)
 2. Check which tasks the worker actually completed (from its result summary)
-3. Reset uncompleted tasks: `TaskUpdate(taskId, status: "pending")`
-4. Track retry count: `TaskUpdate(taskId, metadata: { retryCount: N })`
-5. If retryCount < 3 → reassign to next worker batch
-6. If retryCount >= 3 → mark as failed, report: `"T{ID} failed after 3 attempts: {last error}"`
-7. Continue with remaining tasks
+3. Capture the `agentId` from the failed worker's result
+4. Reset uncompleted tasks: `TaskUpdate(taskId, status: "pending")`
+5. Track retry count: `TaskUpdate(taskId, metadata: { retryCount: N, lastAgentId: agentId })`
+6. If retryCount < 3 → re-launch with `resume: lastAgentId` to preserve context from the previous attempt. The resumed agent retains its full conversation history (files read, changes attempted, errors encountered), enabling targeted retry.
+   - **Worktree caveat**: if the failed worker made no file changes, its worktree is auto-cleaned and `resume` will fail. In this case, fall back to a fresh launch (omit `resume`) for the retry.
+7. If retryCount >= 3 → mark as failed, report: `"T{ID} failed after 3 attempts: {last error}"`
+8. Continue with remaining tasks
 
 > Single task failure does not block the phase. The orchestrator reassigns failed tasks to subsequent batches.
 

package/commands/init.md

@@ -41,10 +41,12 @@ Before anything else, detect and migrate v1.x (selfish-pipeline) artifacts:
   - Rename: `mv .claude/selfish .claude/afc`
   - Print: `Migrated: .claude/selfish/ → .claude/afc/`
 
-**D. Git tag migration**
-- Check `git tag -l 'selfish/pre-*' 'selfish/phase-*'`
-- If any found: rename each tag (`git tag afc/... selfish/... && git tag -d selfish/...`)
-- Print: `Migrated: {count} git tags (selfish/* → afc/*)`
+**D. Git tag cleanup**
+- Check `git tag -l 'selfish/*'`
+- If any found:
+  - Known patterns (`selfish/pre-*`, `selfish/phase-*`): rename to `afc/` equivalent (`git tag afc/... selfish/... && git tag -d selfish/...`)
+  - All remaining `selfish/*`: delete (`git tag -d`)
+- Print: `Migrated: {renamed} renamed, {deleted} deleted`
 
 ### 2. Check for Existing Config
 
@@ -224,31 +226,43 @@ IMPORTANT: For requests matching the afc skill routing table below, always invok
 
 ## Skill Routing
 
-| Intent | Skill | Trigger Keywords |
-|--------|-------|-----------------|
-| Implement/Modify | `afc:implement` | add, modify, refactor, implement |
-| Review | `afc:review` | review, check code, check PR |
-| Debug | `afc:debug` | bug, error, broken, fix |
-| Test | `afc:test` | test, coverage |
-| Design | `afc:plan` | design, plan, how to implement |
-| Validate | `afc:validate` | consistency, validate, validate artifacts |
-| Analyze | `afc:analyze` | analyze, explore, investigate code, root cause |
-| Spec | `afc:spec` | spec, specification |
-| Tasks | `afc:tasks` | break down tasks, decompose |
-| Research | `afc:research` | research, investigate |
-| Ideate | `afc:ideate` | idea, brainstorm, what to build, product brief |
-| Ambiguous | `afc:clarify` | auto-triggered when requirements are unclear |
-| Full auto | `afc:auto` | do it automatically, auto-run |
-| Consult | `afc:consult` | consult, ask expert, advice, which library, what tool, recommend, compare, stack decision, ask backend, ask infra, ask PM, ask design, ask marketing, ask legal, ask security, ask advisor, GDPR, OWASP, SEO, accessibility |
+Classify the user's intent and route to the matching skill. Use semantic understanding — not keyword matching.
+
+| User Intent | Skill | Route When |
+|-------------|-------|------------|
+| Full lifecycle | `afc:auto` | User wants end-to-end feature development, or the request is a non-trivial new feature without an existing plan |
+| Specification | `afc:spec` | User wants to define or write requirements, acceptance criteria, or success conditions |
+| Design/Plan | `afc:plan` | User wants to plan HOW to implement before coding — approach, architecture decisions, design |
+| Implement | `afc:implement` | User wants specific code changes with a clear scope: add feature, refactor, modify. Requires existing plan or precise instructions |
+| Review | `afc:review` | User wants code review, PR review, or quality check on existing/changed code |
+| Debug/Fix | `afc:debug` | User reports a bug, error, or broken behavior and wants diagnosis and fix |
+| Test | `afc:test` | User wants to write tests, improve coverage, or verify behavior |
+| Validate | `afc:validate` | User wants to check consistency or validate existing pipeline artifacts |
+| Analyze | `afc:analyze` | User wants to understand, explore, or audit existing code without modifying it |
+| QA Audit | `afc:qa` | User wants project quality audit, test confidence check, or runtime quality gaps |
+| Research | `afc:research` | User wants deep investigation of external tools, libraries, APIs, or technical concepts |
+| Ideate | `afc:ideate` | User wants to brainstorm ideas, explore possibilities, or draft a product brief |
+| Consult | `afc:consult` | User wants expert advice on a decision: library choice, architecture direction, legal/security/infra guidance |
+| Launch | `afc:launch` | User wants to prepare a release — generate changelog, release notes, version bump, or tag |
+| Tasks | `afc:tasks` | User explicitly wants to decompose work into a task breakdown |
+| Ambiguous | `afc:clarify` | User's request is too vague or underspecified to route confidently |
+
+### Routing Rules
+
+1. **Auto vs Implement**: A new feature request without an existing plan routes to `afc:auto`. Only use `afc:implement` when the user has a clear, scoped task or an existing plan/spec.
+2. **Compound intents**: Route to the primary intent. The pipeline handles sequencing internally.
+3. **Design-first**: When scope is non-trivial (multiple files, architectural decisions needed), prefer `afc:auto` or `afc:plan` over direct `afc:implement`.
 
 User-only (not auto-triggered — inform user on request):
-- `afc:launch` — inform user when release artifact generation is requested
 - `afc:doctor` — inform user when health check is requested
 - `afc:architect` — inform user when architecture review is requested
 - `afc:security` — inform user when security scan is requested
 - `afc:checkpoint` — inform user when session save is requested
 - `afc:resume` — inform user when session restore is requested
 - `afc:principles` — inform user when project principles management is requested
+- `afc:triage` — inform user when parallel PR/issue triage is requested
+- `afc:pr-comment` — inform user when posting PR review comments to GitHub is requested
+- `afc:release-notes` — inform user when generating release notes from git history is requested
 
 ## Pipeline
 
@@ -257,6 +271,13 @@ spec → plan → implement → review → clean
 ## Override Rules
 
 NEVER use executor, deep-executor, debugger, planner, analyst, verifier, test-engineer, code-reviewer, quality-reviewer, style-reviewer, api-reviewer, security-reviewer, performance-reviewer for tasks that an afc skill covers above. ALWAYS invoke the afc skill instead.
+
+## Source Verification
+
+When analyzing or making claims about external systems, APIs, SDKs, or third-party tools:
+- Verify against official documentation, NOT project-internal docs
+- Do not hardcode reference data when delegating to sub-agents — instruct them to look up primary sources
+- Cross-verify high-severity findings before reporting
 </afc-pipeline>
 <!-- AFC:END -->
 ```

package/commands/pr-comment.md

@@ -0,0 +1,181 @@
+---
+name: afc:pr-comment
+description: "Post PR review comments to GitHub"
+argument-hint: "<PR number> [--severity critical,warning,info]"
+allowed-tools:
+  - Read
+  - Bash
+  - Glob
+  - Grep
+  - Task
+model: sonnet
+---
+
+# /afc:pr-comment — Post PR Review to GitHub
+
+> Analyzes a PR and posts a structured review comment to GitHub.
+> Reuses existing triage reports when available. Asks for user confirmation before posting.
+
+## Arguments
+
+- `$ARGUMENTS` — PR number (required), with optional severity filter
+  - `42` — Analyze and post review for PR #42
+  - `42 --severity critical,warning` — Only include Critical and Warning findings
+  - `42 --severity critical` — Only include Critical findings
+
+Parse the arguments:
+1. Extract the PR number (first numeric argument)
+2. Extract `--severity` filter if present (comma-separated list of: `critical`, `warning`, `info`)
+3. If no PR number is found, ask the user: "Which PR number should I review?"
+
+## Execution Steps
+
+### 1. Collect PR Information
+
+```bash
+gh pr view {number} --json number,title,headRefName,author,body,additions,deletions,changedFiles,labels,reviewDecision,state
+```
+
+```bash
+gh pr diff {number}
+```
+
+Verify the PR exists and is open. If closed/merged, inform the user and ask whether to proceed anyway.
+
+### 2. Check for Existing Triage Report
+
+Look for a recent triage report that covers this PR:
+
+```bash
+ls -t .claude/afc/memory/triage/*.md 2>/dev/null | head -5
+```
+
+If a report exists from today, search it for `PR #{number}` analysis. If found, reuse that analysis as the basis for the review instead of re-analyzing from scratch.
+
+### 3. Analyze PR (if no triage data available)
+
+If no existing triage report covers this PR, perform a focused review of the diff.
+
+Examine the diff from the following perspectives (abbreviated from review.md):
+
+#### A. Code Quality
+- Style compliance, naming conventions, unnecessary complexity
+
+#### B. Architecture
+- Layer violations, boundary crossings, structural concerns
+
+#### C. Security
+- XSS, injection, sensitive data exposure, auth issues
+
+#### D. Performance
+- Latency concerns, unnecessary computation, resource leaks
+
+#### E. Maintainability
+- Function/file size, naming clarity, readability
+
+Classify each finding with a severity:
+- **Critical (C)** — Must fix before merge. Bugs, security vulnerabilities, data loss risks.
+- **Warning (W)** — Should fix. Code quality issues, potential problems, maintainability concerns.
+- **Info (I)** — Nice to have. Suggestions, minor improvements, style preferences.
+
+### 4. Apply Severity Filter
+
+If `--severity` was specified, filter findings to only include the specified severity levels.
+
+Default (no filter): include all severity levels.
+
+### 5. Generate Review Comment
+
+Compose the review comment in this format:
+
+```markdown
+## AFC Code Review — PR #{number}
+
+### Summary
+
+| Severity | Count |
+|----------|-------|
+| Critical | {N} |
+| Warning  | {N} |
+| Info     | {N} |
+
+### Findings
+
+#### C-{N}: {title}
+- **File**: `{path}:{line}`
+- **Issue**: {description}
+- **Suggested fix**: {suggestion}
+
+#### W-{N}: {title}
+{same format}
+
+#### I-{N}: {title}
+{same format}
+
+### Positives
+- {1-2 things done well}
+
+---
+*Reviewed by [all-for-claudecode](https://github.com/anthropics/claude-code)*
+```
+
+If there are zero findings after filtering, the comment should be:
+
+```markdown
+## AFC Code Review — PR #{number}
+
+No issues found. Code looks good!
+
+---
+*Reviewed by [all-for-claudecode](https://github.com/anthropics/claude-code)*
+```
+
+### 6. Preview and Confirm
+
+Display the full review comment to the user in the console.
+
+Then determine the review event type:
+- **Critical findings exist** → `REQUEST_CHANGES`
+- **Only Warning/Info findings** → `COMMENT`
+- **No findings** → `APPROVE`
+
+Tell the user:
+```
+Review event: {APPROVE|COMMENT|REQUEST_CHANGES}
+Findings: Critical {N} / Warning {N} / Info {N}
+```
+
+Ask the user to confirm using AskUserQuestion with these options:
+1. **Post as-is** — Post the review comment to GitHub
+2. **Edit first** — Let me modify the comment before posting (user provides edits, then re-confirm)
+3. **Cancel** — Do not post anything
+
+### 7. Post to GitHub
+
+On approval, write the review comment to a temp file and post via `--body-file` (avoids shell escaping issues with markdown):
+
+```bash
+tmp_file=$(mktemp)
+cat > "$tmp_file" << 'REVIEW_EOF'
+{review comment content}
+REVIEW_EOF
+gh pr review {number} --body-file "$tmp_file" --event {COMMENT|REQUEST_CHANGES|APPROVE}
+rm -f "$tmp_file"
+```
+
+### 8. Final Output
+
+```
+PR review posted
+├─ PR: #{number} ({title})
+├─ Event: {APPROVE|COMMENT|REQUEST_CHANGES}
+├─ Findings: Critical {N} / Warning {N} / Info {N}
+└─ URL: {PR URL from gh pr view}
+```
+
+## Notes
+
+- **User confirmation required**: Never post to GitHub without explicit user approval.
+- **Idempotent**: Running multiple times on the same PR creates additional review comments (GitHub does not deduplicate).
+- **Respects existing reviews**: This command does not dismiss or override other reviewers' reviews.
+- **Rate limits**: Uses a single `gh pr review` call. No rate limit concerns for normal usage.