baldart 3.41.0 → 4.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +47 -0
- package/VERSION +1 -1
- package/framework/.claude/agents/REGISTRY.md +72 -24
- package/framework/.claude/agents/api-perf-cost-auditor.md +17 -10
- package/framework/.claude/agents/code-reviewer.md +31 -24
- package/framework/.claude/agents/codebase-architect.md +47 -43
- package/framework/.claude/agents/coder.md +29 -18
- package/framework/.claude/agents/doc-reviewer.md +57 -30
- package/framework/.claude/agents/plan-auditor.md +85 -20
- package/framework/.claude/agents/prd-card-writer.md +44 -14
- package/framework/.claude/agents/prd.md +22 -3
- package/framework/.claude/agents/qa-sentinel.md +33 -15
- package/framework/.claude/agents/security-reviewer.md +65 -10
- package/framework/.claude/agents/senior-researcher.md +8 -1
- package/framework/.claude/agents/ui-expert.md +22 -7
- package/framework/.claude/commands/check.md +31 -11
- package/framework/.claude/commands/codexreview.md +48 -29
- package/framework/.claude/commands/new.md +29 -330
- package/framework/.claude/commands/qa.md +57 -37
- package/framework/.claude/skills/api-design-principles/SKILL.md +2 -2
- package/framework/.claude/skills/bug/SKILL.md +8 -8
- package/framework/.claude/skills/bug/references/logging-patterns.md +8 -2
- package/framework/.claude/skills/context-primer/SKILL.md +29 -8
- package/framework/.claude/skills/doc-writing-for-rag/SKILL.md +36 -36
- package/framework/.claude/skills/frontend-design/SKILL.md +10 -8
- package/framework/.claude/skills/new/SKILL.md +409 -302
- package/framework/.claude/skills/prd/SKILL.md +67 -38
- package/framework/.claude/skills/prd/assets/card-template.yml +22 -26
- package/framework/.claude/skills/prd/assets/epic-template.yml +5 -5
- package/framework/.claude/skills/prd/assets/prd-template.md +1 -1
- package/framework/.claude/skills/prd/assets/state-template.md +25 -3
- package/framework/.claude/skills/prd/references/api-perf-gate.md +143 -33
- package/framework/.claude/skills/prd/references/audit-phase.md +48 -34
- package/framework/.claude/skills/prd/references/backlog-phase.md +38 -11
- package/framework/.claude/skills/prd/references/discovery-phase.md +121 -44
- package/framework/.claude/skills/prd/references/impact-analysis.md +127 -23
- package/framework/.claude/skills/prd/references/prd-add-phase.md +18 -214
- package/framework/.claude/skills/prd/references/prd-writing-phase.md +52 -42
- package/framework/.claude/skills/prd/references/research-phase.md +105 -19
- package/framework/.claude/skills/prd/references/ui-design-phase.md +20 -8
- package/framework/.claude/skills/prd/references/validation-phase.md +97 -72
- package/framework/.claude/skills/prd-add/SKILL.md +70 -20
- package/framework/.claude/skills/simplify/SKILL.md +22 -12
- package/framework/.claude/skills/ui-design/SKILL.md +26 -7
- package/framework/.claude/skills/webapp-testing/SKILL.md +6 -4
- package/framework/.claude/skills/worktree-manager/SKILL.md +206 -143
- package/framework/agents/coding-standards.md +85 -0
- package/framework/agents/skills-mapping.md +85 -82
- package/framework/agents/testing.md +6 -4
- package/framework/templates/baldart.config.template.yml +29 -7
- package/package.json +1 -1
- package/src/commands/configure.js +43 -9
- package/framework/.claude/skills/prd-add/references/impact-analysis.md +0 -233
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: security-reviewer
|
|
3
|
-
description: "Use this agent when code needs a security review, when reviewing PRs/diffs for security implications, when designing authentication/authorization flows, when handling secrets or sensitive data, when reviewing API endpoints, when evaluating dependency security, or when assessing cloud/infra configurations for security risks. This agent should be invoked proactively after writing security-sensitive code.\\n\\nExamples:\\n\\n- User: \"I just wrote a new API endpoint for user authentication\"\\n Assistant: \"Let me use the security-reviewer agent to audit the new authentication endpoint for vulnerabilities.\"\\n (Since a security-sensitive endpoint was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Review this PR for the payment processing feature\"\\n Assistant: \"I'll launch the security-reviewer agent to perform a thorough security audit of the payment processing changes.\"\\n (Since payment code touches sensitive financial data, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I added a file upload handler to the
|
|
3
|
+
description: "Use this agent when code needs a security review, when reviewing PRs/diffs for security implications, when designing authentication/authorization flows, when handling secrets or sensitive data, when reviewing API endpoints, when evaluating dependency security, or when assessing cloud/infra configurations for security risks. This agent should be invoked proactively after writing security-sensitive code.\\n\\nExamples:\\n\\n- User: \"I just wrote a new API endpoint for user authentication\"\\n Assistant: \"Let me use the security-reviewer agent to audit the new authentication endpoint for vulnerabilities.\"\\n (Since a security-sensitive endpoint was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Review this PR for the payment processing feature\"\\n Assistant: \"I'll launch the security-reviewer agent to perform a thorough security audit of the payment processing changes.\"\\n (Since payment code touches sensitive financial data, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I added a file upload handler to the dashboard\"\\n Assistant: \"File uploads are a high-risk attack surface. Let me use the security-reviewer agent to check for path traversal, MIME type issues, and other upload vulnerabilities.\"\\n (Since file upload code was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Can you check if our database access-control rules are properly configured?\"\\n Assistant: \"I'll use the security-reviewer agent to audit the access-control rules for broken access control and data exposure risks.\"\\n (Since the user is asking about security configuration, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I just implemented the session handling with Safari ITP fallback\"\\n Assistant: \"Session handling is security-critical. Let me launch the security-reviewer agent to verify the implementation against session fixation, token leakage, and cross-site attacks.\"\\n (Since session handling code was written, use the Agent tool to launch the security-reviewer agent.)"
|
|
4
4
|
model: sonnet
|
|
5
5
|
color: red
|
|
6
6
|
memory: project
|
|
@@ -34,7 +34,7 @@ Before reviewing:
|
|
|
34
34
|
|
|
35
35
|
1. Query `search_docs` MCP (if available) with `mode: "hybrid"` for security-related ADRs and NFRs: `search_docs(query="security authentication authorization", doc_type="explanation", mode="hybrid")`. Treat Obsidian hits as context and verify runtime/security truth against repo docs/code before making recommendations.
|
|
36
36
|
2. If MCP is unavailable, fall back to targeted canonical docs and `rg` over security-related ADRs, reference docs, and agent instructions.
|
|
37
|
-
3. Check `docs/references/traceability-matrix.md` for which docs govern the code under review.
|
|
37
|
+
3. Check the traceability matrix (`${paths.traceability_matrix}`, typically `docs/references/traceability-matrix.md`) for which docs govern the code under review; if absent, skip this step.
|
|
38
38
|
|
|
39
39
|
## Core Responsibilities
|
|
40
40
|
|
|
@@ -105,7 +105,48 @@ For each file, code block, PR, or diff you review:
|
|
|
105
105
|
|
|
106
106
|
## Output Format
|
|
107
107
|
|
|
108
|
-
|
|
108
|
+
You have TWO output modes. Detect which one your invocation prompt asks for.
|
|
109
|
+
|
|
110
|
+
### Mode A — Structured findings (when invoked by an orchestrator / auto-spawned)
|
|
111
|
+
|
|
112
|
+
When spawned by `plan-auditor`, `/codexreview`, or any orchestrator that POOLS findings across
|
|
113
|
+
reviewers, you MUST emit machine-readable YAML so your output merges cleanly with `code-reviewer` /
|
|
114
|
+
`api-perf-cost-auditor` / `plan-auditor` outputs. Emit every HIGH/MEDIUM finding in this exact shape
|
|
115
|
+
(this is the shared pooled schema; populate `source: security-reviewer` and leave fields you cannot
|
|
116
|
+
determine as `N/A` rather than dropping the finding):
|
|
117
|
+
|
|
118
|
+
```yaml
|
|
119
|
+
- finding_id: <CARD-ID-or-PR>-SEC-###
|
|
120
|
+
title: <one-line>
|
|
121
|
+
source: security-reviewer
|
|
122
|
+
category: security
|
|
123
|
+
target: <one of the orchestrator's TARGET TAG values, or "notes" for informational>
|
|
124
|
+
severity: BLOCKER | HIGH | MEDIUM | LOW
|
|
125
|
+
confidence: 0-100
|
|
126
|
+
evidence:
|
|
127
|
+
file: <path or "N/A">
|
|
128
|
+
lines: <range or "N/A">
|
|
129
|
+
quote: |
|
|
130
|
+
<exact code snippet, ≤8 lines>
|
|
131
|
+
cove_verified: true | false # true if you verified file/line via Glob/Grep/Read
|
|
132
|
+
repro_steps: <exploitation scenario — how an attacker reaches and triggers this>
|
|
133
|
+
expected_behavior: <the secure behavior>
|
|
134
|
+
actual_behavior: <the vulnerable behavior present in the code>
|
|
135
|
+
risk:
|
|
136
|
+
impact: 1-5
|
|
137
|
+
likelihood: 1-5
|
|
138
|
+
priority: <impact * likelihood>
|
|
139
|
+
recommendation: <concrete, minimal, production-ready fix; ≤3 sentences>
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
Map your severity labels to the pooled enum: Critical → `BLOCKER`, High → `HIGH`, Medium →
|
|
143
|
+
`MEDIUM`, Low/Informational → `LOW`. Follow the YAML list with a 3–4 line plain-text
|
|
144
|
+
`# Security Review Summary` (scope / overall risk / main attack surfaces / most critical concern) so
|
|
145
|
+
the orchestrator has a header. Do NOT emit the long markdown finding blocks in this mode.
|
|
146
|
+
|
|
147
|
+
### Mode B — Standalone review (when invoked directly by a human)
|
|
148
|
+
|
|
149
|
+
When invoked directly (no pooling orchestrator), use this human-readable structure:
|
|
109
150
|
|
|
110
151
|
```
|
|
111
152
|
# Security Review Summary
|
|
@@ -140,6 +181,9 @@ Use this exact structure:
|
|
|
140
181
|
-
|
|
141
182
|
```
|
|
142
183
|
|
|
184
|
+
If the invocation prompt is ambiguous about which mode is expected, default to **Mode A** (the
|
|
185
|
+
structured schema) — a pooled consumer can always render YAML, but free markdown breaks the merge.
|
|
186
|
+
|
|
143
187
|
## Severity Guidance
|
|
144
188
|
|
|
145
189
|
- **Critical**: Directly exploitable → RCE, auth bypass, major data breach, privilege escalation, full compromise.
|
|
@@ -150,29 +194,40 @@ Use this exact structure:
|
|
|
150
194
|
|
|
151
195
|
## Specific Vulnerability Checklist
|
|
152
196
|
|
|
153
|
-
Always check for:
|
|
197
|
+
Always check for (stack-agnostic core):
|
|
154
198
|
- Broken access control / missing authorization checks
|
|
155
|
-
- Insecure direct object references (
|
|
199
|
+
- Insecure direct object references (IDOR — any user-controllable record/object identifier)
|
|
156
200
|
- Hardcoded secrets / token leakage
|
|
157
|
-
- Sensitive data in logs or error responses (
|
|
201
|
+
- Sensitive data in logs or error responses (flag any error detail / stack trace leaked in 5xx)
|
|
158
202
|
- Weak password/session handling
|
|
159
203
|
- Missing rate limiting
|
|
160
204
|
- Missing input validation
|
|
161
205
|
- Path traversal / file upload dangers
|
|
162
206
|
- Shell/command injection
|
|
163
|
-
- NoSQL injection (
|
|
207
|
+
- SQL/NoSQL injection (parameterize all queries; never build queries by string concatenation)
|
|
164
208
|
- XSS (stored, reflected, DOM)
|
|
165
209
|
- CSRF weaknesses
|
|
166
210
|
- SSRF / open redirects
|
|
167
211
|
- Insecure CORS
|
|
168
|
-
- Race conditions / TOCTOU
|
|
212
|
+
- Race conditions / TOCTOU
|
|
169
213
|
- Multi-tenant isolation failures
|
|
170
|
-
- Firebase security rules gaps
|
|
171
214
|
- Webhook signature validation
|
|
172
215
|
- Debug endpoints in production
|
|
173
216
|
- Privilege escalation via business logic
|
|
174
217
|
- Dependency/supply-chain risks
|
|
175
|
-
- Overly broad IAM /
|
|
218
|
+
- Overly broad IAM / cloud permissions
|
|
219
|
+
|
|
220
|
+
**Persistence-layer checks (apply only the row matching `stack.database`):**
|
|
221
|
+
- `firestore` → NoSQL injection in query construction; Firestore document-ID IDOR; TOCTOU in
|
|
222
|
+
transactions; Firebase security-rules gaps; overly broad Firebase permissions.
|
|
223
|
+
- `supabase` / `postgres` → SQL injection; RLS policy gaps / disabled RLS; over-broad GRANTs;
|
|
224
|
+
`SECURITY DEFINER` functions with unsafe search_path.
|
|
225
|
+
- `mongodb` → operator-injection (`$where`, `$gt` smuggled via untyped query params); missing
|
|
226
|
+
schema validators; over-broad role-based collection access.
|
|
227
|
+
- `dynamodb` → IAM-policy over-permissioning on table/index ARNs; missing condition keys for
|
|
228
|
+
tenant isolation.
|
|
229
|
+
If `stack.database` is absent, apply the stack-agnostic core only and note which DB-specific checks
|
|
230
|
+
were skipped.
|
|
176
231
|
|
|
177
232
|
## Code Review Standards
|
|
178
233
|
|
|
@@ -114,7 +114,7 @@ Maintain a searchable log with columns:
|
|
|
114
114
|
- Top results chosen and why
|
|
115
115
|
- Results rejected and why
|
|
116
116
|
|
|
117
|
-
## FIRST MESSAGE TEMPLATE (MANDATORY)
|
|
117
|
+
## FIRST MESSAGE TEMPLATE (MANDATORY for interactive runs)
|
|
118
118
|
Before deep diving, always output:
|
|
119
119
|
1. **Restatement** of the topic (2–4 lines)
|
|
120
120
|
2. **Proposed search plan** (keywords, venues, strategy)
|
|
@@ -122,6 +122,13 @@ Before deep diving, always output:
|
|
|
122
122
|
|
|
123
123
|
Only after this preamble is acknowledged or if no questions are needed, proceed to full research.
|
|
124
124
|
|
|
125
|
+
**Background runs — skip the preamble.** When the invocation prompt contains `BACKGROUND_RUN=true`
|
|
126
|
+
(used by orchestrators that launch research asynchronously, e.g. /prd Research Step 2.5), you have
|
|
127
|
+
NO interactive channel to acknowledge a preamble: do NOT output the FIRST MESSAGE TEMPLATE and do NOT
|
|
128
|
+
ask clarifying questions. Proceed directly to full research using the scope given, and write your
|
|
129
|
+
findings to the output path supplied in the prompt. Asking questions in a background run would block
|
|
130
|
+
the run forever.
|
|
131
|
+
|
|
125
132
|
## FORMATTING RULES
|
|
126
133
|
- Use Markdown throughout.
|
|
127
134
|
- Section IDs use the format `§N` or `§N.M` (e.g., `§4.2`).
|
|
@@ -1,12 +1,20 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: ui-expert
|
|
3
3
|
description: "Design and review UI/UX for your project. For new components, pages, or design reviews."
|
|
4
|
-
model:
|
|
4
|
+
model: opus
|
|
5
5
|
color: purple
|
|
6
6
|
---
|
|
7
7
|
|
|
8
8
|
You are a UI/UX expert specializing in design systems, mobile-first responsive design, and conversion-focused interfaces.
|
|
9
9
|
|
|
10
|
+
**Role & write capability.** You are both a UI/UX reviewer AND the implementer
|
|
11
|
+
of UI-scoped work. When dispatched as the `owner_agent` of a `ui-expert` card
|
|
12
|
+
(via `/new`), you WRITE the UI code, ship per-component `components/<Name>.md`
|
|
13
|
+
specs, and reconcile `tokens-reference.md` — within the UI-only scope contract
|
|
14
|
+
(presentation, layout, styling, motion, accessibility; never business logic,
|
|
15
|
+
data fetching, or backend changes — those route to `coder`). This matches the
|
|
16
|
+
REGISTRY "Can Edit Code: Yes" capability for ui-expert.
|
|
17
|
+
|
|
10
18
|
## Project Context
|
|
11
19
|
|
|
12
20
|
**Reads from `baldart.config.yml`:**
|
|
@@ -221,13 +229,20 @@ building or reviewing production surfaces.
|
|
|
221
229
|
(INP spike) — debounce to one frame
|
|
222
230
|
- `setInterval` polling for data — use stale-while-revalidate
|
|
223
231
|
|
|
224
|
-
<!-- PROJECT CONTEXT: Customize this section for your project -->
|
|
225
232
|
## Project Terminology (Use Exactly)
|
|
226
233
|
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
-
|
|
234
|
+
Project-specific terminology is NOT hard-coded here. Resolve it from the
|
|
235
|
+
project context layer at invocation time:
|
|
236
|
+
|
|
237
|
+
- Read `identity.audience_segments` and any terminology keys from
|
|
238
|
+
`baldart.config.yml`, plus the opinionated term list in
|
|
239
|
+
`.baldart/overlays/agents/ui-expert.md § [APPEND] Project Terminology`
|
|
240
|
+
when present.
|
|
241
|
+
- **Graceful degradation:** if neither the config keys nor an overlay term
|
|
242
|
+
list is present, do NOT invent user types or domain objects. Use neutral,
|
|
243
|
+
generic labels (e.g. "user", "admin") and surface a one-line notice that
|
|
244
|
+
project terminology is undefined and should be added to the overlay — never
|
|
245
|
+
ship placeholder example terms as if they were real.
|
|
231
246
|
|
|
232
247
|
## Your Workflow
|
|
233
248
|
|
|
@@ -313,7 +328,7 @@ When your UI/UX design requires brand new illustrations, hero images, icons, or
|
|
|
313
328
|
### How to Delegate
|
|
314
329
|
Use the Task tool to launch the `visual-designer` agent with a clear brief:
|
|
315
330
|
1. Describe the visual asset needed (type, purpose, placement)
|
|
316
|
-
2. Reference the style guidelines (
|
|
331
|
+
2. Reference the style guidelines (`${paths.ui_guidelines}`)
|
|
317
332
|
3. Provide any brand colors if applicable
|
|
318
333
|
4. Define dimensions or aspect ratios if known
|
|
319
334
|
5. Explain the context where the asset will be used
|
|
@@ -19,14 +19,20 @@ Read each card from `/backlog/*.yml` to understand scope, requirements, acceptan
|
|
|
19
19
|
|
|
20
20
|
## Step 2 — Choose Audit Profile
|
|
21
21
|
|
|
22
|
-
Ask the user which audit profile to apply:
|
|
23
|
-
|
|
24
22
|
| Profile | Agents launched in parallel |
|
|
25
23
|
|---------|----------------------------|
|
|
26
24
|
| **Code + Performance** | plan-auditor, code-reviewer, doc-reviewer, api-perf-cost-auditor |
|
|
27
25
|
| **Code** | plan-auditor, code-reviewer, doc-reviewer |
|
|
28
26
|
|
|
29
|
-
|
|
27
|
+
**Default (no prompt needed):** choose **Code + Performance** when any card in scope has an
|
|
28
|
+
API/performance-sensitive surface — i.e. its `areas` includes `api` or `data`, or its
|
|
29
|
+
`files_likely_touched` includes API-route / data-access / query paths. Otherwise default to **Code**.
|
|
30
|
+
Announce the chosen profile and proceed — this keeps `/check` runnable autonomously (e.g. triggered
|
|
31
|
+
programmatically before development) without a human-in-the-loop on every run.
|
|
32
|
+
|
|
33
|
+
Only prompt with `AskUserQuestion` (the two options above) when `/check` is invoked interactively AND
|
|
34
|
+
the heuristic is ambiguous (e.g. mixed scope where the perf-sensitivity of the cards is unclear). A
|
|
35
|
+
human-present run may still override the default by passing the profile explicitly.
|
|
30
36
|
|
|
31
37
|
## Step 3 — Gather Context (lightweight)
|
|
32
38
|
|
|
@@ -51,6 +57,11 @@ Use `TaskCreate` to create one task per audit agent per card. Structure:
|
|
|
51
57
|
|
|
52
58
|
- For **N cards x M agents**, create **N x M tasks** (e.g., 5 cards x 4 agents = 20 tasks).
|
|
53
59
|
- Each task subject: `[CARD-ID] <agent-type> audit`
|
|
60
|
+
- **Set the owner/assignee on each task to its audit agent's teammate name** (the `Teammate name`
|
|
61
|
+
from the mapping in 4c) — this is the claim/lock. Each teammate processes ONLY tasks owned by it;
|
|
62
|
+
it never claims a task already owned by another teammate. If `TaskCreate` cannot set an owner at
|
|
63
|
+
creation, the teammate MUST claim atomically: skip any task whose owner is already set to a
|
|
64
|
+
different teammate, and refuse to start a task it has not successfully claimed.
|
|
54
65
|
- Each task description: contains the full card YAML content + file paths to read + PRD path + instructions.
|
|
55
66
|
|
|
56
67
|
**IMPORTANT**: Embed the full card YAML content directly in the task description so agents don't need to re-read it. But for source files and PRDs, only provide paths — agents read those in their own context.
|
|
@@ -79,14 +90,18 @@ Launch ALL teammates in a single message (parallel tool calls).
|
|
|
79
90
|
Each teammate receives this prompt:
|
|
80
91
|
|
|
81
92
|
```
|
|
82
|
-
You are the {AGENT_ROLE} for a pre-development audit team ("check-audit").
|
|
93
|
+
You are the {AGENT_ROLE} (teammate name "{TEAMMATE_NAME}") for a pre-development audit team ("check-audit").
|
|
83
94
|
|
|
84
95
|
## Your workflow
|
|
85
96
|
|
|
86
|
-
1. Call `TaskList`
|
|
87
|
-
|
|
97
|
+
1. Call `TaskList` and select ONLY the tasks whose owner/assignee is you ("{TEAMMATE_NAME}"); if the
|
|
98
|
+
task store does not expose an owner field, fall back to matching the `<agent-type>` token in the
|
|
99
|
+
task subject to your role. Ignore every other task — it belongs to another teammate.
|
|
100
|
+
2. For each of YOUR tasks (in ID order):
|
|
88
101
|
a. Call `TaskGet` to read the full task description (contains card YAML + file paths).
|
|
89
|
-
b.
|
|
102
|
+
b. **Claim it**: mark task as `in_progress` via `TaskUpdate`. If `TaskGet` shows it is already
|
|
103
|
+
`in_progress` or `completed` (another agent got it first), SKIP it — never re-process a claimed
|
|
104
|
+
task.
|
|
90
105
|
c. Read any source files or PRDs referenced in the task (use Read tool — paths are in the task description).
|
|
91
106
|
d. Perform your audit (see audit instructions below).
|
|
92
107
|
e. **Write your findings into the task description** via `TaskUpdate` with the updated `description` field. Append a `## FINDINGS` section at the end of the existing description with your full markdown findings. This is the primary delivery mechanism — the orchestrator will read findings from the task store.
|
|
@@ -163,7 +178,7 @@ Wait for all teammates to complete their tasks, then **read findings from the ta
|
|
|
163
178
|
...
|
|
164
179
|
```
|
|
165
180
|
|
|
166
|
-
**CRITICAL — Persist report to file before proceeding.** After consolidating the report, write it to `/tmp/check-audit-report-{
|
|
181
|
+
**CRITICAL — Persist report to file before proceeding.** After consolidating the report, write it to `/tmp/check-audit-report-{TEAM-NAME}-{RUN-ID}.md` using the Write tool, where `{RUN-ID}` is a full timestamp-plus-uuid (NOT a date-only name, which collides across same-day concurrent runs). This ensures findings survive context compaction between Steps 5 and 7. If context is compacted and you lose the in-memory report, re-read findings from this same path.
|
|
167
182
|
|
|
168
183
|
Present this consolidated report to the user.
|
|
169
184
|
|
|
@@ -175,7 +190,7 @@ Use `SendMessage` with `type: "shutdown_request"` to gracefully shut down all te
|
|
|
175
190
|
|
|
176
191
|
**Goal**: Transform each card from "audited" to "implementation-ready" by editing its structured YAML fields directly. Do not just append a checklist to `notes`.
|
|
177
192
|
|
|
178
|
-
**Read findings from the persisted report file** (`/tmp/check-audit-report-{
|
|
193
|
+
**Read findings from the persisted report file** (the exact `/tmp/check-audit-report-{TEAM-NAME}-{RUN-ID}.md` path written in Step 5) rather than from context memory.
|
|
179
194
|
|
|
180
195
|
### 7a. Field mapping rules
|
|
181
196
|
|
|
@@ -189,7 +204,7 @@ For each finding in the report, apply edits to the card YAML based on the `[Targ
|
|
|
189
204
|
| `[Target: files_likely_touched]` | `files_likely_touched` | Append the missing file path. Never duplicate an existing path. |
|
|
190
205
|
| `[Target: depends_on]` | `depends_on` | Append the missing card ID to the list. |
|
|
191
206
|
| `[Target: areas]` | `areas` | Add the missing area key/value (e.g., `docs: [path]`). |
|
|
192
|
-
| `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from <base-branch>` (derive slug from card title). |
|
|
207
|
+
| `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from <base-branch>` (derive slug from card title; resolve `<base-branch>` from `git.trunk_branch` in `baldart.config.yml`, or autodetect if absent). |
|
|
193
208
|
| `[Target: unknowns]` | `unknowns` | Append a new `[U-N] UNKNOWN: ...` entry if the finding surfaces a genuine unknown. |
|
|
194
209
|
| `[Target: notes]` | `notes` | Do NOT edit structured fields — collect these into the audit trail summary only (Step 7b). |
|
|
195
210
|
|
|
@@ -222,7 +237,12 @@ For each card:
|
|
|
222
237
|
|
|
223
238
|
## Step 8 — Commit
|
|
224
239
|
|
|
225
|
-
1.
|
|
240
|
+
1. Validate ONLY the files you changed. `/check` edits backlog card YAML (and at most a note line) —
|
|
241
|
+
it never touches application code, so running the project's lint/build (which may require compiled
|
|
242
|
+
assets, a database, or env vars) here would fail spuriously and block the commit for no benefit.
|
|
243
|
+
Instead, run the cheap, meaningful check: markdownlint / a YAML parse on the modified card files
|
|
244
|
+
(e.g. `npx markdownlint-cli2 <changed .md>` and/or a `js-yaml` / `yq` parse of each changed `.yml`)
|
|
245
|
+
to confirm they are well-formed. If a check is unavailable, note it and proceed.
|
|
226
246
|
2. Stage only the modified backlog card files.
|
|
227
247
|
3. Commit with message: `[CARD-ID] Apply pre-dev audit findings from /check`.
|
|
228
248
|
4. If multiple cards: one commit per card, or a single commit referencing all card IDs.
|
|
@@ -21,8 +21,12 @@ If `/codexreview` is invoked **without card IDs**, infer them from context in th
|
|
|
21
21
|
2. **In-progress backlog cards**: run `grep -rl "status: IN_PROGRESS" /backlog/*.yml` and read their `id` fields.
|
|
22
22
|
3. **Current branch name**: parse the branch name (e.g. `feat/FEAT-0123-slug` → `FEAT-0123`).
|
|
23
23
|
|
|
24
|
+
The patterns above (`FEAT-`, `BUG-`, `TECH-`, `UI-`) are BALDART's default taxonomy; consumer
|
|
25
|
+
projects with a different convention (e.g. JIRA-style `PROJ-123`) should extend the match list to
|
|
26
|
+
their own prefixes. If 0 IDs match, fall through to `AskUserQuestion` rather than guessing.
|
|
27
|
+
|
|
24
28
|
Deduplicate, then:
|
|
25
|
-
- If exactly 1–3 cards are inferred: announce them ("Inferred cards from context: FEAT-XXXX, FEAT-YYYY") and proceed.
|
|
29
|
+
- If exactly 1–3 cards are inferred: announce them ("Inferred cards from context: FEAT-XXXX, FEAT-YYYY") and proceed. [DESIGN-CHOICE: cap at 3 to prevent token-budget saturation in a single orchestrator context; larger batch should be split into separate runs]
|
|
26
30
|
- If 0 or more than 3 are inferred: ask the user to specify which cards to review using `AskUserQuestion`. Do not guess.
|
|
27
31
|
|
|
28
32
|
---
|
|
@@ -52,17 +56,17 @@ For the (single) card in scope, check for `/tmp/codexreview-lean-<CARD-ID>.json`
|
|
|
52
56
|
- `arch_baseline_path` readable → **skip Step 1** (do NOT re-spawn `codebase-architect`); load the
|
|
53
57
|
baseline from that file and ALSO attach the `diff_summary_path` contents to every review agent so
|
|
54
58
|
they see what changed against the existing-architecture map. *(A1)*
|
|
55
|
-
- `skip_doc_reviewer: true` → **omit agent #
|
|
59
|
+
- `skip_doc_reviewer: true` → **omit agent #3 (`doc-reviewer`)** in Step 2. Doc concerns are covered
|
|
56
60
|
by `/new` Phase 3, which runs `doc-reviewer` (with the spec/docs-drift lens) on the same diff
|
|
57
61
|
immediately before this gate. *(A2)*
|
|
58
|
-
- `profile: "light"` → ALSO omit agent #2 (`
|
|
59
|
-
**agent #
|
|
62
|
+
- `profile: "light"` → ALSO omit agent #2 (`api-perf-cost-auditor`),
|
|
63
|
+
**agent #4 (Codex adversarial)** (since v3.38.0), and **skip Step 3.5 (CoVe)**. Only agent #1
|
|
60
64
|
(`code-reviewer`) and the Step 3 false-positive gate run. The Codex adversarial pass is the
|
|
61
65
|
prerogative of `full` and of the final cross-check — every `light` card's code is still reviewed
|
|
62
66
|
by Codex adversarial at the unconditional Final-review FULL gate before merge (see `/new`
|
|
63
67
|
"Final-review FULL gate"), and any high-risk diff trigger escalates the card to `full` per-card
|
|
64
68
|
so it gets Codex adversarial immediately. *(B1)*
|
|
65
|
-
- `profile: "full"` (or missing) → full agent set incl. Codex adversarial, minus #
|
|
69
|
+
- `profile: "full"` (or missing) → full agent set incl. Codex adversarial, minus #3 if `skip_doc_reviewer`.
|
|
66
70
|
|
|
67
71
|
**Invariant**: lean mode NEVER suppresses the run itself — at minimum `code-reviewer` + the Step 3
|
|
68
72
|
FP-gate execute on every card (`light`); `full` additionally runs the Codex adversarial pass. If the
|
|
@@ -83,9 +87,9 @@ For each provided card ID:
|
|
|
83
87
|
- `acceptance_criteria`
|
|
84
88
|
- `entrypoints`
|
|
85
89
|
- `files_likely_touched` (if present)
|
|
86
|
-
3. Gather git evidence:
|
|
90
|
+
3. Gather git evidence (resolve `<trunk>` from `git.trunk_branch` in `baldart.config.yml`; if absent, autodetect the integration branch):
|
|
87
91
|
- `git log --oneline --all --grep "<CARD-ID>"`
|
|
88
|
-
- `git diff --name-only
|
|
92
|
+
- `git diff --name-only <trunk>...HEAD` (fallback to `git diff --name-only HEAD~1`)
|
|
89
93
|
4. Build `review_scope_files` as union of card-indicated files + git-touched files.
|
|
90
94
|
5. Persist scope context to `/tmp/codexreview-<CARD-ID>-scope.md`.
|
|
91
95
|
|
|
@@ -131,29 +135,32 @@ Defaults per agent (override only if scope is unusually small/large):
|
|
|
131
135
|
| Agent | file_reads | bash_calls | search_docs |
|
|
132
136
|
|---|---|---|---|
|
|
133
137
|
| `code-reviewer` | 15 | 25 | 5 |
|
|
134
|
-
| `qa-sentinel` | 15 | 25 | 5 |
|
|
135
138
|
| `api-perf-cost-auditor` | 15 | 25 | 5 |
|
|
136
139
|
| `doc-reviewer` | 20 | 25 | 8 |
|
|
137
140
|
|
|
138
|
-
Codex (agent #
|
|
141
|
+
Codex (agent #4, via Bash + companion script) does NOT receive this block — it manages its own context.
|
|
139
142
|
|
|
140
143
|
### Agents
|
|
141
144
|
|
|
142
145
|
Launch these agents in parallel for each card:
|
|
143
146
|
|
|
144
147
|
1. `code-reviewer` — functional bugs, regressions, logic flaws
|
|
145
|
-
2. `
|
|
146
|
-
3. `
|
|
147
|
-
4.
|
|
148
|
-
|
|
148
|
+
2. `api-perf-cost-auditor` — API/data/performance/cost defects
|
|
149
|
+
3. `doc-reviewer` — spec/docs drift that can cause incorrect behavior
|
|
150
|
+
4. **Codex (a non-Anthropic frontier reviewer, e.g. `gpt-5`)** — adversarial review via `codex-companion.mjs`
|
|
151
|
+
|
|
152
|
+
> `qa-sentinel` is intentionally NOT in this set. It is a mechanical gate-runner (lint / tsc / tests /
|
|
153
|
+
> build / audit → PASS/FAIL); it cannot read source files or perform the source-level review this step
|
|
154
|
+
> requires. Gate-running for the card happens in the QA flow, not in this deep-review parallel set.
|
|
149
155
|
|
|
150
156
|
> **Lean agent set (Step -0.5)**: when a contract file is active, launch only the agents the resolved
|
|
151
|
-
> mode permits — `skip_doc_reviewer` omits #
|
|
152
|
-
> (Codex adversarial)** (since v3.38.0). At `light`, only agent #1
|
|
153
|
-
> Step 3 FP-gate). At `full` (and in full mode with no contract
|
|
154
|
-
> included). The standalone `/codexreview <CARD-ID>` invocation (no
|
|
157
|
+
> mode permits — `skip_doc_reviewer` omits #3 (`doc-reviewer`); `profile: light` additionally omits #2
|
|
158
|
+
> (`api-perf-cost-auditor`) AND **#4 (Codex adversarial)** (since v3.38.0). At `light`, only agent #1
|
|
159
|
+
> (`code-reviewer`) launches (+ the Step 3 FP-gate). At `full` (and in full mode with no contract
|
|
160
|
+
> file), launch all four (Codex #4 included). The standalone `/codexreview <CARD-ID>` invocation (no
|
|
161
|
+
> contract) is always full.
|
|
155
162
|
|
|
156
|
-
**Codex invocation rules (agent #
|
|
163
|
+
**Codex invocation rules (agent #4):**
|
|
157
164
|
|
|
158
165
|
Codex is NOT invoked via the `Agent` tool (the `codex:codex-rescue` subagent_type is not registered in the harness). Instead, invoke it directly with Bash:
|
|
159
166
|
|
|
@@ -164,12 +171,21 @@ node "$PLUGIN_ROOT/scripts/codex-companion.mjs" task \
|
|
|
164
171
|
--wait
|
|
165
172
|
```
|
|
166
173
|
|
|
167
|
-
-
|
|
174
|
+
- **Path-safety (MUST)**: the `<file list>` is built from `review_scope_files` (card-indicated +
|
|
175
|
+
git-touched paths). Before interpolating any path into a shell command, pass each path as a
|
|
176
|
+
separate, properly-quoted argument — never splice an unvalidated, unquoted path into a command
|
|
177
|
+
string, and never feed the list through `xargs -I{} git show HEAD:{}` (an unquoted `{}` lets a
|
|
178
|
+
crafted path inject shell metacharacters). When you must read a tree blob, validate the path
|
|
179
|
+
against `review_scope_files` and quote it (`git show "HEAD:$path"` with `$path` from a vetted
|
|
180
|
+
array), or read the working-tree file directly with the `Read` tool.
|
|
181
|
+
- Use `--wait` to get results synchronously in the same turn. Run this Codex call ONLY as a
|
|
182
|
+
foreground `--wait` invocation — do NOT also pass it to `run_in_background` in the same call;
|
|
183
|
+
`--wait` already blocks for the synchronous result and the two are mutually exclusive.
|
|
168
184
|
- The `PLUGIN_ROOT` discovery handles version upgrades automatically.
|
|
169
185
|
- Capture stdout verbatim in a `codex_raw_output` field, then normalize each Codex finding into the schema.
|
|
170
|
-
- If Codex exits non-zero or the script is not found, log `CODEX_UNAVAILABLE` with the error and continue with the remaining
|
|
186
|
+
- If Codex exits non-zero or the script is not found, log `CODEX_UNAVAILABLE` with the error and continue with the remaining 3 agents. Do not block the run.
|
|
171
187
|
|
|
172
|
-
Each agent (1–
|
|
188
|
+
Each agent (1–3) MUST return findings using this schema:
|
|
173
189
|
|
|
174
190
|
- `finding_id`: unique ID (`<CARD-ID>-F###`)
|
|
175
191
|
- `title`
|
|
@@ -182,7 +198,7 @@ Each agent (1–4) MUST return findings using this schema:
|
|
|
182
198
|
- `risk_if_unfixed`
|
|
183
199
|
- `minimal_fix_direction`
|
|
184
200
|
|
|
185
|
-
Codex findings (agent #
|
|
201
|
+
Codex findings (agent #4) are normalized into the same schema after capture, with `source: "codex"` appended.
|
|
186
202
|
|
|
187
203
|
No generic findings allowed. Every finding must have concrete evidence.
|
|
188
204
|
|
|
@@ -190,10 +206,10 @@ No generic findings allowed. Every finding must have concrete evidence.
|
|
|
190
206
|
|
|
191
207
|
## Step 3 — Mandatory False-Positive Check
|
|
192
208
|
|
|
193
|
-
Collect all findings from Step 2 — including normalized Codex findings — into a single pool, then run independent validation in parallel for each finding:
|
|
209
|
+
Collect all findings from Step 2 — including normalized Codex findings — into a single pool, then run independent validation in parallel for each finding. Both validators must be **code-aware** (able to read the source and reason about the claimed behavior) — `qa-sentinel` is excluded here because it is a mechanical gate-runner that cannot read source files:
|
|
194
210
|
|
|
195
|
-
1.
|
|
196
|
-
2. Behavior validator: `
|
|
211
|
+
1. Path/pattern validator: `codebase-architect` — confirms the cited file/symbol exists and the structural claim holds.
|
|
212
|
+
2. Behavior validator: `code-reviewer` — reads the cited code and confirms or refutes the claimed runtime behavior.
|
|
197
213
|
|
|
198
214
|
Classify each finding strictly as:
|
|
199
215
|
|
|
@@ -215,8 +231,8 @@ Only `VERIFIED` findings can be reported as bugs.
|
|
|
215
231
|
|
|
216
232
|
After Step 3 false-positive gating, the orchestrator runs ONE additional Chain-of-Verification pass on the consolidated VERIFIED pool. This catches two failure modes the per-agent CoVe doesn't:
|
|
217
233
|
|
|
218
|
-
1. **Cross-agent echo
|
|
219
|
-
2. **Undetected ripple effects**: a VERIFIED finding is real but its scope is wider than reported (e.g. "missing
|
|
234
|
+
1. **Cross-agent echo hallucination**: 2+ agents independently produce the same hallucinated finding (e.g. wrong file path that "looks plausible") and reinforce each other through Step 3 cross-validation.
|
|
235
|
+
2. **Undetected ripple effects**: a VERIFIED finding is real but its scope is wider than reported (e.g. "an authz guard is missing on route X" is true, but routes Y and Z have the same gap and weren't flagged).
|
|
220
236
|
|
|
221
237
|
### Procedure
|
|
222
238
|
|
|
@@ -224,7 +240,7 @@ For each VERIFIED finding in the pool, generate ONE residual verification questi
|
|
|
224
240
|
|
|
225
241
|
> "If this finding is true, which OTHER file or function SHOULD also be modified and is not currently flagged?"
|
|
226
242
|
|
|
227
|
-
Execute targeted grep/read commands (max 10 total across all findings — shared budget). Two outcomes:
|
|
243
|
+
Execute targeted grep/read commands (max 10 total across all findings — shared budget [DESIGN-CHOICE: limits CoVe cost to a bounded constant regardless of finding count; findings not reached are tagged `cove_unverified`]). Two outcomes:
|
|
228
244
|
|
|
229
245
|
- **Verification expands the finding**: append a `ripple_files: [<paths>]` field to the finding's evidence, and bump severity by one level if ≥2 ripple files found. Note: `[ripple-expanded]` tag.
|
|
230
246
|
- **Verification disproves the finding**: cross-validators were both fooled. Move the finding to `Hallucinated findings dropped (post-validation CoVe)` with the falsifying evidence quoted. Do NOT report as a bug.
|
|
@@ -239,7 +255,10 @@ Execute targeted grep/read commands (max 10 total across all findings — shared
|
|
|
239
255
|
|
|
240
256
|
## Step 4 — Final Report
|
|
241
257
|
|
|
242
|
-
Write one consolidated report per run to `/tmp/codexreview-report-<
|
|
258
|
+
Write one consolidated report per run to `/tmp/codexreview-report-<CARD-ID>-<RUN-ID>.md`, where
|
|
259
|
+
`<RUN-ID>` is a full timestamp-plus-uuid (e.g. `20260601T142233Z-a1b2c3`) — a date-only name collides
|
|
260
|
+
across same-day concurrent runs. Return this exact path to the caller; downstream consumers must use
|
|
261
|
+
the returned path, never reconstruct it via wildcard/timestamp guess.
|
|
243
262
|
|
|
244
263
|
Report structure:
|
|
245
264
|
|