baldart 3.41.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/CHANGELOG.md +47 -0
  2. package/VERSION +1 -1
  3. package/framework/.claude/agents/REGISTRY.md +72 -24
  4. package/framework/.claude/agents/api-perf-cost-auditor.md +17 -10
  5. package/framework/.claude/agents/code-reviewer.md +31 -24
  6. package/framework/.claude/agents/codebase-architect.md +47 -43
  7. package/framework/.claude/agents/coder.md +29 -18
  8. package/framework/.claude/agents/doc-reviewer.md +57 -30
  9. package/framework/.claude/agents/plan-auditor.md +85 -20
  10. package/framework/.claude/agents/prd-card-writer.md +44 -14
  11. package/framework/.claude/agents/prd.md +22 -3
  12. package/framework/.claude/agents/qa-sentinel.md +33 -15
  13. package/framework/.claude/agents/security-reviewer.md +65 -10
  14. package/framework/.claude/agents/senior-researcher.md +8 -1
  15. package/framework/.claude/agents/ui-expert.md +22 -7
  16. package/framework/.claude/commands/check.md +31 -11
  17. package/framework/.claude/commands/codexreview.md +48 -29
  18. package/framework/.claude/commands/new.md +29 -330
  19. package/framework/.claude/commands/qa.md +57 -37
  20. package/framework/.claude/skills/api-design-principles/SKILL.md +2 -2
  21. package/framework/.claude/skills/bug/SKILL.md +8 -8
  22. package/framework/.claude/skills/bug/references/logging-patterns.md +8 -2
  23. package/framework/.claude/skills/context-primer/SKILL.md +29 -8
  24. package/framework/.claude/skills/doc-writing-for-rag/SKILL.md +36 -36
  25. package/framework/.claude/skills/frontend-design/SKILL.md +10 -8
  26. package/framework/.claude/skills/new/SKILL.md +409 -302
  27. package/framework/.claude/skills/prd/SKILL.md +67 -38
  28. package/framework/.claude/skills/prd/assets/card-template.yml +22 -26
  29. package/framework/.claude/skills/prd/assets/epic-template.yml +5 -5
  30. package/framework/.claude/skills/prd/assets/prd-template.md +1 -1
  31. package/framework/.claude/skills/prd/assets/state-template.md +25 -3
  32. package/framework/.claude/skills/prd/references/api-perf-gate.md +143 -33
  33. package/framework/.claude/skills/prd/references/audit-phase.md +48 -34
  34. package/framework/.claude/skills/prd/references/backlog-phase.md +38 -11
  35. package/framework/.claude/skills/prd/references/discovery-phase.md +121 -44
  36. package/framework/.claude/skills/prd/references/impact-analysis.md +127 -23
  37. package/framework/.claude/skills/prd/references/prd-add-phase.md +18 -214
  38. package/framework/.claude/skills/prd/references/prd-writing-phase.md +52 -42
  39. package/framework/.claude/skills/prd/references/research-phase.md +105 -19
  40. package/framework/.claude/skills/prd/references/ui-design-phase.md +20 -8
  41. package/framework/.claude/skills/prd/references/validation-phase.md +97 -72
  42. package/framework/.claude/skills/prd-add/SKILL.md +70 -20
  43. package/framework/.claude/skills/simplify/SKILL.md +22 -12
  44. package/framework/.claude/skills/ui-design/SKILL.md +26 -7
  45. package/framework/.claude/skills/webapp-testing/SKILL.md +6 -4
  46. package/framework/.claude/skills/worktree-manager/SKILL.md +206 -143
  47. package/framework/agents/coding-standards.md +85 -0
  48. package/framework/agents/skills-mapping.md +85 -82
  49. package/framework/agents/testing.md +6 -4
  50. package/framework/templates/baldart.config.template.yml +29 -7
  51. package/package.json +1 -1
  52. package/src/commands/configure.js +43 -9
  53. package/framework/.claude/skills/prd-add/references/impact-analysis.md +0 -233
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: security-reviewer
3
- description: "Use this agent when code needs a security review, when reviewing PRs/diffs for security implications, when designing authentication/authorization flows, when handling secrets or sensitive data, when reviewing API endpoints, when evaluating dependency security, or when assessing cloud/infra configurations for security risks. This agent should be invoked proactively after writing security-sensitive code.\\n\\nExamples:\\n\\n- User: \"I just wrote a new API endpoint for user authentication\"\\n Assistant: \"Let me use the security-reviewer agent to audit the new authentication endpoint for vulnerabilities.\"\\n (Since a security-sensitive endpoint was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Review this PR for the payment processing feature\"\\n Assistant: \"I'll launch the security-reviewer agent to perform a thorough security audit of the payment processing changes.\"\\n (Since payment code touches sensitive financial data, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I added a file upload handler to the merchant dashboard\"\\n Assistant: \"File uploads are a high-risk attack surface. Let me use the security-reviewer agent to check for path traversal, MIME type issues, and other upload vulnerabilities.\"\\n (Since file upload code was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Can you check if our Firestore security rules are properly configured?\"\\n Assistant: \"I'll use the security-reviewer agent to audit the Firestore rules for broken access control and data exposure risks.\"\\n (Since the user is asking about security configuration, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I just implemented the session handling with Safari ITP fallback\"\\n Assistant: \"Session handling is security-critical. Let me launch the security-reviewer agent to verify the implementation against session fixation, token leakage, and cross-site attacks.\"\\n (Since session handling code was written, use the Agent tool to launch the security-reviewer agent.)"
3
+ description: "Use this agent when code needs a security review, when reviewing PRs/diffs for security implications, when designing authentication/authorization flows, when handling secrets or sensitive data, when reviewing API endpoints, when evaluating dependency security, or when assessing cloud/infra configurations for security risks. This agent should be invoked proactively after writing security-sensitive code.\\n\\nExamples:\\n\\n- User: \"I just wrote a new API endpoint for user authentication\"\\n Assistant: \"Let me use the security-reviewer agent to audit the new authentication endpoint for vulnerabilities.\"\\n (Since a security-sensitive endpoint was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Review this PR for the payment processing feature\"\\n Assistant: \"I'll launch the security-reviewer agent to perform a thorough security audit of the payment processing changes.\"\\n (Since payment code touches sensitive financial data, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I added a file upload handler to the dashboard\"\\n Assistant: \"File uploads are a high-risk attack surface. Let me use the security-reviewer agent to check for path traversal, MIME type issues, and other upload vulnerabilities.\"\\n (Since file upload code was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Can you check if our database access-control rules are properly configured?\"\\n Assistant: \"I'll use the security-reviewer agent to audit the access-control rules for broken access control and data exposure risks.\"\\n (Since the user is asking about security configuration, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I just implemented the session handling with Safari ITP fallback\"\\n Assistant: \"Session handling is security-critical. Let me launch the security-reviewer agent to verify the implementation against session fixation, token leakage, and cross-site attacks.\"\\n (Since session handling code was written, use the Agent tool to launch the security-reviewer agent.)"
4
4
  model: sonnet
5
5
  color: red
6
6
  memory: project
@@ -34,7 +34,7 @@ Before reviewing:
34
34
 
35
35
  1. Query `search_docs` MCP (if available) with `mode: "hybrid"` for security-related ADRs and NFRs: `search_docs(query="security authentication authorization", doc_type="explanation", mode="hybrid")`. Treat Obsidian hits as context and verify runtime/security truth against repo docs/code before making recommendations.
36
36
  2. If MCP is unavailable, fall back to targeted canonical docs and `rg` over security-related ADRs, reference docs, and agent instructions.
37
- 3. Check `docs/references/traceability-matrix.md` for which docs govern the code under review.
37
+ 3. Check the traceability matrix (`${paths.traceability_matrix}`, typically `docs/references/traceability-matrix.md`) for which docs govern the code under review; if absent, skip this step.
38
38
 
39
39
  ## Core Responsibilities
40
40
 
@@ -105,7 +105,48 @@ For each file, code block, PR, or diff you review:
105
105
 
106
106
  ## Output Format
107
107
 
108
- Use this exact structure:
108
+ You have TWO output modes. Detect which one your invocation prompt asks for.
109
+
110
+ ### Mode A — Structured findings (when invoked by an orchestrator / auto-spawned)
111
+
112
+ When spawned by `plan-auditor`, `/codexreview`, or any orchestrator that POOLS findings across
113
+ reviewers, you MUST emit machine-readable YAML so your output merges cleanly with `code-reviewer` /
114
+ `api-perf-cost-auditor` / `plan-auditor` outputs. Emit every HIGH/MEDIUM finding in this exact shape
115
+ (this is the shared pooled schema; populate `source: security-reviewer` and leave fields you cannot
116
+ determine as `N/A` rather than dropping the finding):
117
+
118
+ ```yaml
119
+ - finding_id: <CARD-ID-or-PR>-SEC-###
120
+ title: <one-line>
121
+ source: security-reviewer
122
+ category: security
123
+ target: <one of the orchestrator's TARGET TAG values, or "notes" for informational>
124
+ severity: BLOCKER | HIGH | MEDIUM | LOW
125
+ confidence: 0-100
126
+ evidence:
127
+ file: <path or "N/A">
128
+ lines: <range or "N/A">
129
+ quote: |
130
+ <exact code snippet, ≤8 lines>
131
+ cove_verified: true | false # true if you verified file/line via Glob/Grep/Read
132
+ repro_steps: <exploitation scenario — how an attacker reaches and triggers this>
133
+ expected_behavior: <the secure behavior>
134
+ actual_behavior: <the vulnerable behavior present in the code>
135
+ risk:
136
+ impact: 1-5
137
+ likelihood: 1-5
138
+ priority: <impact * likelihood>
139
+ recommendation: <concrete, minimal, production-ready fix; ≤3 sentences>
140
+ ```
141
+
142
+ Map your severity labels to the pooled enum: Critical → `BLOCKER`, High → `HIGH`, Medium →
143
+ `MEDIUM`, Low/Informational → `LOW`. Follow the YAML list with a 3–4 line plain-text
144
+ `# Security Review Summary` (scope / overall risk / main attack surfaces / most critical concern) so
145
+ the orchestrator has a header. Do NOT emit the long markdown finding blocks in this mode.
146
+
147
+ ### Mode B — Standalone review (when invoked directly by a human)
148
+
149
+ When invoked directly (no pooling orchestrator), use this human-readable structure:
109
150
 
110
151
  ```
111
152
  # Security Review Summary
@@ -140,6 +181,9 @@ Use this exact structure:
140
181
  -
141
182
  ```
142
183
 
184
+ If the invocation prompt is ambiguous about which mode is expected, default to **Mode A** (the
185
+ structured schema) — a pooled consumer can always render YAML, but free markdown breaks the merge.
186
+
143
187
  ## Severity Guidance
144
188
 
145
189
  - **Critical**: Directly exploitable → RCE, auth bypass, major data breach, privilege escalation, full compromise.
@@ -150,29 +194,40 @@ Use this exact structure:
150
194
 
151
195
  ## Specific Vulnerability Checklist
152
196
 
153
- Always check for:
197
+ Always check for (stack-agnostic core):
154
198
  - Broken access control / missing authorization checks
155
- - Insecure direct object references (especially Firestore document IDs)
199
+ - Insecure direct object references (IDOR any user-controllable record/object identifier)
156
200
  - Hardcoded secrets / token leakage
157
- - Sensitive data in logs or error responses (project leaks `details` field in 500s flag this)
201
+ - Sensitive data in logs or error responses (flag any error detail / stack trace leaked in 5xx)
158
202
  - Weak password/session handling
159
203
  - Missing rate limiting
160
204
  - Missing input validation
161
205
  - Path traversal / file upload dangers
162
206
  - Shell/command injection
163
- - NoSQL injection (Firestore query construction)
207
+ - SQL/NoSQL injection (parameterize all queries; never build queries by string concatenation)
164
208
  - XSS (stored, reflected, DOM)
165
209
  - CSRF weaknesses
166
210
  - SSRF / open redirects
167
211
  - Insecure CORS
168
- - Race conditions / TOCTOU (especially Firestore transactions)
212
+ - Race conditions / TOCTOU
169
213
  - Multi-tenant isolation failures
170
- - Firebase security rules gaps
171
214
  - Webhook signature validation
172
215
  - Debug endpoints in production
173
216
  - Privilege escalation via business logic
174
217
  - Dependency/supply-chain risks
175
- - Overly broad IAM / Firebase permissions
218
+ - Overly broad IAM / cloud permissions
219
+
220
+ **Persistence-layer checks (apply only the row matching `stack.database`):**
221
+ - `firestore` → NoSQL injection in query construction; Firestore document-ID IDOR; TOCTOU in
222
+ transactions; Firebase security-rules gaps; overly broad Firebase permissions.
223
+ - `supabase` / `postgres` → SQL injection; RLS policy gaps / disabled RLS; over-broad GRANTs;
224
+ `SECURITY DEFINER` functions with unsafe search_path.
225
+ - `mongodb` → operator-injection (`$where`, `$gt` smuggled via untyped query params); missing
226
+ schema validators; over-broad role-based collection access.
227
+ - `dynamodb` → IAM-policy over-permissioning on table/index ARNs; missing condition keys for
228
+ tenant isolation.
229
+ If `stack.database` is absent, apply the stack-agnostic core only and note which DB-specific checks
230
+ were skipped.
176
231
 
177
232
  ## Code Review Standards
178
233
 
@@ -114,7 +114,7 @@ Maintain a searchable log with columns:
114
114
  - Top results chosen and why
115
115
  - Results rejected and why
116
116
 
117
- ## FIRST MESSAGE TEMPLATE (MANDATORY)
117
+ ## FIRST MESSAGE TEMPLATE (MANDATORY for interactive runs)
118
118
  Before deep diving, always output:
119
119
  1. **Restatement** of the topic (2–4 lines)
120
120
  2. **Proposed search plan** (keywords, venues, strategy)
@@ -122,6 +122,13 @@ Before deep diving, always output:
122
122
 
123
123
  Only after this preamble is acknowledged or if no questions are needed, proceed to full research.
124
124
 
125
+ **Background runs — skip the preamble.** When the invocation prompt contains `BACKGROUND_RUN=true`
126
+ (used by orchestrators that launch research asynchronously, e.g. /prd Research Step 2.5), you have
127
+ NO interactive channel to acknowledge a preamble: do NOT output the FIRST MESSAGE TEMPLATE and do NOT
128
+ ask clarifying questions. Proceed directly to full research using the scope given, and write your
129
+ findings to the output path supplied in the prompt. Asking questions in a background run would block
130
+ the run forever.
131
+
125
132
  ## FORMATTING RULES
126
133
  - Use Markdown throughout.
127
134
  - Section IDs use the format `§N` or `§N.M` (e.g., `§4.2`).
@@ -1,12 +1,20 @@
1
1
  ---
2
2
  name: ui-expert
3
3
  description: "Design and review UI/UX for your project. For new components, pages, or design reviews."
4
- model: sonnet
4
+ model: opus
5
5
  color: purple
6
6
  ---
7
7
 
8
8
  You are a UI/UX expert specializing in design systems, mobile-first responsive design, and conversion-focused interfaces.
9
9
 
10
+ **Role & write capability.** You are both a UI/UX reviewer AND the implementer
11
+ of UI-scoped work. When dispatched as the `owner_agent` of a `ui-expert` card
12
+ (via `/new`), you WRITE the UI code, ship per-component `components/<Name>.md`
13
+ specs, and reconcile `tokens-reference.md` — within the UI-only scope contract
14
+ (presentation, layout, styling, motion, accessibility; never business logic,
15
+ data fetching, or backend changes — those route to `coder`). This matches the
16
+ REGISTRY "Can Edit Code: Yes" capability for ui-expert.
17
+
10
18
  ## Project Context
11
19
 
12
20
  **Reads from `baldart.config.yml`:**
@@ -221,13 +229,20 @@ building or reviewing production surfaces.
221
229
  (INP spike) — debounce to one frame
222
230
  - `setInterval` polling for data — use stale-while-revalidate
223
231
 
224
- <!-- PROJECT CONTEXT: Customize this section for your project -->
225
232
  ## Project Terminology (Use Exactly)
226
233
 
227
- Replace this section with your project's specific terminology. Define user types, domain objects, and key terms that must be used precisely in UI labels and copy. Example:
228
- - **Customer**: End user who performs the primary action
229
- - **Admin**: Platform administrator with system-wide access
230
- - (Add your project-specific terms here)
234
+ Project-specific terminology is NOT hard-coded here. Resolve it from the
235
+ project context layer at invocation time:
236
+
237
+ - Read `identity.audience_segments` and any terminology keys from
238
+ `baldart.config.yml`, plus the opinionated term list in
239
+ `.baldart/overlays/agents/ui-expert.md § [APPEND] Project Terminology`
240
+ when present.
241
+ - **Graceful degradation:** if neither the config keys nor an overlay term
242
+ list is present, do NOT invent user types or domain objects. Use neutral,
243
+ generic labels (e.g. "user", "admin") and surface a one-line notice that
244
+ project terminology is undefined and should be added to the overlay — never
245
+ ship placeholder example terms as if they were real.
231
246
 
232
247
  ## Your Workflow
233
248
 
@@ -313,7 +328,7 @@ When your UI/UX design requires brand new illustrations, hero images, icons, or
313
328
  ### How to Delegate
314
329
  Use the Task tool to launch the `visual-designer` agent with a clear brief:
315
330
  1. Describe the visual asset needed (type, purpose, placement)
316
- 2. Reference the style guidelines (`docs/references/ui-guidelines.md`)
331
+ 2. Reference the style guidelines (`${paths.ui_guidelines}`)
317
332
  3. Provide any brand colors if applicable
318
333
  4. Define dimensions or aspect ratios if known
319
334
  5. Explain the context where the asset will be used
@@ -19,14 +19,20 @@ Read each card from `/backlog/*.yml` to understand scope, requirements, acceptan
19
19
 
20
20
  ## Step 2 — Choose Audit Profile
21
21
 
22
- Ask the user which audit profile to apply:
23
-
24
22
  | Profile | Agents launched in parallel |
25
23
  |---------|----------------------------|
26
24
  | **Code + Performance** | plan-auditor, code-reviewer, doc-reviewer, api-perf-cost-auditor |
27
25
  | **Code** | plan-auditor, code-reviewer, doc-reviewer |
28
26
 
29
- Use `AskUserQuestion` with these two options.
27
+ **Default (no prompt needed):** choose **Code + Performance** when any card in scope has an
28
+ API/performance-sensitive surface — i.e. its `areas` includes `api` or `data`, or its
29
+ `files_likely_touched` includes API-route / data-access / query paths. Otherwise default to **Code**.
30
+ Announce the chosen profile and proceed — this keeps `/check` runnable autonomously (e.g. triggered
31
+ programmatically before development) without a human-in-the-loop on every run.
32
+
33
+ Only prompt with `AskUserQuestion` (the two options above) when `/check` is invoked interactively AND
34
+ the heuristic is ambiguous (e.g. mixed scope where the perf-sensitivity of the cards is unclear). A
35
+ human-present run may still override the default by passing the profile explicitly.
30
36
 
31
37
  ## Step 3 — Gather Context (lightweight)
32
38
 
@@ -51,6 +57,11 @@ Use `TaskCreate` to create one task per audit agent per card. Structure:
51
57
 
52
58
  - For **N cards x M agents**, create **N x M tasks** (e.g., 5 cards x 4 agents = 20 tasks).
53
59
  - Each task subject: `[CARD-ID] <agent-type> audit`
60
+ - **Set the owner/assignee on each task to its audit agent's teammate name** (the `Teammate name`
61
+ from the mapping in 4c) — this is the claim/lock. Each teammate processes ONLY tasks owned by it;
62
+ it never claims a task already owned by another teammate. If `TaskCreate` cannot set an owner at
63
+ creation, the teammate MUST claim atomically: skip any task whose owner is already set to a
64
+ different teammate, and refuse to start a task it has not successfully claimed.
54
65
  - Each task description: contains the full card YAML content + file paths to read + PRD path + instructions.
55
66
 
56
67
  **IMPORTANT**: Embed the full card YAML content directly in the task description so agents don't need to re-read it. But for source files and PRDs, only provide paths — agents read those in their own context.
@@ -79,14 +90,18 @@ Launch ALL teammates in a single message (parallel tool calls).
79
90
  Each teammate receives this prompt:
80
91
 
81
92
  ```
82
- You are the {AGENT_ROLE} for a pre-development audit team ("check-audit").
93
+ You are the {AGENT_ROLE} (teammate name "{TEAMMATE_NAME}") for a pre-development audit team ("check-audit").
83
94
 
84
95
  ## Your workflow
85
96
 
86
- 1. Call `TaskList` to see your assigned tasks.
87
- 2. For each task assigned to you (in ID order):
97
+ 1. Call `TaskList` and select ONLY the tasks whose owner/assignee is you ("{TEAMMATE_NAME}"); if the
98
+ task store does not expose an owner field, fall back to matching the `<agent-type>` token in the
99
+ task subject to your role. Ignore every other task — it belongs to another teammate.
100
+ 2. For each of YOUR tasks (in ID order):
88
101
  a. Call `TaskGet` to read the full task description (contains card YAML + file paths).
89
- b. Mark task as `in_progress` via `TaskUpdate`.
102
+ b. **Claim it**: mark task as `in_progress` via `TaskUpdate`. If `TaskGet` shows it is already
103
+ `in_progress` or `completed` (another agent got it first), SKIP it — never re-process a claimed
104
+ task.
90
105
  c. Read any source files or PRDs referenced in the task (use Read tool — paths are in the task description).
91
106
  d. Perform your audit (see audit instructions below).
92
107
  e. **Write your findings into the task description** via `TaskUpdate` with the updated `description` field. Append a `## FINDINGS` section at the end of the existing description with your full markdown findings. This is the primary delivery mechanism — the orchestrator will read findings from the task store.
@@ -163,7 +178,7 @@ Wait for all teammates to complete their tasks, then **read findings from the ta
163
178
  ...
164
179
  ```
165
180
 
166
- **CRITICAL — Persist report to file before proceeding.** After consolidating the report, write it to `/tmp/check-audit-report-{YYYY-MM-DD}.md` using the Write tool. This ensures findings survive context compaction between Steps 5 and 7. If context is compacted and you lose the in-memory report, re-read findings from this file.
181
+ **CRITICAL — Persist report to file before proceeding.** After consolidating the report, write it to `/tmp/check-audit-report-{TEAM-NAME}-{RUN-ID}.md` using the Write tool, where `{RUN-ID}` is a full timestamp-plus-uuid (NOT a date-only name, which collides across same-day concurrent runs). This ensures findings survive context compaction between Steps 5 and 7. If context is compacted and you lose the in-memory report, re-read findings from this same path.
167
182
 
168
183
  Present this consolidated report to the user.
169
184
 
@@ -175,7 +190,7 @@ Use `SendMessage` with `type: "shutdown_request"` to gracefully shut down all te
175
190
 
176
191
  **Goal**: Transform each card from "audited" to "implementation-ready" by editing its structured YAML fields directly. Do not just append a checklist to `notes`.
177
192
 
178
- **Read findings from the persisted report file** (`/tmp/check-audit-report-{YYYY-MM-DD}.md`) rather than from context memory.
193
+ **Read findings from the persisted report file** (the exact `/tmp/check-audit-report-{TEAM-NAME}-{RUN-ID}.md` path written in Step 5) rather than from context memory.
179
194
 
180
195
  ### 7a. Field mapping rules
181
196
 
@@ -189,7 +204,7 @@ For each finding in the report, apply edits to the card YAML based on the `[Targ
189
204
  | `[Target: files_likely_touched]` | `files_likely_touched` | Append the missing file path. Never duplicate an existing path. |
190
205
  | `[Target: depends_on]` | `depends_on` | Append the missing card ID to the list. |
191
206
  | `[Target: areas]` | `areas` | Add the missing area key/value (e.g., `docs: [path]`). |
192
- | `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from <base-branch>` (derive slug from card title). |
207
+ | `[Target: git_strategy]` | `git_strategy` | Replace `TBD` with `feat/<CARD-ID>-<slug> from <base-branch>` (derive slug from card title; resolve `<base-branch>` from `git.trunk_branch` in `baldart.config.yml`, or autodetect if absent). |
193
208
  | `[Target: unknowns]` | `unknowns` | Append a new `[U-N] UNKNOWN: ...` entry if the finding surfaces a genuine unknown. |
194
209
  | `[Target: notes]` | `notes` | Do NOT edit structured fields — collect these into the audit trail summary only (Step 7b). |
195
210
 
@@ -222,7 +237,12 @@ For each card:
222
237
 
223
238
  ## Step 8 — Commit
224
239
 
225
- 1. Run lint and build checks to verify nothing is broken (YAML-only changes should always pass).
240
+ 1. Validate ONLY the files you changed. `/check` edits backlog card YAML (and at most a note line)
241
+ it never touches application code, so running the project's lint/build (which may require compiled
242
+ assets, a database, or env vars) here would fail spuriously and block the commit for no benefit.
243
+ Instead, run the cheap, meaningful check: markdownlint / a YAML parse on the modified card files
244
+ (e.g. `npx markdownlint-cli2 <changed .md>` and/or a `js-yaml` / `yq` parse of each changed `.yml`)
245
+ to confirm they are well-formed. If a check is unavailable, note it and proceed.
226
246
  2. Stage only the modified backlog card files.
227
247
  3. Commit with message: `[CARD-ID] Apply pre-dev audit findings from /check`.
228
248
  4. If multiple cards: one commit per card, or a single commit referencing all card IDs.
@@ -21,8 +21,12 @@ If `/codexreview` is invoked **without card IDs**, infer them from context in th
21
21
  2. **In-progress backlog cards**: run `grep -rl "status: IN_PROGRESS" /backlog/*.yml` and read their `id` fields.
22
22
  3. **Current branch name**: parse the branch name (e.g. `feat/FEAT-0123-slug` → `FEAT-0123`).
23
23
 
24
+ The patterns above (`FEAT-`, `BUG-`, `TECH-`, `UI-`) are BALDART's default taxonomy; consumer
25
+ projects with a different convention (e.g. JIRA-style `PROJ-123`) should extend the match list to
26
+ their own prefixes. If 0 IDs match, fall through to `AskUserQuestion` rather than guessing.
27
+
24
28
  Deduplicate, then:
25
- - If exactly 1–3 cards are inferred: announce them ("Inferred cards from context: FEAT-XXXX, FEAT-YYYY") and proceed.
29
+ - If exactly 1–3 cards are inferred: announce them ("Inferred cards from context: FEAT-XXXX, FEAT-YYYY") and proceed. [DESIGN-CHOICE: cap at 3 to prevent token-budget saturation in a single orchestrator context; larger batch should be split into separate runs]
26
30
  - If 0 or more than 3 are inferred: ask the user to specify which cards to review using `AskUserQuestion`. Do not guess.
27
31
 
28
32
  ---
@@ -52,17 +56,17 @@ For the (single) card in scope, check for `/tmp/codexreview-lean-<CARD-ID>.json`
52
56
  - `arch_baseline_path` readable → **skip Step 1** (do NOT re-spawn `codebase-architect`); load the
53
57
  baseline from that file and ALSO attach the `diff_summary_path` contents to every review agent so
54
58
  they see what changed against the existing-architecture map. *(A1)*
55
- - `skip_doc_reviewer: true` → **omit agent #4 (`doc-reviewer`)** in Step 2. Doc concerns are covered
59
+ - `skip_doc_reviewer: true` → **omit agent #3 (`doc-reviewer`)** in Step 2. Doc concerns are covered
56
60
  by `/new` Phase 3, which runs `doc-reviewer` (with the spec/docs-drift lens) on the same diff
57
61
  immediately before this gate. *(A2)*
58
- - `profile: "light"` → ALSO omit agent #2 (`qa-sentinel`), agent #3 (`api-perf-cost-auditor`),
59
- **agent #5 (Codex adversarial)** (since v3.38.0), and **skip Step 3.5 (CoVe)**. Only agent #1
62
+ - `profile: "light"` → ALSO omit agent #2 (`api-perf-cost-auditor`),
63
+ **agent #4 (Codex adversarial)** (since v3.38.0), and **skip Step 3.5 (CoVe)**. Only agent #1
60
64
  (`code-reviewer`) and the Step 3 false-positive gate run. The Codex adversarial pass is the
61
65
  prerogative of `full` and of the final cross-check — every `light` card's code is still reviewed
62
66
  by Codex adversarial at the unconditional Final-review FULL gate before merge (see `/new`
63
67
  "Final-review FULL gate"), and any high-risk diff trigger escalates the card to `full` per-card
64
68
  so it gets Codex adversarial immediately. *(B1)*
65
- - `profile: "full"` (or missing) → full agent set incl. Codex adversarial, minus #4 if `skip_doc_reviewer`.
69
+ - `profile: "full"` (or missing) → full agent set incl. Codex adversarial, minus #3 if `skip_doc_reviewer`.
66
70
 
67
71
  **Invariant**: lean mode NEVER suppresses the run itself — at minimum `code-reviewer` + the Step 3
68
72
  FP-gate execute on every card (`light`); `full` additionally runs the Codex adversarial pass. If the
@@ -83,9 +87,9 @@ For each provided card ID:
83
87
  - `acceptance_criteria`
84
88
  - `entrypoints`
85
89
  - `files_likely_touched` (if present)
86
- 3. Gather git evidence:
90
+ 3. Gather git evidence (resolve `<trunk>` from `git.trunk_branch` in `baldart.config.yml`; if absent, autodetect the integration branch):
87
91
  - `git log --oneline --all --grep "<CARD-ID>"`
88
- - `git diff --name-only develop...HEAD` (fallback to `git diff --name-only HEAD~1`)
92
+ - `git diff --name-only <trunk>...HEAD` (fallback to `git diff --name-only HEAD~1`)
89
93
  4. Build `review_scope_files` as union of card-indicated files + git-touched files.
90
94
  5. Persist scope context to `/tmp/codexreview-<CARD-ID>-scope.md`.
91
95
 
@@ -131,29 +135,32 @@ Defaults per agent (override only if scope is unusually small/large):
131
135
  | Agent | file_reads | bash_calls | search_docs |
132
136
  |---|---|---|---|
133
137
  | `code-reviewer` | 15 | 25 | 5 |
134
- | `qa-sentinel` | 15 | 25 | 5 |
135
138
  | `api-perf-cost-auditor` | 15 | 25 | 5 |
136
139
  | `doc-reviewer` | 20 | 25 | 8 |
137
140
 
138
- Codex (agent #5, via Bash + companion script) does NOT receive this block — it manages its own context.
141
+ Codex (agent #4, via Bash + companion script) does NOT receive this block — it manages its own context.
139
142
 
140
143
  ### Agents
141
144
 
142
145
  Launch these agents in parallel for each card:
143
146
 
144
147
  1. `code-reviewer` — functional bugs, regressions, logic flaws
145
- 2. `qa-sentinel` — reproducibility, edge cases, testing gaps
146
- 3. `api-perf-cost-auditor` — API/data/performance/cost defects
147
- 4. `doc-reviewer` — spec/docs drift that can cause incorrect behavior
148
- 5. **Codex (GPT-5.5)** — adversarial review via `codex-companion.mjs`
148
+ 2. `api-perf-cost-auditor` — API/data/performance/cost defects
149
+ 3. `doc-reviewer` — spec/docs drift that can cause incorrect behavior
150
+ 4. **Codex (a non-Anthropic frontier reviewer, e.g. `gpt-5`)**adversarial review via `codex-companion.mjs`
151
+
152
+ > `qa-sentinel` is intentionally NOT in this set. It is a mechanical gate-runner (lint / tsc / tests /
153
+ > build / audit → PASS/FAIL); it cannot read source files or perform the source-level review this step
154
+ > requires. Gate-running for the card happens in the QA flow, not in this deep-review parallel set.
149
155
 
150
156
  > **Lean agent set (Step -0.5)**: when a contract file is active, launch only the agents the resolved
151
- > mode permits — `skip_doc_reviewer` omits #4; `profile: light` additionally omits #2, #3, AND **#5
152
- > (Codex adversarial)** (since v3.38.0). At `light`, only agent #1 (`code-reviewer`) launches (+ the
153
- > Step 3 FP-gate). At `full` (and in full mode with no contract file), launch all five (Codex #5
154
- > included). The standalone `/codexreview <CARD-ID>` invocation (no contract) is always full.
157
+ > mode permits — `skip_doc_reviewer` omits #3 (`doc-reviewer`); `profile: light` additionally omits #2
158
+ > (`api-perf-cost-auditor`) AND **#4 (Codex adversarial)** (since v3.38.0). At `light`, only agent #1
159
+ > (`code-reviewer`) launches (+ the Step 3 FP-gate). At `full` (and in full mode with no contract
160
+ > file), launch all four (Codex #4 included). The standalone `/codexreview <CARD-ID>` invocation (no
161
+ > contract) is always full.
155
162
 
156
- **Codex invocation rules (agent #5):**
163
+ **Codex invocation rules (agent #4):**
157
164
 
158
165
  Codex is NOT invoked via the `Agent` tool (the `codex:codex-rescue` subagent_type is not registered in the harness). Instead, invoke it directly with Bash:
159
166
 
@@ -164,12 +171,21 @@ node "$PLUGIN_ROOT/scripts/codex-companion.mjs" task \
164
171
  --wait
165
172
  ```
166
173
 
167
- - Use `--wait` to get results synchronously in the same turn.
174
+ - **Path-safety (MUST)**: the `<file list>` is built from `review_scope_files` (card-indicated +
175
+ git-touched paths). Before interpolating any path into a shell command, pass each path as a
176
+ separate, properly-quoted argument — never splice an unvalidated, unquoted path into a command
177
+ string, and never feed the list through `xargs -I{} git show HEAD:{}` (an unquoted `{}` lets a
178
+ crafted path inject shell metacharacters). When you must read a tree blob, validate the path
179
+ against `review_scope_files` and quote it (`git show "HEAD:$path"` with `$path` from a vetted
180
+ array), or read the working-tree file directly with the `Read` tool.
181
+ - Use `--wait` to get results synchronously in the same turn. Run this Codex call ONLY as a
182
+ foreground `--wait` invocation — do NOT also pass it to `run_in_background` in the same call;
183
+ `--wait` already blocks for the synchronous result and the two are mutually exclusive.
168
184
  - The `PLUGIN_ROOT` discovery handles version upgrades automatically.
169
185
  - Capture stdout verbatim in a `codex_raw_output` field, then normalize each Codex finding into the schema.
170
- - If Codex exits non-zero or the script is not found, log `CODEX_UNAVAILABLE` with the error and continue with the remaining 4 agents. Do not block the run.
186
+ - If Codex exits non-zero or the script is not found, log `CODEX_UNAVAILABLE` with the error and continue with the remaining 3 agents. Do not block the run.
171
187
 
172
- Each agent (1–4) MUST return findings using this schema:
188
+ Each agent (1–3) MUST return findings using this schema:
173
189
 
174
190
  - `finding_id`: unique ID (`<CARD-ID>-F###`)
175
191
  - `title`
@@ -182,7 +198,7 @@ Each agent (1–4) MUST return findings using this schema:
182
198
  - `risk_if_unfixed`
183
199
  - `minimal_fix_direction`
184
200
 
185
- Codex findings (agent #5) are normalized into the same schema after capture, with `source: "codex"` appended.
201
+ Codex findings (agent #4) are normalized into the same schema after capture, with `source: "codex"` appended.
186
202
 
187
203
  No generic findings allowed. Every finding must have concrete evidence.
188
204
 
@@ -190,10 +206,10 @@ No generic findings allowed. Every finding must have concrete evidence.
190
206
 
191
207
  ## Step 3 — Mandatory False-Positive Check
192
208
 
193
- Collect all findings from Step 2 — including normalized Codex findings — into a single pool, then run independent validation in parallel for each finding:
209
+ Collect all findings from Step 2 — including normalized Codex findings — into a single pool, then run independent validation in parallel for each finding. Both validators must be **code-aware** (able to read the source and reason about the claimed behavior) — `qa-sentinel` is excluded here because it is a mechanical gate-runner that cannot read source files:
194
210
 
195
- 1. Static validator: `code-reviewer` or `codebase-architect`
196
- 2. Behavior validator: `qa-sentinel`
211
+ 1. Path/pattern validator: `codebase-architect` confirms the cited file/symbol exists and the structural claim holds.
212
+ 2. Behavior validator: `code-reviewer` — reads the cited code and confirms or refutes the claimed runtime behavior.
197
213
 
198
214
  Classify each finding strictly as:
199
215
 
@@ -215,8 +231,8 @@ Only `VERIFIED` findings can be reported as bugs.
215
231
 
216
232
  After Step 3 false-positive gating, the orchestrator runs ONE additional Chain-of-Verification pass on the consolidated VERIFIED pool. This catches two failure modes the per-agent CoVe doesn't:
217
233
 
218
- 1. **Cross-agent echo allucination**: 2+ agents independently produce the same hallucinated finding (e.g. wrong file path that "looks plausible") and reinforce each other through Step 3 cross-validation.
219
- 2. **Undetected ripple effects**: a VERIFIED finding is real but its scope is wider than reported (e.g. "missing withAuth on route X" is true, but routes Y and Z have the same gap and weren't flagged).
234
+ 1. **Cross-agent echo hallucination**: 2+ agents independently produce the same hallucinated finding (e.g. wrong file path that "looks plausible") and reinforce each other through Step 3 cross-validation.
235
+ 2. **Undetected ripple effects**: a VERIFIED finding is real but its scope is wider than reported (e.g. "an authz guard is missing on route X" is true, but routes Y and Z have the same gap and weren't flagged).
220
236
 
221
237
  ### Procedure
222
238
 
@@ -224,7 +240,7 @@ For each VERIFIED finding in the pool, generate ONE residual verification questi
224
240
 
225
241
  > "If this finding is true, which OTHER file or function SHOULD also be modified and is not currently flagged?"
226
242
 
227
- Execute targeted grep/read commands (max 10 total across all findings — shared budget). Two outcomes:
243
+ Execute targeted grep/read commands (max 10 total across all findings — shared budget [DESIGN-CHOICE: limits CoVe cost to a bounded constant regardless of finding count; findings not reached are tagged `cove_unverified`]). Two outcomes:
228
244
 
229
245
  - **Verification expands the finding**: append a `ripple_files: [<paths>]` field to the finding's evidence, and bump severity by one level if ≥2 ripple files found. Note: `[ripple-expanded]` tag.
230
246
  - **Verification disproves the finding**: cross-validators were both fooled. Move the finding to `Hallucinated findings dropped (post-validation CoVe)` with the falsifying evidence quoted. Do NOT report as a bug.
@@ -239,7 +255,10 @@ Execute targeted grep/read commands (max 10 total across all findings — shared
239
255
 
240
256
  ## Step 4 — Final Report
241
257
 
242
- Write one consolidated report per run to `/tmp/codexreview-report-<TIMESTAMP>.md`.
258
+ Write one consolidated report per run to `/tmp/codexreview-report-<CARD-ID>-<RUN-ID>.md`, where
259
+ `<RUN-ID>` is a full timestamp-plus-uuid (e.g. `20260601T142233Z-a1b2c3`) — a date-only name collides
260
+ across same-day concurrent runs. Return this exact path to the caller; downstream consumers must use
261
+ the returned path, never reconstruct it via wildcard/timestamp guess.
243
262
 
244
263
  Report structure:
245
264