baldart 3.41.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/CHANGELOG.md +47 -0
  2. package/VERSION +1 -1
  3. package/framework/.claude/agents/REGISTRY.md +72 -24
  4. package/framework/.claude/agents/api-perf-cost-auditor.md +17 -10
  5. package/framework/.claude/agents/code-reviewer.md +31 -24
  6. package/framework/.claude/agents/codebase-architect.md +47 -43
  7. package/framework/.claude/agents/coder.md +29 -18
  8. package/framework/.claude/agents/doc-reviewer.md +57 -30
  9. package/framework/.claude/agents/plan-auditor.md +85 -20
  10. package/framework/.claude/agents/prd-card-writer.md +44 -14
  11. package/framework/.claude/agents/prd.md +22 -3
  12. package/framework/.claude/agents/qa-sentinel.md +33 -15
  13. package/framework/.claude/agents/security-reviewer.md +65 -10
  14. package/framework/.claude/agents/senior-researcher.md +8 -1
  15. package/framework/.claude/agents/ui-expert.md +22 -7
  16. package/framework/.claude/commands/check.md +31 -11
  17. package/framework/.claude/commands/codexreview.md +48 -29
  18. package/framework/.claude/commands/new.md +29 -330
  19. package/framework/.claude/commands/qa.md +57 -37
  20. package/framework/.claude/skills/api-design-principles/SKILL.md +2 -2
  21. package/framework/.claude/skills/bug/SKILL.md +8 -8
  22. package/framework/.claude/skills/bug/references/logging-patterns.md +8 -2
  23. package/framework/.claude/skills/context-primer/SKILL.md +29 -8
  24. package/framework/.claude/skills/doc-writing-for-rag/SKILL.md +36 -36
  25. package/framework/.claude/skills/frontend-design/SKILL.md +10 -8
  26. package/framework/.claude/skills/new/SKILL.md +409 -302
  27. package/framework/.claude/skills/prd/SKILL.md +67 -38
  28. package/framework/.claude/skills/prd/assets/card-template.yml +22 -26
  29. package/framework/.claude/skills/prd/assets/epic-template.yml +5 -5
  30. package/framework/.claude/skills/prd/assets/prd-template.md +1 -1
  31. package/framework/.claude/skills/prd/assets/state-template.md +25 -3
  32. package/framework/.claude/skills/prd/references/api-perf-gate.md +143 -33
  33. package/framework/.claude/skills/prd/references/audit-phase.md +48 -34
  34. package/framework/.claude/skills/prd/references/backlog-phase.md +38 -11
  35. package/framework/.claude/skills/prd/references/discovery-phase.md +121 -44
  36. package/framework/.claude/skills/prd/references/impact-analysis.md +127 -23
  37. package/framework/.claude/skills/prd/references/prd-add-phase.md +18 -214
  38. package/framework/.claude/skills/prd/references/prd-writing-phase.md +52 -42
  39. package/framework/.claude/skills/prd/references/research-phase.md +105 -19
  40. package/framework/.claude/skills/prd/references/ui-design-phase.md +20 -8
  41. package/framework/.claude/skills/prd/references/validation-phase.md +97 -72
  42. package/framework/.claude/skills/prd-add/SKILL.md +70 -20
  43. package/framework/.claude/skills/simplify/SKILL.md +22 -12
  44. package/framework/.claude/skills/ui-design/SKILL.md +26 -7
  45. package/framework/.claude/skills/webapp-testing/SKILL.md +6 -4
  46. package/framework/.claude/skills/worktree-manager/SKILL.md +206 -143
  47. package/framework/agents/coding-standards.md +85 -0
  48. package/framework/agents/skills-mapping.md +85 -82
  49. package/framework/agents/testing.md +6 -4
  50. package/framework/templates/baldart.config.template.yml +29 -7
  51. package/package.json +1 -1
  52. package/src/commands/configure.js +43 -9
  53. package/framework/.claude/skills/prd-add/references/impact-analysis.md +0 -233
@@ -1,334 +1,33 @@
1
1
  ---
2
- description: Orchestrate a team of specialized agents to implement one or more backlog cards end-to-end, with code review, doc review, and commit for each.
2
+ description: Orchestrate a team of specialized agents to implement one or more backlog cards end-to-end, with code review, doc review, QA, and commit for each.
3
3
  allowed-tools: Bash, Task, Edit, Write, Read, Grep, Glob, WebFetch, WebSearch, TaskCreate, TaskUpdate, TaskList, TaskGet, TeamCreate, TeamDelete, SendMessage
4
4
  ---
5
5
 
6
- You are the **backlog orchestrator**. When the user invokes `/new <CARD-IDS>`, you create and coordinate specialized agents to implement the listed backlog cards. You NEVER write production code yourself — you only orchestrate.
7
-
8
- Parse the card IDs from the arguments. Cards can be specified as:
9
- - Space-separated: `GLOB-001 GLOB-002 GLOB-003`
10
- - Hyphen-range: `GLOB-001-GLOB-008` (expands to all cards in range)
11
- - Comma-separated: `GLOB-001, GLOB-002, GLOB-003`
12
- - **Epic expansion (`-full` / `--full`)**: `/new <PARENT-ID> -full` (e.g., `/new FEAT-005 -full`) expands to ALL children of the parent epic with **NO questions asked**. Children = YAML files in `backlog/` whose filename starts with `<PARENT-ID>-` (e.g., `FEAT-005-1.yml`, `FEAT-005-2.yml`) OR whose `group.parent` field equals `<PARENT-ID>`. The parent epic card itself is excluded. Sort by `group.sequence` ASC, fallback to lexicographic ID. The flag is batch-scoped (`/new FEAT-005 FEAT-008 -full` expands both). If a parent has zero children → HALT and report. All children share `group.parent`, so the existing worktree logic groups them into ONE worktree under the parent's `git_strategy.branch`.
13
-
14
- If no card IDs are provided, ask the user which cards to implement.
15
-
16
- ---
17
-
18
- ## Context Tracking (CRITICAL)
19
-
20
- You MUST maintain a **persistent tracking file** at `/tmp/batch-tracker-<FIRST-CARD-ID>.md` throughout the entire batch run (e.g., `/tmp/batch-tracker-FEAT-0396.md`). Use the **first card ID** from the batch as the suffix. This ensures multiple `/new` sessions running in parallel terminals (e.g., one per worktree) do NOT conflict.
21
-
22
- This file is your single source of truth if your context gets compacted or you lose track of what happened, **re-read this file first**.
23
-
24
- ### Tracking file format
25
-
26
- At batch start, create `/tmp/batch-tracker-<FIRST-CARD-ID>.md` with:
27
-
28
- ```markdown
29
- # Batch Run: [CARD-IDS]
30
- Started: [timestamp]
31
- Total cards: [N]
32
-
33
- ## Worktree
34
- Branch: [feat/FEAT-XXXX-slug]
35
- Path: [../wt/feat-FEAT-XXXX-slug]
36
- Group parent: [FEAT-XXXX or "standalone"]
37
- Main repo: [/absolute/path/to/main/repo]
38
-
39
- ## Card Queue
40
- - [ ] CARD-001 — [title from backlog]
41
- - [ ] CARD-002 — [title from backlog]
42
- ...
43
-
44
- ## Completed Cards
45
- (none yet)
46
-
47
- ## Current Card
48
- (none — starting pre-flight)
49
-
50
- ## Issues & Flags
51
- (none yet)
52
- ```
53
-
54
- ### Update rules
55
-
56
- - **Before starting a card**: move it to `## Current Card` with phase info.
57
- - **After each phase**: update the current card's phase status in the tracker.
58
- - **After completing a card**: move it from `Current Card` to `## Completed Cards` with:
59
- - Commit hash
60
- - One-line summary of what was implemented
61
- - Any flags/issues found
62
- - Code review result (pass/fail + fixes)
63
- - Doc review result (pass/fail + what was added)
64
- - Test results (new + existing count, pass/fail)
65
- - Fix cycles count
66
- - QA result (profile used: skip/light/balanced/deep | verdict: PASS/FAIL/SKIP | confidence % | findings: N blockers, N majors)
67
- - QA findings file (e.g. `/qa/FEAT-XXXX.md` or "skipped")
68
- - **When blocked**: log the blocker in `## Issues & Flags`.
69
- - **On context recovery**: if you ever feel lost or after context compaction, IMMEDIATELY read your tracker file (`/tmp/batch-tracker-<FIRST-CARD-ID>.md`) to restore your state.
70
-
71
- ---
72
-
73
- ## Pre-flight (once)
74
-
75
- 1. Read each backlog card from `/backlog/*.yml` to understand scope and dependencies.
76
- 2. Check `docs/references/project-status.md` for current state.
77
- 3. Determine which cards can run in **parallel** (no shared files/components) vs which must be **sequential** (dependencies or overlapping paths). Use `group.sequence` to determine execution order within a group.
78
- 4. **Worktree grouping** (automated from card metadata — do NOT ask the user if metadata is complete):
79
- a. Check each card's `group.parent` field.
80
- b. If all cards share the same `group.parent` → ONE worktree, branch derived from parent card.
81
- c. If cards have no `group.parent` but share a common ID prefix (e.g., `FEAT-0396-*`) → suggest grouping to user.
82
- d. If cards are unrelated (no shared parent, no common prefix) → each gets its own worktree.
83
- e. Read the parent/epic card for `git_strategy.branch` if set; otherwise derive branch name per AGENTS.md naming convention: `feat/<PARENT-ID>-<slug>`.
84
- f. If `group.parent` is set AND the parent card has `git_strategy.branch` → use it directly, NO questions asked.
85
- 5. **Create worktree(s)**:
86
- a. Ensure the base branch is clean: `git checkout <base-branch> && git pull`.
87
- b. For each worktree group:
88
- - Create: `git worktree add ../wt/<branch-name> -b <branch-name>`.
89
- - Copy environment files if needed: `cp <main-repo>/.env.local <worktree-path>/.env.local 2>/dev/null`.
90
- - Install dependencies in worktree (e.g., `npm install`, `pip install`, etc.).
91
- - Verify build in worktree.
92
- - If build fails → STOP, report, do NOT continue.
93
- c. Switch working directory to worktree for all subsequent operations.
94
- 6. Create the tracking file `/tmp/batch-tracker-<FIRST-CARD-ID>.md` (include worktree path and branch name).
95
- 7. Create a task list to track progress across all cards.
96
-
97
- ---
98
-
99
- ## QA Profile Selector
100
-
101
- Before Phase 3.5, determine the review profile for each card. **Primary path (since v3.38.0): READ the card's `review_profile` field** (`skip|light|balanced|deep`), computed deterministically by the PRD `prd-card-writer` (SSOT). Use it verbatim — do NOT recompute. **Fallback (legacy cards with no field): compute** from the table below (the SKILL.md version is authoritative — keep in sync with `prd-card-writer.md § Rule C`).
102
-
103
- | Profile | When to apply (fallback compute only) |
104
- |---------|--------------|
105
- | **SKIP** | Card type is `docs`, `chore`, or `config` — OR all changed paths are `.md`/`.yml` (non-API)/CSS with zero logic files — OR title contains only cosmetic keywords (typo, rename, copy, wording, style) with no code areas |
106
- | **LIGHT** | 5 or fewer files likely touched — AND no HIGH-risk keywords in paths/areas — OR card type is `bugfix` with small scope — OR pure refactoring with no logic change |
107
- | **BALANCED** | Default for all `feature` / `enhancement` cards not matching LIGHT or DEEP rules |
108
- | **DEEP** | ANY of: areas includes both `api` + `data` — OR paths/title contain `auth`, `payment`, `permission`, `schema`, `migration`, `cron`, `webhook`, `transaction` — OR >15 files likely touched — OR acceptance criteria count > 5 — OR DB indexes changed — OR API contract changed |
109
-
110
- When in doubt between LIGHT and BALANCED, use BALANCED. When in doubt between BALANCED and DEEP, use DEEP.
111
-
112
- ---
113
-
114
- ## Per-card pipeline
115
-
116
- For each card, execute these phases in order:
117
-
118
- ### Phase 1 — Claim & Context
119
- 1. **Update tracker**: set current card, phase = "1-claim".
120
- 2. Set the card status to `IN_PROGRESS` and assign yourself.
121
- 3. Update `docs/references/project-status.md` Active Code Context.
122
- 4. Invoke the **codebase-architect** agent (MUST per AGENTS.md) to understand the relevant codebase area, existing patterns, and architecture before any implementation.
123
- 5. **Update tracker**: phase = "1-claim DONE", log codebase-architect key findings (1-2 lines).
124
-
125
- ### Phase 2 — Implement (self-healing, up to 3 retries)
126
- 6. **Update tracker**: phase = "2-implement".
127
- 7. Create an agent team of **coder** agent (or appropriate specialist from `.claude/agents/REGISTRY.md`) to implement the card. Pass the codebase-architect findings as context.
128
- 8. Run tests (if they exist), build, and lint to verify everything passes.
129
- 9. **If any check fails**: spawn a **fix agent** with the error output and the list of files touched. Do NOT ask the user — just fix and re-run. Fix the code, not the tests (unless the test itself is wrong). Repeat up to **3 times**.
130
- 10. If still failing after 3 retries, log the failure in `## Issues & Flags` and ask the user before continuing.
131
- 11. **Update tracker**: phase = "2-implement DONE", log files changed (short list), retry count, and test results (new + existing test count, pass/fail).
132
-
133
- ### Phase 3 — Review (parallel read-only audits, then single fix pass)
134
- 12. **Update tracker**: phase = "3-review".
135
- 13. Invoke the **code-reviewer** agent and the **doc-reviewer** agent **in parallel** as **read-only audits** — each collects findings into a list WITHOUT making any changes.
136
- 14. **Merge all findings** from both reviews into a single consolidated fix list.
137
- 15. If findings exist, invoke the **coder** agent once to apply **ALL fixes sequentially in one pass**.
138
- 16. Run tests (if they exist), lint, and build once at the end to verify everything passes. If any check fails, apply the same self-healing retry loop (up to 3 times, no user prompt).
139
- 17. **Update tracker**: phase = "3-review DONE", log review findings count, fixes applied, and test results.
140
-
141
- ### Phase 3.5 — QA Validation
142
-
143
- 18. **Update tracker**: phase = "3.5-qa".
144
- 19. **Select QA profile**: read the card's `review_profile` field (use verbatim); only compute from the QA Profile Selector table above when the field is absent (legacy card). Log the chosen profile and source (`from card` | `computed`) in the tracker (1 line).
145
- 20. **If profile is SKIP**: log "QA skipped — [reason]" in the tracker. Proceed to Phase 4.
146
- 21. **If profile is LIGHT, BALANCED, or DEEP**: invoke the **`qa-sentinel`** agent (subagent_type: `qa-sentinel`) via Task tool with the following context:
147
-
148
- ```
149
- Run QA on card <CARD-ID> at the tier dictated by the QA profile (do NOT default to FULL).
150
-
151
- Context:
152
- - Worktree path: <worktree-path>
153
- - Branch: <branch-name>
154
- - Latest commit: <hash> <message>
155
- - Changed files: <list from implementation phase>
156
- - Risk level: [Low | Medium | High]
157
- - QA profile selected: [light | balanced | deep]
158
-
159
- Profile → tier mapping:
160
- - light → SCOPED (related tests only)
161
- - balanced → SCOPED (related tests only; risk drift in the diff may escalate to FULL)
162
- - deep → FULL (whole suite + audit + e2e smoke suite if configured)
163
- Only path-based risk drift (auth/permission/payment/schema/migration/API contract) escalates;
164
- file count never does.
165
-
166
- After running all gates, write the complete QA Report to:
167
- /qa/<CARD-ID>.md
168
-
169
- Use the findings file format defined in /qa/README.md.
170
- Return your full structured QA Report and final verdict.
171
- ```
172
-
173
- 22. **Read qa-sentinel's output.** Verify the findings file was written to `/qa/<CARD-ID>.md`.
174
- 23. **If QA verdict is FAIL**:
175
- - Spawn the **coder** agent to fix all BLOCKER findings (pass it the findings file path + list of blockers). Do NOT ask the user.
176
- - After coder fixes, re-invoke `qa-sentinel` in the same mode to re-validate. Repeat up to **2 times**.
177
- - If still FAIL after 2 retries: log in `## Issues & Flags` and **ask the user** whether to proceed or stop.
178
- - The commit in Phase 4 MUST NOT happen until QA verdict is PASS (or user explicitly overrides).
179
- 24. **Update tracker**: phase = "3.5-qa DONE", log: profile used, verdict (PASS/FAIL/SKIP), confidence %, findings count (blockers/majors/minors), findings file path.
180
-
181
- ### Phase 4 — Commit (in worktree, NO merge yet)
182
- 25. **Update tracker**: phase = "4-commit".
183
- 26. Stage and commit **all changes together** in the worktree using format `[CARD-ID] Brief description` (MUST per AGENTS.md). Include all relevant files — implementation, review fixes, QA-driven fixes, and doc updates in a single commit. Do NOT merge or push yet — that happens post-batch.
184
- - **IMPORTANT — atomic staging**: Always combine `git add` and `git commit` in a single chained command so staging is never lost on retry:
185
- ```
186
- cd <worktree-path> && git add -A && git commit -m "[CARD-ID] Brief description"
187
- ```
188
- - **If commit fails** (e.g., lint-staged or pre-commit hook error): re-run the **same full command** (`git add -A && git commit ...`). Never run `git commit` alone after a failure — the staging area may have been altered by lint-staged auto-fixes.
189
- 27. Update the backlog card: set status to `DONE`, add implementation notes.
190
- 28. **Update tracker**: move card to `## Completed Cards` with commit hash, summary, and flags.
191
-
192
- ### Sub-agent failure protocol
193
- - If any sub-agent **crashes or errors** during any phase: log the failure in the tracker, **attempt the work yourself directly**, and note it in the final report.
194
- - Never block the pipeline waiting for a failed agent — recover and continue.
195
-
196
- ### Phase 5 — Context Clean & Continue
197
- 29. Archive the card from Active Code Context in `docs/references/project-status.md`.
198
- 30. **CONTEXT PURGE**: After updating the tracker, deliberately forget the implementation details of this card. From this point forward, you should NOT reference any code, file contents, or review details from this card — only the summary in the tracker. If you need to recall what happened, read the tracker file. This keeps your working context lean for the next card.
199
- 31. **Update tracker**: clear `## Current Card`, move to next pending card.
200
- 32. Move to the next card.
201
-
202
- ---
203
-
204
- ## Final review (after all cards)
205
-
206
- Once ALL cards are committed in the worktree:
207
- 1. **Read the tracker file** to get the full picture of what was implemented.
208
- 2. Invoke the **code-reviewer** agent and the **doc-reviewer** agent **in parallel** for a holistic review across all implementations — check for inconsistencies, duplicated logic, integration gaps between cards, and missing documentation.
209
- 3. **Persist findings to file.** Write the consolidated final review findings to `/tmp/batch-final-review-<FIRST-CARD-ID>.md` using the Write tool. This ensures findings survive context compaction. If context is compacted before fixes are applied, re-read from this file.
210
- 4. **Auto-apply fixes.** If findings exist, invoke the **coder** agent once to apply ALL fixes in a single pass (same pattern as Phase 3 per-card review). Run tests (if they exist), lint, and build to verify. If any check fails, apply the self-healing retry loop (up to 3 times).
211
- 5. Run build one final time in the worktree to confirm stability.
212
- 6. **Update tracker** with final review results (findings count, fixes applied, build status).
213
- 7. **Proceed to Phase 6** (post-batch merge & cleanup).
214
- 8. Present a **single summary report** to the user per card (and a batch summary at the end):
215
- - **Files changed** (short list per card)
216
- - **Test results** (new tests + existing tests count, pass rate at each iteration)
217
- - **Build/lint status** (pass + retry count if any)
218
- - **Fix cycles** (total number of self-healing retries across phases)
219
- - **Review findings fixed** (count and brief description)
220
- - **QA result** (profile: skip/light/balanced/deep | verdict: PASS/FAIL/SKIP | confidence % | findings: N blockers, N majors, N minors | findings file path)
221
- - **Issues needing user attention** (anything unresolved, partially wired, or flagged)
222
- - **Commit hashes** (from tracker)
223
- - **Merge commit hash** (from Phase 6)
224
- - **Worktree cleanup status** (success/failed)
225
- - Overall implementation status
226
- 9. **Proceed to Phase 7** (production readiness checklist).
227
-
228
- ---
229
-
230
- ## Phase 6 — Post-batch merge & cleanup
231
-
232
- After the final review passes AND all cards are committed in the worktree:
233
-
234
- ### 6a. Push feature branch
235
- 1. From the worktree directory: `git push -u origin <branch-name>`.
236
-
237
- ### 6b. Merge into base branch
238
- 2. Switch to main repo: `cd <main-repo-path>` (read from tracker `## Worktree > Main repo`).
239
- 3. `git checkout <base-branch> && git pull`.
240
- 4. `git merge --no-ff <branch-name>`.
241
- 5. **If merge conflicts** → STOP immediately, report conflicting files to user. Do NOT auto-resolve.
242
-
243
- ### 6c. Verify post-merge integrity
244
- 6. Run build — must pass.
245
- 7. Run tests — must pass (if tests exist).
246
- 8. **If anything fails** → STOP, report. Do NOT delete branch or worktree.
247
-
248
- ### 6d. Push base branch
249
- 9. `git push`.
250
-
251
- ### 6e. Cleanup
252
- 10. Delete local branch: `git branch -d <branch-name>`.
253
- 11. Delete remote branch: `git push origin --delete <branch-name>`.
254
- 12. Remove worktree: `git worktree remove ../wt/<branch-name>`.
255
- 13. Prune: `git worktree prune`.
256
- 14. **Update tracker**: log merge commit hash, cleanup status.
257
-
258
- ### Fail-safe rules
259
- - Never force push.
260
- - Never delete a branch before successful merge.
261
- - Never remove a worktree before confirming the base branch is stable.
262
- - Stop execution immediately if any command fails.
263
-
264
- ---
265
-
266
- ## Phase 7 — Production Readiness Checklist
267
-
268
- After Phase 6 completes (or after the final summary report if Phase 6 is deferred), present a **Production Readiness Checklist** — a clear list of all manual or infrastructure actions required to launch the implemented changes in production.
269
-
270
- ### How to detect items
271
-
272
- Scan ALL files changed across the batch (use the tracker's completed cards + `git diff` against the base branch) and check for:
273
-
274
- | Category | Detection signal | Action to report |
275
- |----------|-----------------|------------------|
276
- | **DB indexes** | New/modified index config files, or code using new compound queries | Deploy indexes (e.g., `firebase deploy --only firestore:indexes`, run migrations, etc.) |
277
- | **DB security/access rules** | New/modified access rule files | Deploy updated rules |
278
- | **Environment variables** | New `process.env.*` references not present in the base branch, new entries in `.env.example` | Add to hosting platform settings (list each var name) |
279
- | **Scheduled functions / cron** | New or modified cron/scheduled functions | Deploy functions |
280
- | **Database migrations** | New collections/tables, field renames, data backfills referenced in code or ADRs | Run migration script (specify which) |
281
- | **New API endpoints** | New route files | Verify CORS/auth config; update API docs if public |
282
- | **Third-party services** | New API keys, webhook URLs, or external service integrations | Configure in provider dashboard + add secrets |
283
- | **DNS / domain changes** | Hosting or redirect config changes | Update DNS records or hosting domain settings |
284
- | **Package upgrades with breaking changes** | Major version bumps in dependency files | Verify compatibility; check migration guides |
285
-
286
- ### Output format
287
-
288
- Present the checklist as a clearly formatted section in the final report:
289
-
290
- ```
291
- ## Production Readiness Checklist
292
-
293
- ### Required before deploy
294
- 1. **[Category]** Description
295
- - Command or UI path
296
- - Reason: which card/feature requires it
297
-
298
- ### No action needed
299
- - (list categories that don't apply)
300
-
301
- ### Notes
302
- - Any timing dependencies (e.g., "deploy indexes BEFORE releasing code")
303
- - Any environment variables that must be set BEFORE deployment
304
- ```
305
-
306
- ### Rules
307
-
308
- - **Always present this section**, even if the checklist is empty (in that case, state "No infrastructure changes required — deploy is code-only").
309
- - Order items by **deployment sequence** (items that must happen first go first).
310
- - For each item, include the **reason** (which card/feature requires it) and the **exact command or UI path**.
311
- - If an item is **uncertain**, mark it with `VERIFY` and explain what to check.
312
- - **Update the tracker** with the full checklist under a new `## Production Readiness` section.
313
-
314
- ---
315
-
316
- ## Context recovery protocol
317
-
318
- If at ANY point you are unsure where you are in the batch:
319
- 1. Read your tracker file (`/tmp/batch-tracker-<FIRST-CARD-ID>.md`)
320
- 2. Check `## Current Card` — if populated, resume that card at the listed phase.
321
- 3. Check `## Card Queue` — find the next unchecked card.
322
- 4. Check `## Completed Cards` — know what's already done (don't redo).
323
- 5. Continue the pipeline from where you left off.
324
-
325
- ---
326
-
327
- ## Parallelism rules
328
-
329
- - Cards with non-overlapping `claimed_paths` CAN run in parallel.
330
- - Cards with shared dependencies or overlapping files MUST run sequentially.
331
- - Code review and doc review for the same card run as **parallel read-only audits**, then fixes are applied in a single sequential pass.
332
- - Different cards' implementations CAN run in parallel if independent.
333
- - When running parallel agents, expect "file modified since read" errors on shared files (like the backlog yml) — handle gracefully.
334
- - When running in parallel, each parallel branch updates the tracker with its own card — use card ID as prefix to avoid conflicts.
6
+ # /new redirect to the `new` skill (SSOT)
7
+
8
+ > **This command is a thin entry point. It contains NO orchestration logic of its own.**
9
+ > The authoritative, maintained `/new` pipeline lives in the **`new` skill**:
10
+ > `framework/.claude/skills/new/SKILL.md` (installed as `.claude/skills/new/`).
11
+ >
12
+ > A previous version of this file carried a full, hand-maintained copy of the pipeline.
13
+ > That copy silently drifted from the skill (it omitted the BLOCKING Phase 0 hygiene,
14
+ > AC-Closure, Simplify, E2E, Pre-Merge Codex, post-merge hygiene, and Metrics phases,
15
+ > ran `code-reviewer` where the skill forbids it, and referenced a QA README
16
+ > file that does not exist). To eliminate the dual-source-of-truth, the logic now lives in
17
+ > exactly one place. **Do not re-introduce pipeline steps here.**
18
+
19
+ When the user invokes `/new <CARD-IDS>`:
20
+
21
+ 1. **Load and follow the `new` skill** (`skills/new/SKILL.md`) verbatim, passing the
22
+ user's arguments through unchanged (card IDs, ranges, `-full` epic expansion, etc.).
23
+ 2. The skill owns the entire flow: Phase 0 (workspace hygiene pre-flight) → Phase 1–8
24
+ (claim, implement, completeness, AC-closure, simplify, E2E, doc review, QA,
25
+ pre-merge Codex gate, commit, batch review, merge, reconciliation, post-merge
26
+ hygiene, production-readiness, metrics), including the `review_profile`-driven QA
27
+ tiering and all worktree-isolation safety rules.
28
+ 3. Do not duplicate or summarise the skill's steps in this file — read them from the
29
+ skill so they cannot diverge.
30
+
31
+ If the `new` skill is not available in the current install, that is an install/integrity
32
+ error: surface it (`new skill not found — run \`npx baldart\` to repair the install`)
33
+ rather than falling back to an inline pipeline.
@@ -27,7 +27,7 @@ You are the **QA Orchestrator**. When the user invokes `/qa [profile] [--card FE
27
27
 
28
28
  ## Step 1 — Gather Context (always)
29
29
 
30
- Run these in parallel:
30
+ Run these in parallel (resolve `<base-branch>` from `git.trunk_branch` in `baldart.config.yml`; if absent, autodetect the integration branch):
31
31
  - `git rev-parse --abbrev-ref HEAD`
32
32
  - `git log -1 --pretty="%h %s"`
33
33
  - `git diff --name-only <base-branch>...HEAD 2>/dev/null || git diff --name-only HEAD~1`
@@ -38,7 +38,7 @@ Run these in parallel:
38
38
  - **MEDIUM**: everything else (feature modules, components, utilities)
39
39
  - **LOW**: only `.md`, `.yml`, style/CSS, test files, config — no logic changes
40
40
 
41
- If risk is HIGH and profile is LIGHT, warn the user: "Risk level is HIGH — consider running `/qa balanced` or `/qa deep` for better coverage."
41
+ If risk is HIGH and profile is LIGHT, warn the user: "Risk level is HIGH — consider running `/qa balanced` or `/qa deep` for better coverage." This warning is advisory; the run proceeds, but the caveat MUST be carried into the QA Verdict block (Step 7) so a HIGH-risk LIGHT pass is never silently equivalent to a full one. (For per-card test depth in `/new`, the card's `review_profile` value governs scope — `review_profile` is computed by prd-card-writer (Rule C); see prd-card-writer.md for the criteria.)
42
42
 
43
43
  ---
44
44
 
@@ -98,7 +98,7 @@ Write the initial file:
98
98
 
99
99
  ## Step 3 — Execute Profile
100
100
 
101
- ### LIGHT — Fast confidence (<3 min target)
101
+ ### LIGHT — Fast confidence (<3 min target [DESIGN-CHOICE: scoped to lint + type-check + related tests only; sufficient for low-risk or doc-only diffs])
102
102
 
103
103
  Run directly in this session (no sub-agents):
104
104
 
@@ -118,16 +118,16 @@ No findings file required. Present final verdict immediately.
118
118
 
119
119
  ### BALANCED — Solid validation (default)
120
120
 
121
- **Decide on parallelization first:**
122
- - If 3+ clearly independent risk tracks exist (e.g., auth + payments + UI, or unit + integration + DB) use the parallel agent strategy below.
123
- - Otherwise invoke a single `qa-sentinel` agent.
121
+ qa-sentinel is a **mechanical gate-runner** (lint / tsc / scoped-or-full tests / build / `npm audit`):
122
+ it returns PASS/FAIL + a gate table + confidence. It does NOT read source files, exercise flows, run
123
+ a dev server, or do collateral-impact analysis. Behavioral / collateral / dev-server work in BALANCED
124
+ belongs to the e2e and code-aware reviewers, not to qa-sentinel.
124
125
 
125
- **Single-agent path:**
126
-
127
- Invoke `qa-sentinel` via Task tool:
126
+ Invoke `qa-sentinel` via Task tool to run the gates:
128
127
 
129
128
  ```
130
- Run QA on the current changeset at the tier dictated by the QA profile below (do NOT default to FULL).
129
+ Run the mechanical QA gates on the current changeset at the tier dictated by the QA profile below
130
+ (do NOT default to FULL).
131
131
 
132
132
  Context:
133
133
  - Branch: <branch>
@@ -141,21 +141,19 @@ Tier contract: balanced → SCOPED (related tests on touched modules); deep →
141
141
  path-based risk drift (auth/permission/payment/schema/migration/API contract in the diff) may
142
142
  escalate balanced→FULL.
143
143
 
144
- After completing validation gates (lint, tsc, tests, build, audit):
145
- 1. Start the dev server if appropriate for the change, exercise key flows, and check for server/browser console errors and unexpected 4xx/5xx responses. Focus on flows directly touched by the diff.
146
- 2. Identify collateral impacts on adjacent features not directly in the diff.
147
- 3. Return your full QA Report (all gates + findings).
148
-
149
- Findings file to update: /qa/<file>.md
144
+ Run lint, tsc, tests (per tier), build, and (deep) npm audit. Return PASS/FAIL + the gate table +
145
+ confidence. Do NOT read source files, start a dev server, or analyze collateral impact those are
146
+ out of scope for this agent.
150
147
  ```
151
148
 
152
- After `qa-sentinel` completes:
149
+ After `qa-sentinel` returns its PASS/FAIL + gate table:
153
150
  - Read its output.
154
- - Append all findings to `/qa/<file>.md` under the `## Findings` section.
155
-
156
- **Parallel-agent path (when warranted):**
151
+ - Append the gate results to `/qa/<file>.md` under the `## Findings` section.
157
152
 
158
- See Step 4 below.
153
+ **Collateral / behavioral coverage (BALANCED):** if the diff touches user-facing flows and you need
154
+ behavioral confidence beyond the gates, use the parallel-agent path below (Step 4) — it routes
155
+ flow-exercising and collateral-impact analysis to the appropriate code-aware / e2e agents rather than
156
+ to qa-sentinel.
159
157
 
160
158
  ---
161
159
 
@@ -172,26 +170,31 @@ Run everything in BALANCED, plus:
172
170
  - Use MCP Playwright (if available) to open key flows related to the diff and take screenshots, checking for console errors and visual regressions.
173
171
  - Validate: login/auth flow, critical navigation, any flow directly touched by the diff.
174
172
 
175
- Run the e2e pass in parallel with the `qa-sentinel` FULL VALIDATION (launch both as sub-agents simultaneously).
173
+ Run the e2e pass in parallel with the `qa-sentinel` FULL-tier gate run (launch both as sub-agents simultaneously). This inline two-agent launch is the DEEP default; escalate to the team-based strategy (Step 4) ONLY when 3+ clearly independent risk tracks exist [DESIGN-CHOICE: below this threshold, TeamCreate overhead exceeds benefit; two inline Task spawns are sufficient]. A DEEP run with fewer than 3 tracks stays on this inline path and does NOT create a team.
176
174
 
177
175
  ---
178
176
 
179
177
  ## Step 4 — Parallel Agent Strategy (Balanced/Deep when warranted)
180
178
 
181
- Use this when 3+ independent tracks exist.
179
+ Use this when 3+ independent tracks exist [DESIGN-CHOICE: same threshold as DEEP inline gate — ensures consistent entry point for team-based parallelism].
182
180
 
183
181
  Create a team: `TeamCreate` with name `qa-<CARD-or-timestamp>`.
184
182
 
185
183
  Create tasks:
186
- - **Task A**: Unit + Lint + TypeScript — `qa-sentinel` quick subset
187
- - **Task B**: Integration + DB + API contract + Build — `qa-sentinel` full subset
188
- - **Task C** (Deep only): E2E + UI validation
189
- - **Task D**: Dev server log inspection + collateral impact analysis on adjacent features
184
+ - **Task A**: Lint + TypeScript + scoped tests — `qa-sentinel` (gate run, SCOPED tier)
185
+ - **Task B**: Full tests + build + audit — `qa-sentinel` (gate run, FULL tier)
186
+ - **Task C** (Deep only): E2E + UI validation — `e2e-review` skill / Playwright
187
+ - **Task D**: Collateral-impact analysis on adjacent features not in the diff `code-reviewer` (reads source, reasons about ripple)
190
188
 
191
189
  Spawn agents in parallel (single message, multiple Task tool calls):
192
- - Agent A: `qa-sentinel`, tasks A + D
190
+ - Agent A: `qa-sentinel`, task A
193
191
  - Agent B: `qa-sentinel`, task B
194
- - Agent C (Deep only): general-purpose agent, task C
192
+ - Agent C (Deep only): run the `e2e-review` skill / Playwright pass for task C
193
+ - Agent D: `code-reviewer`, task D
194
+
195
+ qa-sentinel runs gates only (tasks A + B); it never receives Task D — collateral-impact analysis
196
+ requires reading source, which qa-sentinel is forbidden from doing. If a named specialist is
197
+ unavailable, surface `CAPABILITY_UNAVAILABLE: <agent>` and halt — never substitute a generic agent.
195
198
 
196
199
  Each agent sends findings to orchestrator via `SendMessage`. Orchestrator consolidates ALL findings into `/qa/<file>.md`.
197
200
 
@@ -220,16 +223,33 @@ After all agents/checks complete, update `/qa/<file>.md` — replace the `## Fin
220
223
 
221
224
  **Only if BLOCKER or MAJOR findings exist:**
222
225
 
223
- 1. Invoke the **coder** agent (subagent_type: `coder`):
224
- - Provide: findings file path + instruction to fix all BLOCKERs, fix MAJORs unless they require architectural change, add regression tests for all bug fixes.
225
- - Do NOT ask the user proceed directly.
226
-
227
- 2. After coder completes:
228
- - Re-run LIGHT profile on the fixed files to verify corrections.
229
- - Invoke `doc-reviewer` and `code-reviewer` in parallel (read-only audit).
226
+ 1. Invoke the **coder** agent (subagent_type: `coder`). The coder has mandatory pre-conditions (it
227
+ reads a backlog card at startup, sets it IN_PROGRESS, and reads the card's `git_strategy`) and is
228
+ forbidden from switching branches — so it MUST be given the context it needs:
229
+ - **Card ID** (the resolved `<CARD-ID>` from Step 0). If Step 0 fell back to a `session-…`
230
+ timestamp (no card), do NOT auto-invoke the coder — there is no card for it to read. Instead,
231
+ surface the findings to the user and ask whether to create a card or fix manually.
232
+ - **Branch**: spawn the coder on the current branch (the one the diff lives on); it stays there.
233
+ - **Findings file path** + instruction to fix all BLOCKERs, fix MAJORs unless they require
234
+ architectural change, and add a regression test for every bug fix.
235
+ - Do NOT ask the user about whether to fix — proceed directly once a card exists.
236
+
237
+ 2. After coder completes, re-verify through proper subagent spawns (so results are written and
238
+ tracked, never run loose in this orchestrator's context):
239
+ - Re-invoke `qa-sentinel` (gate run, SCOPED tier) on the fixed files. It writes its
240
+ PASS/FAIL + gate table to `/qa/<CARD-ID>.md` and returns the structured `QA DONE` signal; the
241
+ orchestrator does NOT run gates in-session.
242
+ - Invoke `code-reviewer` (read-only audit) to confirm the fixes are correct. Invoke `doc-reviewer`
243
+ only if the fix touched documented behavior.
230
244
  - For DEEP: also re-run e2e smoke tests to verify UI still passes.
231
245
 
232
- 3. Update `/qa/<file>.md` with post-fix results under a new section `## Post-Fix Verification`.
246
+ > **Avoid double review when embedded in `/new`**: if this `/qa` run is part of `/new`'s pipeline,
247
+ > `/new`'s `/codexreview` pre-merge gate already runs `code-reviewer` (and `doc-reviewer`) on the
248
+ > same diff. Do NOT re-run them here in that case — let the `/codexreview` gate be the single
249
+ > review pass and only re-run the qa-sentinel gates to confirm the fix.
250
+
251
+ 3. Update `/qa/<file>.md` with post-fix results under a new section `## Post-Fix Verification`,
252
+ including the re-run qa-sentinel verdict and any re-review findings.
233
253
 
234
254
  ---
235
255
 
@@ -525,7 +525,7 @@ For deeper analysis beyond design patterns, delegate to the `api-perf-cost-audit
525
525
 
526
526
  Use the agent when you need:
527
527
  - Performance bottleneck analysis
528
- - Cost efficiency evaluation (Firestore reads/writes, function invocations)
528
+ - Cost efficiency evaluation (datastore reads/writes per `stack.database`, function invocations)
529
529
  - Scalability risk assessment
530
530
  - Caching strategy recommendations
531
531
  - Query optimization analysis
@@ -539,7 +539,7 @@ Task tool:
539
539
  Analyze the following API design:
540
540
 
541
541
  Endpoints: [List endpoints]
542
- Database Operations: [Firestore collections/queries]
542
+ Database Operations: [datastore collections/tables + queries]
543
543
  Expected Load: [Users, frequency, patterns]
544
544
 
545
545
  Provide performance and cost analysis.
@@ -47,9 +47,9 @@ See [framework/docs/MCP-INTEGRATION.md](../../../docs/MCP-INTEGRATION.md) for th
47
47
  2. Classify the bug domain:
48
48
  - **UI/Client** → Playwright MCP is primary tool
49
49
  - **API/Server** → dev server logs + route handler analysis
50
- - **Data/Firestore** → MCP Firestore tools + transaction tracing
51
- - **Auth** → authMiddleware.ts + auth error codes
52
- - **Build/Deploy** → Vercel logs + build output
50
+ - **Data/Datastore** → the project's datastore inspection tooling per `stack.database` (e.g. the Firebase MCP for `firestore`, a SQL client for `postgres`/`supabase`, the Mongo shell for `mongodb`) + transaction tracing
51
+ - **Auth** → the project's auth middleware/guard + auth error codes (per `stack.auth_provider`)
52
+ - **Build/Deploy** → the deploy platform's logs + build output (per `stack.deployment`, e.g. Vercel)
53
53
  3. Launch `codebase-architect` agent to map the affected code paths — do NOT start debugging blind.
54
54
  When `features.has_lsp_layer: true` and the symptom names a concrete symbol
55
55
  (function/type/handler), `codebase-architect` will use LSP find-references /
@@ -82,10 +82,10 @@ Goal: get a reliable reproduction that you can re-run after fixing.
82
82
  3. Check the error propagation pattern: look for `throw new Error(JSON.stringify({code, status, message}))` — this is the domain error contract
83
83
  4. Test the endpoint directly if possible (curl or Playwright network capture)
84
84
 
85
- **For data bugs:**
86
- 1. Use `mcp__plugin_firebase_firebase__firestore_get_document` to inspect the document state
87
- 2. Check field values, timestamps, missing fields
88
- 3. If collection query: use `firestore_query_collection` to verify query results
85
+ **For data bugs** (use the inspection tooling matching `stack.database`; the example below is for `firestore` via the Firebase MCP — for SQL stores use a SQL client / `SELECT`, for Mongo use the Mongo shell):
86
+ 1. Inspect the record state e.g. `mcp__plugin_firebase_firebase__firestore_get_document` (Firestore)
87
+ 2. Check field/column values, timestamps, missing fields
88
+ 3. If a collection/table query is involved: re-run the query against the store (e.g. `firestore_query_collection` for Firestore) to verify results
89
89
 
90
90
  **Outcome:** a clear, repeatable reproduction OR evidence that the bug is intermittent (in which case, skip to Phase 2 immediately).
91
91
 
@@ -109,7 +109,7 @@ console.log(`[DEBUG:reservations] PATCH entry`, { // DEBUG:
109
109
  }); // DEBUG:
110
110
  ```
111
111
 
112
- For Firestore operations, wrap reads/writes:
112
+ For datastore operations, wrap reads/writes to time them (Firestore shown as the example — use your store's client when `stack.database` differs):
113
113
  ```typescript
114
114
  const t0 = Date.now(); // DEBUG:
115
115
  const snap = await firestore.collection('X').doc(id).get();
@@ -79,9 +79,15 @@ grep -rn '// DEBUG:' src/ --include='*.ts' --include='*.tsx'
79
79
 
80
80
  Remove every line found. Run grep again. Zero results = clean.
81
81
 
82
- ## Firestore-Specific Debugging
82
+ ## Datastore-Specific Debugging
83
83
 
84
- ### Transaction contention
84
+ > The patterns below are illustrated for **Firestore** — apply them only when
85
+ > `stack.database: firestore`. For other stores, use the equivalent primitive
86
+ > (SQL `SERIALIZABLE` retry/`SAVEPOINT` for Postgres/Supabase, Mongo
87
+ > `withTransaction`, etc.). The *principle* (surface silent retries, log the
88
+ > attempt counter, beware emulator-only debug hooks) is datastore-agnostic.
89
+
90
+ ### Transaction contention (Firestore example)
85
91
  Firestore retries transactions silently up to 5 times. Only explicit attempt counting surfaces this:
86
92
  ```typescript
87
93
  let attempt = 0; // DEBUG: