baldart 3.41.0 → 4.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +47 -0
- package/VERSION +1 -1
- package/framework/.claude/agents/REGISTRY.md +72 -24
- package/framework/.claude/agents/api-perf-cost-auditor.md +17 -10
- package/framework/.claude/agents/code-reviewer.md +31 -24
- package/framework/.claude/agents/codebase-architect.md +47 -43
- package/framework/.claude/agents/coder.md +29 -18
- package/framework/.claude/agents/doc-reviewer.md +57 -30
- package/framework/.claude/agents/plan-auditor.md +85 -20
- package/framework/.claude/agents/prd-card-writer.md +44 -14
- package/framework/.claude/agents/prd.md +22 -3
- package/framework/.claude/agents/qa-sentinel.md +33 -15
- package/framework/.claude/agents/security-reviewer.md +65 -10
- package/framework/.claude/agents/senior-researcher.md +8 -1
- package/framework/.claude/agents/ui-expert.md +22 -7
- package/framework/.claude/commands/check.md +31 -11
- package/framework/.claude/commands/codexreview.md +48 -29
- package/framework/.claude/commands/new.md +29 -330
- package/framework/.claude/commands/qa.md +57 -37
- package/framework/.claude/skills/api-design-principles/SKILL.md +2 -2
- package/framework/.claude/skills/bug/SKILL.md +8 -8
- package/framework/.claude/skills/bug/references/logging-patterns.md +8 -2
- package/framework/.claude/skills/context-primer/SKILL.md +29 -8
- package/framework/.claude/skills/doc-writing-for-rag/SKILL.md +36 -36
- package/framework/.claude/skills/frontend-design/SKILL.md +10 -8
- package/framework/.claude/skills/new/SKILL.md +409 -302
- package/framework/.claude/skills/prd/SKILL.md +67 -38
- package/framework/.claude/skills/prd/assets/card-template.yml +22 -26
- package/framework/.claude/skills/prd/assets/epic-template.yml +5 -5
- package/framework/.claude/skills/prd/assets/prd-template.md +1 -1
- package/framework/.claude/skills/prd/assets/state-template.md +25 -3
- package/framework/.claude/skills/prd/references/api-perf-gate.md +143 -33
- package/framework/.claude/skills/prd/references/audit-phase.md +48 -34
- package/framework/.claude/skills/prd/references/backlog-phase.md +38 -11
- package/framework/.claude/skills/prd/references/discovery-phase.md +121 -44
- package/framework/.claude/skills/prd/references/impact-analysis.md +127 -23
- package/framework/.claude/skills/prd/references/prd-add-phase.md +18 -214
- package/framework/.claude/skills/prd/references/prd-writing-phase.md +52 -42
- package/framework/.claude/skills/prd/references/research-phase.md +105 -19
- package/framework/.claude/skills/prd/references/ui-design-phase.md +20 -8
- package/framework/.claude/skills/prd/references/validation-phase.md +97 -72
- package/framework/.claude/skills/prd-add/SKILL.md +70 -20
- package/framework/.claude/skills/simplify/SKILL.md +22 -12
- package/framework/.claude/skills/ui-design/SKILL.md +26 -7
- package/framework/.claude/skills/webapp-testing/SKILL.md +6 -4
- package/framework/.claude/skills/worktree-manager/SKILL.md +206 -143
- package/framework/agents/coding-standards.md +85 -0
- package/framework/agents/skills-mapping.md +85 -82
- package/framework/agents/testing.md +6 -4
- package/framework/templates/baldart.config.template.yml +29 -7
- package/package.json +1 -1
- package/src/commands/configure.js +43 -9
- package/framework/.claude/skills/prd-add/references/impact-analysis.md +0 -233
|
@@ -1,334 +1,33 @@
|
|
|
1
1
|
---
|
|
2
|
-
description: Orchestrate a team of specialized agents to implement one or more backlog cards end-to-end, with code review, doc review, and commit for each.
|
|
2
|
+
description: Orchestrate a team of specialized agents to implement one or more backlog cards end-to-end, with code review, doc review, QA, and commit for each.
|
|
3
3
|
allowed-tools: Bash, Task, Edit, Write, Read, Grep, Glob, WebFetch, WebSearch, TaskCreate, TaskUpdate, TaskList, TaskGet, TeamCreate, TeamDelete, SendMessage
|
|
4
4
|
---
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
Branch: [feat/FEAT-XXXX-slug]
|
|
35
|
-
Path: [../wt/feat-FEAT-XXXX-slug]
|
|
36
|
-
Group parent: [FEAT-XXXX or "standalone"]
|
|
37
|
-
Main repo: [/absolute/path/to/main/repo]
|
|
38
|
-
|
|
39
|
-
## Card Queue
|
|
40
|
-
- [ ] CARD-001 — [title from backlog]
|
|
41
|
-
- [ ] CARD-002 — [title from backlog]
|
|
42
|
-
...
|
|
43
|
-
|
|
44
|
-
## Completed Cards
|
|
45
|
-
(none yet)
|
|
46
|
-
|
|
47
|
-
## Current Card
|
|
48
|
-
(none — starting pre-flight)
|
|
49
|
-
|
|
50
|
-
## Issues & Flags
|
|
51
|
-
(none yet)
|
|
52
|
-
```
|
|
53
|
-
|
|
54
|
-
### Update rules
|
|
55
|
-
|
|
56
|
-
- **Before starting a card**: move it to `## Current Card` with phase info.
|
|
57
|
-
- **After each phase**: update the current card's phase status in the tracker.
|
|
58
|
-
- **After completing a card**: move it from `Current Card` to `## Completed Cards` with:
|
|
59
|
-
- Commit hash
|
|
60
|
-
- One-line summary of what was implemented
|
|
61
|
-
- Any flags/issues found
|
|
62
|
-
- Code review result (pass/fail + fixes)
|
|
63
|
-
- Doc review result (pass/fail + what was added)
|
|
64
|
-
- Test results (new + existing count, pass/fail)
|
|
65
|
-
- Fix cycles count
|
|
66
|
-
- QA result (profile used: skip/light/balanced/deep | verdict: PASS/FAIL/SKIP | confidence % | findings: N blockers, N majors)
|
|
67
|
-
- QA findings file (e.g. `/qa/FEAT-XXXX.md` or "skipped")
|
|
68
|
-
- **When blocked**: log the blocker in `## Issues & Flags`.
|
|
69
|
-
- **On context recovery**: if you ever feel lost or after context compaction, IMMEDIATELY read your tracker file (`/tmp/batch-tracker-<FIRST-CARD-ID>.md`) to restore your state.
|
|
70
|
-
|
|
71
|
-
---
|
|
72
|
-
|
|
73
|
-
## Pre-flight (once)
|
|
74
|
-
|
|
75
|
-
1. Read each backlog card from `/backlog/*.yml` to understand scope and dependencies.
|
|
76
|
-
2. Check `docs/references/project-status.md` for current state.
|
|
77
|
-
3. Determine which cards can run in **parallel** (no shared files/components) vs which must be **sequential** (dependencies or overlapping paths). Use `group.sequence` to determine execution order within a group.
|
|
78
|
-
4. **Worktree grouping** (automated from card metadata — do NOT ask the user if metadata is complete):
|
|
79
|
-
a. Check each card's `group.parent` field.
|
|
80
|
-
b. If all cards share the same `group.parent` → ONE worktree, branch derived from parent card.
|
|
81
|
-
c. If cards have no `group.parent` but share a common ID prefix (e.g., `FEAT-0396-*`) → suggest grouping to user.
|
|
82
|
-
d. If cards are unrelated (no shared parent, no common prefix) → each gets its own worktree.
|
|
83
|
-
e. Read the parent/epic card for `git_strategy.branch` if set; otherwise derive branch name per AGENTS.md naming convention: `feat/<PARENT-ID>-<slug>`.
|
|
84
|
-
f. If `group.parent` is set AND the parent card has `git_strategy.branch` → use it directly, NO questions asked.
|
|
85
|
-
5. **Create worktree(s)**:
|
|
86
|
-
a. Ensure the base branch is clean: `git checkout <base-branch> && git pull`.
|
|
87
|
-
b. For each worktree group:
|
|
88
|
-
- Create: `git worktree add ../wt/<branch-name> -b <branch-name>`.
|
|
89
|
-
- Copy environment files if needed: `cp <main-repo>/.env.local <worktree-path>/.env.local 2>/dev/null`.
|
|
90
|
-
- Install dependencies in worktree (e.g., `npm install`, `pip install`, etc.).
|
|
91
|
-
- Verify build in worktree.
|
|
92
|
-
- If build fails → STOP, report, do NOT continue.
|
|
93
|
-
c. Switch working directory to worktree for all subsequent operations.
|
|
94
|
-
6. Create the tracking file `/tmp/batch-tracker-<FIRST-CARD-ID>.md` (include worktree path and branch name).
|
|
95
|
-
7. Create a task list to track progress across all cards.
|
|
96
|
-
|
|
97
|
-
---
|
|
98
|
-
|
|
99
|
-
## QA Profile Selector
|
|
100
|
-
|
|
101
|
-
Before Phase 3.5, determine the review profile for each card. **Primary path (since v3.38.0): READ the card's `review_profile` field** (`skip|light|balanced|deep`), computed deterministically by the PRD `prd-card-writer` (SSOT). Use it verbatim — do NOT recompute. **Fallback (legacy cards with no field): compute** from the table below (the SKILL.md version is authoritative — keep in sync with `prd-card-writer.md § Rule C`).
|
|
102
|
-
|
|
103
|
-
| Profile | When to apply (fallback compute only) |
|
|
104
|
-
|---------|--------------|
|
|
105
|
-
| **SKIP** | Card type is `docs`, `chore`, or `config` — OR all changed paths are `.md`/`.yml` (non-API)/CSS with zero logic files — OR title contains only cosmetic keywords (typo, rename, copy, wording, style) with no code areas |
|
|
106
|
-
| **LIGHT** | 5 or fewer files likely touched — AND no HIGH-risk keywords in paths/areas — OR card type is `bugfix` with small scope — OR pure refactoring with no logic change |
|
|
107
|
-
| **BALANCED** | Default for all `feature` / `enhancement` cards not matching LIGHT or DEEP rules |
|
|
108
|
-
| **DEEP** | ANY of: areas includes both `api` + `data` — OR paths/title contain `auth`, `payment`, `permission`, `schema`, `migration`, `cron`, `webhook`, `transaction` — OR >15 files likely touched — OR acceptance criteria count > 5 — OR DB indexes changed — OR API contract changed |
|
|
109
|
-
|
|
110
|
-
When in doubt between LIGHT and BALANCED, use BALANCED. When in doubt between BALANCED and DEEP, use DEEP.
|
|
111
|
-
|
|
112
|
-
---
|
|
113
|
-
|
|
114
|
-
## Per-card pipeline
|
|
115
|
-
|
|
116
|
-
For each card, execute these phases in order:
|
|
117
|
-
|
|
118
|
-
### Phase 1 — Claim & Context
|
|
119
|
-
1. **Update tracker**: set current card, phase = "1-claim".
|
|
120
|
-
2. Set the card status to `IN_PROGRESS` and assign yourself.
|
|
121
|
-
3. Update `docs/references/project-status.md` Active Code Context.
|
|
122
|
-
4. Invoke the **codebase-architect** agent (MUST per AGENTS.md) to understand the relevant codebase area, existing patterns, and architecture before any implementation.
|
|
123
|
-
5. **Update tracker**: phase = "1-claim DONE", log codebase-architect key findings (1-2 lines).
|
|
124
|
-
|
|
125
|
-
### Phase 2 — Implement (self-healing, up to 3 retries)
|
|
126
|
-
6. **Update tracker**: phase = "2-implement".
|
|
127
|
-
7. Create an agent team of **coder** agent (or appropriate specialist from `.claude/agents/REGISTRY.md`) to implement the card. Pass the codebase-architect findings as context.
|
|
128
|
-
8. Run tests (if they exist), build, and lint to verify everything passes.
|
|
129
|
-
9. **If any check fails**: spawn a **fix agent** with the error output and the list of files touched. Do NOT ask the user — just fix and re-run. Fix the code, not the tests (unless the test itself is wrong). Repeat up to **3 times**.
|
|
130
|
-
10. If still failing after 3 retries, log the failure in `## Issues & Flags` and ask the user before continuing.
|
|
131
|
-
11. **Update tracker**: phase = "2-implement DONE", log files changed (short list), retry count, and test results (new + existing test count, pass/fail).
|
|
132
|
-
|
|
133
|
-
### Phase 3 — Review (parallel read-only audits, then single fix pass)
|
|
134
|
-
12. **Update tracker**: phase = "3-review".
|
|
135
|
-
13. Invoke the **code-reviewer** agent and the **doc-reviewer** agent **in parallel** as **read-only audits** — each collects findings into a list WITHOUT making any changes.
|
|
136
|
-
14. **Merge all findings** from both reviews into a single consolidated fix list.
|
|
137
|
-
15. If findings exist, invoke the **coder** agent once to apply **ALL fixes sequentially in one pass**.
|
|
138
|
-
16. Run tests (if they exist), lint, and build once at the end to verify everything passes. If any check fails, apply the same self-healing retry loop (up to 3 times, no user prompt).
|
|
139
|
-
17. **Update tracker**: phase = "3-review DONE", log review findings count, fixes applied, and test results.
|
|
140
|
-
|
|
141
|
-
### Phase 3.5 — QA Validation
|
|
142
|
-
|
|
143
|
-
18. **Update tracker**: phase = "3.5-qa".
|
|
144
|
-
19. **Select QA profile**: read the card's `review_profile` field (use verbatim); only compute from the QA Profile Selector table above when the field is absent (legacy card). Log the chosen profile and source (`from card` | `computed`) in the tracker (1 line).
|
|
145
|
-
20. **If profile is SKIP**: log "QA skipped — [reason]" in the tracker. Proceed to Phase 4.
|
|
146
|
-
21. **If profile is LIGHT, BALANCED, or DEEP**: invoke the **`qa-sentinel`** agent (subagent_type: `qa-sentinel`) via Task tool with the following context:
|
|
147
|
-
|
|
148
|
-
```
|
|
149
|
-
Run QA on card <CARD-ID> at the tier dictated by the QA profile (do NOT default to FULL).
|
|
150
|
-
|
|
151
|
-
Context:
|
|
152
|
-
- Worktree path: <worktree-path>
|
|
153
|
-
- Branch: <branch-name>
|
|
154
|
-
- Latest commit: <hash> <message>
|
|
155
|
-
- Changed files: <list from implementation phase>
|
|
156
|
-
- Risk level: [Low | Medium | High]
|
|
157
|
-
- QA profile selected: [light | balanced | deep]
|
|
158
|
-
|
|
159
|
-
Profile → tier mapping:
|
|
160
|
-
- light → SCOPED (related tests only)
|
|
161
|
-
- balanced → SCOPED (related tests only; risk drift in the diff may escalate to FULL)
|
|
162
|
-
- deep → FULL (whole suite + audit + e2e smoke suite if configured)
|
|
163
|
-
Only path-based risk drift (auth/permission/payment/schema/migration/API contract) escalates;
|
|
164
|
-
file count never does.
|
|
165
|
-
|
|
166
|
-
After running all gates, write the complete QA Report to:
|
|
167
|
-
/qa/<CARD-ID>.md
|
|
168
|
-
|
|
169
|
-
Use the findings file format defined in /qa/README.md.
|
|
170
|
-
Return your full structured QA Report and final verdict.
|
|
171
|
-
```
|
|
172
|
-
|
|
173
|
-
22. **Read qa-sentinel's output.** Verify the findings file was written to `/qa/<CARD-ID>.md`.
|
|
174
|
-
23. **If QA verdict is FAIL**:
|
|
175
|
-
- Spawn the **coder** agent to fix all BLOCKER findings (pass it the findings file path + list of blockers). Do NOT ask the user.
|
|
176
|
-
- After coder fixes, re-invoke `qa-sentinel` in the same mode to re-validate. Repeat up to **2 times**.
|
|
177
|
-
- If still FAIL after 2 retries: log in `## Issues & Flags` and **ask the user** whether to proceed or stop.
|
|
178
|
-
- The commit in Phase 4 MUST NOT happen until QA verdict is PASS (or user explicitly overrides).
|
|
179
|
-
24. **Update tracker**: phase = "3.5-qa DONE", log: profile used, verdict (PASS/FAIL/SKIP), confidence %, findings count (blockers/majors/minors), findings file path.
|
|
180
|
-
|
|
181
|
-
### Phase 4 — Commit (in worktree, NO merge yet)
|
|
182
|
-
25. **Update tracker**: phase = "4-commit".
|
|
183
|
-
26. Stage and commit **all changes together** in the worktree using format `[CARD-ID] Brief description` (MUST per AGENTS.md). Include all relevant files — implementation, review fixes, QA-driven fixes, and doc updates in a single commit. Do NOT merge or push yet — that happens post-batch.
|
|
184
|
-
- **IMPORTANT — atomic staging**: Always combine `git add` and `git commit` in a single chained command so staging is never lost on retry:
|
|
185
|
-
```
|
|
186
|
-
cd <worktree-path> && git add -A && git commit -m "[CARD-ID] Brief description"
|
|
187
|
-
```
|
|
188
|
-
- **If commit fails** (e.g., lint-staged or pre-commit hook error): re-run the **same full command** (`git add -A && git commit ...`). Never run `git commit` alone after a failure — the staging area may have been altered by lint-staged auto-fixes.
|
|
189
|
-
27. Update the backlog card: set status to `DONE`, add implementation notes.
|
|
190
|
-
28. **Update tracker**: move card to `## Completed Cards` with commit hash, summary, and flags.
|
|
191
|
-
|
|
192
|
-
### Sub-agent failure protocol
|
|
193
|
-
- If any sub-agent **crashes or errors** during any phase: log the failure in the tracker, **attempt the work yourself directly**, and note it in the final report.
|
|
194
|
-
- Never block the pipeline waiting for a failed agent — recover and continue.
|
|
195
|
-
|
|
196
|
-
### Phase 5 — Context Clean & Continue
|
|
197
|
-
29. Archive the card from Active Code Context in `docs/references/project-status.md`.
|
|
198
|
-
30. **CONTEXT PURGE**: After updating the tracker, deliberately forget the implementation details of this card. From this point forward, you should NOT reference any code, file contents, or review details from this card — only the summary in the tracker. If you need to recall what happened, read the tracker file. This keeps your working context lean for the next card.
|
|
199
|
-
31. **Update tracker**: clear `## Current Card`, move to next pending card.
|
|
200
|
-
32. Move to the next card.
|
|
201
|
-
|
|
202
|
-
---
|
|
203
|
-
|
|
204
|
-
## Final review (after all cards)
|
|
205
|
-
|
|
206
|
-
Once ALL cards are committed in the worktree:
|
|
207
|
-
1. **Read the tracker file** to get the full picture of what was implemented.
|
|
208
|
-
2. Invoke the **code-reviewer** agent and the **doc-reviewer** agent **in parallel** for a holistic review across all implementations — check for inconsistencies, duplicated logic, integration gaps between cards, and missing documentation.
|
|
209
|
-
3. **Persist findings to file.** Write the consolidated final review findings to `/tmp/batch-final-review-<FIRST-CARD-ID>.md` using the Write tool. This ensures findings survive context compaction. If context is compacted before fixes are applied, re-read from this file.
|
|
210
|
-
4. **Auto-apply fixes.** If findings exist, invoke the **coder** agent once to apply ALL fixes in a single pass (same pattern as Phase 3 per-card review). Run tests (if they exist), lint, and build to verify. If any check fails, apply the self-healing retry loop (up to 3 times).
|
|
211
|
-
5. Run build one final time in the worktree to confirm stability.
|
|
212
|
-
6. **Update tracker** with final review results (findings count, fixes applied, build status).
|
|
213
|
-
7. **Proceed to Phase 6** (post-batch merge & cleanup).
|
|
214
|
-
8. Present a **single summary report** to the user per card (and a batch summary at the end):
|
|
215
|
-
- **Files changed** (short list per card)
|
|
216
|
-
- **Test results** (new tests + existing tests count, pass rate at each iteration)
|
|
217
|
-
- **Build/lint status** (pass + retry count if any)
|
|
218
|
-
- **Fix cycles** (total number of self-healing retries across phases)
|
|
219
|
-
- **Review findings fixed** (count and brief description)
|
|
220
|
-
- **QA result** (profile: skip/light/balanced/deep | verdict: PASS/FAIL/SKIP | confidence % | findings: N blockers, N majors, N minors | findings file path)
|
|
221
|
-
- **Issues needing user attention** (anything unresolved, partially wired, or flagged)
|
|
222
|
-
- **Commit hashes** (from tracker)
|
|
223
|
-
- **Merge commit hash** (from Phase 6)
|
|
224
|
-
- **Worktree cleanup status** (success/failed)
|
|
225
|
-
- Overall implementation status
|
|
226
|
-
9. **Proceed to Phase 7** (production readiness checklist).
|
|
227
|
-
|
|
228
|
-
---
|
|
229
|
-
|
|
230
|
-
## Phase 6 — Post-batch merge & cleanup
|
|
231
|
-
|
|
232
|
-
After the final review passes AND all cards are committed in the worktree:
|
|
233
|
-
|
|
234
|
-
### 6a. Push feature branch
|
|
235
|
-
1. From the worktree directory: `git push -u origin <branch-name>`.
|
|
236
|
-
|
|
237
|
-
### 6b. Merge into base branch
|
|
238
|
-
2. Switch to main repo: `cd <main-repo-path>` (read from tracker `## Worktree > Main repo`).
|
|
239
|
-
3. `git checkout <base-branch> && git pull`.
|
|
240
|
-
4. `git merge --no-ff <branch-name>`.
|
|
241
|
-
5. **If merge conflicts** → STOP immediately, report conflicting files to user. Do NOT auto-resolve.
|
|
242
|
-
|
|
243
|
-
### 6c. Verify post-merge integrity
|
|
244
|
-
6. Run build — must pass.
|
|
245
|
-
7. Run tests — must pass (if tests exist).
|
|
246
|
-
8. **If anything fails** → STOP, report. Do NOT delete branch or worktree.
|
|
247
|
-
|
|
248
|
-
### 6d. Push base branch
|
|
249
|
-
9. `git push`.
|
|
250
|
-
|
|
251
|
-
### 6e. Cleanup
|
|
252
|
-
10. Delete local branch: `git branch -d <branch-name>`.
|
|
253
|
-
11. Delete remote branch: `git push origin --delete <branch-name>`.
|
|
254
|
-
12. Remove worktree: `git worktree remove ../wt/<branch-name>`.
|
|
255
|
-
13. Prune: `git worktree prune`.
|
|
256
|
-
14. **Update tracker**: log merge commit hash, cleanup status.
|
|
257
|
-
|
|
258
|
-
### Fail-safe rules
|
|
259
|
-
- Never force push.
|
|
260
|
-
- Never delete a branch before successful merge.
|
|
261
|
-
- Never remove a worktree before confirming the base branch is stable.
|
|
262
|
-
- Stop execution immediately if any command fails.
|
|
263
|
-
|
|
264
|
-
---
|
|
265
|
-
|
|
266
|
-
## Phase 7 — Production Readiness Checklist
|
|
267
|
-
|
|
268
|
-
After Phase 6 completes (or after the final summary report if Phase 6 is deferred), present a **Production Readiness Checklist** — a clear list of all manual or infrastructure actions required to launch the implemented changes in production.
|
|
269
|
-
|
|
270
|
-
### How to detect items
|
|
271
|
-
|
|
272
|
-
Scan ALL files changed across the batch (use the tracker's completed cards + `git diff` against the base branch) and check for:
|
|
273
|
-
|
|
274
|
-
| Category | Detection signal | Action to report |
|
|
275
|
-
|----------|-----------------|------------------|
|
|
276
|
-
| **DB indexes** | New/modified index config files, or code using new compound queries | Deploy indexes (e.g., `firebase deploy --only firestore:indexes`, run migrations, etc.) |
|
|
277
|
-
| **DB security/access rules** | New/modified access rule files | Deploy updated rules |
|
|
278
|
-
| **Environment variables** | New `process.env.*` references not present in the base branch, new entries in `.env.example` | Add to hosting platform settings (list each var name) |
|
|
279
|
-
| **Scheduled functions / cron** | New or modified cron/scheduled functions | Deploy functions |
|
|
280
|
-
| **Database migrations** | New collections/tables, field renames, data backfills referenced in code or ADRs | Run migration script (specify which) |
|
|
281
|
-
| **New API endpoints** | New route files | Verify CORS/auth config; update API docs if public |
|
|
282
|
-
| **Third-party services** | New API keys, webhook URLs, or external service integrations | Configure in provider dashboard + add secrets |
|
|
283
|
-
| **DNS / domain changes** | Hosting or redirect config changes | Update DNS records or hosting domain settings |
|
|
284
|
-
| **Package upgrades with breaking changes** | Major version bumps in dependency files | Verify compatibility; check migration guides |
|
|
285
|
-
|
|
286
|
-
### Output format
|
|
287
|
-
|
|
288
|
-
Present the checklist as a clearly formatted section in the final report:
|
|
289
|
-
|
|
290
|
-
```
|
|
291
|
-
## Production Readiness Checklist
|
|
292
|
-
|
|
293
|
-
### Required before deploy
|
|
294
|
-
1. **[Category]** Description
|
|
295
|
-
- Command or UI path
|
|
296
|
-
- Reason: which card/feature requires it
|
|
297
|
-
|
|
298
|
-
### No action needed
|
|
299
|
-
- (list categories that don't apply)
|
|
300
|
-
|
|
301
|
-
### Notes
|
|
302
|
-
- Any timing dependencies (e.g., "deploy indexes BEFORE releasing code")
|
|
303
|
-
- Any environment variables that must be set BEFORE deployment
|
|
304
|
-
```
|
|
305
|
-
|
|
306
|
-
### Rules
|
|
307
|
-
|
|
308
|
-
- **Always present this section**, even if the checklist is empty (in that case, state "No infrastructure changes required — deploy is code-only").
|
|
309
|
-
- Order items by **deployment sequence** (items that must happen first go first).
|
|
310
|
-
- For each item, include the **reason** (which card/feature requires it) and the **exact command or UI path**.
|
|
311
|
-
- If an item is **uncertain**, mark it with `VERIFY` and explain what to check.
|
|
312
|
-
- **Update the tracker** with the full checklist under a new `## Production Readiness` section.
|
|
313
|
-
|
|
314
|
-
---
|
|
315
|
-
|
|
316
|
-
## Context recovery protocol
|
|
317
|
-
|
|
318
|
-
If at ANY point you are unsure where you are in the batch:
|
|
319
|
-
1. Read your tracker file (`/tmp/batch-tracker-<FIRST-CARD-ID>.md`)
|
|
320
|
-
2. Check `## Current Card` — if populated, resume that card at the listed phase.
|
|
321
|
-
3. Check `## Card Queue` — find the next unchecked card.
|
|
322
|
-
4. Check `## Completed Cards` — know what's already done (don't redo).
|
|
323
|
-
5. Continue the pipeline from where you left off.
|
|
324
|
-
|
|
325
|
-
---
|
|
326
|
-
|
|
327
|
-
## Parallelism rules
|
|
328
|
-
|
|
329
|
-
- Cards with non-overlapping `claimed_paths` CAN run in parallel.
|
|
330
|
-
- Cards with shared dependencies or overlapping files MUST run sequentially.
|
|
331
|
-
- Code review and doc review for the same card run as **parallel read-only audits**, then fixes are applied in a single sequential pass.
|
|
332
|
-
- Different cards' implementations CAN run in parallel if independent.
|
|
333
|
-
- When running parallel agents, expect "file modified since read" errors on shared files (like the backlog yml) — handle gracefully.
|
|
334
|
-
- When running in parallel, each parallel branch updates the tracker with its own card — use card ID as prefix to avoid conflicts.
|
|
6
|
+
# /new — redirect to the `new` skill (SSOT)
|
|
7
|
+
|
|
8
|
+
> **This command is a thin entry point. It contains NO orchestration logic of its own.**
|
|
9
|
+
> The authoritative, maintained `/new` pipeline lives in the **`new` skill**:
|
|
10
|
+
> `framework/.claude/skills/new/SKILL.md` (installed as `.claude/skills/new/`).
|
|
11
|
+
>
|
|
12
|
+
> A previous version of this file carried a full, hand-maintained copy of the pipeline.
|
|
13
|
+
> That copy silently drifted from the skill (it omitted the BLOCKING Phase 0 hygiene,
|
|
14
|
+
> AC-Closure, Simplify, E2E, Pre-Merge Codex, post-merge hygiene, and Metrics phases,
|
|
15
|
+
> ran `code-reviewer` where the skill forbids it, and referenced a QA README
|
|
16
|
+
> file that does not exist). To eliminate the dual-source-of-truth, the logic now lives in
|
|
17
|
+
> exactly one place. **Do not re-introduce pipeline steps here.**
|
|
18
|
+
|
|
19
|
+
When the user invokes `/new <CARD-IDS>`:
|
|
20
|
+
|
|
21
|
+
1. **Load and follow the `new` skill** (`skills/new/SKILL.md`) verbatim, passing the
|
|
22
|
+
user's arguments through unchanged (card IDs, ranges, `-full` epic expansion, etc.).
|
|
23
|
+
2. The skill owns the entire flow: Phase 0 (workspace hygiene pre-flight) → Phase 1–8
|
|
24
|
+
(claim, implement, completeness, AC-closure, simplify, E2E, doc review, QA,
|
|
25
|
+
pre-merge Codex gate, commit, batch review, merge, reconciliation, post-merge
|
|
26
|
+
hygiene, production-readiness, metrics), including the `review_profile`-driven QA
|
|
27
|
+
tiering and all worktree-isolation safety rules.
|
|
28
|
+
3. Do not duplicate or summarise the skill's steps in this file — read them from the
|
|
29
|
+
skill so they cannot diverge.
|
|
30
|
+
|
|
31
|
+
If the `new` skill is not available in the current install, that is an install/integrity
|
|
32
|
+
error: surface it (`new skill not found — run \`npx baldart\` to repair the install`)
|
|
33
|
+
rather than falling back to an inline pipeline.
|
|
@@ -27,7 +27,7 @@ You are the **QA Orchestrator**. When the user invokes `/qa [profile] [--card FE
|
|
|
27
27
|
|
|
28
28
|
## Step 1 — Gather Context (always)
|
|
29
29
|
|
|
30
|
-
Run these in parallel:
|
|
30
|
+
Run these in parallel (resolve `<base-branch>` from `git.trunk_branch` in `baldart.config.yml`; if absent, autodetect the integration branch):
|
|
31
31
|
- `git rev-parse --abbrev-ref HEAD`
|
|
32
32
|
- `git log -1 --pretty="%h %s"`
|
|
33
33
|
- `git diff --name-only <base-branch>...HEAD 2>/dev/null || git diff --name-only HEAD~1`
|
|
@@ -38,7 +38,7 @@ Run these in parallel:
|
|
|
38
38
|
- **MEDIUM**: everything else (feature modules, components, utilities)
|
|
39
39
|
- **LOW**: only `.md`, `.yml`, style/CSS, test files, config — no logic changes
|
|
40
40
|
|
|
41
|
-
If risk is HIGH and profile is LIGHT, warn the user: "Risk level is HIGH — consider running `/qa balanced` or `/qa deep` for better coverage."
|
|
41
|
+
If risk is HIGH and profile is LIGHT, warn the user: "Risk level is HIGH — consider running `/qa balanced` or `/qa deep` for better coverage." This warning is advisory; the run proceeds, but the caveat MUST be carried into the QA Verdict block (Step 7) so a HIGH-risk LIGHT pass is never silently equivalent to a full one. (For per-card test depth in `/new`, the card's `review_profile` value governs scope — `review_profile` is computed by prd-card-writer (Rule C); see prd-card-writer.md for the criteria.)
|
|
42
42
|
|
|
43
43
|
---
|
|
44
44
|
|
|
@@ -98,7 +98,7 @@ Write the initial file:
|
|
|
98
98
|
|
|
99
99
|
## Step 3 — Execute Profile
|
|
100
100
|
|
|
101
|
-
### LIGHT — Fast confidence (<3 min target)
|
|
101
|
+
### LIGHT — Fast confidence (<3 min target [DESIGN-CHOICE: scoped to lint + type-check + related tests only; sufficient for low-risk or doc-only diffs])
|
|
102
102
|
|
|
103
103
|
Run directly in this session (no sub-agents):
|
|
104
104
|
|
|
@@ -118,16 +118,16 @@ No findings file required. Present final verdict immediately.
|
|
|
118
118
|
|
|
119
119
|
### BALANCED — Solid validation (default)
|
|
120
120
|
|
|
121
|
-
**
|
|
122
|
-
|
|
123
|
-
-
|
|
121
|
+
qa-sentinel is a **mechanical gate-runner** (lint / tsc / scoped-or-full tests / build / `npm audit`):
|
|
122
|
+
it returns PASS/FAIL + a gate table + confidence. It does NOT read source files, exercise flows, run
|
|
123
|
+
a dev server, or do collateral-impact analysis. Behavioral / collateral / dev-server work in BALANCED
|
|
124
|
+
belongs to the e2e and code-aware reviewers, not to qa-sentinel.
|
|
124
125
|
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
Invoke `qa-sentinel` via Task tool:
|
|
126
|
+
Invoke `qa-sentinel` via Task tool to run the gates:
|
|
128
127
|
|
|
129
128
|
```
|
|
130
|
-
Run QA on the current changeset at the tier dictated by the QA profile below
|
|
129
|
+
Run the mechanical QA gates on the current changeset at the tier dictated by the QA profile below
|
|
130
|
+
(do NOT default to FULL).
|
|
131
131
|
|
|
132
132
|
Context:
|
|
133
133
|
- Branch: <branch>
|
|
@@ -141,21 +141,19 @@ Tier contract: balanced → SCOPED (related tests on touched modules); deep →
|
|
|
141
141
|
path-based risk drift (auth/permission/payment/schema/migration/API contract in the diff) may
|
|
142
142
|
escalate balanced→FULL.
|
|
143
143
|
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
3. Return your full QA Report (all gates + findings).
|
|
148
|
-
|
|
149
|
-
Findings file to update: /qa/<file>.md
|
|
144
|
+
Run lint, tsc, tests (per tier), build, and (deep) npm audit. Return PASS/FAIL + the gate table +
|
|
145
|
+
confidence. Do NOT read source files, start a dev server, or analyze collateral impact — those are
|
|
146
|
+
out of scope for this agent.
|
|
150
147
|
```
|
|
151
148
|
|
|
152
|
-
After `qa-sentinel`
|
|
149
|
+
After `qa-sentinel` returns its PASS/FAIL + gate table:
|
|
153
150
|
- Read its output.
|
|
154
|
-
- Append
|
|
155
|
-
|
|
156
|
-
**Parallel-agent path (when warranted):**
|
|
151
|
+
- Append the gate results to `/qa/<file>.md` under the `## Findings` section.
|
|
157
152
|
|
|
158
|
-
|
|
153
|
+
**Collateral / behavioral coverage (BALANCED):** if the diff touches user-facing flows and you need
|
|
154
|
+
behavioral confidence beyond the gates, use the parallel-agent path below (Step 4) — it routes
|
|
155
|
+
flow-exercising and collateral-impact analysis to the appropriate code-aware / e2e agents rather than
|
|
156
|
+
to qa-sentinel.
|
|
159
157
|
|
|
160
158
|
---
|
|
161
159
|
|
|
@@ -172,26 +170,31 @@ Run everything in BALANCED, plus:
|
|
|
172
170
|
- Use MCP Playwright (if available) to open key flows related to the diff and take screenshots, checking for console errors and visual regressions.
|
|
173
171
|
- Validate: login/auth flow, critical navigation, any flow directly touched by the diff.
|
|
174
172
|
|
|
175
|
-
Run the e2e pass in parallel with the `qa-sentinel` FULL
|
|
173
|
+
Run the e2e pass in parallel with the `qa-sentinel` FULL-tier gate run (launch both as sub-agents simultaneously). This inline two-agent launch is the DEEP default; escalate to the team-based strategy (Step 4) ONLY when 3+ clearly independent risk tracks exist [DESIGN-CHOICE: below this threshold, TeamCreate overhead exceeds benefit; two inline Task spawns are sufficient]. A DEEP run with fewer than 3 tracks stays on this inline path and does NOT create a team.
|
|
176
174
|
|
|
177
175
|
---
|
|
178
176
|
|
|
179
177
|
## Step 4 — Parallel Agent Strategy (Balanced/Deep when warranted)
|
|
180
178
|
|
|
181
|
-
Use this when 3+ independent tracks exist.
|
|
179
|
+
Use this when 3+ independent tracks exist [DESIGN-CHOICE: same threshold as DEEP inline gate — ensures consistent entry point for team-based parallelism].
|
|
182
180
|
|
|
183
181
|
Create a team: `TeamCreate` with name `qa-<CARD-or-timestamp>`.
|
|
184
182
|
|
|
185
183
|
Create tasks:
|
|
186
|
-
- **Task A**:
|
|
187
|
-
- **Task B**:
|
|
188
|
-
- **Task C** (Deep only): E2E + UI validation
|
|
189
|
-
- **Task D**:
|
|
184
|
+
- **Task A**: Lint + TypeScript + scoped tests — `qa-sentinel` (gate run, SCOPED tier)
|
|
185
|
+
- **Task B**: Full tests + build + audit — `qa-sentinel` (gate run, FULL tier)
|
|
186
|
+
- **Task C** (Deep only): E2E + UI validation — `e2e-review` skill / Playwright
|
|
187
|
+
- **Task D**: Collateral-impact analysis on adjacent features not in the diff — `code-reviewer` (reads source, reasons about ripple)
|
|
190
188
|
|
|
191
189
|
Spawn agents in parallel (single message, multiple Task tool calls):
|
|
192
|
-
- Agent A: `qa-sentinel`,
|
|
190
|
+
- Agent A: `qa-sentinel`, task A
|
|
193
191
|
- Agent B: `qa-sentinel`, task B
|
|
194
|
-
- Agent C (Deep only):
|
|
192
|
+
- Agent C (Deep only): run the `e2e-review` skill / Playwright pass for task C
|
|
193
|
+
- Agent D: `code-reviewer`, task D
|
|
194
|
+
|
|
195
|
+
qa-sentinel runs gates only (tasks A + B); it never receives Task D — collateral-impact analysis
|
|
196
|
+
requires reading source, which qa-sentinel is forbidden from doing. If a named specialist is
|
|
197
|
+
unavailable, surface `CAPABILITY_UNAVAILABLE: <agent>` and halt — never substitute a generic agent.
|
|
195
198
|
|
|
196
199
|
Each agent sends findings to orchestrator via `SendMessage`. Orchestrator consolidates ALL findings into `/qa/<file>.md`.
|
|
197
200
|
|
|
@@ -220,16 +223,33 @@ After all agents/checks complete, update `/qa/<file>.md` — replace the `## Fin
|
|
|
220
223
|
|
|
221
224
|
**Only if BLOCKER or MAJOR findings exist:**
|
|
222
225
|
|
|
223
|
-
1. Invoke the **coder** agent (subagent_type: `coder`)
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
-
|
|
226
|
+
1. Invoke the **coder** agent (subagent_type: `coder`). The coder has mandatory pre-conditions (it
|
|
227
|
+
reads a backlog card at startup, sets it IN_PROGRESS, and reads the card's `git_strategy`) and is
|
|
228
|
+
forbidden from switching branches — so it MUST be given the context it needs:
|
|
229
|
+
- **Card ID** (the resolved `<CARD-ID>` from Step 0). If Step 0 fell back to a `session-…`
|
|
230
|
+
timestamp (no card), do NOT auto-invoke the coder — there is no card for it to read. Instead,
|
|
231
|
+
surface the findings to the user and ask whether to create a card or fix manually.
|
|
232
|
+
- **Branch**: spawn the coder on the current branch (the one the diff lives on); it stays there.
|
|
233
|
+
- **Findings file path** + instruction to fix all BLOCKERs, fix MAJORs unless they require
|
|
234
|
+
architectural change, and add a regression test for every bug fix.
|
|
235
|
+
- Do NOT ask the user about whether to fix — proceed directly once a card exists.
|
|
236
|
+
|
|
237
|
+
2. After coder completes, re-verify through proper subagent spawns (so results are written and
|
|
238
|
+
tracked, never run loose in this orchestrator's context):
|
|
239
|
+
- Re-invoke `qa-sentinel` (gate run, SCOPED tier) on the fixed files. It writes its
|
|
240
|
+
PASS/FAIL + gate table to `/qa/<CARD-ID>.md` and returns the structured `QA DONE` signal; the
|
|
241
|
+
orchestrator does NOT run gates in-session.
|
|
242
|
+
- Invoke `code-reviewer` (read-only audit) to confirm the fixes are correct. Invoke `doc-reviewer`
|
|
243
|
+
only if the fix touched documented behavior.
|
|
230
244
|
- For DEEP: also re-run e2e smoke tests to verify UI still passes.
|
|
231
245
|
|
|
232
|
-
|
|
246
|
+
> **Avoid double review when embedded in `/new`**: if this `/qa` run is part of `/new`'s pipeline,
|
|
247
|
+
> `/new`'s `/codexreview` pre-merge gate already runs `code-reviewer` (and `doc-reviewer`) on the
|
|
248
|
+
> same diff. Do NOT re-run them here in that case — let the `/codexreview` gate be the single
|
|
249
|
+
> review pass and only re-run the qa-sentinel gates to confirm the fix.
|
|
250
|
+
|
|
251
|
+
3. Update `/qa/<file>.md` with post-fix results under a new section `## Post-Fix Verification`,
|
|
252
|
+
including the re-run qa-sentinel verdict and any re-review findings.
|
|
233
253
|
|
|
234
254
|
---
|
|
235
255
|
|
|
@@ -525,7 +525,7 @@ For deeper analysis beyond design patterns, delegate to the `api-perf-cost-audit
|
|
|
525
525
|
|
|
526
526
|
Use the agent when you need:
|
|
527
527
|
- Performance bottleneck analysis
|
|
528
|
-
- Cost efficiency evaluation (
|
|
528
|
+
- Cost efficiency evaluation (datastore reads/writes per `stack.database`, function invocations)
|
|
529
529
|
- Scalability risk assessment
|
|
530
530
|
- Caching strategy recommendations
|
|
531
531
|
- Query optimization analysis
|
|
@@ -539,7 +539,7 @@ Task tool:
|
|
|
539
539
|
Analyze the following API design:
|
|
540
540
|
|
|
541
541
|
Endpoints: [List endpoints]
|
|
542
|
-
Database Operations: [
|
|
542
|
+
Database Operations: [datastore collections/tables + queries]
|
|
543
543
|
Expected Load: [Users, frequency, patterns]
|
|
544
544
|
|
|
545
545
|
Provide performance and cost analysis.
|
|
@@ -47,9 +47,9 @@ See [framework/docs/MCP-INTEGRATION.md](../../../docs/MCP-INTEGRATION.md) for th
|
|
|
47
47
|
2. Classify the bug domain:
|
|
48
48
|
- **UI/Client** → Playwright MCP is primary tool
|
|
49
49
|
- **API/Server** → dev server logs + route handler analysis
|
|
50
|
-
- **Data/
|
|
51
|
-
- **Auth** →
|
|
52
|
-
- **Build/Deploy** →
|
|
50
|
+
- **Data/Datastore** → the project's datastore inspection tooling per `stack.database` (e.g. the Firebase MCP for `firestore`, a SQL client for `postgres`/`supabase`, the Mongo shell for `mongodb`) + transaction tracing
|
|
51
|
+
- **Auth** → the project's auth middleware/guard + auth error codes (per `stack.auth_provider`)
|
|
52
|
+
- **Build/Deploy** → the deploy platform's logs + build output (per `stack.deployment`, e.g. Vercel)
|
|
53
53
|
3. Launch `codebase-architect` agent to map the affected code paths — do NOT start debugging blind.
|
|
54
54
|
When `features.has_lsp_layer: true` and the symptom names a concrete symbol
|
|
55
55
|
(function/type/handler), `codebase-architect` will use LSP find-references /
|
|
@@ -82,10 +82,10 @@ Goal: get a reliable reproduction that you can re-run after fixing.
|
|
|
82
82
|
3. Check the error propagation pattern: look for `throw new Error(JSON.stringify({code, status, message}))` — this is the domain error contract
|
|
83
83
|
4. Test the endpoint directly if possible (curl or Playwright network capture)
|
|
84
84
|
|
|
85
|
-
**For data bugs
|
|
86
|
-
1.
|
|
87
|
-
2. Check field values, timestamps, missing fields
|
|
88
|
-
3. If collection query:
|
|
85
|
+
**For data bugs** (use the inspection tooling matching `stack.database`; the example below is for `firestore` via the Firebase MCP — for SQL stores use a SQL client / `SELECT`, for Mongo use the Mongo shell):
|
|
86
|
+
1. Inspect the record state — e.g. `mcp__plugin_firebase_firebase__firestore_get_document` (Firestore)
|
|
87
|
+
2. Check field/column values, timestamps, missing fields
|
|
88
|
+
3. If a collection/table query is involved: re-run the query against the store (e.g. `firestore_query_collection` for Firestore) to verify results
|
|
89
89
|
|
|
90
90
|
**Outcome:** a clear, repeatable reproduction OR evidence that the bug is intermittent (in which case, skip to Phase 2 immediately).
|
|
91
91
|
|
|
@@ -109,7 +109,7 @@ console.log(`[DEBUG:reservations] PATCH entry`, { // DEBUG:
|
|
|
109
109
|
}); // DEBUG:
|
|
110
110
|
```
|
|
111
111
|
|
|
112
|
-
For
|
|
112
|
+
For datastore operations, wrap reads/writes to time them (Firestore shown as the example — use your store's client when `stack.database` differs):
|
|
113
113
|
```typescript
|
|
114
114
|
const t0 = Date.now(); // DEBUG:
|
|
115
115
|
const snap = await firestore.collection('X').doc(id).get();
|
|
@@ -79,9 +79,15 @@ grep -rn '// DEBUG:' src/ --include='*.ts' --include='*.tsx'
|
|
|
79
79
|
|
|
80
80
|
Remove every line found. Run grep again. Zero results = clean.
|
|
81
81
|
|
|
82
|
-
##
|
|
82
|
+
## Datastore-Specific Debugging
|
|
83
83
|
|
|
84
|
-
|
|
84
|
+
> The patterns below are illustrated for **Firestore** — apply them only when
|
|
85
|
+
> `stack.database: firestore`. For other stores, use the equivalent primitive
|
|
86
|
+
> (SQL `SERIALIZABLE` retry/`SAVEPOINT` for Postgres/Supabase, Mongo
|
|
87
|
+
> `withTransaction`, etc.). The *principle* (surface silent retries, log the
|
|
88
|
+
> attempt counter, beware emulator-only debug hooks) is datastore-agnostic.
|
|
89
|
+
|
|
90
|
+
### Transaction contention (Firestore example)
|
|
85
91
|
Firestore retries transactions silently up to 5 times. Only explicit attempt counting surfaces this:
|
|
86
92
|
```typescript
|
|
87
93
|
let attempt = 0; // DEBUG:
|