beeops 0.1.0

package/skills/bo-review-frontend/SKILL.md

@@ -0,0 +1,236 @@
+---
+name: bo-review-frontend
+description: Triggered for frontend code and component design reviews. [Required pair: bo-review-security] Targets: React/Vue etc. (.tsx/.vue), frontend design docs (doc/design/frontend). Use bo-review-backend for backend, bo-review-database for DB.
+---
+
+## Usage Contract
+
+When using this skill, always include the following at the beginning of your output:
+
+```
+[SKILL_USED: bo-review-frontend]
+```
+
+---
+
+# Frontend Review Guide
+
+Checklist for reviewing frontend code.
+
+---
+
+## Component Design
+
+### Separation of Concerns
+
+- [ ] Does each component have a single responsibility?
+- [ ] Is business logic leaking into UI components?
+- [ ] Is the separation of Server Components and Client Components appropriate?
+
+### Component Size
+
+- [ ] Have components exceeding 100 lines been considered for splitting?
+- [ ] If props exceed 5, has the design been reconsidered?
+- [ ] Is there logic that should be extracted into custom hooks?
+
+### Props Design
+
+- [ ] Are required/optional props clearly defined?
+- [ ] Are default values appropriate?
+- [ ] Are type definitions accurate (TypeScript)?
+- [ ] Is prop drilling avoided?
+
+---
+
+## State Management
+
+### State Placement
+
+| State Type        | Placement             |
+| ----------------- | --------------------- |
+| Local UI state    | useState              |
+| Shared UI state   | Context / Zustand     |
+| Server state      | TanStack Query / SWR  |
+| URL state         | Router                |
+| Form state        | React Hook Form       |
+
+- [ ] Is state placed at the minimum necessary scope?
+- [ ] Are unnecessary global states being created?
+- [ ] Is derived state being held as state?
+
+### State Updates
+
+- [ ] Is immutability maintained?
+- [ ] Is the state update logic clear?
+- [ ] Is there a possibility of infinite loops?
+
+### Side Effects
+
+- [ ] Is the useEffect dependency array accurate?
+- [ ] Are cleanup functions implemented as needed?
+- [ ] Is useEffect being overused (React 19 optimizes with compiler)?
+
+---
+
+## Performance (Core Web Vitals)
+
+### Target Values
+
+| Metric | Target  | Description               |
+| ------ | ------- | ------------------------- |
+| LCP    | < 2.5s  | Largest Contentful Paint  |
+| INP    | < 200ms | Interaction to Next Paint |
+| CLS    | < 0.1   | Cumulative Layout Shift   |
+| FCP    | < 1.8s  | First Contentful Paint    |
+
+### High-Impact Optimizations (Priority)
+
+- [ ] Is React Compiler being used (React 19+)?
+- [ ] Is Code Splitting / Lazy Loading applied?
+- [ ] Are images optimized (next/image, etc.)?
+- [ ] Is the state management architecture appropriate?
+
+### Rendering Optimization
+
+- [ ] Are unnecessary re-renders prevented?
+- [ ] Are React.memo / useMemo / useCallback used **only when necessary**?
+  - With React 19 + Compiler, auto-memoization makes these unnecessary in many cases
+- [ ] Are expensive computations memoized?
+
+### Bundle Size
+
+- [ ] Are there unnecessary dependencies?
+- [ ] Are imports tree-shakeable?
+- [ ] Is Dynamic Import being used?
+
+### List Optimization
+
+- [ ] Has virtualization (react-window, etc.) been considered for long lists?
+- [ ] Are keys properly set (avoid index)?
+
+---
+
+## Accessibility (WCAG 2.2)
+
+### Semantics
+
+- [ ] Are appropriate HTML elements used (avoid div soup)?
+- [ ] Are heading levels (h1-h6) appropriate?
+- [ ] Are landmark elements (nav, main, aside, etc.) used?
+- [ ] Are buttons using `<button>` (not div + onClick)?
+
+### Keyboard Operation
+
+- [ ] Are all interactive elements keyboard-accessible?
+- [ ] Is the focus order logical?
+- [ ] Is the focus state visually clear?
+- [ ] Are focus traps (modals, etc.) appropriate?
+
+### Screen Reader
+
+- [ ] Do images have alt attributes?
+- [ ] Do icon buttons have aria-label?
+- [ ] Are dynamic content updates announced (aria-live)?
+- [ ] Are form inputs associated with labels?
+
+### Contrast & Color
+
+- [ ] Is text contrast ratio 4.5:1 or higher?
+- [ ] Is large text (18pt+) 3:1 or higher?
+- [ ] Is information conveyed through color alone avoided?
+
+### Motion
+
+- [ ] Is `prefers-reduced-motion` respected?
+- [ ] Can auto-playing animations be stopped?
+
+---
+
+## Error Handling
+
+- [ ] Are API errors handled appropriately?
+- [ ] Are user-friendly error messages displayed?
+- [ ] Are Error Boundaries configured?
+- [ ] Are loading states displayed?
+- [ ] Is Suspense used appropriately?
+
+---
+
+## Testing
+
+### Test Perspectives
+
+- [ ] Are critical user flows tested?
+- [ ] Is component behavior tested?
+- [ ] Are tests written from the user's perspective, not implementation details?
+- [ ] Are edge cases considered?
+
+### Testing Library
+
+```typescript
+// Good: user perspective
+screen.getByRole('button', { name: 'Submit' });
+
+// Bad: implementation details
+container.querySelector('.submit-btn');
+```
+
+### Test Quality
+
+- [ ] Can tests be read as specifications?
+- [ ] Are tests tightly coupled to implementation details?
+- [ ] Has Visual Regression Testing been considered?
+
+---
+
+## Security
+
+- [ ] XSS prevention: is dangerouslySetInnerHTML avoided?
+- [ ] Is user input sanitized?
+- [ ] Is sensitive information not exposed to the client?
+- [ ] Is HTTPS used?
+- [ ] Is CSP (Content Security Policy) configured?
+
+---
+
+## Build Tools
+
+| Tool      | Use Case                      |
+| --------- | ----------------------------- |
+| Vite      | Dev server, build             |
+| Turbopack | Fast build for Next.js        |
+| Bun       | Runtime + build               |
+
+- [ ] Is build time within acceptable range?
+- [ ] Does HMR work properly?
+
+---
+
+## Output Format
+
+```
+## Frontend Review Result
+[LGTM / Needs Changes / Needs Discussion]
+
+## Check Results
+| Category | Status | Notes |
+|----------|--------|-------|
+| Component Design | OK/NG | ... |
+| State Management | OK/NG | ... |
+| Performance | OK/NG | ... |
+| Accessibility | OK/NG | ... |
+| Testing | OK/NG | ... |
+
+## Issues Found
+- Problem: [what is the issue]
+- Location: [file:line_number]
+- Suggestion: [how to fix]
+```
+
+---
+
+## References
+
+- [React Best Practices 2025](https://talent500.com/blog/modern-frontend-best-practices-with-react-and-next-js-2025/)
+- [Web Vitals](https://web.dev/vitals/)
+- [WCAG 2.2](https://www.w3.org/TR/WCAG22/)

package/skills/bo-review-operations/SKILL.md

@@ -0,0 +1,268 @@
+---
+name: bo-review-operations
+description: "[Limited trigger] Triggered only for infrastructure, deployment, and monitoring configuration reviews. Targets: Dockerfile, k8s, CI/CD, monitoring config, operations docs. Not triggered for normal code reviews. SLO/SLA, availability, logging, incident response."
+---
+
+## Usage Contract
+
+When using this skill, always include the following at the beginning of your output:
+
+```
+[SKILL_USED: bo-review-operations]
+```
+
+---
+
+# Operations Review Guide
+
+Checklist for non-functional requirements and operational concerns.
+
+---
+
+## SLO / SLA
+
+### Definitions
+
+- [ ] Are SLIs (Service Level Indicators) defined?
+- [ ] Are SLOs (Service Level Objectives) set?
+- [ ] Is the error budget calculated?
+
+### Key SLIs
+
+| SLI          | Formula                         | Target Example |
+| ------------ | ------------------------------- | -------------- |
+| Availability | Successful requests / Total     | 99.9%          |
+| Latency      | p99 response time               | < 500ms        |
+| Throughput   | Requests/second                 | > 1000 RPS     |
+| Error rate   | Errors / Total requests         | < 0.1%         |
+
+### Error Budget
+
+```
+Monthly error budget (99.9% SLO):
+43,200 min x 0.1% = 43.2 min/month
+```
+
+- [ ] Are actions defined for when error budget is consumed?
+- [ ] Is there a release freeze when budget is exceeded?
+
+---
+
+## Availability & Reliability
+
+### Failure Preparedness
+
+- [ ] Are there no Single Points of Failure?
+- [ ] Is a failover mechanism in place?
+- [ ] Is Circuit Breaker implemented?
+- [ ] Is Graceful Degradation designed?
+
+### Redundancy
+
+| Component    | Redundancy Method              |
+| ------------ | ------------------------------ |
+| Application  | Multiple instances + LB        |
+| Database     | Primary-Replica                |
+| Cache        | Cluster or replication         |
+| Queue        | Cluster                        |
+
+### Timeouts & Retries
+
+- [ ] Are timeouts set for external communication?
+- [ ] Is there a retry strategy (Exponential Backoff)?
+- [ ] Is a retry limit set?
+- [ ] Is Idempotency Key implemented?
+
+---
+
+## Monitoring & Observability
+
+### Three Pillars
+
+| Pillar  | Purpose             | Tool Examples         |
+| ------- | ------------------- | --------------------- |
+| Metrics | Time-series data    | Prometheus, Datadog   |
+| Logs    | Event recording     | Loki, CloudWatch Logs |
+| Traces  | Request tracking    | Jaeger, Tempo         |
+
+### Metrics
+
+- [ ] Are RED metrics (Rate, Errors, Duration) being measured?
+- [ ] Are USE metrics (Utilization, Saturation, Errors) being measured?
+- [ ] Are custom business metrics in place?
+
+### Alerting
+
+- [ ] Are alerting rules configured?
+- [ ] Are alert severities (Critical, Warning, Info) classified?
+- [ ] Is there an on-call rotation?
+- [ ] Are alert fatigue countermeasures in place?
+
+---
+
+## Logging
+
+### Log Levels
+
+| Level | Usage                              |
+| ----- | ---------------------------------- |
+| ERROR | System errors, immediate action    |
+| WARN  | Warnings, attention needed         |
+| INFO  | Normal significant events          |
+| DEBUG | Debug info (disabled in production)|
+
+### Structured Logging
+
+```json
+{
+  "timestamp": "2025-01-01T12:00:00Z",
+  "level": "INFO",
+  "message": "Order created",
+  "orderId": "123",
+  "userId": "456",
+  "traceId": "abc-123"
+}
+```
+
+### Checklist
+
+- [ ] Are structured logs (JSON) used?
+- [ ] Are trace IDs attached?
+- [ ] Is sensitive information masked?
+- [ ] Is log rotation configured?
+- [ ] Is log retention period defined?
+
+---
+
+## Deployment Strategy
+
+### Strategy Selection
+
+| Strategy   | Risk | Rollback Speed | Use Case         |
+| ---------- | ---- | -------------- | ---------------- |
+| Blue-Green | Low  | Immediate      | High availability|
+| Canary     | Low  | Immediate      | Gradual rollout  |
+| Rolling    | Med  | Minutes        | General purpose  |
+| Recreate   | High | Slow           | Dev environment  |
+
+### Checklist
+
+- [ ] Is the deployment strategy defined?
+- [ ] Is the rollback procedure clear?
+- [ ] Has rollback been tested?
+- [ ] Are Feature Flags used?
+- [ ] Are DB migrations forward-compatible?
+
+### Zero-Downtime Deployment
+
+- [ ] Can old and new versions coexist?
+- [ ] Does the DB schema work with both versions?
+- [ ] Is the API backward-compatible?
+
+---
+
+## Incident Response
+
+### Incident Flow
+
+```
+Detection -> Triage -> Mitigation -> Root Cause Analysis -> Prevention
+```
+
+### Preparation
+
+- [ ] Are Runbooks maintained?
+- [ ] Is the escalation path clear?
+- [ ] Is there an incident management tool?
+- [ ] Are incident drills (Game Day) conducted?
+
+### Troubleshooting
+
+- [ ] Is it easy to identify the failure point?
+- [ ] Can dependent service status be checked?
+- [ ] Are health check endpoints available?
+
+### Health Checks
+
+```
+/health       - Basic liveness check
+/health/ready - Readiness including dependencies
+/health/live  - Process liveness check
+```
+
+---
+
+## Backup & Recovery
+
+### RPO / RTO
+
+| Metric | Meaning                      | Example |
+| ------ | ---------------------------- | ------- |
+| RPO    | Acceptable data loss period  | 1 hour  |
+| RTO    | Acceptable downtime          | 4 hours |
+
+### Checklist
+
+- [ ] Are backups running on schedule?
+- [ ] Has restore from backup been tested?
+- [ ] Are backups in a different region/site?
+- [ ] Is Point-in-Time Recovery available?
+
+---
+
+## Security Operations
+
+See bo-review-security for details.
+
+- [ ] Is secret rotation automated?
+- [ ] Are vulnerability scans run regularly?
+- [ ] Are dependency updates tracked?
+
+---
+
+## Cost
+
+- [ ] Is resource sizing appropriate?
+- [ ] Is auto-scaling configured?
+- [ ] Are unused resources deleted?
+- [ ] Are cost alerts set?
+
+---
+
+## Documentation
+
+- [ ] Is the architecture diagram up to date?
+- [ ] Are Runbooks maintained?
+- [ ] Is there a dependency service list?
+- [ ] Is there onboarding documentation?
+
+---
+
+## Output Format
+
+```
+## Operations Review Result
+[LGTM / Needs Improvement / Needs Discussion]
+
+## Check Results
+| Category | Status | Notes |
+|----------|--------|-------|
+| SLO/SLA | OK/NG | ... |
+| Availability | OK/NG | ... |
+| Monitoring | OK/NG | ... |
+| Logging | OK/NG | ... |
+| Deployment | OK/NG | ... |
+| Incident Response | OK/NG | ... |
+
+## Issues Found
+- Problem: [what is the issue]
+- Risk: [impact if it occurs]
+- Suggestion: [how to improve]
+```
+
+---
+
+## References
+
+- [Google SRE Book](https://sre.google/sre-book/table-of-contents/)
+- [The Art of SLOs](https://sre.google/resources/practices-and-processes/art-of-slos/)

package/skills/bo-review-process/SKILL.md

@@ -0,0 +1,181 @@
+---
+name: bo-review-process
+description: "[Meta skill] Triggered only for review process quality questions and improvements. Targets: PR writing, comment conventions, review team structure and rules. Not triggered during actual code reviews."
+---
+
+## Usage Contract
+
+When using this skill, always include the following at the beginning of your output:
+
+```
+[SKILL_USED: bo-review-process]
+```
+
+---
+
+# Code Review Process Guide
+
+Defines the process and rules for code reviews.
+
+---
+
+## Core Principles
+
+### PR Size
+
+| Size | Lines       | Verdict              |
+| ---- | ----------- | -------------------- |
+| S    | up to 200   | Ideal                |
+| M    | 201-400     | Acceptable           |
+| L    | over 400    | Consider splitting   |
+
+**Splitting principle**: 1 PR = 1 logical change. Separate refactoring from feature additions.
+
+### Human vs Automation
+
+| Automation                          | Human Review                     |
+| ----------------------------------- | -------------------------------- |
+| Formatting, Lint, type checking     | Design & architecture            |
+| Security scanning, test execution   | Business logic correctness       |
+| Coverage checks                     | Naming, readability, edge cases  |
+
+---
+
+## Comment Classification
+
+| Prefix     | Meaning          | Action                   |
+| ---------- | ---------------- | ------------------------ |
+| `[MUST]`   | Required fix     | Must address before merge|
+| `[SHOULD]` | Recommended      | Author's judgment        |
+| `[NIT]`    | Minor issue      | Optional to address      |
+| `[Q]`      | Question         | Reply required           |
+
+**Principle**: Criticize the code, not the person. Explain "why" and suggest alternatives.
+
+---
+
+## Checklists
+
+### Reviewer
+
+- [ ] Do I understand the purpose of the PR?
+- [ ] Is the change scope appropriate (scope creep)?
+- [ ] Are tests sufficient?
+- [ ] Does documentation need updating?
+- [ ] Are there breaking changes?
+- [ ] Are there security concerns?
+
+**Time allocation guide**:
+
+| Phase              | Time Ratio |
+| ------------------ | ---------- |
+| Understanding overview | 10%    |
+| Code review        | 60%        |
+| Test verification  | 20%        |
+| Writing comments   | 10%        |
+
+### Author (Before PR creation)
+
+- [ ] Performed self-review?
+- [ ] CI is passing?
+- [ ] PR description is sufficient?
+- [ ] Related Issue/ticket is linked?
+- [ ] Screenshots attached (for UI changes)?
+
+**PR description template**:
+
+```markdown
+## Summary
+
+[What changed and why]
+
+## Changes
+
+- [Change 1]
+- [Change 2]
+
+## Test Plan
+
+- [Verification steps]
+
+## Related
+
+- Closes #123
+```
+
+---
+
+## Review Anti-Patterns
+
+Patterns where reviews become dysfunctional. Correct these when detected.
+
+### Excessive Comments
+
+**Symptom**: More than 10 comments on a single PR
+
+| Cause                    | Fix                        |
+| ------------------------ | -------------------------- |
+| PR is too large          | Ask to split the PR        |
+| Requirements were vague  | Do design review first     |
+| No coding conventions    | Solve with automation      |
+
+**Rule**: If > 10 comments, suggest PR split
+
+### Preference Reviews
+
+**Symptom**: "I would write it this way" proliferates
+
+| Identification        | Response                         |
+| --------------------- | -------------------------------- |
+| No impact on behavior | Tag as [NIT], make optional      |
+| Not in conventions    | Add to conventions or let it go  |
+| Affects readability   | Explain reasoning, use [SHOULD]  |
+
+**Rule**: Distinguish "preference" from "quality"
+
+### Unresolved Spec Reviews
+
+**Symptom**: "Should this feature even..." appears in comments
+
+| Cause                     | Fix                          |
+| ------------------------- | ---------------------------- |
+| Skipped design review     | Close PR, start from design  |
+| Requirements changed      | Close PR, redesign           |
+
+**Rule**: Don't do design discussions in PR reviews
+
+### Rubber Stamp Approvals
+
+**Symptom**: "LGTM" only, instant approval
+
+| Cause                | Fix                          |
+| -------------------- | ---------------------------- |
+| No time for review   | Adjust team workload         |
+| Too much trust       | Random detailed reviews      |
+
+**Rule**: Ask at least one question even if nothing found
+
+### Blocking Reviews
+
+**Symptom**: Review abandoned for 48+ hours
+
+| Cause                | Fix                     |
+| -------------------- | ----------------------- |
+| Reviewer is busy     | Assign multiple reviewers|
+| PR is too complex    | Request pair review      |
+
+**Rule**: Escalate after 48 hours
+
+### Emotional Reviews
+
+**Symptom**: Aggressive or sarcastic comments
+
+**Response**: Intervene immediately. Edit or delete comment. Give feedback in 1-on-1.
+
+**Rule**: Criticize the code, not the person
+
+---
+
+## References
+
+- [Google Engineering Practices](https://google.github.io/eng-practices/review/)