chati-dev 1.3.3 → 2.0.1

package/framework/tasks/phases-dependency-mapping.md

@@ -0,0 +1,67 @@
+---
+id: phases-dependency-mapping
+agent: phases
+trigger: phases-breakdown
+phase: clarity
+requires_input: false
+parallelizable: false
+outputs: [dependency-map.yaml]
+handoff_to: phases-mvp-scoping
+autonomous_gate: true
+criteria:
+  - Dependencies between phases mapped
+  - Blockers identified
+  - Critical path documented
+---
+# Map Dependencies Between Phases
+
+## Purpose
+Identify dependencies between features and phases to ensure proper sequencing.
+
+## Steps
+
+### 1. Analyze Feature Dependencies
+- Comments depend on Posts (can't comment without posts)
+- Admin moderation depends on Posts and Users
+- Advanced search depends on basic search
+
+### 2. Identify Technical Dependencies
+- Database schema must be established before features using it
+- Authentication must work before protected features
+- API must be complete before frontend can consume it
+
+### 3. Create Dependency Graph
+Visual representation of what depends on what.
+
+### 4. Identify Critical Path
+Longest sequence of dependent tasks that determines minimum project duration.
+
+### 5. Flag Potential Blockers
+External dependencies (WordPress API), third-party services, approvals.
+
+## Output Format
+```yaml
+# dependency-map.yaml
+feature_dependencies:
+  - feature: FR-003 (Create posts)
+    depends_on: [FR-001 (Register), FR-002 (Login)]
+    reason: Must be authenticated to create posts
+  - feature: FR-008 (Comments)
+    depends_on: [FR-003 (Posts), FR-001 (Users)]
+    reason: Comments are on posts, by users
+technical_dependencies:
+  - component: PostService
+    depends_on: [AuthService, Database schema]
+  - component: Frontend
+    depends_on: [API complete, authentication working]
+critical_path:
+  - Database schema design
+  - Authentication implementation
+  - Post CRUD implementation
+  - Frontend implementation
+  - Testing and deployment
+estimated_critical_path_duration: 10 weeks
+blockers:
+  - WordPress API access (must get API key)
+  - Supabase account setup (must provision)
+```

package/framework/tasks/phases-mvp-scoping.md

@@ -0,0 +1,94 @@
+---
+id: phases-mvp-scoping
+agent: phases
+trigger: phases-dependency-mapping
+phase: clarity
+requires_input: false
+parallelizable: false
+outputs: [mvp-scope.yaml]
+handoff_to: tasks
+autonomous_gate: true
+criteria:
+  - MVP scope clearly defined with cut line
+  - Justification provided for inclusions/exclusions
+  - MVP delivers user value
+---
+# Define MVP Scope and Cut Line
+
+## Purpose
+Precisely define what is in and out of MVP, with clear justification.
+
+## Steps
+
+### 1. Review Phase 1 Features
+Ensure MVP includes minimum features to deliver value.
+
+### 2. Apply MVP Criteria
+Feature is MVP if:
+- Required for core user journey (register → create post → view post)
+- Blocks other features
+- Critical for launch (authentication, security)
+
+Feature is NOT MVP if:
+- Nice-to-have enhancement
+- Can be added later without refactoring
+- Low user impact
+
+### 3. Define Cut Line
+Explicit list of included vs excluded features.
+
+### 4. Justify Exclusions
+Why each excluded feature is not MVP.
+
+### 5. Validate MVP Delivers Value
+Can user accomplish meaningful tasks with MVP alone?
+
+## Output Format
+```yaml
+# mvp-scope.yaml
+mvp_definition: |
+  Minimum set of features that allow users to register, create and publish
+  blog posts, search for posts, and view posts. WordPress integration included
+  to show existing content alongside new posts.
+
+included_in_mvp:
+  - FR-001: User registration
+    justification: Must have accounts to create posts
+  - FR-002: User login
+    justification: Must authenticate to create posts
+  - FR-003: Create posts
+    justification: Core value proposition
+  - FR-004: Edit/delete posts
+    justification: Users need to fix mistakes
+  - FR-005: Search posts
+    justification: Discoverability is critical
+  - FR-006: View posts
+    justification: Can't have blog without reading posts
+  - FR-007: WordPress integration
+    justification: Business requirement to show existing content
+
+excluded_from_mvp:
+  - FR-008: Comments
+    justification: Engagement feature, not required for core journey. Can add in phase 2 without major refactoring.
+  - FR-009: Admin moderation
+    justification: Low initial traffic means manual moderation acceptable. Can add when needed.
+  - FR-010: User profiles
+    justification: Nice-to-have, not required to publish posts.
+  - FR-011: Analytics
+    justification: Can add tracking later, doesn't block launch.
+  - Social sharing
+    justification: Growth feature, not required for MVP.
+
+mvp_user_value: |
+  With MVP, users can:
+  1. Create an account
+  2. Write and publish blog posts with rich content and images
+  3. Edit their posts after publishing
+  4. Search for posts by keyword or tag
+  5. Read posts from new platform and existing WordPress blog
+  
+  This delivers core blogging functionality and replaces existing WordPress
+  admin interface with modern, faster experience.
+
+next_phase: tasks
+```

package/framework/tasks/qa-impl-consolidate.md

@@ -0,0 +1,522 @@
+---
+id: qa-impl-consolidate
+agent: qa-implementation
+trigger: qa-impl-verdict
+phase: validate
+requires_input: false
+parallelizable: false
+outputs: [qa-implementation-report.yaml]
+handoff_to: devops
+autonomous_gate: true
+criteria:
+  - Final QA implementation report compiled
+  - All QA artifacts archived
+  - Handoff prepared for deployment or remediation
+---
+
+# QA Implementation Consolidation
+
+## Purpose
+Compile the final QA implementation report synthesizing all testing, analysis, and verdict results, prepare artifacts for archival, and execute handoff to the appropriate next agent (devops on PASS, dev on FAIL).
+
+## Prerequisites
+- test-results.yaml (test execution)
+- sast-report.yaml (security analysis)
+- regression-report.yaml (regression testing)
+- performance-report.yaml (benchmarking)
+- qa-verdict.yaml (final verdict)
+
+## Steps
+
+1. **Load and Validate All QA Artifacts**
+   - Read all five prerequisite YAML files
+   - Validate schema compliance and completeness
+   - Ensure verdict is consistent with gate results
+   - Flag any inconsistencies for investigation
+
+2. **Compile Executive Summary**
+   - Extract verdict (PASS, FAIL, CONDITIONAL) and overall score
+   - Summarize key metrics: pass rate, coverage, vulnerabilities, regressions, performance
+   - Highlight strengths and concerns
+   - Provide deployment recommendation
+
+3. **Aggregate Test Results**
+   - Total tests: unit + integration + e2e
+   - Pass rate across all test types
+   - Coverage by module and overall
+   - List any test quality issues (flaky, skipped, long-running)
+
+4. **Aggregate Security Findings**
+   - Total SAST findings by severity (critical, high, medium, low)
+   - Dependency vulnerabilities
+   - Accepted exceptions with justifications
+   - Remediation status
+
+5. **Aggregate Regression Results**
+   - True regressions by severity
+   - Intentional changes documented
+   - Baseline update status
+   - Smoke test results
+
+6. **Aggregate Performance Results**
+   - Key metrics: CLI startup, agent execution, file operations, memory
+   - Comparison to baseline and thresholds
+   - Performance improvements and degradations
+   - Bottlenecks identified
+
+7. **Compile Metrics and Trends**
+   - QA implementation score breakdown by gate
+   - Historical comparison (if previous releases available)
+   - Velocity metrics: tests added, bugs found, time spent
+   - Quality trend: improving, stable, degrading
+
+8. **Document Remediation History (if FAIL verdict)**
+   - List of issues found in initial QA run
+   - Fixes applied by dev agent
+   - Re-testing results
+   - Number of QA cycles required to achieve verdict
+
+9. **Prepare Artifacts for Archival**
+   - Collect all QA YAML reports in .chati/qa-reports/[version]/
+   - Save raw test outputs, SAST logs, benchmark results
+   - Generate HTML reports for human review (coverage, SAST)
+   - Timestamp all artifacts
+
+10. **Update Baselines**
+    - If verdict is PASS, update test baseline, performance baseline
+    - Archive old baselines with version tags
+    - Document baseline changes in CHANGELOG
+    - Commit baselines to version control (if appropriate)
+
+11. **Generate Handoff Package**
+    - **For PASS verdict**: Create deployment checklist for devops
+    - **For FAIL verdict**: Create remediation plan for dev
+    - **For CONDITIONAL verdict**: Create decision framework for stakeholder
+    - Include quick-reference guide to QA reports
+
+12. **Execute Handoff**
+    - Update session.yaml with QA implementation completion
+    - Log handoff decision (to devops, dev, or orchestrator)
+    - If autonomous gate (PASS verdict), trigger next agent automatically
+    - If manual approval needed, prompt orchestrator
+
+## Decision Points
+
+- **Baseline Update Timing**: If verdict is PASS, update baselines immediately. If verdict is CONDITIONAL, defer baseline update until deployment decision is made. If verdict is FAIL, do not update baselines.
+
+- **Archival Scope**: Decide whether to archive raw outputs (test logs, SAST JSON) or only summary reports. Recommend: Archive both for audit trail, compress raw outputs to save space.
+
+- **Handoff Destination**: If verdict is PASS and autonomous gate is active, handoff to devops automatically. If verdict is FAIL, handoff to dev. If verdict is CONDITIONAL, handoff to orchestrator for user decision.
+
+## Error Handling
+
+**Missing QA Artifact**
+- If any prerequisite YAML is missing, cannot consolidate
+- Log error with specific missing file
+- Status = INCOMPLETE
+- Escalate to orchestrator for resolution
+
+**Inconsistent Verdict**
+- If qa-verdict.yaml says PASS but reports contain failures, investigate
+- Trust individual gate reports over verdict
+- Recalculate verdict based on gate results
+- Log discrepancy and corrected verdict
+- Escalate for manual review
+
+**Archival Failure**
+- If artifact archival fails (disk full, permission error), log error
+- Proceed with consolidation and handoff
+- Flag archival failure in report
+- Recommend manual archival before deployment
+
+**Autonomous Handoff Failure**
+- If autonomous gate should trigger but handoff fails, log error
+- Do not proceed automatically
+- Escalate to orchestrator for manual handoff
+- Document failure in session.yaml
+
+## Output Format
+
+```yaml
+# qa-implementation-report.yaml
+version: 1.0.0
+created: YYYY-MM-DD
+agent: qa-implementation
+phase: validate
+
+executive_summary:
+  verdict: PASS # PASS, FAIL, CONDITIONAL
+  overall_score: 96 / 100
+  confidence: high
+  deployment_recommendation: APPROVED
+
+  key_metrics:
+    tests:
+      total: 247
+      passed: 247
+      pass_rate: 100%
+      coverage: 76.3%
+
+    security:
+      critical_vulnerabilities: 0
+      high_vulnerabilities: 0
+      medium_vulnerabilities: 6
+      low_vulnerabilities: 10
+
+    regressions:
+      true_regressions: 0
+      intentional_changes: 4
+
+    performance:
+      overall_delta: -5.2% # negative = improvement
+      within_thresholds: true
+
+  strengths:
+    - All 247 tests passing with no failures
+    - Zero critical or high security vulnerabilities
+    - Zero functional regressions detected
+    - Overall performance improved by 5.2%
+    - Code coverage exceeds target (76.3% vs 75%)
+
+  concerns: []
+
+  minor_issues:
+    - CLI module coverage 2% below target (68% vs 70%)
+    - YAML parsing 20% slower (justified by security fix)
+    - Consistency validation 12.5% slower (justified by reliability)
+
+test_results:
+  summary:
+    total_tests: 247
+    passed: 247
+    failed: 0
+    skipped: 0
+    pass_rate: 100%
+    execution_time: 42.3s
+
+  by_type:
+    unit:
+      total: 198
+      passed: 198
+      pass_rate: 100%
+      execution_time: 18.7s
+
+    integration:
+      total: 49
+      passed: 49
+      pass_rate: 100%
+      execution_time: 23.6s
+
+  coverage:
+    overall: 76.3%
+    target: 75%
+    status: PASS
+    by_module:
+      orchestrator: 87% (target 85%) PASS
+      state_management: 91% (target 90%) PASS
+      agents: 78% (target 75%) PASS
+      file_operations: 80% (target 80%) PASS
+      validators: 92% (target 90%) PASS
+      cli: 68% (target 70%) CONDITIONAL
+      i18n: 62% (target 60%) PASS
+
+  test_quality:
+    flaky_tests: 0
+    skipped_tests: 0
+    long_running_tests: 0
+    no_assertions: 0
+
+  source: test-results.yaml
+
+security_analysis:
+  summary:
+    critical: 0
+    high: 0
+    medium: 6
+    low: 10
+    false_positives: 2
+    accepted_exceptions: 1
+
+  gate_status: PASS # 0 critical, 0 high
+
+  dependency_vulnerabilities:
+    critical: 0
+    high: 0
+    medium: 0 # yaml upgraded to 2.3.4
+    low: 4
+
+  remediation_complete: true
+  details: "All high-severity vulnerabilities remediated (path traversal, command injection)"
+
+  source: sast-report.yaml
+
+regression_analysis:
+  summary:
+    true_regressions: 0
+    intentional_changes: 4
+    non_deterministic: 1
+
+  gate_status: PASS
+
+  intentional_changes:
+    - Enhanced error messages with recovery actions
+    - Added --verbose flag to CLI
+    - State schema updated to v2.0
+    - Default language changed to English
+
+  smoke_tests:
+    installer_workflow: PASS
+    agent_handoff: PASS
+    mode_transitions: PASS
+    upgrade_path: PASS
+
+  baseline_updated: true
+
+  source: regression-report.yaml
+
+performance_benchmarks:
+  summary:
+    overall_delta: -5.2% # negative = faster
+    within_thresholds: true
+
+  gate_status: PASS
+
+  key_metrics:
+    cli_startup:
+      current: 265ms
+      baseline: 280ms
+      delta: -5.4%
+      threshold: 500ms
+      status: PASS
+
+    agent_execution:
+      current_mean: 2.15s
+      baseline_mean: 2.31s
+      delta: -6.9%
+      threshold: 2s (acceptable threshold)
+      status: ACCEPTABLE
+
+    memory_peak:
+      current: 148MB
+      baseline: 142MB
+      delta: +4.2%
+      threshold: 300MB
+      status: PASS
+
+  accepted_trade_offs:
+    - YAML parsing 20% slower (security fix priority)
+    - Consistency validation 12.5% slower (reliability priority)
+
+  baseline_updated: true
+
+  source: performance-report.yaml
+
+verdict_details:
+  verdict: PASS
+  overall_score: 96 / 100
+  threshold_for_pass: 95
+
+  gate_results:
+    test_results: PASS (24/25)
+    sast: PASS (25/25)
+    regressions: PASS (24/25)
+    performance: PASS (23/25)
+
+  autonomous_gate: true
+  manual_override: false
+
+  source: qa-verdict.yaml
+
+metrics_and_trends:
+  qa_implementation_score: 96
+  qa_planning_score: 96
+  combined_qa_score: 96
+
+  historical_comparison:
+    previous_release: null # first release
+    score_trend: baseline_established
+
+  velocity:
+    tests_added: 247
+    bugs_found: 15 # initial QA run
+    bugs_fixed: 15
+    qa_cycles: 2 # initial run + remediation + rerun
+    total_qa_time: 12 hours
+
+  quality_trend: stable # baseline established
+
+remediation_history:
+  initial_qa_run:
+    date: YYYY-MM-DD
+    status: FAIL
+    blocking_issues:
+      - 12 test failures (state management, file operations, CLI)
+      - 2 high SAST vulnerabilities (path traversal, command injection)
+      - Coverage gap in file_operations (-7%)
+
+  dev_remediation:
+    date: YYYY-MM-DD
+    fixes_applied:
+      - Fixed state management lock acquisition
+      - Added permission checks in file operations
+      - Added 10-12 tests for file_operations coverage
+      - Fixed path traversal vulnerability
+      - Fixed command injection vulnerability
+      - Upgraded yaml package for security
+
+  retest_qa_run:
+    date: YYYY-MM-DD
+    status: PASS
+    result: All issues resolved, quality gates passed
+
+  cycles_required: 2
+  time_to_resolution: 8 hours
+
+artifacts:
+  qa_reports:
+    - test-results.yaml
+    - sast-report.yaml
+    - regression-report.yaml
+    - performance-report.yaml
+    - qa-verdict.yaml
+    - qa-implementation-report.yaml
+
+  raw_outputs:
+    - test-results/unit-output.log
+    - test-results/integration-output.log
+    - sast-results/eslint-output.json
+    - sast-results/npm-audit.json
+    - coverage/index.html
+
+  archived_to: .chati/qa-reports/1.0.0/
+  timestamp: YYYY-MM-DDTHH:MM:SSZ
+
+baselines_updated:
+  test_baseline:
+    file: .chati/test-baseline.yaml
+    version: 1.0.0
+    status: established # or updated
+
+  performance_baseline:
+    file: .chati/performance-baseline.yaml
+    version: 1.0.0
+    status: established
+
+  committed_to_vcs: false # baselines in .gitignore
+
+deployment_readiness:
+  status: READY
+  prerequisites_met:
+    - All tests passing: true
+    - No critical vulnerabilities: true
+    - No regressions: true
+    - Performance acceptable: true
+    - Documentation complete: true
+    - Baselines updated: true
+    - QA reports archived: true
+
+  deployment_checklist:
+    - Run final pre-deployment smoke test
+    - Verify package.json version matches release
+    - Verify CHANGELOG updated
+    - Verify migration guides complete (if breaking changes)
+    - Tag release in git
+    - Publish to npm
+    - Update documentation site
+    - Announce release
+
+  rollback_plan:
+    available: true
+    tested: true
+    procedure: "npx chati-dev upgrade rollback --to=1.0.0"
+
+  post_deployment_monitoring:
+    - Monitor error rates in production (if telemetry available)
+    - Track user feedback on GitHub issues
+    - Monitor performance metrics (CLI startup, agent execution)
+    - Watch for edge cases not covered in tests
+
+handoff:
+  to: devops
+  autonomous: true
+  reason: "PASS verdict with score 96% >= 95%, autonomous gate allows transition"
+
+  handoff_package:
+    - Deployment checklist (see deployment_readiness)
+    - QA reports for audit (archived in .chati/qa-reports/1.0.0/)
+    - Rollback plan tested and verified
+    - Post-deployment monitoring recommendations
+
+  quick_reference:
+    - Verdict: PASS
+    - Score: 96/100
+    - Tests: 247/247 passing
+    - Security: 0 critical, 0 high vulnerabilities
+    - Regressions: 0 true regressions
+    - Performance: All metrics within thresholds
+    - Ready for deployment: YES
+
+recommendations:
+  immediate:
+    - Proceed to devops agent for deployment
+    - Execute deployment checklist
+    - Monitor production after deployment
+
+  short_term:
+    - Collect user feedback on new features
+    - Monitor performance metrics in production
+    - Address minor issues in backlog (CLI coverage 2% gap)
+
+  long_term:
+    - Evaluate alternative YAML parser for performance
+    - Review quality gates based on production data
+    - Expand test coverage for edge cases discovered in production
+
+session_update:
+  agent: qa-implementation
+  status: completed
+  verdict: PASS
+  score: 96
+  next_agent: devops
+  autonomous_transition: approved
+  timestamp: YYYY-MM-DDTHH:MM:SSZ
+
+audit_trail:
+  qa_planning:
+    agent: qa-planning
+    score: 96
+    status: completed
+    date: YYYY-MM-DD
+
+  qa_implementation:
+    agent: qa-implementation
+    score: 96
+    status: completed
+    date: YYYY-MM-DD
+    cycles: 2
+
+  combined_qa_score: 96
+  verdict: PASS
+  autonomous_gates_passed: 2
+  manual_overrides: 0
+  deviation_protocol_invoked: 0
+
+next_steps:
+  - devops: Begin deployment preparation
+  - Archive QA reports for audit trail
+  - Update project documentation with release notes
+  - Prepare for production monitoring
+
+conclusion:
+  status: QA APPROVED
+  quality_level: EXCELLENT
+  deployment_ready: true
+  confidence: HIGH
+
+  final_statement: |
+    All QA implementation activities completed successfully. The system has passed
+    all quality gates with a score of 96/100. Zero test failures, zero critical
+    vulnerabilities, zero regressions, and improved performance. The system is
+    ready for deployment to production. Devops agent is cleared to proceed with
+    deployment preparation and release.
+```