claude-code-workflow 6.0.0

package/.claude/workflows/cli-templates/schemas/plan-json-schema.json

@@ -0,0 +1,219 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Plan Object Schema",
+  "description": "Implementation plan from cli-lite-planning-agent or direct planning",
+  "type": "object",
+  "required": [
+    "summary",
+    "approach",
+    "tasks",
+    "estimated_time",
+    "recommended_execution",
+    "complexity",
+    "_metadata"
+  ],
+  "properties": {
+    "summary": {
+      "type": "string",
+      "description": "2-3 sentence overview of the implementation plan"
+    },
+    "approach": {
+      "type": "string",
+      "description": "High-level implementation strategy and methodology"
+    },
+    "tasks": {
+      "type": "array",
+      "minItems": 1,
+      "maxItems": 10,
+      "items": {
+        "type": "object",
+        "required": ["id", "title", "scope", "action", "description", "implementation", "acceptance"],
+        "properties": {
+          "id": {
+            "type": "string",
+            "pattern": "^T[0-9]+$",
+            "description": "Task identifier (T1, T2, T3...)"
+          },
+          "title": {
+            "type": "string",
+            "description": "Task title (action verb + target module/feature)"
+          },
+          "scope": {
+            "type": "string",
+            "description": "Task scope: module path (src/auth/), feature name, or single file. Prefer module/feature level over single file."
+          },
+          "file": {
+            "type": "string",
+            "description": "Primary file (deprecated, use scope + modification_points instead)"
+          },
+          "action": {
+            "type": "string",
+            "enum": ["Create", "Update", "Implement", "Refactor", "Add", "Delete", "Configure", "Test", "Fix"],
+            "description": "Primary action type"
+          },
+          "description": {
+            "type": "string",
+            "description": "What to implement (1-2 sentences)"
+          },
+          "modification_points": {
+            "type": "array",
+            "minItems": 1,
+            "items": {
+              "type": "object",
+              "required": ["file", "target", "change"],
+              "properties": {
+                "file": {
+                  "type": "string",
+                  "description": "File path within scope"
+                },
+                "target": {
+                  "type": "string",
+                  "description": "Function/class/line range (e.g., 'validateToken:45-60')"
+                },
+                "change": {
+                  "type": "string",
+                  "description": "Brief description of change"
+                }
+              }
+            },
+            "description": "All modification points for this task. Group related changes (same feature/module) into one task with multiple modification_points."
+          },
+          "implementation": {
+            "type": "array",
+            "items": {"type": "string"},
+            "minItems": 2,
+            "maxItems": 7,
+            "description": "Step-by-step implementation guide"
+          },
+          "reference": {
+            "type": "object",
+            "properties": {
+              "pattern": {
+                "type": "string",
+                "description": "Pattern name to follow"
+              },
+              "files": {
+                "type": "array",
+                "items": {"type": "string"},
+                "description": "Reference file paths to study"
+              },
+              "examples": {
+                "type": "string",
+                "description": "Specific guidance or example references"
+              }
+            },
+            "description": "Reference materials for implementation (optional)"
+          },
+          "acceptance": {
+            "type": "array",
+            "items": {"type": "string"},
+            "minItems": 1,
+            "maxItems": 4,
+            "description": "Verification criteria (quantified, testable)"
+          },
+          "depends_on": {
+            "type": "array",
+            "items": {
+              "type": "string",
+              "pattern": "^T[0-9]+$"
+            },
+            "description": "Task IDs this task depends on (e.g., ['T1', 'T2'])"
+          }
+        }
+      },
+      "description": "Structured task breakdown (1-10 tasks)"
+    },
+    "flow_control": {
+      "type": "object",
+      "properties": {
+        "execution_order": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "phase": {
+                "type": "string",
+                "description": "Phase name (e.g., 'parallel-1', 'sequential-1')"
+              },
+              "tasks": {
+                "type": "array",
+                "items": {"type": "string"},
+                "description": "Task IDs in this phase"
+              },
+              "type": {
+                "type": "string",
+                "enum": ["parallel", "sequential"],
+                "description": "Execution type"
+              }
+            }
+          },
+          "description": "Ordered execution phases"
+        },
+        "exit_conditions": {
+          "type": "object",
+          "properties": {
+            "success": {
+              "type": "string",
+              "description": "Condition for successful completion"
+            },
+            "failure": {
+              "type": "string",
+              "description": "Condition that indicates failure"
+            }
+          },
+          "description": "Conditions for workflow termination"
+        }
+      },
+      "description": "Execution flow control (optional, auto-inferred from depends_on if not provided)"
+    },
+    "focus_paths": {
+      "type": "array",
+      "items": {"type": "string"},
+      "description": "Key file paths affected by this plan (aggregated from tasks)"
+    },
+    "estimated_time": {
+      "type": "string",
+      "description": "Total estimated implementation time (e.g., '30 minutes', '2 hours')"
+    },
+    "recommended_execution": {
+      "type": "string",
+      "enum": ["Agent", "Codex"],
+      "description": "Recommended execution method based on complexity"
+    },
+    "complexity": {
+      "type": "string",
+      "enum": ["Low", "Medium", "High"],
+      "description": "Task complexity level"
+    },
+    "_metadata": {
+      "type": "object",
+      "required": ["timestamp", "source"],
+      "properties": {
+        "timestamp": {
+          "type": "string",
+          "format": "date-time",
+          "description": "ISO 8601 timestamp of planning"
+        },
+        "source": {
+          "type": "string",
+          "enum": ["cli-lite-planning-agent", "direct-planning"],
+          "description": "Planning source"
+        },
+        "planning_mode": {
+          "type": "string",
+          "enum": ["direct", "agent-based"],
+          "description": "Planning execution mode"
+        },
+        "exploration_angles": {
+          "type": "array",
+          "items": {"type": "string"},
+          "description": "Exploration angles used for context"
+        },
+        "duration_seconds": {
+          "type": "integer",
+          "description": "Planning duration in seconds"
+        }
+      }
+    }
+  }
+}

package/.claude/workflows/cli-templates/schemas/project-json-schema.json

@@ -0,0 +1,221 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Project Metadata Schema",
+  "description": "Workflow initialization metadata for project-level context",
+  "type": "object",
+  "required": [
+    "project_name",
+    "initialized_at",
+    "overview",
+    "features",
+    "statistics",
+    "_metadata"
+  ],
+  "properties": {
+    "project_name": {
+      "type": "string",
+      "description": "Project name extracted from git repo or directory"
+    },
+    "initialized_at": {
+      "type": "string",
+      "format": "date-time",
+      "description": "ISO 8601 timestamp of initialization"
+    },
+    "overview": {
+      "type": "object",
+      "required": [
+        "description",
+        "technology_stack",
+        "architecture",
+        "key_components"
+      ],
+      "properties": {
+        "description": {
+          "type": "string",
+          "description": "Brief project description (e.g., 'TypeScript web application with React frontend')"
+        },
+        "technology_stack": {
+          "type": "object",
+          "required": ["languages", "frameworks", "build_tools", "test_frameworks"],
+          "properties": {
+            "languages": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "required": ["name", "file_count", "primary"],
+                "properties": {
+                  "name": {
+                    "type": "string",
+                    "description": "Language name (e.g., TypeScript, Python)"
+                  },
+                  "file_count": {
+                    "type": "integer",
+                    "description": "Number of source files in this language"
+                  },
+                  "primary": {
+                    "type": "boolean",
+                    "description": "True if this is the primary language"
+                  }
+                }
+              }
+            },
+            "frameworks": {
+              "type": "array",
+              "items": {"type": "string"},
+              "description": "Detected frameworks (React, Express, Django, etc.)"
+            },
+            "build_tools": {
+              "type": "array",
+              "items": {"type": "string"},
+              "description": "Build tools and package managers (npm, cargo, maven, etc.)"
+            },
+            "test_frameworks": {
+              "type": "array",
+              "items": {"type": "string"},
+              "description": "Testing frameworks (jest, pytest, go test, etc.)"
+            }
+          }
+        },
+        "architecture": {
+          "type": "object",
+          "required": ["style", "layers", "patterns"],
+          "properties": {
+            "style": {
+              "type": "string",
+              "description": "Architecture style (MVC, microservices, layered, etc.)"
+            },
+            "layers": {
+              "type": "array",
+              "items": {"type": "string"},
+              "description": "Architectural layers (presentation, business-logic, data-access)"
+            },
+            "patterns": {
+              "type": "array",
+              "items": {"type": "string"},
+              "description": "Design patterns (Repository, Factory, Singleton, etc.)"
+            }
+          }
+        },
+        "key_components": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["name", "path", "description", "importance"],
+            "properties": {
+              "name": {
+                "type": "string",
+                "description": "Component name"
+              },
+              "path": {
+                "type": "string",
+                "description": "Relative path to component directory"
+              },
+              "description": {
+                "type": "string",
+                "description": "Brief description of component functionality"
+              },
+              "importance": {
+                "type": "string",
+                "enum": ["high", "medium", "low"],
+                "description": "Component importance level"
+              }
+            }
+          },
+          "description": "5-10 core modules/components"
+        }
+      }
+    },
+    "features": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["session_id", "title", "completed_at", "tags"],
+        "properties": {
+          "session_id": {
+            "type": "string",
+            "description": "WFS session identifier"
+          },
+          "title": {
+            "type": "string",
+            "description": "Feature title/description"
+          },
+          "completed_at": {
+            "type": "string",
+            "format": "date-time",
+            "description": "ISO 8601 timestamp of completion"
+          },
+          "tags": {
+            "type": "array",
+            "items": {"type": "string"},
+            "description": "Feature tags for categorization"
+          }
+        }
+      },
+      "description": "Completed workflow features (populated by /workflow:session:complete)"
+    },
+    "development_index": {
+      "type": "object",
+      "description": "Categorized development history (lite-plan/lite-execute)",
+      "properties": {
+        "feature": { "type": "array", "items": { "$ref": "#/$defs/devIndexEntry" } },
+        "enhancement": { "type": "array", "items": { "$ref": "#/$defs/devIndexEntry" } },
+        "bugfix": { "type": "array", "items": { "$ref": "#/$defs/devIndexEntry" } },
+        "refactor": { "type": "array", "items": { "$ref": "#/$defs/devIndexEntry" } },
+        "docs": { "type": "array", "items": { "$ref": "#/$defs/devIndexEntry" } }
+      }
+    },
+    "statistics": {
+      "type": "object",
+      "required": ["total_features", "total_sessions", "last_updated"],
+      "properties": {
+        "total_features": {
+          "type": "integer",
+          "description": "Count of completed features"
+        },
+        "total_sessions": {
+          "type": "integer",
+          "description": "Count of workflow sessions"
+        },
+        "last_updated": {
+          "type": "string",
+          "format": "date-time",
+          "description": "ISO 8601 timestamp of last update"
+        }
+      }
+    },
+    "_metadata": {
+      "type": "object",
+      "required": ["initialized_by", "analysis_timestamp", "analysis_mode"],
+      "properties": {
+        "initialized_by": {
+          "type": "string",
+          "description": "Agent or tool that performed initialization"
+        },
+        "analysis_timestamp": {
+          "type": "string",
+          "format": "date-time",
+          "description": "ISO 8601 timestamp of analysis"
+        },
+        "analysis_mode": {
+          "type": "string",
+          "enum": ["deep-scan", "quick-scan", "bash-fallback"],
+          "description": "Analysis mode used"
+        }
+      }
+    }
+  },
+  "$defs": {
+    "devIndexEntry": {
+      "type": "object",
+      "required": ["title", "sub_feature", "date", "description", "status"],
+      "properties": {
+        "title": { "type": "string", "maxLength": 60 },
+        "sub_feature": { "type": "string", "description": "Module/component area" },
+        "date": { "type": "string", "format": "date" },
+        "description": { "type": "string", "maxLength": 100 },
+        "status": { "type": "string", "enum": ["completed", "partial"] },
+        "session_id": { "type": "string", "description": "lite-plan session ID" }
+      }
+    }
+  }
+}

package/.claude/workflows/cli-templates/schemas/review-deep-dive-results-schema.json

@@ -0,0 +1,82 @@
+[
+  {
+    "finding_id": "sec-001-a1b2c3d4",
+    "original_dimension": "security",
+    "iteration": 1,
+    "analysis_timestamp": "2025-01-25T14:40:15Z",
+    "cli_tool_used": "gemini",
+    "root_cause": {
+      "summary": "Legacy code from v1 migration, pre-ORM implementation",
+      "details": "Query builder was ported from old codebase without security review. Team unaware of injection risks in string concatenation pattern. Code review at migration time focused on functionality, not security.",
+      "affected_scope": "All query-builder.ts methods using string template literals (15 methods total)",
+      "similar_patterns": [
+        "src/database/user-queries.ts:buildEmailQuery",
+        "src/database/order-queries.ts:buildOrderSearch"
+      ]
+    },
+    "remediation_plan": {
+      "approach": "Migrate to ORM prepared statements with input validation layer",
+      "priority": "P0 - Critical (security vulnerability)",
+      "estimated_effort": "4 hours development + 2 hours testing",
+      "risk_level": "low",
+      "steps": [
+        {
+          "step": 1,
+          "action": "Replace direct string concatenation with ORM query builder",
+          "files": ["src/database/query-builder.ts:buildUserQuery:140-150"],
+          "commands": [
+            "Replace: const query = `SELECT * FROM users WHERE id = ${userId}`;",
+            "With: return db('users').where('id', userId).first();"
+          ],
+          "rationale": "ORM automatically parameterizes queries, eliminating injection risk",
+          "validation": "Run: npm test -- src/database/query-builder.test.ts"
+        },
+        {
+          "step": 2,
+          "action": "Add input validation layer before ORM",
+          "files": ["src/database/validators.ts:validateUserId:NEW"],
+          "commands": [
+            "Create validator: export function validateUserId(id: unknown): number { ... }",
+            "Add schema: z.number().positive().int()"
+          ],
+          "rationale": "Defense in depth - validate types and ranges before database layer",
+          "validation": "Run: npm test -- src/database/validators.test.ts"
+        },
+        {
+          "step": 3,
+          "action": "Apply pattern to all 15 similar methods",
+          "files": ["src/database/query-builder.ts:ALL_METHODS"],
+          "commands": ["Bulk replace string templates with ORM syntax"],
+          "rationale": "Prevent similar vulnerabilities in other query methods",
+          "validation": "Run: npm test -- src/database/"
+        }
+      ],
+      "rollback_strategy": "Git commit before each step, revert if tests fail. Staged rollout: dev → staging → production with monitoring."
+    },
+    "impact_assessment": {
+      "files_affected": [
+        "src/database/query-builder.ts (modify)",
+        "src/database/validators.ts (new)",
+        "src/database/user-queries.ts (modify)",
+        "src/database/order-queries.ts (modify)"
+      ],
+      "tests_required": [
+        "src/database/query-builder.test.ts (update existing)",
+        "src/database/validators.test.ts (new)",
+        "integration/security/sql-injection.test.ts (new)"
+      ],
+      "breaking_changes": false,
+      "dependencies_updated": ["knex@2.5.1 (ORM library)"],
+      "deployment_notes": "No downtime required. Database migrations not needed."
+    },
+    "reassessed_severity": "high",
+    "severity_change_reason": "Found existing WAF rules partially mitigate risk in production. Input validation at API gateway layer provides additional defense. Downgrade from critical to high, but still requires immediate fix.",
+    "confidence_score": 0.95,
+    "references": [
+      "Project ORM migration guide: docs/architecture/orm-guide.md",
+      "Knex.js parameterization: https://knexjs.org/guide/query-builder.html#where",
+      "Similar incident: TICKET-1234 (previous SQL injection fix)"
+    ],
+    "status": "remediation_plan_ready"
+  }
+]

package/.claude/workflows/cli-templates/schemas/review-dimension-results-schema.json

@@ -0,0 +1,51 @@
+[
+  {
+    "dimension": "security",
+    "review_id": "review-20250125-143022",
+    "analysis_timestamp": "2025-01-25T14:30:22Z",
+    "cli_tool_used": "gemini",
+    "model": "gemini-2.5-pro",
+    "analysis_duration_ms": 2145000,
+    "summary": {
+      "total_findings": 15,
+      "critical": 2,
+      "high": 4,
+      "medium": 6,
+      "low": 3,
+      "files_analyzed": 47,
+      "lines_reviewed": 8932
+    },
+    "findings": [
+      {
+        "id": "sec-001-a1b2c3d4",
+        "title": "SQL Injection vulnerability in user query",
+        "severity": "critical",
+        "category": "injection",
+        "description": "Direct string concatenation in SQL query allows injection attacks. User input is not sanitized before query execution.",
+        "file": "src/database/query-builder.ts",
+        "line": 145,
+        "snippet": "const query = `SELECT * FROM users WHERE id = ${userId}`;",
+        "recommendation": "Use parameterized queries: db.query('SELECT * FROM users WHERE id = ?', [userId])",
+        "references": [
+          "OWASP Top 10 - A03:2021 Injection",
+          "https://owasp.org/www-community/attacks/SQL_Injection"
+        ],
+        "impact": "Potential data breach, unauthorized access to user records, data manipulation",
+        "metadata": {
+          "cwe_id": "CWE-89",
+          "owasp_category": "A03:2021-Injection"
+        },
+        "iteration": 0,
+        "status": "pending_remediation",
+        "cross_references": []
+      }
+    ],
+    "cross_references": [
+      {
+        "finding_id": "sec-001-a1b2c3d4",
+        "related_dimensions": ["quality", "architecture"],
+        "reason": "Same file flagged in multiple dimensions"
+      }
+    ]
+  }
+]

package/.claude/workflows/cli-templates/tech-stacks/go-dev.md

@@ -0,0 +1,91 @@
+---
+name: go-dev
+description: Go core development principles for clean, efficient, and idiomatic code
+---
+
+# Go Development Guidelines
+
+You are now operating under Go core development principles. Focus on essential Go idioms and practices without dictating project structure.
+
+## Core Go Principles
+
+### Essential Language Guidelines
+- **Simplicity**: Write simple, readable code over clever solutions
+- **Naming**: Use clear, descriptive names following Go conventions
+- **Error Handling**: Handle errors explicitly, don't ignore them
+- **Interfaces**: Keep interfaces small and focused
+
+```go
+// Core principle: Clear error handling
+func GetUser(id string) (*User, error) {
+    if id == "" {
+        return nil, errors.New("user ID cannot be empty")
+    }
+    
+    user, err := database.FindUser(id)
+    if err != nil {
+        return nil, fmt.Errorf("failed to get user %s: %w", id, err)
+    }
+    
+    return user, nil
+}
+
+// Core principle: Small, focused interfaces
+type UserReader interface {
+    GetUser(id string) (*User, error)
+}
+```
+
+## Idiomatic Go Patterns
+- **Zero Values**: Design types to be useful in their zero state
+- **Receiver Types**: Use pointer receivers for methods that modify the receiver
+- **Package Names**: Use short, clear package names without underscores
+- **Goroutines**: Use goroutines and channels for concurrent operations
+
+## Essential Error Handling
+- **Explicit Errors**: Always handle errors explicitly
+- **Error Wrapping**: Use `fmt.Errorf` with `%w` verb to wrap errors
+- **Custom Errors**: Create specific error types when appropriate
+- **Early Returns**: Use early returns to avoid deep nesting
+
+```go
+// Core principle: Error wrapping and context
+func ProcessUserData(userID string) error {
+    user, err := GetUser(userID)
+    if err != nil {
+        return fmt.Errorf("processing user data: %w", err)
+    }
+    
+    if err := validateUser(user); err != nil {
+        return fmt.Errorf("user validation failed: %w", err)
+    }
+    
+    return nil
+}
+```
+
+## Concurrency Guidelines
+- **Channel Communication**: Use channels to communicate between goroutines
+- **Context**: Use context.Context for cancellation and timeouts
+- **Worker Pools**: Implement worker pools for bounded concurrency
+- **Race Detection**: Run tests with `-race` flag regularly
+
+## Testing Essentials
+- **Table-Driven Tests**: Use table-driven tests for multiple test cases
+- **Test Names**: Use descriptive test function names
+- **Mocking**: Use interfaces for dependency injection and mocking
+- **Benchmarks**: Write benchmarks for performance-critical code
+
+## Performance Guidelines
+- **Profiling**: Use Go's built-in profiling tools
+- **Memory Management**: Understand Go's garbage collector behavior
+- **Slice/Map Operations**: Be aware of capacity vs length for slices
+- **String Operations**: Use strings.Builder for efficient string concatenation
+
+## Code Quality Essentials
+- **Go fmt**: Always format code with `gofmt` or `goimports`
+- **Go vet**: Run `go vet` to catch common mistakes
+- **Linting**: Use golangci-lint for comprehensive code analysis
+- **Documentation**: Write clear package and function documentation
+
+Apply these core Go principles to write clean, efficient, and maintainable Go code following language idioms and best practices.