claude-code-workflow 6.3.10 → 6.3.12

package/.claude/CLAUDE.md

@@ -1,33 +1,33 @@
-# Claude Instructions
-
-- **CLI Tools Usage**: @~/.claude/workflows/cli-tools-usage.md
-- **Coding Philosophy**: @~/.claude/workflows/coding-philosophy.md
-- **Context Requirements**: @~/.claude/workflows/context-tools.md
-- **File Modification**: @~/.claude/workflows/file-modification.md
-- **CLI Endpoints Config**: @.claude/cli-tools.json
-
-## CLI Endpoints
-
-**Strictly follow the @.claude/cli-tools.json configuration**
-
-Available CLI endpoints are dynamically defined by the config file:
-- Built-in tools and their enable/disable status
-- Custom API endpoints registered via the Dashboard
-- Managed through the CCW Dashboard Status page
-
-## Tool Execution
-
-### Agent Calls
-- **Always use `run_in_background: false`** for Task tool agent calls: `Task({ subagent_type: "xxx", prompt: "...", run_in_background: false })` to ensure synchronous execution and immediate result visibility
-- **TaskOutput usage**: Only use `TaskOutput({ task_id: "xxx", block: false })` + sleep loop to poll completion status. NEVER read intermediate output during agent/CLI execution - wait for final result only
-
-### CLI Tool Calls (ccw cli)
-- **Always use `run_in_background: true`** for Bash tool when calling ccw cli:
-  ```
-  Bash({ command: "ccw cli -p '...' --tool gemini", run_in_background: true })
-  ```
-- **After CLI call**: If no other tasks, stop immediately - let CLI execute in background, do NOT poll with TaskOutput
-
-## Code Diagnostics
-
-- **Prefer `mcp__ide__getDiagnostics`** for code error checking over shell-based TypeScript compilation
+# Claude Instructions
+
+- **CLI Tools Usage**: @~/.claude/workflows/cli-tools-usage.md
+- **Coding Philosophy**: @~/.claude/workflows/coding-philosophy.md
+- **Context Requirements**: @~/.claude/workflows/context-tools.md
+- **File Modification**: @~/.claude/workflows/file-modification.md
+- **CLI Endpoints Config**: @.claude/cli-tools.json
+
+## CLI Endpoints
+
+**Strictly follow the @.claude/cli-tools.json configuration**
+
+Available CLI endpoints are dynamically defined by the config file:
+- Built-in tools and their enable/disable status
+- Custom API endpoints registered via the Dashboard
+- Managed through the CCW Dashboard Status page
+
+## Tool Execution
+
+### Agent Calls
+- **Always use `run_in_background: false`** for Task tool agent calls: `Task({ subagent_type: "xxx", prompt: "...", run_in_background: false })` to ensure synchronous execution and immediate result visibility
+- **TaskOutput usage**: Only use `TaskOutput({ task_id: "xxx", block: false })` + sleep loop to poll completion status. NEVER read intermediate output during agent/CLI execution - wait for final result only
+
+### CLI Tool Calls (ccw cli)
+- **Always use `run_in_background: true`** for Bash tool when calling ccw cli:
+  ```
+  Bash({ command: "ccw cli -p '...' --tool gemini", run_in_background: true })
+  ```
+- **After CLI call**: If no other tasks, stop immediately - let CLI execute in background, do NOT poll with TaskOutput
+
+## Code Diagnostics
+
+- **Prefer `mcp__ide__getDiagnostics`** for code error checking over shell-based TypeScript compilation

package/.claude/agents/issue-plan-agent.md

@@ -180,10 +180,23 @@ function decomposeTasks(issue, exploration) {
 - Task validation (all 5 phases present)
 - Conflict detection (cross-issue file modifications)
 
-**Solution Registration**:
-```bash
-# Write solution and register via CLI
-ccw issue bind <issue-id> --solution /tmp/sol.json
+**Solution Registration** (CRITICAL: check solution count first):
+```javascript
+for (const issue of issues) {
+  const solutions = generatedSolutions[issue.id];
+
+  if (solutions.length === 1) {
+    // Single solution → auto-bind
+    Bash(`ccw issue bind ${issue.id} --solution ${solutions[0].file}`);
+    bound.push({ issue_id: issue.id, solution_id: solutions[0].id, task_count: solutions[0].tasks.length });
+  } else {
+    // Multiple solutions → DO NOT BIND, return for user selection
+    pending_selection.push({
+      issue_id: issue.id,
+      solutions: solutions.map(s => ({ id: s.id, description: s.description, task_count: s.tasks.length }))
+    });
+  }
+}
 ```
 
 ---
@@ -255,7 +268,7 @@ Each line is a solution JSON containing tasks. Schema: `cat .claude/workflows/cl
 2. Use vague criteria ("works correctly", "good performance")
 3. Create circular dependencies
 4. Generate more than 10 tasks per issue
-5. Bind when multiple solutions exist
+5. **Bind when multiple solutions exist** - MUST check `solutions.length === 1` before calling `ccw issue bind`
 
 **OUTPUT**:
 1. Register solutions via `ccw issue bind <id> --solution <file>`

package/.claude/agents/issue-queue-agent.md

@@ -148,7 +148,7 @@ function detectConflicts(fileModifications, graph) {
 .workflow/issues/queues/index.json        # Update with new queue entry
 ```
 
-Queue ID format: `QUE-YYYYMMDD-HHMMSS` (UTC timestamp)
+Queue ID: Use the Queue ID provided in prompt (do NOT generate new one)
 Queue Item ID format: `S-N` (S-1, S-2, S-3, ...)
 
 ### 3.2 Queue File Schema
@@ -241,7 +241,14 @@ Queue Item ID format: `S-N` (S-1, S-2, S-3, ...)
 5. Merge conflicting solutions in parallel group
 6. Split tasks from their solution
 
-**OUTPUT**:
-1. Write `.workflow/issues/queues/{queue-id}.json`
-2. Update `.workflow/issues/queues/index.json`
-3. Return summary with `queue_id`, `total_solutions`, `total_tasks`, `execution_groups`, `conflicts_resolved`, `issues_queued`
+**OUTPUT** (STRICT - only these 2 files):
+```
+.workflow/issues/queues/{Queue ID}.json   # Use Queue ID from prompt
+.workflow/issues/queues/index.json        # Update existing index
+```
+- Use the Queue ID provided in prompt, do NOT generate new one
+- Write ONLY the 2 files listed above, NO other files
+- Final return: PURE JSON summary (no markdown, no prose):
+  ```json
+  {"queue_id":"QUE-xxx","total_solutions":N,"total_tasks":N,"execution_groups":[...],"conflicts_resolved":N,"issues_queued":["ISS-xxx"]}
+  ```

package/.claude/commands/issue/discover.md

@@ -0,0 +1,427 @@
+---
+name: issue:discover
+description: Discover potential issues from multiple perspectives (bug, UX, test, quality, security, performance, maintainability, best-practices) using CLI explore. Supports Exa external research for security and best-practices perspectives.
+argument-hint: "<path-pattern> [--perspectives=bug,ux,...] [--external]"
+allowed-tools: SlashCommand(*), TodoWrite(*), Read(*), Bash(*), Task(*), AskUserQuestion(*), Glob(*), Grep(*)
+---
+
+# Issue Discovery Command
+
+## Quick Start
+
+```bash
+# Discover issues in specific module (interactive perspective selection)
+/issue:discover src/auth/**
+
+# Discover with specific perspectives
+/issue:discover src/payment/** --perspectives=bug,security,test
+
+# Discover with external research for all perspectives
+/issue:discover src/api/** --external
+
+# Discover in multiple modules
+/issue:discover src/auth/**,src/payment/**
+```
+
+**Discovery Scope**: Specified modules/files only
+**Output Directory**: `.workflow/issues/discoveries/{discovery-id}/`
+**Available Perspectives**: bug, ux, test, quality, security, performance, maintainability, best-practices
+**Exa Integration**: Auto-enabled for security and best-practices perspectives
+**CLI Tools**: Gemini → Qwen → Codex (fallback chain)
+
+## What & Why
+
+### Core Concept
+Multi-perspective issue discovery orchestrator that explores code from different angles to identify potential bugs, UX improvements, test gaps, and other actionable items. Unlike code review (which assesses existing code quality), discovery focuses on **finding opportunities for improvement and potential problems**.
+
+**vs Code Review**:
+- **Code Review** (`review-module-cycle`): Evaluates code quality against standards
+- **Issue Discovery** (`issue:discover`): Finds actionable issues, bugs, and improvement opportunities
+
+### Value Proposition
+1. **Proactive Issue Detection**: Find problems before they become bugs
+2. **Multi-Perspective Analysis**: Each perspective surfaces different types of issues
+3. **External Benchmarking**: Compare against industry best practices via Exa
+4. **Direct Issue Integration**: Discoveries can be exported to issue tracker
+5. **Dashboard Management**: View, filter, and export discoveries via CCW dashboard
+
+## How It Works
+
+### Execution Flow
+
+```
+Phase 1: Discovery & Initialization
+   └─ Parse target pattern, create session, initialize output structure
+
+Phase 2: Interactive Perspective Selection
+   └─ AskUserQuestion for perspective selection (or use --perspectives)
+
+Phase 3: Parallel Perspective Analysis
+   ├─ Launch N @cli-explore-agent instances (one per perspective)
+   ├─ Security & Best-Practices auto-trigger Exa research
+   ├─ Agent writes perspective JSON, returns summary
+   └─ Update discovery-progress.json
+
+Phase 4: Aggregation & Prioritization
+   ├─ Collect agent return summaries
+   ├─ Load perspective JSON files
+   ├─ Merge findings, deduplicate by file+line
+   └─ Calculate priority scores
+
+Phase 5: Issue Generation & Summary
+   ├─ Convert high-priority discoveries to issue format
+   ├─ Write to discovery-issues.jsonl
+   ├─ Generate single summary.md from agent returns
+   └─ Update discovery-state.json to complete
+```
+
+## Perspectives
+
+### Available Perspectives
+
+| Perspective | Focus | Categories | Exa |
+|-------------|-------|------------|-----|
+| **bug** | Potential Bugs | edge-case, null-check, resource-leak, race-condition, boundary, exception-handling | - |
+| **ux** | User Experience | error-message, loading-state, feedback, accessibility, interaction, consistency | - |
+| **test** | Test Coverage | missing-test, edge-case-test, integration-gap, coverage-hole, assertion-quality | - |
+| **quality** | Code Quality | complexity, duplication, naming, documentation, code-smell, readability | - |
+| **security** | Security Issues | injection, auth, encryption, input-validation, data-exposure, access-control | ✓ |
+| **performance** | Performance | n-plus-one, memory-usage, caching, algorithm, blocking-operation, resource | - |
+| **maintainability** | Maintainability | coupling, cohesion, tech-debt, extensibility, module-boundary, interface-design | - |
+| **best-practices** | Best Practices | convention, pattern, framework-usage, anti-pattern, industry-standard | ✓ |
+
+### Interactive Perspective Selection
+
+When no `--perspectives` flag is provided, the command uses AskUserQuestion:
+
+```javascript
+AskUserQuestion({
+  questions: [{
+    question: "Select primary discovery focus:",
+    header: "Focus",
+    multiSelect: false,
+    options: [
+      { label: "Bug + Test + Quality", description: "Quick scan: potential bugs, test gaps, code quality (Recommended)" },
+      { label: "Security + Performance", description: "System audit: security issues, performance bottlenecks" },
+      { label: "Maintainability + Best-practices", description: "Long-term health: coupling, tech debt, conventions" },
+      { label: "Full analysis", description: "All 7 perspectives (comprehensive, takes longer)" }
+    ]
+  }]
+})
+```
+
+**Recommended Combinations**:
+- Quick scan: bug, test, quality
+- Full analysis: all perspectives
+- Security audit: security, bug, quality
+
+## Core Responsibilities
+
+### Orchestrator
+
+**Phase 1: Discovery & Initialization**
+
+```javascript
+// Step 1: Parse target pattern and resolve files
+const resolvedFiles = await expandGlobPattern(targetPattern);
+if (resolvedFiles.length === 0) {
+  throw new Error(`No files matched pattern: ${targetPattern}`);
+}
+
+// Step 2: Generate discovery ID
+const discoveryId = `DSC-${formatDate(new Date(), 'YYYYMMDD-HHmmss')}`;
+
+// Step 3: Create output directory
+const outputDir = `.workflow/issues/discoveries/${discoveryId}`;
+await mkdir(outputDir, { recursive: true });
+await mkdir(`${outputDir}/perspectives`, { recursive: true });
+
+// Step 4: Initialize unified discovery state (merged state+progress)
+await writeJson(`${outputDir}/discovery-state.json`, {
+  discovery_id: discoveryId,
+  target_pattern: targetPattern,
+  phase: "initialization",
+  created_at: new Date().toISOString(),
+  updated_at: new Date().toISOString(),
+  target: { files_count: { total: resolvedFiles.length }, project: {} },
+  perspectives: [],  // filled after selection: [{name, status, findings}]
+  external_research: { enabled: false, completed: false },
+  results: { total_findings: 0, issues_generated: 0, priority_distribution: {} }
+});
+```
+
+**Phase 2: Perspective Selection**
+
+```javascript
+// Check for --perspectives flag
+let selectedPerspectives = [];
+
+if (args.perspectives) {
+  selectedPerspectives = args.perspectives.split(',').map(p => p.trim());
+} else {
+  // Interactive selection via AskUserQuestion
+  const response = await AskUserQuestion({...});
+  selectedPerspectives = parseSelectedPerspectives(response);
+}
+
+// Validate and update state
+await updateDiscoveryState(outputDir, {
+  'metadata.perspectives': selectedPerspectives,
+  phase: 'parallel'
+});
+```
+
+**Phase 3: Parallel Perspective Analysis**
+
+Launch N agents in parallel (one per selected perspective):
+
+```javascript
+// Launch agents in parallel - agents write JSON and return summary
+const agentPromises = selectedPerspectives.map(perspective =>
+  Task({
+    subagent_type: "cli-explore-agent",
+    run_in_background: false,
+    description: `Discover ${perspective} issues`,
+    prompt: buildPerspectivePrompt(perspective, discoveryId, resolvedFiles, outputDir)
+  })
+);
+
+// Wait for all agents - collect their return summaries
+const results = await Promise.all(agentPromises);
+// results contain agent summaries for final report
+```
+
+**Phase 4: Aggregation & Prioritization**
+
+```javascript
+// Load all perspective JSON files written by agents
+const allFindings = [];
+for (const perspective of selectedPerspectives) {
+  const jsonPath = `${outputDir}/perspectives/${perspective}.json`;
+  if (await fileExists(jsonPath)) {
+    const data = await readJson(jsonPath);
+    allFindings.push(...data.findings.map(f => ({ ...f, perspective })));
+  }
+}
+
+// Deduplicate and prioritize
+const prioritizedFindings = deduplicateAndPrioritize(allFindings);
+
+// Update unified state
+await updateDiscoveryState(outputDir, {
+  phase: 'aggregation',
+  'results.total_findings': prioritizedFindings.length,
+  'results.priority_distribution': countByPriority(prioritizedFindings)
+});
+```
+
+**Phase 5: Issue Generation & Summary**
+
+```javascript
+// Convert high-priority findings to issues
+const issueWorthy = prioritizedFindings.filter(f =>
+  f.priority === 'critical' || f.priority === 'high' || f.priority_score >= 0.7
+);
+
+// Write discovery-issues.jsonl
+await writeJsonl(`${outputDir}/discovery-issues.jsonl`, issues);
+
+// Generate single summary.md from agent return summaries
+// Orchestrator briefly summarizes what agents returned (NO detailed reports)
+await writeSummaryFromAgentReturns(outputDir, results, prioritizedFindings, issues);
+
+// Update final state
+await updateDiscoveryState(outputDir, {
+  phase: 'complete',
+  updated_at: new Date().toISOString(),
+  'results.issues_generated': issues.length
+});
+```
+
+### Output File Structure
+
+```
+.workflow/issues/discoveries/
+├── index.json                           # Discovery session index
+└── {discovery-id}/
+    ├── discovery-state.json             # Unified state (merged state+progress)
+    ├── perspectives/
+    │   └── {perspective}.json           # Per-perspective findings
+    ├── external-research.json           # Exa research results (if enabled)
+    ├── discovery-issues.jsonl           # Generated candidate issues
+    └── summary.md                       # Single summary (from agent returns)
+```
+
+### Schema References
+
+**External Schema Files** (agent MUST read and follow exactly):
+
+| Schema | Path | Purpose |
+|--------|------|---------|
+| **Discovery State** | `~/.claude/workflows/cli-templates/schemas/discovery-state-schema.json` | Session state machine |
+| **Discovery Finding** | `~/.claude/workflows/cli-templates/schemas/discovery-finding-schema.json` | Perspective analysis results |
+
+### Agent Invocation Template
+
+**Perspective Analysis Agent**:
+
+```javascript
+Task({
+  subagent_type: "cli-explore-agent",
+  run_in_background: false,
+  description: `Discover ${perspective} issues`,
+  prompt: `
+    ## Task Objective
+    Discover potential ${perspective} issues in specified module files.
+
+    ## Discovery Context
+    - Discovery ID: ${discoveryId}
+    - Perspective: ${perspective}
+    - Target Pattern: ${targetPattern}
+    - Resolved Files: ${resolvedFiles.length} files
+    - Output Directory: ${outputDir}
+
+    ## MANDATORY FIRST STEPS
+    1. Read discovery state: ${outputDir}/discovery-state.json
+    2. Read schema: ~/.claude/workflows/cli-templates/schemas/discovery-finding-schema.json
+    3. Analyze target files for ${perspective} concerns
+
+    ## Output Requirements
+
+    **1. Write JSON file**: ${outputDir}/perspectives/${perspective}.json
+    - Follow discovery-finding-schema.json exactly
+    - Each finding: id, title, priority, category, description, file, line, snippet, suggested_issue, confidence
+
+    **2. Return summary** (DO NOT write report file):
+    - Return a brief text summary of findings
+    - Include: total findings, priority breakdown, key issues
+    - This summary will be used by orchestrator for final report
+
+    ## Perspective-Specific Guidance
+    ${getPerspectiveGuidance(perspective)}
+
+    ## Success Criteria
+    - [ ] JSON written to ${outputDir}/perspectives/${perspective}.json
+    - [ ] Summary returned with findings count and key issues
+    - [ ] Each finding includes actionable suggested_issue
+    - [ ] Priority uses lowercase enum: critical/high/medium/low
+  `
+})
+```
+
+**Exa Research Agent** (for security and best-practices):
+
+```javascript
+Task({
+  subagent_type: "cli-explore-agent",
+  run_in_background: false,
+  description: `External research for ${perspective} via Exa`,
+  prompt: `
+    ## Task Objective
+    Research industry best practices for ${perspective} using Exa search
+
+    ## Research Steps
+    1. Read project tech stack: .workflow/project-tech.json
+    2. Use Exa to search for best practices
+    3. Synthesize findings relevant to this project
+
+    ## Output Requirements
+
+    **1. Write JSON file**: ${outputDir}/external-research.json
+    - Include sources, key_findings, gap_analysis, recommendations
+
+    **2. Return summary** (DO NOT write report file):
+    - Brief summary of external research findings
+    - Key recommendations for the project
+
+    ## Success Criteria
+    - [ ] JSON written to ${outputDir}/external-research.json
+    - [ ] Summary returned with key recommendations
+    - [ ] Findings are relevant to project's tech stack
+  `
+})
+```
+
+### Perspective Guidance Reference
+
+```javascript
+function getPerspectiveGuidance(perspective) {
+  const guidance = {
+    bug: `
+      Focus: Null checks, edge cases, resource leaks, race conditions, boundary conditions, exception handling
+      Priority: Critical=data corruption/crash, High=malfunction, Medium=edge case issues, Low=minor
+    `,
+    ux: `
+      Focus: Error messages, loading states, feedback, accessibility, interaction patterns, form validation
+      Priority: Critical=inaccessible, High=confusing, Medium=inconsistent, Low=cosmetic
+    `,
+    test: `
+      Focus: Missing unit tests, edge case coverage, integration gaps, assertion quality, test isolation
+      Priority: Critical=no security tests, High=no core logic tests, Medium=weak coverage, Low=minor gaps
+    `,
+    quality: `
+      Focus: Complexity, duplication, naming, documentation, code smells, readability
+      Priority: Critical=unmaintainable, High=significant issues, Medium=naming/docs, Low=minor refactoring
+    `,
+    security: `
+      Focus: Input validation, auth/authz, injection, XSS/CSRF, data exposure, access control
+      Priority: Critical=auth bypass/injection, High=missing authz, Medium=weak validation, Low=headers
+    `,
+    performance: `
+      Focus: N+1 queries, memory leaks, caching, algorithm efficiency, blocking operations
+      Priority: Critical=memory leaks, High=N+1/inefficient, Medium=missing cache, Low=minor optimization
+    `,
+    maintainability: `
+      Focus: Coupling, interface design, tech debt, extensibility, module boundaries, configuration
+      Priority: Critical=unrelated code changes, High=unclear boundaries, Medium=coupling, Low=refactoring
+    `,
+    'best-practices': `
+      Focus: Framework conventions, language patterns, anti-patterns, deprecated APIs, coding standards
+      Priority: Critical=anti-patterns causing bugs, High=convention violations, Medium=style, Low=cosmetic
+    `
+  };
+  return guidance[perspective] || 'General code discovery analysis';
+}
+```
+
+## Dashboard Integration
+
+### Viewing Discoveries
+
+Open CCW dashboard to manage discoveries:
+
+```bash
+ccw view
+```
+
+Navigate to **Issues > Discovery** to:
+- View all discovery sessions
+- Filter findings by perspective and priority
+- Preview finding details
+- Select and export findings as issues
+
+### Exporting to Issues
+
+From the dashboard, select findings and click "Export as Issues" to:
+1. Convert discoveries to standard issue format
+2. Append to `.workflow/issues/issues.jsonl`
+3. Set status to `registered`
+4. Continue with `/issue:plan` workflow
+
+## Related Commands
+
+```bash
+# After discovery, plan solutions for exported issues
+/issue:plan DSC-001,DSC-002,DSC-003
+
+# Or use interactive management
+/issue:manage
+```
+
+## Best Practices
+
+1. **Start Focused**: Begin with specific modules rather than entire codebase
+2. **Use Quick Scan First**: Start with bug, test, quality for fast results
+3. **Review Before Export**: Not all discoveries warrant issues - use dashboard to filter
+4. **Combine Perspectives**: Run related perspectives together (e.g., security + bug)
+5. **Enable Exa for New Tech**: When using unfamiliar frameworks, enable external research

package/.claude/commands/issue/new.md

@@ -24,7 +24,7 @@ interface Issue {
   status: 'registered';          // Initial status
   priority: number;              // 1 (critical) to 5 (low)
   context: string;               // Problem description
-  source: 'github' | 'text';     // Input source type
+  source: 'github' | 'text' | 'discovery';  // Input source type
   source_url?: string;           // GitHub URL if applicable
   labels?: string[];             // Categorization labels
 
@@ -35,6 +35,18 @@ interface Issue {
   affected_components?: string[];// Files/modules affected
   reproduction_steps?: string[]; // Steps to reproduce
 
+  // Discovery context (when source='discovery')
+  discovery_context?: {
+    discovery_id: string;        // Source discovery session
+    perspective: string;         // bug, test, quality, etc.
+    category: string;            // Finding category
+    file: string;                // Primary affected file
+    line: number;                // Line number
+    snippet?: string;            // Code snippet
+    confidence: number;          // Agent confidence (0-1)
+    suggested_fix?: string;      // Suggested remediation
+  };
+
   // Closed-loop requirements (guide plan generation)
   lifecycle_requirements: {
     test_strategy: 'unit' | 'integration' | 'e2e' | 'manual' | 'auto';