claude-code-workflow 6.3.37 → 6.3.39

package/.codex/prompts/issue-discover-by-prompt.md

@@ -0,0 +1,364 @@
+---
+description: Discover issues from user prompt with iterative multi-agent exploration and cross-module comparison
+argument-hint: "<prompt> [--scope=src/**] [--depth=standard|deep] [--max-iterations=5]"
+---
+
+# Issue Discovery by Prompt (Codex Version)
+
+## Goal
+
+Prompt-driven issue discovery with intelligent planning. Instead of fixed perspectives, this command:
+
+1. **Analyzes user intent** to understand what to find
+2. **Plans exploration strategy** dynamically based on codebase structure
+3. **Executes iterative exploration** with feedback loops
+4. **Performs cross-module comparison** when detecting comparison intent
+
+**Core Difference from `issue-discover.md`**:
+- `issue-discover`: Pre-defined perspectives (bug, security, etc.), parallel execution
+- `issue-discover-by-prompt`: User-driven prompt, planned strategy, iterative exploration
+
+## Inputs
+
+- **Prompt**: Natural language description of what to find
+- **Scope**: `--scope=src/**` - File pattern to explore (default: `**/*`)
+- **Depth**: `--depth=standard|deep` - standard (3 iterations) or deep (5+ iterations)
+- **Max Iterations**: `--max-iterations=N` (default: 5)
+
+## Output Requirements
+
+**Generate Files:**
+1. `.workflow/issues/discoveries/{discovery-id}/discovery-state.json` - Session state with iteration tracking
+2. `.workflow/issues/discoveries/{discovery-id}/iterations/{N}/{dimension}.json` - Per-iteration findings
+3. `.workflow/issues/discoveries/{discovery-id}/comparison-analysis.json` - Cross-dimension comparison (if applicable)
+4. `.workflow/issues/discoveries/{discovery-id}/discovery-issues.jsonl` - Generated issue candidates
+
+**Return Summary:**
+```json
+{
+  "discovery_id": "DBP-YYYYMMDD-HHmmss",
+  "prompt": "Check if frontend API calls match backend implementations",
+  "intent_type": "comparison",
+  "dimensions": ["frontend-calls", "backend-handlers"],
+  "total_iterations": 3,
+  "total_findings": 24,
+  "issues_generated": 12,
+  "comparison_match_rate": 0.75
+}
+```
+
+## Workflow
+
+### Step 1: Initialize Discovery Session
+
+```bash
+# Generate discovery ID
+DISCOVERY_ID="DBP-$(date -u +%Y%m%d-%H%M%S)"
+OUTPUT_DIR=".workflow/issues/discoveries/${DISCOVERY_ID}"
+
+# Create directory structure
+mkdir -p "${OUTPUT_DIR}/iterations"
+```
+
+Detect intent type from prompt:
+- `comparison`: Contains "match", "compare", "versus", "vs", "between"
+- `search`: Contains "find", "locate", "where"
+- `verification`: Contains "verify", "check", "ensure"
+- `audit`: Contains "audit", "review", "analyze"
+
+### Step 2: Gather Context
+
+Use `rg` and file exploration to understand codebase structure:
+
+```bash
+# Find relevant modules based on prompt keywords
+rg -l "<keyword1>" --type ts | head -10
+rg -l "<keyword2>" --type ts | head -10
+
+# Understand project structure
+ls -la src/
+cat .workflow/project-tech.json 2>/dev/null || echo "No project-tech.json"
+```
+
+Build context package:
+```json
+{
+  "prompt_keywords": ["frontend", "API", "backend"],
+  "codebase_structure": { "modules": [...], "patterns": [...] },
+  "relevant_modules": ["src/api/", "src/services/"]
+}
+```
+
+### Step 3: Plan Exploration Strategy
+
+Analyze the prompt and context to design exploration strategy.
+
+**Output exploration plan:**
+```json
+{
+  "intent_analysis": {
+    "type": "comparison",
+    "primary_question": "Do frontend API calls match backend implementations?",
+    "sub_questions": ["Are endpoints aligned?", "Are payloads compatible?"]
+  },
+  "dimensions": [
+    {
+      "name": "frontend-calls",
+      "description": "Client-side API calls and error handling",
+      "search_targets": ["src/api/**", "src/hooks/**"],
+      "focus_areas": ["fetch calls", "error boundaries", "response parsing"]
+    },
+    {
+      "name": "backend-handlers",
+      "description": "Server-side API implementations",
+      "search_targets": ["src/server/**", "src/routes/**"],
+      "focus_areas": ["endpoint handlers", "response schemas", "error responses"]
+    }
+  ],
+  "comparison_matrix": {
+    "dimension_a": "frontend-calls",
+    "dimension_b": "backend-handlers",
+    "comparison_points": [
+      {"aspect": "endpoints", "frontend_check": "fetch URLs", "backend_check": "route paths"},
+      {"aspect": "methods", "frontend_check": "HTTP methods used", "backend_check": "methods accepted"},
+      {"aspect": "payloads", "frontend_check": "request body structure", "backend_check": "expected schema"},
+      {"aspect": "responses", "frontend_check": "response parsing", "backend_check": "response format"}
+    ]
+  },
+  "estimated_iterations": 3,
+  "termination_conditions": ["All comparison points verified", "No new findings in last iteration"]
+}
+```
+
+### Step 4: Iterative Exploration
+
+Execute iterations until termination conditions are met:
+
+```
+WHILE iteration < max_iterations AND shouldContinue:
+  1. Plan iteration focus based on previous findings
+  2. Explore each dimension
+  3. Collect and analyze findings
+  4. Cross-reference between dimensions
+  5. Check convergence
+```
+
+**For each iteration:**
+
+1. **Search for relevant code** using `rg`:
+```bash
+# Based on dimension focus areas
+rg "fetch\s*\(" --type ts -C 3 | head -50
+rg "app\.(get|post|put|delete)" --type ts -C 3 | head -50
+```
+
+2. **Analyze and record findings**:
+```json
+{
+  "dimension": "frontend-calls",
+  "iteration": 1,
+  "findings": [
+    {
+      "id": "F-001",
+      "title": "Undefined endpoint in UserService",
+      "category": "endpoint-mismatch",
+      "file": "src/api/userService.ts",
+      "line": 42,
+      "snippet": "fetch('/api/users/profile')",
+      "related_dimension": "backend-handlers",
+      "confidence": 0.85
+    }
+  ],
+  "coverage": {
+    "files_explored": 15,
+    "areas_covered": ["fetch calls", "axios instances"],
+    "areas_remaining": ["graphql queries"]
+  },
+  "leads": [
+    {"description": "Check GraphQL mutations", "suggested_search": "mutation.*User"}
+  ]
+}
+```
+
+3. **Cross-reference findings** between dimensions:
+```javascript
+// For each finding in dimension A, look for related code in dimension B
+if (finding.related_dimension) {
+  searchForRelatedCode(finding, otherDimension);
+}
+```
+
+4. **Check convergence**:
+```javascript
+const convergence = {
+  newDiscoveries: newFindings.length,
+  confidence: calculateConfidence(cumulativeFindings),
+  converged: newFindings.length === 0 || confidence > 0.9
+};
+```
+
+### Step 5: Cross-Analysis (for comparison intent)
+
+If intent is comparison, analyze findings across dimensions:
+
+```javascript
+for (const point of comparisonMatrix.comparison_points) {
+  const aFindings = findings.filter(f => 
+    f.related_dimension === dimension_a && f.category.includes(point.aspect)
+  );
+  const bFindings = findings.filter(f =>
+    f.related_dimension === dimension_b && f.category.includes(point.aspect)
+  );
+  
+  // Find discrepancies
+  const discrepancies = compareFindings(aFindings, bFindings, point);
+  
+  // Calculate match rate
+  const matchRate = calculateMatchRate(aFindings, bFindings);
+}
+```
+
+Write to `comparison-analysis.json`:
+```json
+{
+  "matrix": { "dimension_a": "...", "dimension_b": "...", "comparison_points": [...] },
+  "results": [
+    {
+      "aspect": "endpoints",
+      "dimension_a_count": 15,
+      "dimension_b_count": 12,
+      "discrepancies": [
+        {"frontend": "/api/users/profile", "backend": "NOT_FOUND", "type": "missing_endpoint"}
+      ],
+      "match_rate": 0.80
+    }
+  ],
+  "summary": {
+    "total_discrepancies": 5,
+    "overall_match_rate": 0.75,
+    "critical_mismatches": ["endpoints", "payloads"]
+  }
+}
+```
+
+### Step 6: Generate Issues
+
+Convert high-confidence findings to issues:
+
+```bash
+# For each finding with confidence >= 0.7 or priority critical/high
+echo '{"id":"ISS-DBP-001","title":"Missing backend endpoint for /api/users/profile",...}' >> ${OUTPUT_DIR}/discovery-issues.jsonl
+```
+
+### Step 7: Update Final State
+
+```json
+{
+  "discovery_id": "DBP-...",
+  "type": "prompt-driven",
+  "prompt": "...",
+  "intent_type": "comparison",
+  "phase": "complete",
+  "created_at": "...",
+  "updated_at": "...",
+  "iterations": [
+    {"number": 1, "findings_count": 10, "new_discoveries": 10, "confidence": 0.6},
+    {"number": 2, "findings_count": 18, "new_discoveries": 8, "confidence": 0.75},
+    {"number": 3, "findings_count": 24, "new_discoveries": 6, "confidence": 0.85}
+  ],
+  "results": {
+    "total_iterations": 3,
+    "total_findings": 24,
+    "issues_generated": 12,
+    "comparison_match_rate": 0.75
+  }
+}
+```
+
+### Step 8: Output Summary
+
+```markdown
+## Discovery Complete: DBP-...
+
+**Prompt**: Check if frontend API calls match backend implementations
+**Intent**: comparison
+**Dimensions**: frontend-calls, backend-handlers
+
+### Iteration Summary
+| # | Findings | New | Confidence |
+|---|----------|-----|------------|
+| 1 | 10 | 10 | 60% |
+| 2 | 18 | 8 | 75% |
+| 3 | 24 | 6 | 85% |
+
+### Comparison Results
+- **Overall Match Rate**: 75%
+- **Total Discrepancies**: 5
+- **Critical Mismatches**: endpoints, payloads
+
+### Issues Generated: 12
+- 2 Critical
+- 4 High
+- 6 Medium
+
+### Next Steps
+- `/issue:plan DBP-001,DBP-002,...` to plan solutions
+- `ccw view` to review findings in dashboard
+```
+
+## Quality Checklist
+
+Before completing, verify:
+
+- [ ] Intent type correctly detected from prompt
+- [ ] Dimensions dynamically generated based on prompt
+- [ ] Iterations executed until convergence or max limit
+- [ ] Cross-reference analysis performed (for comparison intent)
+- [ ] High-confidence findings converted to issues
+- [ ] Discovery state shows `phase: complete`
+
+## Error Handling
+
+| Situation | Action |
+|-----------|--------|
+| No relevant code found | Report empty result, suggest broader scope |
+| Max iterations without convergence | Complete with current findings, note in summary |
+| Comparison dimension mismatch | Report which dimension has fewer findings |
+| No comparison points matched | Report as "No direct matches found" |
+
+## Use Cases
+
+| Scenario | Example Prompt |
+|----------|----------------|
+| API Contract | "Check if frontend calls match backend endpoints" |
+| Error Handling | "Find inconsistent error handling patterns" |
+| Migration Gap | "Compare old auth with new auth implementation" |
+| Feature Parity | "Verify mobile has all web features" |
+| Schema Drift | "Check if TypeScript types match API responses" |
+| Integration | "Find mismatches between service A and service B" |
+
+## Start Discovery
+
+Parse prompt and detect intent:
+
+```bash
+PROMPT="${1}"
+SCOPE="${2:-**/*}"
+DEPTH="${3:-standard}"
+
+# Detect intent keywords
+if echo "${PROMPT}" | grep -qiE '(match|compare|versus|vs|between)'; then
+  INTENT="comparison"
+elif echo "${PROMPT}" | grep -qiE '(find|locate|where)'; then
+  INTENT="search"
+elif echo "${PROMPT}" | grep -qiE '(verify|check|ensure)'; then
+  INTENT="verification"
+else
+  INTENT="audit"
+fi
+
+echo "Intent detected: ${INTENT}"
+echo "Starting discovery with scope: ${SCOPE}"
+```
+
+Then follow the workflow to explore and discover issues.

package/.codex/prompts/issue-discover.md

@@ -0,0 +1,261 @@
+---
+description: Discover potential issues from multiple perspectives (bug, UX, test, quality, security, performance, maintainability, best-practices)
+argument-hint: "<path-pattern> [--perspectives=bug,ux,...] [--external]"
+---
+
+# Issue Discovery (Codex Version)
+
+## Goal
+
+Multi-perspective issue discovery that explores code from different angles to identify potential bugs, UX improvements, test gaps, and other actionable items. Unlike code review (which assesses existing code quality), discovery focuses on **finding opportunities for improvement and potential problems**.
+
+**Discovery Scope**: Specified modules/files only
+**Output Directory**: `.workflow/issues/discoveries/{discovery-id}/`
+**Available Perspectives**: bug, ux, test, quality, security, performance, maintainability, best-practices
+
+## Inputs
+
+- **Target Pattern**: File glob pattern (e.g., `src/auth/**`)
+- **Perspectives**: Comma-separated list via `--perspectives` (or interactive selection)
+- **External Research**: `--external` flag enables Exa research for security and best-practices
+
+## Output Requirements
+
+**Generate Files:**
+1. `.workflow/issues/discoveries/{discovery-id}/discovery-state.json` - Session state
+2. `.workflow/issues/discoveries/{discovery-id}/perspectives/{perspective}.json` - Per-perspective findings
+3. `.workflow/issues/discoveries/{discovery-id}/discovery-issues.jsonl` - Generated issue candidates
+4. `.workflow/issues/discoveries/{discovery-id}/summary.md` - Summary report
+
+**Return Summary:**
+```json
+{
+  "discovery_id": "DSC-YYYYMMDD-HHmmss",
+  "target_pattern": "src/auth/**",
+  "perspectives_analyzed": ["bug", "security", "test"],
+  "total_findings": 15,
+  "issues_generated": 8,
+  "priority_distribution": { "critical": 1, "high": 3, "medium": 4 }
+}
+```
+
+## Workflow
+
+### Step 1: Initialize Discovery Session
+
+```bash
+# Generate discovery ID
+DISCOVERY_ID="DSC-$(date -u +%Y%m%d-%H%M%S)"
+OUTPUT_DIR=".workflow/issues/discoveries/${DISCOVERY_ID}"
+
+# Create directory structure
+mkdir -p "${OUTPUT_DIR}/perspectives"
+```
+
+Resolve target files:
+```bash
+# List files matching pattern
+find <target-pattern> -type f -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx"
+```
+
+If no files found, abort with error message.
+
+### Step 2: Select Perspectives
+
+**If `--perspectives` provided:**
+- Parse comma-separated list
+- Validate against available perspectives
+
+**If not provided (interactive):**
+- Present perspective groups:
+  - Quick scan: bug, test, quality
+  - Security audit: security, bug, quality
+  - Full analysis: all perspectives
+- Use first group as default or wait for user input
+
+### Step 3: Analyze Each Perspective
+
+For each selected perspective, explore target files and identify issues.
+
+**Perspective-Specific Focus:**
+
+| Perspective | Focus Areas | Priority Guide |
+|-------------|-------------|----------------|
+| **bug** | Null checks, edge cases, resource leaks, race conditions, boundary conditions, exception handling | Critical=data corruption/crash, High=malfunction, Medium=edge case |
+| **ux** | Error messages, loading states, feedback, accessibility, interaction patterns | Critical=inaccessible, High=confusing, Medium=inconsistent |
+| **test** | Missing unit tests, edge case coverage, integration gaps, assertion quality | Critical=no security tests, High=no core logic tests |
+| **quality** | Complexity, duplication, naming, documentation, code smells | Critical=unmaintainable, High=significant issues |
+| **security** | Input validation, auth/authz, injection, XSS/CSRF, data exposure | Critical=auth bypass/injection, High=missing authz |
+| **performance** | N+1 queries, memory leaks, caching, algorithm efficiency | Critical=memory leaks, High=N+1 queries |
+| **maintainability** | Coupling, interface design, tech debt, extensibility | Critical=forced changes, High=unclear boundaries |
+| **best-practices** | Framework conventions, language patterns, anti-patterns | Critical=bug-causing anti-patterns, High=convention violations |
+
+**For each perspective:**
+
+1. Read target files and analyze for perspective-specific concerns
+2. Use `rg` to search for patterns indicating issues
+3. Record findings with:
+   - `id`: Finding ID (e.g., `F-001`)
+   - `title`: Brief description
+   - `priority`: critical/high/medium/low
+   - `category`: Specific category within perspective
+   - `description`: Detailed explanation
+   - `file`: File path
+   - `line`: Line number
+   - `snippet`: Code snippet
+   - `suggested_issue`: Proposed issue text
+   - `confidence`: 0.0-1.0
+
+4. Write to `{OUTPUT_DIR}/perspectives/{perspective}.json`:
+```json
+{
+  "perspective": "security",
+  "analyzed_at": "2025-01-22T...",
+  "files_analyzed": 15,
+  "findings": [
+    {
+      "id": "F-001",
+      "title": "Missing input validation",
+      "priority": "high",
+      "category": "input-validation",
+      "description": "User input is passed directly to database query",
+      "file": "src/auth/login.ts",
+      "line": 42,
+      "snippet": "db.query(`SELECT * FROM users WHERE name = '${input}'`)",
+      "suggested_issue": "Add input sanitization to prevent SQL injection",
+      "confidence": 0.95
+    }
+  ]
+}
+```
+
+### Step 4: External Research (if --external)
+
+For security and best-practices perspectives, use Exa to search for:
+- Industry best practices for the tech stack
+- Known vulnerability patterns
+- Framework-specific security guidelines
+
+Write results to `{OUTPUT_DIR}/external-research.json`.
+
+### Step 5: Aggregate and Prioritize
+
+1. Load all perspective JSON files
+2. Deduplicate findings by file+line
+3. Calculate priority scores:
+   - critical: 1.0
+   - high: 0.8
+   - medium: 0.5
+   - low: 0.2
+   - Adjust by confidence
+
+4. Sort by priority score descending
+
+### Step 6: Generate Issues
+
+Convert high-priority findings to issue format:
+
+```bash
+# Append to discovery-issues.jsonl
+echo '{"id":"ISS-DSC-001","title":"...","priority":"high",...}' >> ${OUTPUT_DIR}/discovery-issues.jsonl
+```
+
+Issue criteria:
+- `priority` is critical or high
+- OR `priority_score >= 0.7`
+- OR `confidence >= 0.9` with medium priority
+
+### Step 7: Update Discovery State
+
+Write final state to `{OUTPUT_DIR}/discovery-state.json`:
+```json
+{
+  "discovery_id": "DSC-...",
+  "target_pattern": "src/auth/**",
+  "phase": "complete",
+  "created_at": "...",
+  "updated_at": "...",
+  "perspectives": ["bug", "security", "test"],
+  "results": {
+    "total_findings": 15,
+    "issues_generated": 8,
+    "priority_distribution": {
+      "critical": 1,
+      "high": 3,
+      "medium": 4
+    }
+  }
+}
+```
+
+### Step 8: Generate Summary
+
+Write summary to `{OUTPUT_DIR}/summary.md`:
+```markdown
+# Discovery Summary: DSC-...
+
+**Target**: src/auth/**
+**Perspectives**: bug, security, test
+**Total Findings**: 15
+**Issues Generated**: 8
+
+## Priority Breakdown
+- Critical: 1
+- High: 3
+- Medium: 4
+
+## Top Findings
+
+1. **[Critical] SQL Injection in login.ts:42**
+   Category: security/input-validation
+   ...
+
+2. **[High] Missing null check in auth.ts:128**
+   Category: bug/null-check
+   ...
+
+## Next Steps
+- Run `/issue:plan` to plan solutions for generated issues
+- Use `ccw view` to review findings in dashboard
+```
+
+## Quality Checklist
+
+Before completing, verify:
+
+- [ ] All target files analyzed for selected perspectives
+- [ ] Findings include file:line references
+- [ ] Priority assigned to all findings
+- [ ] Issues generated from high-priority findings
+- [ ] Discovery state shows `phase: complete`
+- [ ] Summary includes actionable next steps
+
+## Error Handling
+
+| Situation | Action |
+|-----------|--------|
+| No files match pattern | Abort with clear error message |
+| Perspective analysis fails | Log error, continue with other perspectives |
+| No findings | Report "No issues found" (not an error) |
+| External research fails | Continue without external context |
+
+## Schema References
+
+| Schema | Path | Purpose |
+|--------|------|---------|
+| Discovery State | `~/.claude/workflows/cli-templates/schemas/discovery-state-schema.json` | Session state |
+| Discovery Finding | `~/.claude/workflows/cli-templates/schemas/discovery-finding-schema.json` | Finding format |
+
+## Start Discovery
+
+Begin by resolving target files:
+
+```bash
+# Parse target pattern from arguments
+TARGET_PATTERN="${1:-src/**}"
+
+# Count matching files
+find ${TARGET_PATTERN} -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" \) | wc -l
+```
+
+Then proceed with perspective selection and analysis.

package/.codex/prompts/issue-execute.md

@@ -9,6 +9,16 @@ argument-hint: "--queue <queue-id> [--worktree [<existing-path>]]"
 
 **Serial Execution**: Execute solutions ONE BY ONE from the issue queue via `ccw issue next`. For each solution, complete all tasks sequentially (implement → test → verify), then commit once per solution with formatted summary. Continue autonomously until queue is empty.
 
+## Project Context (MANDATORY FIRST STEPS)
+
+Before starting execution, load project context:
+
+1. **Read project tech stack**: `.workflow/project-tech.json`
+2. **Read project guidelines**: `.workflow/project-guidelines.json`
+3. **Read solution schema**: `~/.claude/workflows/cli-templates/schemas/solution-schema.json`
+
+This ensures execution follows project conventions and patterns.
+
 ## Queue ID Requirement (MANDATORY)
 
 **`--queue <queue-id>` parameter is REQUIRED**