codingbuddy-rules 2.0.0 → 2.2.0

package/.ai-rules/checklists/security.json

@@ -0,0 +1,119 @@
+{
+  "domain": "security",
+  "icon": "🔒",
+  "description": "Security-related review items",
+  "categories": [
+    {
+      "name": "authentication",
+      "triggers": {
+        "files": [
+          "**/auth/**",
+          "**/login/**",
+          "**/session/**",
+          "**/password/**",
+          "**/signin/**",
+          "**/signup/**"
+        ],
+        "imports": [
+          "bcrypt",
+          "argon2",
+          "jsonwebtoken",
+          "passport",
+          "next-auth",
+          "@auth/*",
+          "jose"
+        ],
+        "patterns": [
+          "password",
+          "token",
+          "credential",
+          "session",
+          "authenticate"
+        ]
+      },
+      "items": [
+        {
+          "id": "sec-auth-001",
+          "text": "Hash passwords using bcrypt/argon2 (never store plaintext)",
+          "priority": "critical",
+          "reason": "Plaintext passwords can be stolen if database is compromised",
+          "reference": "OWASP Authentication Cheatsheet"
+        },
+        {
+          "id": "sec-auth-002",
+          "text": "Implement rate limiting on login attempts",
+          "priority": "high",
+          "reason": "Prevents brute force attacks"
+        },
+        {
+          "id": "sec-auth-003",
+          "text": "Use secure session management (HttpOnly, Secure, SameSite cookies)",
+          "priority": "critical",
+          "reason": "Prevents session hijacking and XSS attacks"
+        },
+        {
+          "id": "sec-auth-004",
+          "text": "Implement proper logout (invalidate session server-side)",
+          "priority": "high",
+          "reason": "Ensures complete session termination"
+        }
+      ]
+    },
+    {
+      "name": "input_validation",
+      "triggers": {
+        "files": ["**/api/**", "**/form/**", "**/input/**", "**/handler/**"],
+        "imports": ["zod", "yup", "joi", "validator"],
+        "patterns": ["validate", "sanitize", "input", "formData"]
+      },
+      "items": [
+        {
+          "id": "sec-input-001",
+          "text": "Validate all user input server-side",
+          "priority": "critical",
+          "reason": "Client-side validation can be bypassed"
+        },
+        {
+          "id": "sec-input-002",
+          "text": "Sanitize input to prevent XSS attacks",
+          "priority": "critical",
+          "reason": "Unsanitized input can execute malicious scripts"
+        },
+        {
+          "id": "sec-input-003",
+          "text": "Use parameterized queries to prevent SQL injection",
+          "priority": "critical",
+          "reason": "Raw queries with user input enable SQL injection"
+        }
+      ]
+    },
+    {
+      "name": "data_protection",
+      "triggers": {
+        "files": ["**/api/**", "**/data/**", "**/user/**", "**/profile/**"],
+        "imports": ["crypto", "node:crypto"],
+        "patterns": ["encrypt", "decrypt", "secret", "private", "pii"]
+      },
+      "items": [
+        {
+          "id": "sec-data-001",
+          "text": "Encrypt sensitive data at rest",
+          "priority": "high",
+          "reason": "Protects data if storage is compromised"
+        },
+        {
+          "id": "sec-data-002",
+          "text": "Use HTTPS for all data transmission",
+          "priority": "critical",
+          "reason": "Prevents man-in-the-middle attacks"
+        },
+        {
+          "id": "sec-data-003",
+          "text": "Never log sensitive information (passwords, tokens, PII)",
+          "priority": "high",
+          "reason": "Logs can be accessed by unauthorized parties"
+        }
+      ]
+    }
+  ]
+}

package/.ai-rules/checklists/seo.json

@@ -0,0 +1,97 @@
+{
+  "domain": "seo",
+  "icon": "🔍",
+  "description": "SEO optimization review items",
+  "categories": [
+    {
+      "name": "metadata",
+      "triggers": {
+        "files": ["**/page/**", "**/layout/**", "**/app/**", "**/head/**"],
+        "imports": ["next/head", "react-helmet"],
+        "patterns": ["<title", "<meta", "metadata", "generateMetadata"]
+      },
+      "items": [
+        {
+          "id": "seo-meta-001",
+          "text": "Set unique, descriptive title for each page",
+          "priority": "critical",
+          "reason": "Titles appear in search results and browser tabs"
+        },
+        {
+          "id": "seo-meta-002",
+          "text": "Write compelling meta descriptions (150-160 chars)",
+          "priority": "high",
+          "reason": "Descriptions appear in search result snippets"
+        },
+        {
+          "id": "seo-meta-003",
+          "text": "Set canonical URL to prevent duplicate content issues",
+          "priority": "medium",
+          "reason": "Helps search engines understand the primary URL"
+        },
+        {
+          "id": "seo-meta-004",
+          "text": "Add Open Graph and Twitter Card meta tags",
+          "priority": "medium",
+          "reason": "Controls appearance when shared on social media"
+        }
+      ]
+    },
+    {
+      "name": "structure",
+      "triggers": {
+        "files": ["**/page/**", "**/layout/**", "**/*.tsx", "**/*.jsx"],
+        "imports": [],
+        "patterns": ["<h1", "<h2", "<main", "<article", "<nav"]
+      },
+      "items": [
+        {
+          "id": "seo-struct-001",
+          "text": "Use exactly one h1 per page",
+          "priority": "high",
+          "reason": "H1 signals main topic to search engines"
+        },
+        {
+          "id": "seo-struct-002",
+          "text": "Use semantic HTML elements (article, section, nav)",
+          "priority": "medium",
+          "reason": "Semantic markup helps search engines understand content"
+        },
+        {
+          "id": "seo-struct-003",
+          "text": "Implement breadcrumb navigation with structured data",
+          "priority": "low",
+          "reason": "Helps users and search engines navigate site hierarchy"
+        }
+      ]
+    },
+    {
+      "name": "links",
+      "triggers": {
+        "files": ["**/page/**", "**/*.tsx", "**/*.jsx"],
+        "imports": ["next/link"],
+        "patterns": ["<a ", "<Link", "href="]
+      },
+      "items": [
+        {
+          "id": "seo-link-001",
+          "text": "Use descriptive link text (avoid 'click here')",
+          "priority": "medium",
+          "reason": "Link text signals page content to search engines"
+        },
+        {
+          "id": "seo-link-002",
+          "text": "Add rel='noopener noreferrer' to external links",
+          "priority": "medium",
+          "reason": "Security and performance best practice"
+        },
+        {
+          "id": "seo-link-003",
+          "text": "Ensure all internal links use relative paths",
+          "priority": "low",
+          "reason": "Maintains link equity within the site"
+        }
+      ]
+    }
+  ]
+}

package/.ai-rules/checklists/testing.json

@@ -0,0 +1,97 @@
+{
+  "domain": "testing",
+  "icon": "🧪",
+  "description": "Testing strategy and coverage review items",
+  "categories": [
+    {
+      "name": "unit_testing",
+      "triggers": {
+        "files": ["**/util/**", "**/lib/**", "**/helper/**", "**/service/**"],
+        "imports": ["vitest", "jest", "@testing-library/*"],
+        "patterns": ["describe", "it(", "test(", "expect"]
+      },
+      "items": [
+        {
+          "id": "test-unit-001",
+          "text": "Write tests for all pure functions",
+          "priority": "high",
+          "reason": "Pure functions are easiest to test and most valuable to cover"
+        },
+        {
+          "id": "test-unit-002",
+          "text": "Cover edge cases and error conditions",
+          "priority": "high",
+          "reason": "Edge cases often hide bugs"
+        },
+        {
+          "id": "test-unit-003",
+          "text": "Use descriptive test names that explain behavior",
+          "priority": "medium",
+          "reason": "Test names document expected behavior"
+        },
+        {
+          "id": "test-unit-004",
+          "text": "Target 90%+ coverage for core logic",
+          "priority": "high",
+          "reason": "High coverage reduces regression risk"
+        }
+      ]
+    },
+    {
+      "name": "component_testing",
+      "triggers": {
+        "files": ["**/components/**", "**/features/**", "**/widgets/**"],
+        "imports": ["@testing-library/react", "react-test-renderer"],
+        "patterns": ["render(", "screen.", "userEvent"]
+      },
+      "items": [
+        {
+          "id": "test-comp-001",
+          "text": "Test user interactions (click, type, submit)",
+          "priority": "high",
+          "reason": "UI should respond correctly to user actions"
+        },
+        {
+          "id": "test-comp-002",
+          "text": "Test different component states (loading, error, success)",
+          "priority": "high",
+          "reason": "Components should handle all states gracefully"
+        },
+        {
+          "id": "test-comp-003",
+          "text": "Use Testing Library queries by role/label for accessibility",
+          "priority": "medium",
+          "reason": "Tests that query like users improve accessibility"
+        }
+      ]
+    },
+    {
+      "name": "api_testing",
+      "triggers": {
+        "files": ["**/api/**", "**/hook/**", "**/query/**", "**/mutation/**"],
+        "imports": ["msw", "nock", "@tanstack/react-query"],
+        "patterns": ["fetch(", "axios", "useMutation", "useQuery"]
+      },
+      "items": [
+        {
+          "id": "test-api-001",
+          "text": "Mock API responses with MSW for realistic testing",
+          "priority": "high",
+          "reason": "Avoid mocking implementation details"
+        },
+        {
+          "id": "test-api-002",
+          "text": "Test loading, success, and error states",
+          "priority": "high",
+          "reason": "API calls can fail in multiple ways"
+        },
+        {
+          "id": "test-api-003",
+          "text": "Test retry and caching behavior",
+          "priority": "medium",
+          "reason": "Data fetching libraries have complex behavior"
+        }
+      ]
+    }
+  ]
+}

package/.ai-rules/rules/core.md

@@ -2,11 +2,12 @@
 
 ### Work Modes
 
-You have three modes of operation:
+You have four modes of operation:
 
 1. **Plan mode** - Define a plan without making changes
 2. **Act mode** - Execute the plan and make changes
 3. **Eval mode** - Analyze results and propose improvements
+4. **Auto mode** - Autonomous execution cycling PLAN → ACT → EVAL until quality achieved
 
 **Mode Rules:**
 - Start in PLAN mode by default
@@ -16,6 +17,8 @@ You have three modes of operation:
 - EVAL mode analyzes ACT results and proposes improved PLAN
 - After EVAL completes, return to PLAN mode with improvement suggestions
 - User can repeat ACT → EVAL → PLAN cycle until satisfied
+- Move to AUTO mode when user types `AUTO` (or localized: 자동, 自動, 自动, AUTOMÁTICO)
+- AUTO mode autonomously cycles through PLAN → ACT → EVAL until quality targets met
 - When in plan mode always output the full updated plan in every response
 
 **Default Flow:**
@@ -28,12 +31,18 @@ PLAN → (user: ACT) → ACT → PLAN (automatic return)
 PLAN → (user: ACT) → ACT → PLAN → (user: EVAL) → EVAL → Improved PLAN
 ```
 
-**Key Point:** EVAL is opt-in, not automatic. User must explicitly request evaluation.
+**Autonomous Flow:**
+```
+(user: AUTO) → AUTO [PLAN → ACT → EVAL → repeat until Critical=0 AND High=0]
+```
+
+**Key Point:** EVAL is opt-in, not automatic. User must explicitly request evaluation. AUTO mode handles the entire cycle automatically.
 
 **Mode Indicators:**
 - Print `# Mode: PLAN` in plan mode
 - Print `# Mode: ACT` in act mode
 - Print `# Mode: EVAL` in eval mode
+- Print `# Mode: AUTO` in auto mode (with iteration number)
 
 ---
 
@@ -524,6 +533,19 @@ Self-improvement through iterative refinement
 - [ ] State management: State changes propagate correctly
 - [ ] Async flow: Async/await chains remain valid
 
+## 🔍 리팩토링 검증
+
+**검토 범위**: [변경된 파일 목록]
+
+### 발견된 문제
+- 🔴 `[file.ts:line]` - 조건 분기: [조건문이 특정 케이스만 처리하는 문제]
+- ⚠️ `[file.ts:line]` - 옵셔널 처리: [null/undefined 참조 위험]
+
+### 검증 완료 (문제 없음)
+- ✅ [검증 항목명]
+
+*스킵 사유: [신규 파일만 생성 / 문서만 변경 / 테스트만 추가 / 해당 없음]*
+
 ## 📊 Objective Assessment
 | Criteria | Measured | Target | Status |
 |----------|----------|--------|--------|
@@ -634,6 +656,7 @@ Self-improvement through iterative refinement
 - [ ] All findings include objective evidence (location, metric, target)
 - [ ] Devil's Advocate Analysis completed
 - [ ] Impact Radius Analysis completed (dependencies, contract changes, side effects)
+- [ ] Refactoring Verification completed (or skip reason stated)
 - [ ] Critical Findings section appears before What Works
 - [ ] No defense of implementation decisions
 
@@ -672,6 +695,181 @@ Self-improvement through iterative refinement
 - Already meeting all standards
 - Time-sensitive quick fixes
 
+---
+
+### Auto Mode
+
+**Important:**
+- AUTO mode is an **autonomous execution mode** that cycles through PLAN → ACT → EVAL automatically
+- User initiates with `AUTO` keyword and the system handles the entire workflow
+- Continues iterating until quality targets are achieved or maximum iterations reached
+- Best for tasks where iterative refinement is expected
+
+**Trigger:**
+- Type `AUTO` to start autonomous execution
+- Korean: `자동`
+- Japanese: `自動`
+- Chinese: `自动`
+- Spanish: `AUTOMÁTICO`
+
+**Purpose:**
+Autonomous iterative development - automatically cycling through planning, implementation, and evaluation until quality standards are met.
+
+**How AUTO Works:**
+
+1. **Initial Phase: PLAN**
+   - Creates implementation plan following TDD and augmented coding principles
+   - Activates Primary Developer Agent automatically
+   - Outputs structured plan with todo items
+
+2. **Execution Phase: ACT**
+   - Executes the plan created in PLAN phase
+   - Follows TDD cycle for core logic, Test-After for UI
+   - Maintains quality standards throughout
+
+3. **Evaluation Phase: EVAL**
+   - Automatically evaluates the implementation (no user prompt required)
+   - Activates Code Reviewer Agent
+   - Assesses quality across all mandatory perspectives
+   - Categorizes issues by severity: Critical, High, Medium, Low
+
+4. **Iteration Decision:**
+   - **Success (Exit):** Critical = 0 AND High = 0 → Complete with success summary
+   - **Continue:** Critical > 0 OR High > 0 → Return to PLAN with improvements
+   - **Failure (Exit):** Max iterations reached → Transition to PLAN mode with suggestions
+
+**Exit Conditions:**
+
+| Condition | Result | Next Action |
+|-----------|--------|-------------|
+| Critical = 0 AND High = 0 | Success | Display completion summary |
+| Max iterations reached | Failure | Transition to PLAN with remaining issues |
+| User interruption | Stopped | Return control to user |
+
+**Configuration:**
+
+| Parameter | Default | Range | Description |
+|-----------|---------|-------|-------------|
+| `auto.maxIterations` | 3 | 1-10 | Maximum PLAN→ACT→EVAL cycles before forced exit |
+
+**🔴 Agent Activation (STRICT):**
+- When AUTO mode is triggered, **Primary Developer Agent** (e.g., `.ai-rules/agents/frontend-developer.json`) **MUST** be automatically activated for PLAN and ACT phases
+- During EVAL phase, **Code Reviewer Agent** (`.ai-rules/agents/code-reviewer.json`) **MUST** be automatically activated
+- The respective Agent's workflow framework and all mandatory requirements MUST be followed
+- See `.ai-rules/agents/` for complete agent frameworks
+
+**Output Format:**
+```
+# Mode: AUTO
+## Autonomous Execution Started
+
+Task: [Task description]
+Max Iterations: [maxIterations]
+
+---
+
+## Iteration 1/[maxIterations] - PLAN Phase
+[Standard PLAN mode output]
+
+---
+## Iteration 1/[maxIterations] - ACT Phase
+[Standard ACT mode output]
+
+---
+## Iteration 1/[maxIterations] - EVAL Phase
+[Standard EVAL mode output]
+
+Issues Found:
+- Critical: [N]
+- High: [N] <- 반복 필요 (if Critical > 0 OR High > 0)
+- Medium: [N]
+- Low: [N]
+
+[If continue iteration: proceed to next iteration]
+[If success: display completion format]
+[If max iterations: display failure format]
+```
+
+**Success Completion Format:**
+```
+---
+# Mode: AUTO - COMPLETED
+
+Task completed successfully!
+Final Stats:
+- Iterations: [N]/[maxIterations]
+- Critical: 0, High: 0
+- Medium: [N], Low: [N]
+
+Modified Files:
+- [file1]
+- [file2]
+```
+
+**Failure (Max Iterations) Format:**
+```
+---
+# Mode: AUTO - MAX ITERATIONS REACHED
+
+[maxIterations]회 시도했지만 일부 이슈가 남아있습니다.
+
+Remaining Issues:
+- [CRITICAL] [Issue description]
+- [HIGH] [Issue description]
+
+시도한 접근:
+- Iteration 1: [approach]
+- Iteration 2: [approach]
+- Iteration 3: [approach]
+
+---
+# Mode: PLAN
+```
+
+**When to use AUTO:**
+- Complex features requiring multiple refinement cycles
+- Tasks where iterative improvement is expected
+- When you want hands-off development until quality is achieved
+- Production-critical code requiring thorough quality assurance
+- Large implementations that benefit from systematic iteration
+
+**When to use manual workflow instead:**
+- Simple, single-step implementations
+- When you want fine-grained control over each phase
+- Exploratory development where direction may change
+- Time-sensitive tasks that shouldn't iterate
+- When specific phase customization is needed
+
+**AUTO vs Manual Comparison:**
+
+| Aspect | AUTO Mode | Manual (PLAN/ACT/EVAL) |
+|--------|-----------|------------------------|
+| User intervention | Minimal (start only) | Required for each phase |
+| Iteration control | Automatic | User-controlled |
+| Best for | Complex, iterative tasks | Simple or exploratory tasks |
+| Quality guarantee | Enforced (exit conditions) | User judgment |
+| Time efficiency | Optimized for quality | Optimized for control |
+
+**🔴 Required:**
+- All PLAN phases must follow the Primary Developer Agent's workflow framework
+- All ACT phases must follow the Primary Developer Agent's code quality checklist
+- All EVAL phases must follow the Code Reviewer Agent's evaluation framework
+- Respond in the language specified in the agent's communication.language setting
+- Continue iterating automatically until exit conditions are met (Critical = 0 AND High = 0)
+- Transition to PLAN mode with remaining issues when max iterations reached
+
+**Verification:**
+- Mode indicator `# Mode: AUTO` should be first line at start
+- Task description and max iterations should be displayed in start header
+- Each iteration should display phase indicator: `## Iteration N/[maxIterations] - [Phase] Phase`
+- EVAL phase must include issues summary with Critical, High, Medium, Low counts
+- Success completion should display `# Mode: AUTO - COMPLETED`
+- Failure completion should display `# Mode: AUTO - MAX ITERATIONS REACHED`
+- Exit conditions should be evaluated after each EVAL phase
+- Agent activation rules from PLAN, ACT, EVAL modes apply to respective phases within AUTO mode
+
+---
+
 ### Communication Rules
 
 - **Respond in the language specified in the agent's communication.language setting**