loki-mode 4.2.0

package/references/sdlc-phases.md

@@ -0,0 +1,410 @@
+# SDLC Phases Reference
+
+All phases with detailed workflows and testing procedures.
+
+---
+
+## Phase Overview
+
+```
+Bootstrap -> Discovery -> Architecture -> Infrastructure
+     |           |            |              |
+  (Setup)   (Analyze PRD)  (Design)    (Cloud/DB Setup)
+                                             |
+Development <- QA <- Deployment <- Business Ops <- Growth Loop
+     |         |         |            |            |
+ (Build)    (Test)   (Release)    (Monitor)    (Iterate)
+```
+
+---
+
+## Phase 0: Bootstrap
+
+**Purpose:** Initialize Loki Mode environment
+
+### Actions:
+1. Create `.loki/` directory structure
+2. Initialize orchestrator state in `.loki/state/orchestrator.json`
+3. Validate PRD exists and is readable
+4. Spawn initial agent pool (3-5 agents)
+5. Create CONTINUITY.md
+
+### Directory Structure Created:
+```
+.loki/
++-- CONTINUITY.md
++-- state/
+|   +-- orchestrator.json
+|   +-- agents/
+|   +-- circuit-breakers/
++-- queue/
+|   +-- pending.json
+|   +-- in-progress.json
+|   +-- completed.json
+|   +-- dead-letter.json
++-- specs/
++-- memory/
++-- artifacts/
+```
+
+---
+
+## Phase 1: Discovery
+
+**Purpose:** Understand requirements and market context
+
+### Actions:
+1. Parse PRD, extract requirements
+2. Spawn `biz-analytics` agent for competitive research
+3. Web search competitors, extract features, reviews
+4. Identify market gaps and opportunities
+5. Generate task backlog with priorities and dependencies
+
+### Output:
+- Requirements document
+- Competitive analysis
+- Initial task backlog in `.loki/queue/pending.json`
+
+---
+
+## Phase 2: Architecture
+
+**Purpose:** Design system architecture and generate specs
+
+### SPEC-FIRST WORKFLOW
+
+**Step 1: Extract API Requirements from PRD**
+- Parse PRD for user stories and functionality
+- Map to REST/GraphQL operations
+- Document data models and relationships
+
+**Step 2: Generate OpenAPI 3.1 Specification**
+
+```yaml
+openapi: 3.1.0
+info:
+  title: Product API
+  version: 1.0.0
+paths:
+  /auth/login:
+    post:
+      summary: Authenticate user and return JWT
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required: [email, password]
+              properties:
+                email: { type: string, format: email }
+                password: { type: string, minLength: 8 }
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  token: { type: string }
+                  expiresAt: { type: string, format: date-time }
+        401:
+          description: Invalid credentials
+```
+
+**Step 3: Validate Spec**
+```bash
+npm install -g @stoplight/spectral-cli
+spectral lint .loki/specs/openapi.yaml
+swagger-cli validate .loki/specs/openapi.yaml
+```
+
+**Step 4: Generate Artifacts from Spec**
+```bash
+# TypeScript types
+npx openapi-typescript .loki/specs/openapi.yaml --output src/types/api.ts
+
+# Client SDK
+npx openapi-generator-cli generate \
+  -i .loki/specs/openapi.yaml \
+  -g typescript-axios \
+  -o src/clients/api
+
+# Server stubs
+npx openapi-generator-cli generate \
+  -i .loki/specs/openapi.yaml \
+  -g nodejs-express-server \
+  -o backend/generated
+
+# Documentation
+npx redoc-cli bundle .loki/specs/openapi.yaml -o docs/api.html
+```
+
+**Step 5: Select Tech Stack**
+- Spawn `eng-backend` + `eng-frontend` architects
+- Both agents review spec and propose stack
+- Consensus required (both must agree)
+- Self-reflection checkpoint with evidence
+
+**Step 6: Create Project Scaffolding**
+- Initialize project with tech stack
+- Install dependencies
+- Configure linters
+- Setup contract testing framework
+
+---
+
+## Phase 3: Infrastructure
+
+**Purpose:** Provision cloud resources and CI/CD
+
+### Actions:
+1. Spawn `ops-devops` agent
+2. Provision cloud resources (see `references/deployment.md`)
+3. Set up CI/CD pipelines
+4. Configure monitoring and alerting
+5. Create staging and production environments
+
+### CI/CD Pipeline:
+```yaml
+name: CI/CD Pipeline
+on: [push, pull_request]
+jobs:
+  test:
+    - Lint
+    - Type check
+    - Unit tests
+    - Contract tests
+    - Security scan
+  deploy-staging:
+    needs: test
+    - Deploy to staging
+    - Smoke tests
+  deploy-production:
+    needs: deploy-staging
+    - Blue-green deploy
+    - Health checks
+    - Auto-rollback on errors
+```
+
+---
+
+## Phase 4: Development
+
+**Purpose:** Implement features with quality gates
+
+### Workflow Per Task:
+
+```
+1. Dispatch implementation subagent (Task tool, model: sonnet)
+2. Subagent implements with TDD, commits, reports back
+3. Dispatch 3 reviewers IN PARALLEL (single message, 3 Task calls):
+   - code-reviewer (sonnet)
+   - business-logic-reviewer (sonnet)
+   - security-reviewer (sonnet)
+4. Aggregate findings by severity
+5. IF Critical/High/Medium found:
+   - Dispatch fix subagent
+   - Re-run ALL 3 reviewers
+   - Loop until all PASS
+6. Add TODO comments for Low issues
+7. Add FIXME comments for Cosmetic issues
+8. Mark task complete with git checkpoint
+```
+
+### Implementation Rules:
+- Agents implement ONLY what's in the spec
+- Must validate against openapi.yaml schema
+- Must return responses matching spec
+- Performance targets from spec x-performance extension
+
+---
+
+## Phase 5: Quality Assurance
+
+**Purpose:** Comprehensive testing and security audit
+
+### Testing Phases:
+
+**UNIT Phase:**
+```bash
+npm run test:unit
+# or
+pytest tests/unit/
+```
+- Coverage: >80% required
+- All tests must pass
+
+**INTEGRATION Phase:**
+```bash
+npm run test:integration
+```
+- Test API endpoints against actual database
+- Test external service integrations
+- Verify data flows end-to-end
+
+**E2E Phase:**
+```bash
+npx playwright test
+# or
+npx cypress run
+```
+- Test complete user flows
+- Cross-browser testing
+- Mobile responsive testing
+
+**CONTRACT Phase:**
+```bash
+npm run test:contract
+```
+- Validate implementation matches OpenAPI spec
+- Test request/response schemas
+- Breaking change detection
+
+**SECURITY Phase:**
+```bash
+npm audit
+npx snyk test
+semgrep --config=auto .
+```
+- OWASP Top 10 checks
+- Dependency vulnerabilities
+- Static analysis
+
+**PERFORMANCE Phase:**
+```bash
+npx k6 run tests/load.js
+npx lighthouse http://localhost:3000
+```
+- Load testing: 100 concurrent users for 1 minute
+- Stress testing: 500 concurrent users for 30 seconds
+- P95 response time < 500ms required
+
+**ACCESSIBILITY Phase:**
+```bash
+npx axe http://localhost:3000
+```
+- WCAG 2.1 AA compliance
+- Alt text, ARIA labels, color contrast
+- Keyboard navigation, focus indicators
+
+**REGRESSION Phase:**
+- Compare behavior against previous version
+- Verify no features broken by recent changes
+- Test backward compatibility of APIs
+
+**UAT Phase:**
+- Create acceptance tests from PRD
+- Walk through complete user journeys
+- Verify business logic matches PRD
+- Document any UX friction points
+
+---
+
+## Phase 6: Deployment
+
+**Purpose:** Release to production
+
+### Actions:
+1. Spawn `ops-release` agent
+2. Generate semantic version, changelog
+3. Create release branch, tag
+4. Deploy to staging, run smoke tests
+5. Blue-green deploy to production
+6. Monitor for 30min, auto-rollback if errors spike
+
+### Deployment Strategies:
+
+**Blue-Green:**
+```
+1. Deploy new version to "green" environment
+2. Run smoke tests
+3. Switch traffic from "blue" to "green"
+4. Keep "blue" as rollback target
+```
+
+**Canary:**
+```
+1. Deploy to 5% of traffic
+2. Monitor error rates
+3. Gradually increase to 25%, 50%, 100%
+4. Rollback if errors exceed threshold
+```
+
+---
+
+## Phase 7: Business Operations
+
+**Purpose:** Non-technical business setup
+
+### Actions:
+1. `biz-marketing`: Create landing page, SEO, content
+2. `biz-sales`: Set up CRM, outreach templates
+3. `biz-finance`: Configure billing (Stripe), invoicing
+4. `biz-support`: Create help docs, chatbot
+5. `biz-legal`: Generate ToS, privacy policy
+
+---
+
+## Phase 8: Growth Loop
+
+**Purpose:** Continuous improvement
+
+### Cycle:
+```
+MONITOR -> ANALYZE -> OPTIMIZE -> DEPLOY -> MONITOR
+    |
+Customer feedback -> Feature requests -> Backlog
+    |
+A/B tests -> Winner -> Permanent deploy
+    |
+Incidents -> RCA -> Prevention -> Deploy fix
+```
+
+### Never "Done":
+- Run performance optimizations
+- Add missing test coverage
+- Improve documentation
+- Refactor code smells
+- Update dependencies
+- Enhance user experience
+- Implement A/B test learnings
+
+---
+
+## Final Review (Before Any Deployment)
+
+```
+1. Dispatch 3 reviewers reviewing ENTIRE implementation:
+   - code-reviewer: Full codebase quality
+   - business-logic-reviewer: All requirements met
+   - security-reviewer: Full security audit
+
+2. Aggregate findings across all files
+3. Fix Critical/High/Medium issues
+4. Re-run all 3 reviewers until all PASS
+5. Generate final report in .loki/artifacts/reports/final-review.md
+6. Proceed to deployment only after all PASS
+```
+
+---
+
+## Quality Gates Summary
+
+| Gate | Agent | Pass Criteria |
+|------|-------|---------------|
+| Unit Tests | eng-qa | 100% pass |
+| Integration Tests | eng-qa | 100% pass |
+| E2E Tests | eng-qa | 100% pass |
+| Coverage | eng-qa | > 80% |
+| Linting | eng-qa | 0 errors |
+| Type Check | eng-qa | 0 errors |
+| Security Scan | ops-security | 0 high/critical |
+| Dependency Audit | ops-security | 0 vulnerabilities |
+| Performance | eng-qa | p99 < 200ms |
+| Accessibility | eng-frontend | WCAG 2.1 AA |
+| Load Test | ops-devops | Handles 10x expected traffic |
+| Chaos Test | ops-devops | Recovers from failures |
+| Cost Estimate | ops-cost | Within budget |
+| Legal Review | biz-legal | Compliant |