npm - maestro-flow - Versions diffs - 0.3.2 → 0.3.4 - Mend

maestro-flow 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/.claude/skills/team-review/SKILL.md CHANGED Viewed

@@ -1,147 +1,147 @@
----
-name: team-review
-description: "Unified team skill for code review. 3-role pipeline: scanner, reviewer, fixer. Triggers on team-review."
-allowed-tools: TeamCreate(*), TeamDelete(*), SendMessage(*), TaskCreate(*), TaskUpdate(*), TaskList(*), TaskGet(*), Agent(*), AskUserQuestion(*), Read(*), Write(*), Edit(*), Bash(*), Glob(*), Grep(*), mcp__ace-tool__search_context(*), mcp__ccw-tools__team_msg(*)
----
-# Team Review
-Orchestrate multi-agent code review: scanner -> reviewer -> fixer. Toolchain + LLM scan, deep analysis with root cause enrichment, and automated fix with rollback-on-failure.
-## Architecture
-```
-Skill(skill="team-review", args="task description")
-                    |
-         SKILL.md (this file) = Router
-                    |
-     +--------------+--------------+
-     |                             |
-  no --role flag              --role <name>
-     |                             |
-  Coordinator                  Worker
-  roles/coordinator/role.md    roles/<name>/role.md
-     |
-     +-- analyze -> dispatch -> spawn workers -> STOP
-                                    |
-                    +-------+-------+-------+
-                    v       v       v
-                [scan]  [review]  [fix]
-                team-worker agents, each loads roles/<role>/role.md
-```
-## Role Registry
-| Role | Path | Prefix | Inner Loop |
-|------|------|--------|------------|
-| coordinator | [roles/coordinator/role.md](roles/coordinator/role.md) | — | — |
-| scanner | [roles/scanner/role.md](roles/scanner/role.md) | SCAN-* | false |
-| reviewer | [roles/reviewer/role.md](roles/reviewer/role.md) | REV-* | false |
-| fixer | [roles/fixer/role.md](roles/fixer/role.md) | FIX-* | true |
-## Role Router
-Parse `$ARGUMENTS`:
-- Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
-- No `--role` -> `@roles/coordinator/role.md`, execute entry router
-## Shared Constants
-- **Session prefix**: `RV`
-- **Session path**: `.workflow/.team/RV-<slug>-<date>/`
-- **Team name**: `review`
-- **CLI tools**: `maestro cli --mode analysis` (read-only), `maestro cli --mode write` (modifications)
-- **Message bus**: `mcp__ccw-tools__team_msg(session_id=<session-id>, ...)`
-## Worker Spawn Template
-Coordinator spawns workers using this template:
-```
-Agent({
-  subagent_type: "team-worker",
-  description: "Spawn <role> worker",
-  team_name: "review",
-  name: "<role>",
-  run_in_background: true,
-  prompt: `## Role Assignment
-role: <role>
-role_spec: <skill_root>/roles/<role>/role.md
-session: <session-folder>
-session_id: <session-id>
-team_name: review
-requirement: <task-description>
-inner_loop: <true|false>
-## Progress Milestones
-session_id: <session-id>
-Report progress via team_msg at natural phase boundaries (context loaded -> core work done -> verification).
-Report blockers immediately via team_msg type="blocker".
-Report completion via team_msg type="task_complete" after final SendMessage.
-Read role_spec file (@<skill_root>/roles/<role>/role.md) to load Phase 2-4 domain instructions.
-Execute built-in Phase 1 (task discovery) -> role Phase 2-4 -> built-in Phase 5 (report).`
-})
-```
-## User Commands
-| Command | Action |
-|---------|--------|
-| `check` / `status` | View pipeline status graph |
-| `resume` / `continue` | Advance to next step |
-| `--full` | Enable scan + review + fix pipeline |
-| `--fix` | Fix-only mode (skip scan/review) |
-| `-q` / `--quick` | Quick scan only |
-| `--dimensions=sec,cor,prf,mnt` | Custom dimensions |
-| `-y` / `--yes` | Skip confirmations |
-## Completion Action
-When pipeline completes, coordinator presents:
-```
-AskUserQuestion({
-  questions: [{
-    question: "Review pipeline complete. What would you like to do?",
-    header: "Completion",
-    multiSelect: false,
-    options: [
-      { label: "Archive & Clean (Recommended)", description: "Archive session, clean up team" },
-      { label: "Keep Active", description: "Keep session for follow-up work" },
-      { label: "Export Results", description: "Export deliverables to target directory" }
-    ]
-  }]
-})
-```
-## Session Directory
-```
-.workflow/.team/RV-<slug>-<date>/
-├── .msg/messages.jsonl     # Team message bus
-├── .msg/meta.json          # Session state + cross-role state
-├── wisdom/                 # Cross-task knowledge
-├── scan/                   # Scanner output
-├── review/                 # Reviewer output
-└── fix/                    # Fixer output
-```
-## Specs Reference
-- [specs/pipelines.md](specs/pipelines.md) — Pipeline definitions and task registry
-- [specs/dimensions.md](specs/dimensions.md) — Review dimension definitions (SEC/COR/PRF/MNT)
-- [specs/finding-schema.json](specs/finding-schema.json) — Finding data schema
-- [specs/team-config.json](specs/team-config.json) — Team configuration
-## Error Handling
-| Scenario | Resolution |
-|----------|------------|
-| Unknown --role value | Error with available role list |
-| Role not found | Error with expected path (roles/<name>/role.md) |
-| CLI tool fails | Worker fallback to direct implementation |
-| Scanner finds 0 findings | Report clean, skip review + fix |
-| User declines fix | Delete FIX tasks, complete with review-only results |
-| Fast-advance conflict | Coordinator reconciles on next callback |
-| Completion action fails | Default to Keep Active |
+---
+name: team-review
+description: "Unified team skill for code review. 3-role pipeline: scanner, reviewer, fixer. Triggers on team-review."
+allowed-tools: TeamCreate(*), TeamDelete(*), SendMessage(*), TaskCreate(*), TaskUpdate(*), TaskList(*), TaskGet(*), Agent(*), AskUserQuestion(*), Read(*), Write(*), Edit(*), Bash(*), Glob(*), Grep(*), mcp__ace-tool__search_context(*), mcp__ccw-tools__team_msg(*)
+---
+# Team Review
+Orchestrate multi-agent code review: scanner -> reviewer -> fixer. Toolchain + LLM scan, deep analysis with root cause enrichment, and automated fix with rollback-on-failure.
+## Architecture
+```
+Skill(skill="team-review", args="task description")
+                    |
+         SKILL.md (this file) = Router
+                    |
+     +--------------+--------------+
+     |                             |
+  no --role flag              --role <name>
+     |                             |
+  Coordinator                  Worker
+  roles/coordinator/role.md    roles/<name>/role.md
+     |
+     +-- analyze -> dispatch -> spawn workers -> STOP
+                                    |
+                    +-------+-------+-------+
+                    v       v       v
+                [scan]  [review]  [fix]
+                team-worker agents, each loads roles/<role>/role.md
+```
+## Role Registry
+| Role | Path | Prefix | Inner Loop |
+|------|------|--------|------------|
+| coordinator | [roles/coordinator/role.md](roles/coordinator/role.md) | — | — |
+| scanner | [roles/scanner/role.md](roles/scanner/role.md) | SCAN-* | false |
+| reviewer | [roles/reviewer/role.md](roles/reviewer/role.md) | REV-* | false |
+| fixer | [roles/fixer/role.md](roles/fixer/role.md) | FIX-* | true |
+## Role Router
+Parse `$ARGUMENTS`:
+- Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
+- No `--role` -> `@roles/coordinator/role.md`, execute entry router
+## Shared Constants
+- **Session prefix**: `RV`
+- **Session path**: `.workflow/.team/RV-<slug>-<date>/`
+- **Team name**: `review`
+- **CLI tools**: `maestro delegate --mode analysis` (read-only), `maestro delegate --mode write` (modifications)
+- **Message bus**: `mcp__ccw-tools__team_msg(session_id=<session-id>, ...)`
+## Worker Spawn Template
+Coordinator spawns workers using this template:
+```
+Agent({
+  subagent_type: "team-worker",
+  description: "Spawn <role> worker",
+  team_name: "review",
+  name: "<role>",
+  run_in_background: true,
+  prompt: `## Role Assignment
+role: <role>
+role_spec: <skill_root>/roles/<role>/role.md
+session: <session-folder>
+session_id: <session-id>
+team_name: review
+requirement: <task-description>
+inner_loop: <true|false>
+## Progress Milestones
+session_id: <session-id>
+Report progress via team_msg at natural phase boundaries (context loaded -> core work done -> verification).
+Report blockers immediately via team_msg type="blocker".
+Report completion via team_msg type="task_complete" after final SendMessage.
+Read role_spec file (@<skill_root>/roles/<role>/role.md) to load Phase 2-4 domain instructions.
+Execute built-in Phase 1 (task discovery) -> role Phase 2-4 -> built-in Phase 5 (report).`
+})
+```
+## User Commands
+| Command | Action |
+|---------|--------|
+| `check` / `status` | View pipeline status graph |
+| `resume` / `continue` | Advance to next step |
+| `--full` | Enable scan + review + fix pipeline |
+| `--fix` | Fix-only mode (skip scan/review) |
+| `-q` / `--quick` | Quick scan only |
+| `--dimensions=sec,cor,prf,mnt` | Custom dimensions |
+| `-y` / `--yes` | Skip confirmations |
+## Completion Action
+When pipeline completes, coordinator presents:
+```
+AskUserQuestion({
+  questions: [{
+    question: "Review pipeline complete. What would you like to do?",
+    header: "Completion",
+    multiSelect: false,
+    options: [
+      { label: "Archive & Clean (Recommended)", description: "Archive session, clean up team" },
+      { label: "Keep Active", description: "Keep session for follow-up work" },
+      { label: "Export Results", description: "Export deliverables to target directory" }
+    ]
+  }]
+})
+```
+## Session Directory
+```
+.workflow/.team/RV-<slug>-<date>/
+├── .msg/messages.jsonl     # Team message bus
+├── .msg/meta.json          # Session state + cross-role state
+├── wisdom/                 # Cross-task knowledge
+├── scan/                   # Scanner output
+├── review/                 # Reviewer output
+└── fix/                    # Fixer output
+```
+## Specs Reference
+- [specs/pipelines.md](specs/pipelines.md) — Pipeline definitions and task registry
+- [specs/dimensions.md](specs/dimensions.md) — Review dimension definitions (SEC/COR/PRF/MNT)
+- [specs/finding-schema.json](specs/finding-schema.json) — Finding data schema
+- [specs/team-config.json](specs/team-config.json) — Team configuration
+## Error Handling
+| Scenario | Resolution |
+|----------|------------|
+| Unknown --role value | Error with available role list |
+| Role not found | Error with expected path (roles/<name>/role.md) |
+| CLI tool fails | Worker fallback to direct implementation |
+| Scanner finds 0 findings | Report clean, skip review + fix |
+| User declines fix | Delete FIX tasks, complete with review-only results |
+| Fast-advance conflict | Coordinator reconciles on next callback |
+| Completion action fails | Default to Keep Active |

package/.claude/skills/team-review/roles/reviewer/role.md CHANGED Viewed

@@ -1,68 +1,68 @@
----
-role: reviewer
-prefix: REV
-inner_loop: false
-message_types:
-  success: review_complete
-  error: error
----
-# Finding Reviewer
-Deep analysis on scan findings: triage, root cause / impact / optimization enrichment via CLI fan-out, cross-correlation, and structured review report generation. Read-only -- never modifies source code.
-## Phase 2: Context & Triage
-| Input | Source | Required |
-|-------|--------|----------|
-| Task description | From task subject/description | Yes |
-| Session path | Extracted from task description | Yes |
-| Scan results | <session>/scan/scan-results.json | Yes |
-| .msg/meta.json | <session>/.msg/meta.json | No |
-1. Extract session path, input path, dimensions from task description
-2. Load review specs: Run `ccw spec load --category review` for review standards, checklists, and approval gates
-3. Load scan results. If missing or empty -> report clean, complete immediately
-3. Load wisdom files from `<session>/wisdom/`
-4. Triage findings into two buckets:
-| Bucket | Criteria | Action |
-|--------|----------|--------|
-| deep_analysis | severity in [critical, high, medium], max 15, sorted critical-first | Enrich with root cause, impact, optimization |
-| pass_through | remaining (low, info, or overflow) | Include in report without enrichment |
-If deep_analysis empty -> skip Phase 3, go to Phase 4.
-## Phase 3: Deep Analysis (CLI Fan-out)
-Split deep_analysis into two domain groups, run parallel CLI agents:
-| Group | Dimensions | Focus |
-|-------|-----------|-------|
-| A | Security + Correctness | Root cause tracing, fix dependencies, blast radius |
-| B | Performance + Maintainability | Optimization approaches, refactor tradeoffs |
-If either group empty -> skip that agent.
-Build prompt per group requesting 6 enrichment fields per finding:
-- `root_cause`: `{description, related_findings[], is_symptom}`
-- `impact`: `{scope: low/medium/high, affected_files[], blast_radius}`
-- `optimization`: `{approach, alternative, tradeoff}`
-- `fix_strategy`: minimal / refactor / skip
-- `fix_complexity`: low / medium / high
-- `fix_dependencies`: finding IDs that must be fixed first
-Execute via `maestro cli --tool gemini --mode analysis --rule analysis-diagnose-bug-root-cause` (fallback: qwen -> codex). Parse JSON array responses, merge with originals (CLI-enriched replace originals, unenriched get defaults). Write `<session>/review/enriched-findings.json`.
-## Phase 4: Report Generation
-1. Combine enriched + pass_through findings
-2. Cross-correlate:
-   - **Critical files**: file appears in >=2 dimensions -> list with finding_count, severities
-   - **Root cause groups**: cluster findings sharing related_findings -> identify primary
-   - **Optimization suggestions**: from root cause groups + standalone enriched findings
-3. Compute metrics: by_dimension, by_severity, dimension_severity_matrix, fixable_count, auto_fixable_count
-4. Write `<session>/review/review-report.json`: `{review_id, review_date, findings[], critical_files[], optimization_suggestions[], root_cause_groups[], summary}`
-5. Write `<session>/review/review-report.md`: Executive summary, metrics matrix (dimension x severity), critical/high findings table, critical files list, optimization suggestions, recommended fix scope
-6. Update `<session>/.msg/meta.json` with review summary
-7. Contribute discoveries to `<session>/wisdom/` files
+---
+role: reviewer
+prefix: REV
+inner_loop: false
+message_types:
+  success: review_complete
+  error: error
+---
+# Finding Reviewer
+Deep analysis on scan findings: triage, root cause / impact / optimization enrichment via CLI fan-out, cross-correlation, and structured review report generation. Read-only -- never modifies source code.
+## Phase 2: Context & Triage
+| Input | Source | Required |
+|-------|--------|----------|
+| Task description | From task subject/description | Yes |
+| Session path | Extracted from task description | Yes |
+| Scan results | <session>/scan/scan-results.json | Yes |
+| .msg/meta.json | <session>/.msg/meta.json | No |
+1. Extract session path, input path, dimensions from task description
+2. Load review specs: Run `ccw spec load --category review` for review standards, checklists, and approval gates
+3. Load scan results. If missing or empty -> report clean, complete immediately
+3. Load wisdom files from `<session>/wisdom/`
+4. Triage findings into two buckets:
+| Bucket | Criteria | Action |
+|--------|----------|--------|
+| deep_analysis | severity in [critical, high, medium], max 15, sorted critical-first | Enrich with root cause, impact, optimization |
+| pass_through | remaining (low, info, or overflow) | Include in report without enrichment |
+If deep_analysis empty -> skip Phase 3, go to Phase 4.
+## Phase 3: Deep Analysis (CLI Fan-out)
+Split deep_analysis into two domain groups, run parallel CLI agents:
+| Group | Dimensions | Focus |
+|-------|-----------|-------|
+| A | Security + Correctness | Root cause tracing, fix dependencies, blast radius |
+| B | Performance + Maintainability | Optimization approaches, refactor tradeoffs |
+If either group empty -> skip that agent.
+Build prompt per group requesting 6 enrichment fields per finding:
+- `root_cause`: `{description, related_findings[], is_symptom}`
+- `impact`: `{scope: low/medium/high, affected_files[], blast_radius}`
+- `optimization`: `{approach, alternative, tradeoff}`
+- `fix_strategy`: minimal / refactor / skip
+- `fix_complexity`: low / medium / high
+- `fix_dependencies`: finding IDs that must be fixed first
+Execute via `maestro delegate --to gemini --mode analysis --rule analysis-diagnose-bug-root-cause` (fallback: qwen -> codex). Parse JSON array responses, merge with originals (CLI-enriched replace originals, unenriched get defaults). Write `<session>/review/enriched-findings.json`.
+## Phase 4: Report Generation
+1. Combine enriched + pass_through findings
+2. Cross-correlate:
+   - **Critical files**: file appears in >=2 dimensions -> list with finding_count, severities
+   - **Root cause groups**: cluster findings sharing related_findings -> identify primary
+   - **Optimization suggestions**: from root cause groups + standalone enriched findings
+3. Compute metrics: by_dimension, by_severity, dimension_severity_matrix, fixable_count, auto_fixable_count
+4. Write `<session>/review/review-report.json`: `{review_id, review_date, findings[], critical_files[], optimization_suggestions[], root_cause_groups[], summary}`
+5. Write `<session>/review/review-report.md`: Executive summary, metrics matrix (dimension x severity), critical/high findings table, critical files list, optimization suggestions, recommended fix scope
+6. Update `<session>/.msg/meta.json` with review summary
+7. Contribute discoveries to `<session>/wisdom/` files

package/.claude/skills/team-review/roles/scanner/role.md CHANGED Viewed

@@ -1,79 +1,79 @@
----
-role: scanner
-prefix: SCAN
-inner_loop: false
-message_types:
-  success: scan_complete
-  error: error
----
-# Code Scanner
-Toolchain + LLM semantic scan producing structured findings. Static analysis tools in parallel, then LLM for issues tools miss. Read-only -- never modifies source code. 4-dimension system: security (SEC), correctness (COR), performance (PRF), maintainability (MNT).
-## Phase 2: Context & Toolchain Detection
-| Input | Source | Required |
-|-------|--------|----------|
-| Task description | From task subject/description | Yes |
-| Session path | Extracted from task description | Yes |
-| .msg/meta.json | <session>/.msg/meta.json | No |
-1. Extract session path, target, dimensions, quick flag from task description
-2. Resolve target files (glob pattern or directory -> `**/*.{ts,tsx,js,jsx,py,go,java,rs}`)
-3. If no source files found -> report empty, complete task cleanly
-4. Detect toolchain availability:
-| Tool | Detection | Dimension |
-|------|-----------|-----------|
-| tsc | `tsconfig.json` exists | COR |
-| eslint | `.eslintrc*` or `eslint` in package.json | COR/MNT |
-| semgrep | `.semgrep.yml` exists | SEC |
-| ruff | `pyproject.toml` + ruff available | SEC/COR/MNT |
-| mypy | mypy available + `pyproject.toml` | COR |
-| npmAudit | `package-lock.json` exists | SEC |
-5. Load wisdom files from `<session>/wisdom/` if they exist
-## Phase 3: Scan Execution
-**Quick mode**: Single CLI call with analysis mode, max 20 findings, skip toolchain.
-**Standard mode** (sequential):
-### 3A: Toolchain Scan
-Run detected tools in parallel via Bash backgrounding. Each tool writes to `<session>/scan/tmp/<tool>.{json|txt}`. After `wait`, parse each output into normalized findings:
-- tsc: `file(line,col): error TSxxxx: msg` -> dimension=correctness, source=tool:tsc
-- eslint: JSON array -> severity 2=correctness/high, else=maintainability/medium
-- semgrep: `{results[]}` -> dimension=security, severity from extra.severity
-- ruff: `[{code,message,filename}]` -> S*=security, F*/B*=correctness, else=maintainability
-- mypy: `file:line: error: msg [code]` -> dimension=correctness
-- npm audit: `{vulnerabilities:{}}` -> dimension=security, category=dependency
-Write `<session>/scan/toolchain-findings.json`.
-### 3B: Semantic Scan (LLM via CLI)
-Build prompt with target file patterns, toolchain dedup summary, and per-dimension focus areas:
-- SEC: Business logic vulnerabilities, privilege escalation, sensitive data flow, auth bypass
-- COR: Logic errors, unhandled exception paths, state management bugs, race conditions
-- PRF: Algorithm complexity, N+1 queries, unnecessary sync, memory leaks, missing caching
-- MNT: Architectural coupling, abstraction leaks, convention violations, dead code
-Execute via `maestro cli --tool gemini --mode analysis --rule analysis-review-code-quality` (fallback: qwen -> codex). Parse JSON array response, validate required fields (dimension, title, location.file), enforce per-dimension limit (max 5 each), filter minimum severity (medium+). Write `<session>/scan/semantic-findings.json`.
-### Tech Profile Scan
-After scan execution, emit context-aware trigger signals (based on detected codebase characteristics):
-1. Check security findings → signals (`injection_risk`, `eval_usage`, `sql_detected`, `auth_detected`)
-2. Check quality findings → risk signals (`legacy_patterns`, `test_gap`, `perf_sensitive`)
-3. Include `tech_profile` in Phase 5 state_update data
-## Phase 4: Aggregate & Output
-1. Merge toolchain + semantic findings, deduplicate (same file + line + dimension = duplicate)
-2. Assign dimension-prefixed IDs: SEC-001, COR-001, PRF-001, MNT-001
-3. Write `<session>/scan/scan-results.json` with schema: `{scan_date, target, dimensions, quick_mode, total_findings, by_severity, by_dimension, findings[]}`
-4. Each finding: `{id, dimension, category, severity, title, description, location:{file,line}, source, suggested_fix, effort, confidence}`
-5. Update `<session>/.msg/meta.json` with scan summary (findings_count, by_severity, by_dimension)
-6. Contribute discoveries to `<session>/wisdom/` files
+---
+role: scanner
+prefix: SCAN
+inner_loop: false
+message_types:
+  success: scan_complete
+  error: error
+---
+# Code Scanner
+Toolchain + LLM semantic scan producing structured findings. Static analysis tools in parallel, then LLM for issues tools miss. Read-only -- never modifies source code. 4-dimension system: security (SEC), correctness (COR), performance (PRF), maintainability (MNT).
+## Phase 2: Context & Toolchain Detection
+| Input | Source | Required |
+|-------|--------|----------|
+| Task description | From task subject/description | Yes |
+| Session path | Extracted from task description | Yes |
+| .msg/meta.json | <session>/.msg/meta.json | No |
+1. Extract session path, target, dimensions, quick flag from task description
+2. Resolve target files (glob pattern or directory -> `**/*.{ts,tsx,js,jsx,py,go,java,rs}`)
+3. If no source files found -> report empty, complete task cleanly
+4. Detect toolchain availability:
+| Tool | Detection | Dimension |
+|------|-----------|-----------|
+| tsc | `tsconfig.json` exists | COR |
+| eslint | `.eslintrc*` or `eslint` in package.json | COR/MNT |
+| semgrep | `.semgrep.yml` exists | SEC |
+| ruff | `pyproject.toml` + ruff available | SEC/COR/MNT |
+| mypy | mypy available + `pyproject.toml` | COR |
+| npmAudit | `package-lock.json` exists | SEC |
+5. Load wisdom files from `<session>/wisdom/` if they exist
+## Phase 3: Scan Execution
+**Quick mode**: Single CLI call with analysis mode, max 20 findings, skip toolchain.
+**Standard mode** (sequential):
+### 3A: Toolchain Scan
+Run detected tools in parallel via Bash backgrounding. Each tool writes to `<session>/scan/tmp/<tool>.{json|txt}`. After `wait`, parse each output into normalized findings:
+- tsc: `file(line,col): error TSxxxx: msg` -> dimension=correctness, source=tool:tsc
+- eslint: JSON array -> severity 2=correctness/high, else=maintainability/medium
+- semgrep: `{results[]}` -> dimension=security, severity from extra.severity
+- ruff: `[{code,message,filename}]` -> S*=security, F*/B*=correctness, else=maintainability
+- mypy: `file:line: error: msg [code]` -> dimension=correctness
+- npm audit: `{vulnerabilities:{}}` -> dimension=security, category=dependency
+Write `<session>/scan/toolchain-findings.json`.
+### 3B: Semantic Scan (LLM via CLI)
+Build prompt with target file patterns, toolchain dedup summary, and per-dimension focus areas:
+- SEC: Business logic vulnerabilities, privilege escalation, sensitive data flow, auth bypass
+- COR: Logic errors, unhandled exception paths, state management bugs, race conditions
+- PRF: Algorithm complexity, N+1 queries, unnecessary sync, memory leaks, missing caching
+- MNT: Architectural coupling, abstraction leaks, convention violations, dead code
+Execute via `maestro delegate --to gemini --mode analysis --rule analysis-review-code-quality` (fallback: qwen -> codex). Parse JSON array response, validate required fields (dimension, title, location.file), enforce per-dimension limit (max 5 each), filter minimum severity (medium+). Write `<session>/scan/semantic-findings.json`.
+### Tech Profile Scan
+After scan execution, emit context-aware trigger signals (based on detected codebase characteristics):
+1. Check security findings → signals (`injection_risk`, `eval_usage`, `sql_detected`, `auth_detected`)
+2. Check quality findings → risk signals (`legacy_patterns`, `test_gap`, `perf_sensitive`)
+3. Include `tech_profile` in Phase 5 state_update data
+## Phase 4: Aggregate & Output
+1. Merge toolchain + semantic findings, deduplicate (same file + line + dimension = duplicate)
+2. Assign dimension-prefixed IDs: SEC-001, COR-001, PRF-001, MNT-001
+3. Write `<session>/scan/scan-results.json` with schema: `{scan_date, target, dimensions, quick_mode, total_findings, by_severity, by_dimension, findings[]}`
+4. Each finding: `{id, dimension, category, severity, title, description, location:{file,line}, source, suggested_fix, effort, confidence}`
+5. Update `<session>/.msg/meta.json` with scan summary (findings_count, by_severity, by_dimension)
+6. Contribute discoveries to `<session>/wisdom/` files