maestro-flow 0.4.19 → 0.4.20

package/workflows/swarm/wf-review.js

@@ -0,0 +1,226 @@
+export const meta = {
+  name: 'wf-review',
+  description: 'Multi-dimension parallel code review via workflow-reviewer with adversarial verification',
+  whenToUse: 'Accelerate quality-review with parallel dimension-specific scanning and finding verification',
+  phases: [
+    { title: 'Scan', detail: 'Parallel dimension scanning via workflow-reviewer' },
+    { title: 'Verify', detail: 'Adversarial verification of critical findings' },
+    { title: 'Report', detail: 'Consolidated review report with verdict' },
+  ],
+}
+
+// Aligned with workflow-reviewer.md dimension definitions
+const REVIEW_DIMENSIONS = [
+  { key: 'correctness', prefix: 'COR', prompt: 'Dimension: correctness. Focus: Logic errors, off-by-one, null handling, missing error propagation, type mismatches, unhandled edge cases, broken invariants, incorrect conditions.' },
+  { key: 'security', prefix: 'SEC', prompt: 'Dimension: security. Focus: Injection vectors (SQL/command/XSS), auth bypass, hardcoded secrets, missing input validation, data exposure in logs/errors, SSRF, IDOR, insecure crypto.' },
+  { key: 'performance', prefix: 'PRF', prompt: 'Dimension: performance. Focus: O(n^2+) algorithms, N+1 queries, missing pagination, resource leaks (unclosed handles/streams), synchronous blocking, missing caching, bundle size impact.' },
+  { key: 'architecture', prefix: 'ARC', prompt: 'Dimension: architecture. Focus: Layer violations (UI calling DB directly), circular dependencies, god classes/functions, inconsistent patterns, tight coupling, missing abstractions.' },
+  { key: 'maintainability', prefix: 'MNT', prompt: 'Dimension: maintainability. Focus: Functions >50 lines, cyclomatic complexity >10, duplicated logic, unclear naming, dead code, missing error context, poor separation of concerns.' },
+  { key: 'best-practices', prefix: 'BPR', prompt: 'Dimension: best-practices. Focus: Deprecated API usage, framework anti-patterns, inconsistent style with codebase, missing TypeScript strict checks, raw `any` types, missing documentation for public APIs.' },
+]
+
+const FINDING_SCHEMA = {
+  type: 'object',
+  properties: {
+    dimension: { type: 'string' },
+    findings: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' },
+          dimension: { type: 'string' },
+          severity: { type: 'string', enum: ['critical', 'high', 'medium', 'low'] },
+          title: { type: 'string' },
+          file: { type: 'string' },
+          line: { type: 'number' },
+          description: { type: 'string' },
+          suggestion: { type: 'string' },
+          evidence: { type: 'string' },
+        },
+        required: ['id', 'dimension', 'severity', 'title', 'file', 'description'],
+      },
+    },
+  },
+  required: ['dimension', 'findings'],
+}
+
+const VERDICT_SCHEMA = {
+  type: 'object',
+  properties: {
+    finding_id: { type: 'string' },
+    is_real: { type: 'boolean' },
+    confidence: { type: 'number', minimum: 0, maximum: 100 },
+    reasoning: { type: 'string' },
+    adjusted_severity: { type: 'string', enum: ['critical', 'high', 'medium', 'low', 'false-positive'] },
+  },
+  required: ['finding_id', 'is_real', 'confidence', 'reasoning'],
+}
+
+const REPORT_SCHEMA = {
+  type: 'object',
+  properties: {
+    verdict: { type: 'string', enum: ['APPROVE', 'REQUEST_CHANGES', 'BLOCK'] },
+    overall_quality: { type: 'number', minimum: 1, maximum: 5 },
+    dimension_summary: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          dimension: { type: 'string' },
+          finding_count: { type: 'number' },
+          max_severity: { type: 'string' },
+          assessment: { type: 'string' },
+        },
+        required: ['dimension', 'finding_count'],
+      },
+    },
+    blocking_issues: { type: 'array', items: { type: 'object', properties: { id: { type: 'string' }, title: { type: 'string' }, file: { type: 'string' }, severity: { type: 'string' }, suggestion: { type: 'string' } }, required: ['id', 'title', 'file', 'severity'] } },
+    summary: { type: 'string' },
+  },
+  required: ['verdict', 'overall_quality', 'dimension_summary', 'blocking_issues', 'summary'],
+}
+
+const target = args?.target || 'changed files on current branch'
+const scope = args?.scope || ''
+const specs = args?.specs || ''
+const tier = args?.tier || 'standard'
+const dimensions = args?.dimensions
+  ? REVIEW_DIMENSIONS.filter(d => args.dimensions.includes(d.key))
+  : (tier === 'quick' ? REVIEW_DIMENSIONS.slice(0, 3) : REVIEW_DIMENSIONS)
+
+// Phase 1: Parallel dimension scanning via workflow-reviewer
+phase('Scan')
+log(`Scanning ${dimensions.length} dimensions in parallel via workflow-reviewer...`)
+
+const scans = await parallel(
+  dimensions.map(dim => () =>
+    agent(
+      `${dim.prompt}
+
+Review target: ${target}
+${scope ? 'Files to review: ' + scope : 'Find changed files via git diff and review them.'}
+${specs ? 'Project specs/conventions: ' + specs : ''}
+
+Process:
+1. Read the target files (use git diff if no explicit file list)
+2. Perform structural scan — imports, exports, function signatures, complexity indicators
+3. Apply dimension-specific analysis rules
+4. Classify severity: Critical (security vuln, data corruption, crash) / High (logic bug, resource leak) / Medium (code smell, maintainability) / Low (style, minor optimization)
+5. Return only real, actionable findings with specific file paths, line numbers, and evidence
+
+Finding IDs use format: ${dim.prefix}-{NNN}`,
+      { label: `scan:${dim.key}`, phase: 'Scan', schema: FINDING_SCHEMA, agentType: 'workflow-reviewer' }
+    )
+  )
+)
+
+const validScans = scans.filter(Boolean)
+const allFindings = validScans.flatMap(s => s.findings)
+const criticalHigh = allFindings.filter(f => f.severity === 'critical' || f.severity === 'high')
+
+log(`Found ${allFindings.length} total (${criticalHigh.length} critical/high across ${validScans.length} dimensions)`)
+
+// Phase 2: Adversarial verification of critical/high findings
+phase('Verify')
+
+if (criticalHigh.length > 0) {
+  log(`Adversarially verifying ${criticalHigh.length} critical/high findings...`)
+
+  const verified = await pipeline(
+    criticalHigh,
+    (finding) => agent(
+      `Adversarially verify this code review finding. Your job is to REFUTE it — find reasons it might be:
+- A false positive (the code is actually correct)
+- Less severe than claimed (downgrade severity)
+- Not applicable in this context
+
+Finding: [${finding.severity}] ${finding.id}: ${finding.title}
+File: ${finding.file}${finding.line ? ':' + finding.line : ''}
+Description: ${finding.description}
+Evidence: ${finding.evidence || 'none provided'}
+
+Read the actual source code at the specified location. Check:
+1. Is the code actually doing what the finding claims?
+2. Is there handling elsewhere that mitigates this?
+3. Is the severity justified?
+
+Default to is_real=false and adjusted_severity=false-positive if uncertain.
+Only confirm findings you can verify in the actual code with high confidence.`,
+      { label: `verify:${finding.id}`, phase: 'Verify', schema: VERDICT_SCHEMA }
+    )
+  )
+
+  const confirmedFindings = []
+  const falsePositives = []
+
+  verified.filter(Boolean).forEach((verdict, i) => {
+    const finding = criticalHigh[i]
+    if (verdict.is_real && verdict.confidence >= 60) {
+      confirmedFindings.push({ ...finding, verdict: verdict, adjusted_severity: verdict.adjusted_severity || finding.severity })
+    } else {
+      falsePositives.push({ ...finding, verdict: verdict })
+    }
+  })
+
+  const lowMedFindings = allFindings.filter(f => f.severity === 'medium' || f.severity === 'low')
+
+  // Phase 3: Consolidated report
+  phase('Report')
+
+  const report = await agent(
+    `Generate a consolidated code review report.
+
+Confirmed findings (adversarially verified, ${confirmedFindings.length}):
+${confirmedFindings.map(f => `- [${f.adjusted_severity}] ${f.id}: ${f.title} @ ${f.file}:${f.line || '?'} (confidence: ${f.verdict.confidence}%)\n  ${f.description}`).join('\n') || 'None'}
+
+False positives filtered: ${falsePositives.length}
+${falsePositives.map(f => `- ${f.id}: ${f.title} — ${f.verdict.reasoning}`).join('\n') || ''}
+
+Low/medium findings (not individually verified, ${lowMedFindings.length}):
+${lowMedFindings.map(f => `- [${f.severity}] ${f.id}: ${f.title} @ ${f.file}`).join('\n') || 'None'}
+
+Determine verdict:
+- APPROVE: no confirmed critical/high findings
+- REQUEST_CHANGES: has confirmed high findings but no critical
+- BLOCK: has confirmed critical findings
+
+Rate overall quality (1-5) and summarize per dimension.`,
+    { label: 'report', phase: 'Report', schema: REPORT_SCHEMA }
+  )
+
+  return {
+    report: report,
+    confirmed: confirmedFindings,
+    false_positives: falsePositives,
+    low_findings: lowMedFindings,
+    metadata: {
+      target: target,
+      dimensions_scanned: dimensions.length,
+      total_findings: allFindings.length,
+      verified_count: criticalHigh.length,
+      confirmed_count: confirmedFindings.length,
+      false_positive_count: falsePositives.length,
+      verdict: report ? report.verdict : 'UNKNOWN',
+    },
+  }
+} else {
+  phase('Report')
+  log('No critical/high findings — generating clean report')
+
+  return {
+    report: { verdict: 'APPROVE', overall_quality: 4, dimension_summary: validScans.map(s => ({ dimension: s.dimension, finding_count: s.findings.length, max_severity: s.findings[0]?.severity || 'none', assessment: 'Clean' })), blocking_issues: [], summary: 'No critical or high severity issues found. Code passes review.' },
+    confirmed: [],
+    false_positives: [],
+    low_findings: allFindings,
+    metadata: {
+      target: target,
+      dimensions_scanned: dimensions.length,
+      total_findings: allFindings.length,
+      verified_count: 0,
+      confirmed_count: 0,
+      false_positive_count: 0,
+      verdict: 'APPROVE',
+    },
+  }
+}

package/workflows/swarm/wf-verify.js

@@ -0,0 +1,298 @@
+export const meta = {
+  name: 'wf-verify',
+  description: 'Three-layer goal-backward verification via workflow-verifier + anti-pattern scan',
+  whenToUse: 'Accelerate maestro-verify with parallel existence/substance/connection checks and convergence validation',
+  phases: [
+    { title: 'Check', detail: 'Parallel 3-layer verification + anti-pattern scan via workflow-verifier' },
+    { title: 'Aggregate', detail: 'Cross-layer aggregation and gap analysis' },
+  ],
+}
+
+// Aligned with workflow-verifier.md: Layer 1 Existence, Layer 2 Substance, Layer 3 Connection
+const LAYER_SCHEMA = {
+  type: 'object',
+  properties: {
+    layer: { type: 'string', enum: ['existence', 'substance', 'connection'] },
+    passed: { type: 'boolean' },
+    checks: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          goal: { type: 'string' },
+          status: { type: 'string', enum: ['pass', 'fail', 'partial', 'skip'] },
+          evidence: { type: 'string' },
+          file: { type: 'string' },
+          gap: { type: 'string' },
+        },
+        required: ['goal', 'status', 'evidence'],
+      },
+    },
+    summary: { type: 'string' },
+  },
+  required: ['layer', 'passed', 'checks', 'summary'],
+}
+
+const CONVERGENCE_SCHEMA = {
+  type: 'object',
+  properties: {
+    task_id: { type: 'string' },
+    criteria_results: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          criterion: { type: 'string' },
+          met: { type: 'boolean' },
+          evidence: { type: 'string' },
+          verification_command: { type: 'string' },
+          command_output: { type: 'string' },
+        },
+        required: ['criterion', 'met', 'evidence'],
+      },
+    },
+    overall_converged: { type: 'boolean' },
+  },
+  required: ['task_id', 'criteria_results', 'overall_converged'],
+}
+
+const ANTIPATTERN_SCHEMA = {
+  type: 'object',
+  properties: {
+    clean: { type: 'boolean' },
+    findings: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          type: { type: 'string', enum: ['stub', 'placeholder', 'todo', 'fixme', 'empty-return', 'empty-catch', 'ts-ignore', 'skip-test', 'hardcoded-secret', 'not-implemented'] },
+          file: { type: 'string' },
+          line: { type: 'number' },
+          content: { type: 'string' },
+          severity: { type: 'string', enum: ['blocker', 'warning'] },
+        },
+        required: ['type', 'file', 'content', 'severity'],
+      },
+    },
+  },
+  required: ['clean', 'findings'],
+}
+
+const AGGREGATE_SCHEMA = {
+  type: 'object',
+  properties: {
+    status: { type: 'string', enum: ['pass', 'fail'] },
+    confidence: { type: 'number', minimum: 0, maximum: 100 },
+    layers: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          layer: { type: 'string' },
+          passed: { type: 'boolean' },
+          total_checks: { type: 'number' },
+          passed_checks: { type: 'number' },
+          failed_checks: { type: 'number' },
+        },
+        required: ['layer', 'passed', 'total_checks', 'passed_checks'],
+      },
+    },
+    convergence_summary: {
+      type: 'object',
+      properties: {
+        total_tasks: { type: 'number' },
+        converged_tasks: { type: 'number' },
+        unmet_criteria: { type: 'array', items: { type: 'object', properties: { task: { type: 'string' }, criterion: { type: 'string' } }, required: ['task', 'criterion'] } },
+      },
+      required: ['total_tasks', 'converged_tasks'],
+    },
+    gaps: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          description: { type: 'string' },
+          source_layer: { type: 'string' },
+          severity: { type: 'string', enum: ['critical', 'high', 'medium', 'low'] },
+          remediation: { type: 'string' },
+          affected_files: { type: 'array', items: { type: 'string' } },
+        },
+        required: ['description', 'source_layer', 'severity', 'remediation'],
+      },
+    },
+    antipattern_blockers: { type: 'number' },
+    executive_summary: { type: 'string' },
+  },
+  required: ['status', 'confidence', 'layers', 'gaps', 'executive_summary'],
+}
+
+const goals = args?.goals || ''
+const planDir = args?.plan_dir || ''
+const scope = args?.scope || ''
+const taskFiles = args?.task_files || []
+const skipTests = args?.skip_tests || false
+const skipAntipattern = args?.skip_antipattern || false
+const mustHaves = args?.must_haves || ''
+
+// Phase 1: Parallel 3-layer + anti-pattern + convergence checks
+phase('Check')
+
+const checks = [
+  // Layer 1: Existence — verify all expected artifacts exist
+  () => agent(
+    `Layer 1 — EXISTENCE verification.
+Goals: ${goals}
+${planDir ? 'Plan directory: ' + planDir + ' — read task JSONs for expected files[]' : ''}
+${scope ? 'Scope: ' + scope : ''}
+${mustHaves ? 'Must-haves (artifacts): ' + mustHaves : ''}
+
+Verify all expected artifacts EXIST:
+1. Read task JSON files in plan directory to find files[].path where action="create"
+2. Check each expected file exists on disk (Glob/Read)
+3. Verify functions/classes/modules are present at files[].target
+4. Check configuration entries are added
+5. Report pass/fail with evidence (actual file paths found or missing)
+
+Set layer="existence" in output.`,
+    { label: 'layer:existence', phase: 'Check', schema: LAYER_SCHEMA, agentType: 'workflow-verifier' }
+  ),
+
+  // Layer 2: Substance — verify artifacts are non-trivial
+  () => agent(
+    `Layer 2 — SUBSTANCE verification.
+Goals: ${goals}
+${planDir ? 'Plan directory: ' + planDir : ''}
+${scope ? 'Scope: ' + scope : ''}
+
+Verify artifacts contain REAL SUBSTANCE (not stubs):
+1. Read implementation files — check for meaningful logic (not empty bodies, not pass-through)
+2. Verify functions have real implementations (not "throw new Error('not implemented')")
+3. Check tests actually test behavior (not empty test cases or skipped tests)
+4. Verify configuration values are real (not placeholder/TODO values)
+5. Check error handling is substantive (not empty catch blocks)
+
+Set layer="substance" in output.`,
+    { label: 'layer:substance', phase: 'Check', schema: LAYER_SCHEMA, agentType: 'workflow-verifier' }
+  ),
+
+  // Layer 3: Connection — verify wiring
+  () => agent(
+    `Layer 3 — CONNECTION verification.
+Goals: ${goals}
+${planDir ? 'Plan directory: ' + planDir : ''}
+${scope ? 'Scope: ' + scope : ''}
+${mustHaves ? 'Must-haves (key_links): ' + mustHaves : ''}
+
+Verify artifacts are properly WIRED together:
+1. Check imports resolve correctly (no broken import paths)
+2. Verify new modules are registered/exported from index files
+3. Check routes are mounted, handlers connected
+4. Verify event handlers and callbacks are wired
+5. Check database models are used consistently across layers
+6. Verify dependency injection and configuration loading
+
+Set layer="connection" in output.`,
+    { label: 'layer:connection', phase: 'Check', schema: LAYER_SCHEMA, agentType: 'workflow-verifier' }
+  ),
+]
+
+// Anti-pattern scan (unless skipped)
+if (!skipAntipattern) {
+  checks.push(() => agent(
+    `Anti-pattern scan for modified files.
+${scope ? 'Scope: ' + scope : 'Scan recently modified files (use git diff --name-only).'}
+
+Search for code quality anti-patterns using grep:
+- TODO / FIXME comments that indicate incomplete work
+- Empty catch blocks: catch (e) {} or catch { }
+- Empty returns in functions that should return values
+- @ts-ignore / @ts-expect-error without explanatory comment
+- Skipped tests: .skip, xit, xdescribe, test.skip
+- Hardcoded secrets: password=, api_key=, secret= with literal values
+- Placeholder text: "lorem ipsum", "test123", "TODO", "PLACEHOLDER"
+- Not-implemented stubs: throw new Error("not implemented"), pass, ...
+
+Use Grep tool to find these patterns. Report each with exact file and line number.
+Severity: "blocker" for stubs/not-implemented/hardcoded-secrets, "warning" for TODO/FIXME.`,
+    { label: 'antipattern', phase: 'Check', schema: ANTIPATTERN_SCHEMA, agentType: 'workflow-verifier' }
+  ))
+}
+
+// Per-task convergence validation (if task files provided)
+if (taskFiles.length > 0) {
+  checks.push(...taskFiles.map((taskFile, idx) => () => agent(
+    `Per-task convergence validation for: ${taskFile}
+
+1. Read the task JSON file at: ${taskFile}
+2. Find convergence.criteria[] — each item is a condition that must be true
+3. If convergence.verification command exists, run it via Bash
+4. Check each criterion individually (pass/fail with specific evidence)
+5. Cross-reference with task summaries in .summaries/ if they exist
+
+Report overall_converged=true only if ALL criteria are met.`,
+    { label: `convergence:task-${idx}`, phase: 'Check', schema: CONVERGENCE_SCHEMA, agentType: 'workflow-verifier' }
+  )))
+}
+
+log(`Running ${checks.length} parallel verification checks...`)
+const results = await parallel(checks)
+const validResults = results.filter(Boolean)
+
+const layers = validResults.filter(r => r.layer)
+const antipatterns = validResults.find(r => r.clean !== undefined) || { clean: true, findings: [] }
+const convergenceResults = validResults.filter(r => r.task_id)
+
+// Phase 2: Aggregate
+phase('Aggregate')
+
+const layerDigest = layers.map(l => {
+  const passCount = l.checks.filter(c => c.status === 'pass').length
+  const failCount = l.checks.filter(c => c.status === 'fail').length
+  return `Layer: ${l.layer} — ${l.passed ? 'PASS' : 'FAIL'} (${passCount} pass, ${failCount} fail)\n${l.summary}\nFailed checks:\n${l.checks.filter(c => c.status === 'fail').map(c => `  - ${c.goal}: ${c.gap || c.evidence}`).join('\n') || '  none'}`
+}).join('\n\n')
+
+const convergenceDigest = convergenceResults.length > 0
+  ? `Convergence: ${convergenceResults.filter(c => c.overall_converged).length}/${convergenceResults.length} tasks converged\nUnmet criteria:\n${convergenceResults.filter(c => !c.overall_converged).flatMap(c => c.criteria_results.filter(cr => !cr.met).map(cr => `  - ${c.task_id}: ${cr.criterion}`)).join('\n') || '  none'}`
+  : 'No convergence criteria checked (no task files provided).'
+
+const antipatternDigest = antipatterns.clean
+  ? 'Anti-pattern scan: CLEAN'
+  : `Anti-pattern scan: ${antipatterns.findings.length} issues (${antipatterns.findings.filter(f => f.severity === 'blocker').length} blockers)\n${antipatterns.findings.map(f => `  [${f.severity}] ${f.type} @ ${f.file}:${f.line || '?'}: ${f.content}`).join('\n')}`
+
+const aggregate = await agent(
+  `Aggregate all verification results into a final assessment.
+
+${layerDigest}
+
+${convergenceDigest}
+
+${antipatternDigest}
+
+Determine:
+1. Overall status: "pass" requires ALL layers pass AND no antipattern blockers AND all convergence met
+2. Confidence score (0-100) — based on evidence strength and coverage
+3. Per-layer summary with check counts
+4. Convergence summary (if tasks checked)
+5. Consolidated gap list: extract every failed check and antipattern blocker, assign severity, suggest remediation
+6. Executive summary (what works, what's broken, what to do next)`,
+  { label: 'aggregate', phase: 'Aggregate', schema: AGGREGATE_SCHEMA }
+)
+
+return {
+  layers: layers,
+  convergence: convergenceResults,
+  antipatterns: antipatterns,
+  aggregate: aggregate,
+  metadata: {
+    layer_count: layers.length,
+    total_checks: layers.reduce((sum, l) => sum + l.checks.length, 0),
+    passed_checks: layers.reduce((sum, l) => sum + l.checks.filter(c => c.status === 'pass').length, 0),
+    failed_checks: layers.reduce((sum, l) => sum + l.checks.filter(c => c.status === 'fail').length, 0),
+    convergence_tasks: convergenceResults.length,
+    converged_tasks: convergenceResults.filter(c => c.overall_converged).length,
+    antipattern_count: antipatterns.findings.length,
+    blocker_count: antipatterns.findings.filter(f => f.severity === 'blocker').length,
+    overall_status: aggregate ? aggregate.status : 'unknown',
+    confidence: aggregate ? aggregate.confidence : 0,
+  },
+}