opencastle 0.32.12 → 0.32.13

package/src/orchestrator/skills/team-lead-reference/SKILL.md

@@ -1,21 +1,31 @@
 ---
 name: team-lead-reference
-description: "Reference data for Team Lead orchestration — model routing, pre-delegation checks, cost tracking template, and DLQ format. Load when starting a delegation session."
+description: "Provides model routing rules, validates delegation prerequisites, supplies cost tracking templates, and defines dead-letter queue formats for Team Lead orchestration. Load when assigning tasks to agents, choosing model tiers, starting a delegation session, running a multi-agent workflow, delegating work, choosing which model to use, or assigning tasks."
 ---
 
 # Team Lead Reference
 
+## Delegation Sequence
+
+1. **Score** task complexity (table below) → determines tier
+2. **Route** to model tier via Cost-Aware Routing
+3. **Deepen** plan if 3+ subtasks (Deepen-Plan Protocol)
+4. **Check** pre-delegation policy (5-point checklist below)
+5. **Delegate** using Compact Delegation Envelope
+6. **Handle** output per Status Handling table
+7. **Log** via **observability-logging** skill
+
 For the specialist agent registry and model assignments, see [agent-registry.md](../../.opencastle/agents/agent-registry.md).
 
 ## Cost-Aware Model Routing
 
-| Tier | Cost | Use For |
-|------|------|---------|
-| **Premium** | $$$$ | Team Lead orchestration, highest-stakes decisions |
-| **Quality** | $$$ | Feature implementation, UI/frontend, security, architecture, complex reasoning |
-| **Standard** | $$ | Large-scale analysis, schema design, cost-efficient coding, repo exploration |
-| **Fast** | $$ | Terminal-heavy tasks, E2E tests, data pipelines, agentic workflows |
-| **Economy** | $ | Docs, simple config, formatting, boilerplate |
+| Tier | Use For |
+|------|---------|
+| **Premium** | Team Lead orchestration, highest-stakes decisions |
+| **Quality** | Feature implementation, UI/frontend, security, architecture, complex reasoning |
+| **Standard** | Large-scale analysis, schema design, cost-efficient coding, repo exploration |
+| **Fast** | Terminal-heavy tasks, E2E tests, data pipelines, agentic workflows |
+| **Economy** | Docs, simple config, formatting, boilerplate |
 
 **Selection:** Default to agent's assigned tier. Downgrade pure docs/config → Economy. Upgrade security/architecture ambiguity → Quality/Premium. Never Premium/Quality for boilerplate. 3+ parallel agents → prefer Economy/Fast/Standard.
 
@@ -61,16 +71,21 @@ For the specialist agent registry and model assignments, see [agent-registry.md]
 
 | Status | Action |
 |--------|--------|
-| Complete | All AC addressed → fast review |
-| Complete with concerns | Resolve correctness/scope before review |
-| Needs context | Provide info, re-dispatch same agent |
-| Blocked | Provide context/upgrade model/escalate; never re-dispatch unchanged |
+| Complete | Fast review |
+| Complete with concerns | Resolve before review |
+| Needs context | Provide info; re-dispatch |
+| Blocked | Upgrade model/escalate; never re-dispatch unchanged |
 
 ## Pre-Delegation Policy Checks
 
-See Team Lead agent § Pre-Delegation Checks for the mandatory 5-point checklist.
-- **Feature work** adds: (6) Known issues reviewed, (7) Architecture docs read, (8) Existing code searched.
-- **High-risk work** adds: (9) Panel review planned, (10) Rollback path identified.
+1. Tracker issue exists for this task
+2. File partition is clean (no overlap with parallel agents)
+3. All dependency tasks are Done
+4. Delegation prompt has file paths + acceptance criteria
+5. Self-improvement reminder included (`Read LESSONS-LEARNED.md first`)
+
+**Feature work** adds: (6) Known issues reviewed, (7) Architecture docs read, (8) Existing code searched.
+**High-risk work** adds: (9) Panel review planned, (10) Rollback path identified.
 
 ## Compact Delegation Envelope
 
@@ -104,22 +119,14 @@ For common failure modes and recovery procedures, load the **orchestration-proto
 
 ## Dispute Protocol
 
-| Scenario | Action |
-|----------|--------|
-| Tool error / timeout / MCP failure | DLQ entry |
-| Scope creep | DLQ entry + redirect |
-| Agent fails 2+ times (simple) | DLQ entry |
-| Panel 3x BLOCK / agent-reviewer disagreement / criteria contradictions / no convergence / needs human | Dispute record |
-
-Create in `.opencastle/DISPUTES.md` (inspired by [Steroids CLI](https://github.com/UnlikeOtherAI/steroids-cli)):
+Triggers: Panel 3× BLOCK, agent-reviewer disagreement, criteria contradictions, no convergence, needs human input.
 
-1. Number (`DSP-XXX`) and set priority (critical/high/medium/low)
-2. Document both perspectives with file/code references
-3. Build attempt history with one-line verdict summaries
-4. Present ≥2 options with rationale/risk; note recommended action
-5. Link panel reports, review logs, changed files, DLQ entries
-6. Log with **observability-logging** dispute command; add ID to tracker and Index
+Create in `.opencastle/DISPUTES.md`:
+1. Number (`DSP-XXX`), set priority, document both perspectives with file references
+2. Build attempt history; present ≥2 options with rationale/risk
+3. Link panel reports, DLQ entries, changed files
+4. Log with **observability-logging** dispute command
 
-**After human resolution:** Set `Status` → `resolved`/`deferred`. Record chosen option. Resolved → re-delegate with decision as explicit constraint. Deferred → create follow-up issue. Log in `events.ndjson`.
+**After resolution:** `resolved` → re-delegate with decision as constraint. `deferred` → follow-up issue.
 
 

package/src/orchestrator/skills/testing-workflow/SKILL.md

@@ -1,10 +1,18 @@
 ---
 name: testing-workflow
-description: "Comprehensive testing workflow including test planning, unit/integration/E2E testing patterns, coverage requirements, and common testing mistakes. Use when writing tests, planning test strategies, or validating feature completeness."
+description: "Generates test plans, writes unit/integration/E2E test files, identifies coverage gaps, and flags common testing anti-patterns. Use when writing tests, creating test suites, planning test strategies, mocking dependencies, measuring code coverage, or test planning."
 ---
 
 # Testing Workflow
 
+## Workflow
+
+1. **Plan** — Write a test plan using the Pre-Implementation categories below.
+2. **Implement** — Write unit/integration tests; run and verify passing.
+3. **E2E** — Run E2E tests in browser via the **e2e-testing** capability slot.
+4. **Validate** — Run the Post-Implementation Checklist.
+5. **Fix loop** — If any step fails → fix → re-run from step 2.
+
 ## Core Rules
 
 - Validate every feature: happy paths, edge cases, error conditions, interactions.
@@ -63,4 +71,49 @@ Suite files: see `.opencastle/project.instructions.md`.
 
 ## Commands
 
-Resolve exact commands via the **codebase-tool** skill (run tests, run with coverage, update snapshots, run affected only).
+```sh
+# Unit / integration
+npx vitest run --coverage          # all tests + coverage
+npx vitest run src/utils.test.ts   # single file
+
+# E2E (Playwright)
+npx playwright test                # all E2E suites
+npx playwright test --ui           # interactive mode
+```
+
+```ts
+// Unit test with mock
+import { describe, it, expect, vi } from 'vitest';
+import { fetchItems } from './api';
+
+describe('fetchItems', () => {
+  it('returns filtered results', async () => {
+    vi.spyOn(global, 'fetch').mockResolvedValue(
+      new Response(JSON.stringify([{ id: 1, name: 'test' }]))
+    );
+    const items = await fetchItems({ category: 'active' });
+    expect(items).toHaveLength(1);
+    expect(fetch).toHaveBeenCalledWith(expect.stringContaining('category=active'));
+  });
+});
+```
+
+```ts
+// E2E test (Playwright)
+import { test, expect } from '@playwright/test';
+
+test('filter updates results and URL', async ({ page }) => {
+  await page.goto('/items');
+  await page.getByRole('combobox', { name: 'Category' }).selectOption('active');
+  await expect(page).toHaveURL(/category=active/);
+  await expect(page.getByRole('listitem')).not.toHaveCount(0);
+});
+```
+
+## References
+
+| Resource | Purpose |
+|----------|--------|
+| **browser-testing** skill | Chrome DevTools automation for E2E |
+| **validation-gates** Gate 3 | Responsive breakpoint checks |
+| `project.instructions.md` | Suite files, project-specific test config |

package/src/orchestrator/skills/validation-gates/REFERENCE.md

@@ -0,0 +1,50 @@
+> Parent: [SKILL.md](./SKILL.md)
+
+# Validation Gates Reference
+
+Extended checklists and options for validation gates.
+
+## Gate 4: Full Dependency Audit Checklist
+
+| Check | Tool / Command | Pass Criteria | On Failure |
+|-------|---------------|---------------|------------|
+| Vulnerability | `npm audit --audit-level=moderate` | No new high/critical | BLOCK — use patched version or alternative |
+| Bundle size | `npx source-map-explorer dist/*.js` | Frontend pkgs ≤50KB gzipped | SHOULD-FIX; blocking if >200KB |
+| License | `npx license-checker --onlyAllow 'MIT;ISC;BSD-2-Clause;BSD-3-Clause;Apache-2.0'` | No copyleft in prod deps | BLOCK — remove or replace |
+| Duplicates | `npx npm-dedupe --check` or inspect lockfile | No duplicate major versions of same pkg | SHOULD-FIX |
+| Maintenance | Check npm page / GitHub | Last publish <18 months; >100 weekly downloads | Evaluate alternatives |
+| Peer deps | `npm ls --depth=0` | No unmet peer dependencies | Fix before merge |
+| Type coverage | `npx @arethetypeswrong/cli <pkg>` | No `false` CJS/ESM resolution | SHOULD-FIX for new deps |
+
+## Gate 7: Browser Testing Options
+
+### Viewport Presets
+
+| Preset | Width × Height |
+|--------|---------------|
+| `mobile` | 375 × 812 |
+| `tablet` | 768 × 1024 |
+| `desktop` | 1440 × 900 |
+
+### MCP Payload Options
+
+```json
+{
+	"tool": "browser-testing/capture_screenshot",
+	"url": "http://localhost:3000/page",
+	"viewports": ["mobile", "tablet", "desktop"],
+	"wait_selector": ".content-loaded",
+	"auth": { "cookie": "session=abc123" },
+	"full_page": true
+}
+```
+
+### Console Error Check
+
+```json
+{
+	"tool": "browser-testing/evaluate_script",
+	"url": "http://localhost:3000",
+	"script": "window.__console_errors || []"
+}
+```

package/src/orchestrator/skills/validation-gates/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: validation-gates
-description: "Shared validation gates for all orchestration workflows — secret scanning, deterministic checks, blast radius analysis, dependency auditing, browser testing, cache management, regression checks, and final smoke tests. Referenced by prompt templates to maintain single source of truth."
+description: "Defines 10 sequential validation gates: secret scanning, lint/test/build checks, blast radius analysis, dependency auditing, browser testing, cache management, regression checks, and smoke tests. Use when running pre-deploy validation or CI checks, CI/CD pipelines, deployment pipeline validation, pre-merge checks, continuous integration, or pull request validation."
 ---
 
 # Validation Gates
@@ -24,10 +24,18 @@ description: "Shared validation gates for all orchestration workflows — secret
 
 Scan every diff **before** any other gate.
 
+Example tool: `gitleaks detect --source . --verbosity warn` (or CI equivalent) — fail on findings matching secrets rules.
+
 ## Gate 2: Deterministic Checks
 
 Run for every affected project (resolve exact commands via the **codebase-tool** skill): lint (with auto-fix), test, build. All must pass with zero errors.
 
+Example (project with npm scripts):
+
+```bash
+npm run lint && npm test --silent && npm run build
+```
+
 ## Gate 3: Blast Radius Check
 
 | Metric | Normal | Warning | Escalate |
@@ -36,66 +44,62 @@ Run for every affected project (resolve exact commands via the **codebase-tool**
 | Files changed | ≤5 | 6–10 | >10 |
 | Projects affected | ≤1 | 2 | >2 |
 
-- **Normal** — proceed to Gate 4
-- **Warning** — log in delegation record; investigate partition drift if unexpected
-- **Escalate** — STOP. Verify partition; split or revert; mandatory fast review (no auto-PASS)
+- **Normal** — proceed
+- **Warning** — log; investigate partition drift
+- **Escalate** — STOP; verify partition; split or revert; no auto-PASS
 
-**Sensitive files** (always Warning regardless of line count): auth/middleware (`middleware.ts`, `auth.ts`, `**/auth/**`), DB migrations/RLS, security headers/CSP (`next.config.*`, `vercel.json`), env schemas (`.env.example`, `env.ts`), CI/CD (`.github/workflows/**`), package configs (`package.json`, lockfiles) — also triggers Gate 4.
+**Sensitive files** (always Warning): `**/auth/**`, DB migrations, `next.config.*`, `.env*`, `.github/workflows/**`, lockfiles — also triggers Gate 4.
 
 ## Gate 4: Dependency Audit
 
 > Runs only when `package.json`, `yarn.lock`, `package-lock.json`, `pnpm-lock.yaml`, or similar lockfiles are modified.
 
-| Check | Tool | Pass Criteria | On Failure |
-|-------|------|---------------|------------|
-| Vulnerability | `npm audit` | No new high/critical | BLOCK — use patched version or alternative |
-| License | — | MIT, Apache-2.0, BSD-*, ISC | Flag for human review (non-blocking) |
-| Bundle size | — | Frontend pkgs ≤50KB gzipped | SHOULD-FIX; blocking if >200KB |
-| Duplicates | — | No overlap with existing deps | SHOULD-FIX |
-| Maintenance | — | Updated <2yr, ≥100 weekly DLs | Flag |
+| Check | Tool / Example Command | Pass Criteria | On Failure |
+|-------|-------------------------|---------------|------------|
+| Vulnerability | `npm audit --audit-level=moderate` | No new high/critical | BLOCK — use patched version or alternative |
+| Bundle size | `npx source-map-explorer dist/*.js` or `npx bundlesize` | Frontend pkgs ≤50KB gzipped (project policy) | SHOULD-FIX; blocking if >200KB |
 
-## Gate 5: Fast Review
+See [REFERENCE.md](REFERENCE.md) for the full dependency-audit checklist (license, duplicates, maintenance, and additional checks).
 
-> **HARD GATE.** Every delegation must pass. Spawn a reviewer sub-agent; PASS → proceed; FAIL → re-delegate (up to 2 retries); 3× FAIL → Gate 9 panel. Load **fast-review** skill.
-
-**Auto-PASS** (skip reviewer): pure research with no code changes; only `.md` files modified; all deterministic gates passed AND ≤10 lines across ≤2 files AND no sensitive files touched.
+## Gate 5: Fast Review
 
-> **Sensitive file override:** Sensitive files (Gate 3 list) never get auto-PASS, even for 1-line changes.
+Spawn reviewer sub-agent (load **fast-review** skill). PASS → proceed; FAIL → re-delegate (max 2); 3× FAIL → Gate 9. Auto-PASS rules: see **fast-review** skill.
 
 ## Gate 6: Cache Clearing
 
-Clear framework and task runner caches before starting the dev server. See **codebase-tool** skill.
-
+```bash
+rm -rf node_modules/.cache .next/cache .astro/ dist/
+```
 ## Gate 7: Browser Testing
 
-> **HARD GATE:** UI changes are NOT done without screenshots in Chrome proving the feature works.
+UI changes require Chrome screenshots. Start dev server → verify ACs → responsive breakpoints → capture screenshots. Load **browser-testing** skill.
 
-1. Start dev server (see **codebase-tool** skill)
-2. Verify all acceptance-criteria items render and behave correctly
-3. Test responsive breakpoints; verify empty, error, and loading states
-4. Capture screenshots of key states (REQUIRED)
+```json
+{ "tool": "browser-testing/capture_screenshot", "url": "http://localhost:3000", "viewports": ["mobile", "desktop"] }
+```
 
-Load the **browser-testing** skill for Chrome MCP commands, breakpoints, and reporting format.
+Additional options: see [REFERENCE.md](REFERENCE.md).
 
 ## Gate 8: Regression Testing
 
-1. Run full test suite for all affected projects
-2. Browser-test adjacent pages; verify navigation, routing, and back-button
-3. Check shared components in all consuming apps if a shared library changed
+1. `npm test -- --runInBand` for all affected projects
+2. Browser-test adjacent pages (navigation, routing, back-button). Identify adjacent pages by searching for route imports or links to the changed path (e.g., `rg "href=\"/changed-path|import .*from '@/components/changed'"`).
+3. Check consuming apps / packages that import the changed files: search the repo for the component or package name (e.g., `rg "from '@/components/PriceRange'|@my-org/ui-package"`) and run their tests or quick smoke builds.
 
 ## Gate 9: Panel Review
 
-Use the **panel-majority-vote** skill for: security-sensitive changes, DB migrations, architecture decisions/large refactors, complex business logic without comprehensive tests.
+Load **panel-majority-vote** skill — spawns 3 isolated reviewers, majority (2/3) wins. Use for: security-sensitive changes, DB migrations, architecture decisions.
 
-On BLOCK: extract MUST-FIX items, re-delegate, re-run panel. Max 3 attempts, then escalate to Architect.
+```js
+runSubagent({ agentName: 'Reviewer', prompt: `Panel review 1/3: ${criteria}` });
+```
 
 ## Gate 10: Final Smoke Test
 
 > Runs once after ALL tasks are Done.
 
-1. Full build + full test suite from clean state
-2. End-to-end browser walkthrough (loading, empty, populated, error states, transitions)
-3. Cross-task integration check
-4. Final responsive sweep (if UI)
+```bash
+npm run build && npm test && npx playwright test
+```
 
-**Skip for:** non-UI with comprehensive tests, or single-task features (Gate 8 covers those). On failure: re-delegate the specific failing integration only.
+Full build + test from clean state → E2E browser walkthrough → cross-task integration check → responsive sweep (if UI). On failure: re-delegate the specific failing integration only.