pi-crew 0.1.44 → 0.1.45

package/src/utils/redaction.ts

@@ -1,44 +1,44 @@
-const SECRET_KEY_PATTERN = /(?:^|[_.-])(token|api[-_]?key|password|passwd|secret|credential|authorization|private[-_]?key)(?:$|[_.-])/i;
-const INLINE_SECRET_PATTERN = /(^|[\s,{])(([A-Za-z0-9_.-]*(?:api[-_]?key|token|password|passwd|secret|credential|authorization|private[-_]?key)[A-Za-z0-9_.-]*)\s*[=:]\s*)([^\s,;"'}]+)/gi;
-const AUTH_HEADER_PATTERN = /\b(Authorization\s*:\s*(?:Bearer|Basic|Token)?\s*)([^\r\n]+)/gi;
-const BEARER_PATTERN = /\b(Bearer\s+)([A-Za-z0-9._~+/=-]{8,})\b/g;
-const PEM_PRIVATE_KEY_PATTERN = /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g;
-
-function isRecord(value: unknown): value is Record<string, unknown> {
-	if (!value || typeof value !== "object" || Array.isArray(value)) return false;
-	// Exclude built-in types whose Object.entries() would produce empty arrays.
-	if (value instanceof Date || value instanceof RegExp || value instanceof Error || value instanceof Map || value instanceof Set) return false;
-	return true;
-}
-
-function isSecretKey(keyName: string): boolean {
-	return SECRET_KEY_PATTERN.test(keyName) || /^(token|apiKey|api_key|password|secret|credential|authorization|privateKey|private_key)$/i.test(keyName);
-}
-
-export function redactSecretString(value: string): string {
-	return value
-		.replace(PEM_PRIVATE_KEY_PATTERN, "***")
-		.replace(AUTH_HEADER_PATTERN, "$1***")
-		.replace(BEARER_PATTERN, "$1***")
-		.replace(INLINE_SECRET_PATTERN, "$1$2***");
-}
-
-export function redactSecrets(value: unknown, keyName = ""): unknown {
-	if (keyName && isSecretKey(keyName)) return "***";
-	if (typeof value === "string") return redactSecretString(value);
-	if (Array.isArray(value)) return value.map((item) => redactSecrets(item));
-	if (isRecord(value)) {
-		const output: Record<string, unknown> = {};
-		for (const [key, entry] of Object.entries(value)) output[key] = redactSecrets(entry, key);
-		return output;
-	}
-	return value;
-}
-
-export function redactJsonLine(line: string): string {
-	try {
-		return JSON.stringify(redactSecrets(JSON.parse(line) as unknown));
-	} catch {
-		return redactSecretString(line);
-	}
-}
+const SECRET_KEY_PATTERN = /(?:^|[_.-])(token|api[-_]?key|password|passwd|secret|credential|authorization|private[-_]?key)(?:$|[_.-])/i;
+const INLINE_SECRET_PATTERN = /(^|[\s,{])(([A-Za-z0-9_.-]*(?:api[-_]?key|token|password|passwd|secret|credential|authorization|private[-_]?key)[A-Za-z0-9_.-]*)\s*[=:]\s*)([^\s,;"'}]+)/gi;
+const AUTH_HEADER_PATTERN = /\b(Authorization\s*:\s*(?:Bearer|Basic|Token)?\s*)([^\r\n]+)/gi;
+const BEARER_PATTERN = /\b(Bearer\s+)([A-Za-z0-9._~+/=-]{8,})\b/g;
+const PEM_PRIVATE_KEY_PATTERN = /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g;
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return false;
+	// Exclude built-in types whose Object.entries() would produce empty arrays.
+	if (value instanceof Date || value instanceof RegExp || value instanceof Error || value instanceof Map || value instanceof Set) return false;
+	return true;
+}
+
+function isSecretKey(keyName: string): boolean {
+	return SECRET_KEY_PATTERN.test(keyName) || /^(token|apiKey|api_key|password|secret|credential|authorization|privateKey|private_key)$/i.test(keyName);
+}
+
+export function redactSecretString(value: string): string {
+	return value
+		.replace(PEM_PRIVATE_KEY_PATTERN, "***")
+		.replace(AUTH_HEADER_PATTERN, "$1***")
+		.replace(BEARER_PATTERN, "$1***")
+		.replace(INLINE_SECRET_PATTERN, "$1$2***");
+}
+
+export function redactSecrets(value: unknown, keyName = ""): unknown {
+	if (keyName && isSecretKey(keyName)) return "***";
+	if (typeof value === "string") return redactSecretString(value);
+	if (Array.isArray(value)) return value.map((item) => redactSecrets(item));
+	if (isRecord(value)) {
+		const output: Record<string, unknown> = {};
+		for (const [key, entry] of Object.entries(value)) output[key] = redactSecrets(entry, key);
+		return output;
+	}
+	return value;
+}
+
+export function redactJsonLine(line: string): string {
+	try {
+		return JSON.stringify(redactSecrets(JSON.parse(line) as unknown));
+	} catch {
+		return redactSecretString(line);
+	}
+}

package/src/utils/safe-paths.ts

@@ -1,47 +1,47 @@
-import * as fs from "node:fs";
-import * as path from "node:path";
-
-export function isSafePathId(value: string): boolean {
-	return /^[A-Za-z0-9_-]+$/.test(value);
-}
-
-export function assertSafePathId(kind: string, value: string): string {
-	if (!isSafePathId(value)) throw new Error(`Invalid ${kind}: ${value}`);
-	return value;
-}
-
-export function resolveContainedPath(baseDir: string, targetPath: string): string {
-	const base = path.resolve(baseDir);
-	const resolved = path.isAbsolute(targetPath) ? path.resolve(targetPath) : path.resolve(base, targetPath);
-	const relative = path.relative(base, resolved);
-	if (relative.startsWith("..") || path.isAbsolute(relative)) throw new Error(`Path is outside ${baseDir}: ${targetPath}`);
-	return resolved;
-}
-
-export function resolveRealContainedPath(baseDir: string, targetPath: string): string {
-	const resolved = resolveContainedPath(baseDir, targetPath);
-	let realBase: string;
-	let realTarget: string;
-	try {
-		realBase = fs.realpathSync.native(baseDir);
-	} catch (baseError) {
-		throw new Error(`Cannot resolve real path of base directory ${baseDir}: ${baseError instanceof Error ? baseError.message : String(baseError)}`);
-	}
-	try {
-		realTarget = fs.realpathSync.native(resolved);
-	} catch (targetError) {
-		if ((targetError as NodeJS.ErrnoException).code === "ENOENT") {
-			throw new Error(`Path does not exist: ${resolved}`);
-		}
-		throw new Error(`Cannot resolve real path of ${resolved}: ${targetError instanceof Error ? targetError.message : String(targetError)}`);
-	}
-	const relative = path.relative(realBase, realTarget);
-	if (relative.startsWith("..") || path.isAbsolute(relative)) throw new Error(`Path is outside ${baseDir}: ${targetPath}`);
-	return realTarget;
-}
-
-export function resolveContainedRelativePath(baseDir: string, relativePath: string, kind = "path"): string {
-	const normalized = relativePath.replaceAll("\\", "/").replace(/^\.\/+/, "");
-	if (!normalized || normalized.split("/").some((segment) => segment === "..") || path.isAbsolute(normalized)) throw new Error(`Invalid ${kind}: ${relativePath}`);
-	return resolveContainedPath(baseDir, path.resolve(baseDir, normalized));
-}
+import * as fs from "node:fs";
+import * as path from "node:path";
+
+export function isSafePathId(value: string): boolean {
+	return /^[A-Za-z0-9_-]+$/.test(value);
+}
+
+export function assertSafePathId(kind: string, value: string): string {
+	if (!isSafePathId(value)) throw new Error(`Invalid ${kind}: ${value}`);
+	return value;
+}
+
+export function resolveContainedPath(baseDir: string, targetPath: string): string {
+	const base = path.resolve(baseDir);
+	const resolved = path.isAbsolute(targetPath) ? path.resolve(targetPath) : path.resolve(base, targetPath);
+	const relative = path.relative(base, resolved);
+	if (relative.startsWith("..") || path.isAbsolute(relative)) throw new Error(`Path is outside ${baseDir}: ${targetPath}`);
+	return resolved;
+}
+
+export function resolveRealContainedPath(baseDir: string, targetPath: string): string {
+	const resolved = resolveContainedPath(baseDir, targetPath);
+	let realBase: string;
+	let realTarget: string;
+	try {
+		realBase = fs.realpathSync.native(baseDir);
+	} catch (baseError) {
+		throw new Error(`Cannot resolve real path of base directory ${baseDir}: ${baseError instanceof Error ? baseError.message : String(baseError)}`);
+	}
+	try {
+		realTarget = fs.realpathSync.native(resolved);
+	} catch (targetError) {
+		if ((targetError as NodeJS.ErrnoException).code === "ENOENT") {
+			throw new Error(`Path does not exist: ${resolved}`);
+		}
+		throw new Error(`Cannot resolve real path of ${resolved}: ${targetError instanceof Error ? targetError.message : String(targetError)}`);
+	}
+	const relative = path.relative(realBase, realTarget);
+	if (relative.startsWith("..") || path.isAbsolute(relative)) throw new Error(`Path is outside ${baseDir}: ${targetPath}`);
+	return realTarget;
+}
+
+export function resolveContainedRelativePath(baseDir: string, relativePath: string, kind = "path"): string {
+	const normalized = relativePath.replaceAll("\\", "/").replace(/^\.\/+/, "");
+	if (!normalized || normalized.split("/").some((segment) => segment === "..") || path.isAbsolute(normalized)) throw new Error(`Invalid ${kind}: ${relativePath}`);
+	return resolveContainedPath(baseDir, path.resolve(baseDir, normalized));
+}

package/src/utils/sleep.ts

@@ -1,32 +1,32 @@
-/**
- * Sleep helper that respects abort signal.
- */
-export function sleep(ms: number, signal?: AbortSignal): Promise<void> {
-	return new Promise((resolve, reject) => {
-		if (signal?.aborted) {
-			reject(signal.reason instanceof Error ? signal.reason : new Error("Aborted"));
-			return;
-		}
-
-		let settled = false;
-		const cleanup = (): void => {
-			if (signal) signal.removeEventListener("abort", onAbort);
-		};
-		const timeout = setTimeout(() => {
-			if (settled) return;
-			settled = true;
-			cleanup();
-			resolve();
-		}, ms);
-
-		const onAbort = (): void => {
-			if (settled) return;
-			settled = true;
-			clearTimeout(timeout);
-			cleanup();
-			reject(signal?.reason instanceof Error ? signal.reason : new Error("Aborted"));
-		};
-
-		signal?.addEventListener("abort", onAbort);
-	});
-}
+/**
+ * Sleep helper that respects abort signal.
+ */
+export function sleep(ms: number, signal?: AbortSignal): Promise<void> {
+	return new Promise((resolve, reject) => {
+		if (signal?.aborted) {
+			reject(signal.reason instanceof Error ? signal.reason : new Error("Aborted"));
+			return;
+		}
+
+		let settled = false;
+		const cleanup = (): void => {
+			if (signal) signal.removeEventListener("abort", onAbort);
+		};
+		const timeout = setTimeout(() => {
+			if (settled) return;
+			settled = true;
+			cleanup();
+			resolve();
+		}, ms);
+
+		const onAbort = (): void => {
+			if (settled) return;
+			settled = true;
+			clearTimeout(timeout);
+			cleanup();
+			reject(signal?.reason instanceof Error ? signal.reason : new Error("Aborted"));
+		};
+
+		signal?.addEventListener("abort", onAbort);
+	});
+}

package/src/workflows/validate-workflow.ts

@@ -1,40 +1,40 @@
-import type { TeamConfig } from "../teams/team-config.ts";
-import type { WorkflowConfig } from "./workflow-config.ts";
-
-export function validateWorkflowForTeam(workflow: WorkflowConfig, team: TeamConfig): string[] {
-	const errors: string[] = [];
-	const roles = new Set(team.roles.map((role) => role.name));
-	const stepIds = new Set<string>();
-
-	for (const step of workflow.steps) {
-		if (stepIds.has(step.id)) errors.push(`Duplicate workflow step id '${step.id}'.`);
-		stepIds.add(step.id);
-		if (!roles.has(step.role)) errors.push(`Step '${step.id}' references unknown team role '${step.role}'.`);
-	}
-
-	for (const step of workflow.steps) {
-		for (const dep of step.dependsOn ?? []) {
-			if (!stepIds.has(dep)) errors.push(`Step '${step.id}' depends on unknown step '${dep}'.`);
-		}
-	}
-
-	const visiting = new Set<string>();
-	const visited = new Set<string>();
-	const byId = new Map(workflow.steps.map((step) => [step.id, step]));
-
-	function visit(id: string, trail: string[]): void {
-		if (visited.has(id)) return;
-		if (visiting.has(id)) {
-			errors.push(`Workflow dependency cycle detected: ${[...trail, id].join(" -> ")}.`);
-			return;
-		}
-		visiting.add(id);
-		const step = byId.get(id);
-		for (const dep of step?.dependsOn ?? []) visit(dep, [...trail, id]);
-		visiting.delete(id);
-		visited.add(id);
-	}
-
-	for (const step of workflow.steps) visit(step.id, []);
-	return [...new Set(errors)];
-}
+import type { TeamConfig } from "../teams/team-config.ts";
+import type { WorkflowConfig } from "./workflow-config.ts";
+
+export function validateWorkflowForTeam(workflow: WorkflowConfig, team: TeamConfig): string[] {
+	const errors: string[] = [];
+	const roles = new Set(team.roles.map((role) => role.name));
+	const stepIds = new Set<string>();
+
+	for (const step of workflow.steps) {
+		if (stepIds.has(step.id)) errors.push(`Duplicate workflow step id '${step.id}'.`);
+		stepIds.add(step.id);
+		if (!roles.has(step.role)) errors.push(`Step '${step.id}' references unknown team role '${step.role}'.`);
+	}
+
+	for (const step of workflow.steps) {
+		for (const dep of step.dependsOn ?? []) {
+			if (!stepIds.has(dep)) errors.push(`Step '${step.id}' depends on unknown step '${dep}'.`);
+		}
+	}
+
+	const visiting = new Set<string>();
+	const visited = new Set<string>();
+	const byId = new Map(workflow.steps.map((step) => [step.id, step]));
+
+	function visit(id: string, trail: string[]): void {
+		if (visited.has(id)) return;
+		if (visiting.has(id)) {
+			errors.push(`Workflow dependency cycle detected: ${[...trail, id].join(" -> ")}.`);
+			return;
+		}
+		visiting.add(id);
+		const step = byId.get(id);
+		for (const dep of step?.dependsOn ?? []) visit(dep, [...trail, id]);
+		visiting.delete(id);
+		visited.add(id);
+	}
+
+	for (const step of workflow.steps) visit(step.id, []);
+	return [...new Set(errors)];
+}

package/src/worktree/branch-freshness.ts

@@ -1,45 +1,45 @@
-import { execFileSync } from "node:child_process";
-
-export type BranchFreshnessStatus = "fresh" | "stale" | "diverged" | "unknown";
-export type StaleBranchPolicy = "warn" | "block" | "auto_rebase" | "auto_merge_forward";
-
-export interface BranchFreshness {
-	status: BranchFreshnessStatus;
-	branch?: string;
-	mainRef: string;
-	ahead: number;
-	behind: number;
-	missingFixes: string[];
-	message: string;
-	error?: string;
-}
-
-function git(cwd: string, args: string[]): string {
-	return execFileSync("git", args, { cwd, encoding: "utf-8", stdio: ["ignore", "pipe", "pipe"] }).trim();
-}
-
-function count(cwd: string, range: string): number {
-	const raw = git(cwd, ["rev-list", "--count", range]);
-	const parsed = Number.parseInt(raw, 10);
-	return Number.isFinite(parsed) ? parsed : 0;
-}
-
-export function checkBranchFreshness(cwd: string, mainRef = "main"): BranchFreshness {
-	try {
-		git(cwd, ["rev-parse", "--is-inside-work-tree"]);
-		const branch = git(cwd, ["rev-parse", "--abbrev-ref", "HEAD"]);
-		const behind = count(cwd, `${branch}..${mainRef}`);
-		const ahead = count(cwd, `${mainRef}..${branch}`);
-		const missingFixes = behind > 0 ? git(cwd, ["log", "--format=%s", `${branch}..${mainRef}`]).split("\n").map((line) => line.trim()).filter(Boolean) : [];
-		if (behind === 0) return { status: "fresh", branch, mainRef, ahead, behind, missingFixes, message: `Branch '${branch}' is fresh against ${mainRef}.` };
-		if (ahead > 0) return { status: "diverged", branch, mainRef, ahead, behind, missingFixes, message: `Branch '${branch}' diverged from ${mainRef}: ahead=${ahead}, behind=${behind}.` };
-		return { status: "stale", branch, mainRef, ahead, behind, missingFixes, message: `Branch '${branch}' is ${behind} commit(s) behind ${mainRef}.` };
-	} catch (error) {
-		const message = error instanceof Error ? error.message : String(error);
-		return { status: "unknown", mainRef, ahead: 0, behind: 0, missingFixes: [], message: "Branch freshness could not be determined.", error: message };
-	}
-}
-
-export function shouldBlockForBranchFreshness(freshness: BranchFreshness, policy: StaleBranchPolicy = "warn"): boolean {
-	return policy === "block" && (freshness.status === "stale" || freshness.status === "diverged");
-}
+import { execFileSync } from "node:child_process";
+
+export type BranchFreshnessStatus = "fresh" | "stale" | "diverged" | "unknown";
+export type StaleBranchPolicy = "warn" | "block" | "auto_rebase" | "auto_merge_forward";
+
+export interface BranchFreshness {
+	status: BranchFreshnessStatus;
+	branch?: string;
+	mainRef: string;
+	ahead: number;
+	behind: number;
+	missingFixes: string[];
+	message: string;
+	error?: string;
+}
+
+function git(cwd: string, args: string[]): string {
+	return execFileSync("git", args, { cwd, encoding: "utf-8", stdio: ["ignore", "pipe", "pipe"] }).trim();
+}
+
+function count(cwd: string, range: string): number {
+	const raw = git(cwd, ["rev-list", "--count", range]);
+	const parsed = Number.parseInt(raw, 10);
+	return Number.isFinite(parsed) ? parsed : 0;
+}
+
+export function checkBranchFreshness(cwd: string, mainRef = "main"): BranchFreshness {
+	try {
+		git(cwd, ["rev-parse", "--is-inside-work-tree"]);
+		const branch = git(cwd, ["rev-parse", "--abbrev-ref", "HEAD"]);
+		const behind = count(cwd, `${branch}..${mainRef}`);
+		const ahead = count(cwd, `${mainRef}..${branch}`);
+		const missingFixes = behind > 0 ? git(cwd, ["log", "--format=%s", `${branch}..${mainRef}`]).split("\n").map((line) => line.trim()).filter(Boolean) : [];
+		if (behind === 0) return { status: "fresh", branch, mainRef, ahead, behind, missingFixes, message: `Branch '${branch}' is fresh against ${mainRef}.` };
+		if (ahead > 0) return { status: "diverged", branch, mainRef, ahead, behind, missingFixes, message: `Branch '${branch}' diverged from ${mainRef}: ahead=${ahead}, behind=${behind}.` };
+		return { status: "stale", branch, mainRef, ahead, behind, missingFixes, message: `Branch '${branch}' is ${behind} commit(s) behind ${mainRef}.` };
+	} catch (error) {
+		const message = error instanceof Error ? error.message : String(error);
+		return { status: "unknown", mainRef, ahead: 0, behind: 0, missingFixes: [], message: "Branch freshness could not be determined.", error: message };
+	}
+}
+
+export function shouldBlockForBranchFreshness(freshness: BranchFreshness, policy: StaleBranchPolicy = "warn"): boolean {
+	return policy === "block" && (freshness.status === "stale" || freshness.status === "diverged");
+}

package/teams/default.team.md

@@ -1,12 +1,12 @@
----
-name: default
-description: Balanced team for ordinary implementation tasks
-defaultWorkflow: default
-workspaceMode: single
-maxConcurrency: 2
----
-
-- explorer: agent=explorer fast discovery
-- planner: agent=planner plan the work
-- executor: agent=executor implement changes
-- verifier: agent=verifier verify completion
+---
+name: default
+description: Balanced team for ordinary implementation tasks
+defaultWorkflow: default
+workspaceMode: single
+maxConcurrency: 2
+---
+
+- explorer: agent=explorer fast discovery
+- planner: agent=planner plan the work
+- executor: agent=executor implement changes
+- verifier: agent=verifier verify completion

package/teams/fast-fix.team.md

@@ -1,11 +1,11 @@
----
-name: fast-fix
-description: Small team for quick bug fixes
-defaultWorkflow: fast-fix
-workspaceMode: single
-maxConcurrency: 1
----
-
-- explorer: agent=explorer find the relevant files
-- executor: agent=executor make the fix
-- verifier: agent=verifier verify the fix
+---
+name: fast-fix
+description: Small team for quick bug fixes
+defaultWorkflow: fast-fix
+workspaceMode: single
+maxConcurrency: 1
+---
+
+- explorer: agent=explorer find the relevant files
+- executor: agent=executor make the fix
+- verifier: agent=verifier verify the fix

package/teams/implementation.team.md

@@ -1,18 +1,18 @@
----
-name: implementation
-description: Full implementation team with parallel specialists, critique, execution, review, and verification
-defaultWorkflow: implementation
-workspaceMode: single
-maxConcurrency: 3
----
-
-- explorer: agent=explorer map the codebase
-- analyst: agent=analyst clarify requirements and constraints
-- planner: agent=planner create execution plan
-- critic: agent=critic challenge and synthesize specialist findings
-- executor: agent=executor implement the plan
-- reviewer: agent=reviewer review the implementation
-- security-reviewer: agent=security-reviewer review security and trust boundaries
-- test-engineer: agent=test-engineer design and run verification
-- verifier: agent=verifier verify done
-- writer: agent=writer summarize documentation or release notes when needed
+---
+name: implementation
+description: Full implementation team with parallel specialists, critique, execution, review, and verification
+defaultWorkflow: implementation
+workspaceMode: single
+maxConcurrency: 3
+---
+
+- explorer: agent=explorer map the codebase
+- analyst: agent=analyst clarify requirements and constraints
+- planner: agent=planner create execution plan
+- critic: agent=critic challenge and synthesize specialist findings
+- executor: agent=executor implement the plan
+- reviewer: agent=reviewer review the implementation
+- security-reviewer: agent=security-reviewer review security and trust boundaries
+- test-engineer: agent=test-engineer design and run verification
+- verifier: agent=verifier verify done
+- writer: agent=writer summarize documentation or release notes when needed

package/teams/parallel-research.team.md

@@ -1,14 +1,14 @@
----
-name: parallel-research
-description: Parallel research team for multi-project/source audits
-workspaceMode: single
-defaultWorkflow: parallel-research
-maxConcurrency: 4
-triggers: đọc sâu, deep read, deep research, source audit, multiple projects, parallel research, pi-*
-category: research
-cost: cheap
----
-
-- explorer: agent=explorer gather source facts in parallel shards
-- analyst: agent=analyst synthesize shard findings
-- writer: agent=writer produce final notes
+---
+name: parallel-research
+description: Parallel research team for multi-project/source audits
+workspaceMode: single
+defaultWorkflow: parallel-research
+maxConcurrency: 4
+triggers: đọc sâu, deep read, deep research, source audit, multiple projects, parallel research, pi-*
+category: research
+cost: cheap
+---
+
+- explorer: agent=explorer gather source facts in parallel shards
+- analyst: agent=analyst synthesize shard findings
+- writer: agent=writer produce final notes

package/teams/research.team.md

@@ -1,11 +1,11 @@
----
-name: research
-description: Team for investigation and documentation
-defaultWorkflow: research
-workspaceMode: single
-maxConcurrency: 2
----
-
-- explorer: agent=explorer gather codebase facts
-- analyst: agent=analyst analyze findings
-- writer: agent=writer produce final notes
+---
+name: research
+description: Team for investigation and documentation
+defaultWorkflow: research
+workspaceMode: single
+maxConcurrency: 2
+---
+
+- explorer: agent=explorer gather codebase facts
+- analyst: agent=analyst analyze findings
+- writer: agent=writer produce final notes

package/teams/review.team.md

@@ -1,12 +1,12 @@
----
-name: review
-description: Team for code review and security review
-defaultWorkflow: review
-workspaceMode: single
-maxConcurrency: 2
----
-
-- explorer: agent=explorer understand changed areas
-- reviewer: agent=reviewer review correctness and maintainability
-- security-reviewer: agent=security-reviewer review security risks
-- verifier: agent=verifier summarize pass/fail
+---
+name: review
+description: Team for code review and security review
+defaultWorkflow: review
+workspaceMode: single
+maxConcurrency: 2
+---
+
+- explorer: agent=explorer understand changed areas
+- reviewer: agent=reviewer review correctness and maintainability
+- security-reviewer: agent=security-reviewer review security risks
+- verifier: agent=verifier summarize pass/fail

package/workflows/default.workflow.md

@@ -1,29 +1,29 @@
----
-name: default
-description: Explore, plan, execute, and verify
----
-
-## explore
-role: explorer
-
-Explore the codebase for the goal: {goal}
-
-## plan
-role: planner
-dependsOn: explore
-output: plan.md
-
-Create a concise implementation plan for: {goal}
-
-## execute
-role: executor
-dependsOn: plan
-
-Implement the plan for: {goal}
-
-## verify
-role: verifier
-dependsOn: execute
-verify: true
-
-Verify completion for: {goal}
+---
+name: default
+description: Explore, plan, execute, and verify
+---
+
+## explore
+role: explorer
+
+Explore the codebase for the goal: {goal}
+
+## plan
+role: planner
+dependsOn: explore
+output: plan.md
+
+Create a concise implementation plan for: {goal}
+
+## execute
+role: executor
+dependsOn: plan
+
+Implement the plan for: {goal}
+
+## verify
+role: verifier
+dependsOn: execute
+verify: true
+
+Verify completion for: {goal}