plan-review 1.1.0 → 1.1.2

package/examples/demo-plan.md

@@ -1,129 +0,0 @@
-# User Authentication System — Implementation Plan
-
-**Goal:** Add email/password authentication with session management to the web app.
-
-**Architecture:** Express middleware + bcrypt + JWT tokens + PostgreSQL sessions table. Three milestones: database schema, auth endpoints, session management.
-
-**Tech Stack:** Node.js, Express, PostgreSQL, bcrypt, jsonwebtoken
-
----
-
-## Milestone 1: Database Foundation
-
-### Task 1.1: Create users table
-
-**Depends On:** (none)
-**Blocks:** 1.2, 2.1, 2.2
-**Related Files:** `src/db/migrations/001_users.sql`, `src/db/schema.ts`
-**Verification:** `npm run migrate && npm test`
-
-Create the users table with the following columns:
-
-| Column | Type | Constraints |
-|--------|------|-------------|
-| id | UUID | PRIMARY KEY, DEFAULT gen_random_uuid() |
-| email | VARCHAR(255) | UNIQUE, NOT NULL |
-| password_hash | VARCHAR(255) | NOT NULL |
-| created_at | TIMESTAMP | DEFAULT NOW() |
-| updated_at | TIMESTAMP | DEFAULT NOW() |
-
-Add an index on `email` for login lookups. The migration should be idempotent (use `IF NOT EXISTS`).
-
-### Task 1.2: Create sessions table
-
-**Depends On:** 1.1
-**Blocks:** 3.1, 3.2
-**Related Files:** `src/db/migrations/002_sessions.sql`, `src/db/schema.ts`
-**Verification:** `npm run migrate && npm test`
-
-Sessions table for server-side session tracking:
-
-- `id` (UUID, primary key)
-- `user_id` (UUID, foreign key → users.id, ON DELETE CASCADE)
-- `token` (VARCHAR, unique, indexed)
-- `expires_at` (TIMESTAMP, NOT NULL)
-- `created_at` (TIMESTAMP, DEFAULT NOW())
-
-Add a cleanup index on `expires_at` for the session pruning job.
-
----
-
-## Milestone 2: Authentication Endpoints
-
-### Task 2.1: POST /auth/register
-
-**Depends On:** 1.1
-**Blocks:** 2.3
-**Related Files:** `src/routes/auth.ts`, `src/services/user.ts`, `tests/auth.test.ts`
-**Verification:** `npm test -- --grep "register"`
-
-Accepts `{ email, password }`. Validates:
-- Email format (basic regex, no need for RFC 5322 compliance)
-- Password minimum 8 characters
-- Email not already registered (unique constraint handles race conditions)
-
-Hash password with bcrypt (cost factor 12). Return `201 { user: { id, email } }` on success, `400` with validation errors, `409` if email exists.
-
-### Task 2.2: POST /auth/login
-
-**Depends On:** 1.1
-**Blocks:** 2.3
-**Related Files:** `src/routes/auth.ts`, `src/services/auth.ts`, `tests/auth.test.ts`
-**Verification:** `npm test -- --grep "login"`
-
-Accepts `{ email, password }`. Compares against stored bcrypt hash.
-
-On success: create a session (Task 3.1), return `200 { token, expiresAt }`.
-On failure: return `401 { error: "Invalid credentials" }`. Do **not** reveal whether the email exists.
-
-Rate limiting: 5 attempts per email per 15 minutes. Use a simple in-memory counter (Redis in v2).
-
-### Task 2.3: Auth middleware
-
-**Depends On:** 2.1, 2.2
-**Blocks:** 3.2
-**Related Files:** `src/middleware/auth.ts`, `tests/middleware.test.ts`
-**Verification:** `npm test -- --grep "middleware"`
-
-Express middleware that:
-1. Extracts `Authorization: Bearer <token>` header
-2. Looks up session by token
-3. Checks `expires_at > NOW()`
-4. Attaches `req.user = { id, email }` if valid
-5. Returns `401` if missing/invalid/expired
-
-Should be composable: `router.get('/profile', requireAuth, handler)`.
-
----
-
-## Milestone 3: Session Management
-
-### Task 3.1: Session creation and token generation
-
-**Depends On:** 1.2
-**Blocks:** 3.2
-**Related Files:** `src/services/session.ts`, `tests/session.test.ts`
-**Verification:** `npm test -- --grep "session"`
-
-Generate tokens using `crypto.randomBytes(32).toString('hex')` — not JWT for session tokens (JWTs can't be revoked without a blacklist, defeating the purpose of server-side sessions).
-
-Default expiry: 7 days. Configurable via `SESSION_TTL_HOURS` env var.
-
-### Task 3.2: Session cleanup and logout
-
-**Depends On:** 1.2, 2.3
-**Blocks:** (none)
-**Related Files:** `src/services/session.ts`, `src/routes/auth.ts`, `tests/session.test.ts`
-**Verification:** `npm test -- --grep "logout|cleanup"`
-
-Two features:
-
-**Logout endpoint** — `POST /auth/logout` (requires auth middleware). Deletes the current session row. Returns `204`.
-
-**Cleanup job** — Runs every hour via `setInterval`. Deletes sessions where `expires_at < NOW()`. Log the count of pruned sessions.
-
-```sql
-DELETE FROM sessions WHERE expires_at < NOW();
-```
-
-Consider: should logout invalidate all sessions for the user, or just the current one? Start with current-only. Add "logout everywhere" as a v2 feature.

package/examples/renderer-fixture.md

@@ -1,246 +0,0 @@
-# Renderer Fixture
-
-A single-file smoke test for every markdown structure the browser and terminal renderers should handle. Used to triage formatting bugs.
-
-## Paragraphs and inline formatting
-
-Regular paragraph with **bold**, *italic*, ***bold italic***, ~~strikethrough~~, `inline code`, and a [link](https://example.com). Hard line break:\
-new line here. Soft wrap
-continues on the next line.
-
-Escape chars: \*not italic\* \_not italic\_ \`not code\`.
-
-## Headings (levels 3-6 inside a section)
-
-### Level 3
-
-#### Level 4
-
-##### Level 5
-
-###### Level 6
-
-## Lists
-
-### Unordered, nested
-
-- one
-  - one-a
-    - one-a-i
-  - one-b
-- two
-- three with **bold** and `code`
-
-### Ordered, nested
-
-1. first
-2. second
-   1. two-a
-   2. two-b
-3. third
-
-### Mixed
-
-1. outer ordered
-   - inner unordered
-     1. inner-inner ordered
-   - another inner
-2. back to outer
-
-### GitHub task list
-
-- [ ] unchecked
-- [x] checked
-- [ ] nested parent
-  - [x] nested child done
-  - [ ] nested child todo
-
-## Blockquotes
-
-> Single-level quote.
-
-> Nested:
->
-> > Level 2
-> >
-> > > Level 3 with `code` and **bold**.
-
-> Quote containing a code block:
->
-> ```js
-> const x = 1;
-> ```
-
-## Code blocks
-
-Inline `code` and a plain fence:
-
-```
-plain fenced block, no language
-```
-
-Language-tagged fence:
-
-```ts
-function greet(name: string): string {
-  return `Hello, ${name}!`;
-}
-```
-
-Long line that should wrap or scroll (no hidden overflow please):
-
-```
-this is a very long line in a code block that should handle horizontal overflow gracefully without breaking layout or being silently clipped by CSS max-width
-```
-
-## Mermaid
-
-Flowchart (exercises all 6 roles + yes/no branches):
-
-```mermaid
-flowchart TD
-  Begin([Start request]) --> CheckAuth{Valid token?}
-  CheckAuth -->|Yes| Serve[Serve resource]
-  CheckAuth -->|No| Fail[Auth error log]
-  Serve --> Log[/Write audit/]
-  Log --> Done([End])
-  Fail --> Done
-```
-
-Sequence diagram:
-
-```mermaid
-sequenceDiagram
-  participant User
-  participant CLI
-  participant Server
-  User->>CLI: plan-review plan.md --browser
-  CLI->>Server: start
-  Server-->>User: open http://localhost:PORT
-  User->>Server: submit review
-  Server-->>CLI: comments
-```
-
-## Other fenced diagram languages
-
-Plain dot/graphviz (expected: rendered as code or degraded cleanly, not crash):
-
-```dot
-digraph { A -> B -> C; A -> C; }
-```
-
-## Tables
-
-Basic:
-
-| col a | col b | col c |
-|-------|-------|-------|
-| 1     | 2     | 3     |
-| 4     | 5     | 6     |
-
-With alignment:
-
-| left | center | right |
-|:-----|:------:|------:|
-| l    | c      | r     |
-| ll   | cc     | rrrr  |
-
-With inline formatting in cells:
-
-| term | meaning |
-|------|---------|
-| `cmd` | runs a **command** with [docs](https://example.com) |
-| `flag` | passes *an option* |
-
-## Images
-
-Local path (may or may not resolve depending on how plan-review handles relative paths):
-
-![local gif](demo-browser.gif)
-
-Remote URL:
-
-![remote placeholder](https://placehold.co/240x80/16213e/00adb5/png?text=plan-review)
-
-## Links
-
-Auto-link: <https://anthropic.com>
-
-Reference-style: this is a [ref link][1] and here is [another][2].
-
-[1]: https://example.com "Example"
-[2]: https://github.com/alvaroaac/plan-review
-
-## Footnotes
-
-Here's a claim with a footnote[^note1]. And a second[^note2].
-
-[^note1]: The first footnote body.
-[^note2]: The second one, with `code` and **bold**.
-
-## Math
-
-Inline: $E = mc^2$ and a longer one $\sum_{i=1}^{n} i = \frac{n(n+1)}{2}$.
-
-Display:
-
-$$
-f(x) = \int_{-\infty}^{\infty} \hat f(\xi)\, e^{2 \pi i \xi x}\, d\xi
-$$
-
-## Inline HTML
-
-<kbd>Ctrl</kbd> + <kbd>C</kbd> to copy. H<sub>2</sub>O and E = mc<sup>2</sup>.
-
-<details>
-<summary>Click to expand</summary>
-
-Hidden content with **formatting** and a `code` sample.
-
-</details>
-
-## Admonitions / callouts
-
-> [!NOTE]
-> GitHub-style note admonition.
-
-> [!WARNING]
-> GitHub-style warning admonition.
-
-:::note
-Docusaurus-style note admonition.
-:::
-
-:::tip
-Docusaurus tip with **inline formatting** and `code`.
-:::
-
-## Horizontal rules
-
-Above this line.
-
----
-
-Below this line.
-
-## Emoji
-
-Shortcodes: :tada: :rocket: :warning: (may or may not expand).
-
-Unicode: 🎉 🚀 ⚠️ (should always render).
-
-## Hard edge cases
-
-Fence containing triple-backtick:
-
-````md
-```js
-// nested fence
-```
-````
-
-Mixed HTML + markdown in a blockquote:
-
-> <kbd>Enter</kbd> to submit, or *cancel* and [try again](#).
-
-Long word: supercalifragilisticexpialidocious-plus-a-lot-more-characters-to-see-how-wrapping-behaves-in-tight-layouts.

package/skills/plan-review/SKILL.md

@@ -1,70 +0,0 @@
----
-name: plan-review
-description: Use when the user asks to review a plan, start plan review, or says "I want to review this plan". Triggers on plan review requests for markdown implementation plans, specs, or design docs — including plans produced on-the-fly in this conversation. Builds and runs the plan-review browser UI, feeds review output back into the conversation.
----
-
-# Plan Review
-
-Launch the plan-review browser UI for interactive review of markdown plans, then feed the structured review output back into this session.
-
-Works with two input sources:
-- **A plan file on disk** (path given by the user, or the most recent plan file in the project).
-- **An on-the-fly plan** produced in this conversation (e.g. from plan mode, or markdown the user just pasted). The plan content is piped in via stdin — no temp file needed.
-
-## Prerequisites
-
-Either the `plan-review` CLI is on `$PATH` (installed via `npm install -g plan-review`) or a local dev checkout exists at `~/desenv/personal/plan-review/`.
-
-## Process
-
-1. **Identify the plan source.** Decide which branch you're in:
-   - **File branch** — the user named a file, or pointed at a path, or asked to review "the plan at X". Also the default when you find a single recent match in `docs/superpowers/plans/*.md`. If multiple candidates exist, ask which one.
-   - **Inline branch** — the user asks to review "this plan" / "the plan above" / "the plan you just wrote" / pastes markdown, or plan mode just produced a plan in the conversation. No file path exists.
-
-2. **Pick the binary.** Prefer the installed CLI; fall back to the local dev build.
-   ```bash
-   if command -v plan-review >/dev/null 2>&1; then
-     PLAN_REVIEW_CMD="plan-review"
-   else
-     # Dev fallback: build if dist missing
-     if [ ! -f ~/desenv/personal/plan-review/dist/index.js ]; then
-       (cd ~/desenv/personal/plan-review && npm run build)
-     fi
-     PLAN_REVIEW_CMD="node $HOME/desenv/personal/plan-review/dist/index.js"
-   fi
-   ```
-
-3. **Run the review.** Browser mode is the default — no flag needed.
-
-   **File branch:**
-   ```bash
-   $PLAN_REVIEW_CMD <plan-file> -o stdout
-   ```
-
-   **Inline branch** — pipe the plan content via a quoted heredoc so markdown is passed through verbatim (no shell expansion, no escaping needed):
-   ```bash
-   $PLAN_REVIEW_CMD -o stdout <<'PLAN_EOF'
-   # My Plan
-
-   ## Section 1
-   ...plan content from this conversation...
-   PLAN_EOF
-   ```
-
-   Both variants open the browser review UI and block until the user clicks "Submit Review", then print structured review output to stdout.
-
-4. **Read the output.** The review output is structured markdown with the user's comments anchored to specific sections. Read it and present a summary to the user.
-
-5. **Act on feedback.** Ask the user what they want to do with the review:
-   - Address the comments (modify the plan or code)
-   - Save the review to a file
-   - Continue discussion about specific comments
-
-## Important
-
-- Browser mode (three-panel TOC + content + comments UI) is the default — no flag needed. Pass `--cli` only for SSH/CI/headless environments.
-- The `-o stdout` flag ensures the review output comes back to this session.
-- The command will block until the user clicks "Submit Review" in the browser.
-- **File branch only:** if a session exists for this plan, the user is prompted to resume. Use `--fresh` to skip.
-- **Inline branch:** there is no file anchor, so no session resume — the review is ephemeral.
-- Always use a **quoted** heredoc delimiter (`<<'PLAN_EOF'`) so backticks, `$`, and other shell metacharacters in the plan are left alone.