pmp-gywd 3.3.0

package/commands/gywd/challenge.md

@@ -0,0 +1,344 @@
+---
+name: GYWD:challenge
+description: Adversarial review - spawn agents that attack your plan/code
+argument-hint: "[plan-path|code-path|'current'] [--mode light|standard|aggressive]"
+allowed-tools:
+  - Read
+  - Bash
+  - Glob
+  - Grep
+  - Task
+  - Write
+---
+
+<objective>
+Spawn adversarial agents that ATTACK your plan or code.
+
+Current AI cooperates with you. That's the problem.
+Cooperation without conflict produces groupthink and blind spots.
+
+This command spawns agents with different adversarial roles:
+- **Critic Agent**: Finds flaws in logic and approach
+- **Devil's Advocate**: Argues for rejected alternatives
+- **Red Team Agent**: Tries to break the implementation
+- **Chaos Agent**: Generates edge cases and weird inputs
+- **Skeptic Agent**: Questions assumptions and requirements
+
+Solutions that survive this gauntlet are actually robust.
+</objective>
+
+<philosophy>
+"Strong opinions, weakly held" requires someone to challenge those opinions.
+
+The best human teams have:
+- Someone who plays devil's advocate
+- Someone who stress-tests ideas
+- Someone who asks "what if we're wrong?"
+
+AI teams should too.
+</philosophy>
+
+<agents>
+## Adversarial Agent Roles
+
+### 1. Critic Agent
+**Mission**: Find logical flaws, gaps, and weaknesses.
+
+Looks for:
+- Incomplete requirements
+- Unstated assumptions
+- Missing error handling
+- Scalability concerns
+- Maintainability issues
+
+Output style:
+```markdown
+## Critic Report
+
+### Critical Issues
+1. **Task 3 has no rollback plan**
+   - If database migration fails, system is in inconsistent state
+   - Recommendation: Add compensating transaction
+
+### Concerns
+1. **Caching strategy assumes low write frequency**
+   - Evidence: Cache TTL is 1 hour
+   - Risk: Stale data if writes increase
+   - Question: What's the expected write pattern?
+
+### Minor Issues
+1. **No rate limiting on public endpoint**
+```
+
+---
+
+### 2. Devil's Advocate Agent
+**Mission**: Argue for the alternatives you rejected.
+
+Takes the opposite position:
+- "What if we HAD used microservices?"
+- "The simpler approach might actually work"
+- "This library has problems you're ignoring"
+
+Output style:
+```markdown
+## Devil's Advocate Report
+
+### Alternative: Use PostgreSQL Instead of MongoDB
+
+You chose MongoDB for "flexibility." But consider:
+
+**Arguments for PostgreSQL:**
+1. Your data IS relational (users → orders → items)
+2. ACID transactions would prevent the race condition in Task 4
+3. Team has more PostgreSQL experience
+4. JSON columns provide flexibility without sacrificing joins
+
+**Counter to your reasoning:**
+- "Schema flexibility" → You'll end up with implicit schema anyway
+- "Easier scaling" → You're not at scale that requires sharding
+
+**Verdict:** This decision should be revisited.
+Confidence: 72%
+```
+
+---
+
+### 3. Red Team Agent
+**Mission**: Try to break the implementation.
+
+Attack vectors:
+- Security vulnerabilities
+- Race conditions
+- Resource exhaustion
+- Invalid input handling
+- Dependency failures
+
+Output style:
+```markdown
+## Red Team Report
+
+### Attack: SQL Injection via Order ID
+**Vector:** GET /api/orders/{id}
+**Payload:** `1; DROP TABLE orders;--`
+**Result:** Query executed without sanitization
+**Severity:** CRITICAL
+
+### Attack: Rate Limit Bypass
+**Vector:** Rotate IP addresses
+**Result:** Rate limiting is per-IP only
+**Severity:** HIGH
+
+### Attack: Memory Exhaustion
+**Vector:** Upload 10GB file to /api/upload
+**Result:** No file size limit, OOM crash
+**Severity:** HIGH
+```
+
+---
+
+### 4. Chaos Agent
+**Mission**: Generate edge cases and weird scenarios.
+
+Generates:
+- Boundary conditions
+- Null/undefined/empty inputs
+- Unicode and encoding issues
+- Concurrent access patterns
+- Time-related edge cases
+
+Output style:
+```markdown
+## Chaos Report
+
+### Edge Cases for User Registration
+
+| Input | Expected | Potential Issue |
+|-------|----------|-----------------|
+| Email: "" | Reject | What error message? |
+| Email: "a@b" | ? | Technically valid TLD |
+| Name: "​" | ? | Zero-width space only |
+| Name: "Robert'); DROP TABLE users;--" | Sanitize | SQL injection |
+| Password: 1000 chars | ? | Length limit needed |
+| Timezone: "Mars/Olympus" | ? | Invalid timezone handling |
+| DOB: "2099-01-01" | ? | Future date validation |
+| DOB: "1800-01-01" | ? | Suspiciously old |
+
+### Concurrency Scenarios
+
+| Scenario | Risk |
+|----------|------|
+| Same user registers twice simultaneously | Duplicate accounts? |
+| Email verification during password reset | Token confusion? |
+| Session delete during active request | Auth state corruption? |
+```
+
+---
+
+### 5. Skeptic Agent
+**Mission**: Question the requirements and assumptions.
+
+Challenges:
+- "Do we actually need this feature?"
+- "Is this the right problem to solve?"
+- "What evidence supports this requirement?"
+- "Who asked for this and why?"
+
+Output style:
+```markdown
+## Skeptic Report
+
+### Questioning: Real-time Notifications Feature
+
+**Assumption challenged:** "Users need instant notifications"
+
+**Questions:**
+1. What data shows users want real-time vs. batched?
+2. What's the cost of WebSocket infrastructure?
+3. Would email digest achieve 80% of the value at 20% cost?
+
+**Evidence gap:**
+- No user research cited in requirements
+- No A/B test proposed
+- No success metrics defined
+
+**Recommendation:** Validate assumption before building.
+Suggest: User interviews or fake-door test first.
+```
+</agents>
+
+<modes>
+## Challenge Modes
+
+### Light Mode
+- 2 agents: Critic + Chaos
+- Quick pass, surface-level issues
+- ~2 minutes
+
+### Standard Mode (default)
+- 4 agents: Critic + Devil's Advocate + Chaos + Red Team
+- Comprehensive review
+- ~5 minutes
+
+### Aggressive Mode
+- 5 agents: All agents
+- Deep analysis, no mercy
+- Multiple passes until no new issues found
+- ~10+ minutes
+</modes>
+
+<process>
+## Execution Flow
+
+1. **Parse target:**
+   - Plan path → Analyze plan tasks and approach
+   - Code path → Analyze implementation
+   - "current" → Auto-detect current work from STATE.md
+
+2. **Load context:**
+   - Read decision graph for existing decisions
+   - Load project constraints from PROJECT.md
+   - Get codebase patterns from memory
+
+3. **Spawn agents in parallel:**
+   ```
+   Task: Critic Agent analyzing plan...
+   Task: Devil's Advocate Agent analyzing decisions...
+   Task: Red Team Agent analyzing security...
+   Task: Chaos Agent generating edge cases...
+   ```
+
+4. **Collect and synthesize:**
+   - Gather all agent reports
+   - Deduplicate overlapping issues
+   - Rank by severity
+   - Identify consensus vs. disagreement
+
+5. **Generate challenge report:**
+   ```markdown
+   ## Challenge Report: Phase 3 Plan
+
+   **Mode:** Standard
+   **Agents:** 4
+   **Issues Found:** 12
+
+   ### Consensus Issues (All agents agree)
+   - No rollback strategy for migration
+
+   ### Contested Issues (Agents disagree)
+   - Database choice (Critic: ok, Devil's Advocate: reconsider)
+
+   ### By Severity
+   - 🔴 Critical: 2
+   - 🟠 High: 4
+   - 🟡 Medium: 4
+   - 🟢 Low: 2
+
+   ### Recommended Actions
+   1. Add migration rollback plan
+   2. Revisit database decision with team
+   3. Add rate limiting before deploy
+   ```
+
+6. **Offer resolution paths:**
+   ```
+   What would you like to do?
+   1. Address critical issues now
+   2. Add issues to plan as tasks
+   3. Dismiss with documented reason
+   4. Run aggressive mode for deeper analysis
+   ```
+</process>
+
+<output_files>
+Creates `.planning/challenges/` with:
+
+```
+.planning/challenges/
+├── {date}-{target}-challenge.md  # Full report
+├── unresolved.md                  # Tracked issues
+└── dismissed.md                   # Dismissed with reasons
+```
+
+Unresolved issues integrate with `/gywd:consider-issues`.
+</output_files>
+
+<integration>
+## Integration Points
+
+### Before Execution
+```
+/gywd:challenge .planning/phases/03-payment/03-01-PLAN.md
+# Review issues
+# Decide which to address
+/gywd:execute-plan .planning/phases/03-payment/03-01-PLAN.md
+```
+
+### During Planning
+```
+/gywd:plan-phase 3 --with-challenge
+# Plan created AND challenged in one step
+```
+
+### After Implementation
+```
+/gywd:challenge src/services/payment/
+# Adversarial code review
+```
+
+### Continuous Mode
+```
+/gywd:challenge --watch
+# Challenge every commit automatically
+```
+</integration>
+
+<success_criteria>
+- [ ] Spawns multiple adversarial agents in parallel
+- [ ] Each agent has distinct perspective and output style
+- [ ] Identifies issues across security, logic, edge cases, assumptions
+- [ ] Synthesizes findings into actionable report
+- [ ] Tracks unresolved issues
+- [ ] Integrates with planning workflow
+- [ ] Offers resolution paths
+</success_criteria>

package/commands/gywd/check-drift.md

@@ -0,0 +1,144 @@
+---
+name: GYWD:check-drift
+description: Detect specification drift between PROJECT.md and implementation
+---
+
+<objective>
+Analyze the current codebase against PROJECT.md requirements to detect specification drift.
+
+Drift types:
+- **Missing**: Requirements in spec not yet implemented
+- **Partial**: Requirements partially implemented
+- **Divergent**: Implementation differs from spec
+- **Undocumented**: Features exist that aren't in spec
+
+Helps keep implementation aligned with original vision.
+</objective>
+
+<process>
+1. Load project specification:
+   - Read `.planning/PROJECT.md`
+   - Extract all requirements (look for checkboxes, bullet points, "must", "should", "shall")
+   - Build requirements list with IDs
+
+2. Load implementation state:
+   - Read all SUMMARY.md files for completed work
+   - Read current codebase structure (file listing)
+   - Extract implemented features from summaries
+
+3. Cross-reference analysis:
+
+   **For each requirement:**
+   - Search summaries for related completions
+   - Check if implementation exists in codebase
+   - Categorize: Complete | Partial | Missing | Unknown
+
+   **For each implemented feature:**
+   - Check if documented in PROJECT.md
+   - If not: Flag as potentially undocumented
+
+4. Generate drift report:
+   ```
+   ## Specification Drift Analysis
+
+   **Project:** {name}
+   **Spec Date:** {PROJECT.md last modified}
+   **Analysis Date:** {today}
+
+   ---
+
+   ### Alignment Score: 78%
+
+   [████████░░] 78% of requirements implemented
+
+   ---
+
+   ### Requirement Status
+
+   | # | Requirement | Status | Notes |
+   |---|-------------|--------|-------|
+   | R1 | User authentication | ✅ Complete | Phase 1 |
+   | R2 | OAuth integration | 🟡 Partial | Google done, GitHub pending |
+   | R3 | Admin dashboard | ❌ Missing | Not started |
+   | R4 | API rate limiting | ✅ Complete | Phase 2 |
+   | R5 | Email notifications | ❌ Missing | Deferred |
+
+   ---
+
+   ### Potential Drift
+
+   ⚠️ **Divergent Implementation:**
+   - R2 (OAuth): Spec says "all major providers", only Google implemented
+
+   ⚠️ **Undocumented Features:**
+   - WebSocket real-time updates (not in PROJECT.md)
+   - Redis caching layer (not in PROJECT.md)
+
+   ---
+
+   ### Recommendations
+
+   1. **Update PROJECT.md** to include:
+      - WebSocket feature (if intentional)
+      - Redis caching decision
+
+   2. **Plan missing requirements:**
+      - R3: Admin dashboard - add to next phase?
+      - R5: Email notifications - still needed?
+
+   3. **Clarify partial:**
+      - R2: Define which OAuth providers are MVP vs future
+
+   ---
+
+   ### Quick Actions
+
+   - `/gywd:add-phase "Admin dashboard"` - Add missing requirement
+   - `/gywd:consider-issues` - Review deferred items
+   - Edit PROJECT.md to update requirements
+   ```
+
+5. Provide actionable recommendations based on drift severity:
+   - Minor drift (>80% aligned): Suggestions only
+   - Moderate drift (60-80%): Recommend spec update
+   - Major drift (<60%): Recommend alignment review session
+</process>
+
+<detection_patterns>
+**Requirement extraction from PROJECT.md:**
+- Lines starting with `- [ ]` or `- [x]`
+- Lines containing "must", "should", "shall", "will"
+- Sections titled "Requirements", "Features", "Goals"
+- Numbered lists in requirements sections
+
+**Implementation detection:**
+- SUMMARY.md "Completed" sections
+- File existence checks for mentioned modules
+- Package.json dependencies
+- Config files indicating features
+</detection_patterns>
+
+<output_format>
+Structured report with:
+- Alignment score percentage and visual bar
+- Table of all requirements with status
+- List of potential drift issues
+- Actionable recommendations
+- Quick action commands
+
+Status indicators:
+- ✅ Complete - Fully implemented
+- 🟡 Partial - Partially done
+- ❌ Missing - Not started
+- ⚠️ Divergent - Differs from spec
+- ❓ Unknown - Can't determine
+</output_format>
+
+<success_criteria>
+- [ ] Extracts requirements from PROJECT.md
+- [ ] Cross-references with implementation
+- [ ] Calculates alignment percentage
+- [ ] Identifies missing requirements
+- [ ] Flags undocumented features
+- [ ] Provides actionable recommendations
+</success_criteria>

package/commands/gywd/complete-milestone.md

@@ -0,0 +1,106 @@
+---
+type: prompt
+name: GYWD:complete-milestone
+description: Archive completed milestone and prepare for next version
+argument-hint: <version>
+allowed-tools:
+  - Read
+  - Write
+  - Bash
+---
+
+<objective>
+Mark milestone {{version}} complete, archive to milestones/, and update ROADMAP.md.
+
+Purpose: Create historical record of shipped version, collapse completed work in roadmap, and prepare for next milestone.
+Output: Milestone archived, roadmap reorganized, git tagged.
+</objective>
+
+<execution_context>
+**Load these files NOW (before proceeding):**
+
+- @~/.claude/get-your-work-done/workflows/complete-milestone.md (main workflow)
+- @~/.claude/get-your-work-done/templates/milestone-archive.md (archive template)
+  </execution_context>
+
+<context>
+**Project files:**
+- `.planning/ROADMAP.md`
+- `.planning/STATE.md`
+- `.planning/PROJECT.md`
+
+**User input:**
+
+- Version: {{version}} (e.g., "1.0", "1.1", "2.0")
+  </context>
+
+<process>
+
+**Follow complete-milestone.md workflow:**
+
+1. **Verify readiness:**
+
+   - Check all phases in milestone have completed plans (SUMMARY.md exists)
+   - Present milestone scope and stats
+   - Wait for confirmation
+
+2. **Gather stats:**
+
+   - Count phases, plans, tasks
+   - Calculate git range, file changes, LOC
+   - Extract timeline from git log
+   - Present summary, confirm
+
+3. **Extract accomplishments:**
+
+   - Read all phase SUMMARY.md files in milestone range
+   - Extract 4-6 key accomplishments
+   - Present for approval
+
+4. **Archive milestone:**
+
+   - Create `.planning/milestones/v{{version}}-ROADMAP.md`
+   - Extract full phase details from ROADMAP.md
+   - Fill milestone-archive.md template
+   - Update ROADMAP.md to one-line summary with link
+   - Offer to create next milestone
+
+5. **Update PROJECT.md:**
+
+   - Add "Current State" section with shipped version
+   - Add "Next Milestone Goals" section
+   - Archive previous content in `<details>` (if v1.1+)
+
+6. **Commit and tag:**
+
+   - Stage: MILESTONES.md, PROJECT.md, ROADMAP.md, STATE.md, archive file
+   - Commit: `chore: archive v{{version}} milestone`
+   - Tag: `git tag -a v{{version}} -m "[milestone summary]"`
+   - Ask about pushing tag
+
+7. **Offer next steps:**
+   - Plan next milestone
+   - Archive planning
+   - Done for now
+
+</process>
+
+<success_criteria>
+
+- Milestone archived to `.planning/milestones/v{{version}}-ROADMAP.md`
+- ROADMAP.md collapsed to one-line entry
+- PROJECT.md updated with current state
+- Git tag v{{version}} created
+- Commit successful
+- User knows next steps
+  </success_criteria>
+
+<critical_rules>
+
+- **Load workflow first:** Read complete-milestone.md before executing
+- **Verify completion:** All phases must have SUMMARY.md files
+- **User confirmation:** Wait for approval at verification gates
+- **Archive before collapsing:** Always create archive file before updating ROADMAP.md
+- **One-line summary:** Collapsed milestone in ROADMAP.md should be single line with link
+- **Context efficiency:** Archive keeps ROADMAP.md constant size
+  </critical_rules>