refacil-sdd-ai 4.2.4 → 4.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +239 -214
- package/agents/auditor.md +189 -184
- package/agents/debugger.md +201 -204
- package/agents/implementer.md +150 -149
- package/agents/investigator.md +80 -89
- package/agents/proposer.md +219 -124
- package/agents/tester.md +140 -144
- package/agents/validator.md +153 -145
- package/bin/cli.js +158 -116
- package/lib/bus/askFulfillment.js +17 -17
- package/lib/bus/broker.js +599 -599
- package/lib/bus/ui/app.js +318 -318
- package/lib/commands/sdd.js +447 -0
- package/lib/hooks.js +236 -236
- package/lib/installer.js +58 -2
- package/lib/methodology-migration-pending.js +101 -136
- package/package.json +4 -6
- package/skills/apply/SKILL.md +139 -120
- package/skills/archive/SKILL.md +105 -107
- package/skills/ask/SKILL.md +78 -78
- package/skills/attend/SKILL.md +70 -70
- package/skills/bug/SKILL.md +121 -128
- package/skills/explore/SKILL.md +73 -63
- package/skills/guide/SKILL.md +79 -79
- package/skills/inbox/SKILL.md +43 -43
- package/skills/join/SKILL.md +82 -82
- package/skills/prereqs/BUS-CROSS-REPO.md +55 -55
- package/skills/prereqs/METHODOLOGY-CONTRACT.md +122 -115
- package/skills/prereqs/SKILL.md +30 -37
- package/skills/propose/SKILL.md +103 -102
- package/skills/reply/SKILL.md +44 -44
- package/skills/review/SKILL.md +163 -126
- package/skills/review/checklist-back.md +92 -92
- package/skills/review/checklist-front.md +72 -72
- package/skills/review/checklist.md +114 -114
- package/skills/say/SKILL.md +38 -38
- package/skills/setup/SKILL.md +85 -141
- package/skills/setup/troubleshooting.md +38 -35
- package/skills/test/SKILL.md +104 -94
- package/skills/test/testing-patterns.md +63 -63
- package/skills/up-code/SKILL.md +108 -108
- package/skills/update/SKILL.md +109 -132
- package/skills/verify/SKILL.md +159 -132
- package/templates/compact-guidance.md +45 -45
- package/templates/methodology-guide.md +46 -42
- package/config/openspec-config.yaml +0 -8
- package/skills/prereqs/OPENSPEC-DELTAS.md +0 -51
|
@@ -1,92 +1,92 @@
|
|
|
1
|
-
# Checklist
|
|
2
|
-
|
|
3
|
-
>
|
|
4
|
-
>
|
|
5
|
-
>
|
|
6
|
-
|
|
7
|
-
## B1.
|
|
8
|
-
-
|
|
9
|
-
-
|
|
10
|
-
- Endpoints
|
|
11
|
-
-
|
|
12
|
-
|
|
13
|
-
## B2.
|
|
14
|
-
-
|
|
15
|
-
-
|
|
16
|
-
-
|
|
17
|
-
-
|
|
18
|
-
-
|
|
19
|
-
|
|
20
|
-
## B3.
|
|
21
|
-
- No
|
|
22
|
-
-
|
|
23
|
-
-
|
|
24
|
-
-
|
|
25
|
-
-
|
|
26
|
-
|
|
27
|
-
## B4.
|
|
28
|
-
- **
|
|
29
|
-
-
|
|
30
|
-
- Repository Pattern
|
|
31
|
-
-
|
|
32
|
-
-
|
|
33
|
-
|
|
34
|
-
## B5.
|
|
35
|
-
-
|
|
36
|
-
-
|
|
37
|
-
```
|
|
38
|
-
//
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
```
|
|
42
|
-
-
|
|
43
|
-
-
|
|
44
|
-
|
|
45
|
-
## B6.
|
|
46
|
-
- No
|
|
47
|
-
-
|
|
48
|
-
-
|
|
49
|
-
- No
|
|
50
|
-
- No
|
|
51
|
-
- **
|
|
52
|
-
-
|
|
53
|
-
|
|
54
|
-
## B7. Caching
|
|
55
|
-
-
|
|
56
|
-
-
|
|
57
|
-
-
|
|
58
|
-
-
|
|
59
|
-
-
|
|
60
|
-
|
|
61
|
-
## B8.
|
|
62
|
-
-
|
|
63
|
-
-
|
|
64
|
-
- Connection pooling
|
|
65
|
-
-
|
|
66
|
-
-
|
|
67
|
-
|
|
68
|
-
## B9.
|
|
69
|
-
-
|
|
70
|
-
-
|
|
71
|
-
-
|
|
72
|
-
-
|
|
73
|
-
-
|
|
74
|
-
|
|
75
|
-
## B10. Performance
|
|
76
|
-
-
|
|
77
|
-
- No
|
|
78
|
-
-
|
|
79
|
-
-
|
|
80
|
-
|
|
81
|
-
## B11. Logging (
|
|
82
|
-
-
|
|
83
|
-
-
|
|
84
|
-
-
|
|
85
|
-
-
|
|
86
|
-
-
|
|
87
|
-
|
|
88
|
-
## B12.
|
|
89
|
-
-
|
|
90
|
-
-
|
|
91
|
-
-
|
|
92
|
-
-
|
|
1
|
+
# Backend Checklist — Refacil Team
|
|
2
|
+
|
|
3
|
+
> Complements the [general checklist](checklist.md). Applies to **backend** repositories (APIs, microservices, workers, queues).
|
|
4
|
+
> Detection: if the project has server frameworks (HTTP, gRPC, messaging), microservice structure, or database access, apply this checklist.
|
|
5
|
+
> Mark N/A in sections that do not apply to the change being reviewed (e.g. queues if the change does not touch messaging).
|
|
6
|
+
|
|
7
|
+
## B1. Input validation
|
|
8
|
+
- Endpoint DTOs/input objects use the framework's automatic validation mechanism
|
|
9
|
+
- Each field declares its type and constraints (required, format, range)
|
|
10
|
+
- Endpoints named in kebab-case (`get-user-info`, `create-payment`)
|
|
11
|
+
- Client data is not trusted without validation (query params, headers, body)
|
|
12
|
+
|
|
13
|
+
## B2. API contracts
|
|
14
|
+
- Responses use a consistent structure (do not return different formats depending on the case)
|
|
15
|
+
- HTTP codes are correct and specific (not everything is 200 or 500)
|
|
16
|
+
- Response DTOs do not expose internal fields (DB IDs, audit fields, internal relationships)
|
|
17
|
+
- If the endpoint is consumed by another service: verify that no breaking changes are introduced in the contract (renamed, removed, or differently-typed fields)
|
|
18
|
+
- Errors return a standard format with a message understandable to the consumer
|
|
19
|
+
|
|
20
|
+
## B3. Error handling (Refacil standard)
|
|
21
|
+
- No nested or multiple try/catch blocks in the same request thread
|
|
22
|
+
- Errors are captured, logged, and formatted responses are returned
|
|
23
|
+
- New modules/services use the project's global exception filter or middleware (if it exists)
|
|
24
|
+
- Client errors (4xx) are distinguished from server errors (5xx)
|
|
25
|
+
- External dependency errors (APIs, DB, queues) are handled with their own messages, not propagated as-is to the consumer
|
|
26
|
+
|
|
27
|
+
## B4. Architecture and patterns
|
|
28
|
+
- **Layer responsibility**: no business logic in the transport layer (controllers/handlers) or in the infrastructure layer (repositories/adapters)
|
|
29
|
+
- DTOs are in the correct layer (input in transport, output in application)
|
|
30
|
+
- Repository Pattern for data access (if the project has a base repository, new ones extend it)
|
|
31
|
+
- If it is a new microservice, follows the structure defined in AGENTS.md (hexagonal, clean architecture, etc.)
|
|
32
|
+
- Dependencies flow in the correct direction according to the project architecture
|
|
33
|
+
|
|
34
|
+
## B5. Concurrency and atomicity
|
|
35
|
+
- Operations that modify multiple records or tables use DB transactions (all or nothing)
|
|
36
|
+
- Critical write endpoints (payments, transfers, order creation) are **idempotent**: if retried, they do not duplicate the effect
|
|
37
|
+
```
|
|
38
|
+
// Pattern: check if the operation was already executed before processing it
|
|
39
|
+
IF operationExists(idempotencyKey) THEN return existing_result
|
|
40
|
+
ELSE execute operation AND save result with idempotencyKey
|
|
41
|
+
```
|
|
42
|
+
- If multiple processes can modify the same resource simultaneously, distributed locks or optimistic versioning are used to avoid race conditions
|
|
43
|
+
- Read-modify-write operations are atomic (not read, process in memory and write without protection)
|
|
44
|
+
|
|
45
|
+
## B6. DB queries
|
|
46
|
+
- No loops to fetch information from different data sources
|
|
47
|
+
- If cross-data is needed, create a function that uses JOINs or internally optimized queries
|
|
48
|
+
- Queries use appropriate indexes
|
|
49
|
+
- No N+1 queries
|
|
50
|
+
- No SQL/NoSQL injection possible (parameterized queries with the project's ORM/driver)
|
|
51
|
+
- **Schema (DDL)**: by default, do not use TypeORM's migration system or `synchronize` to apply or version DB changes (neither `MigrationInterface`, nor relying on `migration:run` / `migration:generate` in the app deployment flow). Schema changes are delivered as **explicit scripts** (e.g. versioned `.sql` files under the repo convention) so **whoever operates the engine** executes them **manually and separately** in each environment (Postgres, MySQL, etc.). **Exception**: if `AGENTS.md` **explicitly** defines another mechanism as a rule for **that** repository (e.g. TypeORM migrations or another agreed pipeline), mark this bullet as **N/A** and only verify the change complies with what is documented there (without requiring manual scripts).
|
|
52
|
+
- If the default policy applies (manual scripts): the delivered schema scripts document execution order, are reversible or describe rollback, and do not destroy existing data without an explicit plan. If the exception applies via `AGENTS.md`, mark **N/A** or evaluate according to what that file requires for migrations.
|
|
53
|
+
|
|
54
|
+
## B7. Caching
|
|
55
|
+
- Repetitive DB queries use **distributed** cache (not in-process memory cache — avoid restarts due to RAM exhaustion)
|
|
56
|
+
- The pattern is: check cache -> if not found, query DB -> save to cache with TTL
|
|
57
|
+
- Cache keys are specific and predictable (include the parameters that make the query unique)
|
|
58
|
+
- Cache is invalidated when underlying data changes (if applicable)
|
|
59
|
+
- TTL is appropriate for the data type (configuration: long, transactional data: short or no cache)
|
|
60
|
+
|
|
61
|
+
## B8. Resilience and connections
|
|
62
|
+
- All external calls (HTTP, gRPC, DB, queues) have **configured timeout** (do not wait indefinitely)
|
|
63
|
+
- If an external dependency fails, the response degrades gracefully (fallback, clear error message, retry)
|
|
64
|
+
- Connection pooling in DB and HTTP clients (do not open/close a connection per request)
|
|
65
|
+
- Connections are properly released (in finally blocks or equivalent)
|
|
66
|
+
- If the project uses circuit breaker, calls to unstable services implement it
|
|
67
|
+
|
|
68
|
+
## B9. Queues and messaging (if applicable)
|
|
69
|
+
- Consumers are **idempotent**: processing the same message twice does not duplicate the effect
|
|
70
|
+
- Processing is acknowledged (ack) **after** completing the operation, not before
|
|
71
|
+
- Messages that fail repeatedly go to a dead letter queue (they are not lost or stuck in the queue)
|
|
72
|
+
- Producers do not lose messages if the queue is unavailable (retry or local persistence)
|
|
73
|
+
- Message payloads contain enough information to be processed without unnecessary additional queries
|
|
74
|
+
|
|
75
|
+
## B10. Performance
|
|
76
|
+
- Heavy or long-running operations are asynchronous (queues, workers, background jobs)
|
|
77
|
+
- No obvious memory leaks (subscriptions without unsubscribe, listeners without cleanup, unclosed connections, uncanceled timers)
|
|
78
|
+
- Endpoints with heavy responses use pagination
|
|
79
|
+
- Complete DB relationships are not loaded if only specific fields are needed (specific select)
|
|
80
|
+
|
|
81
|
+
## B11. Logging (Refacil standard)
|
|
82
|
+
- The project's centralized logger is used (not direct console prints), if already present in the repository
|
|
83
|
+
- Critical business operations (sales, transactions, payments) have logs
|
|
84
|
+
- Specific and necessary properties are logged — never complex objects or entities with full relationships
|
|
85
|
+
- Catch logs contain enough information to diagnose the error (what failed, with what data, in what context)
|
|
86
|
+
- Logs have appropriate level: error for failures, warn for recoverable unexpected situations, info for critical business flows
|
|
87
|
+
|
|
88
|
+
## B12. Backend testing
|
|
89
|
+
- Integration tests with a real DB for repositories and complex queries (not just mocks)
|
|
90
|
+
- API contract tests (valid request returns expected structure, invalid request returns formatted error)
|
|
91
|
+
- Error case tests (dependency down, timeout, invalid data)
|
|
92
|
+
- If there is critical concurrency: tests that validate idempotency or atomicity
|
|
@@ -1,72 +1,72 @@
|
|
|
1
|
-
# Checklist
|
|
2
|
-
|
|
3
|
-
>
|
|
4
|
-
>
|
|
5
|
-
|
|
6
|
-
## F1.
|
|
7
|
-
-
|
|
8
|
-
-
|
|
9
|
-
-
|
|
10
|
-
- No
|
|
11
|
-
|
|
12
|
-
## F2.
|
|
13
|
-
-
|
|
14
|
-
- No
|
|
15
|
-
-
|
|
16
|
-
-
|
|
17
|
-
|
|
18
|
-
## F3.
|
|
19
|
-
-
|
|
20
|
-
-
|
|
21
|
-
-
|
|
22
|
-
-
|
|
23
|
-
|
|
24
|
-
## F4.
|
|
25
|
-
-
|
|
26
|
-
-
|
|
27
|
-
-
|
|
28
|
-
-
|
|
29
|
-
|
|
30
|
-
## F5.
|
|
31
|
-
-
|
|
32
|
-
-
|
|
33
|
-
-
|
|
34
|
-
|
|
35
|
-
## F6.
|
|
36
|
-
-
|
|
37
|
-
-
|
|
38
|
-
- Deep linking
|
|
39
|
-
-
|
|
40
|
-
|
|
41
|
-
## F7.
|
|
42
|
-
-
|
|
43
|
-
-
|
|
44
|
-
- No
|
|
45
|
-
-
|
|
46
|
-
- No
|
|
47
|
-
-
|
|
48
|
-
|
|
49
|
-
## F8.
|
|
50
|
-
- No
|
|
51
|
-
- Code splitting /
|
|
52
|
-
-
|
|
53
|
-
-
|
|
54
|
-
- No
|
|
55
|
-
-
|
|
56
|
-
-
|
|
57
|
-
|
|
58
|
-
## F9.
|
|
59
|
-
-
|
|
60
|
-
-
|
|
61
|
-
-
|
|
62
|
-
-
|
|
63
|
-
|
|
64
|
-
## F10.
|
|
65
|
-
- No
|
|
66
|
-
-
|
|
67
|
-
-
|
|
68
|
-
|
|
69
|
-
## F11.
|
|
70
|
-
-
|
|
71
|
-
- Tests
|
|
72
|
-
-
|
|
1
|
+
# Frontend Checklist — Refacil Team
|
|
2
|
+
|
|
3
|
+
> Complements the [general checklist](checklist.md). Applies to **frontend** repositories (web, mobile, desktop applications with UI).
|
|
4
|
+
> Detection: if the project has UI component structure, client-side state management, routes/views, or consumes APIs to render interfaces, apply this checklist.
|
|
5
|
+
|
|
6
|
+
## F1. Components and structure
|
|
7
|
+
- Components have a single responsibility (do not mix business logic with presentation)
|
|
8
|
+
- Complex logic is separated into helper functions, services, or the framework's reuse pattern
|
|
9
|
+
- Reusable components are in the project's shared folder (consult AGENTS.md)
|
|
10
|
+
- No excessively large components (> 200 lines as a guideline — consider extracting)
|
|
11
|
+
|
|
12
|
+
## F2. State and data
|
|
13
|
+
- State is managed at the closest level to where it is needed (avoid passing data unnecessarily through multiple levels)
|
|
14
|
+
- No duplicated or derivable state that can be calculated
|
|
15
|
+
- API calls use the pattern established in the project (consult AGENTS.md)
|
|
16
|
+
- All 4 states of each data-consuming view are handled: loading, error, empty, and with data
|
|
17
|
+
|
|
18
|
+
## F3. Error handling in UI
|
|
19
|
+
- Error handling exists at the component or section level (so the entire app does not crash due to a widget error)
|
|
20
|
+
- Error screens show clear visual feedback to the user (never blank or broken screens)
|
|
21
|
+
- Unexpected errors are captured and logged (if the project has a monitoring service)
|
|
22
|
+
- No errors or warnings in the browser console during normal flows
|
|
23
|
+
|
|
24
|
+
## F4. API integration
|
|
25
|
+
- Network states are handled: retries, timeout, disconnection
|
|
26
|
+
- Requests are cancelled when unmounting the component or navigating away (avoid state updates in already-destroyed components)
|
|
27
|
+
- Long lists use pagination or infinite scroll with incremental loading
|
|
28
|
+
- Duplicate or unnecessary calls to the same endpoint are avoided
|
|
29
|
+
|
|
30
|
+
## F5. Form validation
|
|
31
|
+
- Forms validate user input before submitting
|
|
32
|
+
- Error messages are clear and in the user's language
|
|
33
|
+
- Double submission is prevented (disable button, loading state)
|
|
34
|
+
|
|
35
|
+
## F6. Routing and navigation
|
|
36
|
+
- Protected routes validate authentication/authorization before rendering
|
|
37
|
+
- Handling of not-found routes exists (404 screen or redirect)
|
|
38
|
+
- Deep linking works correctly (accessing an internal URL directly)
|
|
39
|
+
- Post-login/logout redirects are correct
|
|
40
|
+
|
|
41
|
+
## F7. Visual consistency
|
|
42
|
+
- The project's design system components and tokens are used (consult AGENTS.md)
|
|
43
|
+
- The defined spacing and typography scale is respected
|
|
44
|
+
- No unnecessary inline styles if the project has a defined style system
|
|
45
|
+
- Icons and images are optimized (appropriate formats, correct sizes)
|
|
46
|
+
- No hardcoded text if the project uses internationalization (i18n)
|
|
47
|
+
- The UI is responsive if applicable to the project
|
|
48
|
+
|
|
49
|
+
## F8. Frontend performance
|
|
50
|
+
- No unnecessary re-renders (use the framework's memoization/optimization techniques)
|
|
51
|
+
- Code splitting / lazy loading of heavy routes or modules
|
|
52
|
+
- Images use lazy loading
|
|
53
|
+
- Optimized fonts (preload, fallback defined)
|
|
54
|
+
- No heavy dependencies loaded unnecessarily (evaluate bundle size)
|
|
55
|
+
- No duplicate dependencies in the bundle
|
|
56
|
+
- Long lists use virtualization if applicable
|
|
57
|
+
|
|
58
|
+
## F9. Accessibility (a11y)
|
|
59
|
+
- Interactive elements have accessible labels (labels, alternative texts, ARIA roles)
|
|
60
|
+
- Keyboard navigation works correctly
|
|
61
|
+
- Color contrast is adequate
|
|
62
|
+
- Touch targets have an adequate minimum size (44x44px as a guideline)
|
|
63
|
+
|
|
64
|
+
## F10. Frontend security
|
|
65
|
+
- No sensitive data exposed on the client (tokens, secrets, API keys in source code)
|
|
66
|
+
- Inputs are sanitized to prevent XSS
|
|
67
|
+
- Tokens or sensitive data are not stored in client storage without adequate protection
|
|
68
|
+
|
|
69
|
+
## F11. Frontend testing
|
|
70
|
+
- User interaction tests (clicks, forms, navigation)
|
|
71
|
+
- Tests for all 4 visual states (loading, error, empty, with data)
|
|
72
|
+
- Tests verify user behavior, not implementation details
|