speccrew 0.5.10 → 0.5.12

package/.speccrew/skills/speccrew-dev-review-backend/SKILL.md

@@ -0,0 +1,212 @@
+---
+name: speccrew-dev-review-backend
+description: SpecCrew Backend Code Review Skill. Reviews backend implementation code against system design documents, API contracts, and coding standards. Generates structured review reports with PASS/PARTIAL/FAIL verdict.
+tools: Read, Glob, Grep
+---
+
+# Trigger Scenarios
+
+- When speccrew-system-developer dispatches backend code review for a completed module
+- When user requests "Review this backend module's implementation"
+- When user asks "Check if backend code matches design"
+- When incremental review is needed after partial backend implementation
+
+# Input Parameters
+
+| Parameter | Required | Description |
+|-----------|----------|-------------|
+| `design_doc_path` | Yes | Path to backend module design document |
+| `implementation_report_path` | Yes | Path to backend development report |
+| `source_root` | Yes | Root directory of backend source code |
+| `platform_id` | Yes | Backend platform (backend-spring, backend-nodejs) |
+| `api_contract_path` | No | Path to API contract file for endpoint validation |
+| `task_id` | Yes | Task identifier from dispatch context |
+| `previous_review_path` | No | Path to previous review report for incremental review |
+
+# Workflow
+
+## Absolute Constraints
+
+> **Violation = review failure.**
+
+1. **READ-ONLY OPERATION** — NEVER modify source code files. Only read and report findings.
+2. **FORBIDDEN: Code fixes** — Do NOT attempt to fix issues. Only document them.
+3. **MANDATORY: Actionable output** — PARTIAL/FAIL results MUST include specific "Re-dispatch Guidance".
+4. **INCREMENTAL REVIEW SUPPORT** — If `previous_review_path` provided, skip items already marked as passed.
+
+## Step 1: Load Documents
+
+### 1.1 Validate Inputs
+
+Verify all required parameters provided. If any missing → Report error, stop.
+
+### 1.2 Read Design Document
+
+Extract from backend design document:
+
+| Section | Information to Extract |
+|---------|------------------------|
+| Module Overview | Module name, responsibilities |
+| File Structure | Required files (DO, VO, Mapper, Service, Controller, Convert, Enums) |
+| Class Specifications | Class names, inheritance requirements, annotations |
+| API Endpoints | Endpoint definitions, HTTP methods, paths |
+| Business Logic | Service methods, transaction requirements |
+
+### 1.3 Read Implementation Report
+
+Extract: Completed Files, Implementation Status, Known Issues.
+
+### 1.4 Read API Contract (if provided)
+
+Extract for validation: Endpoint Definitions, Request/Response Schemas, HTTP Methods, Error Codes.
+
+## Step 2: File Completeness Check
+
+### 2.1 Build Expected File List
+
+Backend file categories:
+
+| Category | Pattern | Example |
+|----------|---------|---------|
+| Enums | `enums/*.java` | `enums/ErrorCodeConstants.java` |
+| DO | `dal/dataobject/**/*.java` | `dal/dataobject/employee/EmployeeDO.java` |
+| VO | `controller/admin/vo/**/*.java` | `controller/admin/vo/EmployeeRespVO.java` |
+| Mapper | `dal/mapper/**/*.java` | `dal/mapper/employee/EmployeeMapper.java` |
+| Service | `service/**/*.java` | `service/employee/EmployeeService.java` |
+| Controller | `controller/admin/**/*.java` | `controller/admin/employee/EmployeeController.java` |
+| Convert | `convert/**/*.java` | `convert/employee/EmployeeConvert.java` |
+
+### 2.2 Scan Actual Files
+
+Use `Glob` to scan `source_root` for implemented files.
+
+### 2.3 Calculate Completeness
+
+Generate completeness matrix and percentage: `completeness_pct = (created / required) * 100`
+
+## Step 3: Backend-Specific Compliance Check
+
+### 3.1 DO/VO/DTO Compliance
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| Base Class | Must extend correct base class (e.g., `TenantBaseDO`) | ERROR |
+| @TableName | Must have `@TableName` with correct table name | ERROR |
+| @Schema | Must have `@Schema` for documentation | WARN |
+| Validation | Required fields must have `@NotNull` or similar | ERROR |
+| Desensitization | Sensitive fields must have desensitization | ERROR |
+
+### 3.2 Service Layer Check
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| Interface | Must have Service interface and implementation separation | WARN |
+| @Service | Implementation must have `@Service` annotation | ERROR |
+| @Transactional | DB write methods must have `@Transactional` | ERROR |
+| Method Coverage | All methods in design must be implemented | ERROR |
+| Data Permission | Must check data permissions where required | ERROR |
+
+### 3.3 Controller Layer Check
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| @RestController | Must have `@RestController` annotation | ERROR |
+| @RequestMapping | Must have base `@RequestMapping` annotation | ERROR |
+| @Operation | Endpoints should have `@Operation` for documentation | WARN |
+| @PreAuthorize | Must have permission annotations where required | ERROR |
+| @Valid | Request VO parameters must have `@Valid` | ERROR |
+
+### 3.4 Database Mapping Validation
+
+- Verify Entity fields match design document
+- Check MyBatis XML mappers exist alongside Mapper interfaces
+- Validate Lombok `@Data` or similar on DO/VO classes
+
+## Step 4: API Consistency Check
+
+If `api_contract_path` provided:
+
+| Check | Description | Severity |
+|-------|-------------|----------|
+| Endpoint Coverage | All contract endpoints exist in Controller | ERROR |
+| HTTP Method | Methods match contract | ERROR |
+| Path Match | URL paths match contract exactly | ERROR |
+| VO Fields | All contract fields present in VO | ERROR |
+| Field Types | Data types match contract | ERROR |
+
+## Step 5: Generate Review Report
+
+### 5.1 Determine Result
+
+| Result | Criteria |
+|--------|----------|
+| **PASS** | 100% files created, 0 ERROR-level issues |
+| **PARTIAL** | 70-99% files created, or non-critical ERROR issues |
+| **FAIL** | <70% files created, or critical blockers present |
+
+### 5.2 Write Report
+
+Generate report at: `speccrew-workspace/iterations/{number}-{type}-{name}/04.development/{platform_id}/[module]-review-report.md`
+
+Use template from `templates/REVIEW-REPORT-TEMPLATE.md`.
+
+## Step 6: Task Completion Report
+
+### Success
+
+```markdown
+## Task Completion Report
+- **Status**: SUCCESS
+- **Task ID**: review-{original_task_id}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Output Files**: {review_report_path}
+- **Summary**: Review {result}: {completed}/{total} files, {error_count} errors
+```
+
+### Failure
+
+```markdown
+## Task Completion Report
+- **Status**: FAILED
+- **Task ID**: review-{original_task_id}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Output Files**: None
+- **Summary**: Review failed during {step}
+- **Error**: {detailed error description}
+- **Error Category**: DEPENDENCY_MISSING | VALIDATION_ERROR | BLOCKED
+- **Recovery Hint**: {suggestion}
+```
+
+# Severity Levels
+
+| Level | Definition | Action Required |
+|-------|------------|-----------------|
+| **CRITICAL** | Security vulnerability or data integrity issue | Must fix immediately |
+| **ERROR** | Blocking functionality or violating core requirements | Must fix before PASS |
+| **WARN** | Best practice violation or missing documentation | Should fix |
+| **LOW** | Code style or minor optimization suggestion | Optional |
+
+# Key Rules
+
+| Rule | Description |
+|------|-------------|
+| **Read-Only** | NEVER modify any source code |
+| **Blueprint-Driven** | Validate against design document specifications |
+| **Actionable Output** | PARTIAL/FAIL must include specific fix guidance |
+| **Incremental Support** | Skip already-passed items when previous review provided |
+| **Completeness First** | File existence is primary check before content validation |
+
+# Checklist
+
+- [ ] All required inputs validated
+- [ ] Design document loaded and parsed
+- [ ] File completeness check completed with category breakdown
+- [ ] DO classes checked for base class and annotations
+- [ ] VO classes checked for validation and desensitization
+- [ ] Service classes checked for @Transactional and permissions
+- [ ] Controller classes checked for annotations and endpoints
+- [ ] API contract validated against implementation (if provided)
+- [ ] Review report written with clear verdict
+- [ ] Re-dispatch guidance provided for PARTIAL/FAIL

package/.speccrew/skills/speccrew-dev-review-backend/templates/REVIEW-REPORT-TEMPLATE.md

@@ -0,0 +1,94 @@
+# Backend Code Review Report
+
+## Summary
+
+- **Task ID**: {task_id}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Review Date**: {review_date}
+- **Review Result**: PASS | PARTIAL | FAIL
+- **Completeness**: {completed_files}/{total_files} ({percentage}%)
+
+## File Completeness
+
+| Category | Required | Created | Missing |
+|----------|----------|---------|---------|
+| Enums | {n} | {n} | {n} |
+| DO | {n} | {n} | {n} |
+| VO | {n} | {n} | {n} |
+| Mapper | {n} | {n} | {n} |
+| Service | {n} | {n} | {n} |
+| Controller | {n} | {n} | {n} |
+| Convert | {n} | {n} | {n} |
+| **Total** | **{n}** | **{n}** | **{n}** |
+
+## Missing Files
+
+1. `{expected_path_1}`
+2. `{expected_path_2}`
+...
+
+## Code Compliance Issues
+
+### DO/VO/DTO Issues
+
+| Severity | File | Issue Description |
+|----------|------|-------------------|
+| ERROR | `{file}` | {description} |
+| WARN | `{file}` | {description} |
+
+### Service Layer Issues
+
+| Severity | File | Issue Description |
+|----------|------|-------------------|
+| ERROR | `{file}` | {description} |
+| WARN | `{file}` | {description} |
+
+### Controller Layer Issues
+
+| Severity | File | Issue Description |
+|----------|------|-------------------|
+| ERROR | `{file}` | {description} |
+| WARN | `{file}` | {description} |
+
+### Database Mapping Issues
+
+| Severity | File | Issue Description |
+|----------|------|-------------------|
+| ERROR | `{file}` | {description} |
+| WARN | `{file}` | {description} |
+
+## API Consistency Issues
+
+| Severity | Endpoint | Issue Description |
+|----------|----------|-------------------|
+| ERROR | `{endpoint}` | {description} |
+| WARN | `{endpoint}` | {description} |
+
+## Business Logic Issues
+
+| Severity | Method | Issue Description |
+|----------|--------|-------------------|
+| ERROR | `{method}` | {description} |
+| WARN | `{method}` | {description} |
+
+## Verdict
+
+{Detailed verdict explanation based on findings. Explain why PASS, PARTIAL, or FAIL was assigned.}
+
+## Re-dispatch Guidance
+
+Priority items for next dev worker:
+
+1. **{priority_item_1}** - {detailed description}
+2. **{priority_item_2}** - {detailed description}
+3. **{priority_item_3}** - {detailed description}
+
+## Issue Statistics
+
+| Severity | Count |
+|----------|-------|
+| CRITICAL | {n} |
+| ERROR | {n} |
+| WARN | {n} |
+| LOW | {n} |

package/.speccrew/skills/speccrew-dev-review-desktop/SKILL.md

@@ -0,0 +1,181 @@
+---
+name: speccrew-dev-review-desktop
+description: SpecCrew Desktop Code Review Skill. Reviews desktop app implementation code (Electron/Tauri) against system design documents and security standards. Generates structured review reports with PASS/PARTIAL/FAIL verdict.
+tools: Read, Glob, Grep
+---
+
+# Trigger Scenarios
+
+- When speccrew-system-developer dispatches desktop code review for a completed module
+- When user requests "Review this desktop module's implementation"
+- When user asks "Check if desktop code matches design"
+- When incremental review is needed after partial desktop implementation
+
+# Input Parameters
+
+| Parameter | Required | Description |
+|-----------|----------|-------------|
+| `design_doc_path` | Yes | Path to desktop module design document |
+| `implementation_report_path` | Yes | Path to desktop development report |
+| `source_root` | Yes | Root directory of desktop source code |
+| `platform_id` | Yes | Desktop platform (desktop-tauri, desktop-electron) |
+| `api_contract_path` | No | Path to API contract file |
+| `task_id` | Yes | Task identifier from dispatch context |
+| `previous_review_path` | No | Path to previous review report |
+
+# Workflow
+
+## Absolute Constraints
+
+> **Violation = review failure.**
+
+1. **READ-ONLY OPERATION** — NEVER modify source code files.
+2. **FORBIDDEN: Code fixes** — Do NOT attempt to fix issues. Only document them.
+3. **MANDATORY: Actionable output** — PARTIAL/FAIL results MUST include specific "Re-dispatch Guidance".
+4. **INCREMENTAL REVIEW SUPPORT** — Skip items already marked as passed in previous review.
+
+## Step 1: Load Documents
+
+### 1.1 Validate Inputs
+
+Verify all required parameters provided. If any missing → Report error, stop.
+
+### 1.2 Read Design Document
+
+Extract: Module Overview, Process Architecture, IPC Contracts, Native Integration points.
+
+### 1.3 Read Implementation Report
+
+Extract: Completed Files, Implementation Status, Known Issues.
+
+### 1.4 Read API Contract (if provided)
+
+Extract API endpoints for validation against desktop API calls.
+
+## Step 2: File Completeness Check
+
+### 2.1 Build Expected File List
+
+Desktop file categories:
+
+| Category | Pattern | Example |
+|----------|---------|---------|
+| Main Process | `src-tauri/src/**/*.rs` or `main/**/*` | `src-tauri/src/main.rs` |
+| Renderer | `src/**/*` (frontend files) | `src/App.vue` |
+| Preload | `preload/**/*` or `src-tauri/src/preload.rs` | `preload/index.ts` |
+| IPC Handlers | `src-tauri/src/commands/**/*.rs` | `commands/file.rs` |
+| Native Modules | `native/**/*` | `native/fileSystem.ts` |
+
+### 2.2 Scan Actual Files
+
+Use `Glob` to scan `source_root` for implemented files.
+
+### 2.3 Calculate Completeness
+
+Generate completeness matrix and percentage.
+
+## Step 3: Desktop-Specific Compliance Check
+
+### 3.1 Process Separation Validation
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| Main/Renderer Separation | Business logic in main process only | CRITICAL |
+| No Node in Renderer | Renderer has no direct Node.js access | CRITICAL |
+| Context Isolation | contextIsolation enabled | CRITICAL |
+
+### 3.2 IPC Channel Consistency
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| Channel Naming | IPC channels follow naming convention | ERROR |
+| Type Safety | IPC payloads properly typed | ERROR |
+| Channel Registration | All channels registered in preload | ERROR |
+| Bidirectional Safety | No unsafe IPC patterns | CRITICAL |
+
+### 3.3 Security Isolation
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| contextBridge | Uses contextBridge for API exposure | CRITICAL |
+| Preload Script | Preload script properly configured | CRITICAL |
+| CSP Headers | Content Security Policy configured | ERROR |
+| Remote Content | No unsafe remote content loading | CRITICAL |
+
+### 3.4 Native Integration Check
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| File System | File operations in main process only | CRITICAL |
+| System Notifications | Notifications properly implemented | WARN |
+| Native Menus | Menu structure matches design | ERROR |
+| System Tray | Tray implementation if required | ERROR |
+
+### 3.5 Packaging Configuration
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| Build Config | Build configuration complete | ERROR |
+| Assets | Required assets included | ERROR |
+| Signing | Code signing configured (if required) | WARN |
+| Auto-Update | Auto-update mechanism (if required) | WARN |
+
+## Step 4: Generate Review Report
+
+### 4.1 Determine Result
+
+| Result | Criteria |
+|--------|----------|
+| **PASS** | 100% files created, 0 ERROR-level issues |
+| **PARTIAL** | 70-99% files created, or non-critical ERROR issues |
+| **FAIL** | <70% files created, or critical blockers present |
+
+### 4.2 Write Report
+
+Generate report at: `speccrew-workspace/iterations/{number}-{type}-{name}/04.development/{platform_id}/[module]-review-report.md`
+
+Use template from `templates/REVIEW-REPORT-TEMPLATE.md`.
+
+## Step 5: Task Completion Report
+
+```markdown
+## Task Completion Report
+- **Status**: SUCCESS
+- **Task ID**: review-{original_task_id}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Output Files**: {review_report_path}
+- **Summary**: Review {result}: {completed}/{total} files, {error_count} errors
+```
+
+# Severity Levels
+
+| Level | Definition | Action Required |
+|-------|------------|-----------------|
+| **CRITICAL** | Security vulnerability or sandbox escape risk | Must fix immediately |
+| **ERROR** | Blocking functionality or violating core requirements | Must fix before PASS |
+| **WARN** | Best practice violation or missing documentation | Should fix |
+| **LOW** | Code style or minor optimization suggestion | Optional |
+
+# Key Rules
+
+| Rule | Description |
+|------|-------------|
+| **Read-Only** | NEVER modify any source code |
+| **Security First** | Desktop security is paramount - verify isolation |
+| **Blueprint-Driven** | Validate against design document specifications |
+| **Actionable Output** | PARTIAL/FAIL must include specific fix guidance |
+| **Completeness First** | File existence is primary check before content validation |
+
+# Checklist
+
+- [ ] All required inputs validated
+- [ ] Design document loaded and parsed
+- [ ] File completeness check completed
+- [ ] Main/renderer separation validated
+- [ ] IPC channels checked for consistency
+- [ ] Security isolation verified
+- [ ] Native integration checked
+- [ ] Packaging configuration validated
+- [ ] Review report written with clear verdict
+- [ ] Re-dispatch guidance provided for PARTIAL/FAIL

package/.speccrew/skills/speccrew-dev-review-desktop/templates/REVIEW-REPORT-TEMPLATE.md

@@ -0,0 +1,90 @@
+# Desktop Code Review Report
+
+## Summary
+
+- **Task ID**: {task_id}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Review Date**: {review_date}
+- **Review Result**: PASS | PARTIAL | FAIL
+- **Completeness**: {completed_files}/{total_files} ({percentage}%)
+
+## File Completeness
+
+| Category | Required | Created | Missing |
+|----------|----------|---------|---------|
+| Main Process | {n} | {n} | {n} |
+| Renderer | {n} | {n} | {n} |
+| Preload | {n} | {n} | {n} |
+| IPC Handlers | {n} | {n} | {n} |
+| Native Modules | {n} | {n} | {n} |
+| **Total** | **{n}** | **{n}** | **{n}** |
+
+## Missing Files
+
+1. `{expected_path_1}`
+2. `{expected_path_2}`
+...
+
+## Process Separation Issues
+
+| Severity | File | Issue Description |
+|----------|------|-------------------|
+| CRITICAL | `{file}` | {description} |
+| ERROR | `{file}` | {description} |
+
+## IPC Channel Issues
+
+| Severity | Channel | Issue Description |
+|----------|---------|-------------------|
+| CRITICAL | `{channel}` | {description} |
+| ERROR | `{channel}` | {description} |
+| WARN | `{channel}` | {description} |
+
+## Security Isolation Issues
+
+| Severity | Aspect | Issue Description |
+|----------|--------|-------------------|
+| CRITICAL | contextBridge | {description} |
+| CRITICAL | Preload Script | {description} |
+| ERROR | CSP Headers | {description} |
+| CRITICAL | Remote Content | {description} |
+
+## Native Integration Issues
+
+| Severity | Feature | Issue Description |
+|----------|---------|-------------------|
+| CRITICAL | File System | {description} |
+| ERROR | Native Menus | {description} |
+| ERROR | System Tray | {description} |
+| WARN | Notifications | {description} |
+
+## Packaging Configuration Issues
+
+| Severity | Aspect | Issue Description |
+|----------|--------|-------------------|
+| ERROR | Build Config | {description} |
+| ERROR | Assets | {description} |
+| WARN | Signing | {description} |
+| WARN | Auto-Update | {description} |
+
+## Verdict
+
+{Detailed verdict explanation based on findings.}
+
+## Re-dispatch Guidance
+
+Priority items for next dev worker:
+
+1. **{priority_item_1}** - {detailed description}
+2. **{priority_item_2}** - {detailed description}
+3. **{priority_item_3}** - {detailed description}
+
+## Issue Statistics
+
+| Severity | Count |
+|----------|-------|
+| CRITICAL | {n} |
+| ERROR | {n} |
+| WARN | {n} |
+| LOW | {n} |