super-opencode 1.1.0 → 1.1.1

package/.opencode/commands/soc-analyze.md

@@ -1,137 +1,136 @@
----
-name: analyze
-description: "Orchestrator command that triggers specialized agents for code, security, and architecture review."
----
-
-# /soc-analyze
-
-## 1. Command Overview
-The `/soc-analyze` command is the **primary entry point** for all code inspection tasks. It does not perform the analysis itself; instead, it acts as a **router**, identifying the correct specialized agent (`security`, `quality`, `architect`, or `backend`) and providing them with the necessary context and constraints.
-
-## 2. Triggers & Routing
-The command automatically routes to the best-suited agent based on the `--focus` flag or the context of the request.
-
-| Trigger Scenario | Flag | Target Agent | Context Injected |
-| :--- | :--- | :--- | :--- |
-| **Security Audit** | `--focus security` | `[security]` | STRIDE model, OWASP Top 10 checklist |
-| **Code Review** | `--focus quality` | `[quality]` | Test coverage stats, Linter rules |
-| **System Design** | `--focus architecture` | `[architect]` | Current ADRs, Cloud constraints |
-| **Database/API** | `--focus backend` | `[backend]` | Schema definitions, API contracts |
-| **UI/UX Check** | `--focus frontend` | `[frontend]` | Mobile responsiveness, WCAG standards |
-
-## 3. Usage & Arguments
-```bash
-/soc-analyze [target] [flags]
-```
-
-### Arguments
--   **`[target]`**: (Optional) specific file, directory, or "all" (default: current context).
-
-### Flags
--   **`--focus [domain]`**: **MANDATORY** (if not implied). Forces a specific agent.
-    -   Options: `security`, `quality`, `architecture`, `performance`, `backend`, `frontend`.
--   **`--depth [level]`**:
-    -   `quick`: Static checks, linting, known CVEs (Fast).
-    -   `deep`: Logic flow analysis, race condition checks, architectural impact (Slow, uses `sequential-thinking`).
--   **`--format [type]`**:
-    -   `text`: Human-readable summary (default).
-    -   `json`: Machine-parsable output for CI/CD pipelines.
-
-## 4. Behavioral Flow (Orchestration)
-
-### Phase 1: Context Gathering (The "Map")
-1.  **Scan**: The command uses `glob` to list relevant files in `[target]`.
-2.  **Filter**: It excludes `node_modules`, `.git`, and lockfiles.
-3.  **Detect**: It identifies the stack (e.g., "Next.js + Postgres") to inform the agent.
-
-### Phase 2: Delegation (The "Handoff")
-The command constructs a specific prompt for the target agent:
-> "Agent **[Name]**, perform a **[Depth]** analysis on **[Target]**.
-> Context: The project is **[Stack]**.
-> Constraint: Focus strictly on **[Focus Area]**.
-> Output: Use the standard **Analysis Report** format."
-
-### Phase 3: Synthesis (The "Report")
-The command collates the agent's output. If multiple agents were invoked (e.g., "full audit"), it merges their JSON outputs into a single artifact.
-
-## 5. Output Guidelines (The Contract)
-
-All triggered agents must return data in this structure so the user (or PM) can parse it.
-
-### Standard Analysis Report
-```markdown
-# Analysis Report: [Focus Area]
-**Target:** `src/auth/*`
-**Agent:** `security`
-**Date:** 2025-10-27
-
-## Summary
-Found **2 High** severity issues and **1 Low** severity issue.
-
-## Critical Findings
-1.  **[High] SQL Injection Vulnerability**
-    *   *File:* `src/auth/login.ts`
-    *   *Context:* Raw string concatenation in query.
-    *   *Recommendation:* Use parameterized queries (see `backend` agent guidelines).
-
-2.  **[Medium] Missing Rate Limiting**
-    *   *File:* `src/api/routes.ts`
-    *   *Recommendation:* Implement middleware adapter.
-
-## Metrics
--   **Files Scanned:** 12
--   **Coverage:** 45% (Below threshold)
-```
-
-## 6. Examples
-
-### A. Security Scan (Deep)
-```bash
-/soc-analyze src/payments --focus security --depth deep
-```
-*Effect:* Triggers `security` agent. It will use `tavily` to check CVEs for payment libraries and use `sequential-thinking` to look for logic flaws in the transaction flow.
-
-### B. Architecture Review
-```bash
-/soc-analyze --focus architecture
-```
-*Effect:* Triggers `architect` agent. It scans the folder structure and `package.json` to generate a high-level component diagram and validates it against `ADR` files.
-
-### C. Performance Check (Frontend)
-```bash
-/soc-analyze src/components/LandingPage --focus frontend --depth quick
-```
-*Effect:* Triggers `frontend` agent. Checks for `next/image` usage, large bundles, and CLS (Cumulative Layout Shift) risks.
-
-## 7. Dependencies & Capabilities
-
-### Agents
--   **Primary Dispatch**:
-    -   `@[.opencode/agents/security.md]`
-    -   `@[.opencode/agents/quality.md]`
-    -   `@[.opencode/agents/architect.md]`
-    -   `@[.opencode/agents/backend.md]`
-    -   `@[.opencode/agents/frontend.md]`
-
-### Skills
--   **Security Audit**: `@[.opencode/skills/security-audit/SKILL.md]` - For identifying vulnerabilities.
--   **Reflexion**: `@[.opencode/skills/reflexion/SKILL.md]` - For deep analysis loops.
--   **Debug Protocol**: `@[.opencode/skills/debug-protocol/SKILL.md]` - For tracing logic errors.
-
-### MCP Integration
--   **`tavily`**: Used for real-time CVE lookups and security advisory searches.
--   **`context7`**: Used to fetch up-to-date documentation for libraries and frameworks to ensure analysis is accurate to the version used.
--   **`filesystem`**: Native access used for `glob` scanning and file reading.
--   **`sequential-thinking`**: Used for complex architectural reasoning and deep-dive analysis.
-
-## 8. Boundaries
-
-**Will:**
--   Delegate to the most expert agent available.
--   Provide file context to that agent.
--   Summarize findings into a unified report.
-
-**Will Not:**
--   **Fix the code**. (Use `/soc-improve` for that).
--   **Execute code**. (No runtime analysis unless `quality` agent uses `vitest`).
--   **Hallucinate bugs**. (If an agent returns "No issues found," report "No issues found.")
+---
+description: "Orchestrator command that triggers specialized agents for code, security, and architecture review."
+---
+
+# /soc-analyze
+
+## 1. Command Overview
+The `/soc-analyze` command is the **primary entry point** for all code inspection tasks. It does not perform the analysis itself; instead, it acts as a **router**, identifying the correct specialized agent (`security`, `quality`, `architect`, or `backend`) and providing them with the necessary context and constraints.
+
+## 2. Triggers & Routing
+The command automatically routes to the best-suited agent based on the `--focus` flag or the context of the request.
+
+| Trigger Scenario | Flag | Target Agent | Context Injected |
+| :--- | :--- | :--- | :--- |
+| **Security Audit** | `--focus security` | `[security]` | STRIDE model, OWASP Top 10 checklist |
+| **Code Review** | `--focus quality` | `[quality]` | Test coverage stats, Linter rules |
+| **System Design** | `--focus architecture` | `[architect]` | Current ADRs, Cloud constraints |
+| **Database/API** | `--focus backend` | `[backend]` | Schema definitions, API contracts |
+| **UI/UX Check** | `--focus frontend` | `[frontend]` | Mobile responsiveness, WCAG standards |
+
+## 3. Usage & Arguments
+```bash
+/soc-analyze [target] [flags]
+```
+
+### Arguments
+-   **`[target]`**: (Optional) specific file, directory, or "all" (default: current context).
+
+### Flags
+-   **`--focus [domain]`**: **MANDATORY** (if not implied). Forces a specific agent.
+    -   Options: `security`, `quality`, `architecture`, `performance`, `backend`, `frontend`.
+-   **`--depth [level]`**:
+    -   `quick`: Static checks, linting, known CVEs (Fast).
+    -   `deep`: Logic flow analysis, race condition checks, architectural impact (Slow, uses `sequential-thinking`).
+-   **`--format [type]`**:
+    -   `text`: Human-readable summary (default).
+    -   `json`: Machine-parsable output for CI/CD pipelines.
+
+## 4. Behavioral Flow (Orchestration)
+
+### Phase 1: Context Gathering (The "Map")
+1.  **Scan**: The command uses `glob` to list relevant files in `[target]`.
+2.  **Filter**: It excludes `node_modules`, `.git`, and lockfiles.
+3.  **Detect**: It identifies the stack (e.g., "Next.js + Postgres") to inform the agent.
+
+### Phase 2: Delegation (The "Handoff")
+The command constructs a specific prompt for the target agent:
+> "Agent **[Name]**, perform a **[Depth]** analysis on **[Target]**.
+> Context: The project is **[Stack]**.
+> Constraint: Focus strictly on **[Focus Area]**.
+> Output: Use the standard **Analysis Report** format."
+
+### Phase 3: Synthesis (The "Report")
+The command collates the agent's output. If multiple agents were invoked (e.g., "full audit"), it merges their JSON outputs into a single artifact.
+
+## 5. Output Guidelines (The Contract)
+
+All triggered agents must return data in this structure so the user (or PM) can parse it.
+
+### Standard Analysis Report
+```markdown
+# Analysis Report: [Focus Area]
+**Target:** `src/auth/*`
+**Agent:** `security`
+**Date:** 2025-10-27
+
+## Summary
+Found **2 High** severity issues and **1 Low** severity issue.
+
+## Critical Findings
+1.  **[High] SQL Injection Vulnerability**
+    *   *File:* `src/auth/login.ts`
+    *   *Context:* Raw string concatenation in query.
+    *   *Recommendation:* Use parameterized queries (see `backend` agent guidelines).
+
+2.  **[Medium] Missing Rate Limiting**
+    *   *File:* `src/api/routes.ts`
+    *   *Recommendation:* Implement middleware adapter.
+
+## Metrics
+-   **Files Scanned:** 12
+-   **Coverage:** 45% (Below threshold)
+```
+
+## 6. Examples
+
+### A. Security Scan (Deep)
+```bash
+/soc-analyze src/payments --focus security --depth deep
+```
+*Effect:* Triggers `security` agent. It will use `tavily` to check CVEs for payment libraries and use `sequential-thinking` to look for logic flaws in the transaction flow.
+
+### B. Architecture Review
+```bash
+/soc-analyze --focus architecture
+```
+*Effect:* Triggers `architect` agent. It scans the folder structure and `package.json` to generate a high-level component diagram and validates it against `ADR` files.
+
+### C. Performance Check (Frontend)
+```bash
+/soc-analyze src/components/LandingPage --focus frontend --depth quick
+```
+*Effect:* Triggers `frontend` agent. Checks for `next/image` usage, large bundles, and CLS (Cumulative Layout Shift) risks.
+
+## 7. Dependencies & Capabilities
+
+### Agents
+-   **Primary Dispatch**:
+    -   `@[.opencode/agents/security.md]`
+    -   `@[.opencode/agents/quality.md]`
+    -   `@[.opencode/agents/architect.md]`
+    -   `@[.opencode/agents/backend.md]`
+    -   `@[.opencode/agents/frontend.md]`
+
+### Skills
+-   **Security Audit**: `@[.opencode/skills/security-audit/SKILL.md]` - For identifying vulnerabilities.
+-   **Reflexion**: `@[.opencode/skills/reflexion/SKILL.md]` - For deep analysis loops.
+-   **Debug Protocol**: `@[.opencode/skills/debug-protocol/SKILL.md]` - For tracing logic errors.
+
+### MCP Integration
+-   **`tavily`**: Used for real-time CVE lookups and security advisory searches.
+-   **`context7`**: Used to fetch up-to-date documentation for libraries and frameworks to ensure analysis is accurate to the version used.
+-   **`filesystem`**: Native access used for `glob` scanning and file reading.
+-   **`sequential-thinking`**: Used for complex architectural reasoning and deep-dive analysis.
+
+## 8. Boundaries
+
+**Will:**
+-   Delegate to the most expert agent available.
+-   Provide file context to that agent.
+-   Summarize findings into a unified report.
+
+**Will Not:**
+-   **Fix the code**. (Use `/soc-improve` for that).
+-   **Execute code**. (No runtime analysis unless `quality` agent uses `vitest`).
+-   **Hallucinate bugs**. (If an agent returns "No issues found," report "No issues found.")

package/.opencode/commands/soc-brainstorm.md

@@ -1,110 +1,109 @@
----
-name: brainstorm
-description: "Interactive requirements discovery through Socratic dialogue and systematic exploration"
----
-
-# /soc-brainstorm
-
-## 1. Command Overview
-The `/soc-brainstorm` command is the "Idea Incubator." It is strictly for **Context Trigger patterns** and does not execute code. It behaves as a multi-persona facilitator (Architect, PM, Analyst) to transform vague user intents into concrete requirements specifications. It uses Socratic dialogue to uncover hidden constraints and assumptions.
-
-## 2. Triggers & Routing
-The command activates specific personas based on the explored domain.
-
-| Trigger Scenario | Flag | Target Agent | Context Injected |
-| :--- | :--- | :--- | :--- |
-| **New Startups** | `--strategy systematic` | `[architect]` + `[researcher]` | Market Analysis, Feasibility |
-| **Feature Ideas** | `--strategy agile` | `[pm-agent]` | User Stories, Acceptance Criteria |
-| **Complex Systems** | `--strategy enterprise` | `[architect]` + `[security]` | Compliance, Scalability |
-| **UI Concepts** | `--parallel` | `[frontend]` + `[generate_image]` | UX Flows, Visual Mockups |
-
-## 3. Usage & Arguments
-```bash
-/soc-brainstorm [topic] [flags]
-```
-
-### Arguments
--   **`[topic]`**: The raw idea or problem statement (e.g., "AI-powered ToDo list").
-
-### Flags
--   **`--strategy [systematic|agile|enterprise]`**: (Default: `systematic`).
--   **`--depth [shallow|normal|deep]`**: Controls the number of follow-up questions.
--   **`--parallel`**: Activates concurrent analysis by multiple agents.
--   **`--validate`**: Cross-checks ideas against market/tech constraints.
-
-## 4. Behavioral Flow (Orchestration)
-
-### Phase 1: Exploration (Socratic Mode)
-1.  **Ask**: "What is the core value proposition?" "Who is the user?"
-2.  **Challenge**: "How does this scale to 10k users?" "What if the API is down?"
-3.  **Synthesize**: Summarize user answers into bullet points.
-
-### Phase 2: Analysis (The Experts)
--   **Architect** evaluates technical feasibility ("Can we really do this with Serverless?").
--   **Security** evaluates risk ("Is this PII compliant?").
--   **Researcher** adds market context ("Competitor X already does this").
-
-### Phase 3: Specification (The Handoff)
--   Generates a "Requirements Brief" or `task.md` draft.
--   Outputs a decision matrix if options were debated.
-
-## 5. Output Guidelines (The Contract)
-
-### Requirements Specification
-```markdown
-# Requirements: [Topic]
-
-## 1. Executive Summary
-[One paragaph vision]
-
-## 2. User Stories
--   As a [User], I want to [Action], so that [Benefit].
-
-## 3. Technical Constraints
--   Must run on Vercel Edge.
--   Latency < 100ms.
-
-## 4. Open Questions
--   [ ] Do we need offline support?
-```
-
-## 6. Examples
-
-### A. Startup Idea Validation
-```bash
-/soc-brainstorm "Uber for Dog Walking" --strategy systematic --depth deep
-```
-*Effect:* Architectural sizing, competitive analysis vs. Rover, and initial data model concepts.
-
-### B. Feature Refinement
-```bash
-/soc-brainstorm "Add Collaboration to Canvas" --strategy agile
-```
-*Effect:* Generates a list of WebSocket requirements, race condition scenarios, and User Stories.
-
-## 7. Dependencies & Capabilities
-
-### Agents
--   **Orchestrator**: `[pm-agent]` - Leads the discussion.
--   **Consultants**: `[architect]`, `[security]`, `[researcher]` - Called in as needed.
-
-### Skills
--   **Sequential Thinking**: `@[.opencode/skills/sequential-thinking/SKILL.md]` - For deep logic chains.
--   **Simplification**: `@[.opencode/skills/simplification/SKILL.md]` - To keep MVPs minimal.
-
-### MCP Integration
--   **`generate_image`**: Visualizing UI concepts during brainstorming.
--   **`tavily`**: Real-time market research to validate user assumptions.
--   **`context7`**: Checking feasibility of integrating specific libraries.
-
-## 8. Boundaries
-
-**Will:**
--   Ask probing questions.
--   Identify risks and constraints.
--   Produce text specifications and requirements.
-
-**Will Not:**
--   **Write Code**: The output is documents, not code.
--   **Make Final Decisions**: It provides options; the user decides.
--   **Design Architecture**: It *explores* architecture boundaries, but `/soc-design` *defines* it.
+---
+description: "Interactive requirements discovery through Socratic dialogue and systematic exploration"
+---
+
+# /soc-brainstorm
+
+## 1. Command Overview
+The `/soc-brainstorm` command is the "Idea Incubator." It is strictly for **Context Trigger patterns** and does not execute code. It behaves as a multi-persona facilitator (Architect, PM, Analyst) to transform vague user intents into concrete requirements specifications. It uses Socratic dialogue to uncover hidden constraints and assumptions.
+
+## 2. Triggers & Routing
+The command activates specific personas based on the explored domain.
+
+| Trigger Scenario | Flag | Target Agent | Context Injected |
+| :--- | :--- | :--- | :--- |
+| **New Startups** | `--strategy systematic` | `[architect]` + `[researcher]` | Market Analysis, Feasibility |
+| **Feature Ideas** | `--strategy agile` | `[pm-agent]` | User Stories, Acceptance Criteria |
+| **Complex Systems** | `--strategy enterprise` | `[architect]` + `[security]` | Compliance, Scalability |
+| **UI Concepts** | `--parallel` | `[frontend]` + `[generate_image]` | UX Flows, Visual Mockups |
+
+## 3. Usage & Arguments
+```bash
+/soc-brainstorm [topic] [flags]
+```
+
+### Arguments
+-   **`[topic]`**: The raw idea or problem statement (e.g., "AI-powered ToDo list").
+
+### Flags
+-   **`--strategy [systematic|agile|enterprise]`**: (Default: `systematic`).
+-   **`--depth [shallow|normal|deep]`**: Controls the number of follow-up questions.
+-   **`--parallel`**: Activates concurrent analysis by multiple agents.
+-   **`--validate`**: Cross-checks ideas against market/tech constraints.
+
+## 4. Behavioral Flow (Orchestration)
+
+### Phase 1: Exploration (Socratic Mode)
+1.  **Ask**: "What is the core value proposition?" "Who is the user?"
+2.  **Challenge**: "How does this scale to 10k users?" "What if the API is down?"
+3.  **Synthesize**: Summarize user answers into bullet points.
+
+### Phase 2: Analysis (The Experts)
+-   **Architect** evaluates technical feasibility ("Can we really do this with Serverless?").
+-   **Security** evaluates risk ("Is this PII compliant?").
+-   **Researcher** adds market context ("Competitor X already does this").
+
+### Phase 3: Specification (The Handoff)
+-   Generates a "Requirements Brief" or `task.md` draft.
+-   Outputs a decision matrix if options were debated.
+
+## 5. Output Guidelines (The Contract)
+
+### Requirements Specification
+```markdown
+# Requirements: [Topic]
+
+## 1. Executive Summary
+[One paragaph vision]
+
+## 2. User Stories
+-   As a [User], I want to [Action], so that [Benefit].
+
+## 3. Technical Constraints
+-   Must run on Vercel Edge.
+-   Latency < 100ms.
+
+## 4. Open Questions
+-   [ ] Do we need offline support?
+```
+
+## 6. Examples
+
+### A. Startup Idea Validation
+```bash
+/soc-brainstorm "Uber for Dog Walking" --strategy systematic --depth deep
+```
+*Effect:* Architectural sizing, competitive analysis vs. Rover, and initial data model concepts.
+
+### B. Feature Refinement
+```bash
+/soc-brainstorm "Add Collaboration to Canvas" --strategy agile
+```
+*Effect:* Generates a list of WebSocket requirements, race condition scenarios, and User Stories.
+
+## 7. Dependencies & Capabilities
+
+### Agents
+-   **Orchestrator**: `[pm-agent]` - Leads the discussion.
+-   **Consultants**: `[architect]`, `[security]`, `[researcher]` - Called in as needed.
+
+### Skills
+-   **Sequential Thinking**: `@[.opencode/skills/sequential-thinking/SKILL.md]` - For deep logic chains.
+-   **Simplification**: `@[.opencode/skills/simplification/SKILL.md]` - To keep MVPs minimal.
+
+### MCP Integration
+-   **`generate_image`**: Visualizing UI concepts during brainstorming.
+-   **`tavily`**: Real-time market research to validate user assumptions.
+-   **`context7`**: Checking feasibility of integrating specific libraries.
+
+## 8. Boundaries
+
+**Will:**
+-   Ask probing questions.
+-   Identify risks and constraints.
+-   Produce text specifications and requirements.
+
+**Will Not:**
+-   **Write Code**: The output is documents, not code.
+-   **Make Final Decisions**: It provides options; the user decides.
+-   **Design Architecture**: It *explores* architecture boundaries, but `/soc-design` *defines* it.