takt 0.2.2 → 0.3.0

package/resources/global/en/workflows/default.yaml

@@ -1,94 +1,84 @@
 # Default TAKT Workflow
-# Plan -> Coder -> Architect Review -> AI Review -> Security Review -> Supervisor Approval
+# Plan -> Coder -> AI Review -> Reviewers (parallel: Architect + Security) -> Supervisor Approval
 #
-# Template Variables:
-#   {iteration}      - Workflow-wide turn count (total steps executed across all agents)
-#   {max_iterations} - Maximum iterations allowed for the workflow
-#   {step_iteration} - Per-step iteration count (how many times THIS step has been executed)
-#   {task}           - Original user request
-#   {previous_response} - Output from the previous step
-#   {git_diff}       - Current uncommitted changes (git diff)
-#   {user_inputs}    - Accumulated user inputs during workflow
-#   {report_dir}     - Report directory name (e.g., "20250126-143052-task-summary")
+# Boilerplate sections (Workflow Context, User Request, Previous Response,
+# Additional User Inputs, Instructions heading) are auto-injected by buildInstruction().
+# Only step-specific content belongs in instruction_template.
+#
+# Template Variables (available in instruction_template):
+#   {iteration}         - Workflow-wide turn count (total steps executed across all agents)
+#   {max_iterations}    - Maximum iterations allowed for the workflow
+#   {step_iteration}    - Per-step iteration count (how many times THIS step has been executed)
+#   {previous_response} - Output from the previous step (only when pass_previous_response: true)
+#   {report_dir}        - Report directory name (e.g., "20250126-143052-task-summary")
+#
+# Step-level Fields:
+#   report:  - Report file(s) for the step (auto-injected as Report File/Files in Workflow Context)
+#              Single: report: 00-plan.md
+#              Multiple: report:
+#                          - Scope: 01-coder-scope.md
+#                          - Decisions: 02-coder-decisions.md
 
 name: default
 description: Standard development workflow with planning and specialized reviews
 
-max_iterations: 20
+max_iterations: 30
 
 initial_step: plan
 
 steps:
   - name: plan
-    agent: ~/.takt/agents/default/planner.md
+    edit: false
+    agent: ../agents/default/planner.md
+    report:
+      name: 00-plan.md
+      format: |
+        ```markdown
+        # Task Plan
+
+        ## Original Request
+        {User's request as-is}
+
+        ## Analysis Results
+
+        ### Objective
+        {What needs to be achieved}
+
+        ### Scope
+        {Impact scope}
+
+        ### Implementation Approach
+        {How to proceed}
+
+        ## Clarifications Needed (if any)
+        - {Unclear points or items requiring confirmation}
+        ```
     allowed_tools:
       - Read
       - Glob
       - Grep
+      - Write
       - Bash
       - WebSearch
       - WebFetch
-    status_rules_prompt: |
-      ## Judgment Criteria
-
-      | Situation | Judgment |
-      |-----------|----------|
-      | Requirements clear and implementable | DONE |
-      | User is asking a question (not an implementation task) | ANSWER |
-      | Requirements unclear, insufficient info | BLOCKED |
-
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | Analysis complete | `[PLANNER:DONE]` |
-      | Question answered | `[PLANNER:ANSWER]` |
-      | Insufficient info | `[PLANNER:BLOCKED]` |
-
-      ### Output Examples
-
-      **DONE case:**
-      ```
-      [PLANNER:DONE]
-      ```
-
-      **ANSWER case:**
-      ```
-      {Answer to the question}
-
-      [PLANNER:ANSWER]
-      ```
-
-      **BLOCKED case:**
-      ```
-      [PLANNER:BLOCKED]
-
-      Clarifications needed:
-      - {Question 1}
-      - {Question 2}
-      ```
+    rules:
+      - condition: Requirements are clear and implementable
+        next: implement
+      - condition: User is asking a question (not an implementation task)
+        next: COMPLETE
+      - condition: Requirements unclear, insufficient info
+        next: ABORT
+        appendix: |
+          Clarifications needed:
+          - {Question 1}
+          - {Question 2}
+    pass_previous_response: true
     instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: plan (Task Analysis)
-      - Report Directory: .takt/reports/{report_dir}/
-      - Report File: .takt/reports/{report_dir}/00-plan.md
-
-      ## User Request
-      {task}
-
       ## Previous Response (when returned from implement)
       {previous_response}
 
-      ## Instructions
       Analyze the task and create an implementation plan.
 
-      **Judgment criteria:**
-      - If the user input is an implementation task → create a plan and output `[PLANNER:DONE]`
-      - If the user input is a question → research, answer, and output `[PLANNER:ANSWER]`
-      - If there is insufficient information → output `[PLANNER:BLOCKED]`
-
       **Note:** If returned from implement step (Previous Response exists),
       review and revise the plan based on that feedback (replan).
 
@@ -97,42 +87,12 @@ steps:
       2. Identify impact scope
       3. Decide implementation approach
 
-      **Report output:** Output to the `Report File` specified above.
-      - If file does not exist: Create new file
-      - If file exists: Append with `## Iteration {step_iteration}` section
-
-      **Report format:**
-      ```markdown
-      # Task Plan
-
-      ## Original Request
-      {User's request as-is}
-
-      ## Analysis Results
-
-      ### Objective
-      {What needs to be achieved}
-
-      ### Scope
-      {Impact scope}
-
-      ### Implementation Approach
-      {How to proceed}
-
-      ## Clarifications Needed (if any)
-      - {Unclear points or items requiring confirmation}
-      ```
-    pass_previous_response: true
-    transitions:
-      - condition: done
-        next_step: implement
-      - condition: answer
-        next_step: COMPLETE
-      - condition: blocked
-        next_step: ABORT
-
   - name: implement
-    agent: ~/.takt/agents/default/coder.md
+    edit: true
+    agent: ../agents/default/coder.md
+    report:
+      - Scope: 01-coder-scope.md
+      - Decisions: 02-coder-decisions.md
     allowed_tools:
       - Read
       - Glob
@@ -143,58 +103,15 @@ steps:
       - WebSearch
       - WebFetch
     permission_mode: acceptEdits
-    status_rules_prompt: |
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | Implementation complete | `[CODER:DONE]` |
-      | Cannot decide/insufficient info | `[CODER:BLOCKED]` |
-
-      **Important**: When in doubt, `[BLOCKED]`. Don't decide on your own.
-
-      ### Output Examples
-
-      **DONE case:**
-      ```
-      Implementation complete.
-      - Created: `src/auth/service.ts`, `tests/auth.test.ts`
-      - Modified: `src/routes.ts`
-
-      [CODER:DONE]
-      ```
-
-      **BLOCKED case:**
-      ```
-      [CODER:BLOCKED]
-
-      Reason: DB schema is undefined, cannot implement
-      Required info: users table structure
-      ```
+    rules:
+      - condition: Implementation complete
+        next: ai_review
+      - condition: Cannot proceed, insufficient info
+        next: plan
     instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: implement
-      - Report Directory: .takt/reports/{report_dir}/
-      - Report Files:
-        - Scope: .takt/reports/{report_dir}/01-coder-scope.md
-        - Decisions: .takt/reports/{report_dir}/02-coder-decisions.md
-
-      ## User Request
-      {task}
-
-      ## Additional User Inputs
-      {user_inputs}
-
-      ## Instructions
       Follow the plan from the plan step and implement.
       Refer to the plan report (00-plan.md) and proceed with implementation.
 
-      **Report output:** Output to the `Report Files` specified above.
-      - If file does not exist: Create new file
-      - If file exists: Append with `## Iteration {step_iteration}` section
-
       **Scope report format (create at implementation start):**
       ```markdown
       # Change Scope Declaration
@@ -224,311 +141,60 @@ steps:
       - **Options Considered**: {List of options}
       - **Reason**: {Why this option was chosen}
       ```
-    transitions:
-      - condition: done
-        next_step: review
-      - condition: blocked
-        next_step: plan
-
-  - name: review
-    agent: ~/.takt/agents/default/architect.md
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - WebSearch
-      - WebFetch
-    status_rules_prompt: |
-      ## Judgment Criteria
-
-      | Situation | Judgment |
-      |-----------|----------|
-      | Structural issues | REJECT |
-      | Design principle violations | REJECT |
-      | Security issues | REJECT |
-      | Insufficient tests | REJECT |
-      | Minor improvements needed | IMPROVE |
-      | No issues | APPROVE |
-
-      **How to use IMPROVE:**
-      - Design is acceptable but there are points that could be better
-      - Examples: naming improvements, small refactoring, adding comments
-
-      ## Output Format
 
-      | Situation | Tag |
-      |-----------|-----|
-      | No issues | `[ARCHITECT:APPROVE]` |
-      | Minor improvements needed | `[ARCHITECT:IMPROVE]` |
-      | Structural changes required | `[ARCHITECT:REJECT]` |
-
-      ### Output Examples
-
-      **APPROVE case:**
-      ```
-      [ARCHITECT:APPROVE]
-
-      Positive points:
-      - Appropriate module organization
-      - Single responsibility maintained
-      ```
-
-      **IMPROVE case:**
-      ```
-      [ARCHITECT:IMPROVE]
-
-      Improvements:
-      - Improve naming: `data` → `userData`
-      - Add comments
-      ```
-
-      **REJECT case:**
-      ```
-      [ARCHITECT:REJECT]
-
-      Issues:
-      1. File size exceeded
-         - Location: `src/services/user.ts` (523 lines)
-         - Fix: Split into 3 files
-      ```
-    instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: review (Architecture Review)
-      - Report Directory: .takt/reports/{report_dir}/
-      - Report File: .takt/reports/{report_dir}/03-architect-review.md
-
-      ## Original User Request (Initial request from workflow start)
-      {task}
-
-      ## Git Diff
-      ```diff
-      {git_diff}
-      ```
-
-      ## Instructions
-      Focus on **architecture and design** review. Do NOT review AI-specific issues (that's the next step).
-
-      Review the changes and provide feedback.
-
-      **Report output:** Output to the `Report File` specified above.
-      - If file does not exist: Create new file
-      - If file exists: Append with `## Iteration {step_iteration}` section
-
-      **Report format:**
-      ```markdown
-      # Architecture Review
-
-      ## Result: APPROVE / IMPROVE / REJECT
-
-      ## Summary
-      {1-2 sentences summarizing result}
-
-      ## Reviewed Perspectives
-      - [x] Structure & Design
-      - [x] Code Quality
-      - [x] Change Scope
-
-      ## Issues (if REJECT)
-      | # | Location | Issue | Fix |
-      |---|----------|-------|-----|
-      | 1 | `src/file.ts:42` | Issue description | Fix method |
-
-      ## Improvement Suggestions (optional, non-blocking)
-      - {Future improvement suggestions}
-      ```
-
-      **Cognitive load reduction rules:**
-      - APPROVE + no issues → Summary only (5 lines or less)
-      - APPROVE + minor suggestions → Summary + suggestions (15 lines or less)
-      - REJECT → Issues in table format (30 lines or less)
-    transitions:
-      - condition: approved
-        next_step: ai_review
-      - condition: improve
-        next_step: improve
-      - condition: rejected
-        next_step: fix
-
-  - name: improve
-    agent: ~/.takt/agents/default/coder.md
+  - name: ai_review
+    edit: false
+    agent: ../agents/default/ai-antipattern-reviewer.md
+    report:
+      name: 03-ai-review.md
+      format: |
+        ```markdown
+        # AI-Generated Code Review
+
+        ## Result: APPROVE / REJECT
+
+        ## Summary
+        {One sentence summarizing result}
+
+        ## Verified Items
+        | Aspect | Result | Notes |
+        |--------|--------|-------|
+        | Assumption validity | ✅ | - |
+        | API/Library existence | ✅ | - |
+        | Context fit | ✅ | - |
+        | Scope | ✅ | - |
+
+        ## Issues (if REJECT)
+        | # | Category | Location | Issue |
+        |---|----------|----------|-------|
+        | 1 | Hallucinated API | `src/file.ts:23` | Non-existent method |
+        ```
+
+        **Cognitive load reduction rules:**
+        - No issues -> Summary 1 line + check table only (10 lines or less)
+        - Issues found -> + Issues in table format (25 lines or less)
     allowed_tools:
       - Read
       - Glob
       - Grep
-      - Edit
       - Write
-      - Bash
       - WebSearch
       - WebFetch
-    permission_mode: acceptEdits
-    status_rules_prompt: |
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | Improvements complete | `[CODER:DONE]` |
-      | Cannot decide/insufficient info | `[CODER:BLOCKED]` |
-
-      **Important**: When in doubt, `[BLOCKED]`. Don't decide on your own.
-
-      ### Output Examples
-
-      **DONE case:**
-      ```
-      Improvements complete.
-      - Improved naming: `data` → `userData`
-      - Added comments
-
-      [CODER:DONE]
-      ```
-
-      **BLOCKED case:**
-      ```
-      [CODER:BLOCKED]
-
-      Reason: Improvement intent unclear
-      Required info: Specific improvement details
-      ```
+    rules:
+      - condition: No AI-specific issues
+        next: reviewers
+      - condition: AI-specific issues found
+        next: ai_fix
     instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: improve
-
-      ## Architect Feedback (This is the latest instruction - prioritize this)
-      {previous_response}
-
-      ## Original User Request (Initial request from workflow start - for reference)
-      {task}
-
-      ## Additional User Inputs
-      {user_inputs}
-
-      ## Instructions
-      **Important**: Address the Architect's improvement suggestions.
-      These are minor improvements, not major design issues.
-
-      Make improvements such as:
-      - Naming improvements
-      - Small refactoring
-      - Adding/fixing comments
-      - Code organization
-
-    pass_previous_response: true
-    transitions:
-      - condition: done
-        next_step: review
-      - condition: blocked
-        next_step: plan
-
-  - name: ai_review
-    agent: ~/.takt/agents/default/ai-reviewer.md
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - WebSearch
-      - WebFetch
-    status_rules_prompt: |
-      ## Judgment Criteria
-
-      | Situation | Judgment |
-      |-----------|----------|
-      | Incorrect assumptions (affecting behavior) | REJECT |
-      | Plausible-but-wrong code | REJECT |
-      | Significant context mismatch with codebase | REJECT |
-      | Scope creep | APPROVE (with warning noted) |
-      | Minor style deviations only | APPROVE |
-      | Code fits context and works | APPROVE |
-
-      **Note:** Scope creep is noted as a warning but doesn't warrant REJECT alone.
-
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | No AI-specific issues | `[AI_REVIEW:APPROVE]` |
-      | Issues found | `[AI_REVIEW:REJECT]` |
-
-      ### Output Examples
-
-      **APPROVE case:**
-      ```
-      [AI_REVIEW:APPROVE]
-
-      Verification result: No issues
-      ```
-
-      **REJECT case:**
-      ```
-      [AI_REVIEW:REJECT]
-
-      Issues:
-      1. Non-existent API used: `fetch.json()` → `response.json()`
-      ```
-    instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: ai_review (AI-Generated Code Review)
-      - Report Directory: .takt/reports/{report_dir}/
-      - Report File: .takt/reports/{report_dir}/04-ai-review.md
-
-      ## Original User Request (Initial request from workflow start)
-      {task}
-
-      ## Git Diff
-      ```diff
-      {git_diff}
-      ```
-
-      ## Instructions
       Review the code for AI-specific issues:
       - Assumption validation
       - Plausible but wrong patterns
       - Context fit with existing codebase
       - Scope creep detection
 
-      **Report output:** Output to the `Report File` specified above.
-      - If file does not exist: Create new file
-      - If file exists: Append with `## Iteration {step_iteration}` section
-
-      **Report format:**
-      ```markdown
-      # AI-Generated Code Review
-
-      ## Result: APPROVE / REJECT
-
-      ## Summary
-      {One sentence summarizing result}
-
-      ## Verified Items
-      | Aspect | Result | Notes |
-      |--------|--------|-------|
-      | Assumption validity | ✅ | - |
-      | API/Library existence | ✅ | - |
-      | Context fit | ✅ | - |
-      | Scope | ✅ | - |
-
-      ## Issues (if REJECT)
-      | # | Category | Location | Issue |
-      |---|----------|----------|-------|
-      | 1 | Hallucinated API | `src/file.ts:23` | Non-existent method |
-      ```
-
-      **Cognitive load reduction rules:**
-      - No issues → Summary 1 line + check table only (10 lines or less)
-      - Issues found → + Issues in table format (25 lines or less)
-    transitions:
-      - condition: approved
-        next_step: security_review
-      - condition: rejected
-        next_step: ai_fix
-
   - name: ai_fix
-    agent: ~/.takt/agents/default/coder.md
+    edit: true
+    agent: ../agents/default/coder.md
     allowed_tools:
       - Read
       - Glob
@@ -539,234 +205,131 @@ steps:
       - WebSearch
       - WebFetch
     permission_mode: acceptEdits
-    status_rules_prompt: |
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | AI issue fixes complete | `[CODER:DONE]` |
-      | Cannot decide/insufficient info | `[CODER:BLOCKED]` |
-
-      **Important**: When in doubt, `[BLOCKED]`. Don't decide on your own.
-
-      ### Output Examples
-
-      **DONE case:**
-      ```
-      Fixed AI Reviewer's issues.
-      - Fixed non-existent API: `fetch.json()` → `response.json()`
-
-      [CODER:DONE]
-      ```
-
-      **BLOCKED case:**
-      ```
-      [CODER:BLOCKED]
-
-      Reason: Fix method unclear
-      Required info: Alternative API specification
-      ```
+    rules:
+      - condition: AI issues fixed
+        next: reviewers
+      - condition: Cannot proceed, insufficient info
+        next: plan
     instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: ai_fix
-
       ## AI Review Feedback (This is the latest instruction - prioritize this)
       {previous_response}
 
-      ## Original User Request (Initial request from workflow start - for reference)
-      {task}
-
-      ## Additional User Inputs
-      {user_inputs}
-
-      ## Instructions
       **Important**: Address the AI Reviewer's feedback.
       Focus on:
       - Correcting incorrect assumptions
       - Fixing plausible-but-wrong implementations
       - Aligning with existing codebase patterns
       - Removing scope creep
-
     pass_previous_response: true
-    transitions:
-      - condition: done
-        next_step: review
-      - condition: blocked
-        next_step: plan
-
-  - name: security_review
-    agent: ~/.takt/agents/default/security.md
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - WebSearch
-      - WebFetch
-    status_rules_prompt: |
-      ## Judgment Criteria
-
-      | Situation | Judgment |
-      |-----------|----------|
-      | Critical vulnerability | REJECT |
-      | Medium severity vulnerability | REJECT |
-      | Minor issues/warnings only | APPROVE (note warnings) |
-      | No security issues | APPROVE |
-
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | No security issues | `[SECURITY:APPROVE]` |
-      | Vulnerabilities require fixes | `[SECURITY:REJECT]` |
-
-      ### Output Examples
-
-      **APPROVE case:**
-      ```
-      [SECURITY:APPROVE]
-
-      No security issues detected.
-      ```
-
-      **REJECT case:**
-      ```
-      [SECURITY:REJECT]
-
-      Vulnerabilities:
-      1. SQL Injection: `src/db.ts:42`
-         Fix: Use parameterized query
-      ```
-    instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: security_review
-      - Report Directory: .takt/reports/{report_dir}/
-      - Report File: .takt/reports/{report_dir}/05-security-review.md
-
-      ## Original User Request (Initial request from workflow start)
-      {task}
-
-      ## Git Diff
-      ```diff
-      {git_diff}
-      ```
-
-      ## Instructions
-      Perform security review on the changes. Check for vulnerabilities including:
-      - Injection attacks (SQL, Command, XSS)
-      - Authentication/Authorization issues
-      - Data exposure risks
-      - Cryptographic weaknesses
-
-      **Report output:** Output to the `Report File` specified above.
-      - If file does not exist: Create new file
-      - If file exists: Append with `## Iteration {step_iteration}` section
-
-      **Report format:**
-      ```markdown
-      # Security Review
-
-      ## Result: APPROVE / REJECT
-
-      ## Severity: None / Low / Medium / High / Critical
-
-      ## Check Results
-      | Category | Result | Notes |
-      |----------|--------|-------|
-      | Injection | ✅ | - |
-      | Auth/Authz | ✅ | - |
-      | Data Protection | ✅ | - |
-      | Dependencies | ✅ | - |
-
-      ## Vulnerabilities (if REJECT)
-      | # | Severity | Type | Location | Fix |
-      |---|----------|------|----------|-----|
-      | 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
-
-      ## Warnings (non-blocking)
-      - {Security recommendations}
-      ```
-
-      **Cognitive load reduction rules:**
-      - No issues → Check table only (10 lines or less)
-      - Warnings → + Warnings 1-2 lines (15 lines or less)
-      - Vulnerabilities → + Table format (30 lines or less)
-    transitions:
-      - condition: approved
-        next_step: supervise
-      - condition: rejected
-        next_step: security_fix
-
-  - name: security_fix
-    agent: ~/.takt/agents/default/coder.md
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Edit
-      - Write
-      - Bash
-      - WebSearch
-      - WebFetch
-    permission_mode: acceptEdits
-    status_rules_prompt: |
-      ## Output Format
 
-      | Situation | Tag |
-      |-----------|-----|
-      | Security fixes complete | `[CODER:DONE]` |
-      | Cannot decide/insufficient info | `[CODER:BLOCKED]` |
-
-      **Important**: Security issues require highest priority.
-
-      ### Output Examples
-
-      **DONE case:**
-      ```
-      Fixed security issues.
-      - SQL injection fix: Changed to parameterized query
-
-      [CODER:DONE]
-      ```
-
-      **BLOCKED case:**
-      ```
-      [CODER:BLOCKED]
-
-      Reason: Fix method unclear
-      Required info: Auth library specification
-      ```
-    instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: security_fix
-
-      ## Security Review Feedback (This is the latest instruction - prioritize this)
-      {previous_response}
-
-      ## Original User Request (Initial request from workflow start - for reference)
-      {task}
-
-      ## Additional User Inputs
-      {user_inputs}
-
-      ## Instructions
-      **Important**: Fix the vulnerabilities identified in the security review.
-      Security issues require highest priority.
-
-    pass_previous_response: true
-    transitions:
-      - condition: done
-        next_step: security_review
-      - condition: blocked
-        next_step: plan
+  - name: reviewers
+    parallel:
+      - name: arch-review
+        edit: false
+        agent: ../agents/default/architecture-reviewer.md
+        report:
+          name: 04-architect-review.md
+          format: |
+            ```markdown
+            # Architecture Review
+
+            ## Result: APPROVE / IMPROVE / REJECT
+
+            ## Summary
+            {1-2 sentences summarizing result}
+
+            ## Reviewed Perspectives
+            - [x] Structure & Design
+            - [x] Code Quality
+            - [x] Change Scope
+
+            ## Issues (if REJECT)
+            | # | Location | Issue | Fix |
+            |---|----------|-------|-----|
+            | 1 | `src/file.ts:42` | Issue description | Fix method |
+
+            ## Improvement Suggestions (optional, non-blocking)
+            - {Future improvement suggestions}
+            ```
+
+            **Cognitive load reduction rules:**
+            - APPROVE + no issues -> Summary only (5 lines or less)
+            - APPROVE + minor suggestions -> Summary + suggestions (15 lines or less)
+            - REJECT -> Issues in table format (30 lines or less)
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Focus on **architecture and design** review. Do NOT review AI-specific issues (that's the ai_review step).
+
+          Review the changes and provide feedback.
+
+      - name: security-review
+        edit: false
+        agent: ../agents/default/security-reviewer.md
+        report:
+          name: 05-security-review.md
+          format: |
+            ```markdown
+            # Security Review
+
+            ## Result: APPROVE / REJECT
+
+            ## Severity: None / Low / Medium / High / Critical
+
+            ## Check Results
+            | Category | Result | Notes |
+            |----------|--------|-------|
+            | Injection | ✅ | - |
+            | Auth/Authz | ✅ | - |
+            | Data Protection | ✅ | - |
+            | Dependencies | ✅ | - |
+
+            ## Vulnerabilities (if REJECT)
+            | # | Severity | Type | Location | Fix |
+            |---|----------|------|----------|-----|
+            | 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
+
+            ## Warnings (non-blocking)
+            - {Security recommendations}
+            ```
+
+            **Cognitive load reduction rules:**
+            - No issues -> Check table only (10 lines or less)
+            - Warnings -> + Warnings 1-2 lines (15 lines or less)
+            - Vulnerabilities -> + Table format (30 lines or less)
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Perform security review on the changes. Check for vulnerabilities including:
+          - Injection attacks (SQL, Command, XSS)
+          - Authentication/Authorization issues
+          - Data exposure risks
+          - Cryptographic weaknesses
+    rules:
+      - condition: all("approved")
+        next: supervise
+      - condition: any("needs_fix")
+        next: fix
 
   - name: fix
-    agent: ~/.takt/agents/default/coder.md
+    edit: true
+    agent: ../agents/default/coder.md
     allowed_tools:
       - Read
       - Glob
@@ -777,129 +340,40 @@ steps:
       - WebSearch
       - WebFetch
     permission_mode: acceptEdits
-    status_rules_prompt: |
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | Architect's issues fixed | `[CODER:DONE]` |
-      | Cannot decide/insufficient info | `[CODER:BLOCKED]` |
-
-      **Important**: When in doubt, `[BLOCKED]`. Don't decide on your own.
-
-      ### Output Examples
-
-      **DONE case:**
-      ```
-      Fixed Architect's issues.
-      - File split: Split into 3 files
-      - Added type definitions
-
-      [CODER:DONE]
-      ```
-
-      **BLOCKED case:**
-      ```
-      [CODER:BLOCKED]
-
-      Reason: Fix approach unclear
-      Required info: Specific split method
-      ```
+    rules:
+      - condition: Fix complete
+        next: reviewers
+      - condition: Cannot proceed, insufficient info
+        next: plan
     instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: fix
-
-      ## Architect Feedback (This is the latest instruction - prioritize this)
+      ## Review Feedback (This is the latest instruction - prioritize this)
       {previous_response}
 
-      ## Original User Request (Initial request from workflow start - for reference)
-      {task}
-
-      ## Additional User Inputs
-      {user_inputs}
-
-      ## Instructions
-      **Important**: Address the Architect's feedback.
+      **Important**: Address the feedback from the reviewers.
       The "Original User Request" is reference information, not the latest instruction.
-      Review the session conversation history and fix the issues raised by the Architect.
-
+      Review the session conversation history and fix the issues raised by the reviewers.
     pass_previous_response: true
-    transitions:
-      - condition: done
-        next_step: review
-      - condition: blocked
-        next_step: plan
 
   - name: supervise
-    agent: ~/.takt/agents/default/supervisor.md
+    edit: false
+    agent: ../agents/default/supervisor.md
+    report:
+      - Validation: 06-supervisor-validation.md
+      - Summary: summary.md
     allowed_tools:
       - Read
       - Glob
       - Grep
+      - Write
       - Bash
       - WebSearch
       - WebFetch
-    status_rules_prompt: |
-      ## Judgment Criteria
-
-      | Situation | Judgment |
-      |-----------|----------|
-      | Requirements not met | REJECT |
-      | Tests failing | REJECT |
-      | Build fails | REJECT |
-      | Workarounds remaining | REJECT |
-      | All OK | APPROVE |
-
-      **Principle**: When in doubt, REJECT. Don't give ambiguous approval.
-
-      ## Output Format
-
-      | Situation | Tag |
-      |-----------|-----|
-      | Final approval | `[SUPERVISOR:APPROVE]` |
-      | Return for fixes | `[SUPERVISOR:REJECT]` |
-
-      ### Output Examples
-
-      **APPROVE case:**
-      ```
-      [SUPERVISOR:APPROVE]
-
-      Verification results:
-      - Tests: ✅ All passed
-      - Build: ✅ Succeeded
-      - Requirements met: ✅
-      ```
-
-      **REJECT case:**
-      ```
-      [SUPERVISOR:REJECT]
-
-      Issues:
-      1. Tests failing: `npm test` - 2 failures
-      2. Requirements not met: Login feature not implemented
-      ```
+    rules:
+      - condition: All checks passed
+        next: COMPLETE
+      - condition: Requirements unmet, tests failing, build errors
+        next: plan
     instruction_template: |
-      ## Workflow Context
-      - Iteration: {iteration}/{max_iterations} (workflow-wide)
-      - Step Iteration: {step_iteration} (times this step has run)
-      - Step: supervise (final verification)
-      - Report Directory: .takt/reports/{report_dir}/
-      - Report Files:
-        - Validation: .takt/reports/{report_dir}/06-supervisor-validation.md
-        - Summary: .takt/reports/{report_dir}/summary.md
-
-      ## Original User Request
-      {task}
-
-      ## Git Diff
-      ```diff
-      {git_diff}
-      ```
-
-      ## Instructions
       Run tests, verify the build, and perform final approval.
 
       **Workflow Overall Review:**
@@ -910,10 +384,6 @@ steps:
       **Review Reports:** Read all reports in Report Directory and
       check for any unaddressed improvement suggestions.
 
-      **Report output:** Output to the `Report Files` specified above.
-      - If file does not exist: Create new file
-      - If file exists: Append with `## Iteration {step_iteration}` section
-
       **Validation report format:**
       ```markdown
       # Final Validation Results
@@ -967,8 +437,3 @@ steps:
       npm run build
       ```
       ```
-    transitions:
-      - condition: approved
-        next_step: COMPLETE
-      - condition: rejected
-        next_step: plan