takt 0.3.3 → 0.3.4

package/resources/global/en/workflows/expert.yaml

@@ -2,17 +2,16 @@
 # Review workflow with Architecture, Frontend, Security, and QA experts
 #
 # Flow:
-# plan -> implement -> ai_review -> architect_review -> frontend_review -> security_review -> qa_review -> supervise -> COMPLETE
-#                          ↓            ↓                    ↓                  ↓                ↓            ↓            ↓
-#                        ai_fix    fix_architect       fix_frontend        fix_security       fix_qa    fix_supervisor
+# plan -> implement -> ai_review -> reviewers (parallel) -> supervise -> COMPLETE
+#                          ↓              ├─ arch-review        ↓
+#                        ai_fix           ├─ frontend-review  fix_supervisor
+#                                         ├─ security-review
+#                                         └─ qa-review
+#                                    any("needs_fix") → fix → reviewers
 #
 # AI review runs immediately after implementation to catch AI-specific issues early,
 # before expert reviews begin.
 #
-# Fix destination is determined by Coder based on change impact:
-# - fix_security: MINOR->security_review, MAJOR->architect_review
-# - fix_qa: MINOR->qa_review, SECURITY->security_review, MAJOR->architect_review
-#
 # Boilerplate sections (Workflow Context, User Request, Previous Response,
 # Additional User Inputs, Instructions heading) are auto-injected by buildInstruction().
 # Only step-specific content belongs in instruction_template.
@@ -202,7 +201,7 @@ steps:
       - Scope creep detection
     rules:
       - condition: No AI-specific issues found
-        next: architect_review
+        next: reviewers
       - condition: AI-specific issues detected
         next: ai_fix
 
@@ -236,238 +235,224 @@ steps:
         next: plan
 
   # ===========================================
-  # Phase 3: Architecture Review
-  # ===========================================
-  - name: architect_review
-    edit: false
-    agent: ../agents/default/architecture-reviewer.md
-    report:
-      name: 04-architect-review.md
-      format: |
-        ```markdown
-        # Architecture Review
-
-        ## Result: APPROVE / IMPROVE / REJECT
-
-        ## Summary
-        {1-2 sentences summarizing result}
-
-        ## Reviewed Aspects
-        - [x] Structure/Design
-        - [x] Code Quality
-        - [x] Change Scope
-        - [x] Test Coverage
-        - [x] Dead Code
-        - [x] Call Chain Verification
-
-        ## Issues (if REJECT)
-        | # | Location | Issue | Fix |
-        |---|----------|-------|-----|
-        | 1 | `src/file.ts:42` | Issue description | Fix method |
-
-        ## Improvement Suggestions (optional - non-blocking)
-        - {Future improvement suggestions}
-        ```
-
-        **Cognitive load reduction rules:**
-        - APPROVE + no issues -> Summary only (5 lines or less)
-        - APPROVE + minor suggestions -> Summary + suggestions (15 lines or less)
-        - REJECT -> Issues in table format (30 lines or less)
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Write
-      - WebSearch
-      - WebFetch
-    instruction_template: |
-      Focus on **architecture and design** review.
-
-      **Review Criteria:**
-      - Structure/design validity
-      - Code quality
-      - Change scope appropriateness
-      - Test coverage
-      - Dead code
-      - Call chain verification
-    rules:
-      - condition: No architecture or design issues found
-        next: frontend_review
-      - condition: Minor improvements needed but no structural issues
-        next: fix_architect
-      - condition: Structural issues found that require fixes
-        next: fix_architect
-
-  - name: fix_architect
-    edit: true
-    agent: ../agents/default/coder.md
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Edit
-      - Write
-      - Bash
-      - WebSearch
-      - WebFetch
-    permission_mode: acceptEdits
-    instruction_template: |
-      ## Architect Feedback (This is the latest instruction - prioritize this)
-      {previous_response}
-
-      **Important**: Address the Architect's feedback.
-      "Original User Request" is for reference; it's not the latest instruction.
-      Review the session conversation history and fix the Architect's issues.
-    pass_previous_response: true
-    rules:
-      - condition: Architect's issues have been fixed
-        next: architect_review
-      - condition: Unable to proceed with fixes
-        next: plan
-
-  # ===========================================
-  # Phase 4: Frontend Review
-  # ===========================================
-  - name: frontend_review
-    edit: false
-    agent: ../agents/expert/frontend-reviewer.md
-    report:
-      name: 05-frontend-review.md
-      format: |
-        ```markdown
-        # Frontend Review
-
-        ## Result: APPROVE / REJECT
-
-        ## Summary
-        {1-2 sentences summarizing result}
-
-        ## Reviewed Perspectives
-        | Perspective | Result | Notes |
-        |-------------|--------|-------|
-        | Component Design | ✅ | - |
-        | State Management | ✅ | - |
-        | Performance | ✅ | - |
-        | Accessibility | ✅ | - |
-        | Type Safety | ✅ | - |
-
-        ## Issues (if REJECT)
-        | # | Location | Issue | Fix |
-        |---|----------|-------|-----|
-        | 1 | `src/file.tsx:42` | Issue description | Fix method |
-        ```
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Write
-      - WebSearch
-      - WebFetch
-    instruction_template: |
-      Review the changes from the frontend development perspective.
-
-      **Review Criteria:**
-      - Component design (separation of concerns, granularity)
-      - State management (local/global decisions)
-      - Performance (re-rendering, memoization)
-      - Accessibility (keyboard support, ARIA)
-      - Data fetching patterns
-      - TypeScript type safety
-
-      **Note**: If this project does not include frontend code,
-      approve and proceed to the next step.
-    rules:
-      - condition: Frontend design is sound with no issues
-        next: security_review
-      - condition: Frontend design issues found
-        next: fix_frontend
-
-  - name: fix_frontend
-    edit: true
-    agent: ../agents/default/coder.md
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Edit
-      - Write
-      - Bash
-      - WebSearch
-      - WebFetch
-    instruction_template: |
-      ## Frontend Review Feedback (This is the latest instruction - prioritize this)
-      {previous_response}
-
-      **Important**: Fix the issues pointed out by the frontend expert.
-
-      Areas of concern:
-      - Component design
-      - State management
-      - Performance
-      - Accessibility
-      - Type safety
-    pass_previous_response: true
-    rules:
-      - condition: Frontend issues have been fixed
-        next: frontend_review
-      - condition: Unable to proceed with fixes
-        next: plan
-
-  # ===========================================
-  # Phase 5: Security Review
+  # Phase 3: Expert Reviews (Parallel)
   # ===========================================
-  - name: security_review
-    edit: false
-    agent: ../agents/expert/security-reviewer.md
-    report:
-      name: 06-security-review.md
-      format: |
-        ```markdown
-        # Security Review
-
-        ## Result: APPROVE / REJECT
-
-        ## Severity: None / Low / Medium / High / Critical
-
-        ## Check Results
-        | Category | Result | Notes |
-        |----------|--------|-------|
-        | Injection | ✅ | - |
-        | Auth/Authz | ✅ | - |
-        | Data Protection | ✅ | - |
-        | Dependencies | ✅ | - |
-
-        ## Vulnerabilities (if REJECT)
-        | # | Severity | Type | Location | Fix |
-        |---|----------|------|----------|-----|
-        | 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
-
-        ## Warnings (non-blocking)
-        - {Security recommendations}
-        ```
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Write
-      - WebSearch
-      - WebFetch
-    instruction_template: |
-      Review the changes from the security perspective.
-
-      **Review Criteria:**
-      - Injection attacks (SQL, command, XSS)
-      - Authentication/authorization flaws
-      - Sensitive information handling
-      - Encryption appropriateness
-      - OWASP Top 10
+  - name: reviewers
+    parallel:
+      - name: arch-review
+        edit: false
+        agent: ../agents/default/architecture-reviewer.md
+        report:
+          name: 04-architect-review.md
+          format: |
+            ```markdown
+            # Architecture Review
+
+            ## Result: APPROVE / IMPROVE / REJECT
+
+            ## Summary
+            {1-2 sentences summarizing result}
+
+            ## Reviewed Aspects
+            - [x] Structure/Design
+            - [x] Code Quality
+            - [x] Change Scope
+            - [x] Test Coverage
+            - [x] Dead Code
+            - [x] Call Chain Verification
+
+            ## Issues (if REJECT)
+            | # | Location | Issue | Fix |
+            |---|----------|-------|-----|
+            | 1 | `src/file.ts:42` | Issue description | Fix method |
+
+            ## Improvement Suggestions (optional - non-blocking)
+            - {Future improvement suggestions}
+            ```
+
+            **Cognitive load reduction rules:**
+            - APPROVE + no issues -> Summary only (5 lines or less)
+            - APPROVE + minor suggestions -> Summary + suggestions (15 lines or less)
+            - REJECT -> Issues in table format (30 lines or less)
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Focus on **architecture and design** review. Do NOT review AI-specific issues (that's the ai_review step).
+
+          **Review Criteria:**
+          - Structure/design validity
+          - Code quality
+          - Change scope appropriateness
+          - Test coverage
+          - Dead code
+          - Call chain verification
+
+      - name: frontend-review
+        edit: false
+        agent: ../agents/expert/frontend-reviewer.md
+        report:
+          name: 05-frontend-review.md
+          format: |
+            ```markdown
+            # Frontend Review
+
+            ## Result: APPROVE / REJECT
+
+            ## Summary
+            {1-2 sentences summarizing result}
+
+            ## Reviewed Perspectives
+            | Perspective | Result | Notes |
+            |-------------|--------|-------|
+            | Component Design | ✅ | - |
+            | State Management | ✅ | - |
+            | Performance | ✅ | - |
+            | Accessibility | ✅ | - |
+            | Type Safety | ✅ | - |
+
+            ## Issues (if REJECT)
+            | # | Location | Issue | Fix |
+            |---|----------|-------|-----|
+            | 1 | `src/file.tsx:42` | Issue description | Fix method |
+            ```
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Review the changes from the frontend development perspective.
+
+          **Review Criteria:**
+          - Component design (separation of concerns, granularity)
+          - State management (local/global decisions)
+          - Performance (re-rendering, memoization)
+          - Accessibility (keyboard support, ARIA)
+          - Data fetching patterns
+          - TypeScript type safety
+
+          **Note**: If this project does not include frontend code,
+          approve and proceed to the next step.
+
+      - name: security-review
+        edit: false
+        agent: ../agents/expert/security-reviewer.md
+        report:
+          name: 06-security-review.md
+          format: |
+            ```markdown
+            # Security Review
+
+            ## Result: APPROVE / REJECT
+
+            ## Severity: None / Low / Medium / High / Critical
+
+            ## Check Results
+            | Category | Result | Notes |
+            |----------|--------|-------|
+            | Injection | ✅ | - |
+            | Auth/Authz | ✅ | - |
+            | Data Protection | ✅ | - |
+            | Dependencies | ✅ | - |
+
+            ## Vulnerabilities (if REJECT)
+            | # | Severity | Type | Location | Fix |
+            |---|----------|------|----------|-----|
+            | 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
+
+            ## Warnings (non-blocking)
+            - {Security recommendations}
+            ```
+
+            **Cognitive load reduction rules:**
+            - No issues -> Check table only (10 lines or less)
+            - Warnings -> + Warnings 1-2 lines (15 lines or less)
+            - Vulnerabilities -> + Table format (30 lines or less)
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Perform security review on the changes. Check for vulnerabilities including:
+          - Injection attacks (SQL, Command, XSS)
+          - Authentication/Authorization issues
+          - Data exposure risks
+          - Cryptographic weaknesses
+
+      - name: qa-review
+        edit: false
+        agent: ../agents/expert/qa-reviewer.md
+        report:
+          name: 07-qa-review.md
+          format: |
+            ```markdown
+            # QA Review
+
+            ## Result: APPROVE / REJECT
+
+            ## Summary
+            {1-2 sentences summarizing result}
+
+            ## Reviewed Perspectives
+            | Perspective | Result | Notes |
+            |-------------|--------|-------|
+            | Test Coverage | ✅ | - |
+            | Test Quality | ✅ | - |
+            | Error Handling | ✅ | - |
+            | Documentation | ✅ | - |
+            | Maintainability | ✅ | - |
+
+            ## Issues (if REJECT)
+            | # | Category | Issue | Fix |
+            |---|----------|-------|-----|
+            | 1 | Testing | Issue description | Fix method |
+            ```
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Review the changes from the quality assurance perspective.
+
+          **Review Criteria:**
+          - Test coverage and quality
+          - Test strategy (unit/integration/E2E)
+          - Documentation (in-code and external)
+          - Error handling
+          - Logging and monitoring
+          - Maintainability
     rules:
-      - condition: No security issues found
-        next: qa_review
-      - condition: Security vulnerabilities detected
-        next: fix_security
+      - condition: all("approved")
+        next: supervise
+      - condition: any("needs_fix")
+        next: fix
 
-  - name: fix_security
+  - name: fix
     edit: true
     agent: ../agents/default/coder.md
     allowed_tools:
@@ -479,136 +464,23 @@ steps:
       - Bash
       - WebSearch
       - WebFetch
-    instruction_template: |
-      ## Security Review Feedback (This is the latest instruction - prioritize this)
-      {previous_response}
-
-      **Important**: Fix the issues pointed out by the security expert.
-      Security issues should be addressed with highest priority.
-
-      Areas of concern:
-      - Injection vulnerabilities
-      - Authentication/authorization flaws
-      - Sensitive information exposure
-      - Encryption issues
-
-      ## Completion: Determine Change Impact
-      When fix is complete, judge the **impact scope of changes**:
-
-      - Minor fix (re-run security review only)
-        - Examples: Add validation, add escaping, configuration changes
-      - Major fix (restart from Architecture review)
-        - Examples: Data flow changes, API design changes, auth method changes, domain model changes
-    pass_previous_response: true
+    permission_mode: acceptEdits
     rules:
-      - condition: Minor security fix is complete
-        next: security_review
-      - condition: Major fix applied requiring architecture re-review
-        next: architect_review
-      - condition: Unable to proceed with fixes
+      - condition: Fix complete
+        next: reviewers
+      - condition: Cannot proceed, insufficient info
         next: plan
-
-  # ===========================================
-  # Phase 6: QA Review
-  # ===========================================
-  - name: qa_review
-    edit: false
-    agent: ../agents/expert/qa-reviewer.md
-    report:
-      name: 07-qa-review.md
-      format: |
-        ```markdown
-        # QA Review
-
-        ## Result: APPROVE / REJECT
-
-        ## Summary
-        {1-2 sentences summarizing result}
-
-        ## Reviewed Perspectives
-        | Perspective | Result | Notes |
-        |-------------|--------|-------|
-        | Test Coverage | ✅ | - |
-        | Test Quality | ✅ | - |
-        | Error Handling | ✅ | - |
-        | Documentation | ✅ | - |
-        | Maintainability | ✅ | - |
-
-        ## Issues (if REJECT)
-        | # | Category | Issue | Fix |
-        |---|----------|-------|-----|
-        | 1 | Testing | Issue description | Fix method |
-        ```
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Write
-      - WebSearch
-      - WebFetch
-    instruction_template: |
-      Review the changes from the quality assurance perspective.
-
-      **Review Criteria:**
-      - Test coverage and quality
-      - Test strategy (unit/integration/E2E)
-      - Documentation (in-code and external)
-      - Error handling
-      - Logging and monitoring
-      - Maintainability
-    rules:
-      - condition: Quality standards are met
-        next: supervise
-      - condition: Quality issues found
-        next: fix_qa
-
-  - name: fix_qa
-    edit: true
-    agent: ../agents/default/coder.md
-    allowed_tools:
-      - Read
-      - Glob
-      - Grep
-      - Edit
-      - Write
-      - Bash
-      - WebSearch
-      - WebFetch
     instruction_template: |
-      ## QA Review Feedback (This is the latest instruction - prioritize this)
+      ## Review Feedback (This is the latest instruction - prioritize this)
       {previous_response}
 
-      **Important**: Fix the issues pointed out by the QA expert.
-
-      Areas of concern:
-      - Adding/improving tests
-      - Adding/fixing documentation
-      - Error handling
-      - Log output
-      - Code quality
-
-      ## Completion: Determine Change Impact
-      When fix is complete, judge the **impact scope of changes**:
-
-      - Minor fix (re-run QA review only)
-        - Examples: Add tests, add documentation, add logs, add comments
-      - Security-impacting fix (restart from security review)
-        - Examples: Error handling changes (error message content changes), input validation changes
-      - Major fix (restart from Architecture review)
-        - Examples: Business logic changes, data model changes, API changes
+      **Important**: Address the feedback from the reviewers.
+      The "Original User Request" is reference information, not the latest instruction.
+      Review the session conversation history and fix the issues raised by the reviewers.
     pass_previous_response: true
-    rules:
-      - condition: Minor QA fix is complete
-        next: qa_review
-      - condition: Security-impacting fix applied
-        next: security_review
-      - condition: Major fix applied requiring architecture re-review
-        next: architect_review
-      - condition: Unable to proceed with fixes
-        next: plan
 
   # ===========================================
-  # Phase 7: Supervision
+  # Phase 4: Supervision
   # ===========================================
   - name: supervise
     edit: false

package/resources/global/ja/config.yaml

@@ -21,6 +21,22 @@ provider: claude
 # Codex: gpt-5.2-codex, gpt-5.1-codex など
 # model: sonnet
 
+# Anthropic APIキー (オプション、環境変数 TAKT_ANTHROPIC_API_KEY で上書き可能)
+# anthropic_api_key: ""
+
+# OpenAI APIキー (オプション、環境変数 TAKT_OPENAI_API_KEY で上書き可能)
+# openai_api_key: ""
+
+# パイプライン実行設定 (オプション)
+# パイプラインモード (--task) のブランチ名、コミットメッセージ、PRの本文をカスタマイズできます。
+# pipeline:
+#   default_branch_prefix: "takt/"
+#   commit_message_template: "feat: {title} (#{issue})"
+#   pr_body_template: |
+#     ## Summary
+#     {issue_body}
+#     Closes #{issue}
+
 # デバッグ設定 (オプション)
 # debug:
 #   enabled: false