takt 0.3.3 → 0.3.5

package/resources/global/en/workflows/review-only.yaml

@@ -0,0 +1,331 @@
+# Review-Only Workflow
+# Reviews code or PRs without making any edits
+# Local: console output only. PR specified: posts inline comments + summary to PR
+#
+# Flow:
+# plan -> reviewers (parallel: arch-review + security-review + ai-review) -> supervise
+#   -> pr-comment -> COMPLETE (PR comment requested)
+#   -> COMPLETE (local: console output only)
+#   -> ABORT (rejected)
+#
+# All steps have edit: false (no file modifications)
+#
+# Template Variables:
+#   {iteration}         - Workflow-wide turn count
+#   {max_iterations}    - Maximum iterations allowed
+#   {step_iteration}    - Per-step iteration count
+#   {task}              - Original user request
+#   {previous_response} - Output from the previous step
+#   {user_inputs}       - Accumulated user inputs
+#   {report_dir}        - Report directory name
+
+name: review-only
+description: Review-only workflow - reviews code without making edits
+
+max_iterations: 10
+
+initial_step: plan
+
+steps:
+  - name: plan
+    edit: false
+    agent: ../agents/default/planner.md
+    allowed_tools:
+      - Read
+      - Glob
+      - Grep
+      - WebSearch
+      - WebFetch
+    rules:
+      - condition: Review scope is clear
+        next: reviewers
+      - condition: User is asking a question (not a review task)
+        next: COMPLETE
+      - condition: Requirements unclear, insufficient info
+        next: ABORT
+        appendix: |
+          Clarifications needed:
+          - {Question 1}
+          - {Question 2}
+    pass_previous_response: true
+    instruction_template: |
+      ## Previous Response (when returned from supervise)
+      {previous_response}
+
+      Analyze the review request and create a review plan.
+
+      **This is a review-only workflow.** No code edits will be made.
+      Focus on:
+      1. Identify which files/modules to review
+      2. Determine review focus areas (architecture, security, AI patterns, etc.)
+      3. Note any specific concerns mentioned in the request
+
+      **If a PR number is mentioned** (e.g., "PR #42"), include it in your plan
+      so reviewers can focus on the PR's changed files.
+
+  - name: reviewers
+    parallel:
+      - name: arch-review
+        edit: false
+        agent: ../agents/default/architecture-reviewer.md
+        report:
+          name: 01-architect-review.md
+          format: |
+            ```markdown
+            # Architecture Review
+
+            ## Result: APPROVE / IMPROVE / REJECT
+
+            ## Summary
+            {1-2 sentences summarizing result}
+
+            ## Reviewed Perspectives
+            - [x] Structure & Design
+            - [x] Code Quality
+            - [x] Change Scope
+
+            ## Issues (if REJECT)
+            | # | Location | Issue | Fix |
+            |---|----------|-------|-----|
+            | 1 | `src/file.ts:42` | Issue description | Fix method |
+
+            ## Improvement Suggestions (optional, non-blocking)
+            - {Future improvement suggestions}
+            ```
+
+            **Cognitive load reduction rules:**
+            - APPROVE + no issues -> Summary only (5 lines or less)
+            - APPROVE + minor suggestions -> Summary + suggestions (15 lines or less)
+            - REJECT -> Issues in table format (30 lines or less)
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Focus on **architecture and design** review. Do NOT review AI-specific issues (that's the ai_review step).
+
+          Review the code and provide feedback.
+
+      - name: security-review
+        edit: false
+        agent: ../agents/default/security-reviewer.md
+        report:
+          name: 02-security-review.md
+          format: |
+            ```markdown
+            # Security Review
+
+            ## Result: APPROVE / REJECT
+
+            ## Severity: None / Low / Medium / High / Critical
+
+            ## Check Results
+            | Category | Result | Notes |
+            |----------|--------|-------|
+            | Injection | - | - |
+            | Auth/Authz | - | - |
+            | Data Protection | - | - |
+            | Dependencies | - | - |
+
+            ## Vulnerabilities (if REJECT)
+            | # | Severity | Type | Location | Fix |
+            |---|----------|------|----------|-----|
+            | 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
+
+            ## Warnings (non-blocking)
+            - {Security recommendations}
+            ```
+
+            **Cognitive load reduction rules:**
+            - No issues -> Check table only (10 lines or less)
+            - Warnings -> + Warnings 1-2 lines (15 lines or less)
+            - Vulnerabilities -> + Table format (30 lines or less)
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Perform security review on the code. Check for vulnerabilities including:
+          - Injection attacks (SQL, Command, XSS)
+          - Authentication/Authorization issues
+          - Data exposure risks
+          - Cryptographic weaknesses
+
+      - name: ai-review
+        edit: false
+        agent: ../agents/default/ai-antipattern-reviewer.md
+        report:
+          name: 03-ai-review.md
+          format: |
+            ```markdown
+            # AI-Generated Code Review
+
+            ## Result: APPROVE / REJECT
+
+            ## Summary
+            {One sentence summarizing result}
+
+            ## Verified Items
+            | Aspect | Result | Notes |
+            |--------|--------|-------|
+            | Assumption validity | - | - |
+            | API/Library existence | - | - |
+            | Context fit | - | - |
+            | Scope | - | - |
+
+            ## Issues (if REJECT)
+            | # | Category | Location | Issue |
+            |---|----------|----------|-------|
+            | 1 | Hallucinated API | `src/file.ts:23` | Non-existent method |
+            ```
+
+            **Cognitive load reduction rules:**
+            - No issues -> Summary 1 line + check table only (10 lines or less)
+            - Issues found -> + Issues in table format (25 lines or less)
+        allowed_tools:
+          - Read
+          - Glob
+          - Grep
+          - Write
+          - WebSearch
+          - WebFetch
+        rules:
+          - condition: approved
+          - condition: needs_fix
+        instruction_template: |
+          Review the code for AI-specific issues:
+          - Assumption validation
+          - Plausible but wrong patterns
+          - Context fit with existing codebase
+          - Scope creep detection
+    rules:
+      - condition: all("approved")
+        next: supervise
+      - condition: any("needs_fix")
+        next: supervise
+
+  - name: supervise
+    edit: false
+    agent: ../agents/default/supervisor.md
+    report:
+      - Review Summary: 04-review-summary.md
+    allowed_tools:
+      - Read
+      - Glob
+      - Grep
+      - Write
+      - WebSearch
+      - WebFetch
+    rules:
+      - condition: approved, PR comment requested
+        next: pr-comment
+      - condition: approved
+        next: COMPLETE
+      - condition: rejected
+        next: ABORT
+    pass_previous_response: true
+    instruction_template: |
+      ## Review Results
+      {previous_response}
+
+      **This is a review-only workflow.** Do NOT run tests or builds.
+      Your role is to synthesize the review results and produce a final summary.
+
+      **Tasks:**
+      1. Read all review reports in the Report Directory
+      2. Synthesize findings from architecture, security, and AI reviews
+      3. Produce a consolidated review summary with overall verdict
+      4. Determine routing:
+         - If the task mentions posting to a PR (e.g., "post comments to PR", "comment on PR"),
+           route to `pr-comment` step (condition: "approved, PR comment requested")
+         - If local review only, route to COMPLETE (condition: "approved")
+         - If critical issues found, route to ABORT (condition: "rejected")
+
+      **Review Summary report format:**
+      ```markdown
+      # Review Summary
+
+      ## Overall Verdict: APPROVE / REJECT
+
+      ## Summary
+      {2-3 sentences consolidating all review results}
+
+      ## Review Results
+      | Review | Result | Key Findings |
+      |--------|--------|--------------|
+      | Architecture | APPROVE/REJECT | {Brief finding} |
+      | Security | APPROVE/REJECT | {Brief finding} |
+      | AI Antipattern | APPROVE/REJECT | {Brief finding} |
+
+      ## Issues Requiring Attention
+      | # | Severity | Source | Location | Issue |
+      |---|----------|--------|----------|-------|
+      | 1 | High | Security | `file:line` | Description |
+
+      ## Improvement Suggestions
+      - {Consolidated suggestions from all reviews}
+      ```
+
+  - name: pr-comment
+    edit: false
+    agent: ../agents/review/pr-commenter.md
+    allowed_tools:
+      - Read
+      - Glob
+      - Grep
+      - Bash
+    rules:
+      - condition: Comments posted
+        next: COMPLETE
+      - condition: Failed to post comments
+        next: COMPLETE
+    pass_previous_response: true
+    instruction_template: |
+      ## Review Summary
+      {previous_response}
+
+      Post the review results to the PR as comments.
+
+      **Procedure:**
+      1. Extract the PR number from the task description
+      2. Read all review reports in the Report Directory:
+         - `01-architect-review.md` (Architecture review)
+         - `02-security-review.md` (Security review)
+         - `03-ai-review.md` (AI antipattern review)
+         - `04-review-summary.md` (Consolidated summary)
+      3. Filter findings by severity and post inline comments for Critical/High/Medium
+      4. Post a summary comment with the following format:
+
+      ```
+      ## Automated Review Summary
+
+      {Overall verdict and summary from 04-review-summary.md}
+
+      ### Review Results
+      | Review | Result |
+      |--------|--------|
+      | Architecture | {result} |
+      | Security | {result} |
+      | AI Antipattern | {result} |
+
+      ### Key Findings
+      {Bulleted list of important findings}
+
+      ### Improvement Suggestions
+      {Consolidated suggestions}
+
+      ---
+      *Generated by [takt](https://github.com/toruticas/takt) review-only workflow*
+      ```

package/resources/global/ja/agents/review/pr-commenter.md

@@ -0,0 +1,75 @@
+# PR Commenter Agent
+
+あなたは**PRコメント投稿の専門家**です。`gh` CLIを使用してレビューの指摘をGitHub Pull Requestに投稿します。
+
+## 役割
+
+- レビューの指摘をPRコメントとして投稿
+- 開発者向けに指摘を明確かつ簡潔にフォーマット
+- 重要度によるフィルタリングでノイズを削減
+
+**やらないこと:**
+- 自分でコードをレビューする（レビュアーが既に実施済み）
+- ファイルの編集
+- テストやビルドの実行
+- コード品質の判断（レビュアーの結果をそのまま投稿する）
+
+## コア知識
+
+### GitHub PR Comment API
+
+**インラインレビューコメント**（ファイル・行番号ごとの指摘）:
+
+```bash
+gh api repos/{owner}/{repo}/pulls/{pr_number}/comments \
+  -f body="**[{category}]** {description}" \
+  -f path="{file_path}" \
+  -F line={line_number} \
+  -f commit_id="$(gh pr view {pr_number} --json headRefOid -q .headRefOid)"
+```
+
+- `commit_id` にはPRのHEADコミットを使用
+- 同一行に複数の指摘がある場合は1つのコメントにまとめる
+
+**サマリーコメント**（全体レビュー）:
+
+```bash
+gh pr comment {pr_number} --body "{markdown_body}"
+```
+
+- 複数行のbodyにはHEREDOCを使用してエスケープ問題を回避
+
+### PR番号の抽出
+
+タスクコンテキストから一般的なパターンでPR番号を抽出:
+- "PR #42"、"#42"、"pull/42"、"pulls/42"
+- PR番号が見つからない場合は報告して投稿せずに終了
+
+## コメント品質の原則
+
+### 重要度ベースのフィルタリング
+
+| 重大度 | アクション |
+|--------|-----------|
+| Critical / High | 必ずインラインコメントとして投稿 |
+| Medium | インラインコメントとして投稿 |
+| Low | サマリーにのみ含める |
+| Informational | サマリーにのみ含める |
+
+### フォーマット
+
+- **簡潔に。** PRコメントはアクション可能で要点を押さえたものにする
+- **場所を含める。** 可能な限り具体的なファイルと行番号を参照
+- **指摘を分類する。** `[Security]`、`[Architecture]`、`[AI Pattern]` のようなラベルを使用
+
+## エラーハンドリング
+
+- `gh` コマンドが失敗した場合はエラーを報告するが、過度にリトライしない
+- PR番号が特定できない場合は情報メッセージを出力して完了
+- 投稿する指摘がない場合はサマリーコメントのみ投稿
+
+## 重要
+
+- **ファイルを変更しない。** コメント投稿のみ行う。
+- **レート制限を尊重。** 個別コメントを大量投稿しない。可能な限りまとめる。
+- **レビューレポートを情報源とする。** 自分の分析ではなく、レビュアーの結果を投稿する。

package/resources/global/ja/config.yaml

@@ -21,6 +21,22 @@ provider: claude
 # Codex: gpt-5.2-codex, gpt-5.1-codex など
 # model: sonnet
 
+# Anthropic APIキー (オプション、環境変数 TAKT_ANTHROPIC_API_KEY で上書き可能)
+# anthropic_api_key: ""
+
+# OpenAI APIキー (オプション、環境変数 TAKT_OPENAI_API_KEY で上書き可能)
+# openai_api_key: ""
+
+# パイプライン実行設定 (オプション)
+# パイプラインモード (--task) のブランチ名、コミットメッセージ、PRの本文をカスタマイズできます。
+# pipeline:
+#   default_branch_prefix: "takt/"
+#   commit_message_template: "feat: {title} (#{issue})"
+#   pr_body_template: |
+#     ## Summary
+#     {issue_body}
+#     Closes #{issue}
+
 # デバッグ設定 (オプション)
 # debug:
 #   enabled: false