the-frame-ai 0.12.0 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +167 -150
- package/package.json +4 -2
- package/src/cli.js +12 -16
- package/src/doctor.js +3 -2
- package/src/init.js +46 -39
- package/src/languages.js +4 -13
- package/src/update.js +120 -45
- package/src/utils.js +97 -22
- package/templates/agents/auditor.md +116 -0
- package/templates/agents/builder.md +30 -47
- package/templates/agents/conventions-reviewer.md +1 -1
- package/templates/agents/devils-advocate.md +71 -23
- package/templates/agents/performance-auditor.md +26 -27
- package/templates/agents/planner.md +60 -51
- package/templates/agents/researcher.md +30 -81
- package/templates/agents/reviewer.md +43 -53
- package/templates/agents/security.md +75 -93
- package/templates/agents/tests-reviewer.md +1 -1
- package/templates/commands/frame:add-task.md +5 -0
- package/templates/commands/frame:arch.md +9 -2
- package/templates/commands/frame:audit.md +383 -0
- package/templates/commands/frame:build.md +109 -59
- package/templates/commands/frame:checkpoint.md +129 -4
- package/templates/commands/frame:cleanup-memory.md +20 -21
- package/templates/commands/frame:daily.md +88 -4
- package/templates/commands/frame:debug.md +177 -31
- package/templates/commands/frame:doctor.md +26 -19
- package/templates/commands/frame:fast.md +22 -17
- package/templates/commands/frame:health.md +100 -1
- package/templates/commands/frame:init.md +109 -26
- package/templates/commands/frame:migrate.md +7 -2
- package/templates/commands/frame:note.md +8 -3
- package/templates/commands/frame:pause.md +6 -2
- package/templates/commands/frame:plan.md +180 -82
- package/templates/commands/frame:refactor.md +10 -5
- package/templates/commands/frame:research.md +106 -50
- package/templates/commands/frame:resume.md +5 -1
- package/templates/commands/frame:retrospective.md +41 -48
- package/templates/commands/frame:review.md +169 -105
- package/templates/commands/frame:ship.md +33 -16
- package/templates/commands/frame:test-plan.md +5 -0
- package/templates/commands/frame:unstuck.md +7 -5
- package/templates/commands/frame:upgrade.md +92 -0
- package/templates/commands/frame:verify-ui.md +10 -5
- package/templates/commands/frame:why.md +102 -14
- package/templates/commands/frame:worktree.md +23 -0
- package/templates/hooks/git-safety.sh +12 -6
- package/templates/hooks/pre-compact.sh +22 -0
- package/templates/hooks/quality-gate.sh +26 -13
- package/templates/hooks/safety-net.sh +32 -2
- package/templates/hooks/session-init.sh +10 -0
- package/templates/project/CLAUDE.md +6 -8
- package/templates/project/config.json +4 -0
- package/templates/project/memory/context.md +6 -5
- package/templates/project/memory/conventions.md +6 -1
- package/templates/project/memory/dependencies.md +4 -4
- package/templates/project/memory/learnings.md +72 -0
- package/templates/project/settings.local.json +9 -8
- package/templates/project/specs/_template/subagent-prompt.md +1 -1
- package/README.de.md +0 -426
- package/README.es.md +0 -426
- package/README.hi.md +0 -426
- package/README.ja.md +0 -426
- package/README.ru.md +0 -427
- package/README.zh.md +0 -426
- package/bin/the-frame +0 -5
- package/templates/commands/frame:check-deps.md +0 -118
- package/templates/commands/frame:context.md +0 -64
- package/templates/commands/frame:estimate.md +0 -105
- package/templates/commands/frame:explain.md +0 -84
- package/templates/commands/frame:forensics.md +0 -139
- package/templates/commands/frame:headless.md +0 -118
- package/templates/commands/frame:perf-audit.md +0 -291
- package/templates/commands/frame:perf-fix.md +0 -112
- package/templates/commands/frame:performance.md +0 -228
- package/templates/commands/frame:rollback.md +0 -207
- package/templates/commands/frame:security-fix.md +0 -260
- package/templates/commands/frame:security.md +0 -420
- package/templates/commands/frame:sprint-check.md +0 -111
- package/templates/commands/frame:status.md +0 -103
- package/templates/commands/frame:wave-team.md +0 -182
- package/templates/commands/frame:wave.md +0 -319
- package/templates/commands/frame:where.md +0 -5
- package/templates/project/memory/anti-patterns.md +0 -14
- package/templates/project/memory/decisions.md +0 -20
- package/templates/project/memory/metrics.md +0 -22
- package/templates/project/memory/patterns.md +0 -30
- package/templates/project/memory/wins.md +0 -11
package/README.md
CHANGED
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
FRAME — Framework for AI-Assisted Solo Development
|
|
4
4
|
|
|
5
|
-
[🇺🇸 English](README.md) | [🇨🇳 中文](README.zh.md) | [🇮🇳 हिंदी](README.hi.md) | [🇯🇵 日本語](README.ja.md) | [🇩🇪 Deutsch](README.de.md) | [🇪🇸 Español](README.es.md) | [🇷🇺 Русский](README.ru.md)
|
|
6
|
-
|
|
7
5
|
## What is FRAME?
|
|
8
6
|
|
|
9
7
|
**FRAME (Framework for AI-Assisted Solo Development)** is a framework for solo developers building products with Claude Code. It turns chaotic AI-assisted development into a predictable process — from idea to deploy — with memory, structure, and protection against mistakes.
|
|
@@ -17,10 +15,10 @@ If you're building a product alone with Claude Code and want to work like a team
|
|
|
17
15
|
| Losing context between sessions | Project memory and automatic state dump on session start |
|
|
18
16
|
| Chaos in tasks and priorities | 6-phase workflow: Research → Plan → Build → Review → Ship → Reflect |
|
|
19
17
|
| Fear of breaking something important | Safety hooks block destructive commands before they run |
|
|
20
|
-
| Repetitive routine tasks |
|
|
21
|
-
| Complex features with dependencies | Parallel subagents for independent tasks |
|
|
18
|
+
| Repetitive routine tasks | 28 ready-made commands for the full development cycle |
|
|
19
|
+
| Complex features with dependencies | Parallel subagents for independent tasks (wave-based planning) |
|
|
22
20
|
| No structure for solo work | Roadmap, STATE.md, MAP.md — always know where you are and what's next |
|
|
23
|
-
| Shipping code with security holes |
|
|
21
|
+
| Shipping code with security holes | `/frame:audit` — unified security, performance, and dependency audit before deploy |
|
|
24
22
|
|
|
25
23
|
## How to work with FRAME
|
|
26
24
|
|
|
@@ -31,16 +29,17 @@ Research → Plan → Build → Review → Ship → Reflect
|
|
|
31
29
|
Each session is one cycle. Start with `/frame:daily`, end with `/frame:ship`.
|
|
32
30
|
|
|
33
31
|
**Research** — understand before you build
|
|
34
|
-
Run `/frame:research <topic>` — Claude explores the codebase
|
|
32
|
+
Run `/frame:research <topic>` — Claude explores the codebase and external sources, asks clarifying questions, builds context, and stays available for a chat-driven decision log.
|
|
35
33
|
|
|
36
34
|
**Plan** — break it into tasks
|
|
37
|
-
`/frame:plan <feature>` turns research into a concrete task list with
|
|
35
|
+
`/frame:plan <feature>` turns research into a concrete task list with wave grouping and `Parallel: yes/no` labels.
|
|
36
|
+
`/frame:plan audit` creates a fix plan from the latest audit report.
|
|
38
37
|
|
|
39
38
|
**Build** — implement
|
|
40
|
-
`/frame:build`
|
|
39
|
+
`/frame:build` reads the `Parallel:` labels from plan.md and automatically decides whether to run tasks sequentially or in parallel worktrees. No flags needed. Stuck — `/frame:unstuck`. Found a bug — `/frame:debug`.
|
|
41
40
|
|
|
42
41
|
**Review** — check before deploying
|
|
43
|
-
`/frame:review` runs automated checks and
|
|
42
|
+
`/frame:review` runs automated checks and a 6-panel review (spec compliance, security, performance, business logic, tests, conventions) on the diff.
|
|
44
43
|
|
|
45
44
|
**Ship** — deploy and record
|
|
46
45
|
`/frame:ship` commits, optional push/PR, and updates project memory.
|
|
@@ -57,24 +56,27 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
|
|
|
57
56
|
# → see current project status and what's planned
|
|
58
57
|
|
|
59
58
|
/frame:research "Google OAuth"
|
|
60
|
-
# → Claude studies the codebase:
|
|
61
|
-
# what patterns are already used, what needs to be added
|
|
59
|
+
# → Claude asks 2-3 clarifying questions, then studies the codebase:
|
|
60
|
+
# how current auth works, what patterns are already used, what needs to be added
|
|
61
|
+
# → research.md with Requirements (R1, R2...) and Acceptance Criteria (AC1, AC2...)
|
|
62
62
|
|
|
63
63
|
/frame:plan "Google OAuth"
|
|
64
|
-
# → get a concrete task list:
|
|
65
|
-
# 1
|
|
66
|
-
# 2
|
|
67
|
-
# 3
|
|
68
|
-
# 4. add button to UI
|
|
64
|
+
# → get a concrete task list with wave grouping:
|
|
65
|
+
# Wave 1 (Parallel: yes): configure credentials, add callback route
|
|
66
|
+
# Wave 2 (Parallel: no): connect to sessions (depends on Wave 1)
|
|
67
|
+
# Wave 3 (Parallel: yes): add UI button, write integration tests
|
|
69
68
|
|
|
70
69
|
/frame:checkpoint
|
|
71
|
-
# → save a restore point — if something goes wrong,
|
|
70
|
+
# → save a restore point — if something goes wrong, use /frame:checkpoint rollback
|
|
72
71
|
|
|
73
|
-
/frame:
|
|
74
|
-
# →
|
|
72
|
+
/frame:build
|
|
73
|
+
# → reads Parallel: labels from plan.md
|
|
74
|
+
# Wave 1: runs tasks in parallel worktrees (automatically)
|
|
75
|
+
# Wave 2: runs sequentially (depends on Wave 1 output)
|
|
75
76
|
|
|
76
77
|
/frame:review
|
|
77
|
-
# → automated checks
|
|
78
|
+
# → automated checks + 6-panel review on the diff (spec compliance, security, performance, tests, conventions, business logic)
|
|
79
|
+
# → every requirement and AC traced to implementation
|
|
78
80
|
|
|
79
81
|
/frame:ship
|
|
80
82
|
# → commit, optional push/PR, project memory updated
|
|
@@ -87,18 +89,19 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
|
|
|
87
89
|
# → restore context, see the bug is already in the plan or add it
|
|
88
90
|
|
|
89
91
|
/frame:debug "login after reset"
|
|
90
|
-
# →
|
|
91
|
-
# →
|
|
92
|
+
# → git archaeology first (git log -15 -- relevant files)
|
|
93
|
+
# → max 3 ranked hypotheses, checks cheapest first
|
|
94
|
+
# → you get a confirmed root cause with specific location in code
|
|
92
95
|
|
|
93
96
|
# If the cause is found immediately:
|
|
94
97
|
/frame:checkpoint # restore point before the fix
|
|
95
98
|
/frame:fast "fix: invalidate old session after password reset"
|
|
96
|
-
# → Claude makes a targeted fix, writes a regression test
|
|
99
|
+
# → Claude makes a targeted fix, writes a regression test, prints one-line summary
|
|
97
100
|
|
|
98
101
|
# If the cause is unclear — go deeper:
|
|
99
|
-
/frame:
|
|
100
|
-
# →
|
|
101
|
-
# finds the commit that broke the behavior
|
|
102
|
+
/frame:debug --deep
|
|
103
|
+
# → 3 parallel investigators: git-history, code, config
|
|
104
|
+
# analyzes git history, finds the commit that broke the behavior (5-why analysis)
|
|
102
105
|
|
|
103
106
|
/frame:checkpoint
|
|
104
107
|
/frame:fast "fix: ..." # fix the found cause
|
|
@@ -109,41 +112,37 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
|
|
|
109
112
|
/frame:ship
|
|
110
113
|
```
|
|
111
114
|
|
|
112
|
-
###
|
|
115
|
+
### Audit: find issues before launch
|
|
113
116
|
|
|
114
117
|
```
|
|
115
118
|
/frame:daily
|
|
119
|
+
# → briefing shows: "Audit: ⚠️ never run" — time to fix that
|
|
120
|
+
|
|
121
|
+
/frame:audit
|
|
122
|
+
# → detects project size (S/M/L), launches category agents in parallel:
|
|
123
|
+
# SEC: OWASP Top 10, secrets, auth, CORS
|
|
124
|
+
# PERF: N+1 queries, memory leaks, cache, bundle
|
|
125
|
+
# DEPS: vulnerabilities, outdated packages
|
|
126
|
+
# LOGIC, DATA, OBS, TEST, INFRA, MAINT, A11Y, PRIV
|
|
127
|
+
# → verification pass: devils-advocate tries to REFUTE CRITICAL/HIGH findings
|
|
128
|
+
# → AUDIT.md saved to .planning/reports/audit/{date}/AUDIT.md
|
|
129
|
+
|
|
130
|
+
# Targeted scans:
|
|
131
|
+
/frame:audit security # security only
|
|
132
|
+
/frame:audit performance # performance only
|
|
133
|
+
/frame:audit deps # dependencies only
|
|
134
|
+
/frame:audit quick # top 4 categories (SEC, PERF, DEPS, LOGIC)
|
|
135
|
+
|
|
136
|
+
# After audit, create a fix plan:
|
|
137
|
+
/frame:plan audit
|
|
138
|
+
# → reads AUDIT.md, groups findings into tasks by file/module
|
|
139
|
+
# → Wave 1: CRITICAL findings, Wave 2: HIGH findings
|
|
140
|
+
|
|
141
|
+
/frame:build
|
|
142
|
+
# → implements fix tasks
|
|
116
143
|
|
|
117
|
-
/frame:
|
|
118
|
-
# →
|
|
119
|
-
# → searches for current known issues for that exact stack
|
|
120
|
-
# → deep scan: N+1 queries, memory leaks, blocking ops,
|
|
121
|
-
# missing cache headers, re-render causes, bundle size
|
|
122
|
-
# → report saved to .planning/reports/performance/PERF_REPORT.md
|
|
123
|
-
# with Critical/High/Medium/Low priorities and effort estimates
|
|
124
|
-
|
|
125
|
-
# Example report output:
|
|
126
|
-
# Critical: 2 | High: 4 | Medium: 3 | Low: 1
|
|
127
|
-
# [PERF-1] N+1 query in /api/users — 47 extra DB queries per request (S)
|
|
128
|
-
# [PERF-2] setInterval without cleanup in Dashboard — memory leak (XS)
|
|
129
|
-
|
|
130
|
-
/frame:perf-fix
|
|
131
|
-
# → reads PERF_REPORT.md, starts with Critical issues
|
|
132
|
-
# → for each issue shows:
|
|
133
|
-
# --- BEFORE ---
|
|
134
|
-
# const users = await db.findMany()
|
|
135
|
-
# --- AFTER ---
|
|
136
|
-
# const users = await db.findMany({ select: { id, name, email } })
|
|
137
|
-
# → asks: Apply this fix? [y/n/skip]
|
|
138
|
-
# → applies, runs typecheck + tests, reverts if broken
|
|
139
|
-
|
|
140
|
-
# Fix specific issue or priority:
|
|
141
|
-
/frame:perf-fix PERF-1 # fix one issue
|
|
142
|
-
/frame:perf-fix high # fix all High priority
|
|
143
|
-
/frame:perf-fix all # fix Critical + High
|
|
144
|
-
|
|
145
|
-
/frame:perf-audit
|
|
146
|
-
# → re-run to confirm improvements
|
|
144
|
+
/frame:ship
|
|
145
|
+
# → security check passes, commit and push
|
|
147
146
|
```
|
|
148
147
|
|
|
149
148
|
### UI verification: confirm the interface works
|
|
@@ -166,59 +165,20 @@ Run `/frame:research <topic>` — Claude explores the codebase, external sources
|
|
|
166
165
|
|
|
167
166
|
The command only **verifies** — it doesn't auto-fix. If it finds a problem, it describes it precisely: which element, what behavior, what was expected.
|
|
168
167
|
|
|
169
|
-
**Automatic check**: in `/frame:build`, `/frame:fast`,
|
|
168
|
+
**Automatic check**: in `/frame:build`, `/frame:fast`, and `/frame:debug` — if the task touches UI files (`.tsx`, `.vue`, `.css`, `component`, `page`) — browser check runs automatically after quality gates.
|
|
170
169
|
|
|
171
|
-
**Requires Playwright MCP** — added automatically on `npx the-frame init` or `npx the-frame update` if you answer "y" to the frontend project question.
|
|
170
|
+
**Requires Playwright MCP** — added automatically on `npx the-frame-ai init` or `npx the-frame-ai update` if you answer "y" to the frontend project question.
|
|
172
171
|
|
|
173
|
-
###
|
|
172
|
+
### CI / Autonomous mode
|
|
174
173
|
|
|
175
|
-
|
|
176
|
-
/frame:daily
|
|
177
|
-
# → briefing shows: "Security: ⚠️ never run" — time to fix that
|
|
178
|
-
|
|
179
|
-
/frame:security
|
|
180
|
-
# → full project scan across all categories:
|
|
181
|
-
# - secrets: AWS keys, GitHub tokens, Stripe keys, private keys, .env in git
|
|
182
|
-
# - OWASP Top 10: SQL injection, XSS, CSRF, path traversal, SSRF, command injection
|
|
183
|
-
# - infrastructure: Dockerfile (root user, :latest), debug endpoints, missing .dockerignore
|
|
184
|
-
# - AI/LLM: prompt injection, insecure output handling, system prompt leakage
|
|
185
|
-
# - dependencies: known CVEs via npm audit
|
|
186
|
-
|
|
187
|
-
# → report saved to .planning/reports/security/security-{date}.md
|
|
188
|
-
# → STATE.md updated with Security Status
|
|
189
|
-
|
|
190
|
-
# If CRITICAL or HIGH findings:
|
|
191
|
-
# ⛔ Ship BLOCKED. Run /frame:security-fix to fix critical findings.
|
|
192
|
-
|
|
193
|
-
/frame:security-fix
|
|
194
|
-
# → reads the latest report and fixes findings by priority:
|
|
195
|
-
# CRITICAL first, then HIGH
|
|
196
|
-
# - removes .env files from git tracking (git rm --cached)
|
|
197
|
-
# - adds missing security headers to next.config.js / Express
|
|
198
|
-
# - adds CSRF protection to Route Handlers
|
|
199
|
-
# - runs npm audit fix for vulnerable dependencies
|
|
200
|
-
# - fixes Dockerfile: adds USER directive, pins :latest tags
|
|
201
|
-
# - for secrets already in history: tells you exactly how to rotate + rewrite history
|
|
202
|
-
# → verifies each fix after applying
|
|
203
|
-
# → updates STATE.md: unblocks ship if all CRITICAL resolved
|
|
204
|
-
|
|
205
|
-
# Targeted fixes:
|
|
206
|
-
/frame:security-fix critical # fix only CRITICAL findings
|
|
207
|
-
/frame:security-fix high # fix only HIGH findings
|
|
208
|
-
/frame:security-fix SEC-1 # fix a specific finding by ID
|
|
209
|
-
|
|
210
|
-
/frame:security
|
|
211
|
-
# → re-run audit to confirm everything is clean
|
|
212
|
-
|
|
213
|
-
# If clean:
|
|
214
|
-
# ✓ No critical issues. Safe to proceed with /frame:ship.
|
|
174
|
+
FRAME doesn't have a dedicated headless command. For CI or non-interactive runs, invoke commands directly via `claude -p`:
|
|
215
175
|
|
|
216
|
-
|
|
217
|
-
#
|
|
176
|
+
```bash
|
|
177
|
+
# Run full cycle autonomously
|
|
178
|
+
claude -p "/frame:build" --allowedTools "Bash,Read,Write,Edit"
|
|
218
179
|
|
|
219
|
-
#
|
|
220
|
-
/frame:
|
|
221
|
-
/frame:security src/api/ # scan specific directory
|
|
180
|
+
# Audit in CI
|
|
181
|
+
claude -p "/frame:audit quick" --allowedTools "Bash,Read,Write,Grep"
|
|
222
182
|
```
|
|
223
183
|
|
|
224
184
|
## What's inside
|
|
@@ -226,11 +186,11 @@ The command only **verifies** — it doesn't auto-fix. If it finds a problem, it
|
|
|
226
186
|
FRAME provides:
|
|
227
187
|
|
|
228
188
|
- **6-phase workflow**: Research → Plan → Build → Review → Ship → Reflect
|
|
229
|
-
- **
|
|
230
|
-
- **
|
|
189
|
+
- **28 commands**: from quick tasks to full feature development cycle
|
|
190
|
+
- **10 AI agents**: Researcher, Planner, Builder, Reviewer, Auditor, Devil's Advocate, Security, Performance Auditor, Tests Reviewer, Conventions Reviewer
|
|
231
191
|
- **Safety Hooks**: block destructive operations, enforce quality gates
|
|
232
192
|
- **Git Safety**: checkpoints, rollback, worktrees, pause/resume
|
|
233
|
-
- **
|
|
193
|
+
- **Unified Audit**: 12 categories (SEC, PERF, LOGIC, API, DATA, OBS, DEPS, TEST, INFRA, MAINT, A11Y, PRIV) with adversarial verification
|
|
234
194
|
|
|
235
195
|
## Prerequisites
|
|
236
196
|
|
|
@@ -255,17 +215,16 @@ npx the-frame-ai init
|
|
|
255
215
|
|
|
256
216
|
### Core — start here
|
|
257
217
|
|
|
258
|
-
These
|
|
218
|
+
These commands cover 90% of solo dev work:
|
|
259
219
|
|
|
260
220
|
| Command | When to use |
|
|
261
221
|
|---------|-------------|
|
|
262
222
|
| `/frame:daily` | **Start here** after any break — what was done, what's next |
|
|
263
223
|
| `/frame:research <topic>` | Before planning a new feature |
|
|
264
|
-
| `/frame:plan <feature>` | Turn research into an actionable task list |
|
|
265
|
-
| `/frame:
|
|
266
|
-
| `/frame:
|
|
267
|
-
| `/frame:
|
|
268
|
-
| `/frame:review` | Before deploying — automated checks + checklist |
|
|
224
|
+
| `/frame:plan <feature>` | Turn research into an actionable task list with waves |
|
|
225
|
+
| `/frame:plan audit` | Create fix tasks from the latest audit report |
|
|
226
|
+
| `/frame:build` | Implement tasks — reads Parallel: labels, runs sequentially or in parallel automatically |
|
|
227
|
+
| `/frame:review` | Before deploying — 6-panel review + automated checks |
|
|
269
228
|
| `/frame:ship` | Commit, optional push/PR, update memory |
|
|
270
229
|
|
|
271
230
|
### All Commands by Phase
|
|
@@ -276,8 +235,7 @@ These 7 commands cover 90% of solo dev work:
|
|
|
276
235
|
| Command | When to use |
|
|
277
236
|
|---------|-------------|
|
|
278
237
|
| `/frame:research <topic>` | Before planning a new feature |
|
|
279
|
-
| `/frame:
|
|
280
|
-
| `/frame:why <topic>` | Search decision history |
|
|
238
|
+
| `/frame:why <topic or path>` | Search decision history or explain why code looks the way it does |
|
|
281
239
|
| `/frame:arch <module>` | Document a module's architecture to `docs/arch/{module}.md` |
|
|
282
240
|
</details>
|
|
283
241
|
|
|
@@ -286,7 +244,8 @@ These 7 commands cover 90% of solo dev work:
|
|
|
286
244
|
|
|
287
245
|
| Command | When to use |
|
|
288
246
|
|---------|-------------|
|
|
289
|
-
| `/frame:plan <feature>` | Turn research into an actionable task list |
|
|
247
|
+
| `/frame:plan <feature>` | Turn research into an actionable task list with wave grouping |
|
|
248
|
+
| `/frame:plan audit [all]` | Turn audit findings into a fix plan (Critical+High, or all) |
|
|
290
249
|
| `/frame:add-task` | Add a task to the plan without interrupting work |
|
|
291
250
|
</details>
|
|
292
251
|
|
|
@@ -295,29 +254,28 @@ These 7 commands cover 90% of solo dev work:
|
|
|
295
254
|
|
|
296
255
|
| Command | When to use |
|
|
297
256
|
|---------|-------------|
|
|
298
|
-
| `/frame:build` | Implement plan with TDD
|
|
299
|
-
| `/frame:wave` | Implement 4+ independent tasks in parallel batches |
|
|
300
|
-
| `/frame:wave-team` | Like wave, but with a review team (Security, Perf, Tests, Conventions) after each task |
|
|
257
|
+
| `/frame:build` | Implement plan with TDD — auto-detects sequential vs parallel from plan |
|
|
301
258
|
| `/frame:fast <task>` | Quick task under 30 minutes |
|
|
302
|
-
| `/frame:debug <issue>` | Systematic bug investigation |
|
|
303
|
-
| `/frame:
|
|
259
|
+
| `/frame:debug <issue>` | Systematic bug investigation with git archaeology |
|
|
260
|
+
| `/frame:debug --deep` | Deep forensic investigation (parallel investigators, 5-why, timeline) |
|
|
261
|
+
| `/frame:debug <SEC-N>` | Debug a specific finding from the last audit/review by ID |
|
|
304
262
|
| `/frame:refactor` | Refactor with TDD safety net |
|
|
305
263
|
| `/frame:migrate` | DB/API/deps migration with rollback plan |
|
|
306
264
|
</details>
|
|
307
265
|
|
|
308
266
|
<details>
|
|
309
|
-
<summary>Review</summary>
|
|
267
|
+
<summary>Review & Audit</summary>
|
|
310
268
|
|
|
311
269
|
| Command | When to use |
|
|
312
270
|
|---------|-------------|
|
|
313
|
-
| `/frame:review` | Before deploying — automated checks +
|
|
314
|
-
| `/frame:
|
|
315
|
-
| `/frame:security
|
|
316
|
-
| `/frame:
|
|
317
|
-
| `/frame:
|
|
271
|
+
| `/frame:review` | Before deploying — automated checks + 6-panel review |
|
|
272
|
+
| `/frame:audit` | Full project audit: 12 categories, adversarial verification |
|
|
273
|
+
| `/frame:audit security` | Security-only audit: secrets, OWASP, auth, CORS |
|
|
274
|
+
| `/frame:audit performance` | Performance-only audit: N+1, cache, memory leaks, bundle |
|
|
275
|
+
| `/frame:audit deps` | Dependency audit: vulnerabilities, outdated packages |
|
|
276
|
+
| `/frame:audit quick` | Top 4 categories (SEC, PERF, DEPS, LOGIC) — fast overview |
|
|
318
277
|
| `/frame:health` | Full project health check |
|
|
319
|
-
| `/frame:
|
|
320
|
-
| `/frame:performance` | Bundle size and Lighthouse audit |
|
|
278
|
+
| `/frame:health sprint` | Weekly progress vs roadmap |
|
|
321
279
|
</details>
|
|
322
280
|
|
|
323
281
|
<details>
|
|
@@ -325,10 +283,9 @@ These 7 commands cover 90% of solo dev work:
|
|
|
325
283
|
|
|
326
284
|
| Command | When to use |
|
|
327
285
|
|---------|-------------|
|
|
328
|
-
| `/frame:test-plan` | After review, before ship — generates a manual "go check this as a user" checklist
|
|
286
|
+
| `/frame:test-plan` | After review, before ship — generates a manual "go check this as a user" checklist |
|
|
329
287
|
| `/frame:ship` | Commit, optional push/PR, update memory |
|
|
330
|
-
| `/frame:checkpoint` | Save
|
|
331
|
-
| `/frame:rollback` | Roll back to a checkpoint |
|
|
288
|
+
| `/frame:checkpoint` | Save/list/rollback git checkpoints |
|
|
332
289
|
</details>
|
|
333
290
|
|
|
334
291
|
<details>
|
|
@@ -336,8 +293,7 @@ These 7 commands cover 90% of solo dev work:
|
|
|
336
293
|
|
|
337
294
|
| Command | When to use |
|
|
338
295
|
|---------|-------------|
|
|
339
|
-
| `/frame:retrospective` | After deploy — update memory and
|
|
340
|
-
| `/frame:sprint-check` | Weekly progress vs roadmap |
|
|
296
|
+
| `/frame:retrospective` | After deploy — update memory and record learnings |
|
|
341
297
|
| `/frame:cleanup-memory` | Trim and archive stale memory |
|
|
342
298
|
</details>
|
|
343
299
|
|
|
@@ -347,10 +303,9 @@ These 7 commands cover 90% of solo dev work:
|
|
|
347
303
|
| Command | When to use |
|
|
348
304
|
|---------|-------------|
|
|
349
305
|
| `/frame:daily` | Start of day — what was done, what's next |
|
|
350
|
-
| `/frame:
|
|
306
|
+
| `/frame:daily full` | Full technical context dump (STATE.md + memory + git diff) |
|
|
351
307
|
| `/frame:note` | Capture a pattern, decision, or anti-pattern |
|
|
352
308
|
| `/frame:unstuck` | Stuck? Get 3 concrete options to unblock |
|
|
353
|
-
| `/frame:context` | Show current working context |
|
|
354
309
|
| `/frame:init` | First run — scan codebase, fill MAP.md |
|
|
355
310
|
| `/frame:doctor` | Verify FRAME installation |
|
|
356
311
|
| `/frame:pause` / `/frame:resume` | Save and restore mid-task state |
|
|
@@ -362,20 +317,71 @@ These 7 commands cover 90% of solo dev work:
|
|
|
362
317
|
| Command | When to use |
|
|
363
318
|
|---------|-------------|
|
|
364
319
|
| `/frame:worktree` | Isolated git worktree for parallel experiments |
|
|
365
|
-
| `/frame:headless` | Autonomous CI mode (no interaction) |
|
|
366
|
-
| `/frame:estimate <task>` | Scope and time estimate before starting |
|
|
367
320
|
</details>
|
|
368
321
|
|
|
322
|
+
## Full Command Reference
|
|
323
|
+
|
|
324
|
+
<!-- COMMANDS:START -->
|
|
325
|
+
| Command | Description | Arguments |
|
|
326
|
+
|---------|-------------|-----------|
|
|
327
|
+
| `/frame:add-task` | Add a task to the current plan.md without interrupting work | `<task description>` |
|
|
328
|
+
| `/frame:arch` | Document module architecture and design decisions for a file or module | `<file or module path>` |
|
|
329
|
+
| `/frame:audit` | Comprehensive project audit across 12 categories — security, performance, business logic, API, data, observability, deps, tests, infra, maintainability, a11y, privacy | `[category | quick] [scope-path] [--priv]` |
|
|
330
|
+
| `/frame:build` | Implement planned tasks using TDD — auto-detects sequential or parallel execution from plan.md | `[feature]` |
|
|
331
|
+
| `/frame:checkpoint` | Manage git checkpoints: list, create, rollback, or clean up frame/checkpoint/* tags | `[list | create | cleanup | rollback [<tag> | --soft]]` |
|
|
332
|
+
| `/frame:cleanup-memory` | Trim and archive memory files, removing stale and low-confidence entries | — |
|
|
333
|
+
| `/frame:daily` | Morning briefing — project status, today's priorities, and blockers | `[full]` |
|
|
334
|
+
| `/frame:debug` | Systematically debug an issue — or run deep forensic investigation with 5-why analysis | `[--deep] <SEC-N|issue description>` |
|
|
335
|
+
| `/frame:doctor` | Check FRAME installation health — verify paths, config, and hook registration | — |
|
|
336
|
+
| `/frame:fast` | Execute a quick task end-to-end without full research/plan cycle | `<task description>` |
|
|
337
|
+
| `/frame:health` | Daily health check: tests, lint, types, security scan freshness — or sprint velocity check | `[sprint]` |
|
|
338
|
+
| `/frame:init` | Initialize project: scan codebase, fill MAP.md, STATE.md, and memory files | — |
|
|
339
|
+
| `/frame:migrate` | Plan and execute a database or schema migration with rollback safety | `<migration description>` |
|
|
340
|
+
| `/frame:note` | Save a quick memory note (pattern, decision, or anti-pattern) to memory files | `<note text>` |
|
|
341
|
+
| `/frame:pause` | Save session state to pause-state.json and create a checkpoint | — |
|
|
342
|
+
| `/frame:plan` | Decompose a feature into atomic tasks with wave grouping, traceability, and Parallel labels; or create a plan from audit findings | `<feature description> | audit [all]` |
|
|
343
|
+
| `/frame:refactor` | Refactor code with test coverage verification and checkpoint safety | `<refactor scope>` |
|
|
344
|
+
| `/frame:research` | Domain research: clarification gate, parallel codebase + web scouting, new research.md with Decision Log cycle | `<topic or question>` |
|
|
345
|
+
| `/frame:resume` | Resume work from pause-state.json — restore context and continue | — |
|
|
346
|
+
| `/frame:retrospective` | Write retrospective, update memory files with learnings and patterns | — |
|
|
347
|
+
| `/frame:review` | Code review: completion check, automated gates, parallel reviewer panel with verification pass | `[audit]` |
|
|
348
|
+
| `/frame:ship` | Prepare and create a git commit and pull request after review passes | — |
|
|
349
|
+
| `/frame:test-plan` | Generate a manual user acceptance checklist for the current feature | `<feature or scope>` |
|
|
350
|
+
| `/frame:unstuck` | Get unblocked: diagnose blockers, suggest next actions, reset mental model | — |
|
|
351
|
+
| `/frame:upgrade` | Upgrade FRAME framework files to the latest version with diff preview and changelog | — |
|
|
352
|
+
| `/frame:verify-ui` | Browser UI verification using Playwright MCP: screenshot and assert UI state | `[<url or component>]` |
|
|
353
|
+
| `/frame:why` | Explain why code looks the way it does — or search decision history by keyword | `<keyword | file path | function name>` |
|
|
354
|
+
| `/frame:worktree` | Manage git worktrees for parallel task execution without context switching | `[create | list | cleanup | <task-name>]` |
|
|
355
|
+
<!-- COMMANDS:END -->
|
|
356
|
+
|
|
357
|
+
## Agents
|
|
358
|
+
|
|
359
|
+
<!-- AGENTS:START -->
|
|
360
|
+
| Agent | Description |
|
|
361
|
+
|-------|-------------|
|
|
362
|
+
| `auditor` | Universal category auditor. Receives a category brief from the orchestrating command, audits the codebase for that category, writes findings to its category file. Use when: /frame:audit spawns category-specific subagents. |
|
|
363
|
+
| `builder` | Implementation agent. Writes code using TDD, runs quality gates, creates git commits. Use when: implementing a planned task from plan.md. |
|
|
364
|
+
| `conventions-reviewer` | Review agent for wave-team. Checks code conventions and style in a single task's git diff. Returns PASS/WARN/FAIL verdict. |
|
|
365
|
+
| `devils-advocate` | Find problems in code — code review, plan critique, or finding verification. Never writes application code. Use when: reviewing implementation, challenging a plan, or verifying audit/review findings. |
|
|
366
|
+
| `performance-auditor` | Performance auditor agent. Detects stack, researches current perf issues, runs deep audit, writes PERF_REPORT.md. Never edits application code. Use when: auditing perf before ship or on demand. |
|
|
367
|
+
| `planner` | Planning agent. Decomposes research into atomic tasks with wave grouping. Use when: research.md is complete and needs to be broken into a plan. |
|
|
368
|
+
| `researcher` | Research agent. Analyzes codebase or web for alternatives and context before planning. In /frame:research acts as codebase-scout or web-scout subagent. Use when: exploring options or gathering context. |
|
|
369
|
+
| `reviewer` | Review agent. Checks code against spec, runs quality gates, security analysis. In /frame:review panel acts as the Spec Compliance reviewer. Use when: implementation is complete and needs review before ship. |
|
|
370
|
+
| `security` | Security auditor agent. Scans code for vulnerabilities, secrets, OWASP violations. When used in /frame:audit produces security-category report; when used in /frame:review panel produces diff-scoped findings. Never edits application code. |
|
|
371
|
+
| `tests-reviewer` | Review agent for wave-team. Checks test coverage and quality of a single task's git diff. Returns PASS/WARN/FAIL verdict. |
|
|
372
|
+
<!-- AGENTS:END -->
|
|
373
|
+
|
|
369
374
|
## Hooks
|
|
370
375
|
|
|
371
|
-
FRAME installs
|
|
376
|
+
FRAME installs 5 hooks into `.claude/hooks/`. They run automatically.
|
|
372
377
|
|
|
373
378
|
| Hook | Trigger | What it does | To disable |
|
|
374
379
|
|------|---------|--------------|------------|
|
|
375
|
-
| `safety-net.sh` | Before Bash | Blocks `rm -rf` and `DROP TABLE/DATABASE` | Remove from `.claude/settings.
|
|
376
|
-
| `git-safety.sh` | Before Bash | Blocks force push, `reset --hard`, warns on `git add -A` | Remove from `.claude/settings.
|
|
377
|
-
| `quality-gate.sh` | After file write | Runs typecheck + lint on changed file | Remove from `.claude/settings.
|
|
378
|
-
| `session-init.sh` | Session start | Shows current phase/task; full context dump if away > 24h | Remove from `.claude/settings.
|
|
380
|
+
| `safety-net.sh` | Before Bash | Blocks `rm -rf` and `DROP TABLE/DATABASE` | Remove from `.claude/settings.json` |
|
|
381
|
+
| `git-safety.sh` | Before Bash | Blocks force push, `reset --hard`, warns on `git add -A` | Remove from `.claude/settings.json` |
|
|
382
|
+
| `quality-gate.sh` | After file write | Runs typecheck + lint on changed file | Remove from `.claude/settings.json` |
|
|
383
|
+
| `session-init.sh` | Session start | Shows current phase/task; full context dump if away > 24h | Remove from `.claude/settings.json` |
|
|
384
|
+
| `pre-compact.sh` | Before context compaction | Saves timestamp to STATE.md before context is compressed | Remove from `.claude/settings.json` |
|
|
379
385
|
|
|
380
386
|
## Configuration
|
|
381
387
|
|
|
@@ -409,21 +415,32 @@ npx the-frame-ai version # Show CLI version
|
|
|
409
415
|
|
|
410
416
|
```
|
|
411
417
|
.claude/
|
|
412
|
-
commands/ #
|
|
413
|
-
agents/ #
|
|
414
|
-
hooks/ #
|
|
418
|
+
commands/ # 28 FRAME commands
|
|
419
|
+
agents/ # 10 AI agents
|
|
420
|
+
hooks/ # 5 safety hooks
|
|
415
421
|
.frame/
|
|
416
422
|
config.json # FRAME configuration
|
|
417
423
|
.planning/
|
|
418
424
|
STATE.md # Current position
|
|
419
425
|
MAP.md # Project map
|
|
420
426
|
ROADMAP.md # Roadmap
|
|
421
|
-
memory/ # Project memory
|
|
427
|
+
memory/ # Project memory (context, conventions, dependencies, learnings)
|
|
422
428
|
specs/ # Feature specs
|
|
423
|
-
|
|
424
|
-
|
|
429
|
+
reports/
|
|
430
|
+
audit/ # Audit reports (security, performance, deps, etc.)
|
|
425
431
|
```
|
|
426
432
|
|
|
433
|
+
## Breaking Changes in v0.14.0
|
|
434
|
+
|
|
435
|
+
- **`/frame:security`** removed → use `/frame:audit security` or `/frame:audit`
|
|
436
|
+
- **`/frame:performance`** removed → use `/frame:audit performance` or `/frame:audit`
|
|
437
|
+
- **`/frame:check-deps`** removed → use `/frame:audit deps`
|
|
438
|
+
- **`/frame:estimate`** removed → estimates are now per-task fields in plan.md
|
|
439
|
+
- **`/frame:headless`** removed → use `claude -p "/frame:build {feature}"` directly
|
|
440
|
+
- **`/frame:build --parallel`** removed → build reads `Parallel:` labels from plan.md automatically
|
|
441
|
+
- **`/frame:build --review-team`** removed → inline review team replaced by `/frame:review` panel
|
|
442
|
+
- Reports moved: `.planning/reports/security/` and `.planning/reports/performance/` → `.planning/reports/audit/`
|
|
443
|
+
|
|
427
444
|
## License
|
|
428
445
|
|
|
429
446
|
MIT
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "the-frame-ai",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.14.0",
|
|
4
4
|
"description": "FRAME — Framework for AI-Assisted Solo Development",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -38,6 +38,8 @@
|
|
|
38
38
|
"node": ">=18.0.0"
|
|
39
39
|
},
|
|
40
40
|
"scripts": {
|
|
41
|
-
"test": "node --test test/*.test.js"
|
|
41
|
+
"test": "node --test test/*.test.js",
|
|
42
|
+
"gen-readme": "node scripts/gen-readme-tables.js",
|
|
43
|
+
"check-readme": "node scripts/gen-readme-tables.js --check"
|
|
42
44
|
}
|
|
43
45
|
}
|
package/src/cli.js
CHANGED
|
@@ -8,29 +8,27 @@ const HELP = `
|
|
|
8
8
|
FRAME — Framework for AI-Assisted Solo Development v${VERSION}
|
|
9
9
|
|
|
10
10
|
Usage:
|
|
11
|
-
the-frame init [target-dir] Install FRAME into a project
|
|
12
|
-
the-frame update [target-dir] Update FRAME files in a project
|
|
13
|
-
the-frame doctor [target-dir] Check FRAME installation health
|
|
14
|
-
the-frame version Show CLI version
|
|
15
|
-
the-frame help Show this help message
|
|
11
|
+
the-frame-ai init [target-dir] Install FRAME into a project
|
|
12
|
+
the-frame-ai update [target-dir] Update FRAME files in a project
|
|
13
|
+
the-frame-ai doctor [target-dir] Check FRAME installation health
|
|
14
|
+
the-frame-ai version Show CLI version
|
|
15
|
+
the-frame-ai help Show this help message
|
|
16
16
|
|
|
17
17
|
Options:
|
|
18
18
|
--lang <code> Set response language (e.g. en, ru, zh). Overrides FRAME_LANG env var.
|
|
19
19
|
--dry-run (update only) Show what would be updated without making changes.
|
|
20
|
-
--copilot (update only) Enable GitHub Copilot Chat support (adds .vscode/*.prompt.md).
|
|
21
20
|
|
|
22
21
|
Examples:
|
|
23
|
-
npx the-frame init Install in current directory
|
|
24
|
-
npx the-frame init ../my-app Install in specific directory
|
|
25
|
-
npx the-frame init --lang ru Install with Russian language preset
|
|
26
|
-
npx the-frame update Update in current directory
|
|
27
|
-
npx the-frame update --dry-run Preview update without applying
|
|
28
|
-
npx the-frame
|
|
29
|
-
npx the-frame doctor Check health in current directory
|
|
22
|
+
npx the-frame-ai init Install in current directory
|
|
23
|
+
npx the-frame-ai init ../my-app Install in specific directory
|
|
24
|
+
npx the-frame-ai init --lang ru Install with Russian language preset
|
|
25
|
+
npx the-frame-ai update Update in current directory
|
|
26
|
+
npx the-frame-ai update --dry-run Preview update without applying
|
|
27
|
+
npx the-frame-ai doctor Check health in current directory
|
|
30
28
|
`;
|
|
31
29
|
|
|
32
30
|
function parseFlags(args) {
|
|
33
|
-
const flags = { lang: null, dryRun: false, yes: false
|
|
31
|
+
const flags = { lang: null, dryRun: false, yes: false };
|
|
34
32
|
const rest = [];
|
|
35
33
|
for (let i = 0; i < args.length; i++) {
|
|
36
34
|
if (args[i] === '--lang' && args[i + 1]) {
|
|
@@ -39,8 +37,6 @@ function parseFlags(args) {
|
|
|
39
37
|
flags.dryRun = true;
|
|
40
38
|
} else if (args[i] === '--yes' || args[i] === '-y') {
|
|
41
39
|
flags.yes = true;
|
|
42
|
-
} else if (args[i] === '--copilot') {
|
|
43
|
-
flags.copilot = true;
|
|
44
40
|
} else {
|
|
45
41
|
rest.push(args[i]);
|
|
46
42
|
}
|
package/src/doctor.js
CHANGED
|
@@ -16,10 +16,9 @@ const REQUIRED_FILES = [
|
|
|
16
16
|
'CLAUDE.md',
|
|
17
17
|
'.frame/config.json',
|
|
18
18
|
'.frame/.frame-version',
|
|
19
|
-
'.claude/settings.
|
|
19
|
+
'.claude/settings.json',
|
|
20
20
|
'.planning/STATE.md',
|
|
21
21
|
'.planning/MAP.md',
|
|
22
|
-
'.planning/pause-state.json',
|
|
23
22
|
];
|
|
24
23
|
|
|
25
24
|
const HOOK_FILES = [
|
|
@@ -161,4 +160,6 @@ export async function doctor(target) {
|
|
|
161
160
|
if (warnings > 0) logWarn(`${warnings} warning(s) found`);
|
|
162
161
|
}
|
|
163
162
|
log('');
|
|
163
|
+
|
|
164
|
+
return { errors, warnings };
|
|
164
165
|
}
|