dpnmw/agents
1
0
Fork 0
mirror of https://github.com/wshobson/agents.git synced 2026-03-18 09:37:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Consolidate workflows and tools from commands repository

Browse Source 
Repository Restructure:
- Move all 83 agent .md files to agents/ subdirectory
- Add 15 workflow orchestrators from commands repo to workflows/
- Add 42 development tools from commands repo to tools/
- Update README for unified repository structure

This prepares the repository for unified plugin marketplace integration.
The commands repository functionality is now fully integrated, providing
complete workflow orchestration and development tooling alongside agents.

Directory Structure:
- agents/    - 83 specialized AI agents
- workflows/ - 15 multi-agent orchestration commands
- tools/     - 42 focused development utilities

No breaking changes to agent functionality - all agents remain accessible
with same names and behavior. Adds workflow and tool commands for enhanced
multi-agent coordination capabilities.
This commit is contained in:
Seth Hobson
2025-10-08 08:25:17 -04:00
parent a80cfd0f53
commit ce7a5938c1
143 changed files with 37154 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1234
tools/accessibility-audit.md Normal file
View File

File diff suppressed because it is too large Load Diff

1236
tools/ai-assistant.md Normal file
View File

File diff suppressed because it is too large Load Diff

67
tools/ai-review.md Normal file
View File

@@ -0,0 +1,67 @@
---
model: claude-sonnet-4-0
---
# AI/ML Code Review
Perform a specialized AI/ML code review for: $ARGUMENTS
Conduct comprehensive review focusing on:
1. **Model Code Quality**:
- Reproducibility checks
- Random seed management
- Data leakage detection
- Train/test split validation
- Feature engineering clarity
2. **AI Best Practices**:
- Prompt injection prevention
- Token limit handling
- Cost optimization
- Fallback strategies
- Timeout management
3. **Data Handling**:
- Privacy compliance (PII handling)
- Data versioning
- Preprocessing consistency
- Batch processing efficiency
- Memory optimization
4. **Model Management**:
- Version control for models
- A/B testing setup
- Rollback capabilities
- Performance benchmarks
- Drift detection
5. **LLM-Specific Checks**:
- Context window management
- Prompt template security
- Response validation
- Streaming implementation
- Rate limit handling
6. **Vector Database Review**:
- Embedding consistency
- Index optimization
- Query performance
- Metadata management
- Backup strategies
7. **Production Readiness**:
- GPU/CPU optimization
- Batching strategies
- Caching implementation
- Monitoring hooks
- Error recovery
8. **Testing Coverage**:
- Unit tests for preprocessing
- Integration tests for pipelines
- Model performance tests
- Edge case handling
- Mocked LLM responses
Provide specific recommendations with severity levels (Critical/High/Medium/Low). Include code examples for improvements and links to relevant best practices.

1324
tools/api-mock.md Normal file
View File

File diff suppressed because it is too large Load Diff

1776
tools/api-scaffold.md Normal file
View File

File diff suppressed because it is too large Load Diff

812
tools/code-explain.md Normal file
View File

@@ -0,0 +1,812 @@
---
model: claude-sonnet-4-0
---
# Code Explanation and Analysis
You are a code education expert specializing in explaining complex code through clear narratives, visual diagrams, and step-by-step breakdowns. Transform difficult concepts into understandable explanations for developers at all levels.
## Context
The user needs help understanding complex code sections, algorithms, design patterns, or system architectures. Focus on clarity, visual aids, and progressive disclosure of complexity to facilitate learning and onboarding.
## Requirements
$ARGUMENTS
## Instructions
### 1. Code Comprehension Analysis
Analyze the code to determine complexity and structure:
**Code Complexity Assessment**
```python
import ast
import re
from typing import Dict, List, Tuple
class CodeAnalyzer:
def analyze_complexity(self, code: str) -> Dict:
"""
Analyze code complexity and structure
"""
analysis = {
'complexity_score': 0,
'concepts': [],
'patterns': [],
'dependencies': [],
'difficulty_level': 'beginner'
}
# Parse code structure
try:
tree = ast.parse(code)
# Analyze complexity metrics
analysis['metrics'] = {
'lines_of_code': len(code.splitlines()),
'cyclomatic_complexity': self._calculate_cyclomatic_complexity(tree),
'nesting_depth': self._calculate_max_nesting(tree),
'function_count': len([n for n in ast.walk(tree) if isinstance(n, ast.FunctionDef)]),
'class_count': len([n for n in ast.walk(tree) if isinstance(n, ast.ClassDef)])
}
# Identify concepts used
analysis['concepts'] = self._identify_concepts(tree)
# Detect design patterns
analysis['patterns'] = self._detect_patterns(tree)
# Extract dependencies
analysis['dependencies'] = self._extract_dependencies(tree)
# Determine difficulty level
analysis['difficulty_level'] = self._assess_difficulty(analysis)
except SyntaxError as e:
analysis['parse_error'] = str(e)
return analysis
def _identify_concepts(self, tree) -> List[str]:
"""
Identify programming concepts used in the code
"""
concepts = []
for node in ast.walk(tree):
# Async/await
if isinstance(node, (ast.AsyncFunctionDef, ast.AsyncWith, ast.AsyncFor)):
concepts.append('asynchronous programming')
# Decorators
elif isinstance(node, ast.FunctionDef) and node.decorator_list:
concepts.append('decorators')
# Context managers
elif isinstance(node, ast.With):
concepts.append('context managers')
# Generators
elif isinstance(node, ast.Yield):
concepts.append('generators')
# List/Dict/Set comprehensions
elif isinstance(node, (ast.ListComp, ast.DictComp, ast.SetComp)):
concepts.append('comprehensions')
# Lambda functions
elif isinstance(node, ast.Lambda):
concepts.append('lambda functions')
# Exception handling
elif isinstance(node, ast.Try):
concepts.append('exception handling')
return list(set(concepts))
```
### 2. Visual Explanation Generation
Create visual representations of code flow:
**Flow Diagram Generation**
```python
class VisualExplainer:
def generate_flow_diagram(self, code_structure):
"""
Generate Mermaid diagram showing code flow
"""
diagram = "```mermaid\nflowchart TD\n"
# Example: Function call flow
if code_structure['type'] == 'function_flow':
nodes = []
edges = []
for i, func in enumerate(code_structure['functions']):
node_id = f"F{i}"
nodes.append(f" {node_id}[{func['name']}]")
# Add function details
if func.get('parameters'):
nodes.append(f" {node_id}_params[/{', '.join(func['parameters'])}/]")
edges.append(f" {node_id}_params --> {node_id}")
# Add return value
if func.get('returns'):
nodes.append(f" {node_id}_return[{func['returns']}]")
edges.append(f" {node_id} --> {node_id}_return")
# Connect to called functions
for called in func.get('calls', []):
called_id = f"F{code_structure['function_map'][called]}"
edges.append(f" {node_id} --> {called_id}")
diagram += "\n".join(nodes) + "\n"
diagram += "\n".join(edges) + "\n"
diagram += "```"
return diagram
def generate_class_diagram(self, classes):
"""
Generate UML-style class diagram
"""
diagram = "```mermaid\nclassDiagram\n"
for cls in classes:
# Class definition
diagram += f" class {cls['name']} {{\n"
# Attributes
for attr in cls.get('attributes', []):
visibility = '+' if attr['public'] else '-'
diagram += f" {visibility}{attr['name']} : {attr['type']}\n"
# Methods
for method in cls.get('methods', []):
visibility = '+' if method['public'] else '-'
params = ', '.join(method.get('params', []))
diagram += f" {visibility}{method['name']}({params}) : {method['returns']}\n"
diagram += " }\n"
# Relationships
if cls.get('inherits'):
diagram += f" {cls['inherits']} <|-- {cls['name']}\n"
for composition in cls.get('compositions', []):
diagram += f" {cls['name']} *-- {composition}\n"
diagram += "```"
return diagram
```
### 3. Step-by-Step Explanation
Break down complex code into digestible steps:
**Progressive Explanation**
```python
def generate_step_by_step_explanation(self, code, analysis):
"""
Create progressive explanation from simple to complex
"""
explanation = {
'overview': self._generate_overview(code, analysis),
'steps': [],
'deep_dive': [],
'examples': []
}
# Level 1: High-level overview
explanation['overview'] = f"""
## What This Code Does
{self._summarize_purpose(code, analysis)}
**Key Concepts**: {', '.join(analysis['concepts'])}
**Difficulty Level**: {analysis['difficulty_level'].capitalize()}
"""
# Level 2: Step-by-step breakdown
if analysis.get('functions'):
for i, func in enumerate(analysis['functions']):
step = f"""
### Step {i+1}: {func['name']}
**Purpose**: {self._explain_function_purpose(func)}
**How it works**:
"""
# Break down function logic
for j, logic_step in enumerate(self._analyze_function_logic(func)):
step += f"{j+1}. {logic_step}\n"
# Add visual flow if complex
if func['complexity'] > 5:
step += f"\n{self._generate_function_flow(func)}\n"
explanation['steps'].append(step)
# Level 3: Deep dive into complex parts
for concept in analysis['concepts']:
deep_dive = self._explain_concept(concept, code)
explanation['deep_dive'].append(deep_dive)
return explanation
def _explain_concept(self, concept, code):
"""
Explain programming concept with examples
"""
explanations = {
'decorators': '''
## Understanding Decorators
Decorators are a way to modify or enhance functions without changing their code directly.
**Simple Analogy**: Think of a decorator like gift wrapping - it adds something extra around the original item.
**How it works**:
```python
# This decorator:
@timer
def slow_function():
time.sleep(1)
# Is equivalent to:
def slow_function():
time.sleep(1)
slow_function = timer(slow_function)
```
**In this code**: The decorator is used to {specific_use_in_code}
''',
'generators': '''
## Understanding Generators
Generators produce values one at a time, saving memory by not creating all values at once.
**Simple Analogy**: Like a ticket dispenser that gives one ticket at a time, rather than printing all tickets upfront.
**How it works**:
```python
# Generator function
def count_up_to(n):
i = 0
while i < n:
yield i # Produces one value and pauses
i += 1
# Using the generator
for num in count_up_to(5):
print(num) # Prints 0, 1, 2, 3, 4
```
**In this code**: The generator is used to {specific_use_in_code}
'''
}
return explanations.get(concept, f"Explanation for {concept}")
```
### 4. Algorithm Visualization
Visualize algorithm execution:
**Algorithm Step Visualization**
```python
class AlgorithmVisualizer:
def visualize_sorting_algorithm(self, algorithm_name, array):
"""
Create step-by-step visualization of sorting algorithm
"""
steps = []
if algorithm_name == 'bubble_sort':
steps.append("""
## Bubble Sort Visualization
**Initial Array**: [5, 2, 8, 1, 9]
### How Bubble Sort Works:
1. Compare adjacent elements
2. Swap if they're in wrong order
3. Repeat until no swaps needed
### Step-by-Step Execution:
""")
# Simulate bubble sort with visualization
arr = array.copy()
n = len(arr)
for i in range(n):
swapped = False
step_viz = f"\n**Pass {i+1}**:\n"
for j in range(0, n-i-1):
# Show comparison
step_viz += f"Compare [{arr[j]}] and [{arr[j+1]}]: "
if arr[j] > arr[j+1]:
arr[j], arr[j+1] = arr[j+1], arr[j]
step_viz += f"Swap → {arr}\n"
swapped = True
else:
step_viz += "No swap needed\n"
steps.append(step_viz)
if not swapped:
steps.append(f"\n✅ Array is sorted: {arr}")
break
return '\n'.join(steps)
def visualize_recursion(self, func_name, example_input):
"""
Visualize recursive function calls
"""
viz = f"""
## Recursion Visualization: {func_name}
### Call Stack Visualization:
```
{func_name}({example_input})
├─> Base case check: {example_input} == 0? No
├─> Recursive call: {func_name}({example_input - 1})
│ │
│ ├─> Base case check: {example_input - 1} == 0? No
│ ├─> Recursive call: {func_name}({example_input - 2})
│ │ │
│ │ ├─> Base case check: 1 == 0? No
│ │ ├─> Recursive call: {func_name}(0)
│ │ │ │
│ │ │ └─> Base case: Return 1
│ │ │
│ │ └─> Return: 1 * 1 = 1
│ │
│ └─> Return: 2 * 1 = 2
└─> Return: 3 * 2 = 6
```
**Final Result**: {func_name}({example_input}) = 6
"""
return viz
```
### 5. Interactive Examples
Generate interactive examples for better understanding:
**Code Playground Examples**
```python
def generate_interactive_examples(self, concept):
"""
Create runnable examples for concepts
"""
examples = {
'error_handling': '''
## Try It Yourself: Error Handling
### Example 1: Basic Try-Except
```python
def safe_divide(a, b):
try:
result = a / b
print(f"{a} / {b} = {result}")
return result
except ZeroDivisionError:
print("Error: Cannot divide by zero!")
return None
except TypeError:
print("Error: Please provide numbers only!")
return None
finally:
print("Division attempt completed")
# Test cases - try these:
safe_divide(10, 2) # Success case
safe_divide(10, 0) # Division by zero
safe_divide(10, "2") # Type error
```
### Example 2: Custom Exceptions
```python
class ValidationError(Exception):
"""Custom exception for validation errors"""
pass
def validate_age(age):
try:
age = int(age)
if age < 0:
raise ValidationError("Age cannot be negative")
if age > 150:
raise ValidationError("Age seems unrealistic")
return age
except ValueError:
raise ValidationError("Age must be a number")
# Try these examples:
try:
validate_age(25) # Valid
validate_age(-5) # Negative age
validate_age("abc") # Not a number
except ValidationError as e:
print(f"Validation failed: {e}")
```
### Exercise: Implement Your Own
Try implementing a function that:
1. Takes a list of numbers
2. Returns their average
3. Handles empty lists
4. Handles non-numeric values
5. Uses appropriate exception handling
''',
'async_programming': '''
## Try It Yourself: Async Programming
### Example 1: Basic Async/Await
```python
import asyncio
import time
async def slow_operation(name, duration):
print(f"{name} started...")
await asyncio.sleep(duration)
print(f"{name} completed after {duration}s")
return f"{name} result"
async def main():
# Sequential execution (slow)
start = time.time()
await slow_operation("Task 1", 2)
await slow_operation("Task 2", 2)
print(f"Sequential time: {time.time() - start:.2f}s")
# Concurrent execution (fast)
start = time.time()
results = await asyncio.gather(
slow_operation("Task 3", 2),
slow_operation("Task 4", 2)
)
print(f"Concurrent time: {time.time() - start:.2f}s")
print(f"Results: {results}")
# Run it:
asyncio.run(main())
```
### Example 2: Real-world Async Pattern
```python
async def fetch_data(url):
"""Simulate API call"""
await asyncio.sleep(1) # Simulate network delay
return f"Data from {url}"
async def process_urls(urls):
tasks = [fetch_data(url) for url in urls]
results = await asyncio.gather(*tasks)
return results
# Try with different URLs:
urls = ["api.example.com/1", "api.example.com/2", "api.example.com/3"]
results = asyncio.run(process_urls(urls))
print(results)
```
'''
}
return examples.get(concept, "No example available")
```
### 6. Design Pattern Explanation
Explain design patterns found in code:
**Pattern Recognition and Explanation**
```python
class DesignPatternExplainer:
def explain_pattern(self, pattern_name, code_example):
"""
Explain design pattern with diagrams and examples
"""
patterns = {
'singleton': '''
## Singleton Pattern
### What is it?
The Singleton pattern ensures a class has only one instance and provides global access to it.
### When to use it?
- Database connections
- Configuration managers
- Logging services
- Cache managers
### Visual Representation:
```mermaid
classDiagram
class Singleton {
-instance: Singleton
-__init__()
+getInstance(): Singleton
}
Singleton --> Singleton : returns same instance
```
### Implementation in this code:
{code_analysis}
### Benefits:
✅ Controlled access to single instance
✅ Reduced namespace pollution
✅ Permits refinement of operations
### Drawbacks:
❌ Can make unit testing difficult
❌ Violates Single Responsibility Principle
❌ Can hide dependencies
### Alternative Approaches:
1. Dependency Injection
2. Module-level singleton
3. Borg pattern
''',
'observer': '''
## Observer Pattern
### What is it?
The Observer pattern defines a one-to-many dependency between objects so that when one object changes state, all dependents are notified.
### When to use it?
- Event handling systems
- Model-View architectures
- Distributed event handling
### Visual Representation:
```mermaid
classDiagram
class Subject {
+attach(Observer)
+detach(Observer)
+notify()
}
class Observer {
+update()
}
class ConcreteSubject {
-state
+getState()
+setState()
}
class ConcreteObserver {
-subject
+update()
}
Subject <|-- ConcreteSubject
Observer <|-- ConcreteObserver
ConcreteSubject --> Observer : notifies
ConcreteObserver --> ConcreteSubject : observes
```
### Implementation in this code:
{code_analysis}
### Real-world Example:
```python
# Newsletter subscription system
class Newsletter:
def __init__(self):
self._subscribers = []
self._latest_article = None
def subscribe(self, subscriber):
self._subscribers.append(subscriber)
def unsubscribe(self, subscriber):
self._subscribers.remove(subscriber)
def publish_article(self, article):
self._latest_article = article
self._notify_subscribers()
def _notify_subscribers(self):
for subscriber in self._subscribers:
subscriber.update(self._latest_article)
class EmailSubscriber:
def __init__(self, email):
self.email = email
def update(self, article):
print(f"Sending email to {self.email}: New article - {article}")
```
'''
}
return patterns.get(pattern_name, "Pattern explanation not available")
```
### 7. Common Pitfalls and Best Practices
Highlight potential issues and improvements:
**Code Review Insights**
```python
def analyze_common_pitfalls(self, code):
"""
Identify common mistakes and suggest improvements
"""
issues = []
# Check for common Python pitfalls
pitfall_patterns = [
{
'pattern': r'except:',
'issue': 'Bare except clause',
'severity': 'high',
'explanation': '''
## ⚠️ Bare Except Clause
**Problem**: `except:` catches ALL exceptions, including system exits and keyboard interrupts.
**Why it's bad**:
- Hides programming errors
- Makes debugging difficult
- Can catch exceptions you didn't intend to handle
**Better approach**:
```python
# Bad
try:
risky_operation()
except:
print("Something went wrong")
# Good
try:
risky_operation()
except (ValueError, TypeError) as e:
print(f"Expected error: {e}")
except Exception as e:
logger.error(f"Unexpected error: {e}")
raise
```
'''
},
{
'pattern': r'def.*\(\s*\):.*global',
'issue': 'Global variable usage',
'severity': 'medium',
'explanation': '''
## ⚠️ Global Variable Usage
**Problem**: Using global variables makes code harder to test and reason about.
**Better approaches**:
1. Pass as parameter
2. Use class attributes
3. Use dependency injection
4. Return values instead
**Example refactor**:
```python
# Bad
count = 0
def increment():
global count
count += 1
# Good
class Counter:
def __init__(self):
self.count = 0
def increment(self):
self.count += 1
return self.count
```
'''
}
]
for pitfall in pitfall_patterns:
if re.search(pitfall['pattern'], code):
issues.append(pitfall)
return issues
```
### 8. Learning Path Recommendations
Suggest resources for deeper understanding:
**Personalized Learning Path**
```python
def generate_learning_path(self, analysis):
"""
Create personalized learning recommendations
"""
learning_path = {
'current_level': analysis['difficulty_level'],
'identified_gaps': [],
'recommended_topics': [],
'resources': []
}
# Identify knowledge gaps
if 'async' in analysis['concepts'] and analysis['difficulty_level'] == 'beginner':
learning_path['identified_gaps'].append('Asynchronous programming fundamentals')
learning_path['recommended_topics'].extend([
'Event loops',
'Coroutines vs threads',
'Async/await syntax',
'Concurrent programming patterns'
])
# Add resources
learning_path['resources'] = [
{
'topic': 'Async Programming',
'type': 'tutorial',
'title': 'Async IO in Python: A Complete Walkthrough',
'url': 'https://realpython.com/async-io-python/',
'difficulty': 'intermediate',
'time_estimate': '45 minutes'
},
{
'topic': 'Design Patterns',
'type': 'book',
'title': 'Head First Design Patterns',
'difficulty': 'beginner-friendly',
'format': 'visual learning'
}
]
# Create structured learning plan
learning_path['structured_plan'] = f"""
## Your Personalized Learning Path
### Week 1-2: Fundamentals
- Review basic concepts: {', '.join(learning_path['recommended_topics'][:2])}
- Complete exercises on each topic
- Build a small project using these concepts
### Week 3-4: Applied Learning
- Study the patterns in this codebase
- Refactor a simple version yourself
- Compare your approach with the original
### Week 5-6: Advanced Topics
- Explore edge cases and optimizations
- Learn about alternative approaches
- Contribute to open source projects using these patterns
### Practice Projects:
1. **Beginner**: {self._suggest_beginner_project(analysis)}
2. **Intermediate**: {self._suggest_intermediate_project(analysis)}
3. **Advanced**: {self._suggest_advanced_project(analysis)}
"""
return learning_path
```
## Output Format
1. **Complexity Analysis**: Overview of code complexity and concepts used
2. **Visual Diagrams**: Flow charts, class diagrams, and execution visualizations
3. **Step-by-Step Breakdown**: Progressive explanation from simple to complex
4. **Interactive Examples**: Runnable code samples to experiment with
5. **Common Pitfalls**: Issues to avoid with explanations
6. **Best Practices**: Improved approaches and patterns
7. **Learning Resources**: Curated resources for deeper understanding
8. **Practice Exercises**: Hands-on challenges to reinforce learning
Focus on making complex code accessible through clear explanations, visual aids, and practical examples that build understanding progressively.

1052
tools/code-migrate.md Normal file
View File

File diff suppressed because it is too large Load Diff

946
tools/compliance-check.md Normal file
View File

@@ -0,0 +1,946 @@
---
model: claude-sonnet-4-0
---
# Regulatory Compliance Check
You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform comprehensive compliance audits and provide implementation guidance for achieving and maintaining compliance.
## Context
The user needs to ensure their application meets regulatory requirements and industry standards. Focus on practical implementation of compliance controls, automated monitoring, and audit trail generation.
## Requirements
$ARGUMENTS
## Instructions
### 1. Compliance Framework Analysis
Identify applicable regulations and standards:
**Regulatory Mapping**
```python
class ComplianceAnalyzer:
def __init__(self):
self.regulations = {
'GDPR': {
'scope': 'EU data protection',
'applies_if': [
'Processing EU residents data',
'Offering goods/services to EU',
'Monitoring EU residents behavior'
],
'key_requirements': [
'Privacy by design',
'Data minimization',
'Right to erasure',
'Data portability',
'Consent management',
'DPO appointment',
'Privacy notices',
'Data breach notification (72hrs)'
]
},
'HIPAA': {
'scope': 'Healthcare data protection (US)',
'applies_if': [
'Healthcare providers',
'Health plan providers',
'Healthcare clearinghouses',
'Business associates'
],
'key_requirements': [
'PHI encryption',
'Access controls',
'Audit logs',
'Business Associate Agreements',
'Risk assessments',
'Employee training',
'Incident response',
'Physical safeguards'
]
},
'SOC2': {
'scope': 'Service organization controls',
'applies_if': [
'SaaS providers',
'Data processors',
'Cloud services'
],
'trust_principles': [
'Security',
'Availability',
'Processing integrity',
'Confidentiality',
'Privacy'
]
},
'PCI-DSS': {
'scope': 'Payment card data security',
'applies_if': [
'Accept credit/debit cards',
'Process card payments',
'Store card data',
'Transmit card data'
],
'compliance_levels': {
'Level 1': '>6M transactions/year',
'Level 2': '1M-6M transactions/year',
'Level 3': '20K-1M transactions/year',
'Level 4': '<20K transactions/year'
}
}
}
def determine_applicable_regulations(self, business_info):
"""
Determine which regulations apply based on business context
"""
applicable = []
# Check each regulation
for reg_name, reg_info in self.regulations.items():
if self._check_applicability(business_info, reg_info):
applicable.append({
'regulation': reg_name,
'reason': self._get_applicability_reason(business_info, reg_info),
'priority': self._calculate_priority(business_info, reg_name)
})
return sorted(applicable, key=lambda x: x['priority'], reverse=True)
```
### 2. Data Privacy Compliance
Implement privacy controls:
**GDPR Implementation**
```python
class GDPRCompliance:
def implement_privacy_controls(self):
"""
Implement GDPR-required privacy controls
"""
controls = {}
# 1. Consent Management
controls['consent_management'] = '''
class ConsentManager:
def __init__(self):
self.consent_types = [
'marketing_emails',
'analytics_tracking',
'third_party_sharing',
'profiling'
]
def record_consent(self, user_id, consent_type, granted):
"""
Record user consent with full audit trail
"""
consent_record = {
'user_id': user_id,
'consent_type': consent_type,
'granted': granted,
'timestamp': datetime.utcnow(),
'ip_address': request.remote_addr,
'user_agent': request.headers.get('User-Agent'),
'version': self.get_current_privacy_policy_version(),
'method': 'explicit_checkbox' # Not pre-ticked
}
# Store in append-only audit log
self.consent_audit_log.append(consent_record)
# Update current consent status
self.update_user_consents(user_id, consent_type, granted)
return consent_record
def verify_consent(self, user_id, consent_type):
"""
Verify if user has given consent for specific processing
"""
consent = self.get_user_consent(user_id, consent_type)
return consent and consent['granted'] and not consent.get('withdrawn')
'''
# 2. Right to Erasure (Right to be Forgotten)
controls['right_to_erasure'] = '''
class DataErasureService:
def process_erasure_request(self, user_id, verification_token):
"""
Process GDPR Article 17 erasure request
"""
# Verify request authenticity
if not self.verify_erasure_token(user_id, verification_token):
raise ValueError("Invalid erasure request")
erasure_log = {
'user_id': user_id,
'requested_at': datetime.utcnow(),
'data_categories': []
}
# 1. Personal data
self.erase_user_profile(user_id)
erasure_log['data_categories'].append('profile')
# 2. User-generated content (anonymize instead of delete)
self.anonymize_user_content(user_id)
erasure_log['data_categories'].append('content_anonymized')
# 3. Analytics data
self.remove_from_analytics(user_id)
erasure_log['data_categories'].append('analytics')
# 4. Backup data (schedule deletion)
self.schedule_backup_deletion(user_id)
erasure_log['data_categories'].append('backups_scheduled')
# 5. Notify third parties
self.notify_processors_of_erasure(user_id)
# Keep minimal record for legal compliance
self.store_erasure_record(erasure_log)
return {
'status': 'completed',
'erasure_id': erasure_log['id'],
'categories_erased': erasure_log['data_categories']
}
'''
# 3. Data Portability
controls['data_portability'] = '''
class DataPortabilityService:
def export_user_data(self, user_id, format='json'):
"""
GDPR Article 20 - Data portability
"""
user_data = {
'export_date': datetime.utcnow().isoformat(),
'user_id': user_id,
'format_version': '2.0',
'data': {}
}
# Collect all user data
user_data['data']['profile'] = self.get_user_profile(user_id)
user_data['data']['preferences'] = self.get_user_preferences(user_id)
user_data['data']['content'] = self.get_user_content(user_id)
user_data['data']['activity'] = self.get_user_activity(user_id)
user_data['data']['consents'] = self.get_consent_history(user_id)
# Format based on request
if format == 'json':
return json.dumps(user_data, indent=2)
elif format == 'csv':
return self.convert_to_csv(user_data)
elif format == 'xml':
return self.convert_to_xml(user_data)
'''
return controls
**Privacy by Design**
```python
# Implement privacy by design principles
class PrivacyByDesign:
def implement_data_minimization(self):
"""
Collect only necessary data
"""
# Before (collecting too much)
bad_user_model = {
'email': str,
'password': str,
'full_name': str,
'date_of_birth': date,
'ssn': str, # Unnecessary
'address': str, # Unnecessary for basic service
'phone': str, # Unnecessary
'gender': str, # Unnecessary
'income': int # Unnecessary
}
# After (data minimization)
good_user_model = {
'email': str, # Required for authentication
'password_hash': str, # Never store plain text
'display_name': str, # Optional, user-provided
'created_at': datetime,
'last_login': datetime
}
return good_user_model
def implement_pseudonymization(self):
"""
Replace identifying fields with pseudonyms
"""
def pseudonymize_record(record):
# Generate consistent pseudonym
user_pseudonym = hashlib.sha256(
f"{record['user_id']}{SECRET_SALT}".encode()
).hexdigest()[:16]
return {
'pseudonym': user_pseudonym,
'data': {
# Remove direct identifiers
'age_group': self._get_age_group(record['age']),
'region': self._get_region(record['ip_address']),
'activity': record['activity_data']
}
}
```
### 3. Security Compliance
Implement security controls for various standards:
**SOC2 Security Controls**
```python
class SOC2SecurityControls:
def implement_access_controls(self):
"""
SOC2 CC6.1 - Logical and physical access controls
"""
controls = {
'authentication': '''
# Multi-factor authentication
class MFAEnforcement:
def enforce_mfa(self, user, resource_sensitivity):
if resource_sensitivity == 'high':
return self.require_mfa(user)
elif resource_sensitivity == 'medium' and user.is_admin:
return self.require_mfa(user)
return self.standard_auth(user)
def require_mfa(self, user):
factors = []
# Factor 1: Password (something you know)
factors.append(self.verify_password(user))
# Factor 2: TOTP/SMS (something you have)
if user.mfa_method == 'totp':
factors.append(self.verify_totp(user))
elif user.mfa_method == 'sms':
factors.append(self.verify_sms_code(user))
# Factor 3: Biometric (something you are) - optional
if user.biometric_enabled:
factors.append(self.verify_biometric(user))
return all(factors)
''',
'authorization': '''
# Role-based access control
class RBACAuthorization:
def __init__(self):
self.roles = {
'admin': ['read', 'write', 'delete', 'admin'],
'user': ['read', 'write:own'],
'viewer': ['read']
}
def check_permission(self, user, resource, action):
user_permissions = self.get_user_permissions(user)
# Check explicit permissions
if action in user_permissions:
return True
# Check ownership-based permissions
if f"{action}:own" in user_permissions:
return self.user_owns_resource(user, resource)
# Log denied access attempt
self.log_access_denied(user, resource, action)
return False
''',
'encryption': '''
# Encryption at rest and in transit
class EncryptionControls:
def __init__(self):
self.kms = KeyManagementService()
def encrypt_at_rest(self, data, classification):
if classification == 'sensitive':
# Use envelope encryption
dek = self.kms.generate_data_encryption_key()
encrypted_data = self.encrypt_with_key(data, dek)
encrypted_dek = self.kms.encrypt_key(dek)
return {
'data': encrypted_data,
'encrypted_key': encrypted_dek,
'algorithm': 'AES-256-GCM',
'key_id': self.kms.get_current_key_id()
}
def configure_tls(self):
return {
'min_version': 'TLS1.2',
'ciphers': [
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES128-GCM-SHA256'
],
'hsts': 'max-age=31536000; includeSubDomains',
'certificate_pinning': True
}
'''
}
return controls
```
### 4. Audit Logging and Monitoring
Implement comprehensive audit trails:
**Audit Log System**
```python
class ComplianceAuditLogger:
def __init__(self):
self.required_events = {
'authentication': [
'login_success',
'login_failure',
'logout',
'password_change',
'mfa_enabled',
'mfa_disabled'
],
'authorization': [
'access_granted',
'access_denied',
'permission_changed',
'role_assigned',
'role_revoked'
],
'data_access': [
'data_viewed',
'data_exported',
'data_modified',
'data_deleted',
'bulk_operation'
],
'compliance': [
'consent_given',
'consent_withdrawn',
'data_request',
'data_erasure',
'privacy_settings_changed'
]
}
def log_event(self, event_type, details):
"""
Create tamper-proof audit log entry
"""
log_entry = {
'id': str(uuid.uuid4()),
'timestamp': datetime.utcnow().isoformat(),
'event_type': event_type,
'user_id': details.get('user_id'),
'ip_address': self._get_ip_address(),
'user_agent': request.headers.get('User-Agent'),
'session_id': session.get('id'),
'details': details,
'compliance_flags': self._get_compliance_flags(event_type)
}
# Add integrity check
log_entry['checksum'] = self._calculate_checksum(log_entry)
# Store in immutable log
self._store_audit_log(log_entry)
# Real-time alerting for critical events
if self._is_critical_event(event_type):
self._send_security_alert(log_entry)
return log_entry
def _calculate_checksum(self, entry):
"""
Create tamper-evident checksum
"""
# Include previous entry hash for blockchain-like integrity
previous_hash = self._get_previous_entry_hash()
content = json.dumps(entry, sort_keys=True)
return hashlib.sha256(
f"{previous_hash}{content}{SECRET_KEY}".encode()
).hexdigest()
```
**Compliance Reporting**
```python
def generate_compliance_report(self, regulation, period):
"""
Generate compliance report for auditors
"""
report = {
'regulation': regulation,
'period': period,
'generated_at': datetime.utcnow(),
'sections': {}
}
if regulation == 'GDPR':
report['sections'] = {
'data_processing_activities': self._get_processing_activities(period),
'consent_metrics': self._get_consent_metrics(period),
'data_requests': {
'access_requests': self._count_access_requests(period),
'erasure_requests': self._count_erasure_requests(period),
'portability_requests': self._count_portability_requests(period),
'response_times': self._calculate_response_times(period)
},
'data_breaches': self._get_breach_reports(period),
'third_party_processors': self._list_processors(),
'privacy_impact_assessments': self._get_dpias(period)
}
elif regulation == 'HIPAA':
report['sections'] = {
'access_controls': self._audit_access_controls(period),
'phi_access_log': self._get_phi_access_log(period),
'risk_assessments': self._get_risk_assessments(period),
'training_records': self._get_training_compliance(period),
'business_associates': self._list_bas_with_agreements(),
'incident_response': self._get_incident_reports(period)
}
return report
```
### 5. Healthcare Compliance (HIPAA)
Implement HIPAA-specific controls:
**PHI Protection**
```python
class HIPAACompliance:
def protect_phi(self):
"""
Implement HIPAA safeguards for Protected Health Information
"""
# Technical Safeguards
technical_controls = {
'access_control': '''
class PHIAccessControl:
def __init__(self):
self.minimum_necessary_rule = True
def grant_phi_access(self, user, patient_id, purpose):
"""
Implement minimum necessary standard
"""
# Verify legitimate purpose
if not self._verify_treatment_relationship(user, patient_id, purpose):
self._log_denied_access(user, patient_id, purpose)
raise PermissionError("No treatment relationship")
# Grant limited access based on role and purpose
access_scope = self._determine_access_scope(user.role, purpose)
# Time-limited access
access_token = {
'user_id': user.id,
'patient_id': patient_id,
'scope': access_scope,
'purpose': purpose,
'expires_at': datetime.utcnow() + timedelta(hours=24),
'audit_id': str(uuid.uuid4())
}
# Log all access
self._log_phi_access(access_token)
return access_token
''',
'encryption': '''
class PHIEncryption:
def encrypt_phi_at_rest(self, phi_data):
"""
HIPAA-compliant encryption for PHI
"""
# Use FIPS 140-2 validated encryption
encryption_config = {
'algorithm': 'AES-256-CBC',
'key_derivation': 'PBKDF2',
'iterations': 100000,
'validation': 'FIPS-140-2-Level-2'
}
# Encrypt PHI fields
encrypted_phi = {}
for field, value in phi_data.items():
if self._is_phi_field(field):
encrypted_phi[field] = self._encrypt_field(value, encryption_config)
else:
encrypted_phi[field] = value
return encrypted_phi
def secure_phi_transmission(self):
"""
Secure PHI during transmission
"""
return {
'protocols': ['TLS 1.2+'],
'vpn_required': True,
'email_encryption': 'S/MIME or PGP required',
'fax_alternative': 'Secure messaging portal'
}
'''
}
# Administrative Safeguards
admin_controls = {
'workforce_training': '''
class HIPAATraining:
def track_training_compliance(self, employee):
"""
Ensure workforce HIPAA training compliance
"""
required_modules = [
'HIPAA Privacy Rule',
'HIPAA Security Rule',
'PHI Handling Procedures',
'Breach Notification',
'Patient Rights',
'Minimum Necessary Standard'
]
training_status = {
'employee_id': employee.id,
'completed_modules': [],
'pending_modules': [],
'last_training_date': None,
'next_due_date': None
}
for module in required_modules:
completion = self._check_module_completion(employee.id, module)
if completion and completion['date'] > datetime.now() - timedelta(days=365):
training_status['completed_modules'].append(module)
else:
training_status['pending_modules'].append(module)
return training_status
'''
}
return {
'technical': technical_controls,
'administrative': admin_controls
}
```
### 6. Payment Card Compliance (PCI-DSS)
Implement PCI-DSS requirements:
**PCI-DSS Controls**
```python
class PCIDSSCompliance:
def implement_pci_controls(self):
"""
Implement PCI-DSS v4.0 requirements
"""
controls = {
'cardholder_data_protection': '''
class CardDataProtection:
def __init__(self):
# Never store these
self.prohibited_data = ['cvv', 'cvv2', 'cvc2', 'cid', 'pin', 'pin_block']
def handle_card_data(self, card_info):
"""
PCI-DSS compliant card data handling
"""
# Immediately tokenize
token = self.tokenize_card(card_info)
# If must store, only store allowed fields
stored_data = {
'token': token,
'last_four': card_info['number'][-4:],
'exp_month': card_info['exp_month'],
'exp_year': card_info['exp_year'],
'cardholder_name': self._encrypt(card_info['name'])
}
# Never log full card number
self._log_transaction(token, 'XXXX-XXXX-XXXX-' + stored_data['last_four'])
return stored_data
def tokenize_card(self, card_info):
"""
Replace PAN with token
"""
# Use payment processor tokenization
response = payment_processor.tokenize({
'number': card_info['number'],
'exp_month': card_info['exp_month'],
'exp_year': card_info['exp_year']
})
return response['token']
''',
'network_segmentation': '''
# Network segmentation for PCI compliance
class PCINetworkSegmentation:
def configure_network_zones(self):
"""
Implement network segmentation
"""
zones = {
'cde': { # Cardholder Data Environment
'description': 'Systems that process, store, or transmit CHD',
'controls': [
'Firewall required',
'IDS/IPS monitoring',
'No direct internet access',
'Quarterly vulnerability scans',
'Annual penetration testing'
]
},
'dmz': {
'description': 'Public-facing systems',
'controls': [
'Web application firewall',
'No CHD storage allowed',
'Regular security scanning'
]
},
'internal': {
'description': 'Internal corporate network',
'controls': [
'Segmented from CDE',
'Limited CDE access',
'Standard security controls'
]
}
}
return zones
''',
'vulnerability_management': '''
class PCIVulnerabilityManagement:
def quarterly_scan_requirements(self):
"""
PCI-DSS quarterly scan requirements
"""
scan_config = {
'internal_scans': {
'frequency': 'quarterly',
'scope': 'all CDE systems',
'tool': 'PCI-approved scanning vendor',
'passing_criteria': 'No high-risk vulnerabilities'
},
'external_scans': {
'frequency': 'quarterly',
'performed_by': 'ASV (Approved Scanning Vendor)',
'scope': 'All external-facing IP addresses',
'passing_criteria': 'Clean scan with no failures'
},
'remediation_timeline': {
'critical': '24 hours',
'high': '7 days',
'medium': '30 days',
'low': '90 days'
}
}
return scan_config
'''
}
return controls
```
### 7. Continuous Compliance Monitoring
Set up automated compliance monitoring:
**Compliance Dashboard**
```python
class ComplianceDashboard:
def generate_realtime_dashboard(self):
"""
Real-time compliance status dashboard
"""
dashboard = {
'timestamp': datetime.utcnow(),
'overall_compliance_score': 0,
'regulations': {}
}
# GDPR Compliance Metrics
dashboard['regulations']['GDPR'] = {
'score': self.calculate_gdpr_score(),
'status': 'COMPLIANT',
'metrics': {
'consent_rate': '87%',
'data_requests_sla': '98% within 30 days',
'privacy_policy_version': '2.1',
'last_dpia': '2025-06-15',
'encryption_coverage': '100%',
'third_party_agreements': '12/12 signed'
},
'issues': [
{
'severity': 'medium',
'issue': 'Cookie consent banner update needed',
'due_date': '2025-08-01'
}
]
}
# HIPAA Compliance Metrics
dashboard['regulations']['HIPAA'] = {
'score': self.calculate_hipaa_score(),
'status': 'NEEDS_ATTENTION',
'metrics': {
'risk_assessment_current': True,
'workforce_training_compliance': '94%',
'baa_agreements': '8/8 current',
'encryption_status': 'All PHI encrypted',
'access_reviews': 'Completed 2025-06-30',
'incident_response_tested': '2025-05-15'
},
'issues': [
{
'severity': 'high',
'issue': '3 employees overdue for training',
'due_date': '2025-07-25'
}
]
}
return dashboard
```
**Automated Compliance Checks**
```yaml
# .github/workflows/compliance-check.yml
name: Compliance Checks
on:
push:
branches: [main, develop]
pull_request:
schedule:
- cron: '0 0 * * *' # Daily compliance check
jobs:
compliance-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: GDPR Compliance Check
run: |
python scripts/compliance/gdpr_checker.py
- name: Security Headers Check
run: |
python scripts/compliance/security_headers.py
- name: Dependency License Check
run: |
license-checker --onlyAllow 'MIT;Apache-2.0;BSD-3-Clause;ISC'
- name: PII Detection Scan
run: |
# Scan for hardcoded PII
python scripts/compliance/pii_scanner.py
- name: Encryption Verification
run: |
# Verify all sensitive data is encrypted
python scripts/compliance/encryption_checker.py
- name: Generate Compliance Report
if: always()
run: |
python scripts/compliance/generate_report.py > compliance-report.json
- name: Upload Compliance Report
uses: actions/upload-artifact@v3
with:
name: compliance-report
path: compliance-report.json
```
### 8. Compliance Documentation
Generate required documentation:
**Privacy Policy Generator**
```python
def generate_privacy_policy(company_info, data_practices):
"""
Generate GDPR-compliant privacy policy
"""
policy = f"""
# Privacy Policy
**Last Updated**: {datetime.now().strftime('%B %d, %Y')}
## 1. Data Controller
{company_info['name']}
{company_info['address']}
Email: {company_info['privacy_email']}
DPO: {company_info.get('dpo_contact', 'privacy@company.com')}
## 2. Data We Collect
{generate_data_collection_section(data_practices['data_types'])}
## 3. Legal Basis for Processing
{generate_legal_basis_section(data_practices['purposes'])}
## 4. Your Rights
Under GDPR, you have the following rights:
- Right to access your personal data
- Right to rectification
- Right to erasure ('right to be forgotten')
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision making
## 5. Data Retention
{generate_retention_policy(data_practices['retention_periods'])}
## 6. International Transfers
{generate_transfer_section(data_practices['international_transfers'])}
## 7. Contact Us
To exercise your rights, contact: {company_info['privacy_email']}
"""
return policy
```
## Output Format
1. **Compliance Assessment**: Current compliance status across all applicable regulations
2. **Gap Analysis**: Specific areas needing attention with severity ratings
3. **Implementation Plan**: Prioritized roadmap for achieving compliance
4. **Technical Controls**: Code implementations for required controls
5. **Policy Templates**: Privacy policies, consent forms, and notices
6. **Audit Procedures**: Scripts for continuous compliance monitoring
7. **Documentation**: Required records and evidence for auditors
8. **Training Materials**: Workforce compliance training resources
Focus on practical implementation that balances compliance requirements with business operations and user experience.

1597
tools/config-validate.md Normal file
View File

File diff suppressed because it is too large Load Diff

70
tools/context-restore.md Normal file
View File

@@ -0,0 +1,70 @@
---
model: claude-sonnet-4-0
---
Restore saved project context for agent coordination:
[Extended thinking: This tool uses the context-manager agent to restore previously saved project context, enabling continuity across sessions and providing agents with comprehensive project knowledge.]
## Context Restoration Process
Use Task tool with subagent_type="context-manager" to restore and apply saved context.
Prompt: "Restore project context for: $ARGUMENTS. Perform the following:
1. **Locate Saved Context**
- Find the most recent or specified context version
- Validate context integrity
- Check compatibility with current codebase
2. **Load Context Components**
- Project overview and goals
- Architectural decisions and rationale
- Technology stack and patterns
- Previous agent work and findings
- Known issues and roadmap
3. **Apply Context**
- Set up working environment based on context
- Restore project-specific configurations
- Load coding conventions and patterns
- Prepare agent coordination history
4. **Validate Restoration**
- Verify context applies to current code state
- Identify any conflicts or outdated information
- Flag areas that may need updates
5. **Prepare Summary**
- Key points from restored context
- Important decisions and patterns
- Recent work and current focus
- Suggested next steps
Return a comprehensive summary of the restored context and any issues encountered."
## Context Integration
The restored context will:
- Inform all subsequent agent invocations
- Maintain consistency with past decisions
- Provide historical knowledge to agents
- Enable seamless work continuation
## Usage Scenarios
Use context restoration when:
- Starting work after a break
- Switching between projects
- Onboarding to an existing project
- Needing historical project knowledge
- Coordinating complex multi-agent workflows
## Additional Options
- Restore specific context version: Include version timestamp
- Partial restoration: Restore only specific components
- Merge contexts: Combine multiple context versions
- Diff contexts: Compare current state with saved context
Context to restore: $ARGUMENTS

70
tools/context-save.md Normal file
View File

@@ -0,0 +1,70 @@
---
model: claude-sonnet-4-0
---
Save current project context for future agent coordination:
[Extended thinking: This tool uses the context-manager agent to capture and preserve project state, decisions, and patterns. This enables better continuity across sessions and improved agent coordination.]
## Context Capture Process
Use Task tool with subagent_type="context-manager" to save comprehensive project context.
Prompt: "Save comprehensive project context for: $ARGUMENTS. Capture:
1. **Project Overview**
- Project goals and objectives
- Key architectural decisions
- Technology stack and dependencies
- Team conventions and patterns
2. **Current State**
- Recently implemented features
- Work in progress
- Known issues and technical debt
- Performance baselines
3. **Design Decisions**
- Architectural choices and rationale
- API design patterns
- Database schema decisions
- Security implementations
4. **Code Patterns**
- Coding conventions used
- Common patterns and abstractions
- Testing strategies
- Error handling approaches
5. **Agent Coordination History**
- Which agents worked on what
- Successful agent combinations
- Agent-specific context and findings
- Cross-agent dependencies
6. **Future Roadmap**
- Planned features
- Identified improvements
- Technical debt to address
- Performance optimization opportunities
Save this context in a structured format that can be easily restored and used by future agent invocations."
## Context Storage
The context will be saved to `.claude/context/` with:
- Timestamp-based versioning
- Structured JSON/Markdown format
- Easy restoration capabilities
- Context diffing between versions
## Usage Scenarios
This saved context enables:
- Resuming work after breaks
- Onboarding new team members
- Maintaining consistency across agent invocations
- Preserving architectural decisions
- Tracking project evolution
Context to save: $ARGUMENTS

1451
tools/cost-optimize.md Normal file
View File

File diff suppressed because it is too large Load Diff

60
tools/data-pipeline.md Normal file
View File

@@ -0,0 +1,60 @@
---
model: claude-sonnet-4-0
---
# Data Pipeline Architecture
Design and implement a scalable data pipeline for: $ARGUMENTS
Create a production-ready data pipeline including:
1. **Data Ingestion**:
- Multiple source connectors (APIs, databases, files, streams)
- Schema evolution handling
- Incremental/batch loading
- Data quality checks at ingestion
- Dead letter queue for failures
2. **Transformation Layer**:
- ETL/ELT architecture decision
- Apache Beam/Spark transformations
- Data cleansing and normalization
- Feature engineering pipeline
- Business logic implementation
3. **Orchestration**:
- Airflow/Prefect DAGs
- Dependency management
- Retry and failure handling
- SLA monitoring
- Dynamic pipeline generation
4. **Storage Strategy**:
- Data lake architecture
- Partitioning strategy
- Compression choices
- Retention policies
- Hot/cold storage tiers
5. **Streaming Pipeline**:
- Kafka/Kinesis integration
- Real-time processing
- Windowing strategies
- Late data handling
- Exactly-once semantics
6. **Data Quality**:
- Automated testing
- Data profiling
- Anomaly detection
- Lineage tracking
- Quality metrics and dashboards
7. **Performance & Scale**:
- Horizontal scaling
- Resource optimization
- Caching strategies
- Query optimization
- Cost management
Include monitoring, alerting, and data governance considerations. Make it cloud-agnostic with specific implementation examples for AWS/GCP/Azure.

60
tools/data-validation.md Normal file
View File

@@ -0,0 +1,60 @@
---
model: claude-sonnet-4-0
---
# Data Validation Pipeline
Create a comprehensive data validation system for: $ARGUMENTS
Implement validation including:
1. **Schema Validation**:
- Pydantic models for structure
- JSON Schema generation
- Type checking and coercion
- Nested object validation
- Custom validators
2. **Data Quality Checks**:
- Null/missing value handling
- Outlier detection
- Statistical validation
- Business rule enforcement
- Referential integrity
3. **Data Profiling**:
- Automatic type inference
- Distribution analysis
- Cardinality checks
- Pattern detection
- Anomaly identification
4. **Validation Rules**:
- Field-level constraints
- Cross-field validation
- Temporal consistency
- Format validation (email, phone, etc.)
- Custom business logic
5. **Error Handling**:
- Detailed error messages
- Error categorization
- Partial validation support
- Error recovery strategies
- Validation reports
6. **Performance**:
- Streaming validation
- Batch processing
- Parallel validation
- Caching strategies
- Incremental validation
7. **Integration**:
- API endpoint validation
- Database constraints
- Message queue validation
- File upload validation
- Real-time validation
Include data quality metrics, monitoring dashboards, and alerting. Make it extensible for custom validation rules.

1896
tools/db-migrate.md Normal file
View File

File diff suppressed because it is too large Load Diff

1317
tools/debug-trace.md Normal file
View File

File diff suppressed because it is too large Load Diff

75
tools/deploy-checklist.md Normal file
View File

@@ -0,0 +1,75 @@
---
model: claude-sonnet-4-0
---
# Deployment Checklist and Configuration
Generate deployment configuration and checklist for: $ARGUMENTS
Create comprehensive deployment artifacts:
1. **Pre-Deployment Checklist**:
- [ ] All tests passing
- [ ] Security scan completed
- [ ] Performance benchmarks met
- [ ] Documentation updated
- [ ] Database migrations tested
- [ ] Rollback plan documented
- [ ] Monitoring alerts configured
- [ ] Load testing completed
2. **Infrastructure Configuration**:
- Docker/containerization setup
- Kubernetes manifests
- Terraform/IaC scripts
- Environment variables
- Secrets management
- Network policies
- Auto-scaling rules
3. **CI/CD Pipeline**:
- GitHub Actions/GitLab CI
- Build optimization
- Test parallelization
- Security scanning
- Image building
- Deployment stages
- Rollback automation
4. **Database Deployment**:
- Migration scripts
- Backup procedures
- Connection pooling
- Read replica setup
- Failover configuration
- Data seeding
- Version compatibility
5. **Monitoring Setup**:
- Application metrics
- Infrastructure metrics
- Log aggregation
- Error tracking
- Uptime monitoring
- Custom dashboards
- Alert channels
6. **Security Configuration**:
- SSL/TLS setup
- API key rotation
- CORS policies
- Rate limiting
- WAF rules
- Security headers
- Vulnerability scanning
7. **Post-Deployment**:
- [ ] Smoke tests
- [ ] Performance validation
- [ ] Monitoring verification
- [ ] Documentation published
- [ ] Team notification
- [ ] Customer communication
- [ ] Metrics baseline
Include environment-specific configurations (dev, staging, prod) and disaster recovery procedures.

776
tools/deps-audit.md Normal file
View File

@@ -0,0 +1,776 @@
---
model: claude-sonnet-4-0
---
# Dependency Audit and Security Analysis
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
## Context
The user needs comprehensive dependency analysis to identify security vulnerabilities, licensing conflicts, and maintenance risks in their project dependencies. Focus on actionable insights with automated fixes where possible.
## Requirements
$ARGUMENTS
## Instructions
### 1. Dependency Discovery
Scan and inventory all project dependencies:
**Multi-Language Detection**
```python
import os
import json
import toml
import yaml
from pathlib import Path
class DependencyDiscovery:
def __init__(self, project_path):
self.project_path = Path(project_path)
self.dependency_files = {
'npm': ['package.json', 'package-lock.json', 'yarn.lock'],
'python': ['requirements.txt', 'Pipfile', 'Pipfile.lock', 'pyproject.toml', 'poetry.lock'],
'ruby': ['Gemfile', 'Gemfile.lock'],
'java': ['pom.xml', 'build.gradle', 'build.gradle.kts'],
'go': ['go.mod', 'go.sum'],
'rust': ['Cargo.toml', 'Cargo.lock'],
'php': ['composer.json', 'composer.lock'],
'dotnet': ['*.csproj', 'packages.config', 'project.json']
}
def discover_all_dependencies(self):
"""
Discover all dependencies across different package managers
"""
dependencies = {}
# NPM/Yarn dependencies
if (self.project_path / 'package.json').exists():
dependencies['npm'] = self._parse_npm_dependencies()
# Python dependencies
if (self.project_path / 'requirements.txt').exists():
dependencies['python'] = self._parse_requirements_txt()
elif (self.project_path / 'Pipfile').exists():
dependencies['python'] = self._parse_pipfile()
elif (self.project_path / 'pyproject.toml').exists():
dependencies['python'] = self._parse_pyproject_toml()
# Go dependencies
if (self.project_path / 'go.mod').exists():
dependencies['go'] = self._parse_go_mod()
return dependencies
def _parse_npm_dependencies(self):
"""
Parse NPM package.json and lock files
"""
with open(self.project_path / 'package.json', 'r') as f:
package_json = json.load(f)
deps = {}
# Direct dependencies
for dep_type in ['dependencies', 'devDependencies', 'peerDependencies']:
if dep_type in package_json:
for name, version in package_json[dep_type].items():
deps[name] = {
'version': version,
'type': dep_type,
'direct': True
}
# Parse lock file for exact versions
if (self.project_path / 'package-lock.json').exists():
with open(self.project_path / 'package-lock.json', 'r') as f:
lock_data = json.load(f)
self._parse_npm_lock(lock_data, deps)
return deps
```
**Dependency Tree Analysis**
```python
def build_dependency_tree(dependencies):
"""
Build complete dependency tree including transitive dependencies
"""
tree = {
'root': {
'name': 'project',
'version': '1.0.0',
'dependencies': {}
}
}
def add_dependencies(node, deps, visited=None):
if visited is None:
visited = set()
for dep_name, dep_info in deps.items():
if dep_name in visited:
# Circular dependency detected
node['dependencies'][dep_name] = {
'circular': True,
'version': dep_info['version']
}
continue
visited.add(dep_name)
node['dependencies'][dep_name] = {
'version': dep_info['version'],
'type': dep_info.get('type', 'runtime'),
'dependencies': {}
}
# Recursively add transitive dependencies
if 'dependencies' in dep_info:
add_dependencies(
node['dependencies'][dep_name],
dep_info['dependencies'],
visited.copy()
)
add_dependencies(tree['root'], dependencies)
return tree
```
### 2. Vulnerability Scanning
Check dependencies against vulnerability databases:
**CVE Database Check**
```python
import requests
from datetime import datetime
class VulnerabilityScanner:
def __init__(self):
self.vulnerability_apis = {
'npm': 'https://registry.npmjs.org/-/npm/v1/security/advisories/bulk',
'pypi': 'https://pypi.org/pypi/{package}/json',
'rubygems': 'https://rubygems.org/api/v1/gems/{package}.json',
'maven': 'https://ossindex.sonatype.org/api/v3/component-report'
}
def scan_vulnerabilities(self, dependencies):
"""
Scan dependencies for known vulnerabilities
"""
vulnerabilities = []
for package_name, package_info in dependencies.items():
vulns = self._check_package_vulnerabilities(
package_name,
package_info['version'],
package_info.get('ecosystem', 'npm')
)
if vulns:
vulnerabilities.extend(vulns)
return self._analyze_vulnerabilities(vulnerabilities)
def _check_package_vulnerabilities(self, name, version, ecosystem):
"""
Check specific package for vulnerabilities
"""
if ecosystem == 'npm':
return self._check_npm_vulnerabilities(name, version)
elif ecosystem == 'pypi':
return self._check_python_vulnerabilities(name, version)
elif ecosystem == 'maven':
return self._check_java_vulnerabilities(name, version)
def _check_npm_vulnerabilities(self, name, version):
"""
Check NPM package vulnerabilities
"""
# Using npm audit API
response = requests.post(
'https://registry.npmjs.org/-/npm/v1/security/advisories/bulk',
json={name: [version]}
)
vulnerabilities = []
if response.status_code == 200:
data = response.json()
if name in data:
for advisory in data[name]:
vulnerabilities.append({
'package': name,
'version': version,
'severity': advisory['severity'],
'title': advisory['title'],
'cve': advisory.get('cves', []),
'description': advisory['overview'],
'recommendation': advisory['recommendation'],
'patched_versions': advisory['patched_versions'],
'published': advisory['created']
})
return vulnerabilities
```
**Severity Analysis**
```python
def analyze_vulnerability_severity(vulnerabilities):
"""
Analyze and prioritize vulnerabilities by severity
"""
severity_scores = {
'critical': 9.0,
'high': 7.0,
'moderate': 4.0,
'low': 1.0
}
analysis = {
'total': len(vulnerabilities),
'by_severity': {
'critical': [],
'high': [],
'moderate': [],
'low': []
},
'risk_score': 0,
'immediate_action_required': []
}
for vuln in vulnerabilities:
severity = vuln['severity'].lower()
analysis['by_severity'][severity].append(vuln)
# Calculate risk score
base_score = severity_scores.get(severity, 0)
# Adjust score based on factors
if vuln.get('exploit_available', False):
base_score *= 1.5
if vuln.get('publicly_disclosed', True):
base_score *= 1.2
if 'remote_code_execution' in vuln.get('description', '').lower():
base_score *= 2.0
vuln['risk_score'] = base_score
analysis['risk_score'] += base_score
# Flag immediate action items
if severity in ['critical', 'high'] or base_score > 8.0:
analysis['immediate_action_required'].append({
'package': vuln['package'],
'severity': severity,
'action': f"Update to {vuln['patched_versions']}"
})
# Sort by risk score
for severity in analysis['by_severity']:
analysis['by_severity'][severity].sort(
key=lambda x: x.get('risk_score', 0),
reverse=True
)
return analysis
```
### 3. License Compliance
Analyze dependency licenses for compatibility:
**License Detection**
```python
class LicenseAnalyzer:
def __init__(self):
self.license_compatibility = {
'MIT': ['MIT', 'BSD', 'Apache-2.0', 'ISC'],
'Apache-2.0': ['Apache-2.0', 'MIT', 'BSD'],
'GPL-3.0': ['GPL-3.0', 'GPL-2.0'],
'BSD-3-Clause': ['BSD-3-Clause', 'MIT', 'Apache-2.0'],
'proprietary': []
}
self.license_restrictions = {
'GPL-3.0': 'Copyleft - requires source code disclosure',
'AGPL-3.0': 'Strong copyleft - network use requires source disclosure',
'proprietary': 'Cannot be used without explicit license',
'unknown': 'License unclear - legal review required'
}
def analyze_licenses(self, dependencies, project_license='MIT'):
"""
Analyze license compatibility
"""
issues = []
license_summary = {}
for package_name, package_info in dependencies.items():
license_type = package_info.get('license', 'unknown')
# Track license usage
if license_type not in license_summary:
license_summary[license_type] = []
license_summary[license_type].append(package_name)
# Check compatibility
if not self._is_compatible(project_license, license_type):
issues.append({
'package': package_name,
'license': license_type,
'issue': f'Incompatible with project license {project_license}',
'severity': 'high',
'recommendation': self._get_license_recommendation(
license_type,
project_license
)
})
# Check for restrictive licenses
if license_type in self.license_restrictions:
issues.append({
'package': package_name,
'license': license_type,
'issue': self.license_restrictions[license_type],
'severity': 'medium',
'recommendation': 'Review usage and ensure compliance'
})
return {
'summary': license_summary,
'issues': issues,
'compliance_status': 'FAIL' if issues else 'PASS'
}
```
**License Report**
```markdown
## License Compliance Report
### Summary
- **Project License**: MIT
- **Total Dependencies**: 245
- **License Issues**: 3
- **Compliance Status**: ⚠️ REVIEW REQUIRED
### License Distribution
| License | Count | Packages |
|---------|-------|----------|
| MIT | 180 | express, lodash, ... |
| Apache-2.0 | 45 | aws-sdk, ... |
| BSD-3-Clause | 15 | ... |
| GPL-3.0 | 3 | [ISSUE] package1, package2, package3 |
| Unknown | 2 | [ISSUE] mystery-lib, old-package |
### Compliance Issues
#### High Severity
1. **GPL-3.0 Dependencies**
- Packages: package1, package2, package3
- Issue: GPL-3.0 is incompatible with MIT license
- Risk: May require open-sourcing your entire project
- Recommendation:
- Replace with MIT/Apache licensed alternatives
- Or change project license to GPL-3.0
#### Medium Severity
2. **Unknown Licenses**
- Packages: mystery-lib, old-package
- Issue: Cannot determine license compatibility
- Risk: Potential legal exposure
- Recommendation:
- Contact package maintainers
- Review source code for license information
- Consider replacing with known alternatives
```
### 4. Outdated Dependencies
Identify and prioritize dependency updates:
**Version Analysis**
```python
def analyze_outdated_dependencies(dependencies):
"""
Check for outdated dependencies
"""
outdated = []
for package_name, package_info in dependencies.items():
current_version = package_info['version']
latest_version = fetch_latest_version(package_name, package_info['ecosystem'])
if is_outdated(current_version, latest_version):
# Calculate how outdated
version_diff = calculate_version_difference(current_version, latest_version)
outdated.append({
'package': package_name,
'current': current_version,
'latest': latest_version,
'type': version_diff['type'], # major, minor, patch
'releases_behind': version_diff['count'],
'age_days': get_version_age(package_name, current_version),
'breaking_changes': version_diff['type'] == 'major',
'update_effort': estimate_update_effort(version_diff),
'changelog': fetch_changelog(package_name, current_version, latest_version)
})
return prioritize_updates(outdated)
def prioritize_updates(outdated_deps):
"""
Prioritize updates based on multiple factors
"""
for dep in outdated_deps:
score = 0
# Security updates get highest priority
if dep.get('has_security_fix', False):
score += 100
# Major version updates
if dep['type'] == 'major':
score += 20
elif dep['type'] == 'minor':
score += 10
else:
score += 5
# Age factor
if dep['age_days'] > 365:
score += 30
elif dep['age_days'] > 180:
score += 20
elif dep['age_days'] > 90:
score += 10
# Number of releases behind
score += min(dep['releases_behind'] * 2, 20)
dep['priority_score'] = score
dep['priority'] = 'critical' if score > 80 else 'high' if score > 50 else 'medium'
return sorted(outdated_deps, key=lambda x: x['priority_score'], reverse=True)
```
### 5. Dependency Size Analysis
Analyze bundle size impact:
**Bundle Size Impact**
```javascript
// Analyze NPM package sizes
const analyzeBundleSize = async (dependencies) => {
const sizeAnalysis = {
totalSize: 0,
totalGzipped: 0,
packages: [],
recommendations: []
};
for (const [packageName, info] of Object.entries(dependencies)) {
try {
// Fetch package stats
const response = await fetch(
`https://bundlephobia.com/api/size?package=${packageName}@${info.version}`
);
const data = await response.json();
const packageSize = {
name: packageName,
version: info.version,
size: data.size,
gzip: data.gzip,
dependencyCount: data.dependencyCount,
hasJSNext: data.hasJSNext,
hasSideEffects: data.hasSideEffects
};
sizeAnalysis.packages.push(packageSize);
sizeAnalysis.totalSize += data.size;
sizeAnalysis.totalGzipped += data.gzip;
// Size recommendations
if (data.size > 1000000) { // 1MB
sizeAnalysis.recommendations.push({
package: packageName,
issue: 'Large bundle size',
size: `${(data.size / 1024 / 1024).toFixed(2)} MB`,
suggestion: 'Consider lighter alternatives or lazy loading'
});
}
} catch (error) {
console.error(`Failed to analyze ${packageName}:`, error);
}
}
// Sort by size
sizeAnalysis.packages.sort((a, b) => b.size - a.size);
// Add top offenders
sizeAnalysis.topOffenders = sizeAnalysis.packages.slice(0, 10);
return sizeAnalysis;
};
```
### 6. Supply Chain Security
Check for dependency hijacking and typosquatting:
**Supply Chain Checks**
```python
def check_supply_chain_security(dependencies):
"""
Perform supply chain security checks
"""
security_issues = []
for package_name, package_info in dependencies.items():
# Check for typosquatting
typo_check = check_typosquatting(package_name)
if typo_check['suspicious']:
security_issues.append({
'type': 'typosquatting',
'package': package_name,
'severity': 'high',
'similar_to': typo_check['similar_packages'],
'recommendation': 'Verify package name spelling'
})
# Check maintainer changes
maintainer_check = check_maintainer_changes(package_name)
if maintainer_check['recent_changes']:
security_issues.append({
'type': 'maintainer_change',
'package': package_name,
'severity': 'medium',
'details': maintainer_check['changes'],
'recommendation': 'Review recent package changes'
})
# Check for suspicious patterns
if contains_suspicious_patterns(package_info):
security_issues.append({
'type': 'suspicious_behavior',
'package': package_name,
'severity': 'high',
'patterns': package_info['suspicious_patterns'],
'recommendation': 'Audit package source code'
})
return security_issues
def check_typosquatting(package_name):
"""
Check if package name might be typosquatting
"""
common_packages = [
'react', 'express', 'lodash', 'axios', 'webpack',
'babel', 'jest', 'typescript', 'eslint', 'prettier'
]
for legit_package in common_packages:
distance = levenshtein_distance(package_name.lower(), legit_package)
if 0 < distance <= 2: # Close but not exact match
return {
'suspicious': True,
'similar_packages': [legit_package],
'distance': distance
}
return {'suspicious': False}
```
### 7. Automated Remediation
Generate automated fixes:
**Update Scripts**
```bash
#!/bin/bash
# Auto-update dependencies with security fixes
echo "🔒 Security Update Script"
echo "========================"
# NPM/Yarn updates
if [ -f "package.json" ]; then
echo "📦 Updating NPM dependencies..."
# Audit and auto-fix
npm audit fix --force
# Update specific vulnerable packages
npm update package1@^2.0.0 package2@~3.1.0
# Run tests
npm test
if [ $? -eq 0 ]; then
echo "✅ NPM updates successful"
else
echo "❌ Tests failed, reverting..."
git checkout package-lock.json
fi
fi
# Python updates
if [ -f "requirements.txt" ]; then
echo "🐍 Updating Python dependencies..."
# Create backup
cp requirements.txt requirements.txt.backup
# Update vulnerable packages
pip-compile --upgrade-package package1 --upgrade-package package2
# Test installation
pip install -r requirements.txt --dry-run
if [ $? -eq 0 ]; then
echo "✅ Python updates successful"
else
echo "❌ Update failed, reverting..."
mv requirements.txt.backup requirements.txt
fi
fi
```
**Pull Request Generation**
```python
def generate_dependency_update_pr(updates):
"""
Generate PR with dependency updates
"""
pr_body = f"""
## 🔒 Dependency Security Update
This PR updates {len(updates)} dependencies to address security vulnerabilities and outdated packages.
### Security Fixes ({sum(1 for u in updates if u['has_security'])})
| Package | Current | Updated | Severity | CVE |
|---------|---------|---------|----------|-----|
"""
for update in updates:
if update['has_security']:
pr_body += f"| {update['package']} | {update['current']} | {update['target']} | {update['severity']} | {', '.join(update['cves'])} |\n"
pr_body += """
### Other Updates
| Package | Current | Updated | Type | Age |
|---------|---------|---------|------|-----|
"""
for update in updates:
if not update['has_security']:
pr_body += f"| {update['package']} | {update['current']} | {update['target']} | {update['type']} | {update['age_days']} days |\n"
pr_body += """
### Testing
- [ ] All tests pass
- [ ] No breaking changes identified
- [ ] Bundle size impact reviewed
### Review Checklist
- [ ] Security vulnerabilities addressed
- [ ] License compliance maintained
- [ ] No unexpected dependencies added
- [ ] Performance impact assessed
cc @security-team
"""
return {
'title': f'chore(deps): Security update for {len(updates)} dependencies',
'body': pr_body,
'branch': f'deps/security-update-{datetime.now().strftime("%Y%m%d")}',
'labels': ['dependencies', 'security']
}
```
### 8. Monitoring and Alerts
Set up continuous dependency monitoring:
**GitHub Actions Workflow**
```yaml
name: Dependency Audit
on:
schedule:
- cron: '0 0 * * *' # Daily
push:
paths:
- 'package*.json'
- 'requirements.txt'
- 'Gemfile*'
- 'go.mod'
workflow_dispatch:
jobs:
security-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run NPM Audit
if: hashFiles('package.json')
run: |
npm audit --json > npm-audit.json
if [ $(jq '.vulnerabilities.total' npm-audit.json) -gt 0 ]; then
echo "::error::Found $(jq '.vulnerabilities.total' npm-audit.json) vulnerabilities"
exit 1
fi
- name: Run Python Safety Check
if: hashFiles('requirements.txt')
run: |
pip install safety
safety check --json > safety-report.json
- name: Check Licenses
run: |
npx license-checker --json > licenses.json
python scripts/check_license_compliance.py
- name: Create Issue for Critical Vulnerabilities
if: failure()
uses: actions/github-script@v6
with:
script: |
const audit = require('./npm-audit.json');
const critical = audit.vulnerabilities.critical;
if (critical > 0) {
github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: `🚨 ${critical} critical vulnerabilities found`,
body: 'Dependency audit found critical vulnerabilities. See workflow run for details.',
labels: ['security', 'dependencies', 'critical']
});
}
```
## Output Format
1. **Executive Summary**: High-level risk assessment and action items
2. **Vulnerability Report**: Detailed CVE analysis with severity ratings
3. **License Compliance**: Compatibility matrix and legal risks
4. **Update Recommendations**: Prioritized list with effort estimates
5. **Supply Chain Analysis**: Typosquatting and hijacking risks
6. **Remediation Scripts**: Automated update commands and PR generation
7. **Size Impact Report**: Bundle size analysis and optimization tips
8. **Monitoring Setup**: CI/CD integration for continuous scanning
Focus on actionable insights that help maintain secure, compliant, and efficient dependency management.

755
tools/deps-upgrade.md Normal file
View File

@@ -0,0 +1,755 @@
---
model: claude-sonnet-4-0
---
# Dependency Upgrade Strategy
You are a dependency management expert specializing in safe, incremental upgrades of project dependencies. Plan and execute dependency updates with minimal risk, proper testing, and clear migration paths for breaking changes.
## Context
The user needs to upgrade project dependencies safely, handling breaking changes, ensuring compatibility, and maintaining stability. Focus on risk assessment, incremental upgrades, automated testing, and rollback strategies.
## Requirements
$ARGUMENTS
## Instructions
### 1. Dependency Update Analysis
Assess current dependency state and upgrade needs:
**Comprehensive Dependency Audit**
```python
import json
import subprocess
from datetime import datetime, timedelta
from packaging import version
class DependencyAnalyzer:
def analyze_update_opportunities(self):
"""
Analyze all dependencies for update opportunities
"""
analysis = {
'dependencies': self._analyze_dependencies(),
'update_strategy': self._determine_strategy(),
'risk_assessment': self._assess_risks(),
'priority_order': self._prioritize_updates()
}
return analysis
def _analyze_dependencies(self):
"""Analyze each dependency"""
deps = {}
# NPM analysis
if self._has_npm():
npm_output = subprocess.run(
['npm', 'outdated', '--json'],
capture_output=True,
text=True
)
if npm_output.stdout:
npm_data = json.loads(npm_output.stdout)
for pkg, info in npm_data.items():
deps[pkg] = {
'current': info['current'],
'wanted': info['wanted'],
'latest': info['latest'],
'type': info.get('type', 'dependencies'),
'ecosystem': 'npm',
'update_type': self._categorize_update(
info['current'],
info['latest']
)
}
# Python analysis
if self._has_python():
pip_output = subprocess.run(
['pip', 'list', '--outdated', '--format=json'],
capture_output=True,
text=True
)
if pip_output.stdout:
pip_data = json.loads(pip_output.stdout)
for pkg_info in pip_data:
deps[pkg_info['name']] = {
'current': pkg_info['version'],
'latest': pkg_info['latest_version'],
'ecosystem': 'pip',
'update_type': self._categorize_update(
pkg_info['version'],
pkg_info['latest_version']
)
}
return deps
def _categorize_update(self, current_ver, latest_ver):
"""Categorize update by semver"""
try:
current = version.parse(current_ver)
latest = version.parse(latest_ver)
if latest.major > current.major:
return 'major'
elif latest.minor > current.minor:
return 'minor'
elif latest.micro > current.micro:
return 'patch'
else:
return 'none'
except:
return 'unknown'
```
### 2. Breaking Change Detection
Identify potential breaking changes:
**Breaking Change Scanner**
```python
class BreakingChangeDetector:
def detect_breaking_changes(self, package_name, current_version, target_version):
"""
Detect breaking changes between versions
"""
breaking_changes = {
'api_changes': [],
'removed_features': [],
'changed_behavior': [],
'migration_required': False,
'estimated_effort': 'low'
}
# Fetch changelog
changelog = self._fetch_changelog(package_name, current_version, target_version)
# Parse for breaking changes
breaking_patterns = [
r'BREAKING CHANGE:',
r'BREAKING:',
r'removed',
r'deprecated',
r'no longer',
r'renamed',
r'moved to',
r'replaced by'
]
for pattern in breaking_patterns:
matches = re.finditer(pattern, changelog, re.IGNORECASE)
for match in matches:
context = self._extract_context(changelog, match.start())
breaking_changes['api_changes'].append(context)
# Check for specific patterns
if package_name == 'react':
breaking_changes.update(self._check_react_breaking_changes(
current_version, target_version
))
elif package_name == 'webpack':
breaking_changes.update(self._check_webpack_breaking_changes(
current_version, target_version
))
# Estimate migration effort
breaking_changes['estimated_effort'] = self._estimate_effort(breaking_changes)
return breaking_changes
def _check_react_breaking_changes(self, current, target):
"""React-specific breaking changes"""
changes = {
'api_changes': [],
'migration_required': False
}
# React 15 to 16
if current.startswith('15') and target.startswith('16'):
changes['api_changes'].extend([
'PropTypes moved to separate package',
'React.createClass deprecated',
'String refs deprecated'
])
changes['migration_required'] = True
# React 16 to 17
elif current.startswith('16') and target.startswith('17'):
changes['api_changes'].extend([
'Event delegation changes',
'No event pooling',
'useEffect cleanup timing changes'
])
# React 17 to 18
elif current.startswith('17') and target.startswith('18'):
changes['api_changes'].extend([
'Automatic batching',
'Stricter StrictMode',
'Suspense changes',
'New root API'
])
changes['migration_required'] = True
return changes
```
### 3. Migration Guide Generation
Create detailed migration guides:
**Migration Guide Generator**
```python
def generate_migration_guide(package_name, current_version, target_version, breaking_changes):
"""
Generate step-by-step migration guide
"""
guide = f"""
# Migration Guide: {package_name} {current_version}{target_version}
## Overview
This guide will help you upgrade {package_name} from version {current_version} to {target_version}.
**Estimated time**: {estimate_migration_time(breaking_changes)}
**Risk level**: {assess_risk_level(breaking_changes)}
**Breaking changes**: {len(breaking_changes['api_changes'])}
## Pre-Migration Checklist
- [ ] Current test suite passing
- [ ] Backup created / Git commit point marked
- [ ] Dependencies compatibility checked
- [ ] Team notified of upgrade
## Migration Steps
### Step 1: Update Dependencies
```bash
# Create a new branch
git checkout -b upgrade/{package_name}-{target_version}
# Update package
npm install {package_name}@{target_version}
# Update peer dependencies if needed
{generate_peer_deps_commands(package_name, target_version)}
```
### Step 2: Address Breaking Changes
{generate_breaking_change_fixes(breaking_changes)}
### Step 3: Update Code Patterns
{generate_code_updates(package_name, current_version, target_version)}
### Step 4: Run Codemods (if available)
{generate_codemod_commands(package_name, target_version)}
### Step 5: Test & Verify
```bash
# Run linter to catch issues
npm run lint
# Run tests
npm test
# Run type checking
npm run type-check
# Manual testing checklist
```
{generate_test_checklist(package_name, breaking_changes)}
### Step 6: Performance Validation
{generate_performance_checks(package_name)}
## Rollback Plan
If issues arise, follow these steps to rollback:
```bash
# Revert package version
git checkout package.json package-lock.json
npm install
# Or use the backup branch
git checkout main
git branch -D upgrade/{package_name}-{target_version}
```
## Common Issues & Solutions
{generate_common_issues(package_name, target_version)}
## Resources
- [Official Migration Guide]({get_official_guide_url(package_name, target_version)})
- [Changelog]({get_changelog_url(package_name, target_version)})
- [Community Discussions]({get_community_url(package_name)})
"""
return guide
```
### 4. Incremental Upgrade Strategy
Plan safe incremental upgrades:
**Incremental Upgrade Planner**
```python
class IncrementalUpgrader:
def plan_incremental_upgrade(self, package_name, current, target):
"""
Plan incremental upgrade path
"""
# Get all versions between current and target
all_versions = self._get_versions_between(package_name, current, target)
# Identify safe stopping points
safe_versions = self._identify_safe_versions(all_versions)
# Create upgrade path
upgrade_path = self._create_upgrade_path(current, target, safe_versions)
plan = f"""
## Incremental Upgrade Plan: {package_name}
### Current State
- Version: {current}
- Target: {target}
- Total steps: {len(upgrade_path)}
### Upgrade Path
"""
for i, step in enumerate(upgrade_path, 1):
plan += f"""
#### Step {i}: Upgrade to {step['version']}
**Risk Level**: {step['risk_level']}
**Breaking Changes**: {step['breaking_changes']}
```bash
# Upgrade command
npm install {package_name}@{step['version']}
# Test command
npm test -- --updateSnapshot
# Verification
npm run integration-tests
```
**Key Changes**:
{self._summarize_changes(step)}
**Testing Focus**:
{self._get_test_focus(step)}
---
"""
return plan
def _identify_safe_versions(self, versions):
"""Identify safe intermediate versions"""
safe_versions = []
for v in versions:
# Safe versions are typically:
# - Last patch of each minor version
# - Versions with long stability period
# - Versions before major API changes
if (self._is_last_patch(v, versions) or
self._has_stability_period(v) or
self._is_pre_breaking_change(v)):
safe_versions.append(v)
return safe_versions
```
### 5. Automated Testing Strategy
Ensure upgrades don't break functionality:
**Upgrade Test Suite**
```javascript
// upgrade-tests.js
const { runUpgradeTests } = require('./upgrade-test-framework');
async function testDependencyUpgrade(packageName, targetVersion) {
const testSuite = {
preUpgrade: async () => {
// Capture baseline
const baseline = {
unitTests: await runTests('unit'),
integrationTests: await runTests('integration'),
e2eTests: await runTests('e2e'),
performance: await capturePerformanceMetrics(),
bundleSize: await measureBundleSize()
};
return baseline;
},
postUpgrade: async (baseline) => {
// Run same tests after upgrade
const results = {
unitTests: await runTests('unit'),
integrationTests: await runTests('integration'),
e2eTests: await runTests('e2e'),
performance: await capturePerformanceMetrics(),
bundleSize: await measureBundleSize()
};
// Compare results
const comparison = compareResults(baseline, results);
return {
passed: comparison.passed,
failures: comparison.failures,
regressions: comparison.regressions,
improvements: comparison.improvements
};
},
smokeTests: [
async () => {
// Critical path testing
await testCriticalUserFlows();
},
async () => {
// API compatibility
await testAPICompatibility();
},
async () => {
// Build process
await testBuildProcess();
}
]
};
return runUpgradeTests(testSuite);
}
```
### 6. Compatibility Matrix
Check compatibility across dependencies:
**Compatibility Checker**
```python
def generate_compatibility_matrix(dependencies):
"""
Generate compatibility matrix for dependencies
"""
matrix = {}
for dep_name, dep_info in dependencies.items():
matrix[dep_name] = {
'current': dep_info['current'],
'target': dep_info['latest'],
'compatible_with': check_compatibility(dep_name, dep_info['latest']),
'conflicts': find_conflicts(dep_name, dep_info['latest']),
'peer_requirements': get_peer_requirements(dep_name, dep_info['latest'])
}
# Generate report
report = """
## Dependency Compatibility Matrix
| Package | Current | Target | Compatible With | Conflicts | Action Required |
|---------|---------|--------|-----------------|-----------|-----------------|
"""
for pkg, info in matrix.items():
compatible = '' if not info['conflicts'] else '⚠️'
conflicts = ', '.join(info['conflicts']) if info['conflicts'] else 'None'
action = 'Safe to upgrade' if not info['conflicts'] else 'Resolve conflicts first'
report += f"| {pkg} | {info['current']} | {info['target']} | {compatible} | {conflicts} | {action} |\n"
return report
def check_compatibility(package_name, version):
"""Check what this package is compatible with"""
# Check package.json or requirements.txt
peer_deps = get_peer_dependencies(package_name, version)
compatible_packages = []
for peer_pkg, peer_version_range in peer_deps.items():
if is_installed(peer_pkg):
current_peer_version = get_installed_version(peer_pkg)
if satisfies_version_range(current_peer_version, peer_version_range):
compatible_packages.append(f"{peer_pkg}@{current_peer_version}")
return compatible_packages
```
### 7. Rollback Strategy
Implement safe rollback procedures:
**Rollback Manager**
```bash
#!/bin/bash
# rollback-dependencies.sh
# Create rollback point
create_rollback_point() {
echo "📌 Creating rollback point..."
# Save current state
cp package.json package.json.backup
cp package-lock.json package-lock.json.backup
# Git tag
git tag -a "pre-upgrade-$(date +%Y%m%d-%H%M%S)" -m "Pre-upgrade snapshot"
# Database snapshot if needed
if [ -f "database-backup.sh" ]; then
./database-backup.sh
fi
echo "✅ Rollback point created"
}
# Perform rollback
rollback() {
echo "🔄 Performing rollback..."
# Restore package files
mv package.json.backup package.json
mv package-lock.json.backup package-lock.json
# Reinstall dependencies
rm -rf node_modules
npm ci
# Run post-rollback tests
npm test
echo "✅ Rollback complete"
}
# Verify rollback
verify_rollback() {
echo "🔍 Verifying rollback..."
# Check critical functionality
npm run test:critical
# Check service health
curl -f http://localhost:3000/health || exit 1
echo "✅ Rollback verified"
}
```
### 8. Batch Update Strategy
Handle multiple updates efficiently:
**Batch Update Planner**
```python
def plan_batch_updates(dependencies):
"""
Plan efficient batch updates
"""
# Group by update type
groups = {
'patch': [],
'minor': [],
'major': [],
'security': []
}
for dep, info in dependencies.items():
if info.get('has_security_vulnerability'):
groups['security'].append(dep)
else:
groups[info['update_type']].append(dep)
# Create update batches
batches = []
# Batch 1: Security updates (immediate)
if groups['security']:
batches.append({
'priority': 'CRITICAL',
'name': 'Security Updates',
'packages': groups['security'],
'strategy': 'immediate',
'testing': 'full'
})
# Batch 2: Patch updates (safe)
if groups['patch']:
batches.append({
'priority': 'HIGH',
'name': 'Patch Updates',
'packages': groups['patch'],
'strategy': 'grouped',
'testing': 'smoke'
})
# Batch 3: Minor updates (careful)
if groups['minor']:
batches.append({
'priority': 'MEDIUM',
'name': 'Minor Updates',
'packages': groups['minor'],
'strategy': 'incremental',
'testing': 'regression'
})
# Batch 4: Major updates (planned)
if groups['major']:
batches.append({
'priority': 'LOW',
'name': 'Major Updates',
'packages': groups['major'],
'strategy': 'individual',
'testing': 'comprehensive'
})
return generate_batch_plan(batches)
```
### 9. Framework-Specific Upgrades
Handle framework upgrades:
**Framework Upgrade Guides**
```python
framework_upgrades = {
'angular': {
'upgrade_command': 'ng update',
'pre_checks': [
'ng update @angular/core@{version} --dry-run',
'npm audit',
'ng lint'
],
'post_upgrade': [
'ng update @angular/cli',
'npm run test',
'npm run e2e'
],
'common_issues': {
'ivy_renderer': 'Enable Ivy in tsconfig.json',
'strict_mode': 'Update TypeScript configurations',
'deprecated_apis': 'Use Angular migration schematics'
}
},
'react': {
'upgrade_command': 'npm install react@{version} react-dom@{version}',
'codemods': [
'npx react-codemod rename-unsafe-lifecycles',
'npx react-codemod error-boundaries'
],
'verification': [
'npm run build',
'npm test -- --coverage',
'npm run analyze-bundle'
]
},
'vue': {
'upgrade_command': 'npm install vue@{version}',
'migration_tool': 'npx @vue/migration-tool',
'breaking_changes': {
'2_to_3': [
'Composition API',
'Multiple root elements',
'Teleport component',
'Fragments'
]
}
}
}
```
### 10. Post-Upgrade Monitoring
Monitor application after upgrades:
```javascript
// post-upgrade-monitoring.js
const monitoring = {
metrics: {
performance: {
'page_load_time': { threshold: 3000, unit: 'ms' },
'api_response_time': { threshold: 500, unit: 'ms' },
'memory_usage': { threshold: 512, unit: 'MB' }
},
errors: {
'error_rate': { threshold: 0.01, unit: '%' },
'console_errors': { threshold: 0, unit: 'count' }
},
bundle: {
'size': { threshold: 5, unit: 'MB' },
'gzip_size': { threshold: 1.5, unit: 'MB' }
}
},
checkHealth: async function() {
const results = {};
for (const [category, metrics] of Object.entries(this.metrics)) {
results[category] = {};
for (const [metric, config] of Object.entries(metrics)) {
const value = await this.measureMetric(metric);
results[category][metric] = {
value,
threshold: config.threshold,
unit: config.unit,
status: value <= config.threshold ? 'PASS' : 'FAIL'
};
}
}
return results;
},
generateReport: function(results) {
let report = '## Post-Upgrade Health Check\n\n';
for (const [category, metrics] of Object.entries(results)) {
report += `### ${category}\n\n`;
report += '| Metric | Value | Threshold | Status |\n';
report += '|--------|-------|-----------|--------|\n';
for (const [metric, data] of Object.entries(metrics)) {
const status = data.status === 'PASS' ? '✅' : '❌';
report += `| ${metric} | ${data.value}${data.unit} | ${data.threshold}${data.unit} | ${status} |\n`;
}
report += '\n';
}
return report;
}
};
```
## Output Format
1. **Upgrade Overview**: Summary of available updates with risk assessment
2. **Priority Matrix**: Ordered list of updates by importance and safety
3. **Migration Guides**: Step-by-step guides for each major upgrade
4. **Compatibility Report**: Dependency compatibility analysis
5. **Test Strategy**: Automated tests for validating upgrades
6. **Rollback Plan**: Clear procedures for reverting if needed
7. **Monitoring Dashboard**: Post-upgrade health metrics
8. **Timeline**: Realistic schedule for implementing upgrades
Focus on safe, incremental upgrades that maintain system stability while keeping dependencies current and secure.

996
tools/doc-generate.md Normal file
View File

@@ -0,0 +1,996 @@
---
model: claude-sonnet-4-0
---
# Automated Documentation Generation
You are a documentation expert specializing in creating comprehensive, maintainable documentation from code. Generate API docs, architecture diagrams, user guides, and technical references using AI-powered analysis and industry best practices.
## Context
The user needs automated documentation generation that extracts information from code, creates clear explanations, and maintains consistency across documentation types. Focus on creating living documentation that stays synchronized with code.
## Requirements
$ARGUMENTS
## Instructions
### 1. Code Analysis for Documentation
Extract documentation elements from source code:
**API Documentation Extraction**
```python
import ast
import inspect
from typing import Dict, List, Any
class APIDocExtractor:
def extract_endpoints(self, code_path):
"""
Extract API endpoints and their documentation
"""
endpoints = []
# FastAPI example
fastapi_decorators = ['@app.get', '@app.post', '@app.put', '@app.delete']
with open(code_path, 'r') as f:
tree = ast.parse(f.read())
for node in ast.walk(tree):
if isinstance(node, ast.FunctionDef):
# Check for route decorators
for decorator in node.decorator_list:
if self._is_route_decorator(decorator):
endpoint = {
'method': self._extract_method(decorator),
'path': self._extract_path(decorator),
'function': node.name,
'docstring': ast.get_docstring(node),
'parameters': self._extract_parameters(node),
'returns': self._extract_returns(node),
'examples': self._extract_examples(node)
}
endpoints.append(endpoint)
return endpoints
def _extract_parameters(self, func_node):
"""
Extract function parameters with types
"""
params = []
for arg in func_node.args.args:
param = {
'name': arg.arg,
'type': None,
'required': True,
'description': ''
}
# Extract type annotation
if arg.annotation:
param['type'] = ast.unparse(arg.annotation)
params.append(param)
return params
```
**Type and Schema Documentation**
```python
# Extract Pydantic models
def extract_pydantic_schemas(file_path):
"""
Extract Pydantic model definitions for API documentation
"""
schemas = []
with open(file_path, 'r') as f:
tree = ast.parse(f.read())
for node in ast.walk(tree):
if isinstance(node, ast.ClassDef):
# Check if inherits from BaseModel
if any(base.id == 'BaseModel' for base in node.bases if hasattr(base, 'id')):
schema = {
'name': node.name,
'description': ast.get_docstring(node),
'fields': []
}
# Extract fields
for item in node.body:
if isinstance(item, ast.AnnAssign):
field = {
'name': item.target.id,
'type': ast.unparse(item.annotation),
'required': item.value is None,
'default': ast.unparse(item.value) if item.value else None
}
schema['fields'].append(field)
schemas.append(schema)
return schemas
# TypeScript interface extraction
function extractTypeScriptInterfaces(code) {
const interfaces = [];
const interfaceRegex = /interface\s+(\w+)\s*{([^}]+)}/g;
let match;
while ((match = interfaceRegex.exec(code)) !== null) {
const name = match[1];
const body = match[2];
const fields = [];
const fieldRegex = /(\w+)(\?)?\s*:\s*([^;]+);/g;
let fieldMatch;
while ((fieldMatch = fieldRegex.exec(body)) !== null) {
fields.push({
name: fieldMatch[1],
required: !fieldMatch[2],
type: fieldMatch[3].trim()
});
}
interfaces.push({ name, fields });
}
return interfaces;
}
```
### 2. API Documentation Generation
Create comprehensive API documentation:
**OpenAPI/Swagger Generation**
```yaml
openapi: 3.0.0
info:
title: ${API_TITLE}
version: ${VERSION}
description: |
${DESCRIPTION}
## Authentication
${AUTH_DESCRIPTION}
## Rate Limiting
${RATE_LIMIT_INFO}
contact:
email: ${CONTACT_EMAIL}
license:
name: ${LICENSE}
url: ${LICENSE_URL}
servers:
- url: https://api.example.com/v1
description: Production server
- url: https://staging-api.example.com/v1
description: Staging server
security:
- bearerAuth: []
- apiKey: []
paths:
/users:
get:
summary: List all users
description: |
Retrieve a paginated list of users with optional filtering
operationId: listUsers
tags:
- Users
parameters:
- name: page
in: query
description: Page number for pagination
required: false
schema:
type: integer
default: 1
minimum: 1
- name: limit
in: query
description: Number of items per page
required: false
schema:
type: integer
default: 20
minimum: 1
maximum: 100
- name: search
in: query
description: Search term for filtering users
required: false
schema:
type: string
responses:
'200':
description: Successful response
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/User'
pagination:
$ref: '#/components/schemas/Pagination'
examples:
success:
value:
data:
- id: "123"
email: "user@example.com"
name: "John Doe"
pagination:
page: 1
limit: 20
total: 100
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/RateLimitExceeded'
components:
schemas:
User:
type: object
required:
- id
- email
properties:
id:
type: string
format: uuid
description: Unique user identifier
email:
type: string
format: email
description: User's email address
name:
type: string
description: User's full name
createdAt:
type: string
format: date-time
description: Account creation timestamp
```
**API Client SDK Documentation**
```python
"""
# API Client Documentation
## Installation
```bash
pip install your-api-client
```
## Quick Start
```python
from your_api import Client
# Initialize client
client = Client(api_key="your-api-key")
# List users
users = client.users.list(page=1, limit=20)
# Get specific user
user = client.users.get("user-id")
# Create user
new_user = client.users.create(
email="user@example.com",
name="John Doe"
)
```
## Authentication
The client supports multiple authentication methods:
### API Key Authentication
```python
client = Client(api_key="your-api-key")
```
### OAuth2 Authentication
```python
client = Client(
client_id="your-client-id",
client_secret="your-client-secret"
)
```
## Error Handling
```python
from your_api.exceptions import APIError, RateLimitError
try:
user = client.users.get("user-id")
except RateLimitError as e:
print(f"Rate limit exceeded. Retry after {e.retry_after} seconds")
except APIError as e:
print(f"API error: {e.message}")
```
## Pagination
```python
# Automatic pagination
for user in client.users.list_all():
print(user.email)
# Manual pagination
page = 1
while True:
response = client.users.list(page=page)
for user in response.data:
print(user.email)
if not response.has_next:
break
page += 1
```
"""
```
### 3. Architecture Documentation
Generate architecture diagrams and documentation:
**System Architecture Diagram (Mermaid)**
```mermaid
graph TB
subgraph "Frontend"
UI[React UI]
Mobile[Mobile App]
end
subgraph "API Gateway"
Gateway[Kong/nginx]
RateLimit[Rate Limiter]
Auth[Auth Service]
end
subgraph "Microservices"
UserService[User Service]
OrderService[Order Service]
PaymentService[Payment Service]
NotificationService[Notification Service]
end
subgraph "Data Layer"
PostgresMain[(PostgreSQL)]
Redis[(Redis Cache)]
Elasticsearch[(Elasticsearch)]
S3[S3 Storage]
end
subgraph "Message Queue"
Kafka[Apache Kafka]
end
UI --> Gateway
Mobile --> Gateway
Gateway --> Auth
Gateway --> RateLimit
Gateway --> UserService
Gateway --> OrderService
OrderService --> PaymentService
PaymentService --> Kafka
Kafka --> NotificationService
UserService --> PostgresMain
UserService --> Redis
OrderService --> PostgresMain
OrderService --> Elasticsearch
NotificationService --> S3
```
**Component Documentation**
```markdown
## System Components
### User Service
**Purpose**: Manages user accounts, authentication, and profiles
**Responsibilities**:
- User registration and authentication
- Profile management
- Role-based access control
- Password reset and account recovery
**Technology Stack**:
- Language: Python 3.11
- Framework: FastAPI
- Database: PostgreSQL
- Cache: Redis
- Authentication: JWT
**API Endpoints**:
- `POST /users` - Create new user
- `GET /users/{id}` - Get user details
- `PUT /users/{id}` - Update user
- `DELETE /users/{id}` - Delete user
- `POST /auth/login` - User login
- `POST /auth/refresh` - Refresh token
**Dependencies**:
- PostgreSQL for user data storage
- Redis for session caching
- Email service for notifications
**Configuration**:
```yaml
user_service:
port: 8001
database:
host: postgres.internal
port: 5432
name: users_db
redis:
host: redis.internal
port: 6379
jwt:
secret: ${JWT_SECRET}
expiry: 3600
```
```
### 4. Code Documentation
Generate inline documentation and README files:
**Function Documentation**
```python
def generate_function_docs(func):
"""
Generate comprehensive documentation for a function
"""
doc_template = '''
def {name}({params}){return_type}:
"""
{summary}
{description}
Args:
{args}
Returns:
{returns}
Raises:
{raises}
Examples:
{examples}
Note:
{notes}
"""
'''
# Extract function metadata
sig = inspect.signature(func)
params = []
args_doc = []
for param_name, param in sig.parameters.items():
param_str = param_name
if param.annotation != param.empty:
param_str += f": {param.annotation.__name__}"
if param.default != param.empty:
param_str += f" = {param.default}"
params.append(param_str)
# Generate argument documentation
args_doc.append(f"{param_name} ({param.annotation.__name__}): Description of {param_name}")
return_type = ""
if sig.return_annotation != sig.empty:
return_type = f" -> {sig.return_annotation.__name__}"
return doc_template.format(
name=func.__name__,
params=", ".join(params),
return_type=return_type,
summary=f"Brief description of {func.__name__}",
description="Detailed explanation of what the function does",
args="\n ".join(args_doc),
returns=f"{sig.return_annotation.__name__}: Description of return value",
raises="ValueError: If invalid input\n TypeError: If wrong type",
examples=f">>> {func.__name__}(param1, param2)\n expected_output",
notes="Additional important information"
)
```
**README Generation**
```markdown
# ${PROJECT_NAME}
${BADGES}
${SHORT_DESCRIPTION}
## Table of Contents
- [Features](#features)
- [Installation](#installation)
- [Quick Start](#quick-start)
- [Documentation](#documentation)
- [API Reference](#api-reference)
- [Configuration](#configuration)
- [Development](#development)
- [Testing](#testing)
- [Deployment](#deployment)
- [Contributing](#contributing)
- [License](#license)
## Features
${FEATURES_LIST}
## Installation
### Prerequisites
- Python 3.8+
- PostgreSQL 12+
- Redis 6+
### Using pip
```bash
pip install ${PACKAGE_NAME}
```
### Using Docker
```bash
docker pull ${DOCKER_IMAGE}
docker run -p 8000:8000 ${DOCKER_IMAGE}
```
### From source
```bash
git clone https://github.com/${GITHUB_ORG}/${REPO_NAME}.git
cd ${REPO_NAME}
pip install -e .
```
## Quick Start
```python
${QUICK_START_CODE}
```
## Documentation
Full documentation is available at [https://docs.example.com](https://docs.example.com)
### API Reference
- [REST API Documentation](./docs/api/README.md)
- [Python SDK Reference](./docs/sdk/python.md)
- [JavaScript SDK Reference](./docs/sdk/javascript.md)
## Configuration
### Environment Variables
| Variable | Description | Default | Required |
|----------|-------------|---------|----------|
| DATABASE_URL | PostgreSQL connection string | - | Yes |
| REDIS_URL | Redis connection string | - | Yes |
| SECRET_KEY | Application secret key | - | Yes |
| DEBUG | Enable debug mode | false | No |
### Configuration File
```yaml
${CONFIG_EXAMPLE}
```
## Development
### Setting up the development environment
```bash
# Clone repository
git clone https://github.com/${GITHUB_ORG}/${REPO_NAME}.git
cd ${REPO_NAME}
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements-dev.txt
# Run tests
pytest
# Start development server
python manage.py runserver
```
### Code Style
We use [Black](https://github.com/psf/black) for code formatting and [Flake8](https://flake8.pycqa.org/) for linting.
```bash
# Format code
black .
# Run linter
flake8 .
```
## Testing
```bash
# Run all tests
pytest
# Run with coverage
pytest --cov=your_package
# Run specific test file
pytest tests/test_users.py
# Run integration tests
pytest tests/integration/
```
## Deployment
### Docker
```dockerfile
${DOCKERFILE_EXAMPLE}
```
### Kubernetes
```yaml
${K8S_DEPLOYMENT_EXAMPLE}
```
## Contributing
Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests.
### Development Workflow
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
## License
This project is licensed under the ${LICENSE} License - see the [LICENSE](LICENSE) file for details.
## Acknowledgments
${ACKNOWLEDGMENTS}
```
### 5. User Documentation
Generate end-user documentation:
**User Guide Template**
```markdown
# User Guide
## Getting Started
### Creating Your First ${FEATURE}
1. **Navigate to the Dashboard**
Click on the ${FEATURE} tab in the main navigation menu.
![Dashboard Screenshot](./images/dashboard.png)
2. **Click "Create New"**
You'll find the "Create New" button in the top right corner.
![Create Button](./images/create-button.png)
3. **Fill in the Details**
- **Name**: Enter a descriptive name
- **Description**: Add optional details
- **Settings**: Configure as needed
![Form Screenshot](./images/form.png)
4. **Save Your Changes**
Click "Save" to create your ${FEATURE}.
### Common Tasks
#### Editing ${FEATURE}
1. Find your ${FEATURE} in the list
2. Click the "Edit" button
3. Make your changes
4. Click "Save"
#### Deleting ${FEATURE}
> ⚠️ **Warning**: Deletion is permanent and cannot be undone.
1. Find your ${FEATURE} in the list
2. Click the "Delete" button
3. Confirm the deletion
### Troubleshooting
#### ${FEATURE} Not Appearing
**Problem**: Created ${FEATURE} doesn't show in the list
**Solution**:
1. Check filters - ensure "All" is selected
2. Refresh the page
3. Check permissions with your administrator
#### Error Messages
| Error | Meaning | Solution |
|-------|---------|----------|
| "Name required" | The name field is empty | Enter a name |
| "Permission denied" | You don't have access | Contact admin |
| "Server error" | Technical issue | Try again later |
```
### 6. Interactive Documentation
Generate interactive documentation elements:
**API Playground**
```html
<!DOCTYPE html>
<html>
<head>
<title>API Documentation</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@latest/swagger-ui.css">
</head>
<body>
<div id="swagger-ui"></div>
<script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@latest/swagger-ui-bundle.js"></script>
<script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@latest/swagger-ui-standalone-preset.js"></script>
<script>
window.onload = function() {
const ui = SwaggerUIBundle({
url: "/api/openapi.json",
dom_id: '#swagger-ui',
deepLinking: true,
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIStandalonePreset
],
plugins: [
SwaggerUIBundle.plugins.DownloadUrl
],
layout: "StandaloneLayout",
onComplete: function() {
// Add try it out functionality
ui.preauthorizeApiKey("apiKey", "your-api-key");
}
});
window.ui = ui;
}
</script>
</body>
</html>
```
**Code Examples Generator**
```python
def generate_code_examples(endpoint, languages=['python', 'javascript', 'curl']):
"""
Generate code examples for API endpoints
"""
examples = {}
# Python example
examples['python'] = f'''
import requests
url = "https://api.example.com{endpoint['path']}"
headers = {{
"Authorization": "Bearer YOUR_API_KEY",
"Content-Type": "application/json"
}}
response = requests.{endpoint['method'].lower()}(url, headers=headers)
print(response.json())
'''
# JavaScript example
examples['javascript'] = f'''
const response = await fetch('https://api.example.com{endpoint['path']}', {{
method: '{endpoint['method']}',
headers: {{
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
}}
}});
const data = await response.json();
console.log(data);
'''
# cURL example
examples['curl'] = f'''
curl -X {endpoint['method']} https://api.example.com{endpoint['path']} \\
-H "Authorization: Bearer YOUR_API_KEY" \\
-H "Content-Type: application/json"
'''
return examples
```
### 7. Documentation CI/CD
Automate documentation updates:
**GitHub Actions Workflow**
```yaml
name: Generate Documentation
on:
push:
branches: [main]
paths:
- 'src/**'
- 'api/**'
workflow_dispatch:
jobs:
generate-docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install dependencies
run: |
pip install -r requirements-docs.txt
npm install -g @redocly/cli
- name: Generate API documentation
run: |
python scripts/generate_openapi.py > docs/api/openapi.json
redocly build-docs docs/api/openapi.json -o docs/api/index.html
- name: Generate code documentation
run: |
sphinx-build -b html docs/source docs/build
- name: Generate architecture diagrams
run: |
python scripts/generate_diagrams.py
- name: Deploy to GitHub Pages
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs/build
```
### 8. Documentation Quality Checks
Ensure documentation completeness:
**Documentation Coverage**
```python
class DocCoverage:
def check_coverage(self, codebase_path):
"""
Check documentation coverage for codebase
"""
results = {
'total_functions': 0,
'documented_functions': 0,
'total_classes': 0,
'documented_classes': 0,
'total_modules': 0,
'documented_modules': 0,
'missing_docs': []
}
for file_path in glob.glob(f"{codebase_path}/**/*.py", recursive=True):
module = ast.parse(open(file_path).read())
# Check module docstring
if ast.get_docstring(module):
results['documented_modules'] += 1
else:
results['missing_docs'].append({
'type': 'module',
'file': file_path
})
results['total_modules'] += 1
# Check functions and classes
for node in ast.walk(module):
if isinstance(node, ast.FunctionDef):
results['total_functions'] += 1
if ast.get_docstring(node):
results['documented_functions'] += 1
else:
results['missing_docs'].append({
'type': 'function',
'name': node.name,
'file': file_path,
'line': node.lineno
})
elif isinstance(node, ast.ClassDef):
results['total_classes'] += 1
if ast.get_docstring(node):
results['documented_classes'] += 1
else:
results['missing_docs'].append({
'type': 'class',
'name': node.name,
'file': file_path,
'line': node.lineno
})
# Calculate coverage
results['function_coverage'] = (
results['documented_functions'] / results['total_functions'] * 100
if results['total_functions'] > 0 else 100
)
results['class_coverage'] = (
results['documented_classes'] / results['total_classes'] * 100
if results['total_classes'] > 0 else 100
)
return results
```
## Output Format
1. **API Documentation**: OpenAPI spec with interactive playground
2. **Architecture Diagrams**: System, sequence, and component diagrams
3. **Code Documentation**: Inline docs, docstrings, and type hints
4. **User Guides**: Step-by-step tutorials with screenshots
5. **Developer Guides**: Setup, contribution, and API usage guides
6. **Reference Documentation**: Complete API reference with examples
7. **Documentation Site**: Deployed static site with search functionality
Focus on creating documentation that is accurate, comprehensive, and easy to maintain alongside code changes.

2338
tools/docker-optimize.md Normal file
View File

File diff suppressed because it is too large Load Diff

60
tools/error-analysis.md Normal file
View File

@@ -0,0 +1,60 @@
---
model: claude-sonnet-4-0
---
# Error Analysis and Resolution
Analyze and resolve errors in: $ARGUMENTS
Perform comprehensive error analysis:
1. **Error Pattern Analysis**:
- Categorize error types
- Identify root causes
- Trace error propagation
- Analyze error frequency
- Correlate with system events
2. **Debugging Strategy**:
- Stack trace analysis
- Variable state inspection
- Execution flow tracing
- Memory dump analysis
- Race condition detection
3. **Error Handling Improvements**:
- Custom exception classes
- Error boundary implementation
- Retry logic with backoff
- Circuit breaker patterns
- Graceful degradation
4. **Logging Enhancement**:
- Structured logging setup
- Correlation ID implementation
- Log aggregation strategy
- Debug vs production logging
- Sensitive data masking
5. **Monitoring Integration**:
- Sentry/Rollbar setup
- Error alerting rules
- Error dashboards
- Trend analysis
- SLA impact assessment
6. **Recovery Mechanisms**:
- Automatic recovery procedures
- Data consistency checks
- Rollback strategies
- State recovery
- Compensation logic
7. **Prevention Strategies**:
- Input validation
- Type safety improvements
- Contract testing
- Defensive programming
- Code review checklist
Provide specific fixes, preventive measures, and long-term reliability improvements. Include test cases for each error scenario.

1371
tools/error-trace.md Normal file
View File

File diff suppressed because it is too large Load Diff

37
tools/issue.md Normal file
View File

@@ -0,0 +1,37 @@
---
model: claude-sonnet-4-0
---
Please analyze and fix the GitHub issue: $ARGUMENTS.
Follow these steps:
# PLAN
1. Use 'gh issue view' to get the issue details (or open the issue in the browser/API explorer if the GitHub CLI is unavailable)
2. Understand the problem described in the issue
3. Ask clarifying questions if necessary
4. Understand the prior art for this issue
- Search the scratchpads for previous thoughts related to the issue
- Search PRs to see if you can find history on this issue
- Search the codebase for relevant files
5. Think harder about how to break the issue down into a series of small, manageable tasks.
6. Document your plan in a new scratchpad
- include the issue name in the filename
- include a link to the issue in the scratchpad.
# CREATE
- Create a new branch for the issue
- Solve the issue in small, manageable steps, according to your plan.
- Commit your changes after each step.
# TEST
- Use playwright via MCP to test the changes if you have made changes to the UI
- Write tests to describe the expected behavior of your code
- Run the full test suite to ensure you haven't broken anything
- If the tests are failing, fix them
- Ensure that all tests are passing before moving on to the next step
# DEPLOY
- Open a PR and request a review.
Prefer the GitHub CLI (`gh`) for GitHub-related tasks, but fall back to Claude subagents or the GitHub web UI/REST API when the CLI is not installed.

2781
tools/k8s-manifest.md Normal file
View File

File diff suppressed because it is too large Load Diff

60
tools/langchain-agent.md Normal file
View File

@@ -0,0 +1,60 @@
---
model: claude-sonnet-4-0
---
# LangChain/LangGraph Agent Scaffold
Create a production-ready LangChain/LangGraph agent for: $ARGUMENTS
Implement a complete agent system including:
1. **Agent Architecture**:
- LangGraph state machine
- Tool selection logic
- Memory management
- Context window optimization
- Multi-agent coordination
2. **Tool Implementation**:
- Custom tool creation
- Tool validation
- Error handling in tools
- Tool composition
- Async tool execution
3. **Memory Systems**:
- Short-term memory
- Long-term storage (vector DB)
- Conversation summarization
- Entity tracking
- Memory retrieval strategies
4. **Prompt Engineering**:
- System prompts
- Few-shot examples
- Chain-of-thought reasoning
- Output formatting
- Prompt templates
5. **RAG Integration**:
- Document loading pipeline
- Chunking strategies
- Embedding generation
- Vector store setup
- Retrieval optimization
6. **Production Features**:
- Streaming responses
- Token counting
- Cost tracking
- Rate limiting
- Fallback strategies
7. **Observability**:
- LangSmith integration
- Custom callbacks
- Performance metrics
- Decision tracking
- Debug mode
Include error handling, testing strategies, and deployment considerations. Use the latest LangChain/LangGraph best practices.

1255
tools/monitor-setup.md Normal file
View File

File diff suppressed because it is too large Load Diff

90
tools/multi-agent-optimize.md Normal file
View File

@@ -0,0 +1,90 @@
---
model: claude-sonnet-4-0
---
Optimize application stack using specialized optimization agents:
[Extended thinking: This tool coordinates database, performance, and frontend optimization agents to improve application performance holistically. Each agent focuses on their domain while ensuring optimizations work together.]
## Optimization Strategy
### 1. Database Optimization
Use Task tool with subagent_type="database-optimizer" to:
- Analyze query performance and execution plans
- Optimize indexes and table structures
- Implement caching strategies
- Review connection pooling and configurations
- Suggest schema improvements
Prompt: "Optimize database layer for: $ARGUMENTS. Analyze and improve:
1. Slow query identification and optimization
2. Index analysis and recommendations
3. Schema optimization for performance
4. Connection pool tuning
5. Caching strategy implementation"
### 2. Application Performance
Use Task tool with subagent_type="performance-engineer" to:
- Profile application code
- Identify CPU and memory bottlenecks
- Optimize algorithms and data structures
- Implement caching at application level
- Improve async/concurrent operations
Prompt: "Optimize application performance for: $ARGUMENTS. Focus on:
1. Code profiling and bottleneck identification
2. Algorithm optimization
3. Memory usage optimization
4. Concurrency improvements
5. Application-level caching"
### 3. Frontend Optimization
Use Task tool with subagent_type="frontend-developer" to:
- Reduce bundle sizes
- Implement lazy loading
- Optimize rendering performance
- Improve Core Web Vitals
- Implement efficient state management
Prompt: "Optimize frontend performance for: $ARGUMENTS. Improve:
1. Bundle size reduction strategies
2. Lazy loading implementation
3. Rendering optimization
4. Core Web Vitals (LCP, FID, CLS)
5. Network request optimization"
## Consolidated Optimization Plan
### Performance Baseline
- Current performance metrics
- Identified bottlenecks
- User experience impact
### Optimization Roadmap
1. **Quick Wins** (< 1 day)
- Simple query optimizations
- Basic caching implementation
- Bundle splitting
2. **Medium Improvements** (1-3 days)
- Index optimization
- Algorithm improvements
- Lazy loading implementation
3. **Major Optimizations** (3+ days)
- Schema redesign
- Architecture changes
- Full caching layer
### Expected Improvements
- Database query time reduction: X%
- API response time improvement: X%
- Frontend load time reduction: X%
- Overall user experience impact
### Implementation Priority
- Ordered list of optimizations by impact/effort ratio
- Dependencies between optimizations
- Risk assessment for each change
Target for optimization: $ARGUMENTS

68
tools/multi-agent-review.md Normal file
View File

@@ -0,0 +1,68 @@
---
model: claude-sonnet-4-0
---
Perform comprehensive multi-agent code review with specialized reviewers:
[Extended thinking: This tool command invokes multiple review-focused agents to provide different perspectives on code quality, security, and architecture. Each agent reviews independently, then findings are consolidated.]
## Review Process
### 1. Code Quality Review
Use Task tool with subagent_type="code-reviewer" to examine:
- Code style and readability
- Adherence to SOLID principles
- Design patterns and anti-patterns
- Code duplication and complexity
- Documentation completeness
- Test coverage and quality
Prompt: "Perform detailed code review of: $ARGUMENTS. Focus on maintainability, readability, and best practices. Provide specific line-by-line feedback where appropriate."
### 2. Security Review
Use Task tool with subagent_type="security-auditor" to check:
- Authentication and authorization flaws
- Input validation and sanitization
- SQL injection and XSS vulnerabilities
- Sensitive data exposure
- Security misconfigurations
- Dependency vulnerabilities
Prompt: "Conduct security review of: $ARGUMENTS. Identify vulnerabilities, security risks, and OWASP compliance issues. Provide severity ratings and remediation steps."
### 3. Architecture Review
Use Task tool with subagent_type="architect-reviewer" to evaluate:
- Service boundaries and coupling
- Scalability considerations
- Design pattern appropriateness
- Technology choices
- API design quality
- Data flow and dependencies
Prompt: "Review architecture and design of: $ARGUMENTS. Evaluate scalability, maintainability, and architectural patterns. Identify potential bottlenecks and design improvements."
## Consolidated Review Output
After all agents complete their reviews, consolidate findings into:
1. **Critical Issues** - Must fix before merge
- Security vulnerabilities
- Broken functionality
- Major architectural flaws
2. **Important Issues** - Should fix soon
- Performance problems
- Code quality issues
- Missing tests
3. **Minor Issues** - Nice to fix
- Style inconsistencies
- Documentation gaps
- Refactoring opportunities
4. **Positive Findings** - Good practices to highlight
- Well-designed components
- Good test coverage
- Security best practices
Target for review: $ARGUMENTS

28
tools/onboard.md Normal file
View File

@@ -0,0 +1,28 @@
---
model: claude-sonnet-4-0
---
# Onboard
You are given the following context:
$ARGUMENTS
## Instructions
"AI models are geniuses who start from scratch on every task." - Noam Brown
Your job is to "onboard" yourself to the current task.
Do this by:
- Using ultrathink
- Exploring the codebase
- Making use of any MCP tools at your disposal for planning and research
- Asking me questions if needed
- Using subagents for dividing work and seperation of concerns
The goal is to get you fully prepared to start working on the task.
Take as long as you need to get yourself ready. Overdoing it is better than underdoing it.
Record everything in a .claude/tasks/[TASK_ID]/onboarding.md file. This file will be used to onboard you to the task in a new session if needed, so make sure it's comprehensive.

701
tools/pr-enhance.md Normal file
View File

@@ -0,0 +1,701 @@
---
model: claude-sonnet-4-0
---
# Pull Request Enhancement
You are a PR optimization expert specializing in creating high-quality pull requests that facilitate efficient code reviews. Generate comprehensive PR descriptions, automate review processes, and ensure PRs follow best practices for clarity, size, and reviewability.
## Context
The user needs to create or improve pull requests with detailed descriptions, proper documentation, test coverage analysis, and review facilitation. Focus on making PRs that are easy to review, well-documented, and include all necessary context.
## Requirements
$ARGUMENTS
## Instructions
### 1. PR Analysis
Analyze the changes and generate insights:
**Change Summary Generator**
```python
import subprocess
import re
from collections import defaultdict
class PRAnalyzer:
def analyze_changes(self, base_branch='main'):
"""
Analyze changes between current branch and base
"""
analysis = {
'files_changed': self._get_changed_files(base_branch),
'change_statistics': self._get_change_stats(base_branch),
'change_categories': self._categorize_changes(base_branch),
'potential_impacts': self._assess_impacts(base_branch),
'dependencies_affected': self._check_dependencies(base_branch)
}
return analysis
def _get_changed_files(self, base_branch):
"""Get list of changed files with statistics"""
cmd = f"git diff --name-status {base_branch}...HEAD"
result = subprocess.run(cmd.split(), capture_output=True, text=True)
files = []
for line in result.stdout.strip().split('\n'):
if line:
status, filename = line.split('\t', 1)
files.append({
'filename': filename,
'status': self._parse_status(status),
'category': self._categorize_file(filename)
})
return files
def _get_change_stats(self, base_branch):
"""Get detailed change statistics"""
cmd = f"git diff --shortstat {base_branch}...HEAD"
result = subprocess.run(cmd.split(), capture_output=True, text=True)
# Parse output like: "10 files changed, 450 insertions(+), 123 deletions(-)"
stats_pattern = r'(\d+) files? changed(?:, (\d+) insertions?\(\+\))?(?:, (\d+) deletions?\(-\))?'
match = re.search(stats_pattern, result.stdout)
if match:
files, insertions, deletions = match.groups()
return {
'files_changed': int(files),
'insertions': int(insertions or 0),
'deletions': int(deletions or 0),
'net_change': int(insertions or 0) - int(deletions or 0)
}
return {'files_changed': 0, 'insertions': 0, 'deletions': 0, 'net_change': 0}
def _categorize_file(self, filename):
"""Categorize file by type"""
categories = {
'source': ['.js', '.ts', '.py', '.java', '.go', '.rs'],
'test': ['test', 'spec', '.test.', '.spec.'],
'config': ['config', '.json', '.yml', '.yaml', '.toml'],
'docs': ['.md', 'README', 'CHANGELOG', '.rst'],
'styles': ['.css', '.scss', '.less'],
'build': ['Makefile', 'Dockerfile', '.gradle', 'pom.xml']
}
for category, patterns in categories.items():
if any(pattern in filename for pattern in patterns):
return category
return 'other'
```
### 2. PR Description Generation
Create comprehensive PR descriptions:
**Description Template Generator**
```python
def generate_pr_description(analysis, commits):
"""
Generate detailed PR description from analysis
"""
description = f"""
## Summary
{generate_summary(analysis, commits)}
## What Changed
{generate_change_list(analysis)}
## Why These Changes
{extract_why_from_commits(commits)}
## Type of Change
{determine_change_types(analysis)}
## How Has This Been Tested?
{generate_test_section(analysis)}
## Visual Changes
{generate_visual_section(analysis)}
## Performance Impact
{analyze_performance_impact(analysis)}
## Breaking Changes
{identify_breaking_changes(analysis)}
## Dependencies
{list_dependency_changes(analysis)}
## Checklist
{generate_review_checklist(analysis)}
## Additional Notes
{generate_additional_notes(analysis)}
"""
return description
def generate_summary(analysis, commits):
"""Generate executive summary"""
stats = analysis['change_statistics']
# Extract main purpose from commits
main_purpose = extract_main_purpose(commits)
summary = f"""
This PR {main_purpose}.
**Impact**: {stats['files_changed']} files changed ({stats['insertions']} additions, {stats['deletions']} deletions)
**Risk Level**: {calculate_risk_level(analysis)}
**Review Time**: ~{estimate_review_time(stats)} minutes
"""
return summary
def generate_change_list(analysis):
"""Generate categorized change list"""
changes_by_category = defaultdict(list)
for file in analysis['files_changed']:
changes_by_category[file['category']].append(file)
change_list = ""
icons = {
'source': '🔧',
'test': '',
'docs': '📝',
'config': '⚙️',
'styles': '🎨',
'build': '🏗️',
'other': '📁'
}
for category, files in changes_by_category.items():
change_list += f"\n### {icons.get(category, '📁')} {category.title()} Changes\n"
for file in files[:10]: # Limit to 10 files per category
change_list += f"- {file['status']}: `{file['filename']}`\n"
if len(files) > 10:
change_list += f"- ...and {len(files) - 10} more\n"
return change_list
```
### 3. Review Checklist Generation
Create automated review checklists:
**Smart Checklist Generator**
```python
def generate_review_checklist(analysis):
"""
Generate context-aware review checklist
"""
checklist = ["## Review Checklist\n"]
# General items
general_items = [
"Code follows project style guidelines",
"Self-review completed",
"Comments added for complex logic",
"No debugging code left",
"No sensitive data exposed"
]
# Add general items
checklist.append("### General")
for item in general_items:
checklist.append(f"- [ ] {item}")
# File-specific checks
file_types = {file['category'] for file in analysis['files_changed']}
if 'source' in file_types:
checklist.append("\n### Code Quality")
checklist.extend([
"- [ ] No code duplication",
"- [ ] Functions are focused and small",
"- [ ] Variable names are descriptive",
"- [ ] Error handling is comprehensive",
"- [ ] No performance bottlenecks introduced"
])
if 'test' in file_types:
checklist.append("\n### Testing")
checklist.extend([
"- [ ] All new code is covered by tests",
"- [ ] Tests are meaningful and not just for coverage",
"- [ ] Edge cases are tested",
"- [ ] Tests follow AAA pattern (Arrange, Act, Assert)",
"- [ ] No flaky tests introduced"
])
if 'config' in file_types:
checklist.append("\n### Configuration")
checklist.extend([
"- [ ] No hardcoded values",
"- [ ] Environment variables documented",
"- [ ] Backwards compatibility maintained",
"- [ ] Security implications reviewed",
"- [ ] Default values are sensible"
])
if 'docs' in file_types:
checklist.append("\n### Documentation")
checklist.extend([
"- [ ] Documentation is clear and accurate",
"- [ ] Examples are provided where helpful",
"- [ ] API changes are documented",
"- [ ] README updated if necessary",
"- [ ] Changelog updated"
])
# Security checks
if has_security_implications(analysis):
checklist.append("\n### Security")
checklist.extend([
"- [ ] No SQL injection vulnerabilities",
"- [ ] Input validation implemented",
"- [ ] Authentication/authorization correct",
"- [ ] No sensitive data in logs",
"- [ ] Dependencies are secure"
])
return '\n'.join(checklist)
```
### 4. Code Review Automation
Automate common review tasks:
**Automated Review Bot**
```python
class ReviewBot:
def perform_automated_checks(self, pr_diff):
"""
Perform automated code review checks
"""
findings = []
# Check for common issues
checks = [
self._check_console_logs,
self._check_commented_code,
self._check_large_functions,
self._check_todo_comments,
self._check_hardcoded_values,
self._check_missing_error_handling,
self._check_security_issues
]
for check in checks:
findings.extend(check(pr_diff))
return findings
def _check_console_logs(self, diff):
"""Check for console.log statements"""
findings = []
pattern = r'\+.*console\.(log|debug|info|warn|error)'
for file, content in diff.items():
matches = re.finditer(pattern, content, re.MULTILINE)
for match in matches:
findings.append({
'type': 'warning',
'file': file,
'line': self._get_line_number(match, content),
'message': 'Console statement found - remove before merging',
'suggestion': 'Use proper logging framework instead'
})
return findings
def _check_large_functions(self, diff):
"""Check for functions that are too large"""
findings = []
# Simple heuristic: count lines between function start and end
for file, content in diff.items():
if file.endswith(('.js', '.ts', '.py')):
functions = self._extract_functions(content)
for func in functions:
if func['lines'] > 50:
findings.append({
'type': 'suggestion',
'file': file,
'line': func['start_line'],
'message': f"Function '{func['name']}' is {func['lines']} lines long",
'suggestion': 'Consider breaking into smaller functions'
})
return findings
```
### 5. PR Size Optimization
Help split large PRs:
**PR Splitter Suggestions**
```python
def suggest_pr_splits(analysis):
"""
Suggest how to split large PRs
"""
stats = analysis['change_statistics']
# Check if PR is too large
if stats['files_changed'] > 20 or stats['insertions'] + stats['deletions'] > 1000:
suggestions = analyze_split_opportunities(analysis)
return f"""
## ⚠️ Large PR Detected
This PR changes {stats['files_changed']} files with {stats['insertions'] + stats['deletions']} total changes.
Large PRs are harder to review and more likely to introduce bugs.
### Suggested Splits:
{format_split_suggestions(suggestions)}
### How to Split:
1. Create feature branch from current branch
2. Cherry-pick commits for first logical unit
3. Create PR for first unit
4. Repeat for remaining units
```bash
# Example split workflow
git checkout -b feature/part-1
git cherry-pick <commit-hashes-for-part-1>
git push origin feature/part-1
# Create PR for part 1
git checkout -b feature/part-2
git cherry-pick <commit-hashes-for-part-2>
git push origin feature/part-2
# Create PR for part 2
```
"""
return ""
def analyze_split_opportunities(analysis):
"""Find logical units for splitting"""
suggestions = []
# Group by feature areas
feature_groups = defaultdict(list)
for file in analysis['files_changed']:
feature = extract_feature_area(file['filename'])
feature_groups[feature].append(file)
# Suggest splits
for feature, files in feature_groups.items():
if len(files) >= 5:
suggestions.append({
'name': f"{feature} changes",
'files': files,
'reason': f"Isolated changes to {feature} feature"
})
return suggestions
```
### 6. Visual Diff Enhancement
Generate visual representations:
**Mermaid Diagram Generator**
```python
def generate_architecture_diff(analysis):
"""
Generate diagram showing architectural changes
"""
if has_architectural_changes(analysis):
return f"""
## Architecture Changes
```mermaid
graph LR
subgraph "Before"
A1[Component A] --> B1[Component B]
B1 --> C1[Database]
end
subgraph "After"
A2[Component A] --> B2[Component B]
B2 --> C2[Database]
B2 --> D2[New Cache Layer]
A2 --> E2[New API Gateway]
end
style D2 fill:#90EE90
style E2 fill:#90EE90
```
### Key Changes:
1. Added caching layer for performance
2. Introduced API gateway for better routing
3. Refactored component communication
"""
return ""
```
### 7. Test Coverage Report
Include test coverage analysis:
**Coverage Report Generator**
```python
def generate_coverage_report(base_branch='main'):
"""
Generate test coverage comparison
"""
# Get coverage before and after
before_coverage = get_coverage_for_branch(base_branch)
after_coverage = get_coverage_for_branch('HEAD')
coverage_diff = after_coverage - before_coverage
report = f"""
## Test Coverage
| Metric | Before | After | Change |
|--------|--------|-------|--------|
| Lines | {before_coverage['lines']:.1f}% | {after_coverage['lines']:.1f}% | {format_diff(coverage_diff['lines'])} |
| Functions | {before_coverage['functions']:.1f}% | {after_coverage['functions']:.1f}% | {format_diff(coverage_diff['functions'])} |
| Branches | {before_coverage['branches']:.1f}% | {after_coverage['branches']:.1f}% | {format_diff(coverage_diff['branches'])} |
### Uncovered Files
"""
# List files with low coverage
for file in get_low_coverage_files():
report += f"- `{file['name']}`: {file['coverage']:.1f}% coverage\n"
return report
def format_diff(value):
"""Format coverage difference"""
if value > 0:
return f"<span style='color: green'>+{value:.1f}%</span> ✅"
elif value < 0:
return f"<span style='color: red'>{value:.1f}%</span> ⚠️"
else:
return "No change"
```
### 8. Risk Assessment
Evaluate PR risk:
**Risk Calculator**
```python
def calculate_pr_risk(analysis):
"""
Calculate risk score for PR
"""
risk_factors = {
'size': calculate_size_risk(analysis),
'complexity': calculate_complexity_risk(analysis),
'test_coverage': calculate_test_risk(analysis),
'dependencies': calculate_dependency_risk(analysis),
'security': calculate_security_risk(analysis)
}
overall_risk = sum(risk_factors.values()) / len(risk_factors)
risk_report = f"""
## Risk Assessment
**Overall Risk Level**: {get_risk_level(overall_risk)} ({overall_risk:.1f}/10)
### Risk Factors
| Factor | Score | Details |
|--------|-------|---------|
| Size | {risk_factors['size']:.1f}/10 | {get_size_details(analysis)} |
| Complexity | {risk_factors['complexity']:.1f}/10 | {get_complexity_details(analysis)} |
| Test Coverage | {risk_factors['test_coverage']:.1f}/10 | {get_test_details(analysis)} |
| Dependencies | {risk_factors['dependencies']:.1f}/10 | {get_dependency_details(analysis)} |
| Security | {risk_factors['security']:.1f}/10 | {get_security_details(analysis)} |
### Mitigation Strategies
{generate_mitigation_strategies(risk_factors)}
"""
return risk_report
def get_risk_level(score):
"""Convert score to risk level"""
if score < 3:
return "🟢 Low"
elif score < 6:
return "🟡 Medium"
elif score < 8:
return "🟠 High"
else:
return "🔴 Critical"
```
### 9. PR Templates
Generate context-specific templates:
```python
def generate_pr_template(pr_type, analysis):
"""
Generate PR template based on type
"""
templates = {
'feature': f"""
## Feature: {extract_feature_name(analysis)}
### Description
{generate_feature_description(analysis)}
### User Story
As a [user type]
I want [feature]
So that [benefit]
### Acceptance Criteria
- [ ] Criterion 1
- [ ] Criterion 2
- [ ] Criterion 3
### Demo
[Link to demo or screenshots]
### Technical Implementation
{generate_technical_summary(analysis)}
### Testing Strategy
{generate_test_strategy(analysis)}
""",
'bugfix': f"""
## Bug Fix: {extract_bug_description(analysis)}
### Issue
- **Reported in**: #[issue-number]
- **Severity**: {determine_severity(analysis)}
- **Affected versions**: {get_affected_versions(analysis)}
### Root Cause
{analyze_root_cause(analysis)}
### Solution
{describe_solution(analysis)}
### Testing
- [ ] Bug is reproducible before fix
- [ ] Bug is resolved after fix
- [ ] No regressions introduced
- [ ] Edge cases tested
### Verification Steps
1. Step to reproduce original issue
2. Apply this fix
3. Verify issue is resolved
""",
'refactor': f"""
## Refactoring: {extract_refactor_scope(analysis)}
### Motivation
{describe_refactor_motivation(analysis)}
### Changes Made
{list_refactor_changes(analysis)}
### Benefits
- Improved {list_improvements(analysis)}
- Reduced {list_reductions(analysis)}
### Compatibility
- [ ] No breaking changes
- [ ] API remains unchanged
- [ ] Performance maintained or improved
### Metrics
| Metric | Before | After |
|--------|--------|-------|
| Complexity | X | Y |
| Test Coverage | X% | Y% |
| Performance | Xms | Yms |
"""
}
return templates.get(pr_type, templates['feature'])
```
### 10. Review Response Templates
Help with review responses:
```python
review_response_templates = {
'acknowledge_feedback': """
Thank you for the thorough review! I'll address these points.
""",
'explain_decision': """
Great question! I chose this approach because:
1. [Reason 1]
2. [Reason 2]
Alternative approaches considered:
- [Alternative 1]: [Why not chosen]
- [Alternative 2]: [Why not chosen]
Happy to discuss further if you have concerns.
""",
'request_clarification': """
Thanks for the feedback. Could you clarify what you mean by [specific point]?
I want to make sure I understand your concern correctly before making changes.
""",
'disagree_respectfully': """
I appreciate your perspective on this. I have a slightly different view:
[Your reasoning]
However, I'm open to discussing this further. What do you think about [compromise/middle ground]?
""",
'commit_to_change': """
Good catch! I'll update this to [specific change].
This should address [concern] while maintaining [other requirement].
"""
}
```
## Output Format
1. **PR Summary**: Executive summary with key metrics
2. **Detailed Description**: Comprehensive PR description
3. **Review Checklist**: Context-aware review items
4. **Risk Assessment**: Risk analysis with mitigation strategies
5. **Test Coverage**: Before/after coverage comparison
6. **Visual Aids**: Diagrams and visual diffs where applicable
7. **Size Recommendations**: Suggestions for splitting large PRs
8. **Review Automation**: Automated checks and findings
Focus on creating PRs that are a pleasure to review, with all necessary context and documentation for efficient code review process.

53
tools/prompt-optimize.md Normal file
View File

@@ -0,0 +1,53 @@
---
model: claude-sonnet-4-0
---
# AI Prompt Optimization
Optimize the following prompt for better AI model performance: $ARGUMENTS
Analyze and improve the prompt by:
1. **Prompt Engineering**:
- Apply chain-of-thought reasoning
- Add few-shot examples
- Implement role-based instructions
- Use clear delimiters and formatting
- Add output format specifications
2. **Context Optimization**:
- Minimize token usage
- Structure information hierarchically
- Remove redundant information
- Add relevant context
- Use compression techniques
3. **Performance Testing**:
- Create prompt variants
- Design evaluation criteria
- Test edge cases
- Measure consistency
- Compare model outputs
4. **Model-Specific Optimization**:
- GPT-4 best practices
- Claude optimization techniques
- Prompt chaining strategies
- Temperature/parameter tuning
- Token budget management
5. **RAG Integration**:
- Context window management
- Retrieval query optimization
- Chunk size recommendations
- Embedding strategies
- Reranking approaches
6. **Production Considerations**:
- Prompt versioning
- A/B testing framework
- Monitoring metrics
- Fallback strategies
- Cost optimization
Provide optimized prompts with explanations for each change. Include evaluation metrics and testing strategies. Consider both quality and cost efficiency.

272
tools/refactor-clean.md Normal file
View File

@@ -0,0 +1,272 @@
---
model: claude-sonnet-4-0
---
# Refactor and Clean Code
You are a code refactoring expert specializing in clean code principles, SOLID design patterns, and modern software engineering best practices. Analyze and refactor the provided code to improve its quality, maintainability, and performance.
## Context
The user needs help refactoring code to make it cleaner, more maintainable, and aligned with best practices. Focus on practical improvements that enhance code quality without over-engineering.
## Requirements
$ARGUMENTS
## Instructions
### 1. Code Analysis
First, analyze the current code for:
- **Code Smells**
- Long methods/functions (>20 lines)
- Large classes (>200 lines)
- Duplicate code blocks
- Dead code and unused variables
- Complex conditionals and nested loops
- Magic numbers and hardcoded values
- Poor naming conventions
- Tight coupling between components
- Missing abstractions
- **SOLID Violations**
- Single Responsibility Principle violations
- Open/Closed Principle issues
- Liskov Substitution problems
- Interface Segregation concerns
- Dependency Inversion violations
- **Performance Issues**
- Inefficient algorithms (O(n²) or worse)
- Unnecessary object creation
- Memory leaks potential
- Blocking operations
- Missing caching opportunities
### 2. Refactoring Strategy
Create a prioritized refactoring plan:
**Immediate Fixes (High Impact, Low Effort)**
- Extract magic numbers to constants
- Improve variable and function names
- Remove dead code
- Simplify boolean expressions
- Extract duplicate code to functions
**Method Extraction**
```
# Before
def process_order(order):
# 50 lines of validation
# 30 lines of calculation
# 40 lines of notification
# After
def process_order(order):
validate_order(order)
total = calculate_order_total(order)
send_order_notifications(order, total)
```
**Class Decomposition**
- Extract responsibilities to separate classes
- Create interfaces for dependencies
- Implement dependency injection
- Use composition over inheritance
**Pattern Application**
- Factory pattern for object creation
- Strategy pattern for algorithm variants
- Observer pattern for event handling
- Repository pattern for data access
- Decorator pattern for extending behavior
### 3. Refactored Implementation
Provide the complete refactored code with:
**Clean Code Principles**
- Meaningful names (searchable, pronounceable, no abbreviations)
- Functions do one thing well
- No side effects
- Consistent abstraction levels
- DRY (Don't Repeat Yourself)
- YAGNI (You Aren't Gonna Need It)
**Error Handling**
```python
# Use specific exceptions
class OrderValidationError(Exception):
pass
class InsufficientInventoryError(Exception):
pass
# Fail fast with clear messages
def validate_order(order):
if not order.items:
raise OrderValidationError("Order must contain at least one item")
for item in order.items:
if item.quantity <= 0:
raise OrderValidationError(f"Invalid quantity for {item.name}")
```
**Documentation**
```python
def calculate_discount(order: Order, customer: Customer) -> Decimal:
"""
Calculate the total discount for an order based on customer tier and order value.
Args:
order: The order to calculate discount for
customer: The customer making the order
Returns:
The discount amount as a Decimal
Raises:
ValueError: If order total is negative
"""
```
### 4. Testing Strategy
Generate comprehensive tests for the refactored code:
**Unit Tests**
```python
class TestOrderProcessor:
def test_validate_order_empty_items(self):
order = Order(items=[])
with pytest.raises(OrderValidationError):
validate_order(order)
def test_calculate_discount_vip_customer(self):
order = create_test_order(total=1000)
customer = Customer(tier="VIP")
discount = calculate_discount(order, customer)
assert discount == Decimal("100.00") # 10% VIP discount
```
**Test Coverage**
- All public methods tested
- Edge cases covered
- Error conditions verified
- Performance benchmarks included
### 5. Before/After Comparison
Provide clear comparisons showing improvements:
**Metrics**
- Cyclomatic complexity reduction
- Lines of code per method
- Test coverage increase
- Performance improvements
**Example**
```
Before:
- processData(): 150 lines, complexity: 25
- 0% test coverage
- 3 responsibilities mixed
After:
- validateInput(): 20 lines, complexity: 4
- transformData(): 25 lines, complexity: 5
- saveResults(): 15 lines, complexity: 3
- 95% test coverage
- Clear separation of concerns
```
### 6. Migration Guide
If breaking changes are introduced:
**Step-by-Step Migration**
1. Install new dependencies
2. Update import statements
3. Replace deprecated methods
4. Run migration scripts
5. Execute test suite
**Backward Compatibility**
```python
# Temporary adapter for smooth migration
class LegacyOrderProcessor:
def __init__(self):
self.processor = OrderProcessor()
def process(self, order_data):
# Convert legacy format
order = Order.from_legacy(order_data)
return self.processor.process(order)
```
### 7. Performance Optimizations
Include specific optimizations:
**Algorithm Improvements**
```python
# Before: O(n²)
for item in items:
for other in items:
if item.id == other.id:
# process
# After: O(n)
item_map = {item.id: item for item in items}
for item_id, item in item_map.items():
# process
```
**Caching Strategy**
```python
from functools import lru_cache
@lru_cache(maxsize=128)
def calculate_expensive_metric(data_id: str) -> float:
# Expensive calculation cached
return result
```
### 8. Code Quality Checklist
Ensure the refactored code meets these criteria:
- [ ] All methods < 20 lines
- [ ] All classes < 200 lines
- [ ] No method has > 3 parameters
- [ ] Cyclomatic complexity < 10
- [ ] No nested loops > 2 levels
- [ ] All names are descriptive
- [ ] No commented-out code
- [ ] Consistent formatting
- [ ] Type hints added (Python/TypeScript)
- [ ] Error handling comprehensive
- [ ] Logging added for debugging
- [ ] Performance metrics included
- [ ] Documentation complete
- [ ] Tests achieve > 80% coverage
- [ ] No security vulnerabilities
## Severity Levels
Rate issues found and improvements made:
**Critical**: Security vulnerabilities, data corruption risks, memory leaks
**High**: Performance bottlenecks, maintainability blockers, missing tests
**Medium**: Code smells, minor performance issues, incomplete documentation
**Low**: Style inconsistencies, minor naming issues, nice-to-have features
## Output Format
1. **Analysis Summary**: Key issues found and their impact
2. **Refactoring Plan**: Prioritized list of changes with effort estimates
3. **Refactored Code**: Complete implementation with inline comments explaining changes
4. **Test Suite**: Comprehensive tests for all refactored components
5. **Migration Guide**: Step-by-step instructions for adopting changes
6. **Metrics Report**: Before/after comparison of code quality metrics
Focus on delivering practical, incremental improvements that can be adopted immediately while maintaining system stability.

3473
tools/security-scan.md Normal file
View File

File diff suppressed because it is too large Load Diff

1059
tools/slo-implement.md Normal file
View File

File diff suppressed because it is too large Load Diff

70
tools/smart-debug.md Normal file
View File

@@ -0,0 +1,70 @@
---
model: claude-sonnet-4-0
---
Debug complex issues using specialized debugging agents:
[Extended thinking: This tool command leverages the debugger agent with additional support from performance-engineer when performance issues are involved. It provides deep debugging capabilities with root cause analysis.]
## Debugging Approach
### 1. Primary Debug Analysis
Use Task tool with subagent_type="debugger" to:
- Analyze error messages and stack traces
- Identify code paths leading to the issue
- Reproduce the problem systematically
- Isolate the root cause
- Suggest multiple fix approaches
Prompt: "Debug issue: $ARGUMENTS. Provide detailed analysis including:
1. Error reproduction steps
2. Root cause identification
3. Code flow analysis leading to the error
4. Multiple solution approaches with trade-offs
5. Recommended fix with implementation details"
### 2. Performance Debugging (if performance-related)
If the issue involves performance problems, also use Task tool with subagent_type="performance-engineer" to:
- Profile code execution
- Identify bottlenecks
- Analyze resource usage
- Suggest optimization strategies
Prompt: "Profile and debug performance issue: $ARGUMENTS. Include:
1. Performance metrics and profiling data
2. Bottleneck identification
3. Resource usage analysis
4. Optimization recommendations
5. Before/after performance projections"
## Debug Output Structure
### Root Cause Analysis
- Precise identification of the bug source
- Explanation of why the issue occurs
- Impact analysis on other components
### Reproduction Guide
- Step-by-step reproduction instructions
- Required environment setup
- Test data or conditions needed
### Solution Options
1. **Quick Fix** - Minimal change to resolve issue
- Implementation details
- Risk assessment
2. **Proper Fix** - Best long-term solution
- Refactoring requirements
- Testing needs
3. **Preventive Measures** - Avoid similar issues
- Code patterns to adopt
- Tests to add
### Implementation Guide
- Specific code changes needed
- Order of operations for the fix
- Validation steps
Issue to debug: $ARGUMENTS

73
tools/standup-notes.md Normal file
View File

@@ -0,0 +1,73 @@
---
model: claude-sonnet-4-0
---
# Standup Notes Generator
Generate daily standup notes by reviewing Obsidian vault context and Jira tickets.
## Usage
```
/standup-notes
```
## Prerequisites
- Enable the **mcp-obsidian** provider with read/write access to the target vault.
- Configure the **atlassian** provider with Jira credentials that can query the team's backlog.
- Optional: connect calendar integrations if you want meetings to appear automatically.
## Process
1. **Gather Context from Obsidian**
- Use `mcp__mcp-obsidian__obsidian_get_recent_changes` to find recently modified files
- Use `mcp__mcp-obsidian__obsidian_get_recent_periodic_notes` to get recent daily notes
- Look for project updates, completed tasks, and ongoing work
2. **Check Jira Tickets**
- Use `mcp__atlassian__searchJiraIssuesUsingJql` to find tickets assigned to current user (fall back to asking the user for updates if the Atlassian connector is unavailable)
- Filter for:
- In Progress tickets (current work)
- Recently resolved/closed tickets (yesterday's accomplishments)
- Upcoming/todo tickets (today's planned work)
3. **Generate Standup Notes**
Format:
```
Morning!
Yesterday:
• [Completed tasks from Jira and Obsidian notes]
• [Key accomplishments and milestones]
Today:
• [In-progress Jira tickets]
• [Planned work from tickets and notes]
• [Meetings from calendar/notes]
Note: [Any blockers, dependencies, or important context]
```
4. **Write to Obsidian**
- Create file in `Standup Notes/YYYY-MM-DD.md` format (or summarize in the chat if the Obsidian connector is disabled)
- Use `mcp__mcp-obsidian__obsidian_append_content` to write the generated notes when available
## Implementation Steps
1. Get current user info from Atlassian
2. Search for recent Obsidian changes (last 2 days)
3. Query Jira for:
- `assignee = currentUser() AND (status CHANGED FROM "In Progress" TO "Done" DURING (-1d, now()) OR resolutiondate >= -1d)`
- `assignee = currentUser() AND status = "In Progress"`
- `assignee = currentUser() AND status in ("To Do", "Open") AND (sprint in openSprints() OR priority in (High, Highest))`
4. Parse and categorize findings
5. Generate formatted standup notes
6. Save to Obsidian vault
## Context Extraction Patterns
- Look for keywords: "completed", "finished", "deployed", "released", "fixed", "implemented"
- Extract meeting notes and action items
- Identify blockers or dependencies mentioned
- Pull sprint goals and objectives

135
tools/tdd-green.md Normal file
View File

@@ -0,0 +1,135 @@
---
model: claude-sonnet-4-0
---
Implement minimal code to make failing tests pass in TDD green phase:
[Extended thinking: This tool uses the test-automator agent to implement the minimal code necessary to make tests pass. It focuses on simplicity, avoiding over-engineering while ensuring all tests become green.]
## Implementation Process
Use Task tool with subagent_type="test-automator" to implement minimal passing code.
Prompt: "Implement MINIMAL code to make these failing tests pass: $ARGUMENTS. Follow TDD green phase principles:
1. **Pre-Implementation Analysis**
- Review all failing tests and their error messages
- Identify the simplest path to make tests pass
- Map test requirements to minimal implementation needs
- Avoid premature optimization or over-engineering
- Focus only on making tests green, not perfect code
2. **Implementation Strategy**
- **Fake It**: Return hard-coded values when appropriate
- **Obvious Implementation**: When solution is trivial and clear
- **Triangulation**: Generalize only when multiple tests require it
- Start with the simplest test and work incrementally
- One test at a time - don't try to pass all at once
3. **Code Structure Guidelines**
- Write the minimal code that could possibly work
- Avoid adding functionality not required by tests
- Use simple data structures initially
- Defer architectural decisions until refactor phase
- Keep methods/functions small and focused
- Don't add error handling unless tests require it
4. **Language-Specific Patterns**
- **JavaScript/TypeScript**: Simple functions, avoid classes initially
- **Python**: Functions before classes, simple returns
- **Java**: Minimal class structure, no patterns yet
- **C#**: Basic implementations, no interfaces yet
- **Go**: Simple functions, defer goroutines/channels
- **Ruby**: Procedural before object-oriented when possible
5. **Progressive Implementation**
- Make first test pass with simplest possible code
- Run tests after each change to verify progress
- Add just enough code for next failing test
- Resist urge to implement beyond test requirements
- Keep track of technical debt for refactor phase
- Document assumptions and shortcuts taken
6. **Common Green Phase Techniques**
- Hard-coded returns for initial tests
- Simple if/else for limited test cases
- Basic loops only when iteration tests require
- Minimal data structures (arrays before complex objects)
- In-memory storage before database integration
- Synchronous before asynchronous implementation
7. **Success Criteria**
✓ All tests pass (green)
✓ No extra functionality beyond test requirements
✓ Code is readable even if not optimal
✓ No broken existing functionality
✓ Implementation time is minimized
✓ Clear path to refactoring identified
8. **Anti-Patterns to Avoid**
- Gold plating or adding unrequested features
- Implementing design patterns prematurely
- Complex abstractions without test justification
- Performance optimizations without metrics
- Adding tests during green phase
- Refactoring during implementation
- Ignoring test failures to move forward
9. **Implementation Metrics**
- Time to green: Track implementation duration
- Lines of code: Measure implementation size
- Cyclomatic complexity: Keep it low initially
- Test pass rate: Must reach 100%
- Code coverage: Verify all paths tested
10. **Validation Steps**
- Run all tests and confirm they pass
- Verify no regression in existing tests
- Check that implementation is truly minimal
- Document any technical debt created
- Prepare notes for refactoring phase
Output should include:
- Complete implementation code
- Test execution results showing all green
- List of shortcuts taken for later refactoring
- Implementation time metrics
- Technical debt documentation
- Readiness assessment for refactor phase"
## Post-Implementation Checks
After implementation:
1. Run full test suite to confirm all tests pass
2. Verify no existing tests were broken
3. Document areas needing refactoring
4. Check implementation is truly minimal
5. Record implementation time for metrics
## Recovery Process
If tests still fail:
- Review test requirements carefully
- Check for misunderstood assertions
- Add minimal code to address specific failures
- Avoid the temptation to rewrite from scratch
- Consider if tests themselves need adjustment
## Integration Points
- Follows from tdd-red.md test creation
- Prepares for tdd-refactor.md improvements
- Updates test coverage metrics
- Triggers CI/CD pipeline verification
- Documents technical debt for tracking
## Best Practices
- Embrace "good enough" for this phase
- Speed over perfection (perfection comes in refactor)
- Make it work, then make it right, then make it fast
- Trust that refactoring phase will improve code
- Keep changes small and incremental
- Celebrate reaching green state!
Tests to make pass: $ARGUMENTS

116
tools/tdd-red.md Normal file
View File

@@ -0,0 +1,116 @@
---
model: claude-sonnet-4-0
---
Write comprehensive failing tests following TDD red phase principles:
[Extended thinking: This tool uses the test-automator agent to generate comprehensive failing tests that properly define expected behavior. It ensures tests fail for the right reasons and establishes a solid foundation for implementation.]
## Test Generation Process
Use Task tool with subagent_type="test-automator" to generate failing tests.
Prompt: "Generate comprehensive FAILING tests for: $ARGUMENTS. Follow TDD red phase principles:
1. **Test Structure Setup**
- Choose appropriate testing framework for the language/stack
- Set up test fixtures and necessary imports
- Configure test runners and assertion libraries
- Establish test naming conventions (should_X_when_Y format)
2. **Behavior Definition**
- Define clear expected behaviors from requirements
- Cover happy path scenarios thoroughly
- Include edge cases and boundary conditions
- Add error handling and exception scenarios
- Consider null/undefined/empty input cases
3. **Test Implementation**
- Write descriptive test names that document intent
- Keep tests focused on single behaviors (one assertion per test when possible)
- Use Arrange-Act-Assert (AAA) pattern consistently
- Implement test data builders for complex objects
- Avoid test interdependencies - each test must be isolated
4. **Failure Verification**
- Ensure tests actually fail when run
- Verify failure messages are meaningful and diagnostic
- Confirm tests fail for the RIGHT reasons (not syntax/import errors)
- Check that error messages guide implementation
- Validate test isolation - no cascading failures
5. **Test Categories**
- **Unit Tests**: Isolated component behavior
- **Integration Tests**: Component interaction scenarios
- **Contract Tests**: API and interface contracts
- **Property Tests**: Invariants and mathematical properties
- **Acceptance Tests**: User story validation
6. **Framework-Specific Patterns**
- **JavaScript/TypeScript**: Jest, Mocha, Vitest patterns
- **Python**: pytest fixtures and parameterization
- **Java**: JUnit5 annotations and assertions
- **C#**: NUnit/xUnit attributes and theory data
- **Go**: Table-driven tests and subtests
- **Ruby**: RSpec expectations and contexts
7. **Test Quality Checklist**
✓ Tests are readable and self-documenting
✓ Failure messages clearly indicate what went wrong
✓ Tests follow DRY principle with appropriate abstractions
✓ Coverage includes positive, negative, and edge cases
✓ Tests can serve as living documentation
✓ No implementation details leaked into tests
✓ Tests use meaningful test data, not 'foo' and 'bar'
8. **Common Anti-Patterns to Avoid**
- Writing tests that pass immediately
- Testing implementation instead of behavior
- Overly complex test setup
- Brittle tests tied to specific implementations
- Tests with multiple responsibilities
- Ignored or commented-out tests
- Tests without clear assertions
Output should include:
- Complete test file(s) with all necessary imports
- Clear documentation of what each test validates
- Verification commands to run tests and see failures
- Metrics: number of tests, coverage areas, test categories
- Next steps for moving to green phase"
## Validation Steps
After test generation:
1. Run tests to confirm they fail
2. Verify failure messages are helpful
3. Check test independence and isolation
4. Ensure comprehensive coverage
5. Document any assumptions made
## Recovery Process
If tests don't fail properly:
- Debug import/syntax issues first
- Ensure test framework is properly configured
- Verify assertions are actually checking behavior
- Add more specific assertions if needed
- Consider missing test categories
## Integration Points
- Links to tdd-green.md for implementation phase
- Coordinates with tdd-refactor.md for improvement phase
- Integrates with CI/CD for automated verification
- Connects to test coverage reporting tools
## Best Practices
- Start with the simplest failing test
- One behavior change at a time
- Tests should tell a story of the feature
- Prefer many small tests over few large ones
- Use test naming as documentation
- Keep test code as clean as production code
Test requirements: $ARGUMENTS

179
tools/tdd-refactor.md Normal file
View File

@@ -0,0 +1,179 @@
---
model: claude-opus-4-1
---
Refactor code with confidence using comprehensive test safety net:
[Extended thinking: This tool uses the tdd-orchestrator agent (opus model) for sophisticated refactoring while maintaining all tests green. It applies design patterns, improves code quality, and optimizes performance with the safety of comprehensive test coverage.]
## Refactoring Process
Use Task tool with subagent_type="tdd-orchestrator" to perform safe refactoring.
Prompt: "Refactor this code while keeping all tests green: $ARGUMENTS. Apply TDD refactor phase excellence:
1. **Pre-Refactoring Assessment**
- Analyze current code structure and identify code smells
- Review test coverage to ensure safety net is comprehensive
- Identify refactoring opportunities and prioritize by impact
- Run all tests to establish green baseline
- Document current performance metrics for comparison
- Create refactoring plan with incremental steps
2. **Code Smell Detection**
- **Duplicated Code**: Extract methods, pull up to base classes
- **Long Methods**: Decompose into smaller, focused functions
- **Large Classes**: Split responsibilities, extract classes
- **Long Parameter Lists**: Introduce parameter objects
- **Feature Envy**: Move methods to appropriate classes
- **Data Clumps**: Group related data into objects
- **Primitive Obsession**: Replace with value objects
- **Switch Statements**: Replace with polymorphism
- **Parallel Inheritance**: Merge hierarchies
- **Dead Code**: Remove unused code paths
3. **Design Pattern Application**
- **Creational Patterns**: Factory, Builder, Singleton where appropriate
- **Structural Patterns**: Adapter, Facade, Decorator for flexibility
- **Behavioral Patterns**: Strategy, Observer, Command for decoupling
- **Domain Patterns**: Repository, Service, Value Objects
- **Architecture Patterns**: Hexagonal, Clean Architecture principles
- Apply patterns only where they add clear value
- Avoid pattern overuse and unnecessary complexity
4. **SOLID Principles Enforcement**
- **Single Responsibility**: One reason to change per class
- **Open/Closed**: Open for extension, closed for modification
- **Liskov Substitution**: Subtypes must be substitutable
- **Interface Segregation**: Small, focused interfaces
- **Dependency Inversion**: Depend on abstractions
- Balance principles with pragmatic simplicity
5. **Refactoring Techniques Catalog**
- **Extract Method**: Isolate code blocks into named methods
- **Inline Method**: Remove unnecessary indirection
- **Extract Variable**: Name complex expressions
- **Rename**: Improve names for clarity and intent
- **Move Method/Field**: Relocate to appropriate classes
- **Extract Interface**: Define contracts explicitly
- **Replace Magic Numbers**: Use named constants
- **Encapsulate Field**: Add getters/setters for control
- **Replace Conditional with Polymorphism**: Object-oriented solutions
- **Introduce Null Object**: Eliminate null checks
6. **Performance Optimization**
- Profile code to identify actual bottlenecks
- Optimize algorithms and data structures
- Implement caching where beneficial
- Reduce database queries and network calls
- Lazy loading and pagination strategies
- Memory usage optimization
- Always measure before and after changes
- Keep optimizations that provide measurable benefit
7. **Code Quality Improvements**
- **Naming**: Clear, intentional, domain-specific names
- **Comments**: Remove obvious, add why not what
- **Formatting**: Consistent style throughout codebase
- **Error Handling**: Explicit, recoverable, informative
- **Logging**: Strategic placement, appropriate levels
- **Documentation**: Update to reflect changes
- **Type Safety**: Strengthen types where possible
8. **Incremental Refactoring Steps**
- Make small, atomic changes
- Run tests after each modification
- Commit after each successful refactoring
- Use IDE refactoring tools when available
- Manual refactoring for complex transformations
- Keep refactoring separate from behavior changes
- Create temporary scaffolding when needed
9. **Architecture Evolution**
- Layer separation and dependency management
- Module boundaries and interface definition
- Service extraction for microservices preparation
- Event-driven patterns for decoupling
- Async patterns for scalability
- Database access patterns optimization
- API design improvements
10. **Quality Metrics Tracking**
- **Cyclomatic Complexity**: Reduce decision points
- **Code Coverage**: Maintain or improve percentage
- **Coupling**: Decrease interdependencies
- **Cohesion**: Increase related functionality grouping
- **Technical Debt**: Measure reduction achieved
- **Performance**: Response time and resource usage
- **Maintainability Index**: Track improvement
- **Code Duplication**: Percentage reduction
11. **Safety Verification**
- Run full test suite after each change
- Use mutation testing to verify test effectiveness
- Performance regression testing
- Integration testing for architectural changes
- Manual exploratory testing for UX changes
- Code review checkpoint documentation
- Rollback plan for each major change
12. **Advanced Refactoring Patterns**
- **Strangler Fig**: Gradual legacy replacement
- **Branch by Abstraction**: Large-scale changes
- **Parallel Change**: Expand-contract pattern
- **Mikado Method**: Dependency graph navigation
- **Preparatory Refactoring**: Enable feature addition
- **Feature Toggles**: Safe production deployment
Output should include:
- Refactored code with all improvements applied
- Test results confirming all tests remain green
- Before/after metrics comparison
- List of applied refactoring techniques
- Performance improvement measurements
- Code quality metrics improvement
- Documentation of architectural changes
- Remaining technical debt assessment
- Recommendations for future refactoring"
## Refactoring Safety Checklist
Before committing refactored code:
1. ✓ All tests pass (100% green)
2. ✓ No functionality regression
3. ✓ Performance metrics acceptable
4. ✓ Code coverage maintained/improved
5. ✓ Documentation updated
6. ✓ Team code review completed
## Recovery Process
If tests fail during refactoring:
- Immediately revert last change
- Identify which refactoring broke tests
- Apply smaller, incremental changes
- Consider if tests need updating (behavior change)
- Use version control for safe experimentation
- Leverage IDE's undo functionality
## Integration Points
- Follows from tdd-green.md implementation
- Coordinates with test-automator for test updates
- Integrates with static analysis tools
- Triggers performance benchmarks
- Updates architecture documentation
- Links to CI/CD for deployment readiness
## Best Practices
- Refactor in small, safe steps
- Keep tests green throughout process
- Commit after each successful refactoring
- Don't mix refactoring with feature changes
- Use tools but understand manual techniques
- Focus on high-impact improvements first
- Leave code better than you found it
- Document why, not just what changed
Code to refactor: $ARGUMENTS

375
tools/tech-debt.md Normal file
View File

@@ -0,0 +1,375 @@
---
model: claude-sonnet-4-0
---
# Technical Debt Analysis and Remediation
You are a technical debt expert specializing in identifying, quantifying, and prioritizing technical debt in software projects. Analyze the codebase to uncover debt, assess its impact, and create actionable remediation plans.
## Context
The user needs a comprehensive technical debt analysis to understand what's slowing down development, increasing bugs, and creating maintenance challenges. Focus on practical, measurable improvements with clear ROI.
## Requirements
$ARGUMENTS
## Instructions
### 1. Technical Debt Inventory
Conduct a thorough scan for all types of technical debt:
**Code Debt**
- **Duplicated Code**
- Exact duplicates (copy-paste)
- Similar logic patterns
- Repeated business rules
- Quantify: Lines duplicated, locations
- **Complex Code**
- High cyclomatic complexity (>10)
- Deeply nested conditionals (>3 levels)
- Long methods (>50 lines)
- God classes (>500 lines, >20 methods)
- Quantify: Complexity scores, hotspots
- **Poor Structure**
- Circular dependencies
- Inappropriate intimacy between classes
- Feature envy (methods using other class data)
- Shotgun surgery patterns
- Quantify: Coupling metrics, change frequency
**Architecture Debt**
- **Design Flaws**
- Missing abstractions
- Leaky abstractions
- Violated architectural boundaries
- Monolithic components
- Quantify: Component size, dependency violations
- **Technology Debt**
- Outdated frameworks/libraries
- Deprecated API usage
- Legacy patterns (e.g., callbacks vs promises)
- Unsupported dependencies
- Quantify: Version lag, security vulnerabilities
**Testing Debt**
- **Coverage Gaps**
- Untested code paths
- Missing edge cases
- No integration tests
- Lack of performance tests
- Quantify: Coverage %, critical paths untested
- **Test Quality**
- Brittle tests (environment-dependent)
- Slow test suites
- Flaky tests
- No test documentation
- Quantify: Test runtime, failure rate
**Documentation Debt**
- **Missing Documentation**
- No API documentation
- Undocumented complex logic
- Missing architecture diagrams
- No onboarding guides
- Quantify: Undocumented public APIs
**Infrastructure Debt**
- **Deployment Issues**
- Manual deployment steps
- No rollback procedures
- Missing monitoring
- No performance baselines
- Quantify: Deployment time, failure rate
### 2. Impact Assessment
Calculate the real cost of each debt item:
**Development Velocity Impact**
```
Debt Item: Duplicate user validation logic
Locations: 5 files
Time Impact:
- 2 hours per bug fix (must fix in 5 places)
- 4 hours per feature change
- Monthly impact: ~20 hours
Annual Cost: 240 hours × $150/hour = $36,000
```
**Quality Impact**
```
Debt Item: No integration tests for payment flow
Bug Rate: 3 production bugs/month
Average Bug Cost:
- Investigation: 4 hours
- Fix: 2 hours
- Testing: 2 hours
- Deployment: 1 hour
Monthly Cost: 3 bugs × 9 hours × $150 = $4,050
Annual Cost: $48,600
```
**Risk Assessment**
- **Critical**: Security vulnerabilities, data loss risk
- **High**: Performance degradation, frequent outages
- **Medium**: Developer frustration, slow feature delivery
- **Low**: Code style issues, minor inefficiencies
### 3. Debt Metrics Dashboard
Create measurable KPIs:
**Code Quality Metrics**
```yaml
Metrics:
cyclomatic_complexity:
current: 15.2
target: 10.0
files_above_threshold: 45
code_duplication:
percentage: 23%
target: 5%
duplication_hotspots:
- src/validation: 850 lines
- src/api/handlers: 620 lines
test_coverage:
unit: 45%
integration: 12%
e2e: 5%
target: 80% / 60% / 30%
dependency_health:
outdated_major: 12
outdated_minor: 34
security_vulnerabilities: 7
deprecated_apis: 15
```
**Trend Analysis**
```python
debt_trends = {
"2024_Q1": {"score": 750, "items": 125},
"2024_Q2": {"score": 820, "items": 142},
"2024_Q3": {"score": 890, "items": 156},
"growth_rate": "18% quarterly",
"projection": "1200 by 2025_Q1 without intervention"
}
```
### 4. Prioritized Remediation Plan
Create an actionable roadmap based on ROI:
**Quick Wins (High Value, Low Effort)**
Week 1-2:
```
1. Extract duplicate validation logic to shared module
Effort: 8 hours
Savings: 20 hours/month
ROI: 250% in first month
2. Add error monitoring to payment service
Effort: 4 hours
Savings: 15 hours/month debugging
ROI: 375% in first month
3. Automate deployment script
Effort: 12 hours
Savings: 2 hours/deployment × 20 deploys/month
ROI: 333% in first month
```
**Medium-Term Improvements (Month 1-3)**
```
1. Refactor OrderService (God class)
- Split into 4 focused services
- Add comprehensive tests
- Create clear interfaces
Effort: 60 hours
Savings: 30 hours/month maintenance
ROI: Positive after 2 months
2. Upgrade React 16 → 18
- Update component patterns
- Migrate to hooks
- Fix breaking changes
Effort: 80 hours
Benefits: Performance +30%, Better DX
ROI: Positive after 3 months
```
**Long-Term Initiatives (Quarter 2-4)**
```
1. Implement Domain-Driven Design
- Define bounded contexts
- Create domain models
- Establish clear boundaries
Effort: 200 hours
Benefits: 50% reduction in coupling
ROI: Positive after 6 months
2. Comprehensive Test Suite
- Unit: 80% coverage
- Integration: 60% coverage
- E2E: Critical paths
Effort: 300 hours
Benefits: 70% reduction in bugs
ROI: Positive after 4 months
```
### 5. Implementation Strategy
**Incremental Refactoring**
```python
# Phase 1: Add facade over legacy code
class PaymentFacade:
def __init__(self):
self.legacy_processor = LegacyPaymentProcessor()
def process_payment(self, order):
# New clean interface
return self.legacy_processor.doPayment(order.to_legacy())
# Phase 2: Implement new service alongside
class PaymentService:
def process_payment(self, order):
# Clean implementation
pass
# Phase 3: Gradual migration
class PaymentFacade:
def __init__(self):
self.new_service = PaymentService()
self.legacy = LegacyPaymentProcessor()
def process_payment(self, order):
if feature_flag("use_new_payment"):
return self.new_service.process_payment(order)
return self.legacy.doPayment(order.to_legacy())
```
**Team Allocation**
```yaml
Debt_Reduction_Team:
dedicated_time: "20% sprint capacity"
roles:
- tech_lead: "Architecture decisions"
- senior_dev: "Complex refactoring"
- dev: "Testing and documentation"
sprint_goals:
- sprint_1: "Quick wins completed"
- sprint_2: "God class refactoring started"
- sprint_3: "Test coverage >60%"
```
### 6. Prevention Strategy
Implement gates to prevent new debt:
**Automated Quality Gates**
```yaml
pre_commit_hooks:
- complexity_check: "max 10"
- duplication_check: "max 5%"
- test_coverage: "min 80% for new code"
ci_pipeline:
- dependency_audit: "no high vulnerabilities"
- performance_test: "no regression >10%"
- architecture_check: "no new violations"
code_review:
- requires_two_approvals: true
- must_include_tests: true
- documentation_required: true
```
**Debt Budget**
```python
debt_budget = {
"allowed_monthly_increase": "2%",
"mandatory_reduction": "5% per quarter",
"tracking": {
"complexity": "sonarqube",
"dependencies": "dependabot",
"coverage": "codecov"
}
}
```
### 7. Communication Plan
**Stakeholder Reports**
```markdown
## Executive Summary
- Current debt score: 890 (High)
- Monthly velocity loss: 35%
- Bug rate increase: 45%
- Recommended investment: 500 hours
- Expected ROI: 280% over 12 months
## Key Risks
1. Payment system: 3 critical vulnerabilities
2. Data layer: No backup strategy
3. API: Rate limiting not implemented
## Proposed Actions
1. Immediate: Security patches (this week)
2. Short-term: Core refactoring (1 month)
3. Long-term: Architecture modernization (6 months)
```
**Developer Documentation**
```markdown
## Refactoring Guide
1. Always maintain backward compatibility
2. Write tests before refactoring
3. Use feature flags for gradual rollout
4. Document architectural decisions
5. Measure impact with metrics
## Code Standards
- Complexity limit: 10
- Method length: 20 lines
- Class length: 200 lines
- Test coverage: 80%
- Documentation: All public APIs
```
### 8. Success Metrics
Track progress with clear KPIs:
**Monthly Metrics**
- Debt score reduction: Target -5%
- New bug rate: Target -20%
- Deployment frequency: Target +50%
- Lead time: Target -30%
- Test coverage: Target +10%
**Quarterly Reviews**
- Architecture health score
- Developer satisfaction survey
- Performance benchmarks
- Security audit results
- Cost savings achieved
## Output Format
1. **Debt Inventory**: Comprehensive list categorized by type with metrics
2. **Impact Analysis**: Cost calculations and risk assessments
3. **Prioritized Roadmap**: Quarter-by-quarter plan with clear deliverables
4. **Quick Wins**: Immediate actions for this sprint
5. **Implementation Guide**: Step-by-step refactoring strategies
6. **Prevention Plan**: Processes to avoid accumulating new debt
7. **ROI Projections**: Expected returns on debt reduction investment
Focus on delivering measurable improvements that directly impact development velocity, system reliability, and team morale.

2019
tools/test-harness.md Normal file
View File

File diff suppressed because it is too large Load Diff