dpnmw/agents
1
0
Fork 0
mirror of https://github.com/wshobson/agents.git synced 2026-03-18 17:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dpnmw:a5ab5d8f31256c0c03b0accb228cf238c11b4ed8
Branches Tags
dpnmw:main dpnmw:payment-element-with-cs
..
compare: dpnmw:payment-element-with-cs
Branches Tags
dpnmw:main dpnmw:payment-element-with-cs

7 Commits
a5ab5d8f31 ... payment-el

Author SHA1 Message Date
Seth Hobson
94d1aba17a Add modernized Payment Intents pattern with Payment Element 
- Restore Payment Intents flow removed by PR, updated for modern best practices
- Use Payment Element instead of legacy Card Element
- Use stripe.confirmPayment() instead of deprecated confirmCardPayment()
- Use automatic_payment_methods instead of hardcoded payment_method_types
- Split Python/JS into separate fenced code blocks for clarity
- Add guidance on when to use Payment Intents vs Checkout Sessions
- Renumber subsequent patterns (Subscription → 4, Customer Portal → 5)
 2026-02-19 13:45:55 -05:00
Seth Hobson
204e8129aa Polish Stripe best practices examples for consistency 
- Remove payment_method_types=['card'] from Quick Start (dynamic payment methods)
- Remove unused appearance variable from Pattern 2 JS example
- Fix actions access pattern: destructure before use for consistency
- Add inline comments clarifying sync/async distinction and amount format
- Add ui_mode='embedded' to Embedded checkout bullet for completeness
- Replace payment_method_types with automatic_payment_methods in test example
 2026-02-19 13:42:36 -05:00
Sawyer
2b8e3166a1 Update to latest Stripe best practices 2026-02-18 20:38:50 -08:00
bentheautomator
5d65aa1063 Add YouTube design concept extractor tool (#432) 
* feat: add YouTube design concept extractor tool

Extracts transcript, metadata, and keyframes from YouTube videos
into a structured markdown reference document for agent consumption.

Supports interval-based frame capture, scene-change detection, and
chapter-aware transcript grouping.

https://claude.ai/code/session_01KZxeSK9A2F2oZUoHgxUUBV

* feat: add OCR and color palette extraction to yt-design-extractor

- Add --ocr flag with Tesseract (fast) or EasyOCR (stylized text) engines
- Add --colors flag for dominant color palette extraction via ColorThief
- Add --full convenience flag to enable all extraction features
- Include OCR text alongside each frame in markdown output
- Add Visual Text Index section for searchable on-screen text
- Export ocr-results.json and color-palette.json for reuse
- Run OCR in parallel with ThreadPoolExecutor for performance

https://claude.ai/code/session_01KZxeSK9A2F2oZUoHgxUUBV

* feat: add requirements.txt and Makefile for yt-design-extractor

- requirements.txt with core and optional dependencies
- Makefile with install, deps check, and run targets
- Support for make run-full, run-ocr, run-transcript variants
- Cross-platform install-ocr target (apt/brew/dnf)

https://claude.ai/code/session_01KZxeSK9A2F2oZUoHgxUUBV

* chore: move Makefile to project root for easier access

Now `make install-full` works from anywhere in the project.

https://claude.ai/code/session_01KZxeSK9A2F2oZUoHgxUUBV

* fix: make easyocr truly optional, fix install targets

- Remove easyocr from install-full (requires PyTorch, causes conflicts)
- Add separate install-easyocr target with CPU PyTorch from official index
- Update requirements.txt with clear instructions for optional easyocr
- Improve make deps output with clearer status messages

https://claude.ai/code/session_01KZxeSK9A2F2oZUoHgxUUBV

* fix: harden error handling and fix silent failures in yt-design-extractor

- Check ffmpeg return codes instead of silently producing 0 frames
- Add upfront shutil.which() checks for yt-dlp and ffmpeg
- Narrow broad except Exception catches (transcript, OCR, color)
- Log OCR errors instead of embedding error strings in output data
- Handle subprocess.TimeoutExpired on all subprocess calls
- Wrap video processing in try/finally for reliable cleanup
- Error on missing easyocr when explicitly requested (no silent fallback)
- Fix docstrings: 720p fallback, parallel OCR, chunk duration, deps
- Split pytesseract/Pillow imports for clearer missing-dep messages
- Add run-transcript to Makefile .PHONY and help target
- Fix variable shadowing in round_color (step -> bucket_size)
- Handle json.JSONDecodeError from yt-dlp metadata
- Format with ruff

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Seth Hobson <wshobson@gmail.com>
 2026-02-06 20:06:56 -05:00
Seth Hobson
089740f185 chore: bump marketplace to v1.5.1 and sync plugin versions 
Sync marketplace.json versions with plugin.json for all 14 touched
plugins. Fix plugin.json versions for llm-application-dev (2.0.3),
startup-business-analyst (1.0.4), and ui-design (1.0.2) to match
marketplace lineage. Add dotnet-contribution to marketplace.
 2026-02-06 19:36:28 -05:00
Seth Hobson
4d504ed8fa fix: eliminate cross-plugin dependencies and modernize plugin.json across marketplace 
Rewrites 14 commands across 11 plugins to remove all cross-plugin
subagent_type references (e.g., "unit-testing::test-automator"), which
break when plugins are installed standalone. Each command now uses only
local bundled agents or general-purpose with role context in the prompt.

All rewritten commands follow conductor-style patterns:
- CRITICAL BEHAVIORAL RULES with strong directives
- State files for session tracking and resume support
- Phase checkpoints requiring explicit user approval
- File-based context passing between steps

Also fixes 4 plugin.json files missing version/license fields and adds
plugin.json for dotnet-contribution.

Closes #433
 2026-02-06 19:34:26 -05:00
Seth Hobson
4820385a31 chore: modernize all plugins to new format with per-plugin plugin.json 
Add .claude-plugin/plugin.json to all 67 remaining plugins and simplify
marketplace.json entries by removing redundant fields (keywords, strict,
commands, agents, skills, repository) that are now auto-discovered.
Bump marketplace version to 1.5.0.
 2026-02-05 22:02:17 -05:00
97 changed files with 9139 additions and 4189 deletions
Expand all files Collapse all files

1367
.claude-plugin/marketplace.json
View File

File diff suppressed because it is too large Load Diff

120
Makefile Normal file
View File

@@ -0,0 +1,120 @@
# YouTube Design Extractor - Setup and Usage
# ==========================================
PYTHON := python3
PIP := pip3
SCRIPT := tools/yt-design-extractor.py
.PHONY: help install install-ocr install-easyocr deps check run run-full run-ocr run-transcript clean
help:
@echo "YouTube Design Extractor"
@echo "========================"
@echo ""
@echo "Setup (run in order):"
@echo " make install-ocr Install system tools (tesseract + ffmpeg)"
@echo " make install Install Python dependencies"
@echo " make deps Show what's installed"
@echo ""
@echo "Optional:"
@echo " make install-easyocr Install EasyOCR + PyTorch (~2GB, for stylized text)"
@echo ""
@echo "Usage:"
@echo " make run URL=<youtube-url> Basic extraction"
@echo " make run-full URL=<youtube-url> Full extraction (OCR + colors + scene)"
@echo " make run-ocr URL=<youtube-url> With OCR only"
@echo " make run-transcript URL=<youtube-url> Transcript + metadata only"
@echo ""
@echo "Examples:"
@echo " make run URL='https://youtu.be/eVnQFWGDEdY'"
@echo " make run-full URL='https://youtu.be/eVnQFWGDEdY' INTERVAL=15"
@echo ""
@echo "Options (pass as make variables):"
@echo " URL=<url> YouTube video URL (required)"
@echo " INTERVAL=<secs> Frame interval in seconds (default: 30)"
@echo " OUTPUT=<dir> Output directory"
@echo " ENGINE=<engine> OCR engine: tesseract (default) or easyocr"
# Installation targets
install:
$(PIP) install -r tools/requirements.txt
install-ocr:
@echo "Installing Tesseract OCR + ffmpeg..."
@if command -v apt-get >/dev/null 2>&1; then \
sudo apt-get update && sudo apt-get install -y tesseract-ocr ffmpeg; \
elif command -v brew >/dev/null 2>&1; then \
brew install tesseract ffmpeg; \
elif command -v dnf >/dev/null 2>&1; then \
sudo dnf install -y tesseract ffmpeg; \
else \
echo "Please install tesseract-ocr and ffmpeg manually"; \
exit 1; \
fi
install-easyocr:
@echo "Installing PyTorch (CPU) + EasyOCR (~2GB download)..."
$(PIP) install torch torchvision --index-url https://download.pytorch.org/whl/cpu
$(PIP) install easyocr
deps:
@echo "Checking dependencies..."
@echo ""
@echo "System tools:"
@command -v ffmpeg >/dev/null 2>&1 && echo " ✓ ffmpeg" || echo " ✗ ffmpeg (run: make install-ocr)"
@command -v tesseract >/dev/null 2>&1 && echo " ✓ tesseract" || echo " ✗ tesseract (run: make install-ocr)"
@echo ""
@echo "Python packages (required):"
@$(PYTHON) -c "import yt_dlp; print(' ✓ yt-dlp', yt_dlp.version.__version__)" 2>/dev/null || echo " ✗ yt-dlp (run: make install)"
@$(PYTHON) -c "from youtube_transcript_api import YouTubeTranscriptApi; print(' ✓ youtube-transcript-api')" 2>/dev/null || echo " ✗ youtube-transcript-api (run: make install)"
@$(PYTHON) -c "from PIL import Image; print(' ✓ Pillow')" 2>/dev/null || echo " ✗ Pillow (run: make install)"
@$(PYTHON) -c "import pytesseract; print(' ✓ pytesseract')" 2>/dev/null || echo " ✗ pytesseract (run: make install)"
@$(PYTHON) -c "from colorthief import ColorThief; print(' ✓ colorthief')" 2>/dev/null || echo " ✗ colorthief (run: make install)"
@echo ""
@echo "Optional (for stylized text OCR):"
@$(PYTHON) -c "import easyocr; print(' ✓ easyocr')" 2>/dev/null || echo " ○ easyocr (run: make install-easyocr)"
check:
@$(PYTHON) $(SCRIPT) --help >/dev/null && echo "✓ Script is working" || echo "✗ Script failed"
# Run targets
INTERVAL ?= 30
ENGINE ?= tesseract
OUTPUT ?=
run:
ifndef URL
@echo "Error: URL is required"
@echo "Usage: make run URL='https://youtu.be/VIDEO_ID'"
@exit 1
endif
$(PYTHON) $(SCRIPT) "$(URL)" --interval $(INTERVAL) $(if $(OUTPUT),-o $(OUTPUT))
run-full:
ifndef URL
@echo "Error: URL is required"
@echo "Usage: make run-full URL='https://youtu.be/VIDEO_ID'"
@exit 1
endif
$(PYTHON) $(SCRIPT) "$(URL)" --full --interval $(INTERVAL) --ocr-engine $(ENGINE) $(if $(OUTPUT),-o $(OUTPUT))
run-ocr:
ifndef URL
@echo "Error: URL is required"
@echo "Usage: make run-ocr URL='https://youtu.be/VIDEO_ID'"
@exit 1
endif
$(PYTHON) $(SCRIPT) "$(URL)" --ocr --interval $(INTERVAL) --ocr-engine $(ENGINE) $(if $(OUTPUT),-o $(OUTPUT))
run-transcript:
ifndef URL
@echo "Error: URL is required"
@echo "Usage: make run-transcript URL='https://youtu.be/VIDEO_ID'"
@exit 1
endif
$(PYTHON) $(SCRIPT) "$(URL)" --transcript-only $(if $(OUTPUT),-o $(OUTPUT))
# Cleanup
clean:
rm -rf yt-extract-*
@echo "Cleaned up extraction directories"

10
plugins/accessibility-compliance/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "accessibility-compliance",
"version": "1.2.1",
"description": "WCAG accessibility auditing, compliance validation, UI testing for screen readers, keyboard navigation, and inclusive design",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/agent-orchestration/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "agent-orchestration",
"version": "1.2.0",
"description": "Multi-agent system optimization, agent improvement workflows, and context management",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/api-scaffolding/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "api-scaffolding",
"version": "1.2.1",
"description": "REST and GraphQL API scaffolding, framework selection, backend architecture, and API generation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/api-testing-observability/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "api-testing-observability",
"version": "1.2.0",
"description": "API testing automation, request mocking, OpenAPI documentation generation, observability setup, and monitoring",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/application-performance/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "application-performance",
"version": "1.3.0",
"description": "Application profiling, performance optimization, and observability for frontend and backend systems",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

731
plugins/application-performance/commands/performance-optimization.md
View File

@@ -1,124 +1,681 @@
Optimize application performance end-to-end using specialized performance and optimization agents: ---
description: "Orchestrate end-to-end application performance optimization from profiling to monitoring"
argument-hint: "<application or service> [--focus latency|throughput|cost|balanced] [--depth quick-wins|comprehensive|enterprise]"
---
[Extended thinking: This workflow orchestrates a comprehensive performance optimization process across the entire application stack. Starting with deep profiling and baseline establishment, the workflow progresses through targeted optimizations in each system layer, validates improvements through load testing, and establishes continuous monitoring for sustained performance. Each phase builds on insights from previous phases, creating a data-driven optimization strategy that addresses real bottlenecks rather than theoretical improvements. The workflow emphasizes modern observability practices, user-centric performance metrics, and cost-effective optimization strategies.] # Performance Optimization Orchestrator
## Phase 1: Performance Profiling & Baseline ## CRITICAL BEHAVIORAL RULES
### 1. Comprehensive Performance Profiling You MUST follow these rules exactly. Violating any of them is a failure.
- Use Task tool with subagent_type="performance-engineer" 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
- Prompt: "Profile application performance comprehensively for: $ARGUMENTS. Generate flame graphs for CPU usage, heap dumps for memory analysis, trace I/O operations, and identify hot paths. Use APM tools like DataDog or New Relic if available. Include database query profiling, API response times, and frontend rendering metrics. Establish performance baselines for all critical user journeys." 2. **Write output files.** Each step MUST produce its output file in `.performance-optimization/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
- Context: Initial performance investigation 3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
- Output: Detailed performance profile with flame graphs, memory analysis, bottleneck identification, baseline metrics 4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
### 2. Observability Stack Assessment ## Pre-flight Checks
- Use Task tool with subagent_type="observability-engineer" Before starting, perform these checks:
- Prompt: "Assess current observability setup for: $ARGUMENTS. Review existing monitoring, distributed tracing with OpenTelemetry, log aggregation, and metrics collection. Identify gaps in visibility, missing metrics, and areas needing better instrumentation. Recommend APM tool integration and custom metrics for business-critical operations."
- Context: Performance profile from step 1
- Output: Observability assessment report, instrumentation gaps, monitoring recommendations
### 3. User Experience Analysis ### 1. Check for existing session
- Use Task tool with subagent_type="performance-engineer" Check if `.performance-optimization/state.json` exists:
- Prompt: "Analyze user experience metrics for: $ARGUMENTS. Measure Core Web Vitals (LCP, FID, CLS), page load times, time to interactive, and perceived performance. Use Real User Monitoring (RUM) data if available. Identify user journeys with poor performance and their business impact."
- Context: Performance baselines from step 1
- Output: UX performance report, Core Web Vitals analysis, user impact assessment
## Phase 2: Database & Backend Optimization - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
### 4. Database Performance Optimization ```
Found an in-progress performance optimization session:
Target: [name from state]
Current step: [step from state]
- Use Task tool with subagent_type="database-cloud-optimization::database-optimizer" 1. Resume from where we left off
- Prompt: "Optimize database performance for: $ARGUMENTS based on profiling data: {context_from_phase_1}. Analyze slow query logs, create missing indexes, optimize execution plans, implement query result caching with Redis/Memcached. Review connection pooling, prepared statements, and batch processing opportunities. Consider read replicas and database sharding if needed." 2. Start fresh (archives existing session)
- Context: Performance bottlenecks from phase 1 ```
- Output: Optimized queries, new indexes, caching strategy, connection pool configuration
### 5. Backend Code & API Optimization - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Use Task tool with subagent_type="backend-development::backend-architect" ### 2. Initialize state
- Prompt: "Optimize backend services for: $ARGUMENTS targeting bottlenecks: {context_from_phase_1}. Implement efficient algorithms, add application-level caching, optimize N+1 queries, use async/await patterns effectively. Implement pagination, response compression, GraphQL query optimization, and batch API operations. Add circuit breakers and bulkheads for resilience."
- Context: Database optimizations from step 4, profiling data from phase 1
- Output: Optimized backend code, caching implementation, API improvements, resilience patterns
### 6. Microservices & Distributed System Optimization Create `.performance-optimization/` directory and `state.json`:
- Use Task tool with subagent_type="performance-engineer" ```json
- Prompt: "Optimize distributed system performance for: $ARGUMENTS. Analyze service-to-service communication, implement service mesh optimizations, optimize message queue performance (Kafka/RabbitMQ), reduce network hops. Implement distributed caching strategies and optimize serialization/deserialization." {
- Context: Backend optimizations from step 5 "target": "$ARGUMENTS",
- Output: Service communication improvements, message queue optimization, distributed caching setup "status": "in_progress",
"focus": "balanced",
"depth": "comprehensive",
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
## Phase 3: Frontend & CDN Optimization Parse `$ARGUMENTS` for `--focus` and `--depth` flags. Use defaults if not specified.
### 7. Frontend Bundle & Loading Optimization ### 3. Parse target description
- Use Task tool with subagent_type="frontend-developer" Extract the target description from `$ARGUMENTS` (everything before the flags). This is referenced as `$TARGET` in prompts below.
- Prompt: "Optimize frontend performance for: $ARGUMENTS targeting Core Web Vitals: {context_from_phase_1}. Implement code splitting, tree shaking, lazy loading, and dynamic imports. Optimize bundle sizes with webpack/rollup analysis. Implement resource hints (prefetch, preconnect, preload). Optimize critical rendering path and eliminate render-blocking resources."
- Context: UX analysis from phase 1, backend optimizations from phase 2
- Output: Optimized bundles, lazy loading implementation, improved Core Web Vitals
### 8. CDN & Edge Optimization ---
- Use Task tool with subagent_type="cloud-infrastructure::cloud-architect" ## Phase 1: Performance Profiling & Baseline (Steps 13)
- Prompt: "Optimize CDN and edge performance for: $ARGUMENTS. Configure CloudFlare/CloudFront for optimal caching, implement edge functions for dynamic content, set up image optimization with responsive images and WebP/AVIF formats. Configure HTTP/2 and HTTP/3, implement Brotli compression. Set up geographic distribution for global users."
- Context: Frontend optimizations from step 7
- Output: CDN configuration, edge caching rules, compression setup, geographic optimization
### 9. Mobile & Progressive Web App Optimization ### Step 1: Comprehensive Performance Profiling
- Use Task tool with subagent_type="frontend-mobile-development::mobile-developer" Use the Task tool to launch the performance engineer:
- Prompt: "Optimize mobile experience for: $ARGUMENTS. Implement service workers for offline functionality, optimize for slow networks with adaptive loading. Reduce JavaScript execution time for mobile CPUs. Implement virtual scrolling for long lists. Optimize touch responsiveness and smooth animations. Consider React Native/Flutter specific optimizations if applicable."
- Context: Frontend optimizations from steps 7-8
- Output: Mobile-optimized code, PWA implementation, offline functionality
## Phase 4: Load Testing & Validation ```
Task:
subagent_type: "performance-engineer"
description: "Profile application performance for $TARGET"
prompt: |
Profile application performance comprehensively for: $TARGET.
### 10. Comprehensive Load Testing Generate flame graphs for CPU usage, heap dumps for memory analysis, trace I/O operations,
and identify hot paths. Use APM tools like DataDog or New Relic if available. Include database
query profiling, API response times, and frontend rendering metrics. Establish performance
baselines for all critical user journeys.
- Use Task tool with subagent_type="performance-engineer" ## Deliverables
- Prompt: "Conduct comprehensive load testing for: $ARGUMENTS using k6/Gatling/Artillery. Design realistic load scenarios based on production traffic patterns. Test normal load, peak load, and stress scenarios. Include API testing, browser-based testing, and WebSocket testing if applicable. Measure response times, throughput, error rates, and resource utilization at various load levels." 1. Performance profile with flame graphs and memory analysis
- Context: All optimizations from phases 1-3 2. Bottleneck identification ranked by impact
- Output: Load test results, performance under load, breaking points, scalability analysis 3. Baseline metrics for critical user journeys
4. Database query profiling results
5. API response time measurements
### 11. Performance Regression Testing Write your complete profiling report as a single markdown document.
```
- Use Task tool with subagent_type="performance-testing-review::test-automator" Save the agent's output to `.performance-optimization/01-profiling.md`.
- Prompt: "Create automated performance regression tests for: $ARGUMENTS. Set up performance budgets for key metrics, integrate with CI/CD pipeline using GitHub Actions or similar. Create Lighthouse CI tests for frontend, API performance tests with Artillery, and database performance benchmarks. Implement automatic rollback triggers for performance regressions."
- Context: Load test results from step 10, baseline metrics from phase 1
- Output: Performance test suite, CI/CD integration, regression prevention system
## Phase 5: Monitoring & Continuous Optimization Update `state.json`: set `current_step` to 2, add step 1 to `completed_steps`.
### 12. Production Monitoring Setup ### Step 2: Observability Stack Assessment
- Use Task tool with subagent_type="observability-engineer" Read `.performance-optimization/01-profiling.md` to load profiling context.
- Prompt: "Implement production performance monitoring for: $ARGUMENTS. Set up APM with DataDog/New Relic/Dynatrace, configure distributed tracing with OpenTelemetry, implement custom business metrics. Create Grafana dashboards for key metrics, set up PagerDuty alerts for performance degradation. Define SLIs/SLOs for critical services with error budgets."
- Context: Performance improvements from all previous phases
- Output: Monitoring dashboards, alert rules, SLI/SLO definitions, runbooks
### 13. Continuous Performance Optimization Use the Task tool:
- Use Task tool with subagent_type="performance-engineer" ```
- Prompt: "Establish continuous optimization process for: $ARGUMENTS. Create performance budget tracking, implement A/B testing for performance changes, set up continuous profiling in production. Document optimization opportunities backlog, create capacity planning models, and establish regular performance review cycles." Task:
- Context: Monitoring setup from step 12, all previous optimization work subagent_type: "observability-engineer"
- Output: Performance budget tracking, optimization backlog, capacity planning, review process description: "Assess observability setup for $TARGET"
prompt: |
Assess current observability setup for: $TARGET.
## Configuration Options ## Performance Profile
[Insert full contents of .performance-optimization/01-profiling.md]
- **performance_focus**: "latency" | "throughput" | "cost" | "balanced" (default: "balanced") Review existing monitoring, distributed tracing with OpenTelemetry, log aggregation,
- **optimization_depth**: "quick-wins" | "comprehensive" | "enterprise" (default: "comprehensive") and metrics collection. Identify gaps in visibility, missing metrics, and areas needing
- **tools_available**: ["datadog", "newrelic", "prometheus", "grafana", "k6", "gatling"] better instrumentation. Recommend APM tool integration and custom metrics for
- **budget_constraints**: Set maximum acceptable costs for infrastructure changes business-critical operations.
- **user_impact_tolerance**: "zero-downtime" | "maintenance-window" | "gradual-rollout"
## Deliverables
1. Current observability assessment
2. Instrumentation gaps identified
3. Monitoring recommendations
4. Recommended metrics and dashboards
Write your complete assessment as a single markdown document.
```
Save the agent's output to `.performance-optimization/02-observability.md`.
Update `state.json`: set `current_step` to 3, add step 2 to `completed_steps`.
### Step 3: User Experience Analysis
Read `.performance-optimization/01-profiling.md`.
Use the Task tool:
```
Task:
subagent_type: "performance-engineer"
description: "Analyze user experience metrics for $TARGET"
prompt: |
Analyze user experience metrics for: $TARGET.
## Performance Baselines
[Insert contents of .performance-optimization/01-profiling.md]
Measure Core Web Vitals (LCP, FID, CLS), page load times, time to interactive,
and perceived performance. Use Real User Monitoring (RUM) data if available.
Identify user journeys with poor performance and their business impact.
## Deliverables
1. Core Web Vitals analysis
2. User journey performance report
3. Business impact assessment
4. Prioritized improvement opportunities
Write your complete analysis as a single markdown document.
```
Save the agent's output to `.performance-optimization/03-ux-analysis.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 3 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
You MUST stop here and present the profiling results for review.
Display a summary from `.performance-optimization/01-profiling.md`, `.performance-optimization/02-observability.md`, and `.performance-optimization/03-ux-analysis.md` (key bottlenecks, observability gaps, UX findings) and ask:
```
Performance profiling complete. Please review:
- .performance-optimization/01-profiling.md
- .performance-optimization/02-observability.md
- .performance-optimization/03-ux-analysis.md
Key bottlenecks: [summary]
Observability gaps: [summary]
UX findings: [summary]
1. Approve — proceed to optimization
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise and re-checkpoint. If option 3, update `state.json` status and stop.
---
## Phase 2: Database & Backend Optimization (Steps 46)
### Step 4: Database Performance Optimization
Read `.performance-optimization/01-profiling.md` and `.performance-optimization/03-ux-analysis.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Optimize database performance for $TARGET"
prompt: |
You are a database optimization expert. Optimize database performance for: $TARGET.
## Profiling Data
[Insert contents of .performance-optimization/01-profiling.md]
## UX Analysis
[Insert contents of .performance-optimization/03-ux-analysis.md]
Analyze slow query logs, create missing indexes, optimize execution plans, implement
query result caching with Redis/Memcached. Review connection pooling, prepared statements,
and batch processing opportunities. Consider read replicas and database sharding if needed.
## Deliverables
1. Optimized queries with before/after performance
2. New indexes with justification
3. Caching strategy recommendation
4. Connection pool configuration
5. Implementation plan with priority order
Write your complete optimization plan as a single markdown document.
```
Save output to `.performance-optimization/04-database.md`.
Update `state.json`: set `current_step` to 5, add step 4 to `completed_steps`.
### Step 5: Backend Code & API Optimization
Read `.performance-optimization/01-profiling.md` and `.performance-optimization/04-database.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Optimize backend services for $TARGET"
prompt: |
You are a backend performance architect. Optimize backend services for: $TARGET.
## Profiling Data
[Insert contents of .performance-optimization/01-profiling.md]
## Database Optimizations
[Insert contents of .performance-optimization/04-database.md]
Implement efficient algorithms, add application-level caching, optimize N+1 queries,
use async/await patterns effectively. Implement pagination, response compression,
GraphQL query optimization, and batch API operations. Add circuit breakers and
bulkheads for resilience.
## Deliverables
1. Optimized backend code with before/after metrics
2. Caching implementation plan
3. API improvements with expected impact
4. Resilience patterns added
5. Implementation priority order
Write your complete optimization plan as a single markdown document.
```
Save output to `.performance-optimization/05-backend.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Microservices & Distributed System Optimization
Read `.performance-optimization/01-profiling.md` and `.performance-optimization/05-backend.md`.
Use the Task tool:
```
Task:
subagent_type: "performance-engineer"
description: "Optimize distributed system performance for $TARGET"
prompt: |
Optimize distributed system performance for: $TARGET.
## Profiling Data
[Insert contents of .performance-optimization/01-profiling.md]
## Backend Optimizations
[Insert contents of .performance-optimization/05-backend.md]
Analyze service-to-service communication, implement service mesh optimizations,
optimize message queue performance (Kafka/RabbitMQ), reduce network hops. Implement
distributed caching strategies and optimize serialization/deserialization.
## Deliverables
1. Service communication improvements
2. Message queue optimization plan
3. Distributed caching setup
4. Network optimization recommendations
5. Expected latency improvements
Write your complete optimization plan as a single markdown document.
```
Save output to `.performance-optimization/06-distributed.md`.
Update `state.json`: set `current_step` to "checkpoint-2", add step 6 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display a summary of optimization plans from steps 4-6 and ask:
```
Backend optimization plans complete. Please review:
- .performance-optimization/04-database.md
- .performance-optimization/05-backend.md
- .performance-optimization/06-distributed.md
1. Approve — proceed to frontend & CDN optimization
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Frontend & CDN Optimization (Steps 79)
### Step 7: Frontend Bundle & Loading Optimization
Read `.performance-optimization/03-ux-analysis.md` and `.performance-optimization/05-backend.md`.
Use the Task tool:
```
Task:
subagent_type: "frontend-developer"
description: "Optimize frontend performance for $TARGET"
prompt: |
Optimize frontend performance for: $TARGET targeting Core Web Vitals improvements.
## UX Analysis
[Insert contents of .performance-optimization/03-ux-analysis.md]
## Backend Optimizations
[Insert contents of .performance-optimization/05-backend.md]
Implement code splitting, tree shaking, lazy loading, and dynamic imports. Optimize bundle
sizes with webpack/rollup analysis. Implement resource hints (prefetch, preconnect, preload).
Optimize critical rendering path and eliminate render-blocking resources.
## Deliverables
1. Bundle optimization with size reductions
2. Lazy loading implementation plan
3. Resource hint configuration
4. Critical rendering path optimizations
5. Expected Core Web Vitals improvements
Write your complete optimization plan as a single markdown document.
```
Save output to `.performance-optimization/07-frontend.md`.
Update `state.json`: set `current_step` to 8, add step 7 to `completed_steps`.
### Step 8: CDN & Edge Optimization
Read `.performance-optimization/07-frontend.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Optimize CDN and edge performance for $TARGET"
prompt: |
You are a cloud infrastructure and CDN optimization expert. Optimize CDN and edge
performance for: $TARGET.
## Frontend Optimizations
[Insert contents of .performance-optimization/07-frontend.md]
Configure CloudFlare/CloudFront for optimal caching, implement edge functions for
dynamic content, set up image optimization with responsive images and WebP/AVIF formats.
Configure HTTP/2 and HTTP/3, implement Brotli compression. Set up geographic
distribution for global users.
## Deliverables
1. CDN configuration recommendations
2. Edge caching rules
3. Image optimization strategy
4. Compression setup
5. Geographic distribution plan
Write your complete optimization plan as a single markdown document.
```
Save output to `.performance-optimization/08-cdn.md`.
Update `state.json`: set `current_step` to 9, add step 8 to `completed_steps`.
### Step 9: Mobile & Progressive Web App Optimization
Read `.performance-optimization/07-frontend.md` and `.performance-optimization/08-cdn.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Optimize mobile experience for $TARGET"
prompt: |
You are a mobile performance optimization expert. Optimize mobile experience for: $TARGET.
## Frontend Optimizations
[Insert contents of .performance-optimization/07-frontend.md]
## CDN Optimizations
[Insert contents of .performance-optimization/08-cdn.md]
Implement service workers for offline functionality, optimize for slow networks with
adaptive loading. Reduce JavaScript execution time for mobile CPUs. Implement virtual
scrolling for long lists. Optimize touch responsiveness and smooth animations. Consider
React Native/Flutter specific optimizations if applicable.
## Deliverables
1. Mobile-optimized code recommendations
2. PWA implementation plan
3. Offline functionality strategy
4. Adaptive loading configuration
5. Expected mobile performance improvements
Write your complete optimization plan as a single markdown document.
```
Save output to `.performance-optimization/09-mobile.md`.
Update `state.json`: set `current_step` to "checkpoint-3", add step 9 to `completed_steps`.
---
## PHASE CHECKPOINT 3 — User Approval Required
Display a summary of frontend/CDN/mobile optimization plans and ask:
```
Frontend optimization plans complete. Please review:
- .performance-optimization/07-frontend.md
- .performance-optimization/08-cdn.md
- .performance-optimization/09-mobile.md
1. Approve — proceed to load testing & validation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 4 until the user approves.
---
## Phase 4: Load Testing & Validation (Steps 1011)
### Step 10: Comprehensive Load Testing
Read `.performance-optimization/01-profiling.md`.
Use the Task tool:
```
Task:
subagent_type: "performance-engineer"
description: "Conduct comprehensive load testing for $TARGET"
prompt: |
Conduct comprehensive load testing for: $TARGET using k6/Gatling/Artillery.
## Original Baselines
[Insert contents of .performance-optimization/01-profiling.md]
Design realistic load scenarios based on production traffic patterns. Test normal load,
peak load, and stress scenarios. Include API testing, browser-based testing, and WebSocket
testing if applicable. Measure response times, throughput, error rates, and resource
utilization at various load levels.
## Deliverables
1. Load test scripts and configurations
2. Results at normal, peak, and stress loads
3. Response time and throughput measurements
4. Breaking points and scalability analysis
5. Comparison against original baselines
Write your complete load test report as a single markdown document.
```
Save output to `.performance-optimization/10-load-testing.md`.
Update `state.json`: set `current_step` to 11, add step 10 to `completed_steps`.
### Step 11: Performance Regression Testing
Read `.performance-optimization/10-load-testing.md` and `.performance-optimization/01-profiling.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create performance regression tests for $TARGET"
prompt: |
You are a test automation expert specializing in performance testing. Create automated
performance regression tests for: $TARGET.
## Load Test Results
[Insert contents of .performance-optimization/10-load-testing.md]
## Original Baselines
[Insert contents of .performance-optimization/01-profiling.md]
Set up performance budgets for key metrics, integrate with CI/CD pipeline using GitHub
Actions or similar. Create Lighthouse CI tests for frontend, API performance tests with
Artillery, and database performance benchmarks. Implement automatic rollback triggers
for performance regressions.
## Deliverables
1. Performance test suite with scripts
2. CI/CD integration configuration
3. Performance budgets and thresholds
4. Regression detection rules
5. Automatic rollback triggers
Write your complete regression testing plan as a single markdown document.
```
Save output to `.performance-optimization/11-regression-testing.md`.
Update `state.json`: set `current_step` to "checkpoint-4", add step 11 to `completed_steps`.
---
## PHASE CHECKPOINT 4 — User Approval Required
Display a summary of testing results and ask:
```
Load testing and validation complete. Please review:
- .performance-optimization/10-load-testing.md
- .performance-optimization/11-regression-testing.md
1. Approve — proceed to monitoring & continuous optimization
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 5 until the user approves.
---
## Phase 5: Monitoring & Continuous Optimization (Steps 1213)
### Step 12: Production Monitoring Setup
Read `.performance-optimization/02-observability.md` and `.performance-optimization/10-load-testing.md`.
Use the Task tool:
```
Task:
subagent_type: "observability-engineer"
description: "Implement production performance monitoring for $TARGET"
prompt: |
Implement production performance monitoring for: $TARGET.
## Observability Assessment
[Insert contents of .performance-optimization/02-observability.md]
## Load Test Results
[Insert contents of .performance-optimization/10-load-testing.md]
Set up APM with DataDog/New Relic/Dynatrace, configure distributed tracing with
OpenTelemetry, implement custom business metrics. Create Grafana dashboards for key
metrics, set up PagerDuty alerts for performance degradation. Define SLIs/SLOs for
critical services with error budgets.
## Deliverables
1. Monitoring dashboard configurations
2. Alert rules and thresholds
3. SLI/SLO definitions
4. Runbooks for common performance issues
5. Error budget tracking setup
Write your complete monitoring plan as a single markdown document.
```
Save output to `.performance-optimization/12-monitoring.md`.
Update `state.json`: set `current_step` to 13, add step 12 to `completed_steps`.
### Step 13: Continuous Performance Optimization
Read all previous `.performance-optimization/*.md` files.
Use the Task tool:
```
Task:
subagent_type: "performance-engineer"
description: "Establish continuous optimization process for $TARGET"
prompt: |
Establish continuous optimization process for: $TARGET.
## Monitoring Setup
[Insert contents of .performance-optimization/12-monitoring.md]
## All Previous Optimization Work
[Insert summary of key findings from all previous steps]
Create performance budget tracking, implement A/B testing for performance changes,
set up continuous profiling in production. Document optimization opportunities backlog,
create capacity planning models, and establish regular performance review cycles.
## Deliverables
1. Performance budget tracking system
2. Optimization backlog with priorities
3. Capacity planning model
4. Review cycle schedule and process
5. A/B testing framework for performance changes
Write your complete continuous optimization plan as a single markdown document.
```
Save output to `.performance-optimization/13-continuous.md`.
Update `state.json`: set `current_step` to "complete", add step 13 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Performance optimization complete: $TARGET
## Files Created
[List all .performance-optimization/ output files]
## Optimization Summary
- Profiling: .performance-optimization/01-profiling.md
- Observability: .performance-optimization/02-observability.md
- UX Analysis: .performance-optimization/03-ux-analysis.md
- Database: .performance-optimization/04-database.md
- Backend: .performance-optimization/05-backend.md
- Distributed: .performance-optimization/06-distributed.md
- Frontend: .performance-optimization/07-frontend.md
- CDN: .performance-optimization/08-cdn.md
- Mobile: .performance-optimization/09-mobile.md
- Load Testing: .performance-optimization/10-load-testing.md
- Regression Testing: .performance-optimization/11-regression-testing.md
- Monitoring: .performance-optimization/12-monitoring.md
- Continuous: .performance-optimization/13-continuous.md
## Success Criteria ## Success Criteria
- Response Time: P50 < 200ms, P95 < 1s, P99 < 2s for critical endpoints
- Core Web Vitals: LCP < 2.5s, FID < 100ms, CLS < 0.1
- Throughput: Support 2x current peak load with <1% error rate
- Database Performance: Query P95 < 100ms, no queries > 1s
- Resource Utilization: CPU < 70%, Memory < 80% under normal load
- Cost Efficiency: Performance per dollar improved by minimum 30%
- Monitoring Coverage: 100% of critical paths instrumented with alerting
- **Response Time**: P50 < 200ms, P95 < 1s, P99 < 2s for critical endpoints ## Next Steps
- **Core Web Vitals**: LCP < 2.5s, FID < 100ms, CLS < 0.1 1. Implement optimizations in priority order from each phase
- **Throughput**: Support 2x current peak load with <1% error rate 2. Run regression tests after each optimization
- **Database Performance**: Query P95 < 100ms, no queries > 1s 3. Monitor production metrics against baselines
- **Resource Utilization**: CPU < 70%, Memory < 80% under normal load 4. Review performance budgets in weekly cycles
- **Cost Efficiency**: Performance per dollar improved by minimum 30% ```
- **Monitoring Coverage**: 100% of critical paths instrumented with alerting
Performance optimization target: $ARGUMENTS

10
plugins/arm-cortex-microcontrollers/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "arm-cortex-microcontrollers",
"version": "1.2.0",
"description": "ARM Cortex-M firmware development for Teensy, STM32, nRF52, and SAMD with peripheral drivers and memory safety patterns",
"author": {
"name": "Ryan Snodgrass",
"url": "https://github.com/rsnodgrass"
},
"license": "MIT"
}

10
plugins/backend-api-security/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "backend-api-security",
"version": "1.2.0",
"description": "API security hardening, authentication implementation, authorization patterns, rate limiting, and input validation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/backend-development/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "backend-development",
"version": "1.3.0",
"description": "Backend API design, GraphQL architecture, workflow orchestration with Temporal, and test-driven backend development",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

44
plugins/backend-development/agents/performance-engineer.md Normal file
View File

@@ -0,0 +1,44 @@
---
name: performance-engineer
description: Profile and optimize application performance including response times, memory usage, query efficiency, and scalability. Use for performance review during feature development.
model: sonnet
---
You are a performance engineer specializing in application optimization during feature development.
## Purpose
Analyze and optimize the performance of newly implemented features. Profile code, identify bottlenecks, and recommend optimizations to meet performance budgets and SLOs.
## Capabilities
- **Code Profiling**: CPU hotspots, memory allocation patterns, I/O bottlenecks, async/await inefficiencies
- **Database Performance**: N+1 query detection, missing indexes, query plan analysis, connection pool sizing, ORM inefficiencies
- **API Performance**: Response time analysis, payload optimization, compression, pagination efficiency, batch operation design
- **Caching Strategy**: Cache-aside/read-through/write-through patterns, TTL tuning, cache invalidation, hit rate analysis
- **Memory Management**: Memory leak detection, garbage collection pressure, object pooling, buffer management
- **Concurrency**: Thread pool sizing, async patterns, connection pooling, resource contention, deadlock detection
- **Frontend Performance**: Bundle size analysis, lazy loading, code splitting, render performance, network waterfall
- **Load Testing Design**: K6/JMeter/Gatling script design, realistic load profiles, stress testing, capacity planning
- **Scalability Analysis**: Horizontal vs vertical scaling readiness, stateless design validation, bottleneck identification
## Response Approach
1. **Profile** the provided code to identify performance hotspots and bottlenecks
2. **Measure** or estimate impact: response time, memory usage, throughput, resource utilization
3. **Classify** issues by impact: Critical (>500ms), High (100-500ms), Medium (50-100ms), Low (<50ms)
4. **Recommend** specific optimizations with before/after code examples
5. **Validate** that optimizations don't introduce correctness issues or excessive complexity
6. **Benchmark** suggestions with expected improvement estimates
## Output Format
For each finding:
- **Impact**: Critical/High/Medium/Low with estimated latency or resource cost
- **Location**: File and line reference
- **Issue**: What's slow and why
- **Fix**: Specific optimization with code example
- **Tradeoff**: Any downsides (complexity, memory for speed, etc.)
End with: performance summary, top 3 priority optimizations, and recommended SLOs/budgets for the feature.

41
plugins/backend-development/agents/security-auditor.md Normal file
View File

@@ -0,0 +1,41 @@
---
name: security-auditor
description: Review code and architecture for security vulnerabilities, OWASP Top 10, auth flaws, and compliance issues. Use for security review during feature development.
model: sonnet
---
You are a security auditor specializing in application security review during feature development.
## Purpose
Perform focused security reviews of code and architecture produced during feature development. Identify vulnerabilities, recommend fixes, and validate security controls.
## Capabilities
- **OWASP Top 10 Review**: Injection, broken auth, sensitive data exposure, XXE, broken access control, misconfig, XSS, insecure deserialization, vulnerable components, insufficient logging
- **Authentication & Authorization**: JWT validation, session management, OAuth flows, RBAC/ABAC enforcement, privilege escalation vectors
- **Input Validation**: SQL injection, command injection, path traversal, XSS, SSRF, prototype pollution
- **Data Protection**: Encryption at rest/transit, secrets management, PII handling, credential storage
- **API Security**: Rate limiting, CORS, CSRF, request validation, API key management
- **Dependency Scanning**: Known CVEs in dependencies, outdated packages, supply chain risks
- **Infrastructure Security**: Container security, network policies, secrets in env vars, TLS configuration
## Response Approach
1. **Scan** the provided code and architecture for vulnerabilities
2. **Classify** findings by severity: Critical, High, Medium, Low
3. **Explain** each finding with the attack vector and impact
4. **Recommend** specific fixes with code examples where possible
5. **Validate** that security controls (auth, authz, input validation) are correctly implemented
## Output Format
For each finding:
- **Severity**: Critical/High/Medium/Low
- **Category**: OWASP category or security domain
- **Location**: File and line reference
- **Issue**: What's wrong and why it matters
- **Fix**: Specific remediation with code example
End with a summary: total findings by severity, overall security posture assessment, and top 3 priority fixes.

41
plugins/backend-development/agents/test-automator.md Normal file
View File

@@ -0,0 +1,41 @@
---
name: test-automator
description: Create comprehensive test suites including unit, integration, and E2E tests. Supports TDD/BDD workflows. Use for test creation during feature development.
model: sonnet
---
You are a test automation engineer specializing in creating comprehensive test suites during feature development.
## Purpose
Build robust, maintainable test suites for newly implemented features. Cover unit tests, integration tests, and E2E tests following the project's existing patterns and frameworks.
## Capabilities
- **Unit Testing**: Isolated function/method tests, mocking dependencies, edge cases, error paths
- **Integration Testing**: API endpoint tests, database integration, service-to-service communication, middleware chains
- **E2E Testing**: Critical user journeys, happy paths, error scenarios, browser/API-level flows
- **TDD Support**: Red-green-refactor cycle, failing test first, minimal implementation guidance
- **BDD Support**: Gherkin scenarios, step definitions, behavior specifications
- **Test Data**: Factory patterns, fixtures, seed data, synthetic data generation
- **Mocking & Stubbing**: External service mocks, database stubs, time/environment mocking
- **Coverage Analysis**: Identify untested paths, suggest additional test cases, coverage gap analysis
## Response Approach
1. **Detect** the project's test framework (Jest, pytest, Go testing, etc.) and existing patterns
2. **Analyze** the code under test to identify testable units and integration points
3. **Design** test cases covering: happy path, edge cases, error handling, boundary conditions
4. **Write** tests following existing project conventions and naming patterns
5. **Verify** tests are runnable and provide clear failure messages
6. **Report** coverage assessment and any untested risk areas
## Output Format
Organize tests by type:
- **Unit Tests**: One test file per source file, grouped by function/method
- **Integration Tests**: Grouped by API endpoint or service interaction
- **E2E Tests**: Grouped by user journey or feature scenario
Each test should have a descriptive name explaining what behavior is being verified. Include setup/teardown, assertions, and cleanup. Flag any areas where manual testing is recommended over automation.

561
plugins/backend-development/commands/feature-development.md
View File

@@ -1,150 +1,481 @@
Orchestrate end-to-end feature development from requirements to production deployment: ---
description: "Orchestrate end-to-end feature development from requirements to deployment"
argument-hint: "<feature description> [--methodology tdd|bdd|ddd] [--complexity simple|medium|complex]"
---
[Extended thinking: This workflow orchestrates specialized agents through comprehensive feature development phases - from discovery and planning through implementation, testing, and deployment. Each phase builds on previous outputs, ensuring coherent feature delivery. The workflow supports multiple development methodologies (traditional, TDD/BDD, DDD), feature complexity levels, and modern deployment strategies including feature flags, gradual rollouts, and observability-first development. Agents receive detailed context from previous phases to maintain consistency and quality throughout the development lifecycle.] # Feature Development Orchestrator
## Configuration Options ## CRITICAL BEHAVIORAL RULES
### Development Methodology You MUST follow these rules exactly. Violating any of them is a failure.
- **traditional**: Sequential development with testing after implementation 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
- **tdd**: Test-Driven Development with red-green-refactor cycles 2. **Write output files.** Each step MUST produce its output file in `.feature-dev/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
- **bdd**: Behavior-Driven Development with scenario-based testing 3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
- **ddd**: Domain-Driven Design with bounded contexts and aggregates 4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
### Feature Complexity ## Pre-flight Checks
- **simple**: Single service, minimal integration (1-2 days) Before starting, perform these checks:
- **medium**: Multiple services, moderate integration (3-5 days)
- **complex**: Cross-domain, extensive integration (1-2 weeks)
- **epic**: Major architectural changes, multiple teams (2+ weeks)
### Deployment Strategy ### 1. Check for existing session
- **direct**: Immediate rollout to all users Check if `.feature-dev/state.json` exists:
- **canary**: Gradual rollout starting with 5% of traffic
- **feature-flag**: Controlled activation via feature toggles
- **blue-green**: Zero-downtime deployment with instant rollback
- **a-b-test**: Split traffic for experimentation and metrics
## Phase 1: Discovery & Requirements Planning - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
1. **Business Analysis & Requirements** ```
- Use Task tool with subagent_type="business-analytics::business-analyst" Found an in-progress feature development session:
- Prompt: "Analyze feature requirements for: $ARGUMENTS. Define user stories, acceptance criteria, success metrics, and business value. Identify stakeholders, dependencies, and risks. Create feature specification document with clear scope boundaries." Feature: [name from state]
- Expected output: Requirements document with user stories, success metrics, risk assessment Current step: [step from state]
- Context: Initial feature request and business context
2. **Technical Architecture Design** 1. Resume from where we left off
- Use Task tool with subagent_type="comprehensive-review::architect-review" 2. Start fresh (archives existing session)
- Prompt: "Design technical architecture for feature: $ARGUMENTS. Using requirements: [include business analysis from step 1]. Define service boundaries, API contracts, data models, integration points, and technology stack. Consider scalability, performance, and security requirements." ```
- Expected output: Technical design document with architecture diagrams, API specifications, data models
- Context: Business requirements, existing system architecture
3. **Feasibility & Risk Assessment** - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Use Task tool with subagent_type="security-scanning::security-auditor"
- Prompt: "Assess security implications and risks for feature: $ARGUMENTS. Review architecture: [include technical design from step 2]. Identify security requirements, compliance needs, data privacy concerns, and potential vulnerabilities."
- Expected output: Security assessment with risk matrix, compliance checklist, mitigation strategies
- Context: Technical design, regulatory requirements
## Phase 2: Implementation & Development ### 2. Initialize state
4. **Backend Services Implementation** Create `.feature-dev/` directory and `state.json`:
- Use Task tool with subagent_type="backend-architect"
- Prompt: "Implement backend services for: $ARGUMENTS. Follow technical design: [include architecture from step 2]. Build RESTful/GraphQL APIs, implement business logic, integrate with data layer, add resilience patterns (circuit breakers, retries), implement caching strategies. Include feature flags for gradual rollout."
- Expected output: Backend services with APIs, business logic, database integration, feature flags
- Context: Technical design, API contracts, data models
5. **Frontend Implementation** ```json
- Use Task tool with subagent_type="frontend-mobile-development::frontend-developer" {
- Prompt: "Build frontend components for: $ARGUMENTS. Integrate with backend APIs: [include API endpoints from step 4]. Implement responsive UI, state management, error handling, loading states, and analytics tracking. Add feature flag integration for A/B testing capabilities." "feature": "$ARGUMENTS",
- Expected output: Frontend components with API integration, state management, analytics "status": "in_progress",
- Context: Backend APIs, UI/UX designs, user stories "methodology": "traditional",
"complexity": "medium",
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
6. **Data Pipeline & Integration** Parse `$ARGUMENTS` for `--methodology` and `--complexity` flags. Use defaults if not specified.
- Use Task tool with subagent_type="data-engineering::data-engineer"
- Prompt: "Build data pipelines for: $ARGUMENTS. Design ETL/ELT processes, implement data validation, create analytics events, set up data quality monitoring. Integrate with product analytics platforms for feature usage tracking."
- Expected output: Data pipelines, analytics events, data quality checks
- Context: Data requirements, analytics needs, existing data infrastructure
## Phase 3: Testing & Quality Assurance ### 3. Parse feature description
7. **Automated Test Suite** Extract the feature description from `$ARGUMENTS` (everything before the flags). This is referenced as `$FEATURE` in prompts below.
- Use Task tool with subagent_type="unit-testing::test-automator"
- Prompt: "Create comprehensive test suite for: $ARGUMENTS. Write unit tests for backend: [from step 4] and frontend: [from step 5]. Add integration tests for API endpoints, E2E tests for critical user journeys, performance tests for scalability validation. Ensure minimum 80% code coverage."
- Expected output: Test suites with unit, integration, E2E, and performance tests
- Context: Implementation code, acceptance criteria, test requirements
8. **Security Validation** ---
- Use Task tool with subagent_type="security-scanning::security-auditor"
- Prompt: "Perform security testing for: $ARGUMENTS. Review implementation: [include backend and frontend from steps 4-5]. Run OWASP checks, penetration testing, dependency scanning, and compliance validation. Verify data encryption, authentication, and authorization."
- Expected output: Security test results, vulnerability report, remediation actions
- Context: Implementation code, security requirements
9. **Performance Optimization** ## Phase 1: Discovery (Steps 12) — Interactive
- Use Task tool with subagent_type="application-performance::performance-engineer"
- Prompt: "Optimize performance for: $ARGUMENTS. Analyze backend services: [from step 4] and frontend: [from step 5]. Profile code, optimize queries, implement caching, reduce bundle sizes, improve load times. Set up performance budgets and monitoring."
- Expected output: Performance improvements, optimization report, performance metrics
- Context: Implementation code, performance requirements
## Phase 4: Deployment & Monitoring ### Step 1: Requirements Gathering
10. **Deployment Strategy & Pipeline** Gather requirements through interactive Q&A. Ask ONE question at a time using the AskUserQuestion tool. Do NOT ask all questions at once.
- Use Task tool with subagent_type="deployment-strategies::deployment-engineer"
- Prompt: "Prepare deployment for: $ARGUMENTS. Create CI/CD pipeline with automated tests: [from step 7]. Configure feature flags for gradual rollout, implement blue-green deployment, set up rollback procedures. Create deployment runbook and rollback plan."
- Expected output: CI/CD pipeline, deployment configuration, rollback procedures
- Context: Test suites, infrastructure requirements, deployment strategy
11. **Observability & Monitoring** **Questions to ask (in order):**
- Use Task tool with subagent_type="observability-monitoring::observability-engineer"
- Prompt: "Set up observability for: $ARGUMENTS. Implement distributed tracing, custom metrics, error tracking, and alerting. Create dashboards for feature usage, performance metrics, error rates, and business KPIs. Set up SLOs/SLIs with automated alerts."
- Expected output: Monitoring dashboards, alerts, SLO definitions, observability infrastructure
- Context: Feature implementation, success metrics, operational requirements
12. **Documentation & Knowledge Transfer** 1. **Problem Statement**: "What problem does this feature solve? Who is the user and what's their pain point?"
- Use Task tool with subagent_type="documentation-generation::docs-architect" 2. **Acceptance Criteria**: "What are the key acceptance criteria? When is this feature 'done'?"
- Prompt: "Generate comprehensive documentation for: $ARGUMENTS. Create API documentation, user guides, deployment guides, troubleshooting runbooks. Include architecture diagrams, data flow diagrams, and integration guides. Generate automated changelog from commits." 3. **Scope Boundaries**: "What is explicitly OUT of scope for this feature?"
- Expected output: API docs, user guides, runbooks, architecture documentation 4. **Technical Constraints**: "Any technical constraints? (e.g., must use existing auth system, specific DB, latency requirements)"
- Context: All previous phases' outputs 5. **Dependencies**: "Does this feature depend on or affect other features/services?"
## Execution Parameters After gathering answers, write the requirements document:
### Required Parameters **Output file:** `.feature-dev/01-requirements.md`
- **--feature**: Feature name and description ```markdown
- **--methodology**: Development approach (traditional|tdd|bdd|ddd) # Requirements: $FEATURE
- **--complexity**: Feature complexity level (simple|medium|complex|epic)
### Optional Parameters ## Problem Statement
- **--deployment-strategy**: Deployment approach (direct|canary|feature-flag|blue-green|a-b-test) [From Q1]
- **--test-coverage-min**: Minimum test coverage threshold (default: 80%)
- **--performance-budget**: Performance requirements (e.g., <200ms response time)
- **--rollout-percentage**: Initial rollout percentage for gradual deployment (default: 5%)
- **--feature-flag-service**: Feature flag provider (launchdarkly|split|unleash|custom)
- **--analytics-platform**: Analytics integration (segment|amplitude|mixpanel|custom)
- **--monitoring-stack**: Observability tools (datadog|newrelic|grafana|custom)
## Success Criteria ## Acceptance Criteria
- All acceptance criteria from business requirements are met [From Q2 — formatted as checkboxes]
- Test coverage exceeds minimum threshold (80% default)
- Security scan shows no critical vulnerabilities
- Performance meets defined budgets and SLOs
- Feature flags configured for controlled rollout
- Monitoring and alerting fully operational
- Documentation complete and approved
- Successful deployment to production with rollback capability
- Product analytics tracking feature usage
- A/B test metrics configured (if applicable)
## Rollback Strategy ## Scope
If issues arise during or after deployment: ### In Scope
1. Immediate feature flag disable (< 1 minute) [Derived from answers]
2. Blue-green traffic switch (< 5 minutes)
3. Full deployment rollback via CI/CD (< 15 minutes)
4. Database migration rollback if needed (coordinate with data team)
5. Incident post-mortem and fixes before re-deployment
Feature description: $ARGUMENTS ### Out of Scope
[From Q3]
## Technical Constraints
[From Q4]
## Dependencies
[From Q5]
## Methodology: [tdd|bdd|ddd|traditional]
## Complexity: [simple|medium|complex]
```
Update `state.json`: set `current_step` to 2, add `"01-requirements.md"` to `files_created`, add step 1 to `completed_steps`.
### Step 2: Architecture & Security Design
Read `.feature-dev/01-requirements.md` to load requirements context.
Use the Task tool to launch the architecture agent:
```
Task:
subagent_type: "backend-architect"
description: "Design architecture for $FEATURE"
prompt: |
Design the technical architecture for this feature.
## Requirements
[Insert full contents of .feature-dev/01-requirements.md]
## Deliverables
1. **Service/component design**: What components are needed, their responsibilities, and boundaries
2. **API design**: Endpoints, request/response schemas, error handling
3. **Data model**: Database tables/collections, relationships, migrations needed
4. **Security considerations**: Auth requirements, input validation, data protection, OWASP concerns
5. **Integration points**: How this connects to existing services/systems
6. **Risk assessment**: Technical risks and mitigation strategies
Write your complete architecture design as a single markdown document.
```
Save the agent's output to `.feature-dev/02-architecture.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 2 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
You MUST stop here and present the architecture for review.
Display a summary of the architecture from `.feature-dev/02-architecture.md` (key components, API endpoints, data model overview) and ask:
```
Architecture design is complete. Please review .feature-dev/02-architecture.md
1. Approve — proceed to implementation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise the architecture and re-checkpoint. If option 3, update `state.json` status and stop.
---
## Phase 2: Implementation (Steps 35)
### Step 3: Backend Implementation
Read `.feature-dev/01-requirements.md` and `.feature-dev/02-architecture.md`.
Use the Task tool to launch the backend architect for implementation:
```
Task:
subagent_type: "backend-architect"
description: "Implement backend for $FEATURE"
prompt: |
Implement the backend for this feature based on the approved architecture.
## Requirements
[Insert contents of .feature-dev/01-requirements.md]
## Architecture
[Insert contents of .feature-dev/02-architecture.md]
## Instructions
1. Implement the API endpoints, business logic, and data access layer as designed
2. Include data layer components (models, migrations, repositories) as specified in the architecture
3. Add input validation and error handling
4. Follow the project's existing code patterns and conventions
5. If methodology is TDD: write failing tests first, then implement
6. Include inline comments only where logic is non-obvious
Write all code files. Report what files were created/modified.
```
Save a summary of what was implemented to `.feature-dev/03-backend.md` (list of files created/modified, key decisions, any deviations from architecture).
Update `state.json`: set `current_step` to 4, add step 3 to `completed_steps`.
### Step 4: Frontend Implementation
Read `.feature-dev/01-requirements.md`, `.feature-dev/02-architecture.md`, and `.feature-dev/03-backend.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement frontend for $FEATURE"
prompt: |
You are a frontend developer. Implement the frontend components for this feature.
## Requirements
[Insert contents of .feature-dev/01-requirements.md]
## Architecture
[Insert contents of .feature-dev/02-architecture.md]
## Backend Implementation
[Insert contents of .feature-dev/03-backend.md]
## Instructions
1. Build UI components that integrate with the backend API endpoints
2. Implement state management, form handling, and error states
3. Add loading states and optimistic updates where appropriate
4. Follow the project's existing frontend patterns and component conventions
5. Ensure responsive design and accessibility basics (semantic HTML, ARIA labels, keyboard nav)
Write all code files. Report what files were created/modified.
```
Save a summary to `.feature-dev/04-frontend.md`.
**Note:** If the feature has no frontend component (pure backend/API), skip this step — write a brief note in `04-frontend.md` explaining why it was skipped, and continue.
Update `state.json`: set `current_step` to 5, add step 4 to `completed_steps`.
### Step 5: Testing & Validation
Read `.feature-dev/03-backend.md` and `.feature-dev/04-frontend.md`.
Launch three agents in parallel using multiple Task tool calls in a single response:
**5a. Test Suite Creation:**
```
Task:
subagent_type: "test-automator"
description: "Create test suite for $FEATURE"
prompt: |
Create a comprehensive test suite for this feature.
## What was implemented
### Backend
[Insert contents of .feature-dev/03-backend.md]
### Frontend
[Insert contents of .feature-dev/04-frontend.md]
## Instructions
1. Write unit tests for all new backend functions/methods
2. Write integration tests for API endpoints
3. Write frontend component tests if applicable
4. Cover: happy path, edge cases, error handling, boundary conditions
5. Follow existing test patterns and frameworks in the project
6. Target 80%+ code coverage for new code
Write all test files. Report what test files were created and what they cover.
```
**5b. Security Review:**
```
Task:
subagent_type: "security-auditor"
description: "Security review of $FEATURE"
prompt: |
Perform a security review of this feature implementation.
## Architecture
[Insert contents of .feature-dev/02-architecture.md]
## Backend Implementation
[Insert contents of .feature-dev/03-backend.md]
## Frontend Implementation
[Insert contents of .feature-dev/04-frontend.md]
Review for: OWASP Top 10, authentication/authorization flaws, input validation gaps,
data protection issues, dependency vulnerabilities, and any security anti-patterns.
Provide findings with severity, location, and specific fix recommendations.
```
**5c. Performance Review:**
```
Task:
subagent_type: "performance-engineer"
description: "Performance review of $FEATURE"
prompt: |
Review the performance of this feature implementation.
## Architecture
[Insert contents of .feature-dev/02-architecture.md]
## Backend Implementation
[Insert contents of .feature-dev/03-backend.md]
## Frontend Implementation
[Insert contents of .feature-dev/04-frontend.md]
Review for: N+1 queries, missing indexes, unoptimized queries, memory leaks,
missing caching opportunities, large payloads, slow rendering paths.
Provide findings with impact estimates and specific optimization recommendations.
```
After all three complete, consolidate results into `.feature-dev/05-testing.md`:
```markdown
# Testing & Validation: $FEATURE
## Test Suite
[Summary from 5a — files created, coverage areas]
## Security Findings
[Summary from 5b — findings by severity]
## Performance Findings
[Summary from 5c — findings by impact]
## Action Items
[List any critical/high findings that need to be addressed before delivery]
```
If there are Critical or High severity findings from security or performance review, address them now before proceeding. Apply fixes and re-validate.
Update `state.json`: set `current_step` to "checkpoint-2", add step 5 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display a summary of testing and validation results from `.feature-dev/05-testing.md` and ask:
```
Testing and validation complete. Please review .feature-dev/05-testing.md
Test coverage: [summary]
Security findings: [X critical, Y high, Z medium]
Performance findings: [X critical, Y high, Z medium]
1. Approve — proceed to deployment & documentation
2. Request changes — tell me what to fix
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Delivery (Steps 67)
### Step 6: Deployment & Monitoring
Read `.feature-dev/02-architecture.md` and `.feature-dev/05-testing.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create deployment config for $FEATURE"
prompt: |
You are a deployment engineer. Create the deployment and monitoring configuration for this feature.
## Architecture
[Insert contents of .feature-dev/02-architecture.md]
## Testing Results
[Insert contents of .feature-dev/05-testing.md]
## Instructions
1. Create or update CI/CD pipeline configuration for the new code
2. Add feature flag configuration if the feature should be gradually rolled out
3. Define health checks and readiness probes for new services/endpoints
4. Create monitoring alerts for key metrics (error rate, latency, throughput)
5. Write a deployment runbook with rollback steps
6. Follow existing deployment patterns in the project
Write all configuration files. Report what was created/modified.
```
Save output to `.feature-dev/06-deployment.md`.
Update `state.json`: set `current_step` to 7, add step 6 to `completed_steps`.
### Step 7: Documentation & Handoff
Read all previous `.feature-dev/*.md` files.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Write documentation for $FEATURE"
prompt: |
You are a technical writer. Create documentation for this feature.
## Feature Context
[Insert contents of .feature-dev/01-requirements.md]
## Architecture
[Insert contents of .feature-dev/02-architecture.md]
## Implementation Summary
### Backend: [Insert contents of .feature-dev/03-backend.md]
### Frontend: [Insert contents of .feature-dev/04-frontend.md]
## Deployment
[Insert contents of .feature-dev/06-deployment.md]
## Instructions
1. Write API documentation for new endpoints (request/response examples)
2. Update or create user-facing documentation if applicable
3. Write a brief architecture decision record (ADR) explaining key design choices
4. Create a handoff summary: what was built, how to test it, known limitations
Write documentation files. Report what was created/modified.
```
Save output to `.feature-dev/07-documentation.md`.
Update `state.json`: set `current_step` to "complete", add step 7 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Feature development complete: $FEATURE
## Files Created
[List all .feature-dev/ output files]
## Implementation Summary
- Requirements: .feature-dev/01-requirements.md
- Architecture: .feature-dev/02-architecture.md
- Backend: .feature-dev/03-backend.md
- Frontend: .feature-dev/04-frontend.md
- Testing: .feature-dev/05-testing.md
- Deployment: .feature-dev/06-deployment.md
- Documentation: .feature-dev/07-documentation.md
## Next Steps
1. Review all generated code and documentation
2. Run the full test suite to verify everything passes
3. Create a pull request with the implementation
4. Deploy using the runbook in .feature-dev/06-deployment.md
```

10
plugins/blockchain-web3/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "blockchain-web3",
"version": "1.2.1",
"description": "Smart contract development with Solidity, DeFi protocol implementation, NFT platforms, and Web3 application architecture",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/business-analytics/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "business-analytics",
"version": "1.2.1",
"description": "Business metrics analysis, KPI tracking, financial reporting, and data-driven decision making",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/c4-architecture/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "c4-architecture",
"version": "1.0.0",
"description": "Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/cicd-automation/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "cicd-automation",
"version": "1.2.1",
"description": "CI/CD pipeline configuration, GitHub Actions/GitLab CI workflow setup, and automated deployment pipeline orchestration",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/cloud-infrastructure/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "cloud-infrastructure",
"version": "1.2.2",
"description": "Cloud architecture design for AWS/Azure/GCP, Kubernetes cluster configuration, Terraform infrastructure-as-code, hybrid cloud networking, and multi-cloud cost optimization",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/code-documentation/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "code-documentation",
"version": "1.2.0",
"description": "Documentation generation, code explanation, and technical writing with automated doc generation and tutorial creation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/code-refactoring/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "code-refactoring",
"version": "1.2.0",
"description": "Code cleanup, refactoring automation, and technical debt management with context restoration",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/code-review-ai/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "code-review-ai",
"version": "1.2.0",
"description": "AI-powered architectural review and code quality analysis",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/codebase-cleanup/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "codebase-cleanup",
"version": "1.2.0",
"description": "Technical debt reduction, dependency updates, and code refactoring automation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/comprehensive-review/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "comprehensive-review",
"version": "1.3.0",
"description": "Multi-perspective code analysis covering architecture, security, and best practices",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

626
plugins/comprehensive-review/commands/full-review.md
View File

@@ -1,137 +1,597 @@
Orchestrate comprehensive multi-dimensional code review using specialized review agents ---
description: "Orchestrate comprehensive multi-dimensional code review using specialized review agents across architecture, security, performance, testing, and best practices"
argument-hint: "<target path or description> [--security-focus] [--performance-critical] [--strict-mode] [--framework react|spring|django|rails]"
---
[Extended thinking: This workflow performs an exhaustive code review by orchestrating multiple specialized agents in sequential phases. Each phase builds upon previous findings to create a comprehensive review that covers code quality, security, performance, testing, documentation, and best practices. The workflow integrates modern AI-assisted review tools, static analysis, security scanning, and automated quality metrics. Results are consolidated into actionable feedback with clear prioritization and remediation guidance. The phased approach ensures thorough coverage while maintaining efficiency through parallel agent execution where appropriate.] # Comprehensive Code Review Orchestrator
## Review Configuration Options ## CRITICAL BEHAVIORAL RULES
- **--security-focus**: Prioritize security vulnerabilities and OWASP compliance You MUST follow these rules exactly. Violating any of them is a failure.
- **--performance-critical**: Emphasize performance bottlenecks and scalability issues
- **--tdd-review**: Include TDD compliance and test-first verification
- **--ai-assisted**: Enable AI-powered review tools (Copilot, Codium, Bito)
- **--strict-mode**: Fail review on any critical issues found
- **--metrics-report**: Generate detailed quality metrics dashboard
- **--framework [name]**: Apply framework-specific best practices (React, Spring, Django, etc.)
## Phase 1: Code Quality & Architecture Review 1. **Execute phases in order.** Do NOT skip ahead, reorder, or merge phases.
2. **Write output files.** Each phase MUST produce its output file in `.full-review/` before the next phase begins. Read from prior phase files -- do NOT rely on context window memory.
3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
4. **Halt on failure.** If any step fails (agent error, missing files, access issues), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan -- execute it.
Use Task tool to orchestrate quality and architecture agents in parallel: ## Pre-flight Checks
### 1A. Code Quality Analysis Before starting, perform these checks:
- Use Task tool with subagent_type="code-reviewer" ### 1. Check for existing session
- Prompt: "Perform comprehensive code quality review for: $ARGUMENTS. Analyze code complexity, maintainability index, technical debt, code duplication, naming conventions, and adherence to Clean Code principles. Integrate with SonarQube, CodeQL, and Semgrep for static analysis. Check for code smells, anti-patterns, and violations of SOLID principles. Generate cyclomatic complexity metrics and identify refactoring opportunities."
- Expected output: Quality metrics, code smell inventory, refactoring recommendations
- Context: Initial codebase analysis, no dependencies on other phases
### 1B. Architecture & Design Review Check if `.full-review/state.json` exists:
- Use Task tool with subagent_type="architect-review" - If it exists and `status` is `"in_progress"`: Read it, display the current phase, and ask the user:
- Prompt: "Review architectural design patterns and structural integrity in: $ARGUMENTS. Evaluate microservices boundaries, API design, database schema, dependency management, and adherence to Domain-Driven Design principles. Check for circular dependencies, inappropriate coupling, missing abstractions, and architectural drift. Verify compliance with enterprise architecture standards and cloud-native patterns."
- Expected output: Architecture assessment, design pattern analysis, structural recommendations
- Context: Runs parallel with code quality analysis
## Phase 2: Security & Performance Review ```
Found an in-progress review session:
Target: [target from state]
Current phase: [phase from state]
Use Task tool with security and performance agents, incorporating Phase 1 findings: 1. Resume from where we left off
2. Start fresh (archives existing session)
```
### 2A. Security Vulnerability Assessment - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Use Task tool with subagent_type="security-auditor" ### 2. Initialize state
- Prompt: "Execute comprehensive security audit on: $ARGUMENTS. Perform OWASP Top 10 analysis, dependency vulnerability scanning with Snyk/Trivy, secrets detection with GitLeaks, input validation review, authentication/authorization assessment, and cryptographic implementation review. Include findings from Phase 1 architecture review: {phase1_architecture_context}. Check for SQL injection, XSS, CSRF, insecure deserialization, and configuration security issues."
- Expected output: Vulnerability report, CVE list, security risk matrix, remediation steps
- Context: Incorporates architectural vulnerabilities identified in Phase 1B
### 2B. Performance & Scalability Analysis Create `.full-review/` directory and `state.json`:
- Use Task tool with subagent_type="application-performance::performance-engineer" ```json
- Prompt: "Conduct performance analysis and scalability assessment for: $ARGUMENTS. Profile code for CPU/memory hotspots, analyze database query performance, review caching strategies, identify N+1 problems, assess connection pooling, and evaluate asynchronous processing patterns. Consider architectural findings from Phase 1: {phase1_architecture_context}. Check for memory leaks, resource contention, and bottlenecks under load." {
- Expected output: Performance metrics, bottleneck analysis, optimization recommendations "target": "$ARGUMENTS",
- Context: Uses architecture insights to identify systemic performance issues "status": "in_progress",
"flags": {
"security_focus": false,
"performance_critical": false,
"strict_mode": false,
"framework": null
},
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
## Phase 3: Testing & Documentation Review Parse `$ARGUMENTS` for `--security-focus`, `--performance-critical`, `--strict-mode`, and `--framework` flags. Update the flags object accordingly.
Use Task tool for test and documentation quality assessment: ### 3. Identify review target
### 3A. Test Coverage & Quality Analysis Determine what code to review from `$ARGUMENTS`:
- Use Task tool with subagent_type="unit-testing::test-automator" - If a file/directory path is given, verify it exists
- Prompt: "Evaluate testing strategy and implementation for: $ARGUMENTS. Analyze unit test coverage, integration test completeness, end-to-end test scenarios, test pyramid adherence, and test maintainability. Review test quality metrics including assertion density, test isolation, mock usage, and flakiness. Consider security and performance test requirements from Phase 2: {phase2_security_context}, {phase2_performance_context}. Verify TDD practices if --tdd-review flag is set." - If a description is given (e.g., "recent changes", "authentication module"), identify the relevant files
- Expected output: Coverage report, test quality metrics, testing gap analysis - List the files that will be reviewed and confirm with the user
- Context: Incorporates security and performance testing requirements from Phase 2
### 3B. Documentation & API Specification Review **Output file:** `.full-review/00-scope.md`
- Use Task tool with subagent_type="code-documentation::docs-architect" ```markdown
- Prompt: "Review documentation completeness and quality for: $ARGUMENTS. Assess inline code documentation, API documentation (OpenAPI/Swagger), architecture decision records (ADRs), README completeness, deployment guides, and runbooks. Verify documentation reflects actual implementation based on all previous phase findings: {phase1_context}, {phase2_context}. Check for outdated documentation, missing examples, and unclear explanations." # Review Scope
- Expected output: Documentation coverage report, inconsistency list, improvement recommendations
- Context: Cross-references all previous findings to ensure documentation accuracy
## Phase 4: Best Practices & Standards Compliance ## Target
Use Task tool to verify framework-specific and industry best practices: [Description of what is being reviewed]
### 4A. Framework & Language Best Practices ## Files
- Use Task tool with subagent_type="framework-migration::legacy-modernizer" [List of files/directories included in the review]
- Prompt: "Verify adherence to framework and language best practices for: $ARGUMENTS. Check modern JavaScript/TypeScript patterns, React hooks best practices, Python PEP compliance, Java enterprise patterns, Go idiomatic code, or framework-specific conventions (based on --framework flag). Review package management, build configuration, environment handling, and deployment practices. Include all quality issues from previous phases: {all_previous_contexts}."
- Expected output: Best practices compliance report, modernization recommendations
- Context: Synthesizes all previous findings for framework-specific guidance
### 4B. CI/CD & DevOps Practices Review ## Flags
- Use Task tool with subagent_type="cicd-automation::deployment-engineer" - Security Focus: [yes/no]
- Prompt: "Review CI/CD pipeline and DevOps practices for: $ARGUMENTS. Evaluate build automation, test automation integration, deployment strategies (blue-green, canary), infrastructure as code, monitoring/observability setup, and incident response procedures. Assess pipeline security, artifact management, and rollback capabilities. Consider all issues identified in previous phases that impact deployment: {all_critical_issues}." - Performance Critical: [yes/no]
- Expected output: Pipeline assessment, DevOps maturity evaluation, automation recommendations - Strict Mode: [yes/no]
- Context: Focuses on operationalizing fixes for all identified issues - Framework: [name or auto-detected]
## Consolidated Report Generation ## Review Phases
Compile all phase outputs into comprehensive review report: 1. Code Quality & Architecture
2. Security & Performance
3. Testing & Documentation
4. Best Practices & Standards
5. Consolidated Report
```
### Critical Issues (P0 - Must Fix Immediately) Update `state.json`: add `"00-scope.md"` to `files_created`, add step 0 to `completed_steps`.
---
## Phase 1: Code Quality & Architecture Review (Steps 1A-1B)
Run both agents in parallel using multiple Task tool calls in a single response.
### Step 1A: Code Quality Analysis
```
Task:
subagent_type: "code-reviewer"
description: "Code quality analysis for $ARGUMENTS"
prompt: |
Perform a comprehensive code quality review.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## Instructions
Analyze the target code for:
1. **Code complexity**: Cyclomatic complexity, cognitive complexity, deeply nested logic
2. **Maintainability**: Naming conventions, function/method length, class cohesion
3. **Code duplication**: Copy-pasted logic, missed abstraction opportunities
4. **Clean Code principles**: SOLID violations, code smells, anti-patterns
5. **Technical debt**: Areas that will become increasingly costly to change
6. **Error handling**: Missing error handling, swallowed exceptions, unclear error messages
For each finding, provide:
- Severity (Critical / High / Medium / Low)
- File and line location
- Description of the issue
- Specific fix recommendation with code example
Write your findings as a structured markdown document.
```
### Step 1B: Architecture & Design Review
```
Task:
subagent_type: "architect-review"
description: "Architecture review for $ARGUMENTS"
prompt: |
Review the architectural design and structural integrity of the target code.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## Instructions
Evaluate the code for:
1. **Component boundaries**: Proper separation of concerns, module cohesion
2. **Dependency management**: Circular dependencies, inappropriate coupling, dependency direction
3. **API design**: Endpoint design, request/response schemas, error contracts, versioning
4. **Data model**: Schema design, relationships, data access patterns
5. **Design patterns**: Appropriate use of patterns, missing abstractions, over-engineering
6. **Architectural consistency**: Does the code follow the project's established patterns?
For each finding, provide:
- Severity (Critical / High / Medium / Low)
- Architectural impact assessment
- Specific improvement recommendation
Write your findings as a structured markdown document.
```
After both complete, consolidate into `.full-review/01-quality-architecture.md`:
```markdown
# Phase 1: Code Quality & Architecture Review
## Code Quality Findings
[Summary from 1A, organized by severity]
## Architecture Findings
[Summary from 1B, organized by severity]
## Critical Issues for Phase 2 Context
[List any findings that should inform security or performance review]
```
Update `state.json`: set `current_step` to 2, `current_phase` to 2, add steps 1A and 1B to `completed_steps`.
---
## Phase 2: Security & Performance Review (Steps 2A-2B)
Read `.full-review/01-quality-architecture.md` for context from Phase 1.
Run both agents in parallel using multiple Task tool calls in a single response.
### Step 2A: Security Vulnerability Assessment
```
Task:
subagent_type: "security-auditor"
description: "Security audit for $ARGUMENTS"
prompt: |
Execute a comprehensive security audit on the target code.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## Phase 1 Context
[Insert contents of .full-review/01-quality-architecture.md -- focus on the "Critical Issues for Phase 2 Context" section]
## Instructions
Analyze for:
1. **OWASP Top 10**: Injection, broken auth, sensitive data exposure, XXE, broken access control, misconfig, XSS, insecure deserialization, vulnerable components, insufficient logging
2. **Input validation**: Missing sanitization, unvalidated redirects, path traversal
3. **Authentication/authorization**: Flawed auth logic, privilege escalation, session management
4. **Cryptographic issues**: Weak algorithms, hardcoded secrets, improper key management
5. **Dependency vulnerabilities**: Known CVEs in dependencies, outdated packages
6. **Configuration security**: Debug mode, verbose errors, permissive CORS, missing security headers
For each finding, provide:
- Severity (Critical / High / Medium / Low) with CVSS score if applicable
- CWE reference where applicable
- File and line location
- Proof of concept or attack scenario
- Specific remediation steps with code example
Write your findings as a structured markdown document.
```
### Step 2B: Performance & Scalability Analysis
```
Task:
subagent_type: "general-purpose"
description: "Performance analysis for $ARGUMENTS"
prompt: |
You are a performance engineer. Conduct a performance and scalability analysis of the target code.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## Phase 1 Context
[Insert contents of .full-review/01-quality-architecture.md -- focus on the "Critical Issues for Phase 2 Context" section]
## Instructions
Analyze for:
1. **Database performance**: N+1 queries, missing indexes, unoptimized queries, connection pool sizing
2. **Memory management**: Memory leaks, unbounded collections, large object allocation
3. **Caching opportunities**: Missing caching, stale cache risks, cache invalidation issues
4. **I/O bottlenecks**: Synchronous blocking calls, missing pagination, large payloads
5. **Concurrency issues**: Race conditions, deadlocks, thread safety
6. **Frontend performance**: Bundle size, render performance, unnecessary re-renders, missing lazy loading
7. **Scalability concerns**: Horizontal scaling barriers, stateful components, single points of failure
For each finding, provide:
- Severity (Critical / High / Medium / Low)
- Estimated performance impact
- Specific optimization recommendation with code example
Write your findings as a structured markdown document.
```
After both complete, consolidate into `.full-review/02-security-performance.md`:
```markdown
# Phase 2: Security & Performance Review
## Security Findings
[Summary from 2A, organized by severity]
## Performance Findings
[Summary from 2B, organized by severity]
## Critical Issues for Phase 3 Context
[List findings that affect testing or documentation requirements]
```
Update `state.json`: set `current_step` to "checkpoint-1", add steps 2A and 2B to `completed_steps`.
---
## PHASE CHECKPOINT 1 -- User Approval Required
Display a summary of findings from Phase 1 and Phase 2 and ask:
```
Phases 1-2 complete: Code Quality, Architecture, Security, and Performance reviews done.
Summary:
- Code Quality: [X critical, Y high, Z medium findings]
- Architecture: [X critical, Y high, Z medium findings]
- Security: [X critical, Y high, Z medium findings]
- Performance: [X critical, Y high, Z medium findings]
Please review:
- .full-review/01-quality-architecture.md
- .full-review/02-security-performance.md
1. Continue -- proceed to Testing & Documentation review
2. Fix critical issues first -- I'll address findings before continuing
3. Pause -- save progress and stop here
```
If `--strict-mode` flag is set and there are Critical findings, recommend option 2.
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Testing & Documentation Review (Steps 3A-3B)
Read `.full-review/01-quality-architecture.md` and `.full-review/02-security-performance.md` for context.
Run both agents in parallel using multiple Task tool calls in a single response.
### Step 3A: Test Coverage & Quality Analysis
```
Task:
subagent_type: "general-purpose"
description: "Test coverage analysis for $ARGUMENTS"
prompt: |
You are a test automation engineer. Evaluate the testing strategy and coverage for the target code.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## Prior Phase Context
[Insert security and performance findings from .full-review/02-security-performance.md that affect testing requirements]
## Instructions
Analyze:
1. **Test coverage**: Which code paths have tests? Which critical paths are untested?
2. **Test quality**: Are tests testing behavior or implementation? Assertion quality?
3. **Test pyramid adherence**: Unit vs integration vs E2E test ratio
4. **Edge cases**: Are boundary conditions, error paths, and concurrent scenarios tested?
5. **Test maintainability**: Test isolation, mock usage, flaky test indicators
6. **Security test gaps**: Are security-critical paths tested? Auth, input validation, etc.
7. **Performance test gaps**: Are performance-critical paths tested? Load testing?
For each finding, provide:
- Severity (Critical / High / Medium / Low)
- What is untested or poorly tested
- Specific test recommendations with example test code
Write your findings as a structured markdown document.
```
### Step 3B: Documentation & API Review
```
Task:
subagent_type: "general-purpose"
description: "Documentation review for $ARGUMENTS"
prompt: |
You are a technical documentation architect. Review documentation completeness and accuracy.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## Prior Phase Context
[Insert key findings from .full-review/01-quality-architecture.md and .full-review/02-security-performance.md]
## Instructions
Evaluate:
1. **Inline documentation**: Are complex algorithms and business logic explained?
2. **API documentation**: Are endpoints documented with examples? Request/response schemas?
3. **Architecture documentation**: ADRs, system diagrams, component documentation
4. **README completeness**: Setup instructions, development workflow, deployment guide
5. **Accuracy**: Does documentation match the actual implementation?
6. **Changelog/migration guides**: Are breaking changes documented?
For each finding, provide:
- Severity (Critical / High / Medium / Low)
- What is missing or inaccurate
- Specific documentation recommendation
Write your findings as a structured markdown document.
```
After both complete, consolidate into `.full-review/03-testing-documentation.md`:
```markdown
# Phase 3: Testing & Documentation Review
## Test Coverage Findings
[Summary from 3A, organized by severity]
## Documentation Findings
[Summary from 3B, organized by severity]
```
Update `state.json`: set `current_step` to 4, `current_phase` to 4, add steps 3A and 3B to `completed_steps`.
---
## Phase 4: Best Practices & Standards (Steps 4A-4B)
Read all previous `.full-review/*.md` files for full context.
Run both agents in parallel using multiple Task tool calls in a single response.
### Step 4A: Framework & Language Best Practices
```
Task:
subagent_type: "general-purpose"
description: "Framework best practices review for $ARGUMENTS"
prompt: |
You are an expert in modern framework and language best practices. Verify adherence to current standards.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## All Prior Findings
[Insert a concise summary of critical/high findings from all prior phases]
## Instructions
Check for:
1. **Language idioms**: Is the code idiomatic for its language? Modern syntax and features?
2. **Framework patterns**: Does it follow the framework's recommended patterns? (e.g., React hooks, Django views, Spring beans)
3. **Deprecated APIs**: Are any deprecated functions/libraries/patterns used?
4. **Modernization opportunities**: Where could modern language/framework features simplify code?
5. **Package management**: Are dependencies up-to-date? Unnecessary dependencies?
6. **Build configuration**: Is the build optimized? Development vs production settings?
For each finding, provide:
- Severity (Critical / High / Medium / Low)
- Current pattern vs recommended pattern
- Migration/fix recommendation with code example
Write your findings as a structured markdown document.
```
### Step 4B: CI/CD & DevOps Practices Review
```
Task:
subagent_type: "general-purpose"
description: "CI/CD and DevOps practices review for $ARGUMENTS"
prompt: |
You are a DevOps engineer. Review CI/CD pipeline and operational practices.
## Review Scope
[Insert contents of .full-review/00-scope.md]
## Critical Issues from Prior Phases
[Insert critical/high findings from all prior phases that impact deployment or operations]
## Instructions
Evaluate:
1. **CI/CD pipeline**: Build automation, test gates, deployment stages, security scanning
2. **Deployment strategy**: Blue-green, canary, rollback capabilities
3. **Infrastructure as Code**: Are infrastructure configs version-controlled and reviewed?
4. **Monitoring & observability**: Logging, metrics, alerting, dashboards
5. **Incident response**: Runbooks, on-call procedures, rollback plans
6. **Environment management**: Config separation, secret management, parity between environments
For each finding, provide:
- Severity (Critical / High / Medium / Low)
- Operational risk assessment
- Specific improvement recommendation
Write your findings as a structured markdown document.
```
After both complete, consolidate into `.full-review/04-best-practices.md`:
```markdown
# Phase 4: Best Practices & Standards
## Framework & Language Findings
[Summary from 4A, organized by severity]
## CI/CD & DevOps Findings
[Summary from 4B, organized by severity]
```
Update `state.json`: set `current_step` to 5, `current_phase` to 5, add steps 4A and 4B to `completed_steps`.
---
## Phase 5: Consolidated Report (Step 5)
Read all `.full-review/*.md` files. Generate the final consolidated report.
**Output file:** `.full-review/05-final-report.md`
```markdown
# Comprehensive Code Review Report
## Review Target
[From 00-scope.md]
## Executive Summary
[2-3 sentence overview of overall code health and key concerns]
## Findings by Priority
### Critical Issues (P0 -- Must Fix Immediately)
[All Critical findings from all phases, with source phase reference]
- Security vulnerabilities with CVSS > 7.0 - Security vulnerabilities with CVSS > 7.0
- Data loss or corruption risks - Data loss or corruption risks
- Authentication/authorization bypasses - Authentication/authorization bypasses
- Production stability threats - Production stability threats
- Compliance violations (GDPR, PCI DSS, SOC2)
### High Priority (P1 - Fix Before Next Release) ### High Priority (P1 -- Fix Before Next Release)
[All High findings from all phases]
- Performance bottlenecks impacting user experience - Performance bottlenecks impacting user experience
- Missing critical test coverage - Missing critical test coverage
- Architectural anti-patterns causing technical debt - Architectural anti-patterns causing technical debt
- Outdated dependencies with known vulnerabilities - Outdated dependencies with known vulnerabilities
- Code quality issues affecting maintainability
### Medium Priority (P2 - Plan for Next Sprint) ### Medium Priority (P2 -- Plan for Next Sprint)
[All Medium findings from all phases]
- Non-critical performance optimizations - Non-critical performance optimizations
- Documentation gaps and inconsistencies - Documentation gaps
- Code refactoring opportunities - Code refactoring opportunities
- Test quality improvements - Test quality improvements
- DevOps automation enhancements
### Low Priority (P3 - Track in Backlog) ### Low Priority (P3 -- Track in Backlog)
[All Low findings from all phases]
- Style guide violations - Style guide violations
- Minor code smell issues - Minor code smell issues
- Nice-to-have documentation updates - Nice-to-have improvements
- Cosmetic improvements
## Success Criteria ## Findings by Category
Review is considered successful when: - **Code Quality**: [count] findings ([breakdown by severity])
- **Architecture**: [count] findings ([breakdown by severity])
- **Security**: [count] findings ([breakdown by severity])
- **Performance**: [count] findings ([breakdown by severity])
- **Testing**: [count] findings ([breakdown by severity])
- **Documentation**: [count] findings ([breakdown by severity])
- **Best Practices**: [count] findings ([breakdown by severity])
- **CI/CD & DevOps**: [count] findings ([breakdown by severity])
- All critical security vulnerabilities are identified and documented ## Recommended Action Plan
- Performance bottlenecks are profiled with remediation paths
- Test coverage gaps are mapped with priority recommendations
- Architecture risks are assessed with mitigation strategies
- Documentation reflects actual implementation state
- Framework best practices compliance is verified
- CI/CD pipeline supports safe deployment of reviewed code
- Clear, actionable feedback is provided for all findings
- Metrics dashboard shows improvement trends
- Team has clear prioritized action plan for remediation
Target: $ARGUMENTS 1. [Ordered list of recommended actions, starting with critical/high items]
2. [Group related fixes where possible]
3. [Estimate relative effort: small/medium/large]
## Review Metadata
- Review date: [timestamp]
- Phases completed: [list]
- Flags applied: [list active flags]
```
Update `state.json`: set `status` to `"complete"`, `last_updated` to current timestamp.
---
## Completion
Present the final summary:
```
Comprehensive code review complete for: $ARGUMENTS
## Review Output Files
- Scope: .full-review/00-scope.md
- Quality & Architecture: .full-review/01-quality-architecture.md
- Security & Performance: .full-review/02-security-performance.md
- Testing & Documentation: .full-review/03-testing-documentation.md
- Best Practices: .full-review/04-best-practices.md
- Final Report: .full-review/05-final-report.md
## Summary
- Total findings: [count]
- Critical: [X] | High: [Y] | Medium: [Z] | Low: [W]
## Next Steps
1. Review the full report at .full-review/05-final-report.md
2. Address Critical (P0) issues immediately
3. Plan High (P1) fixes for current sprint
4. Add Medium (P2) and Low (P3) items to backlog
```

10
plugins/content-marketing/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "content-marketing",
"version": "1.2.0",
"description": "Content marketing strategy, web research, and information synthesis for marketing operations",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/context-management/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "context-management",
"version": "1.2.0",
"description": "Context persistence, restoration, and long-running conversation management",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/customer-sales-automation/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "customer-sales-automation",
"version": "1.2.0",
"description": "Customer support workflow automation, sales pipeline management, email campaigns, and CRM integration",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/data-engineering/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "data-engineering",
"version": "1.3.0",
"description": "ETL pipeline construction, data warehouse design, batch processing workflows, and data-driven feature development",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

918
plugins/data-engineering/commands/data-driven-feature.md
View File

@@ -1,176 +1,784 @@
# Data-Driven Feature Development ---
description: "Build features guided by data insights, A/B testing, and continuous measurement"
argument-hint: "<feature description> [--experiment-type ab|multivariate|bandit] [--confidence 0.90|0.95|0.99]"
---
Build features guided by data insights, A/B testing, and continuous measurement using specialized agents for analysis, implementation, and experimentation. # Data-Driven Feature Development Orchestrator
[Extended thinking: This workflow orchestrates a comprehensive data-driven development process from initial data analysis and hypothesis formulation through feature implementation with integrated analytics, A/B testing infrastructure, and post-launch analysis. Each phase leverages specialized agents to ensure features are built based on data insights, properly instrumented for measurement, and validated through controlled experiments. The workflow emphasizes modern product analytics practices, statistical rigor in testing, and continuous learning from user behavior.] ## CRITICAL BEHAVIORAL RULES
## Phase 1: Data Analysis and Hypothesis Formation You MUST follow these rules exactly. Violating any of them is a failure.
### 1. Exploratory Data Analysis 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
2. **Write output files.** Each step MUST produce its output file in `.data-driven-feature/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
- Use Task tool with subagent_type="machine-learning-ops::data-scientist" ## Pre-flight Checks
- Prompt: "Perform exploratory data analysis for feature: $ARGUMENTS. Analyze existing user behavior data, identify patterns and opportunities, segment users by behavior, and calculate baseline metrics. Use modern analytics tools (Amplitude, Mixpanel, Segment) to understand current user journeys, conversion funnels, and engagement patterns."
- Output: EDA report with visualizations, user segments, behavioral patterns, baseline metrics
### 2. Business Hypothesis Development Before starting, perform these checks:
- Use Task tool with subagent_type="business-analytics::business-analyst" ### 1. Check for existing session
- Context: Data scientist's EDA findings and behavioral patterns
- Prompt: "Formulate business hypotheses for feature: $ARGUMENTS based on data analysis. Define clear success metrics, expected impact on key business KPIs, target user segments, and minimum detectable effects. Create measurable hypotheses using frameworks like ICE scoring or RICE prioritization."
- Output: Hypothesis document, success metrics definition, expected ROI calculations
### 3. Statistical Experiment Design Check if `.data-driven-feature/state.json` exists:
- Use Task tool with subagent_type="machine-learning-ops::data-scientist" - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
- Context: Business hypotheses and success metrics
- Prompt: "Design statistical experiment for feature: $ARGUMENTS. Calculate required sample size for statistical power, define control and treatment groups, specify randomization strategy, and plan for multiple testing corrections. Consider Bayesian A/B testing approaches for faster decision making. Design for both primary and guardrail metrics."
- Output: Experiment design document, power analysis, statistical test plan
## Phase 2: Feature Architecture and Analytics Design ```
Found an in-progress data-driven feature session:
Feature: [name from state]
Current step: [step from state]
### 4. Feature Architecture Planning 1. Resume from where we left off
2. Start fresh (archives existing session)
```
- Use Task tool with subagent_type="data-engineering::backend-architect" - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Context: Business requirements and experiment design
- Prompt: "Design feature architecture for: $ARGUMENTS with A/B testing capability. Include feature flag integration (LaunchDarkly, Split.io, or Optimizely), gradual rollout strategy, circuit breakers for safety, and clean separation between control and treatment logic. Ensure architecture supports real-time configuration updates."
- Output: Architecture diagrams, feature flag schema, rollout strategy
### 5. Analytics Instrumentation Design ### 2. Initialize state
- Use Task tool with subagent_type="data-engineering::data-engineer" Create `.data-driven-feature/` directory and `state.json`:
- Context: Feature architecture and success metrics
- Prompt: "Design comprehensive analytics instrumentation for: $ARGUMENTS. Define event schemas for user interactions, specify properties for segmentation and analysis, design funnel tracking and conversion events, plan cohort analysis capabilities. Implement using modern SDKs (Segment, Amplitude, Mixpanel) with proper event taxonomy."
- Output: Event tracking plan, analytics schema, instrumentation guide
### 6. Data Pipeline Architecture ```json
{
- Use Task tool with subagent_type="data-engineering::data-engineer" "feature": "$ARGUMENTS",
- Context: Analytics requirements and existing data infrastructure "status": "in_progress",
- Prompt: "Design data pipelines for feature: $ARGUMENTS. Include real-time streaming for live metrics (Kafka, Kinesis), batch processing for detailed analysis, data warehouse integration (Snowflake, BigQuery), and feature store for ML if applicable. Ensure proper data governance and GDPR compliance." "experiment_type": "ab",
- Output: Pipeline architecture, ETL/ELT specifications, data flow diagrams "confidence_level": 0.95,
"current_step": 1,
## Phase 3: Implementation with Instrumentation "current_phase": 1,
"completed_steps": [],
### 7. Backend Implementation "files_created": [],
"started_at": "ISO_TIMESTAMP",
- Use Task tool with subagent_type="backend-development::backend-architect" "last_updated": "ISO_TIMESTAMP"
- Context: Architecture design and feature requirements }
- Prompt: "Implement backend for feature: $ARGUMENTS with full instrumentation. Include feature flag checks at decision points, comprehensive event tracking for all user actions, performance metrics collection, error tracking and monitoring. Implement proper logging for experiment analysis."
- Output: Backend code with analytics, feature flag integration, monitoring setup
### 8. Frontend Implementation
- Use Task tool with subagent_type="frontend-mobile-development::frontend-developer"
- Context: Backend APIs and analytics requirements
- Prompt: "Build frontend for feature: $ARGUMENTS with analytics tracking. Implement event tracking for all user interactions, session recording integration if applicable, performance metrics (Core Web Vitals), and proper error boundaries. Ensure consistent experience between control and treatment groups."
- Output: Frontend code with analytics, A/B test variants, performance monitoring
### 9. ML Model Integration (if applicable)
- Use Task tool with subagent_type="machine-learning-ops::ml-engineer"
- Context: Feature requirements and data pipelines
- Prompt: "Integrate ML models for feature: $ARGUMENTS if needed. Implement online inference with low latency, A/B testing between model versions, model performance tracking, and automatic fallback mechanisms. Set up model monitoring for drift detection."
- Output: ML pipeline, model serving infrastructure, monitoring setup
## Phase 4: Pre-Launch Validation
### 10. Analytics Validation
- Use Task tool with subagent_type="data-engineering::data-engineer"
- Context: Implemented tracking and event schemas
- Prompt: "Validate analytics implementation for: $ARGUMENTS. Test all event tracking in staging, verify data quality and completeness, validate funnel definitions, ensure proper user identification and session tracking. Run end-to-end tests for data pipeline."
- Output: Validation report, data quality metrics, tracking coverage analysis
### 11. Experiment Setup
- Use Task tool with subagent_type="cloud-infrastructure::deployment-engineer"
- Context: Feature flags and experiment design
- Prompt: "Configure experiment infrastructure for: $ARGUMENTS. Set up feature flags with proper targeting rules, configure traffic allocation (start with 5-10%), implement kill switches, set up monitoring alerts for key metrics. Test randomization and assignment logic."
- Output: Experiment configuration, monitoring dashboards, rollout plan
## Phase 5: Launch and Experimentation
### 12. Gradual Rollout
- Use Task tool with subagent_type="cloud-infrastructure::deployment-engineer"
- Context: Experiment configuration and monitoring setup
- Prompt: "Execute gradual rollout for feature: $ARGUMENTS. Start with internal dogfooding, then beta users (1-5%), gradually increase to target traffic. Monitor error rates, performance metrics, and early indicators. Implement automated rollback on anomalies."
- Output: Rollout execution, monitoring alerts, health metrics
### 13. Real-time Monitoring
- Use Task tool with subagent_type="observability-monitoring::observability-engineer"
- Context: Deployed feature and success metrics
- Prompt: "Set up comprehensive monitoring for: $ARGUMENTS. Create real-time dashboards for experiment metrics, configure alerts for statistical significance, monitor guardrail metrics for negative impacts, track system performance and error rates. Use tools like Datadog, New Relic, or custom dashboards."
- Output: Monitoring dashboards, alert configurations, SLO definitions
## Phase 6: Analysis and Decision Making
### 14. Statistical Analysis
- Use Task tool with subagent_type="machine-learning-ops::data-scientist"
- Context: Experiment data and original hypotheses
- Prompt: "Analyze A/B test results for: $ARGUMENTS. Calculate statistical significance with confidence intervals, check for segment-level effects, analyze secondary metrics impact, investigate any unexpected patterns. Use both frequentist and Bayesian approaches. Account for multiple testing if applicable."
- Output: Statistical analysis report, significance tests, segment analysis
### 15. Business Impact Assessment
- Use Task tool with subagent_type="business-analytics::business-analyst"
- Context: Statistical analysis and business metrics
- Prompt: "Assess business impact of feature: $ARGUMENTS. Calculate actual vs expected ROI, analyze impact on key business metrics, evaluate cost-benefit including operational overhead, project long-term value. Make recommendation on full rollout, iteration, or rollback."
- Output: Business impact report, ROI analysis, recommendation document
### 16. Post-Launch Optimization
- Use Task tool with subagent_type="machine-learning-ops::data-scientist"
- Context: Launch results and user feedback
- Prompt: "Identify optimization opportunities for: $ARGUMENTS based on data. Analyze user behavior patterns in treatment group, identify friction points in user journey, suggest improvements based on data, plan follow-up experiments. Use cohort analysis for long-term impact."
- Output: Optimization recommendations, follow-up experiment plans
## Configuration Options
```yaml
experiment_config:
min_sample_size: 10000
confidence_level: 0.95
runtime_days: 14
traffic_allocation: "gradual" # gradual, fixed, or adaptive
analytics_platforms:
- amplitude
- segment
- mixpanel
feature_flags:
provider: "launchdarkly" # launchdarkly, split, optimizely, unleash
statistical_methods:
- frequentist
- bayesian
monitoring:
- real_time_metrics: true
- anomaly_detection: true
- automatic_rollback: true
``` ```
## Success Criteria Parse `$ARGUMENTS` for `--experiment-type` and `--confidence` flags. Use defaults if not specified.
- **Data Coverage**: 100% of user interactions tracked with proper event schema ### 3. Parse feature description
- **Experiment Validity**: Proper randomization, sufficient statistical power, no sample ratio mismatch
- **Statistical Rigor**: Clear significance testing, proper confidence intervals, multiple testing corrections
- **Business Impact**: Measurable improvement in target metrics without degrading guardrail metrics
- **Technical Performance**: No degradation in p95 latency, error rates below 0.1%
- **Decision Speed**: Clear go/no-go decision within planned experiment runtime
- **Learning Outcomes**: Documented insights for future feature development
## Coordination Notes Extract the feature description from `$ARGUMENTS` (everything before the flags). This is referenced as `$FEATURE` in prompts below.
- Data scientists and business analysts collaborate on hypothesis formation ---
- Engineers implement with analytics as first-class requirement, not afterthought
- Feature flags enable safe experimentation without full deployments
- Real-time monitoring allows for quick iteration and rollback if needed
- Statistical rigor balanced with business practicality and speed to market
- Continuous learning loop feeds back into next feature development cycle
Feature to develop with data-driven approach: $ARGUMENTS ## Phase 1: Data Analysis & Hypothesis (Steps 13) — Interactive
### Step 1: Exploratory Data Analysis
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Perform exploratory data analysis for $FEATURE"
prompt: |
You are a data scientist specializing in product analytics. Perform exploratory data analysis for feature: $FEATURE.
## Instructions
1. Analyze existing user behavior data, identify patterns and opportunities
2. Segment users by behavior and engagement patterns
3. Calculate baseline metrics for key indicators
4. Use modern analytics tools (Amplitude, Mixpanel, Segment) to understand current user journeys, conversion funnels, and engagement patterns
5. Identify data quality issues or gaps that need addressing
Provide an EDA report with user segments, behavioral patterns, and baseline metrics.
```
Save the agent's output to `.data-driven-feature/01-eda-report.md`.
Update `state.json`: set `current_step` to 2, add `"01-eda-report.md"` to `files_created`, add step 1 to `completed_steps`.
### Step 2: Business Hypothesis Development
Read `.data-driven-feature/01-eda-report.md` to load EDA context.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Formulate business hypotheses for $FEATURE"
prompt: |
You are a business analyst specializing in data-driven product development. Formulate business hypotheses for feature: $FEATURE based on the data analysis below.
## EDA Findings
[Insert full contents of .data-driven-feature/01-eda-report.md]
## Instructions
1. Define clear success metrics and expected impact on key business KPIs
2. Identify target user segments and minimum detectable effects
3. Create measurable hypotheses using ICE or RICE prioritization frameworks
4. Calculate expected ROI and business value
Provide a hypothesis document with success metrics definition and expected ROI calculations.
```
Save the agent's output to `.data-driven-feature/02-hypotheses.md`.
Update `state.json`: set `current_step` to 3, add step 2 to `completed_steps`.
### Step 3: Statistical Experiment Design
Read `.data-driven-feature/02-hypotheses.md` to load hypothesis context.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Design statistical experiment for $FEATURE"
prompt: |
You are a data scientist specializing in experimentation and statistical analysis. Design the statistical experiment for feature: $FEATURE.
## Business Hypotheses
[Insert full contents of .data-driven-feature/02-hypotheses.md]
## Experiment Type: [from state.json]
## Confidence Level: [from state.json]
## Instructions
1. Calculate required sample size for statistical power
2. Define control and treatment groups with randomization strategy
3. Plan for multiple testing corrections if needed
4. Consider Bayesian A/B testing approaches for faster decision making
5. Design for both primary and guardrail metrics
6. Specify experiment runtime and stopping rules
Provide an experiment design document with power analysis and statistical test plan.
```
Save the agent's output to `.data-driven-feature/03-experiment-design.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 3 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
You MUST stop here and present the analysis and experiment design for review.
Display a summary of the hypotheses from `.data-driven-feature/02-hypotheses.md` and experiment design from `.data-driven-feature/03-experiment-design.md` (key metrics, target segments, sample size, experiment type) and ask:
```
Data analysis and experiment design complete. Please review:
- .data-driven-feature/01-eda-report.md
- .data-driven-feature/02-hypotheses.md
- .data-driven-feature/03-experiment-design.md
1. Approve — proceed to architecture and implementation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise and re-checkpoint. If option 3, update `state.json` status and stop.
---
## Phase 2: Architecture & Instrumentation (Steps 46)
### Step 4: Feature Architecture Planning
Read `.data-driven-feature/02-hypotheses.md` and `.data-driven-feature/03-experiment-design.md`.
Use the Task tool:
```
Task:
subagent_type: "backend-architect"
description: "Design feature architecture for $FEATURE with A/B testing capability"
prompt: |
Design the feature architecture for: $FEATURE with A/B testing capability.
## Business Hypotheses
[Insert contents of .data-driven-feature/02-hypotheses.md]
## Experiment Design
[Insert contents of .data-driven-feature/03-experiment-design.md]
## Instructions
1. Include feature flag integration (LaunchDarkly, Split.io, or Optimizely)
2. Design gradual rollout strategy with circuit breakers for safety
3. Ensure clean separation between control and treatment logic
4. Support real-time configuration updates
5. Design for proper data collection at each decision point
Provide architecture diagrams, feature flag schema, and rollout strategy.
```
Save the agent's output to `.data-driven-feature/04-architecture.md`.
Update `state.json`: set `current_step` to 5, add step 4 to `completed_steps`.
### Step 5: Analytics Instrumentation Design
Read `.data-driven-feature/04-architecture.md`.
Use the Task tool:
```
Task:
subagent_type: "data-engineer"
description: "Design analytics instrumentation for $FEATURE"
prompt: |
Design comprehensive analytics instrumentation for: $FEATURE.
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Experiment Design
[Insert contents of .data-driven-feature/03-experiment-design.md]
## Instructions
1. Define event schemas for user interactions with proper taxonomy
2. Specify properties for segmentation and analysis
3. Design funnel tracking and conversion events
4. Plan cohort analysis capabilities
5. Implement using modern SDKs (Segment, Amplitude, Mixpanel) with proper event taxonomy
Provide an event tracking plan, analytics schema, and instrumentation guide.
```
Save the agent's output to `.data-driven-feature/05-analytics-design.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Data Pipeline Architecture
Read `.data-driven-feature/05-analytics-design.md`.
Use the Task tool:
```
Task:
subagent_type: "data-engineer"
description: "Design data pipelines for $FEATURE"
prompt: |
Design data pipelines for feature: $FEATURE.
## Analytics Design
[Insert contents of .data-driven-feature/05-analytics-design.md]
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Instructions
1. Include real-time streaming for live metrics (Kafka, Kinesis)
2. Design batch processing for detailed analysis
3. Plan data warehouse integration (Snowflake, BigQuery)
4. Include feature store for ML if applicable
5. Ensure proper data governance and GDPR compliance
6. Define data retention and archival policies
Provide pipeline architecture, ETL/ELT specifications, and data flow diagrams.
```
Save the agent's output to `.data-driven-feature/06-data-pipelines.md`.
Update `state.json`: set `current_step` to "checkpoint-2", add step 6 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display a summary of the architecture, analytics design, and data pipelines and ask:
```
Architecture and instrumentation design complete. Please review:
- .data-driven-feature/04-architecture.md
- .data-driven-feature/05-analytics-design.md
- .data-driven-feature/06-data-pipelines.md
1. Approve — proceed to implementation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Implementation (Steps 79)
### Step 7: Backend Implementation
Read `.data-driven-feature/04-architecture.md` and `.data-driven-feature/05-analytics-design.md`.
Use the Task tool:
```
Task:
subagent_type: "backend-architect"
description: "Implement backend for $FEATURE with full instrumentation"
prompt: |
Implement the backend for feature: $FEATURE with full instrumentation.
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Analytics Design
[Insert contents of .data-driven-feature/05-analytics-design.md]
## Instructions
1. Include feature flag checks at decision points
2. Implement comprehensive event tracking for all user actions
3. Add performance metrics collection
4. Implement error tracking and monitoring
5. Add proper logging for experiment analysis
6. Follow the project's existing code patterns and conventions
Write all code files. Report what files were created/modified.
```
Save a summary to `.data-driven-feature/07-backend.md`.
Update `state.json`: set `current_step` to 8, add step 7 to `completed_steps`.
### Step 8: Frontend Implementation
Read `.data-driven-feature/04-architecture.md`, `.data-driven-feature/05-analytics-design.md`, and `.data-driven-feature/07-backend.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement frontend for $FEATURE with analytics tracking"
prompt: |
You are a frontend developer. Build the frontend for feature: $FEATURE with analytics tracking.
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Analytics Design
[Insert contents of .data-driven-feature/05-analytics-design.md]
## Backend Implementation
[Insert contents of .data-driven-feature/07-backend.md]
## Instructions
1. Implement event tracking for all user interactions
2. Build A/B test variants with proper variant assignment
3. Add session recording integration if applicable
4. Track performance metrics (Core Web Vitals)
5. Add proper error boundaries
6. Ensure consistent experience between control and treatment groups
7. Follow the project's existing frontend patterns and conventions
Write all code files. Report what files were created/modified.
```
Save a summary to `.data-driven-feature/08-frontend.md`.
**Note:** If the feature has no frontend component (pure backend/API/pipeline), skip this step — write a brief note in `08-frontend.md` explaining why it was skipped, and continue.
Update `state.json`: set `current_step` to 9, add step 8 to `completed_steps`.
### Step 9: ML Model Integration (if applicable)
Read `.data-driven-feature/04-architecture.md` and `.data-driven-feature/06-data-pipelines.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Integrate ML models for $FEATURE"
prompt: |
You are an ML engineer. Integrate ML models for feature: $FEATURE if needed.
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Data Pipelines
[Insert contents of .data-driven-feature/06-data-pipelines.md]
## Instructions
1. Implement online inference with low latency
2. Set up A/B testing between model versions
3. Add model performance tracking and drift detection
4. Implement automatic fallback mechanisms
5. Set up model monitoring dashboards
If no ML component is needed for this feature, explain why and skip.
Write all code files. Report what files were created/modified.
```
Save a summary to `.data-driven-feature/09-ml-integration.md`.
Update `state.json`: set `current_step` to "checkpoint-3", add step 9 to `completed_steps`.
---
## PHASE CHECKPOINT 3 — User Approval Required
Display a summary of the implementation and ask:
```
Implementation complete. Please review:
- .data-driven-feature/07-backend.md
- .data-driven-feature/08-frontend.md
- .data-driven-feature/09-ml-integration.md
1. Approve — proceed to validation and launch
2. Request changes — tell me what to fix
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 4 until the user approves.
---
## Phase 4: Validation & Launch (Steps 1013)
### Step 10: Analytics Validation
Read `.data-driven-feature/05-analytics-design.md`, `.data-driven-feature/07-backend.md`, and `.data-driven-feature/08-frontend.md`.
Use the Task tool:
```
Task:
subagent_type: "data-engineer"
description: "Validate analytics implementation for $FEATURE"
prompt: |
Validate the analytics implementation for: $FEATURE.
## Analytics Design
[Insert contents of .data-driven-feature/05-analytics-design.md]
## Backend Implementation
[Insert contents of .data-driven-feature/07-backend.md]
## Frontend Implementation
[Insert contents of .data-driven-feature/08-frontend.md]
## Instructions
1. Test all event tracking in staging environment
2. Verify data quality and completeness
3. Validate funnel definitions and conversion tracking
4. Ensure proper user identification and session tracking
5. Run end-to-end tests for data pipeline
6. Check for tracking gaps or inconsistencies
Provide a validation report with data quality metrics and tracking coverage analysis.
```
Save the agent's output to `.data-driven-feature/10-analytics-validation.md`.
Update `state.json`: set `current_step` to 11, add step 10 to `completed_steps`.
### Step 11: Experiment Setup & Deployment
Read `.data-driven-feature/03-experiment-design.md` and `.data-driven-feature/04-architecture.md`.
Launch two agents in parallel using multiple Task tool calls in a single response:
**11a. Experiment Infrastructure:**
```
Task:
subagent_type: "general-purpose"
description: "Configure experiment infrastructure for $FEATURE"
prompt: |
You are a deployment engineer specializing in experimentation platforms. Configure experiment infrastructure for: $FEATURE.
## Experiment Design
[Insert contents of .data-driven-feature/03-experiment-design.md]
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Instructions
1. Set up feature flags with proper targeting rules
2. Configure traffic allocation (start with 5-10%)
3. Implement kill switches for safety
4. Set up monitoring alerts for key metrics
5. Test randomization and assignment logic
6. Create rollback procedures
Provide experiment configuration, monitoring dashboards, and rollout plan.
```
**11b. Monitoring Setup:**
```
Task:
subagent_type: "general-purpose"
description: "Set up monitoring for $FEATURE experiment"
prompt: |
You are an observability engineer. Set up comprehensive monitoring for: $FEATURE.
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Experiment Design
[Insert contents of .data-driven-feature/03-experiment-design.md]
## Analytics Design
[Insert contents of .data-driven-feature/05-analytics-design.md]
## Instructions
1. Create real-time dashboards for experiment metrics
2. Configure alerts for statistical significance milestones
3. Monitor guardrail metrics for negative impacts
4. Track system performance and error rates
5. Define SLOs for the experiment period
6. Use tools like Datadog, New Relic, or custom dashboards
Provide monitoring dashboard configs, alert definitions, and SLO specifications.
```
After both complete, consolidate results into `.data-driven-feature/11-experiment-setup.md`:
```markdown
# Experiment Setup: $FEATURE
## Experiment Infrastructure
[Summary from 11a — feature flags, traffic allocation, rollback plan]
## Monitoring Configuration
[Summary from 11b — dashboards, alerts, SLOs]
```
Update `state.json`: set `current_step` to 12, add step 11 to `completed_steps`.
### Step 12: Gradual Rollout
Read `.data-driven-feature/11-experiment-setup.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create gradual rollout plan for $FEATURE"
prompt: |
You are a deployment engineer. Create a detailed gradual rollout plan for feature: $FEATURE.
## Experiment Setup
[Insert contents of .data-driven-feature/11-experiment-setup.md]
## Instructions
1. Define rollout stages: internal dogfooding → beta (1-5%) → gradual increase to target traffic
2. Specify health checks and go/no-go criteria for each stage
3. Define monitoring checkpoints and metrics thresholds
4. Create automated rollback triggers for anomalies
5. Document manual rollback procedures
Provide a stage-by-stage rollout plan with decision criteria.
```
Save the agent's output to `.data-driven-feature/12-rollout-plan.md`.
Update `state.json`: set `current_step` to 13, add step 12 to `completed_steps`.
### Step 13: Security Review
Read `.data-driven-feature/04-architecture.md`, `.data-driven-feature/07-backend.md`, and `.data-driven-feature/08-frontend.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Security review of $FEATURE"
prompt: |
You are a security auditor. Perform a security review of this data-driven feature implementation.
## Architecture
[Insert contents of .data-driven-feature/04-architecture.md]
## Backend Implementation
[Insert contents of .data-driven-feature/07-backend.md]
## Frontend Implementation
[Insert contents of .data-driven-feature/08-frontend.md]
## Instructions
Review for: OWASP Top 10, data privacy and GDPR compliance, PII handling in analytics events,
authentication/authorization flaws, input validation gaps, experiment manipulation risks,
and any security anti-patterns.
Provide findings with severity, location, and specific fix recommendations.
```
Save the agent's output to `.data-driven-feature/13-security-review.md`.
If there are Critical or High severity findings, address them now before proceeding. Apply fixes and re-validate.
Update `state.json`: set `current_step` to "checkpoint-4", add step 13 to `completed_steps`.
---
## PHASE CHECKPOINT 4 — User Approval Required
Display a summary of validation and launch readiness and ask:
```
Validation and launch preparation complete. Please review:
- .data-driven-feature/10-analytics-validation.md
- .data-driven-feature/11-experiment-setup.md
- .data-driven-feature/12-rollout-plan.md
- .data-driven-feature/13-security-review.md
Security findings: [X critical, Y high, Z medium]
1. Approve — proceed to analysis planning
2. Request changes — tell me what to fix
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 5 until the user approves.
---
## Phase 5: Analysis & Decision (Steps 1416)
### Step 14: Statistical Analysis
Read `.data-driven-feature/03-experiment-design.md` and `.data-driven-feature/02-hypotheses.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create statistical analysis plan for $FEATURE experiment"
prompt: |
You are a data scientist specializing in experimentation. Create the statistical analysis plan for the A/B test results of: $FEATURE.
## Experiment Design
[Insert contents of .data-driven-feature/03-experiment-design.md]
## Hypotheses
[Insert contents of .data-driven-feature/02-hypotheses.md]
## Instructions
1. Define statistical significance calculations with confidence intervals
2. Plan segment-level effect analysis
3. Specify secondary metrics impact analysis
4. Use both frequentist and Bayesian approaches
5. Account for multiple testing corrections
6. Define stopping rules and decision criteria
Provide an analysis plan with templates for results reporting.
```
Save the agent's output to `.data-driven-feature/14-analysis-plan.md`.
Update `state.json`: set `current_step` to 15, add step 14 to `completed_steps`.
### Step 15: Business Impact Assessment Framework
Read `.data-driven-feature/02-hypotheses.md` and `.data-driven-feature/14-analysis-plan.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create business impact assessment framework for $FEATURE"
prompt: |
You are a business analyst. Create a business impact assessment framework for feature: $FEATURE.
## Hypotheses
[Insert contents of .data-driven-feature/02-hypotheses.md]
## Analysis Plan
[Insert contents of .data-driven-feature/14-analysis-plan.md]
## Instructions
1. Define actual vs expected ROI calculation methodology
2. Create a framework for analyzing impact on key business metrics
3. Plan cost-benefit analysis including operational overhead
4. Define criteria for full rollout, iteration, or rollback decisions
5. Create templates for stakeholder reporting
Provide a business impact framework and decision matrix.
```
Save the agent's output to `.data-driven-feature/15-impact-framework.md`.
Update `state.json`: set `current_step` to 16, add step 15 to `completed_steps`.
### Step 16: Optimization Roadmap
Read `.data-driven-feature/14-analysis-plan.md` and `.data-driven-feature/15-impact-framework.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create post-launch optimization roadmap for $FEATURE"
prompt: |
You are a data scientist specializing in product optimization. Create a post-launch optimization roadmap for: $FEATURE.
## Analysis Plan
[Insert contents of .data-driven-feature/14-analysis-plan.md]
## Impact Framework
[Insert contents of .data-driven-feature/15-impact-framework.md]
## Instructions
1. Define user behavior analysis methodology for treatment group
2. Plan friction point identification in user journeys
3. Suggest improvement hypotheses based on expected data patterns
4. Plan follow-up experiments and iteration cycles
5. Design cohort analysis for long-term impact assessment
6. Create a continuous learning feedback loop
Provide an optimization roadmap with follow-up experiment plans.
```
Save the agent's output to `.data-driven-feature/16-optimization-roadmap.md`.
Update `state.json`: set `current_step` to "complete", add step 16 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Data-driven feature development complete: $FEATURE
## Files Created
[List all .data-driven-feature/ output files]
## Development Summary
- EDA Report: .data-driven-feature/01-eda-report.md
- Hypotheses: .data-driven-feature/02-hypotheses.md
- Experiment Design: .data-driven-feature/03-experiment-design.md
- Architecture: .data-driven-feature/04-architecture.md
- Analytics Design: .data-driven-feature/05-analytics-design.md
- Data Pipelines: .data-driven-feature/06-data-pipelines.md
- Backend: .data-driven-feature/07-backend.md
- Frontend: .data-driven-feature/08-frontend.md
- ML Integration: .data-driven-feature/09-ml-integration.md
- Analytics Validation: .data-driven-feature/10-analytics-validation.md
- Experiment Setup: .data-driven-feature/11-experiment-setup.md
- Rollout Plan: .data-driven-feature/12-rollout-plan.md
- Security Review: .data-driven-feature/13-security-review.md
- Analysis Plan: .data-driven-feature/14-analysis-plan.md
- Impact Framework: .data-driven-feature/15-impact-framework.md
- Optimization Roadmap: .data-driven-feature/16-optimization-roadmap.md
## Next Steps
1. Review all generated artifacts and documentation
2. Execute the rollout plan in .data-driven-feature/12-rollout-plan.md
3. Monitor using the dashboards from .data-driven-feature/11-experiment-setup.md
4. Run analysis after experiment completes using .data-driven-feature/14-analysis-plan.md
5. Make go/no-go decision using .data-driven-feature/15-impact-framework.md
```

10
plugins/data-validation-suite/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "data-validation-suite",
"version": "1.2.0",
"description": "Schema validation, data quality monitoring, streaming validation pipelines, and input validation for backend APIs",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/database-cloud-optimization/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "database-cloud-optimization",
"version": "1.2.0",
"description": "Database query optimization, cloud cost optimization, and scalability improvements",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/database-design/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "database-design",
"version": "1.2.0",
"description": "Database architecture, schema design, and SQL optimization for production systems",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/database-migrations/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "database-migrations",
"version": "1.2.0",
"description": "Database migration automation, observability, and cross-database migration strategies",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/debugging-toolkit/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "debugging-toolkit",
"version": "1.2.0",
"description": "Interactive debugging, developer experience optimization, and smart debugging workflows",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/dependency-management/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "dependency-management",
"version": "1.2.0",
"description": "Dependency auditing, version management, and security vulnerability scanning",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/deployment-strategies/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "deployment-strategies",
"version": "1.2.0",
"description": "Deployment patterns, rollback automation, and infrastructure templates",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/deployment-validation/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "deployment-validation",
"version": "1.2.0",
"description": "Pre-deployment checks, configuration validation, and deployment readiness assessment",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/developer-essentials/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "developer-essentials",
"version": "1.0.1",
"description": "Essential developer skills including Git workflows, SQL optimization, error handling, code review, E2E testing, authentication, debugging, and monorepo management",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/distributed-debugging/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "distributed-debugging",
"version": "1.2.0",
"description": "Distributed system tracing and debugging across microservices",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/documentation-generation/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "documentation-generation",
"version": "1.2.1",
"description": "OpenAPI specification generation, Mermaid diagram creation, tutorial writing, API reference documentation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/dotnet-contribution/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "dotnet-contribution",
"version": "1.0.0",
"description": "Comprehensive .NET backend development with C#, ASP.NET Core, Entity Framework Core, and Dapper for production-grade applications",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/error-debugging/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "error-debugging",
"version": "1.2.0",
"description": "Error analysis, trace debugging, and multi-agent problem diagnosis",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/error-diagnostics/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "error-diagnostics",
"version": "1.2.0",
"description": "Error tracing, root cause analysis, and smart debugging for production systems",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/framework-migration/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "framework-migration",
"version": "1.3.0",
"description": "Framework updates, migration planning, and architectural transformation workflows",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

696
plugins/framework-migration/commands/legacy-modernize.md
View File

@@ -1,123 +1,659 @@
---
description: "Orchestrate legacy system modernization using the strangler fig pattern with gradual component replacement"
argument-hint: "<legacy codebase path or description> [--strategy parallel-systems|big-bang|by-feature|database-first|api-first]"
---
# Legacy Code Modernization Workflow # Legacy Code Modernization Workflow
Orchestrate a comprehensive legacy system modernization using the strangler fig pattern, enabling gradual replacement of outdated components while maintaining continuous business operations through expert agent coordination. ## CRITICAL BEHAVIORAL RULES
[Extended thinking: The strangler fig pattern, named after the tropical fig tree that gradually envelops and replaces its host, represents the gold standard for risk-managed legacy modernization. This workflow implements a systematic approach where new functionality gradually replaces legacy components, allowing both systems to coexist during transition. By orchestrating specialized agents for assessment, testing, security, and implementation, we ensure each migration phase is validated before proceeding, minimizing disruption while maximizing modernization velocity.] You MUST follow these rules exactly. Violating any of them is a failure.
## Phase 1: Legacy Assessment and Risk Analysis 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
2. **Write output files.** Each step MUST produce its output file in `.legacy-modernize/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
### 1. Comprehensive Legacy System Analysis ## Pre-flight Checks
- Use Task tool with subagent_type="legacy-modernizer" Before starting, perform these checks:
- Prompt: "Analyze the legacy codebase at $ARGUMENTS. Document technical debt inventory including: outdated dependencies, deprecated APIs, security vulnerabilities, performance bottlenecks, and architectural anti-patterns. Generate a modernization readiness report with component complexity scores (1-10), dependency mapping, and database coupling analysis. Identify quick wins vs complex refactoring targets."
- Expected output: Detailed assessment report with risk matrix and modernization priorities
### 2. Dependency and Integration Mapping ### 1. Check for existing session
- Use Task tool with subagent_type="architect-review" Check if `.legacy-modernize/state.json` exists:
- Prompt: "Based on the legacy assessment report, create a comprehensive dependency graph showing: internal module dependencies, external service integrations, shared database schemas, and cross-system data flows. Identify integration points that will require facade patterns or adapter layers during migration. Highlight circular dependencies and tight coupling that need resolution."
- Context from previous: Legacy assessment report, component complexity scores
- Expected output: Visual dependency map and integration point catalog
### 3. Business Impact and Risk Assessment - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
- Use Task tool with subagent_type="business-analytics::business-analyst" ```
- Prompt: "Evaluate business impact of modernizing each component identified. Create risk assessment matrix considering: business criticality (revenue impact), user traffic patterns, data sensitivity, regulatory requirements, and fallback complexity. Prioritize components using a weighted scoring system: (Business Value × 0.4) + (Technical Risk × 0.3) + (Quick Win Potential × 0.3). Define rollback strategies for each component." Found an in-progress legacy modernization session:
- Context from previous: Component inventory, dependency mapping Target: [target from state]
- Expected output: Prioritized migration roadmap with risk mitigation strategies Current step: [step from state]
## Phase 2: Test Coverage Establishment 1. Resume from where we left off
2. Start fresh (archives existing session)
```
### 1. Legacy Code Test Coverage Analysis - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Use Task tool with subagent_type="unit-testing::test-automator" ### 2. Initialize state
- Prompt: "Analyze existing test coverage for legacy components at $ARGUMENTS. Use coverage tools to identify untested code paths, missing integration tests, and absent end-to-end scenarios. For components with <40% coverage, generate characterization tests that capture current behavior without modifying functionality. Create test harness for safe refactoring."
- Expected output: Test coverage report and characterization test suite
### 2. Contract Testing Implementation Create `.legacy-modernize/` directory and `state.json`:
- Use Task tool with subagent_type="unit-testing::test-automator" ```json
- Prompt: "Implement contract tests for all integration points identified in dependency mapping. Create consumer-driven contracts for APIs, message queue interactions, and database schemas. Set up contract verification in CI/CD pipeline. Generate performance baselines for response times and throughput to validate modernized components maintain SLAs." {
- Context from previous: Integration point catalog, existing test coverage "target": "$ARGUMENTS",
- Expected output: Contract test suite with performance baselines "status": "in_progress",
"strategy": "parallel-systems",
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
### 3. Test Data Management Strategy Parse `$ARGUMENTS` for `--strategy` flag. Use `parallel-systems` as default if not specified.
- Use Task tool with subagent_type="data-engineering::data-engineer" ### 3. Parse target description
- Prompt: "Design test data management strategy for parallel system operation. Create data generation scripts for edge cases, implement data masking for sensitive information, and establish test database refresh procedures. Set up monitoring for data consistency between legacy and modernized components during migration."
- Context from previous: Database schemas, test requirements
- Expected output: Test data pipeline and consistency monitoring
## Phase 3: Incremental Migration Implementation Extract the target description from `$ARGUMENTS` (everything before the flags). This is referenced as `$TARGET` in prompts below.
### 1. Strangler Fig Infrastructure Setup ---
- Use Task tool with subagent_type="backend-development::backend-architect" ## Phase 1: Legacy Assessment and Risk Analysis (Steps 13)
- Prompt: "Implement strangler fig infrastructure with API gateway for traffic routing. Configure feature flags for gradual rollout using environment variables or feature management service. Set up proxy layer with request routing rules based on: URL patterns, headers, or user segments. Implement circuit breakers and fallback mechanisms for resilience. Create observability dashboard for dual-system monitoring."
- Expected output: API gateway configuration, feature flag system, monitoring dashboard
### 2. Component Modernization - First Wave ### Step 1: Comprehensive Legacy System Analysis
- Use Task tool with subagent_type="python-development::python-pro" or "golang-pro" (based on target stack) Use the Task tool with subagent_type="legacy-modernizer":
- Prompt: "Modernize first-wave components (quick wins identified in assessment). For each component: extract business logic from legacy code, implement using modern patterns (dependency injection, SOLID principles), ensure backward compatibility through adapter patterns, maintain data consistency with event sourcing or dual writes. Follow 12-factor app principles. Components to modernize: [list from prioritized roadmap]"
- Context from previous: Characterization tests, contract tests, infrastructure setup
- Expected output: Modernized components with adapters
### 3. Security Hardening ```
Task:
subagent_type: "legacy-modernizer"
description: "Analyze legacy codebase for modernization readiness"
prompt: |
Analyze the legacy codebase at $TARGET. Document a technical debt inventory including:
- Outdated dependencies and deprecated APIs
- Security vulnerabilities and performance bottlenecks
- Architectural anti-patterns
- Use Task tool with subagent_type="security-scanning::security-auditor" Generate a modernization readiness report with:
- Prompt: "Audit modernized components for security vulnerabilities. Implement security improvements including: OAuth 2.0/JWT authentication, role-based access control, input validation and sanitization, SQL injection prevention, XSS protection, and secrets management. Verify OWASP top 10 compliance. Configure security headers and implement rate limiting." - Component complexity scores (1-10)
- Context from previous: Modernized component code - Dependency mapping between modules
- Expected output: Security audit report and hardened components - Database coupling analysis
- Quick wins vs complex refactoring targets
## Phase 4: Performance Validation and Optimization Write your complete assessment as a single markdown document.
```
### 1. Performance Testing and Optimization Save the agent's output to `.legacy-modernize/01-legacy-assessment.md`.
- Use Task tool with subagent_type="application-performance::performance-engineer" Update `state.json`: set `current_step` to 2, add `"01-legacy-assessment.md"` to `files_created`, add step 1 to `completed_steps`.
- Prompt: "Conduct performance testing comparing legacy vs modernized components. Run load tests simulating production traffic patterns, measure response times, throughput, and resource utilization. Identify performance regressions and optimize: database queries with indexing, caching strategies (Redis/Memcached), connection pooling, and async processing where applicable. Validate against SLA requirements."
- Context from previous: Performance baselines, modernized components
- Expected output: Performance test results and optimization recommendations
### 2. Progressive Rollout and Monitoring ### Step 2: Dependency and Integration Mapping
- Use Task tool with subagent_type="deployment-strategies::deployment-engineer" Read `.legacy-modernize/01-legacy-assessment.md` to load assessment context.
- Prompt: "Implement progressive rollout strategy using feature flags. Start with 5% traffic to modernized components, monitor error rates, latency, and business metrics. Define automatic rollback triggers: error rate >1%, latency >2x baseline, or business metric degradation. Create runbook for traffic shifting: 5% → 25% → 50% → 100% with 24-hour observation periods."
- Context from previous: Feature flag configuration, monitoring dashboard
- Expected output: Rollout plan with automated safeguards
## Phase 5: Migration Completion and Documentation Use the Task tool with subagent_type="architect-review":
### 1. Legacy Component Decommissioning ```
Task:
subagent_type: "architect-review"
description: "Create dependency graph and integration point catalog"
prompt: |
Based on the legacy assessment report below, create a comprehensive dependency graph.
- Use Task tool with subagent_type="legacy-modernizer" ## Legacy Assessment
- Prompt: "Plan safe decommissioning of replaced legacy components. Verify no remaining dependencies through traffic analysis (minimum 30 days at 0% traffic). Archive legacy code with documentation of original functionality. Update CI/CD pipelines to remove legacy builds. Clean up unused database tables and remove deprecated API endpoints. Document any retained legacy components with sunset timeline." [Insert full contents of .legacy-modernize/01-legacy-assessment.md]
- Context from previous: Traffic routing data, modernization status
- Expected output: Decommissioning checklist and timeline
### 2. Documentation and Knowledge Transfer ## Deliverables
1. Internal module dependencies
2. External service integrations
3. Shared database schemas and cross-system data flows
4. Integration points requiring facade patterns or adapter layers during migration
5. Circular dependencies and tight coupling that need resolution
- Use Task tool with subagent_type="documentation-generation::docs-architect" Write your complete dependency analysis as a single markdown document.
- Prompt: "Create comprehensive modernization documentation including: architectural diagrams (before/after), API documentation with migration guides, runbooks for dual-system operation, troubleshooting guides for common issues, and lessons learned report. Generate developer onboarding guide for modernized system. Document technical decisions and trade-offs made during migration." ```
- Context from previous: All migration artifacts and decisions
- Expected output: Complete modernization documentation package
## Configuration Options Save the agent's output to `.legacy-modernize/02-dependency-map.md`.
- **--parallel-systems**: Keep both systems running indefinitely (for gradual migration) Update `state.json`: set `current_step` to 3, add step 2 to `completed_steps`.
- **--big-bang**: Full cutover after validation (higher risk, faster completion)
- **--by-feature**: Migrate complete features rather than technical components ### Step 3: Business Impact and Risk Assessment
- **--database-first**: Prioritize database modernization before application layer
- **--api-first**: Modernize API layer while maintaining legacy backend Read `.legacy-modernize/01-legacy-assessment.md` and `.legacy-modernize/02-dependency-map.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Evaluate business impact and create migration roadmap"
prompt: |
You are a business analyst specializing in technology transformation and risk assessment.
Evaluate the business impact of modernizing each component identified in the assessment and dependency analysis below.
## Legacy Assessment
[Insert contents of .legacy-modernize/01-legacy-assessment.md]
## Dependency Map
[Insert contents of .legacy-modernize/02-dependency-map.md]
## Deliverables
1. Risk assessment matrix considering: business criticality (revenue impact), user traffic patterns, data sensitivity, regulatory requirements, and fallback complexity
2. Prioritized components using weighted scoring: (Business Value x 0.4) + (Technical Risk x 0.3) + (Quick Win Potential x 0.3)
3. Rollback strategies for each component
4. Recommended migration order
Write your complete business impact analysis as a single markdown document.
```
Save the agent's output to `.legacy-modernize/03-business-impact.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 3 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
You MUST stop here and present the assessment for review.
Display a summary of findings from the Phase 1 output files (key components, risk levels, recommended migration order) and ask:
```
Legacy assessment and risk analysis complete. Please review:
- .legacy-modernize/01-legacy-assessment.md
- .legacy-modernize/02-dependency-map.md
- .legacy-modernize/03-business-impact.md
1. Approve — proceed to test coverage establishment
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise and re-checkpoint. If option 3, update `state.json` status and stop.
---
## Phase 2: Test Coverage Establishment (Steps 46)
### Step 4: Legacy Code Test Coverage Analysis
Read `.legacy-modernize/01-legacy-assessment.md` and `.legacy-modernize/03-business-impact.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Analyze and establish test coverage for legacy components"
prompt: |
You are a test automation engineer specializing in legacy system characterization testing.
Analyze existing test coverage for legacy components at $TARGET.
## Legacy Assessment
[Insert contents of .legacy-modernize/01-legacy-assessment.md]
## Migration Priorities
[Insert contents of .legacy-modernize/03-business-impact.md]
## Instructions
1. Use coverage tools to identify untested code paths, missing integration tests, and absent end-to-end scenarios
2. For components with <40% coverage, generate characterization tests that capture current behavior without modifying functionality
3. Create a test harness for safe refactoring
4. Follow existing test patterns and frameworks in the project
Write all test files and report what was created. Provide a coverage summary.
```
Save the agent's output to `.legacy-modernize/04-test-coverage.md`.
Update `state.json`: set `current_step` to 5, add step 4 to `completed_steps`.
### Step 5: Contract Testing Implementation
Read `.legacy-modernize/02-dependency-map.md` and `.legacy-modernize/04-test-coverage.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Implement contract tests for integration points"
prompt: |
You are a test automation engineer specializing in contract testing and API verification.
Implement contract tests for all integration points identified in the dependency mapping.
## Dependency Map
[Insert contents of .legacy-modernize/02-dependency-map.md]
## Existing Test Coverage
[Insert contents of .legacy-modernize/04-test-coverage.md]
## Instructions
1. Create consumer-driven contracts for APIs, message queue interactions, and database schemas
2. Set up contract verification in CI/CD pipeline
3. Generate performance baselines for response times and throughput to validate modernized components maintain SLAs
4. Follow existing test patterns and frameworks in the project
Write all test files and report what was created.
```
Save the agent's output to `.legacy-modernize/05-contract-tests.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Test Data Management Strategy
Read `.legacy-modernize/02-dependency-map.md` and `.legacy-modernize/04-test-coverage.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Design test data management for parallel system operation"
prompt: |
You are a data engineer specializing in test data management and data pipeline design.
Design a test data management strategy for parallel system operation during migration.
## Dependency Map
[Insert contents of .legacy-modernize/02-dependency-map.md]
## Test Coverage
[Insert contents of .legacy-modernize/04-test-coverage.md]
## Instructions
1. Create data generation scripts for edge cases
2. Implement data masking for sensitive information
3. Establish test database refresh procedures
4. Set up monitoring for data consistency between legacy and modernized components during migration
Write all configuration and script files. Report what was created.
```
Save the agent's output to `.legacy-modernize/06-test-data.md`.
Update `state.json`: set `current_step` to "checkpoint-2", add step 6 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display a summary of test coverage establishment from Phase 2 output files and ask:
```
Test coverage establishment complete. Please review:
- .legacy-modernize/04-test-coverage.md
- .legacy-modernize/05-contract-tests.md
- .legacy-modernize/06-test-data.md
1. Approve — proceed to incremental migration implementation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Incremental Migration Implementation (Steps 79)
### Step 7: Strangler Fig Infrastructure Setup
Read `.legacy-modernize/02-dependency-map.md` and `.legacy-modernize/03-business-impact.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Implement strangler fig infrastructure with API gateway and feature flags"
prompt: |
You are a backend architect specializing in distributed systems and migration infrastructure.
Implement strangler fig infrastructure for the legacy modernization.
## Dependency Map
[Insert contents of .legacy-modernize/02-dependency-map.md]
## Migration Priorities
[Insert contents of .legacy-modernize/03-business-impact.md]
## Instructions
1. Configure API gateway for traffic routing between legacy and modern components
2. Set up feature flags for gradual rollout using environment variables or feature management service
3. Implement proxy layer with request routing rules based on URL patterns, headers, or user segments
4. Implement circuit breakers and fallback mechanisms for resilience
5. Create observability dashboard for dual-system monitoring
6. Follow existing infrastructure patterns in the project
Write all configuration files. Report what was created/modified.
```
Save the agent's output to `.legacy-modernize/07-infrastructure.md`.
Update `state.json`: set `current_step` to 8, add step 7 to `completed_steps`.
### Step 8: Component Modernization — First Wave
Read `.legacy-modernize/01-legacy-assessment.md`, `.legacy-modernize/03-business-impact.md`, `.legacy-modernize/04-test-coverage.md`, and `.legacy-modernize/07-infrastructure.md`.
Detect the target language/stack from the legacy assessment. Use the Task tool with subagent_type="general-purpose", providing role context matching the target stack:
```
Task:
subagent_type: "general-purpose"
description: "Modernize first-wave components from legacy assessment"
prompt: |
You are an expert [DETECTED LANGUAGE] developer specializing in legacy code modernization
and migration to modern frameworks and patterns.
Modernize first-wave components (quick wins identified in assessment).
## Legacy Assessment
[Insert contents of .legacy-modernize/01-legacy-assessment.md]
## Migration Priorities
[Insert contents of .legacy-modernize/03-business-impact.md]
## Test Coverage
[Insert contents of .legacy-modernize/04-test-coverage.md]
## Infrastructure
[Insert contents of .legacy-modernize/07-infrastructure.md]
## Instructions
For each component in the first wave:
1. Extract business logic from legacy code
2. Implement using modern patterns (dependency injection, SOLID principles)
3. Ensure backward compatibility through adapter patterns
4. Maintain data consistency with event sourcing or dual writes
5. Follow 12-factor app principles
6. Run characterization tests to verify preserved behavior
Write all code files. Report what files were created/modified.
```
**Note:** Replace `[DETECTED LANGUAGE]` with the actual language detected from the legacy assessment (e.g., "Python", "TypeScript", "Go", "Rust", "Java"). If the codebase is polyglot, launch parallel agents for each language.
Save the agent's output to `.legacy-modernize/08-first-wave.md`.
Update `state.json`: set `current_step` to 9, add step 8 to `completed_steps`.
### Step 9: Security Hardening
Read `.legacy-modernize/08-first-wave.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Security audit and hardening of modernized components"
prompt: |
You are a security engineer specializing in application security auditing,
OWASP compliance, and secure coding practices.
Audit modernized components for security vulnerabilities and implement hardening.
## Modernized Components
[Insert contents of .legacy-modernize/08-first-wave.md]
## Instructions
1. Implement OAuth 2.0/JWT authentication where applicable
2. Add role-based access control
3. Implement input validation and sanitization
4. Verify SQL injection prevention and XSS protection
5. Configure secrets management
6. Verify OWASP Top 10 compliance
7. Configure security headers and implement rate limiting
Provide a security audit report with findings by severity (Critical/High/Medium/Low)
and list all hardening changes made. Write all code changes.
```
Save the agent's output to `.legacy-modernize/09-security.md`.
Update `state.json`: set `current_step` to "checkpoint-3", add step 9 to `completed_steps`.
---
## PHASE CHECKPOINT 3 — User Approval Required
Display a summary of migration implementation from Phase 3 output files and ask:
```
Incremental migration implementation complete. Please review:
- .legacy-modernize/07-infrastructure.md
- .legacy-modernize/08-first-wave.md
- .legacy-modernize/09-security.md
Security findings: [summarize Critical/High/Medium counts from 09-security.md]
1. Approve — proceed to performance validation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 4 until the user approves.
---
## Phase 4: Performance Validation and Rollout (Steps 1011)
### Step 10: Performance Testing and Optimization
Read `.legacy-modernize/05-contract-tests.md` and `.legacy-modernize/08-first-wave.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Performance testing of modernized vs legacy components"
prompt: |
You are a performance engineer specializing in load testing, benchmarking,
and application performance optimization.
Conduct performance testing comparing legacy vs modernized components.
## Contract Tests and Baselines
[Insert contents of .legacy-modernize/05-contract-tests.md]
## Modernized Components
[Insert contents of .legacy-modernize/08-first-wave.md]
## Instructions
1. Run load tests simulating production traffic patterns
2. Measure response times, throughput, and resource utilization
3. Identify performance regressions and optimize: database queries with indexing, caching strategies, connection pooling, and async processing
4. Validate against SLA requirements (P95 latency within 110% of baseline)
Provide performance test results with comparison tables and optimization recommendations.
```
Save the agent's output to `.legacy-modernize/10-performance.md`.
Update `state.json`: set `current_step` to 11, add step 10 to `completed_steps`.
### Step 11: Progressive Rollout Plan
Read `.legacy-modernize/07-infrastructure.md` and `.legacy-modernize/10-performance.md`.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Create progressive rollout strategy with automated safeguards"
prompt: |
You are a deployment engineer specializing in progressive delivery,
feature flag management, and production rollout strategies.
Implement a progressive rollout strategy for the modernized components.
## Infrastructure
[Insert contents of .legacy-modernize/07-infrastructure.md]
## Performance Results
[Insert contents of .legacy-modernize/10-performance.md]
## Instructions
1. Configure feature flags for traffic shifting: 5% -> 25% -> 50% -> 100%
2. Define automatic rollback triggers: error rate >1%, latency >2x baseline, or business metric degradation
3. Set 24-hour observation periods between each stage
4. Create runbook for the complete traffic shifting process
5. Include monitoring queries and dashboards for each stage
Write all configuration files and the rollout runbook.
```
Save the agent's output to `.legacy-modernize/11-rollout.md`.
Update `state.json`: set `current_step` to "checkpoint-4", add step 11 to `completed_steps`.
---
## PHASE CHECKPOINT 4 — User Approval Required
Display a summary of performance and rollout plans and ask:
```
Performance validation and rollout planning complete. Please review:
- .legacy-modernize/10-performance.md
- .legacy-modernize/11-rollout.md
Performance: [summarize key metrics from 10-performance.md]
1. Approve — proceed to decommissioning and documentation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 5 until the user approves.
---
## Phase 5: Migration Completion and Documentation (Steps 1213)
### Step 12: Legacy Component Decommissioning
Read `.legacy-modernize/01-legacy-assessment.md`, `.legacy-modernize/08-first-wave.md`, and `.legacy-modernize/11-rollout.md`.
Use the Task tool with subagent_type="legacy-modernizer":
```
Task:
subagent_type: "legacy-modernizer"
description: "Plan safe decommissioning of replaced legacy components"
prompt: |
Plan safe decommissioning of replaced legacy components.
## Legacy Assessment
[Insert contents of .legacy-modernize/01-legacy-assessment.md]
## Modernized Components
[Insert contents of .legacy-modernize/08-first-wave.md]
## Rollout Status
[Insert contents of .legacy-modernize/11-rollout.md]
## Instructions
1. Verify no remaining dependencies through traffic analysis (minimum 30 days at 0% traffic)
2. Archive legacy code with documentation of original functionality
3. Update CI/CD pipelines to remove legacy builds
4. Clean up unused database tables and remove deprecated API endpoints
5. Document any retained legacy components with sunset timeline
Provide a decommissioning checklist and timeline.
```
Save the agent's output to `.legacy-modernize/12-decommission.md`.
Update `state.json`: set `current_step` to 13, add step 12 to `completed_steps`.
### Step 13: Documentation and Knowledge Transfer
Read all previous `.legacy-modernize/*.md` files.
Use the Task tool with subagent_type="general-purpose":
```
Task:
subagent_type: "general-purpose"
description: "Create comprehensive modernization documentation package"
prompt: |
You are a technical writer specializing in system migration documentation
and developer knowledge transfer materials.
Create comprehensive modernization documentation.
## All Migration Artifacts
[Insert contents of all .legacy-modernize/*.md files]
## Instructions
1. Create architectural diagrams (before/after)
2. Write API documentation with migration guides
3. Create runbooks for dual-system operation
4. Write troubleshooting guides for common issues
5. Create a lessons learned report
6. Generate developer onboarding guide for the modernized system
7. Document technical decisions and trade-offs made during migration
Write all documentation files. Report what was created.
```
Save the agent's output to `.legacy-modernize/13-documentation.md`.
Update `state.json`: set `current_step` to "complete", add step 13 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Legacy modernization complete: $TARGET
## Session Files
- .legacy-modernize/01-legacy-assessment.md — Legacy system analysis
- .legacy-modernize/02-dependency-map.md — Dependency and integration mapping
- .legacy-modernize/03-business-impact.md — Business impact and risk assessment
- .legacy-modernize/04-test-coverage.md — Test coverage analysis
- .legacy-modernize/05-contract-tests.md — Contract tests and baselines
- .legacy-modernize/06-test-data.md — Test data management strategy
- .legacy-modernize/07-infrastructure.md — Strangler fig infrastructure
- .legacy-modernize/08-first-wave.md — First wave component modernization
- .legacy-modernize/09-security.md — Security audit and hardening
- .legacy-modernize/10-performance.md — Performance testing results
- .legacy-modernize/11-rollout.md — Progressive rollout plan
- .legacy-modernize/12-decommission.md — Decommissioning checklist
- .legacy-modernize/13-documentation.md — Documentation package
## Success Criteria ## Success Criteria
- All high-priority components modernized with >80% test coverage - All high-priority components modernized with >80% test coverage
- Zero unplanned downtime during migration - Zero unplanned downtime during migration
- Performance metrics maintained or improved (P95 latency within 110% of baseline) - Performance metrics maintained (P95 latency within 110% of baseline)
- Security vulnerabilities reduced by >90% - Security vulnerabilities reduced by >90%
- Technical debt score improved by >60% - Technical debt score improved by >60%
- Successful operation for 30 days post-migration without rollbacks
- Complete documentation enabling new developer onboarding in <1 week
Target: $ARGUMENTS ## Next Steps
1. Review all generated code, tests, and documentation
2. Execute the progressive rollout plan in .legacy-modernize/11-rollout.md
3. Monitor for 30 days post-migration per .legacy-modernize/12-decommission.md
4. Complete decommissioning after observation period
```

10
plugins/frontend-mobile-development/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "frontend-mobile-development",
"version": "1.2.1",
"description": "Frontend UI development and mobile application implementation across platforms",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/frontend-mobile-security/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "frontend-mobile-security",
"version": "1.2.0",
"description": "XSS prevention, CSRF protection, content security policies, mobile app security, and secure storage patterns",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/full-stack-orchestration/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "full-stack-orchestration",
"version": "1.3.0",
"description": "End-to-end feature orchestration with testing, security, performance, and deployment",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

649
plugins/full-stack-orchestration/commands/full-stack-feature.md
View File

@@ -1,128 +1,593 @@
Orchestrate full-stack feature development across backend, frontend, and infrastructure layers with modern API-first approach: ---
description: "Orchestrate end-to-end full-stack feature development across backend, frontend, database, and infrastructure layers"
argument-hint: "<feature description> [--stack react/fastapi/postgres] [--api-style rest|graphql] [--complexity simple|medium|complex]"
---
[Extended thinking: This workflow coordinates multiple specialized agents to deliver a complete full-stack feature from architecture through deployment. It follows API-first development principles, ensuring contract-driven development where the API specification drives both backend implementation and frontend consumption. Each phase builds upon previous outputs, creating a cohesive system with proper separation of concerns, comprehensive testing, and production-ready deployment. The workflow emphasizes modern practices like component-driven UI development, feature flags, observability, and progressive rollout strategies.] # Full-Stack Feature Orchestrator
## Phase 1: Architecture & Design Foundation ## CRITICAL BEHAVIORAL RULES
### 1. Database Architecture Design You MUST follow these rules exactly. Violating any of them is a failure.
- Use Task tool with subagent_type="database-design::database-architect" 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
- Prompt: "Design database schema and data models for: $ARGUMENTS. Consider scalability, query patterns, indexing strategy, and data consistency requirements. Include migration strategy if modifying existing schema. Provide both logical and physical data models." 2. **Write output files.** Each step MUST produce its output file in `.full-stack-feature/` before the next step begins. Read from prior step files -- do NOT rely on context window memory.
- Expected output: Entity relationship diagrams, table schemas, indexing strategy, migration scripts, data access patterns 3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
- Context: Initial requirements and business domain model 4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan -- execute it.
### 2. Backend Service Architecture ## Pre-flight Checks
- Use Task tool with subagent_type="backend-development::backend-architect" Before starting, perform these checks:
- Prompt: "Design backend service architecture for: $ARGUMENTS. Using the database design from previous step, create service boundaries, define API contracts (OpenAPI/GraphQL), design authentication/authorization strategy, and specify inter-service communication patterns. Include resilience patterns (circuit breakers, retries) and caching strategy."
- Expected output: Service architecture diagram, OpenAPI specifications, authentication flows, caching architecture, message queue design (if applicable)
- Context: Database schema from step 1, non-functional requirements
### 3. Frontend Component Architecture ### 1. Check for existing session
- Use Task tool with subagent_type="frontend-mobile-development::frontend-developer" Check if `.full-stack-feature/state.json` exists:
- Prompt: "Design frontend architecture and component structure for: $ARGUMENTS. Based on the API contracts from previous step, design component hierarchy, state management approach (Redux/Zustand/Context), routing structure, and data fetching patterns. Include accessibility requirements and responsive design strategy. Plan for Storybook component documentation."
- Expected output: Component tree diagram, state management design, routing configuration, design system integration plan, accessibility checklist
- Context: API specifications from step 2, UI/UX requirements
## Phase 2: Parallel Implementation - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
### 4. Backend Service Implementation ```
Found an in-progress full-stack feature session:
Feature: [name from state]
Current step: [step from state]
- Use Task tool with subagent_type="python-development::python-pro" (or "golang-pro"/"nodejs-expert" based on stack) 1. Resume from where we left off
- Prompt: "Implement backend services for: $ARGUMENTS. Using the architecture and API specs from Phase 1, build RESTful/GraphQL endpoints with proper validation, error handling, and logging. Implement business logic, data access layer, authentication middleware, and integration with external services. Include observability (structured logging, metrics, tracing)." 2. Start fresh (archives existing session)
- Expected output: Backend service code, API endpoints, middleware, background jobs, unit tests, integration tests ```
- Context: Architecture designs from Phase 1, database schema
### 5. Frontend Implementation - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Use Task tool with subagent_type="frontend-mobile-development::frontend-developer" ### 2. Initialize state
- Prompt: "Implement frontend application for: $ARGUMENTS. Build React/Next.js components using the component architecture from Phase 1. Implement state management, API integration with proper error handling and loading states, form validation, and responsive layouts. Create Storybook stories for components. Ensure accessibility (WCAG 2.1 AA compliance)."
- Expected output: React components, state management implementation, API client code, Storybook stories, responsive styles, accessibility implementations
- Context: Component architecture from step 3, API contracts
### 6. Database Implementation & Optimization Create `.full-stack-feature/` directory and `state.json`:
- Use Task tool with subagent_type="database-design::sql-pro" ```json
- Prompt: "Implement and optimize database layer for: $ARGUMENTS. Create migration scripts, stored procedures (if needed), optimize queries identified by backend implementation, set up proper indexes, and implement data validation constraints. Include database-level security measures and backup strategies." {
- Expected output: Migration scripts, optimized queries, stored procedures, index definitions, database security configuration "feature": "$ARGUMENTS",
- Context: Database design from step 1, query patterns from backend implementation "status": "in_progress",
"stack": "auto-detect",
"api_style": "rest",
"complexity": "medium",
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
## Phase 3: Integration & Testing Parse `$ARGUMENTS` for `--stack`, `--api-style`, and `--complexity` flags. Use defaults if not specified.
### 7. API Contract Testing ### 3. Parse feature description
- Use Task tool with subagent_type="test-automator" Extract the feature description from `$ARGUMENTS` (everything before the flags). This is referenced as `$FEATURE` in prompts below.
- Prompt: "Create contract tests for: $ARGUMENTS. Implement Pact/Dredd tests to validate API contracts between backend and frontend. Create integration tests for all API endpoints, test authentication flows, validate error responses, and ensure proper CORS configuration. Include load testing scenarios."
- Expected output: Contract test suites, integration tests, load test scenarios, API documentation validation
- Context: API implementations from Phase 2
### 8. End-to-End Testing ---
- Use Task tool with subagent_type="test-automator" ## Phase 1: Architecture & Design Foundation (Steps 1-3) -- Interactive
- Prompt: "Implement E2E tests for: $ARGUMENTS. Create Playwright/Cypress tests covering critical user journeys, cross-browser compatibility, mobile responsiveness, and error scenarios. Test feature flags integration, analytics tracking, and performance metrics. Include visual regression tests."
- Expected output: E2E test suites, visual regression baselines, performance benchmarks, test reports
- Context: Frontend and backend implementations from Phase 2
### 9. Security Audit & Hardening ### Step 1: Requirements Gathering
- Use Task tool with subagent_type="security-auditor" Gather requirements through interactive Q&A. Ask ONE question at a time using the AskUserQuestion tool. Do NOT ask all questions at once.
- Prompt: "Perform security audit for: $ARGUMENTS. Review API security (authentication, authorization, rate limiting), check for OWASP Top 10 vulnerabilities, audit frontend for XSS/CSRF risks, validate input sanitization, and review secrets management. Provide penetration testing results and remediation steps."
- Expected output: Security audit report, vulnerability assessment, remediation recommendations, security headers configuration
- Context: All implementations from Phase 2
## Phase 4: Deployment & Operations **Questions to ask (in order):**
### 10. Infrastructure & CI/CD Setup 1. **Problem Statement**: "What problem does this feature solve? Who is the user and what's their pain point?"
2. **Acceptance Criteria**: "What are the key acceptance criteria? When is this feature 'done'?"
3. **Scope Boundaries**: "What is explicitly OUT of scope for this feature?"
4. **Technical Constraints**: "Any technical constraints? (e.g., existing API conventions, specific DB, latency requirements, auth system)"
5. **Stack Confirmation**: "Confirm the tech stack -- detected [stack] from project. Frontend framework? Backend framework? Database? Any changes?"
6. **Dependencies**: "Does this feature depend on or affect other features/services?"
- Use Task tool with subagent_type="deployment-engineer" After gathering answers, write the requirements document:
- Prompt: "Setup deployment infrastructure for: $ARGUMENTS. Create Docker containers, Kubernetes manifests (or cloud-specific configs), implement CI/CD pipelines with automated testing gates, setup feature flags (LaunchDarkly/Unleash), and configure monitoring/alerting. Include blue-green deployment strategy and rollback procedures."
- Expected output: Dockerfiles, K8s manifests, CI/CD pipeline configs, feature flag setup, IaC templates (Terraform/CloudFormation)
- Context: All implementations and tests from previous phases
### 11. Observability & Monitoring **Output file:** `.full-stack-feature/01-requirements.md`
- Use Task tool with subagent_type="deployment-engineer" ```markdown
- Prompt: "Implement observability stack for: $ARGUMENTS. Setup distributed tracing (OpenTelemetry), configure application metrics (Prometheus/DataDog), implement centralized logging (ELK/Splunk), create dashboards for key metrics, and define SLIs/SLOs. Include alerting rules and on-call procedures." # Requirements: $FEATURE
- Expected output: Observability configuration, dashboard definitions, alert rules, runbooks, SLI/SLO definitions
- Context: Infrastructure setup from step 10
### 12. Performance Optimization ## Problem Statement
- Use Task tool with subagent_type="performance-engineer" [From Q1]
- Prompt: "Optimize performance across stack for: $ARGUMENTS. Analyze and optimize database queries, implement caching strategies (Redis/CDN), optimize frontend bundle size and loading performance, setup lazy loading and code splitting, and tune backend service performance. Include before/after metrics."
- Expected output: Performance improvements, caching configuration, CDN setup, optimized bundles, performance metrics report
- Context: Monitoring data from step 11, load test results
## Configuration Options ## Acceptance Criteria
- `stack`: Specify technology stack (e.g., "React/FastAPI/PostgreSQL", "Next.js/Django/MongoDB") [From Q2 -- formatted as checkboxes]
- `deployment_target`: Cloud platform (AWS/GCP/Azure) or on-premises
- `feature_flags`: Enable/disable feature flag integration
- `api_style`: REST or GraphQL
- `testing_depth`: Comprehensive or essential
- `compliance`: Specific compliance requirements (GDPR, HIPAA, SOC2)
## Success Criteria ## Scope
- All API contracts validated through contract tests ### In Scope
- Frontend and backend integration tests passing
- E2E tests covering critical user journeys
- Security audit passed with no critical vulnerabilities
- Performance metrics meeting defined SLOs
- Observability stack capturing all key metrics
- Feature flags configured for progressive rollout
- Documentation complete for all components
- CI/CD pipeline with automated quality gates
- Zero-downtime deployment capability verified
## Coordination Notes [Derived from answers]
- Each phase builds upon outputs from previous phases ### Out of Scope
- Parallel tasks in Phase 2 can run simultaneously but must converge for Phase 3
- Maintain traceability between requirements and implementations
- Use correlation IDs across all services for distributed tracing
- Document all architectural decisions in ADRs
- Ensure consistent error handling and API responses across services
Feature to implement: $ARGUMENTS [From Q3]
## Technical Constraints
[From Q4]
## Technology Stack
[From Q5 -- frontend, backend, database, infrastructure]
## Dependencies
[From Q6]
## Configuration
- Stack: [detected or specified]
- API Style: [rest|graphql]
- Complexity: [simple|medium|complex]
```
Update `state.json`: set `current_step` to 2, add `"01-requirements.md"` to `files_created`, add step 1 to `completed_steps`.
### Step 2: Database & Data Model Design
Read `.full-stack-feature/01-requirements.md` to load requirements context.
Use the Task tool to launch a database architecture agent:
```
Task:
subagent_type: "general-purpose"
description: "Design database schema and data models for $FEATURE"
prompt: |
You are a database architect. Design the database schema and data models for this feature.
## Requirements
[Insert full contents of .full-stack-feature/01-requirements.md]
## Deliverables
1. **Entity relationship design**: Tables/collections, relationships, cardinality
2. **Schema definitions**: Column types, constraints, defaults, nullable fields
3. **Indexing strategy**: Which columns to index, index types, composite indexes
4. **Migration strategy**: How to safely add/modify schema in production
5. **Query patterns**: Expected read/write patterns and how the schema supports them
6. **Data access patterns**: Repository/DAO interface design
Write your complete database design as a single markdown document.
```
Save the agent's output to `.full-stack-feature/02-database-design.md`.
Update `state.json`: set `current_step` to 3, add step 2 to `completed_steps`.
### Step 3: Backend & Frontend Architecture
Read `.full-stack-feature/01-requirements.md` and `.full-stack-feature/02-database-design.md`.
Use the Task tool to launch an architecture agent:
```
Task:
subagent_type: "general-purpose"
description: "Design full-stack architecture for $FEATURE"
prompt: |
You are a full-stack architect. Design the complete backend and frontend architecture for this feature.
## Requirements
[Insert contents of .full-stack-feature/01-requirements.md]
## Database Design
[Insert contents of .full-stack-feature/02-database-design.md]
## Deliverables
### Backend Architecture
1. **API design**: Endpoints/resolvers, request/response schemas, error handling, versioning
2. **Service layer**: Business logic components, their responsibilities, boundaries
3. **Authentication/authorization**: How auth applies to new endpoints
4. **Integration points**: How this connects to existing services/systems
### Frontend Architecture
1. **Component hierarchy**: Page components, containers, presentational components
2. **State management**: What state is needed, where it lives, data flow
3. **Routing**: New routes, navigation structure, route guards
4. **API integration**: Data fetching strategy, caching, optimistic updates
### Cross-Cutting Concerns
1. **Error handling**: Backend errors -> API responses -> frontend error states
2. **Security considerations**: Input validation, XSS prevention, CSRF, data protection
3. **Risk assessment**: Technical risks and mitigation strategies
Write your complete architecture design as a single markdown document.
```
Save the agent's output to `.full-stack-feature/03-architecture.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 3 to `completed_steps`.
---
## PHASE CHECKPOINT 1 -- User Approval Required
You MUST stop here and present the architecture for review.
Display a summary of the database design and architecture from `.full-stack-feature/02-database-design.md` and `.full-stack-feature/03-architecture.md` (key components, API endpoints, data model overview, component structure) and ask:
```
Architecture and database design are complete. Please review:
- .full-stack-feature/02-database-design.md
- .full-stack-feature/03-architecture.md
1. Approve -- proceed to implementation
2. Request changes -- tell me what to adjust
3. Pause -- save progress and stop here
```
Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise and re-checkpoint. If option 3, update `state.json` and stop.
---
## Phase 2: Implementation (Steps 4-7)
### Step 4: Database Implementation
Read `.full-stack-feature/01-requirements.md` and `.full-stack-feature/02-database-design.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement database layer for $FEATURE"
prompt: |
You are a database engineer. Implement the database layer for this feature.
## Requirements
[Insert contents of .full-stack-feature/01-requirements.md]
## Database Design
[Insert contents of .full-stack-feature/02-database-design.md]
## Instructions
1. Create migration scripts for schema changes
2. Implement models/entities matching the schema design
3. Implement repository/data access layer with the designed query patterns
4. Add database-level validation constraints
5. Optimize queries with proper indexes as designed
6. Follow the project's existing ORM and migration patterns
Write all code files. Report what files were created/modified.
```
Save a summary to `.full-stack-feature/04-database-impl.md`.
Update `state.json`: set `current_step` to 5, add step 4 to `completed_steps`.
### Step 5: Backend Implementation
Read `.full-stack-feature/01-requirements.md`, `.full-stack-feature/03-architecture.md`, and `.full-stack-feature/04-database-impl.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement backend services for $FEATURE"
prompt: |
You are a backend developer. Implement the backend services for this feature based on the approved architecture.
## Requirements
[Insert contents of .full-stack-feature/01-requirements.md]
## Architecture
[Insert contents of .full-stack-feature/03-architecture.md]
## Database Implementation
[Insert contents of .full-stack-feature/04-database-impl.md]
## Instructions
1. Implement API endpoints/resolvers as designed in the architecture
2. Implement business logic in the service layer
3. Wire up the data access layer from the database implementation
4. Add input validation, error handling, and proper HTTP status codes
5. Implement authentication/authorization middleware as designed
6. Add structured logging and observability hooks
7. Follow the project's existing code patterns and conventions
Write all code files. Report what files were created/modified.
```
Save a summary to `.full-stack-feature/05-backend-impl.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Frontend Implementation
Read `.full-stack-feature/01-requirements.md`, `.full-stack-feature/03-architecture.md`, and `.full-stack-feature/05-backend-impl.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement frontend for $FEATURE"
prompt: |
You are a frontend developer. Implement the frontend components for this feature.
## Requirements
[Insert contents of .full-stack-feature/01-requirements.md]
## Architecture
[Insert contents of .full-stack-feature/03-architecture.md]
## Backend Implementation
[Insert contents of .full-stack-feature/05-backend-impl.md]
## Instructions
1. Build UI components following the component hierarchy from the architecture
2. Implement state management and data flow as designed
3. Integrate with the backend API endpoints using the designed data fetching strategy
4. Implement form handling, validation, and error states
5. Add loading states and optimistic updates where appropriate
6. Ensure responsive design and accessibility basics (semantic HTML, ARIA labels, keyboard nav)
7. Follow the project's existing frontend patterns and component conventions
Write all code files. Report what files were created/modified.
```
Save a summary to `.full-stack-feature/06-frontend-impl.md`.
**Note:** If the feature has no frontend component (pure backend/API), skip this step -- write a brief note in `06-frontend-impl.md` explaining why it was skipped, and continue.
Update `state.json`: set `current_step` to 7, add step 6 to `completed_steps`.
### Step 7: Testing & Validation
Read `.full-stack-feature/04-database-impl.md`, `.full-stack-feature/05-backend-impl.md`, and `.full-stack-feature/06-frontend-impl.md`.
Launch three agents in parallel using multiple Task tool calls in a single response:
**7a. Test Suite Creation:**
```
Task:
subagent_type: "test-automator"
description: "Create test suite for $FEATURE"
prompt: |
Create a comprehensive test suite for this full-stack feature.
## What was implemented
### Database
[Insert contents of .full-stack-feature/04-database-impl.md]
### Backend
[Insert contents of .full-stack-feature/05-backend-impl.md]
### Frontend
[Insert contents of .full-stack-feature/06-frontend-impl.md]
## Instructions
1. Write unit tests for all new backend functions/methods
2. Write integration tests for API endpoints
3. Write database tests for migrations and query patterns
4. Write frontend component tests if applicable
5. Cover: happy path, edge cases, error handling, boundary conditions
6. Follow existing test patterns and frameworks in the project
7. Target 80%+ code coverage for new code
Write all test files. Report what test files were created and what they cover.
```
**7b. Security Review:**
```
Task:
subagent_type: "security-auditor"
description: "Security review of $FEATURE"
prompt: |
Perform a security review of this full-stack feature implementation.
## Architecture
[Insert contents of .full-stack-feature/03-architecture.md]
## Database Implementation
[Insert contents of .full-stack-feature/04-database-impl.md]
## Backend Implementation
[Insert contents of .full-stack-feature/05-backend-impl.md]
## Frontend Implementation
[Insert contents of .full-stack-feature/06-frontend-impl.md]
Review for: OWASP Top 10, authentication/authorization flaws, input validation gaps,
SQL injection risks, XSS/CSRF vulnerabilities, data protection issues, dependency vulnerabilities,
and any security anti-patterns.
Provide findings with severity, location, and specific fix recommendations.
```
**7c. Performance Review:**
```
Task:
subagent_type: "performance-engineer"
description: "Performance review of $FEATURE"
prompt: |
Review the performance of this full-stack feature implementation.
## Architecture
[Insert contents of .full-stack-feature/03-architecture.md]
## Database Implementation
[Insert contents of .full-stack-feature/04-database-impl.md]
## Backend Implementation
[Insert contents of .full-stack-feature/05-backend-impl.md]
## Frontend Implementation
[Insert contents of .full-stack-feature/06-frontend-impl.md]
Review for: N+1 queries, missing indexes, unoptimized queries, memory leaks,
missing caching opportunities, large payloads, slow rendering paths,
bundle size concerns, unnecessary re-renders.
Provide findings with impact estimates and specific optimization recommendations.
```
After all three complete, consolidate results into `.full-stack-feature/07-testing.md`:
```markdown
# Testing & Validation: $FEATURE
## Test Suite
[Summary from 7a -- files created, coverage areas]
## Security Findings
[Summary from 7b -- findings by severity]
## Performance Findings
[Summary from 7c -- findings by impact]
## Action Items
[List any critical/high findings that need to be addressed before delivery]
```
If there are Critical or High severity findings from security or performance review, address them now before proceeding. Apply fixes and re-validate.
Update `state.json`: set `current_step` to "checkpoint-2", add step 7 to `completed_steps`.
---
## PHASE CHECKPOINT 2 -- User Approval Required
Display a summary of testing and validation results from `.full-stack-feature/07-testing.md` and ask:
```
Testing and validation complete. Please review .full-stack-feature/07-testing.md
Test coverage: [summary]
Security findings: [X critical, Y high, Z medium]
Performance findings: [X critical, Y high, Z medium]
1. Approve -- proceed to deployment & documentation
2. Request changes -- tell me what to fix
3. Pause -- save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Delivery (Steps 8-9)
### Step 8: Deployment & Infrastructure
Read `.full-stack-feature/03-architecture.md` and `.full-stack-feature/07-testing.md`.
Use the Task tool:
```
Task:
subagent_type: "deployment-engineer"
description: "Create deployment config for $FEATURE"
prompt: |
Create the deployment and infrastructure configuration for this full-stack feature.
## Architecture
[Insert contents of .full-stack-feature/03-architecture.md]
## Testing Results
[Insert contents of .full-stack-feature/07-testing.md]
## Instructions
1. Create or update CI/CD pipeline configuration for the new code
2. Add database migration steps to the deployment pipeline
3. Add feature flag configuration if the feature should be gradually rolled out
4. Define health checks and readiness probes for new services/endpoints
5. Create monitoring alerts for key metrics (error rate, latency, throughput)
6. Write a deployment runbook with rollback steps (including database rollback)
7. Follow existing deployment patterns in the project
Write all configuration files. Report what was created/modified.
```
Save output to `.full-stack-feature/08-deployment.md`.
Update `state.json`: set `current_step` to 9, add step 8 to `completed_steps`.
### Step 9: Documentation & Handoff
Read all previous `.full-stack-feature/*.md` files.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Write documentation for $FEATURE"
prompt: |
You are a technical writer. Create documentation for this full-stack feature.
## Feature Context
[Insert contents of .full-stack-feature/01-requirements.md]
## Architecture
[Insert contents of .full-stack-feature/03-architecture.md]
## Implementation Summary
### Database: [Insert contents of .full-stack-feature/04-database-impl.md]
### Backend: [Insert contents of .full-stack-feature/05-backend-impl.md]
### Frontend: [Insert contents of .full-stack-feature/06-frontend-impl.md]
## Deployment
[Insert contents of .full-stack-feature/08-deployment.md]
## Instructions
1. Write API documentation for new endpoints (request/response examples)
2. Document the database schema changes and migration notes
3. Update or create user-facing documentation if applicable
4. Write a brief architecture decision record (ADR) explaining key design choices
5. Create a handoff summary: what was built, how to test it, known limitations
Write documentation files. Report what was created/modified.
```
Save output to `.full-stack-feature/09-documentation.md`.
Update `state.json`: set `current_step` to "complete", add step 9 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Full-stack feature development complete: $FEATURE
## Files Created
[List all .full-stack-feature/ output files]
## Implementation Summary
- Requirements: .full-stack-feature/01-requirements.md
- Database Design: .full-stack-feature/02-database-design.md
- Architecture: .full-stack-feature/03-architecture.md
- Database Implementation: .full-stack-feature/04-database-impl.md
- Backend Implementation: .full-stack-feature/05-backend-impl.md
- Frontend Implementation: .full-stack-feature/06-frontend-impl.md
- Testing & Validation: .full-stack-feature/07-testing.md
- Deployment: .full-stack-feature/08-deployment.md
- Documentation: .full-stack-feature/09-documentation.md
## Next Steps
1. Review all generated code and documentation
2. Run the full test suite to verify everything passes
3. Create a pull request with the implementation
4. Deploy using the runbook in .full-stack-feature/08-deployment.md
```

10
plugins/functional-programming/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "functional-programming",
"version": "1.2.0",
"description": "Functional programming with Elixir, OTP patterns, Phoenix framework, and distributed systems",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/game-development/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "game-development",
"version": "1.2.1",
"description": "Unity game development with C# scripting, Minecraft server plugin development with Bukkit/Spigot APIs",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/git-pr-workflows/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "git-pr-workflows",
"version": "1.3.0",
"description": "Git workflow automation, pull request enhancement, and team onboarding processes",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

657
plugins/git-pr-workflows/commands/git-workflow.md
View File

@@ -1,129 +1,598 @@
# Complete Git Workflow with Multi-Agent Orchestration ---
description: "Orchestrate git workflow from code review through PR creation with quality gates"
argument-hint: "<target branch> [--skip-tests] [--draft-pr] [--no-push] [--squash] [--conventional] [--trunk-based]"
---
Orchestrate a comprehensive git workflow from code review through PR creation, leveraging specialized agents for quality assurance, testing, and deployment readiness. This workflow implements modern git best practices including Conventional Commits, automated testing, and structured PR creation. # Git Workflow Orchestrator
[Extended thinking: This workflow coordinates multiple specialized agents to ensure code quality before commits are made. The code-reviewer agent performs initial quality checks, test-automator ensures all tests pass, and deployment-engineer verifies production readiness. By orchestrating these agents sequentially with context passing, we prevent broken code from entering the repository while maintaining high velocity. The workflow supports both trunk-based and feature-branch strategies with configurable options for different team needs.] ## CRITICAL BEHAVIORAL RULES
## Configuration You MUST follow these rules exactly. Violating any of them is a failure.
**Target branch**: $ARGUMENTS (defaults to 'main' if not specified) 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
2. **Write output files.** Each step MUST produce its output file in `.git-workflow/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
**Supported flags**: ## Pre-flight Checks
- `--skip-tests`: Skip automated test execution (use with caution) Before starting, perform these checks:
- `--draft-pr`: Create PR as draft for work-in-progress
- `--no-push`: Perform all checks but don't push to remote
- `--squash`: Squash commits before pushing
- `--conventional`: Enforce Conventional Commits format strictly
- `--trunk-based`: Use trunk-based development workflow
- `--feature-branch`: Use feature branch workflow (default)
## Phase 1: Pre-Commit Review and Analysis ### 1. Check for existing session
### 1. Code Quality Assessment Check if `.git-workflow/state.json` exists:
- Use Task tool with subagent_type="code-reviewer" - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
- Prompt: "Review all uncommitted changes for code quality issues. Check for: 1) Code style violations, 2) Security vulnerabilities, 3) Performance concerns, 4) Missing error handling, 5) Incomplete implementations. Generate a detailed report with severity levels (critical/high/medium/low) and provide specific line-by-line feedback. Output format: JSON with {issues: [], summary: {critical: 0, high: 0, medium: 0, low: 0}, recommendations: []}"
- Expected output: Structured code review report for next phase
### 2. Dependency and Breaking Change Analysis ```
Found an in-progress git workflow session:
Target branch: [branch from state]
Current step: [step from state]
- Use Task tool with subagent_type="code-reviewer" 1. Resume from where we left off
- Prompt: "Analyze the changes for: 1) New dependencies or version changes, 2) Breaking API changes, 3) Database schema modifications, 4) Configuration changes, 5) Backward compatibility issues. Context from previous review: [insert issues summary]. Identify any changes that require migration scripts or documentation updates." 2. Start fresh (archives existing session)
- Context from previous: Code quality issues that might indicate breaking changes ```
- Expected output: Breaking change assessment and migration requirements
## Phase 2: Testing and Validation - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
### 1. Test Execution and Coverage ### 2. Initialize state
- Use Task tool with subagent_type="unit-testing::test-automator" Create `.git-workflow/` directory and `state.json`:
- Prompt: "Execute all test suites for the modified code. Run: 1) Unit tests, 2) Integration tests, 3) End-to-end tests if applicable. Generate coverage report and identify any untested code paths. Based on review issues: [insert critical/high issues], ensure tests cover the problem areas. Provide test results in format: {passed: [], failed: [], skipped: [], coverage: {statements: %, branches: %, functions: %, lines: %}, untested_critical_paths: []}"
- Context from previous: Critical code review issues that need test coverage
- Expected output: Complete test results and coverage metrics
### 2. Test Recommendations and Gap Analysis ```json
{
"target_branch": "$ARGUMENTS",
"status": "in_progress",
"flags": {
"skip_tests": false,
"draft_pr": false,
"no_push": false,
"squash": false,
"conventional": true,
"trunk_based": false
},
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
- Use Task tool with subagent_type="unit-testing::test-automator" Parse `$ARGUMENTS` for the target branch (defaults to 'main') and flags. Use defaults if not specified.
- Prompt: "Based on test results [insert summary] and code changes, identify: 1) Missing test scenarios, 2) Edge cases not covered, 3) Integration points needing verification, 4) Performance benchmarks needed. Generate test implementation recommendations prioritized by risk. Consider the breaking changes identified: [insert breaking changes]."
- Context from previous: Test results, breaking changes, untested paths
- Expected output: Prioritized list of additional tests needed
## Phase 3: Commit Message Generation ### 3. Gather git context
### 1. Change Analysis and Categorization Run these commands and save output:
- Use Task tool with subagent_type="code-reviewer" - `git status` — current working tree state
- Prompt: "Analyze all changes and categorize them according to Conventional Commits specification. Identify the primary change type (feat/fix/docs/style/refactor/perf/test/build/ci/chore/revert) and scope. For changes: [insert file list and summary], determine if this should be a single commit or multiple atomic commits. Consider test results: [insert test summary]." - `git diff --stat` — summary of changes
- Context from previous: Test results, code review summary - `git diff` — full diff of changes
- Expected output: Commit structure recommendation - `git log --oneline -10` — recent commit history
- `git branch --show-current` — current branch name
### 2. Conventional Commit Message Creation Save this context to `.git-workflow/00-git-context.md`.
- Use Task tool with subagent_type="llm-application-dev::prompt-engineer" ---
- Prompt: "Create Conventional Commits format message(s) based on categorization: [insert categorization]. Format: <type>(<scope>): <subject> with blank line then <body> explaining what and why (not how), then <footer> with BREAKING CHANGE: if applicable. Include: 1) Clear subject line (50 chars max), 2) Detailed body explaining rationale, 3) References to issues/tickets, 4) Co-authors if applicable. Consider the impact: [insert breaking changes if any]."
- Context from previous: Change categorization, breaking changes
- Expected output: Properly formatted commit message(s)
## Phase 4: Branch Strategy and Push Preparation ## Phase 1: Pre-Commit Review and Analysis (Steps 12)
### 1. Branch Management ### Step 1: Code Quality Assessment
- Use Task tool with subagent_type="cicd-automation::deployment-engineer" Read `.git-workflow/00-git-context.md`.
- Prompt: "Based on workflow type [--trunk-based or --feature-branch], prepare branch strategy. For feature branch: ensure branch name follows pattern (feature|bugfix|hotfix)/<ticket>-<description>. For trunk-based: prepare for direct main push with feature flag strategy if needed. Current branch: [insert branch], target: [insert target branch]. Verify no conflicts with target branch."
- Expected output: Branch preparation commands and conflict status
### 2. Pre-Push Validation Use the Task tool to launch the code reviewer:
- Use Task tool with subagent_type="cicd-automation::deployment-engineer" ```
- Prompt: "Perform final pre-push checks: 1) Verify all CI checks will pass, 2) Confirm no sensitive data in commits, 3) Validate commit signatures if required, 4) Check branch protection rules, 5) Ensure all review comments addressed. Test summary: [insert test results]. Review status: [insert review summary]." Task:
- Context from previous: All previous validation results subagent_type: "code-reviewer"
- Expected output: Push readiness confirmation or blocking issues description: "Review uncommitted changes for code quality"
prompt: |
Review all uncommitted changes for code quality issues.
## Phase 5: Pull Request Creation ## Git Context
[Insert contents of .git-workflow/00-git-context.md]
### 1. PR Description Generation Check for:
1. Code style violations
2. Security vulnerabilities
3. Performance concerns
4. Missing error handling
5. Incomplete implementations
- Use Task tool with subagent_type="documentation-generation::docs-architect" Generate a detailed report with severity levels (critical/high/medium/low) and provide
- Prompt: "Create comprehensive PR description including: 1) Summary of changes (what and why), 2) Type of change checklist, 3) Testing performed summary from [insert test results], 4) Screenshots/recordings if UI changes, 5) Deployment notes from [insert deployment considerations], 6) Related issues/tickets, 7) Breaking changes section if applicable: [insert breaking changes], 8) Reviewer checklist. Format as GitHub-flavored Markdown." specific line-by-line feedback.
- Context from previous: All validation results, test outcomes, breaking changes
- Expected output: Complete PR description in Markdown
### 2. PR Metadata and Automation Setup ## Deliverables
Output format: structured report with:
- Issues list with severity, file, line, description
- Summary counts: {critical: N, high: N, medium: N, low: N}
- Recommendations for fixes
- Use Task tool with subagent_type="cicd-automation::deployment-engineer" Write your complete review as a single markdown document.
- Prompt: "Configure PR metadata: 1) Assign appropriate reviewers based on CODEOWNERS, 2) Add labels (type, priority, component), 3) Link related issues, 4) Set milestone if applicable, 5) Configure merge strategy (squash/merge/rebase), 6) Set up auto-merge if all checks pass. Consider draft status: [--draft-pr flag]. Include test status: [insert test summary]." ```
- Context from previous: PR description, test results, review status
- Expected output: PR configuration commands and automation rules
## Success Criteria Save the agent's output to `.git-workflow/01-code-review.md`.
- ✅ All critical and high-severity code issues resolved Update `state.json`: set `current_step` to 2, add step 1 to `completed_steps`.
- ✅ Test coverage maintained or improved (target: >80%)
- ✅ All tests passing (unit, integration, e2e) ### Step 2: Dependency and Breaking Change Analysis
- ✅ Commit messages follow Conventional Commits format
- ✅ No merge conflicts with target branch Read `.git-workflow/00-git-context.md` and `.git-workflow/01-code-review.md`.
- ✅ PR description complete with all required sections
- ✅ Branch protection rules satisfied Use the Task tool:
- ✅ Security scanning completed with no critical vulnerabilities
- ✅ Performance benchmarks within acceptable thresholds ```
- ✅ Documentation updated for any API changes Task:
subagent_type: "code-reviewer"
description: "Analyze changes for dependencies and breaking changes"
prompt: |
Analyze the changes for dependency and breaking change issues.
## Git Context
[Insert contents of .git-workflow/00-git-context.md]
## Code Review
[Insert contents of .git-workflow/01-code-review.md]
Check for:
1. New dependencies or version changes
2. Breaking API changes
3. Database schema modifications
4. Configuration changes
5. Backward compatibility issues
Identify any changes that require migration scripts or documentation updates.
## Deliverables
1. Breaking change assessment
2. Dependency change analysis
3. Migration requirements
4. Documentation update needs
Write your complete analysis as a single markdown document.
```
Save output to `.git-workflow/02-breaking-changes.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 2 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
Display a summary of code review and breaking change analysis and ask:
```
Pre-commit review complete. Please review:
- .git-workflow/01-code-review.md
- .git-workflow/02-breaking-changes.md
Issues found: [X critical, Y high, Z medium, W low]
Breaking changes: [summary]
1. Approve — proceed to testing (or skip if --skip-tests)
2. Fix issues first — I'll address the critical/high issues
3. Pause — save progress and stop here
```
If user selects option 2, address the critical/high issues, then re-run the review and re-checkpoint.
Do NOT proceed to Phase 2 until the user approves.
---
## Phase 2: Testing and Validation (Steps 34)
If `--skip-tests` flag is set, skip to Phase 3. Write a note in `.git-workflow/03-test-results.md` explaining tests were skipped.
### Step 3: Test Execution and Coverage
Read `.git-workflow/00-git-context.md` and `.git-workflow/01-code-review.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Execute test suites for modified code"
prompt: |
You are a test automation expert. Execute all test suites for the modified code.
## Git Context
[Insert contents of .git-workflow/00-git-context.md]
## Code Review Issues
[Insert contents of .git-workflow/01-code-review.md]
Run:
1. Unit tests
2. Integration tests
3. End-to-end tests if applicable
Generate coverage report and identify untested code paths. Ensure tests cover the
critical/high issues identified in the code review.
## Deliverables
Report with:
- Test results: passed, failed, skipped
- Coverage metrics: statements, branches, functions, lines
- Untested critical paths
- Recommendations for additional tests
Write your complete test report as a single markdown document.
```
Save output to `.git-workflow/03-test-results.md`.
Update `state.json`: set `current_step` to 4, add step 3 to `completed_steps`.
### Step 4: Test Recommendations and Gap Analysis
Read `.git-workflow/03-test-results.md` and `.git-workflow/02-breaking-changes.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Identify test gaps and recommend additional tests"
prompt: |
You are a test automation expert. Based on test results and code changes, identify
testing gaps.
## Test Results
[Insert contents of .git-workflow/03-test-results.md]
## Breaking Changes
[Insert contents of .git-workflow/02-breaking-changes.md]
Identify:
1. Missing test scenarios
2. Edge cases not covered
3. Integration points needing verification
4. Performance benchmarks needed
Generate test implementation recommendations prioritized by risk.
## Deliverables
1. Prioritized list of additional tests needed
2. Edge case coverage gaps
3. Integration test recommendations
4. Risk assessment for untested paths
Write your complete analysis as a single markdown document.
```
Save output to `.git-workflow/04-test-gaps.md`.
Update `state.json`: set `current_step` to "checkpoint-2", add step 4 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display test results summary and ask:
```
Testing complete. Please review:
- .git-workflow/03-test-results.md
- .git-workflow/04-test-gaps.md
Test results: [X passed, Y failed, Z skipped]
Coverage: [summary]
Test gaps: [summary of critical gaps]
1. Approve — proceed to commit message generation
2. Fix failing tests first
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves. If tests are failing, the user must address them first.
---
## Phase 3: Commit Message Generation (Steps 56)
### Step 5: Change Analysis and Categorization
Read `.git-workflow/00-git-context.md` and `.git-workflow/03-test-results.md`.
Use the Task tool:
```
Task:
subagent_type: "code-reviewer"
description: "Categorize changes for commit message"
prompt: |
Analyze all changes and categorize them according to Conventional Commits specification.
## Git Context
[Insert contents of .git-workflow/00-git-context.md]
## Test Results
[Insert contents of .git-workflow/03-test-results.md]
Identify the primary change type (feat/fix/docs/style/refactor/perf/test/build/ci/chore/revert)
and scope. Determine if this should be a single commit or multiple atomic commits.
## Deliverables
1. Change type classification
2. Scope identification
3. Single vs multiple commit recommendation
4. Commit structure with groupings
Write your complete categorization as a single markdown document.
```
Save output to `.git-workflow/05-change-categorization.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Conventional Commit Message Creation
Read `.git-workflow/05-change-categorization.md` and `.git-workflow/02-breaking-changes.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create Conventional Commits message for changes"
prompt: |
You are an expert at writing clear, well-structured Conventional Commits messages.
Create commit message(s) based on the change categorization.
## Change Categorization
[Insert contents of .git-workflow/05-change-categorization.md]
## Breaking Changes
[Insert contents of .git-workflow/02-breaking-changes.md]
Format: <type>(<scope>): <subject>
- Clear subject line (50 chars max)
- Detailed body explaining what and why (not how)
- Footer with BREAKING CHANGE: if applicable
- References to issues/tickets
- Co-authors if applicable
## Deliverables
1. Formatted commit message(s) ready to use
2. Rationale for commit structure choice
Write the commit messages as a single markdown document with clear delimiters.
```
Save output to `.git-workflow/06-commit-messages.md`.
Update `state.json`: set `current_step` to "checkpoint-3", add step 6 to `completed_steps`.
---
## PHASE CHECKPOINT 3 — User Approval Required
Display the proposed commit message(s) and ask:
```
Commit message(s) ready. Please review .git-workflow/06-commit-messages.md
[Display the commit message(s)]
1. Approve — proceed to branch management and push
2. Edit message — tell me what to change
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 4 until the user approves.
---
## Phase 4: Branch Strategy and Push (Steps 78)
### Step 7: Branch Management and Pre-Push Validation
Read `.git-workflow/00-git-context.md`, `.git-workflow/06-commit-messages.md`, and all previous step files.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Prepare branch strategy and validate push readiness"
prompt: |
You are a deployment engineer specializing in git workflows and CI/CD.
## Git Context
[Insert contents of .git-workflow/00-git-context.md]
## Workflow Flags
[Insert flags from state.json]
Based on workflow type (trunk-based or feature-branch):
For feature branch:
- Ensure branch name follows pattern (feature|bugfix|hotfix)/<ticket>-<description>
- Verify no conflicts with target branch
For trunk-based:
- Prepare for direct main push with feature flag strategy if needed
Perform pre-push checks:
1. Verify all CI checks will pass
2. Confirm no sensitive data in commits
3. Validate commit signatures if required
4. Check branch protection rules
5. Ensure all review comments addressed
## Deliverables
1. Branch preparation commands
2. Conflict status
3. Pre-push validation results
4. Push readiness confirmation or blocking issues
Write your complete validation as a single markdown document.
```
Save output to `.git-workflow/07-branch-validation.md`.
Update `state.json`: set `current_step` to 8, add step 7 to `completed_steps`.
If `--no-push` flag is set, skip Step 8 and proceed to Phase 5.
### Step 8: Execute Git Operations
Based on the approved commit messages and branch validation:
1. Stage changes: `git add` the relevant files
2. Create commit(s) using the approved messages from `.git-workflow/06-commit-messages.md`
3. If `--squash` flag: squash commits as configured
4. Push to remote with appropriate flags
**Important:** Before executing any git operations, display the planned commands and ask for final confirmation:
```
Ready to execute git operations:
[List exact commands]
1. Execute — run these commands
2. Modify — adjust the commands
3. Abort — do not execute
```
Save execution results to `.git-workflow/08-push-results.md`.
Update `state.json`: set `current_step` to "checkpoint-4", add step 8 to `completed_steps`.
---
## PHASE CHECKPOINT 4 — User Approval Required (if not --no-push)
```
Git operations complete. Please review .git-workflow/08-push-results.md
1. Approve — proceed to PR creation
2. Pause — save progress and stop here
```
---
## Phase 5: Pull Request Creation (Steps 910)
If `--no-push` flag is set, skip this phase entirely.
### Step 9: PR Description Generation
Read all `.git-workflow/*.md` files.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create comprehensive PR description"
prompt: |
You are a technical writer specializing in pull request documentation.
Create a comprehensive PR description.
## Code Review
[Insert contents of .git-workflow/01-code-review.md]
## Breaking Changes
[Insert contents of .git-workflow/02-breaking-changes.md]
## Test Results
[Insert contents of .git-workflow/03-test-results.md]
## Commit Messages
[Insert contents of .git-workflow/06-commit-messages.md]
Include:
1. Summary of changes (what and why)
2. Type of change checklist
3. Testing performed summary
4. Screenshots/recordings note if UI changes
5. Deployment notes
6. Related issues/tickets
7. Breaking changes section if applicable
8. Reviewer checklist
Format as GitHub-flavored Markdown.
Write the complete PR description as a single markdown document.
```
Save output to `.git-workflow/09-pr-description.md`.
Update `state.json`: set `current_step` to 10, add step 9 to `completed_steps`.
### Step 10: PR Creation and Metadata
Read `.git-workflow/09-pr-description.md` and `.git-workflow/00-git-context.md`.
Create the PR using the `gh` CLI:
- Use the description from `.git-workflow/09-pr-description.md`
- Set draft status if `--draft-pr` flag is set
- Add appropriate labels based on change categorization
- Link related issues if referenced
**Important:** Display the planned PR creation command and ask for confirmation:
```
Ready to create PR:
Title: [proposed title]
Target: [target branch]
Draft: [yes/no]
1. Create PR — execute now
2. Edit — adjust title or description
3. Skip — don't create PR
```
Save PR URL and metadata to `.git-workflow/10-pr-created.md`.
Update `state.json`: set `current_step` to "complete", add step 10 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Git workflow complete!
## Files Created
[List all .git-workflow/ output files]
## Workflow Summary
- Code Review: .git-workflow/01-code-review.md
- Breaking Changes: .git-workflow/02-breaking-changes.md
- Test Results: .git-workflow/03-test-results.md
- Test Gaps: .git-workflow/04-test-gaps.md
- Change Categorization: .git-workflow/05-change-categorization.md
- Commit Messages: .git-workflow/06-commit-messages.md
- Branch Validation: .git-workflow/07-branch-validation.md
- Push Results: .git-workflow/08-push-results.md
- PR Description: .git-workflow/09-pr-description.md
- PR Created: .git-workflow/10-pr-created.md
## Results
- Code issues: [X critical, Y high resolved]
- Tests: [X passed, Y failed]
- PR: [URL if created]
## Rollback Procedures ## Rollback Procedures
1. Immediate Revert: Create revert PR with `git revert <commit-hash>`
In case of issues after merge: 2. Feature Flag Disable: If using feature flags, disable immediately
3. Hotfix Branch: For critical issues, create hotfix branch from main
1. **Immediate Revert**: Create revert PR with `git revert <commit-hash>` 4. Communication: Notify team via designated channels
2. **Feature Flag Disable**: If using feature flags, disable immediately ```
3. **Hotfix Branch**: For critical issues, create hotfix branch from main
4. **Communication**: Notify team via designated channels
5. **Root Cause Analysis**: Document issue in postmortem template
## Best Practices Reference
- **Commit Frequency**: Commit early and often, but ensure each commit is atomic
- **Branch Naming**: `(feature|bugfix|hotfix|docs|chore)/<ticket-id>-<brief-description>`
- **PR Size**: Keep PRs under 400 lines for effective review
- **Review Response**: Address review comments within 24 hours
- **Merge Strategy**: Squash for feature branches, merge for release branches
- **Sign-Off**: Require at least 2 approvals for main branch changes

10
plugins/hr-legal-compliance/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "hr-legal-compliance",
"version": "1.2.1",
"description": "HR policy documentation, legal compliance templates (GDPR/SOC2/HIPAA), employment contracts, and regulatory documentation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/incident-response/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "incident-response",
"version": "1.3.0",
"description": "Production incident management, triage workflows, and automated incident resolution",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

32
plugins/incident-response/agents/code-reviewer.md Normal file
View File

@@ -0,0 +1,32 @@
---
name: code-reviewer
description: Reviews code for logic flaws, type safety gaps, error handling issues, architectural concerns, and similar vulnerability patterns. Provides fix design recommendations.
model: sonnet
---
You are a code review specialist focused on identifying logic flaws and design issues in codebases.
## Purpose
Perform thorough code reviews to find logic errors, type safety gaps, missing error handling, and architectural concerns. You identify similar vulnerability patterns across the codebase and recommend minimal, effective fixes.
## Capabilities
- Logic flaw analysis: incorrect assumptions, missing edge cases, wrong algorithms
- Type safety review: where stronger types could prevent issues
- Error handling audit: missing try-catch, unhandled promises, panic scenarios
- Contract validation: input validation gaps, output guarantees not met
- Architecture review: tight coupling, missing abstractions, layering violations
- Pattern detection: find similar vulnerabilities across the codebase
- Fix design: minimal change vs refactoring vs architectural improvement
- Final approval review: code quality, security, deployment readiness
## Response Approach
1. Analyze the code path and identify logic flaws
2. Check type safety and where stronger types help
3. Audit error handling for gaps
4. Validate contracts and boundaries
5. Look for similar patterns elsewhere in the codebase
6. Design the minimal effective fix
7. Provide a structured review with severity ratings

33
plugins/incident-response/agents/debugger.md Normal file
View File

@@ -0,0 +1,33 @@
---
name: debugger
description: Performs deep root cause analysis through code path tracing, git bisect automation, dependency analysis, and systematic hypothesis testing for production bugs.
model: sonnet
---
You are a debugging specialist focused on systematic root cause analysis for production issues.
## Purpose
Perform deep code analysis and investigation to identify the exact root cause of bugs. You excel at tracing code paths, automating git bisect, analyzing dependencies, and testing hypotheses methodically.
## Capabilities
- Root cause hypothesis formation with supporting evidence
- Code-level analysis: variable states, control flow, timing issues
- Git bisect automation: identify the exact introducing commit
- Dependency analysis: version conflicts, API changes, configuration drift
- State inspection: database state, cache state, external API responses
- Failure mechanism identification: race conditions, null checks, type mismatches
- Fix strategy options with tradeoffs (quick fix vs proper fix)
- Code path tracing from entry point to failure location
## Response Approach
1. Review error context and form initial hypotheses
2. Trace the code execution path from entry point to failure
3. Track variable states at key decision points
4. Use git bisect to identify the introducing commit when applicable
5. Analyze dependencies and configuration for drift
6. Isolate the exact failure mechanism
7. Propose fix strategies with tradeoffs
8. Document findings in structured format for the next phase

31
plugins/incident-response/agents/error-detective.md Normal file
View File

@@ -0,0 +1,31 @@
---
name: error-detective
description: Analyzes error traces, logs, and observability data to identify error signatures, reproduction steps, user impact, and timeline context for production issues.
model: sonnet
---
You are an error detection specialist focused on analyzing production errors and observability data.
## Purpose
Analyze error traces, stack traces, logs, and monitoring data to build a complete picture of production issues. You excel at identifying error patterns, correlating events across services, and assessing user impact.
## Capabilities
- Error signature analysis: exception types, message patterns, frequency, first occurrence
- Stack trace deep dive: failure location, call chain, involved components
- Reproduction step identification: minimal test cases, environment requirements
- Observability correlation: Sentry/DataDog error groups, distributed traces, APM metrics
- User impact assessment: affected segments, error rates, business metrics
- Timeline analysis: deployment correlation, configuration change detection
- Related symptom identification: cascading failures, upstream/downstream impacts
## Response Approach
1. Analyze the error signature and classify the failure type
2. Deep-dive into stack traces to identify the failure location and call chain
3. Correlate with observability data (traces, logs, metrics) for context
4. Assess user impact and business risk
5. Build a timeline of when the issue started and what changed
6. Identify related symptoms and potential cascading effects
7. Provide structured findings for the next investigation phase

32
plugins/incident-response/agents/test-automator.md Normal file
View File

@@ -0,0 +1,32 @@
---
name: test-automator
description: Creates comprehensive test suites including unit, integration, regression, and security tests. Validates fixes with full coverage and cross-environment testing.
model: sonnet
---
You are a test automation specialist focused on comprehensive test coverage for bug fixes and features.
## Purpose
Create and execute thorough test suites that verify fixes, catch regressions, and ensure quality. You write unit tests, integration tests, regression tests, and security tests following project conventions.
## Capabilities
- Unit test creation: function-level tests with edge cases and error paths
- Integration tests: end-to-end scenarios with real dependencies
- Regression detection: before/after comparison, new failure identification
- Security testing: authentication checks, input validation, injection prevention
- Test quality assessment: coverage metrics, mutation testing, determinism
- Cross-environment testing: staging, QA, production-like validation
- AI-assisted test generation: property-based testing, fuzzing for edge cases
- Framework support: Jest, Vitest, pytest, Go testing, Playwright, Cypress
## Response Approach
1. Analyze the code changes and identify what needs testing
2. Write unit tests covering the specific fix, edge cases, and error paths
3. Create integration tests for end-to-end scenarios
4. Add regression tests for similar vulnerability patterns
5. Include security tests where applicable
6. Run the full test suite and report results
7. Assess test quality and coverage metrics

681
plugins/incident-response/commands/incident-response.md
View File

@@ -1,166 +1,601 @@
Orchestrate multi-agent incident response with modern SRE practices for rapid resolution and learning: ---
description: "Orchestrate multi-agent incident response with modern SRE practices for rapid resolution and learning"
argument-hint: "<incident description> [--severity P0|P1|P2|P3]"
---
[Extended thinking: This workflow implements a comprehensive incident command system (ICS) following modern SRE principles. Multiple specialized agents collaborate through defined phases: detection/triage, investigation/mitigation, communication/coordination, and resolution/postmortem. The workflow emphasizes speed without sacrificing accuracy, maintains clear communication channels, and ensures every incident becomes a learning opportunity through blameless postmortems and systematic improvements.] # Incident Response Orchestrator
## Configuration ## CRITICAL BEHAVIORAL RULES
### Severity Levels You MUST follow these rules exactly. Violating any of them is a failure.
- **P0/SEV-1**: Complete outage, security breach, data loss - immediate all-hands response 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
- **P1/SEV-2**: Major degradation, significant user impact - rapid response required 2. **Write output files.** Each step MUST produce its output file in `.incident-response/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
- **P2/SEV-3**: Minor degradation, limited impact - standard response 3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
- **P3/SEV-4**: Cosmetic issues, no user impact - scheduled resolution 4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
### Incident Types ## Pre-flight Checks
- Performance degradation Before starting, perform these checks:
- Service outage
- Security incident
- Data integrity issue
- Infrastructure failure
- Third-party service disruption
## Phase 1: Detection & Triage ### 1. Check for existing session
### 1. Incident Detection and Classification Check if `.incident-response/state.json` exists:
- Use Task tool with subagent_type="incident-responder" - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
- Prompt: "URGENT: Detect and classify incident: $ARGUMENTS. Analyze alerts from PagerDuty/Opsgenie/monitoring. Determine: 1) Incident severity (P0-P3), 2) Affected services and dependencies, 3) User impact and business risk, 4) Initial incident command structure needed. Check error budgets and SLO violations."
- Output: Severity classification, impact assessment, incident command assignments, SLO status
- Context: Initial alerts, monitoring dashboards, recent changes
### 2. Observability Analysis ```
Found an in-progress incident response session:
Incident: [incident from state]
Severity: [severity from state]
Current step: [step from state]
- Use Task tool with subagent_type="observability-monitoring::observability-engineer" 1. Resume from where we left off
- Prompt: "Perform rapid observability sweep for incident: $ARGUMENTS. Query: 1) Distributed tracing (OpenTelemetry/Jaeger), 2) Metrics correlation (Prometheus/Grafana/DataDog), 3) Log aggregation (ELK/Splunk), 4) APM data, 5) Real User Monitoring. Identify anomalies, error patterns, and service degradation points." 2. Start fresh (archives existing session)
- Output: Observability findings, anomaly detection, service health matrix, trace analysis ```
- Context: Severity level from step 1, affected services
### 3. Initial Mitigation - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Use Task tool with subagent_type="incident-responder" ### 2. Initialize state
- Prompt: "Implement immediate mitigation for P$SEVERITY incident: $ARGUMENTS. Actions: 1) Traffic throttling/rerouting if needed, 2) Feature flag disabling for affected features, 3) Circuit breaker activation, 4) Rollback assessment for recent deployments, 5) Scale resources if capacity-related. Prioritize user experience restoration."
- Output: Mitigation actions taken, temporary fixes applied, rollback decisions
- Context: Observability findings, severity classification
## Phase 2: Investigation & Root Cause Analysis Create `.incident-response/` directory and `state.json`:
### 4. Deep System Debugging ```json
{
"incident": "$ARGUMENTS",
"status": "in_progress",
"severity": "P1",
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
- Use Task tool with subagent_type="error-debugging::debugger" Parse `$ARGUMENTS` for `--severity` flag. Default to P1 if not specified.
- Prompt: "Conduct deep debugging for incident: $ARGUMENTS using observability data. Investigate: 1) Stack traces and error logs, 2) Database query performance and locks, 3) Network latency and timeouts, 4) Memory leaks and CPU spikes, 5) Dependency failures and cascading errors. Apply Five Whys analysis."
- Output: Root cause identification, contributing factors, dependency impact map
- Context: Observability analysis, mitigation status
### 5. Security Assessment ### 3. Parse incident description
- Use Task tool with subagent_type="security-scanning::security-auditor" Extract the incident description from `$ARGUMENTS` (everything before the flags). This is referenced as `$INCIDENT` in prompts below.
- Prompt: "Assess security implications of incident: $ARGUMENTS. Check: 1) DDoS attack indicators, 2) Authentication/authorization failures, 3) Data exposure risks, 4) Certificate issues, 5) Suspicious access patterns. Review WAF logs, security groups, and audit trails."
- Output: Security assessment, breach analysis, vulnerability identification
- Context: Root cause findings, system logs
### 6. Performance Engineering Analysis ---
- Use Task tool with subagent_type="application-performance::performance-engineer" ## Phase 1: Detection & Triage (Steps 1-3)
- Prompt: "Analyze performance aspects of incident: $ARGUMENTS. Examine: 1) Resource utilization patterns, 2) Query optimization opportunities, 3) Caching effectiveness, 4) Load balancer health, 5) CDN performance, 6) Autoscaling triggers. Identify bottlenecks and capacity issues."
- Output: Performance bottlenecks, resource recommendations, optimization opportunities
- Context: Debug findings, current mitigation state
## Phase 3: Resolution & Recovery ### Step 1: Incident Detection and Classification
### 7. Fix Implementation Use the Task tool to launch the incident responder agent:
- Use Task tool with subagent_type="backend-development::backend-architect" ```
- Prompt: "Design and implement production fix for incident: $ARGUMENTS based on root cause. Requirements: 1) Minimal viable fix for rapid deployment, 2) Risk assessment and rollback capability, 3) Staged rollout plan with monitoring, 4) Validation criteria and health checks. Consider both immediate fix and long-term solution." Task:
- Output: Fix implementation, deployment strategy, validation plan, rollback procedures subagent_type: "incident-responder"
- Context: Root cause analysis, performance findings, security assessment description: "URGENT: Classify incident: $INCIDENT"
prompt: |
URGENT: Detect and classify incident: $INCIDENT
### 8. Deployment and Validation Determine:
1. Incident severity (P0-P3) based on impact assessment
2. Affected services and their dependencies
3. User impact and business risk
4. Initial incident command structure needed
5. SLO violation status and error budget impact
- Use Task tool with subagent_type="deployment-strategies::deployment-engineer" Check: error budgets, recent deployments, configuration changes, and monitoring alerts.
- Prompt: "Execute emergency deployment for incident fix: $ARGUMENTS. Process: 1) Blue-green or canary deployment, 2) Progressive rollout with monitoring, 3) Health check validation at each stage, 4) Rollback triggers configured, 5) Real-time monitoring during deployment. Coordinate with incident command."
- Output: Deployment status, validation results, monitoring dashboard, rollback readiness
- Context: Fix implementation, current system state
## Phase 4: Communication & Coordination Provide structured output with: SEVERITY, AFFECTED_SERVICES, USER_IMPACT,
BUSINESS_RISK, INCIDENT_COMMAND, SLO_STATUS.
```
### 9. Stakeholder Communication Save output to `.incident-response/01-classification.md`.
- Use Task tool with subagent_type="content-marketing::content-marketer" Update `state.json`: set `current_step` to 2, update severity from classification, add step 1 to `completed_steps`.
- Prompt: "Manage incident communication for: $ARGUMENTS. Create: 1) Status page updates (public-facing), 2) Internal engineering updates (technical details), 3) Executive summary (business impact/ETA), 4) Customer support briefing (talking points), 5) Timeline documentation with key decisions. Update every 15-30 minutes based on severity."
- Output: Communication artifacts, status updates, stakeholder briefings, timeline log
- Context: All previous phases, current resolution status
### 10. Customer Impact Assessment ### Step 2: Observability Analysis
- Use Task tool with subagent_type="incident-responder" Read `.incident-response/01-classification.md`.
- Prompt: "Assess and document customer impact for incident: $ARGUMENTS. Analyze: 1) Affected user segments and geography, 2) Failed transactions or data loss, 3) SLA violations and contractual implications, 4) Customer support ticket volume, 5) Revenue impact estimation. Prepare proactive customer outreach list."
- Output: Customer impact report, SLA analysis, outreach recommendations
- Context: Resolution progress, communication status
## Phase 5: Postmortem & Prevention ```
Task:
subagent_type: "general-purpose"
description: "Observability sweep for incident: $INCIDENT"
prompt: |
You are an observability engineer. Perform rapid observability sweep for this incident.
### 11. Blameless Postmortem Context: [Insert contents of .incident-response/01-classification.md]
- Use Task tool with subagent_type="documentation-generation::docs-architect" Query and analyze:
- Prompt: "Conduct blameless postmortem for incident: $ARGUMENTS. Document: 1) Complete incident timeline with decisions, 2) Root cause and contributing factors (systems focus), 3) What went well in response, 4) What could improve, 5) Action items with owners and deadlines, 6) Lessons learned for team education. Follow SRE postmortem best practices." 1. Distributed tracing (OpenTelemetry/Jaeger) for request flow
- Output: Postmortem document, action items list, process improvements, training needs 2. Metrics correlation (Prometheus/Grafana/DataDog) for anomalies
- Context: Complete incident history, all agent outputs 3. Log aggregation (ELK/Splunk) for error patterns
4. APM data for performance degradation points
5. Real User Monitoring for user experience impact
### 12. Monitoring and Alert Enhancement Identify anomalies, error patterns, and service degradation points.
- Use Task tool with subagent_type="observability-monitoring::observability-engineer" Provide structured output with: TRACE_ANALYSIS, METRICS_ANOMALIES, LOG_PATTERNS,
- Prompt: "Enhance monitoring to prevent recurrence of: $ARGUMENTS. Implement: 1) New alerts for early detection, 2) SLI/SLO adjustments if needed, 3) Dashboard improvements for visibility, 4) Runbook automation opportunities, 5) Chaos engineering scenarios for testing. Ensure alerts are actionable and reduce noise." APM_FINDINGS, RUM_IMPACT, SERVICE_HEALTH_MATRIX.
- Output: New monitoring configuration, alert rules, dashboard updates, runbook automation ```
- Context: Postmortem findings, root cause analysis
### 13. System Hardening Save output to `.incident-response/02-observability.md`.
- Use Task tool with subagent_type="backend-development::backend-architect" Update `state.json`: set `current_step` to 3, add step 2 to `completed_steps`.
- Prompt: "Design system improvements to prevent incident: $ARGUMENTS. Propose: 1) Architecture changes for resilience (circuit breakers, bulkheads), 2) Graceful degradation strategies, 3) Capacity planning adjustments, 4) Technical debt prioritization, 5) Dependency reduction opportunities. Create implementation roadmap."
- Output: Architecture improvements, resilience patterns, technical debt items, roadmap ### Step 3: Initial Mitigation
- Context: Postmortem action items, performance analysis
Read `.incident-response/01-classification.md` and `.incident-response/02-observability.md`.
```
Task:
subagent_type: "incident-responder"
description: "Immediate mitigation for: $INCIDENT"
prompt: |
Implement immediate mitigation for this incident.
Classification: [Insert contents of .incident-response/01-classification.md]
Observability: [Insert contents of .incident-response/02-observability.md]
Actions to evaluate and implement:
1. Traffic throttling/rerouting if needed
2. Feature flag disabling for affected features
3. Circuit breaker activation
4. Rollback assessment for recent deployments
5. Scale resources if capacity-related
Prioritize user experience restoration.
Provide structured output with: MITIGATION_ACTIONS, TEMPORARY_FIXES,
ROLLBACK_DECISIONS, SERVICE_STATUS_AFTER, USER_IMPACT_REDUCTION.
```
Save output to `.incident-response/03-mitigation.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 3 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
You MUST stop here and present the triage results.
Display a summary from `.incident-response/01-classification.md` and `.incident-response/03-mitigation.md` and ask:
```
Triage and initial mitigation complete.
Severity: [from classification]
Affected services: [from classification]
Mitigation status: [from mitigation]
User impact reduction: [from mitigation]
1. Approve — proceed to investigation and root cause analysis
2. Request changes — adjust mitigation or severity
3. Pause — save progress and stop here (mitigation in place)
```
Do NOT proceed to Phase 2 until the user approves.
---
## Phase 2: Investigation & Root Cause (Steps 4-6)
### Step 4: Deep System Debugging
Read `.incident-response/02-observability.md` and `.incident-response/03-mitigation.md`.
```
Task:
subagent_type: "debugger"
description: "Deep debugging for: $INCIDENT"
prompt: |
Conduct deep debugging for this incident using observability data.
Observability: [Insert contents of .incident-response/02-observability.md]
Mitigation: [Insert contents of .incident-response/03-mitigation.md]
Investigate:
1. Stack traces and error logs
2. Database query performance and locks
3. Network latency and timeouts
4. Memory leaks and CPU spikes
5. Dependency failures and cascading errors
Apply Five Whys analysis to identify root cause.
Provide structured output with: ROOT_CAUSE, CONTRIBUTING_FACTORS,
DEPENDENCY_IMPACT_MAP, FIVE_WHYS_ANALYSIS.
```
Save output to `.incident-response/04-debugging.md`.
Update `state.json`: set `current_step` to 5, add step 4 to `completed_steps`.
### Step 5: Security Assessment
Read `.incident-response/04-debugging.md`.
```
Task:
subagent_type: "general-purpose"
description: "Security assessment for: $INCIDENT"
prompt: |
You are a security auditor. Assess security implications of this incident.
Debug findings: [Insert contents of .incident-response/04-debugging.md]
Check:
1. DDoS attack indicators
2. Authentication/authorization failures
3. Data exposure risks
4. Certificate issues
5. Suspicious access patterns
Review WAF logs, security groups, and audit trails.
Provide structured output with: SECURITY_ASSESSMENT, BREACH_ANALYSIS,
VULNERABILITY_IDENTIFICATION, DATA_EXPOSURE_RISK, REMEDIATION_STEPS.
```
### Step 6: Performance Analysis
Read `.incident-response/04-debugging.md`.
Launch in parallel with Step 5:
```
Task:
subagent_type: "general-purpose"
description: "Performance analysis for: $INCIDENT"
prompt: |
You are a performance engineer. Analyze performance aspects of this incident.
Debug findings: [Insert contents of .incident-response/04-debugging.md]
Examine:
1. Resource utilization patterns
2. Query optimization opportunities
3. Caching effectiveness
4. Load balancer health
5. CDN performance
6. Autoscaling triggers
Identify bottlenecks and capacity issues.
Provide structured output with: PERFORMANCE_BOTTLENECKS, RESOURCE_RECOMMENDATIONS,
OPTIMIZATION_OPPORTUNITIES, CAPACITY_ISSUES.
```
After both complete, consolidate into `.incident-response/05-investigation.md`:
```markdown
# Investigation: $INCIDENT
## Root Cause (from debugging)
[From Step 4]
## Security Assessment
[From Step 5]
## Performance Analysis
[From Step 6]
## Combined Findings
[Synthesis of all investigation results]
```
Update `state.json`: set `current_step` to "checkpoint-2", add steps 4-6 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display investigation results from `.incident-response/05-investigation.md` and ask:
```
Investigation complete. Please review .incident-response/05-investigation.md
Root cause: [brief summary]
Security concerns: [summary]
Performance issues: [summary]
1. Approve — proceed to fix implementation and deployment
2. Request changes — investigate further
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Resolution & Recovery (Steps 7-8)
### Step 7: Fix Implementation
Read `.incident-response/05-investigation.md`.
```
Task:
subagent_type: "general-purpose"
description: "Implement production fix for: $INCIDENT"
prompt: |
You are a senior backend architect. Design and implement a production fix for this incident.
Investigation: [Insert contents of .incident-response/05-investigation.md]
Requirements:
1. Minimal viable fix for rapid deployment
2. Risk assessment and rollback capability
3. Staged rollout plan with monitoring
4. Validation criteria and health checks
5. Consider both immediate fix and long-term solution
Provide structured output with: FIX_IMPLEMENTATION, DEPLOYMENT_STRATEGY,
VALIDATION_PLAN, ROLLBACK_PROCEDURES, LONG_TERM_SOLUTION.
```
Save output to `.incident-response/06-fix.md`.
Update `state.json`: set `current_step` to 8, add step 7 to `completed_steps`.
### Step 8: Deployment and Validation
Read `.incident-response/06-fix.md`.
```
Task:
subagent_type: "devops-troubleshooter"
description: "Deploy and validate fix for: $INCIDENT"
prompt: |
Execute emergency deployment for incident fix.
Fix details: [Insert contents of .incident-response/06-fix.md]
Process:
1. Blue-green or canary deployment strategy
2. Progressive rollout with monitoring
3. Health check validation at each stage
4. Rollback triggers configured
5. Real-time monitoring during deployment
Provide structured output with: DEPLOYMENT_STATUS, VALIDATION_RESULTS,
MONITORING_DASHBOARD, ROLLBACK_READINESS, SERVICE_HEALTH_POST_DEPLOY.
```
Save output to `.incident-response/07-deployment.md`.
Update `state.json`: set `current_step` to "checkpoint-3", add step 8 to `completed_steps`.
---
## PHASE CHECKPOINT 3 — User Approval Required
Display deployment results from `.incident-response/07-deployment.md` and ask:
```
Fix deployed and validated.
Deployment status: [from deployment]
Service health: [from deployment]
Rollback ready: [yes/no]
1. Approve — proceed to communication and postmortem
2. Rollback — revert the deployment
3. Pause — save progress and monitor
```
Do NOT proceed to Phase 4 until the user approves.
---
## Phase 4: Communication & Coordination (Steps 9-10)
### Step 9: Stakeholder Communication
Read `.incident-response/01-classification.md`, `.incident-response/05-investigation.md`, and `.incident-response/07-deployment.md`.
```
Task:
subagent_type: "general-purpose"
description: "Manage incident communication for: $INCIDENT"
prompt: |
You are a communications specialist. Manage incident communication for this incident.
Classification: [Insert contents of .incident-response/01-classification.md]
Investigation: [Insert contents of .incident-response/05-investigation.md]
Deployment: [Insert contents of .incident-response/07-deployment.md]
Create:
1. Status page updates (public-facing)
2. Internal engineering updates (technical details)
3. Executive summary (business impact/ETA)
4. Customer support briefing (talking points)
5. Timeline documentation with key decisions
Provide structured output with: STATUS_PAGE_UPDATE, ENGINEERING_UPDATE,
EXECUTIVE_SUMMARY, SUPPORT_BRIEFING, INCIDENT_TIMELINE.
```
Save output to `.incident-response/08-communication.md`.
Update `state.json`: set `current_step` to 10, add step 9 to `completed_steps`.
### Step 10: Customer Impact Assessment
Read `.incident-response/01-classification.md` and `.incident-response/07-deployment.md`.
```
Task:
subagent_type: "incident-responder"
description: "Assess customer impact for: $INCIDENT"
prompt: |
Assess and document customer impact for this incident.
Classification: [Insert contents of .incident-response/01-classification.md]
Resolution: [Insert contents of .incident-response/07-deployment.md]
Analyze:
1. Affected user segments and geography
2. Failed transactions or data loss
3. SLA violations and contractual implications
4. Customer support ticket volume
5. Revenue impact estimation
6. Proactive customer outreach recommendations
Provide structured output with: CUSTOMER_IMPACT_REPORT, SLA_ANALYSIS,
REVENUE_IMPACT, OUTREACH_RECOMMENDATIONS.
```
Save output to `.incident-response/09-customer-impact.md`.
Update `state.json`: set `current_step` to 11, add step 10 to `completed_steps`.
---
## Phase 5: Postmortem & Prevention (Steps 11-13)
### Step 11: Blameless Postmortem
Read all `.incident-response/*.md` files.
```
Task:
subagent_type: "general-purpose"
description: "Blameless postmortem for: $INCIDENT"
prompt: |
You are an SRE documentation specialist. Conduct a blameless postmortem for this incident.
Context: [Insert contents of all .incident-response/*.md files]
Document:
1. Complete incident timeline with decisions
2. Root cause and contributing factors (systems focus, not people)
3. What went well in response
4. What could improve
5. Action items with owners and deadlines
6. Lessons learned for team education
Follow SRE postmortem best practices. Focus on systems, not blame.
Provide structured output with: INCIDENT_TIMELINE, ROOT_CAUSE_SUMMARY,
WHAT_WENT_WELL, IMPROVEMENTS, ACTION_ITEMS, LESSONS_LEARNED.
```
Save output to `.incident-response/10-postmortem.md`.
Update `state.json`: set `current_step` to 12, add step 11 to `completed_steps`.
### Step 12: Monitoring Enhancement
Read `.incident-response/05-investigation.md` and `.incident-response/10-postmortem.md`.
```
Task:
subagent_type: "general-purpose"
description: "Enhance monitoring for: $INCIDENT prevention"
prompt: |
You are an observability engineer. Enhance monitoring to prevent recurrence of this incident.
Investigation: [Insert contents of .incident-response/05-investigation.md]
Postmortem: [Insert contents of .incident-response/10-postmortem.md]
Implement:
1. New alerts for early detection
2. SLI/SLO adjustments if needed
3. Dashboard improvements for visibility
4. Runbook automation opportunities
5. Chaos engineering scenarios for testing
Ensure alerts are actionable and reduce noise.
Provide structured output with: NEW_ALERTS, SLO_ADJUSTMENTS, DASHBOARD_UPDATES,
RUNBOOK_AUTOMATION, CHAOS_SCENARIOS.
```
Save output to `.incident-response/11-monitoring.md`.
Update `state.json`: set `current_step` to 13, add step 12 to `completed_steps`.
### Step 13: System Hardening
Read `.incident-response/05-investigation.md` and `.incident-response/10-postmortem.md`.
```
Task:
subagent_type: "general-purpose"
description: "System hardening for: $INCIDENT prevention"
prompt: |
You are a senior backend architect. Design system improvements to prevent recurrence.
Investigation: [Insert contents of .incident-response/05-investigation.md]
Postmortem: [Insert contents of .incident-response/10-postmortem.md]
Propose:
1. Architecture changes for resilience (circuit breakers, bulkheads)
2. Graceful degradation strategies
3. Capacity planning adjustments
4. Technical debt prioritization
5. Dependency reduction opportunities
6. Implementation roadmap
Provide structured output with: ARCHITECTURE_IMPROVEMENTS, RESILIENCE_PATTERNS,
CAPACITY_PLAN, TECH_DEBT_ITEMS, IMPLEMENTATION_ROADMAP.
```
Save output to `.incident-response/12-hardening.md`.
Update `state.json`: set `current_step` to "complete", add step 13 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Incident response complete: $INCIDENT
## Files Created
[List all .incident-response/ output files]
## Response Summary
- Classification: .incident-response/01-classification.md
- Observability: .incident-response/02-observability.md
- Mitigation: .incident-response/03-mitigation.md
- Debugging: .incident-response/04-debugging.md
- Investigation: .incident-response/05-investigation.md
- Fix: .incident-response/06-fix.md
- Deployment: .incident-response/07-deployment.md
- Communication: .incident-response/08-communication.md
- Customer Impact: .incident-response/09-customer-impact.md
- Postmortem: .incident-response/10-postmortem.md
- Monitoring: .incident-response/11-monitoring.md
- Hardening: .incident-response/12-hardening.md
## Immediate Follow-ups
1. Verify service stability over the next 24 hours
2. Complete all postmortem action items
3. Deploy monitoring enhancements within 1 week
4. Schedule system hardening work
5. Conduct team learning session on lessons learned
## Success Criteria ## Success Criteria
- Service restored within SLA targets
### Immediate Success (During Incident) - Postmortem completed within 48 hours
- Service restoration within SLA targets
- Accurate severity classification within 5 minutes
- Stakeholder communication every 15-30 minutes
- No cascading failures or incident escalation
- Clear incident command structure maintained
### Long-term Success (Post-Incident)
- Comprehensive postmortem within 48 hours
- All action items assigned with deadlines - All action items assigned with deadlines
- Monitoring improvements deployed within 1 week - Monitoring improvements deployed within 1 week
- Runbook updates completed - No recurrence of the same root cause
- Team training conducted on lessons learned ```
- Error budget impact assessed and communicated
## Coordination Protocols
### Incident Command Structure
- **Incident Commander**: Decision authority, coordination
- **Technical Lead**: Technical investigation and resolution
- **Communications Lead**: Stakeholder updates
- **Subject Matter Experts**: Specific system expertise
### Communication Channels
- War room (Slack/Teams channel or Zoom)
- Status page updates (StatusPage, Statusly)
- PagerDuty/Opsgenie for alerting
- Confluence/Notion for documentation
### Handoff Requirements
- Each phase provides clear context to the next
- All findings documented in shared incident doc
- Decision rationale recorded for postmortem
- Timestamp all significant events
Production incident requiring immediate response: $ARGUMENTS Production incident requiring immediate response: $ARGUMENTS

1204
plugins/incident-response/commands/smart-fix.md
View File

File diff suppressed because it is too large Load Diff

10
plugins/javascript-typescript/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "javascript-typescript",
"version": "1.2.1",
"description": "JavaScript and TypeScript development with ES6+, Node.js, React, and modern web frameworks",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/julia-development/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "julia-development",
"version": "1.0.0",
"description": "Modern Julia development with Julia 1.10+, package management, scientific computing, high-performance numerical code, and production best practices",
"author": {
"name": "Community Contribution",
"url": "https://github.com/exAClior"
},
"license": "MIT"
}

10
plugins/jvm-languages/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "jvm-languages",
"version": "1.2.0",
"description": "JVM language development including Java, Scala, and C# with enterprise patterns and frameworks",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/kubernetes-operations/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "kubernetes-operations",
"version": "1.2.1",
"description": "Kubernetes manifest generation, networking configuration, security policies, observability setup, GitOps workflows, and auto-scaling",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

4
plugins/llm-application-dev/.claude-plugin/plugin.json
View File

@@ -1,8 +1,10 @@
{ {
"name": "llm-application-dev", "name": "llm-application-dev",
"description": "LLM application development with LangGraph, RAG systems, vector search, and AI agent architectures for Claude 4.5 and GPT-5.2", "description": "LLM application development with LangGraph, RAG systems, vector search, and AI agent architectures for Claude 4.5 and GPT-5.2",
"version": "2.0.3",
"author": { "author": {
"name": "Seth Hobson", "name": "Seth Hobson",
"email": "seth@major7apps.com" "email": "seth@major7apps.com"
} },
"license": "MIT"
} }

10
plugins/machine-learning-ops/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "machine-learning-ops",
"version": "1.2.1",
"description": "ML model training pipelines, hyperparameter tuning, model deployment automation, experiment tracking, and MLOps workflows",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/multi-platform-apps/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "multi-platform-apps",
"version": "1.3.0",
"description": "Cross-platform application development coordinating web, iOS, Android, and desktop implementations",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

672
plugins/multi-platform-apps/commands/multi-platform.md
View File

@@ -1,177 +1,545 @@
# Multi-Platform Feature Development Workflow ---
description: "Orchestrate cross-platform feature development across web, mobile, and desktop with API-first architecture"
argument-hint: "<feature description> [--platforms web,ios,android,desktop] [--shared-code evaluate|kotlin-multiplatform|typescript]"
---
Build and deploy the same feature consistently across web, mobile, and desktop platforms using API-first architecture and parallel implementation strategies. # Multi-Platform Feature Development Orchestrator
[Extended thinking: This workflow orchestrates multiple specialized agents to ensure feature parity across platforms while maintaining platform-specific optimizations. The coordination strategy emphasizes shared contracts and parallel development with regular synchronization points. By establishing API contracts and data models upfront, teams can work independently while ensuring consistency. The workflow benefits include faster time-to-market, reduced integration issues, and maintainable cross-platform codebases.] ## CRITICAL BEHAVIORAL RULES
## Phase 1: Architecture and API Design (Sequential) You MUST follow these rules exactly. Violating any of them is a failure.
### 1. Define Feature Requirements and API Contracts 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
2. **Write output files.** Each step MUST produce its output file in `.multi-platform/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
- Use Task tool with subagent_type="backend-architect" ## Pre-flight Checks
- Prompt: "Design the API contract for feature: $ARGUMENTS. Create OpenAPI 3.1 specification with:
- RESTful endpoints with proper HTTP methods and status codes
- GraphQL schema if applicable for complex data queries
- WebSocket events for real-time features
- Request/response schemas with validation rules
- Authentication and authorization requirements
- Rate limiting and caching strategies
- Error response formats and codes
Define shared data models that all platforms will consume."
- Expected output: Complete API specification, data models, and integration guidelines
### 2. Design System and UI/UX Consistency Before starting, perform these checks:
- Use Task tool with subagent_type="ui-ux-designer" ### 1. Check for existing session
- Prompt: "Create cross-platform design system for feature using API spec: [previous output]. Include:
- Component specifications for each platform (Material Design, iOS HIG, Fluent)
- Responsive layouts for web (mobile-first approach)
- Native patterns for iOS (SwiftUI) and Android (Material You)
- Desktop-specific considerations (keyboard shortcuts, window management)
- Accessibility requirements (WCAG 2.2 Level AA)
- Dark/light theme specifications
- Animation and transition guidelines"
- Context from previous: API endpoints, data structures, authentication flows
- Expected output: Design system documentation, component library specs, platform guidelines
### 3. Shared Business Logic Architecture Check if `.multi-platform/state.json` exists:
- Use Task tool with subagent_type="comprehensive-review::architect-review" - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
- Prompt: "Design shared business logic architecture for cross-platform feature. Define:
- Core domain models and entities (platform-agnostic)
- Business rules and validation logic
- State management patterns (MVI/Redux/BLoC)
- Caching and offline strategies
- Error handling and retry policies
- Platform-specific adapter patterns
Consider Kotlin Multiplatform for mobile or TypeScript for web/desktop sharing."
- Context from previous: API contracts, data models, UI requirements
- Expected output: Shared code architecture, platform abstraction layers, implementation guide
## Phase 2: Parallel Platform Implementation ```
Found an in-progress multi-platform development session:
Feature: [name from state]
Current step: [step from state]
### 4a. Web Implementation (React/Next.js) 1. Resume from where we left off
2. Start fresh (archives existing session)
```
- Use Task tool with subagent_type="frontend-developer" - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Prompt: "Implement web version of feature using:
- React 18+ with Next.js 14+ App Router
- TypeScript for type safety
- TanStack Query for API integration: [API spec]
- Zustand/Redux Toolkit for state management
- Tailwind CSS with design system: [design specs]
- Progressive Web App capabilities
- SSR/SSG optimization where appropriate
- Web vitals optimization (LCP < 2.5s, FID < 100ms)
Follow shared business logic: [architecture doc]"
- Context from previous: API contracts, design system, shared logic patterns
- Expected output: Complete web implementation with tests
### 4b. iOS Implementation (SwiftUI) ### 2. Initialize state
- Use Task tool with subagent_type="ios-developer" Create `.multi-platform/` directory and `state.json`:
- Prompt: "Implement iOS version using:
- SwiftUI with iOS 17+ features
- Swift 5.9+ with async/await
- URLSession with Combine for API: [API spec]
- Core Data/SwiftData for persistence
- Design system compliance: [iOS HIG specs]
- Widget extensions if applicable
- Platform-specific features (Face ID, Haptics, Live Activities)
- Testable MVVM architecture
Follow shared patterns: [architecture doc]"
- Context from previous: API contracts, iOS design guidelines, shared models
- Expected output: Native iOS implementation with unit/UI tests
### 4c. Android Implementation (Kotlin/Compose) ```json
{
"feature": "$ARGUMENTS",
"status": "in_progress",
"platforms": ["web", "ios", "android"],
"shared_code": "evaluate",
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
- Use Task tool with subagent_type="mobile-developer" Parse `$ARGUMENTS` for `--platforms` and `--shared-code` flags. Use defaults if not specified.
- Prompt: "Implement Android version using:
- Jetpack Compose with Material 3
- Kotlin coroutines and Flow
- Retrofit/Ktor for API: [API spec]
- Room database for local storage
- Hilt for dependency injection
- Material You dynamic theming: [design specs]
- Platform features (biometric auth, widgets)
- Clean architecture with MVI pattern
Follow shared logic: [architecture doc]"
- Context from previous: API contracts, Material Design specs, shared patterns
- Expected output: Native Android implementation with tests
### 4d. Desktop Implementation (Optional - Electron/Tauri) ### 3. Parse feature description
- Use Task tool with subagent_type="frontend-mobile-development::frontend-developer" Extract the feature description from `$ARGUMENTS` (everything before the flags). This is referenced as `$FEATURE` in prompts below.
- Prompt: "Implement desktop version using Tauri 2.0 or Electron with:
- Shared web codebase where possible
- Native OS integration (system tray, notifications)
- File system access if needed
- Auto-updater functionality
- Code signing and notarization setup
- Keyboard shortcuts and menu bar
- Multi-window support if applicable
Reuse web components: [web implementation]"
- Context from previous: Web implementation, desktop-specific requirements
- Expected output: Desktop application with platform packages
## Phase 3: Integration and Validation ---
### 5. API Documentation and Testing ## Phase 1: Architecture and API Design (Steps 13) — Sequential
- Use Task tool with subagent_type="documentation-generation::api-documenter" ### Step 1: Define Feature Requirements and API Contracts
- Prompt: "Create comprehensive API documentation including:
- Interactive OpenAPI/Swagger documentation
- Platform-specific integration guides
- SDK examples for each platform
- Authentication flow diagrams
- Rate limiting and quota information
- Postman/Insomnia collections
- WebSocket connection examples
- Error handling best practices
- API versioning strategy
Test all endpoints with platform implementations."
- Context from previous: Implemented platforms, API usage patterns
- Expected output: Complete API documentation portal, test results
### 6. Cross-Platform Testing and Feature Parity Use the Task tool to launch the backend architect:
- Use Task tool with subagent_type="unit-testing::test-automator" ```
- Prompt: "Validate feature parity across all platforms: Task:
- Functional testing matrix (features work identically) subagent_type: "backend-architect"
- UI consistency verification (follows design system) description: "Design API contract for $FEATURE"
- Performance benchmarks per platform prompt: |
- Accessibility testing (platform-specific tools) Design the API contract for feature: $FEATURE.
- Network resilience testing (offline, slow connections)
- Data synchronization validation
- Platform-specific edge cases
- End-to-end user journey tests
Create test report with any platform discrepancies."
- Context from previous: All platform implementations, API documentation
- Expected output: Test report, parity matrix, performance metrics
### 7. Platform-Specific Optimizations ## Target Platforms
[List from state.json platforms]
Create OpenAPI 3.1 specification with:
- RESTful endpoints with proper HTTP methods and status codes
- GraphQL schema if applicable for complex data queries
- WebSocket events for real-time features
- Request/response schemas with validation rules
- Authentication and authorization requirements
- Rate limiting and caching strategies
- Error response formats and codes
Define shared data models that all platforms will consume.
## Deliverables
1. Complete API specification
2. Shared data models
3. Authentication flow design
4. Integration guidelines for each platform
Write your complete API design as a single markdown document.
```
Save the agent's output to `.multi-platform/01-api-contracts.md`.
Update `state.json`: set `current_step` to 2, add step 1 to `completed_steps`.
### Step 2: Design System and UI/UX Consistency
Read `.multi-platform/01-api-contracts.md`.
Use the Task tool:
```
Task:
subagent_type: "ui-ux-designer"
description: "Create cross-platform design system for $FEATURE"
prompt: |
Create cross-platform design system for feature: $FEATURE.
## API Specification
[Insert contents of .multi-platform/01-api-contracts.md]
## Target Platforms
[List from state.json platforms]
Include:
- Component specifications for each platform (Material Design, iOS HIG, Fluent)
- Responsive layouts for web (mobile-first approach)
- Native patterns for iOS (SwiftUI) and Android (Material You)
- Desktop-specific considerations (keyboard shortcuts, window management)
- Accessibility requirements (WCAG 2.2 Level AA)
- Dark/light theme specifications
- Animation and transition guidelines
## Deliverables
1. Design system documentation
2. Component library specifications per platform
3. Platform-specific guidelines
4. Accessibility requirements
5. Theme specifications
Write your complete design system as a single markdown document.
```
Save the agent's output to `.multi-platform/02-design-system.md`.
Update `state.json`: set `current_step` to 3, add step 2 to `completed_steps`.
### Step 3: Shared Business Logic Architecture
Read `.multi-platform/01-api-contracts.md` and `.multi-platform/02-design-system.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Design shared business logic architecture for $FEATURE"
prompt: |
You are a software architect specializing in cross-platform shared code architecture.
Design shared business logic architecture for cross-platform feature: $FEATURE.
## API Contracts
[Insert contents of .multi-platform/01-api-contracts.md]
## Design System
[Insert contents of .multi-platform/02-design-system.md]
Define:
- Core domain models and entities (platform-agnostic)
- Business rules and validation logic
- State management patterns (MVI/Redux/BLoC)
- Caching and offline strategies
- Error handling and retry policies
- Platform-specific adapter patterns
Consider Kotlin Multiplatform for mobile or TypeScript for web/desktop sharing.
## Deliverables
1. Shared code architecture document
2. Platform abstraction layer design
3. State management strategy
4. Offline/caching approach
5. Implementation guide
Write your complete architecture as a single markdown document.
```
Save the agent's output to `.multi-platform/03-shared-architecture.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 3 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
You MUST stop here and present the architecture for review.
Display a summary from `.multi-platform/01-api-contracts.md`, `.multi-platform/02-design-system.md`, and `.multi-platform/03-shared-architecture.md` (key API endpoints, design system components, shared logic approach) and ask:
```
Architecture and API design complete. Please review:
- .multi-platform/01-api-contracts.md
- .multi-platform/02-design-system.md
- .multi-platform/03-shared-architecture.md
1. Approve — proceed to platform implementation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise and re-checkpoint. If option 3, update `state.json` status and stop.
---
## Phase 2: Parallel Platform Implementation (Steps 4a4d)
Read `.multi-platform/01-api-contracts.md`, `.multi-platform/02-design-system.md`, and `.multi-platform/03-shared-architecture.md`.
Launch platform implementations in parallel using multiple Task tool calls. Only launch tasks for platforms listed in `state.json`.
### Step 4a: Web Implementation (React/Next.js)
```
Task:
subagent_type: "frontend-developer"
description: "Implement web version of $FEATURE"
prompt: |
Implement web version of feature: $FEATURE.
## API Contracts
[Insert contents of .multi-platform/01-api-contracts.md]
## Design System
[Insert contents of .multi-platform/02-design-system.md]
## Shared Architecture
[Insert contents of .multi-platform/03-shared-architecture.md]
Use:
- React 18+ with Next.js 14+ App Router
- TypeScript for type safety
- TanStack Query for API integration
- Zustand/Redux Toolkit for state management
- Tailwind CSS with design system tokens
- Progressive Web App capabilities
- SSR/SSG optimization where appropriate
- Web vitals optimization (LCP < 2.5s, FID < 100ms)
Write all code files. Report what files were created/modified.
```
Save output to `.multi-platform/04a-web.md`.
### Step 4b: iOS Implementation (SwiftUI)
```
Task:
subagent_type: "ios-developer"
description: "Implement iOS version of $FEATURE"
prompt: |
Implement iOS version of feature: $FEATURE.
## API Contracts
[Insert contents of .multi-platform/01-api-contracts.md]
## Design System (iOS HIG section)
[Insert contents of .multi-platform/02-design-system.md]
## Shared Architecture
[Insert contents of .multi-platform/03-shared-architecture.md]
Use:
- SwiftUI with iOS 17+ features
- Swift 5.9+ with async/await
- URLSession with Combine for API integration
- Core Data/SwiftData for persistence
- Platform-specific features (Face ID, Haptics, Live Activities)
- Testable MVVM architecture
Write all code files. Report what files were created/modified.
```
Save output to `.multi-platform/04b-ios.md`.
### Step 4c: Android Implementation (Kotlin/Compose)
```
Task:
subagent_type: "mobile-developer"
description: "Implement Android version of $FEATURE"
prompt: |
Implement Android version of feature: $FEATURE.
## API Contracts
[Insert contents of .multi-platform/01-api-contracts.md]
## Design System (Material Design section)
[Insert contents of .multi-platform/02-design-system.md]
## Shared Architecture
[Insert contents of .multi-platform/03-shared-architecture.md]
Use:
- Jetpack Compose with Material 3
- Kotlin coroutines and Flow
- Retrofit/Ktor for API integration
- Room database for local storage
- Hilt for dependency injection
- Material You dynamic theming
- Platform features (biometric auth, widgets)
- Clean architecture with MVI pattern
Write all code files. Report what files were created/modified.
```
Save output to `.multi-platform/04c-android.md`.
### Step 4d: Desktop Implementation (Optional — Electron/Tauri)
Only if "desktop" is in the platforms list:
```
Task:
subagent_type: "frontend-developer"
description: "Implement desktop version of $FEATURE"
prompt: |
Implement desktop version of feature: $FEATURE using Tauri 2.0 or Electron.
## API Contracts
[Insert contents of .multi-platform/01-api-contracts.md]
## Design System
[Insert contents of .multi-platform/02-design-system.md]
## Shared Architecture
[Insert contents of .multi-platform/03-shared-architecture.md]
## Web Implementation (for reuse)
[Insert contents of .multi-platform/04a-web.md]
Include:
- Shared web codebase where possible
- Native OS integration (system tray, notifications)
- File system access if needed
- Auto-updater functionality
- Code signing and notarization setup
- Keyboard shortcuts and menu bar
- Multi-window support if applicable
Write all code files. Report what files were created/modified.
```
Save output to `.multi-platform/04d-desktop.md`.
After all platform implementations complete, update `state.json`: set `current_step` to "checkpoint-2", add step 4 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display a summary of all platform implementations and ask:
```
Platform implementations complete. Please review:
- .multi-platform/04a-web.md
- .multi-platform/04b-ios.md (if applicable)
- .multi-platform/04c-android.md (if applicable)
- .multi-platform/04d-desktop.md (if applicable)
1. Approve — proceed to integration and validation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Integration and Validation (Steps 57)
### Step 5: API Documentation and Testing
Read `.multi-platform/01-api-contracts.md` and all `.multi-platform/04*.md` files.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Create comprehensive API documentation for $FEATURE"
prompt: |
You are a technical writer specializing in API documentation. Create comprehensive
API documentation for: $FEATURE.
## API Contracts
[Insert contents of .multi-platform/01-api-contracts.md]
## Platform Implementations
[Insert summaries from all .multi-platform/04*.md files]
Include:
- Interactive OpenAPI/Swagger documentation
- Platform-specific integration guides
- SDK examples for each platform
- Authentication flow diagrams
- Rate limiting and quota information
- Error handling best practices
- API versioning strategy
Test all endpoints with platform implementations.
## Deliverables
1. Complete API documentation
2. Platform integration guides
3. SDK examples per platform
4. Test results summary
Write your complete documentation as a single markdown document.
```
Save output to `.multi-platform/05-api-docs.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Cross-Platform Testing and Feature Parity
Read all `.multi-platform/04*.md` files and `.multi-platform/05-api-docs.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Validate feature parity across all platforms for $FEATURE"
prompt: |
You are a QA engineer specializing in cross-platform testing. Validate feature parity
across all platforms for: $FEATURE.
## Platform Implementations
[Insert contents of all .multi-platform/04*.md files]
## API Documentation
[Insert contents of .multi-platform/05-api-docs.md]
Validate:
- Functional testing matrix (features work identically)
- UI consistency verification (follows design system)
- Performance benchmarks per platform
- Accessibility testing (platform-specific tools)
- Network resilience testing (offline, slow connections)
- Data synchronization validation
- Platform-specific edge cases
- End-to-end user journey tests
## Deliverables
1. Feature parity matrix
2. Test results per platform
3. Performance benchmarks
4. Platform discrepancies found
5. Recommendations for fixes
Write your complete test report as a single markdown document.
```
Save output to `.multi-platform/06-testing.md`.
Update `state.json`: set `current_step` to 7, add step 6 to `completed_steps`.
### Step 7: Platform-Specific Optimizations
Read `.multi-platform/06-testing.md` and all `.multi-platform/04*.md` files.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Optimize each platform implementation for $FEATURE"
prompt: |
You are a performance engineer specializing in cross-platform application optimization.
Optimize each platform implementation for: $FEATURE.
## Test Results
[Insert contents of .multi-platform/06-testing.md]
## Platform Implementations
[Insert summaries from all .multi-platform/04*.md files]
Optimize:
- Web: Bundle size, lazy loading, CDN setup, SEO
- iOS: App size, launch time, memory usage, battery
- Android: APK size, startup time, frame rate, battery
- Desktop: Binary size, resource usage, startup time
- API: Response time, caching, compression
- Use Task tool with subagent_type="application-performance::performance-engineer"
- Prompt: "Optimize each platform implementation:
- Web: Bundle size, lazy loading, CDN setup, SEO
- iOS: App size, launch time, memory usage, battery
- Android: APK size, startup time, frame rate, battery
- Desktop: Binary size, resource usage, startup time
- API: Response time, caching, compression
Maintain feature parity while leveraging platform strengths. Maintain feature parity while leveraging platform strengths.
Document optimization techniques and trade-offs." Document optimization techniques and trade-offs.
- Context from previous: Test results, performance metrics
- Expected output: Optimized implementations, performance improvements
## Configuration Options ## Deliverables
1. Platform-specific optimizations applied
2. Performance improvement measurements
3. Trade-offs documented
4. Remaining optimization opportunities
- **--platforms**: Specify target platforms (web,ios,android,desktop) Write your complete optimization report as a single markdown document.
- **--api-first**: Generate API before UI implementation (default: true) ```
- **--shared-code**: Use Kotlin Multiplatform or similar (default: evaluate)
- **--design-system**: Use existing or create new (default: create) Save output to `.multi-platform/07-optimizations.md`.
- **--testing-strategy**: Unit, integration, e2e (default: all)
Update `state.json`: set `current_step` to "complete", add step 7 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Multi-platform feature development complete: $FEATURE
## Files Created
[List all .multi-platform/ output files]
## Implementation Summary
- API Contracts: .multi-platform/01-api-contracts.md
- Design System: .multi-platform/02-design-system.md
- Shared Architecture: .multi-platform/03-shared-architecture.md
- Web Implementation: .multi-platform/04a-web.md
- iOS Implementation: .multi-platform/04b-ios.md
- Android Implementation: .multi-platform/04c-android.md
- Desktop Implementation: .multi-platform/04d-desktop.md (if applicable)
- API Documentation: .multi-platform/05-api-docs.md
- Testing Report: .multi-platform/06-testing.md
- Optimizations: .multi-platform/07-optimizations.md
## Success Criteria ## Success Criteria
- API contract defined and validated before implementation - API contract defined and validated before implementation
- All platforms achieve feature parity with <5% variance - All platforms achieve feature parity with <5% variance
- Performance metrics meet platform-specific standards - Performance metrics meet platform-specific standards
@@ -179,13 +547,11 @@ Build and deploy the same feature consistently across web, mobile, and desktop p
- Cross-platform testing shows consistent behavior - Cross-platform testing shows consistent behavior
- Documentation complete for all platforms - Documentation complete for all platforms
- Code reuse >40% between platforms where applicable - Code reuse >40% between platforms where applicable
- User experience optimized for each platform's conventions
## Platform-Specific Considerations ## Next Steps
1. Review all generated code and documentation
**Web**: PWA capabilities, SEO optimization, browser compatibility 2. Run platform-specific test suites
**iOS**: App Store guidelines, TestFlight distribution, iOS-specific features 3. Create pull requests per platform
**Android**: Play Store requirements, Android App Bundles, device fragmentation 4. Deploy using platform-specific pipelines
**Desktop**: Code signing, auto-updates, OS-specific installers 5. Monitor cross-platform metrics post-launch
```
Initial feature specification: $ARGUMENTS

10
plugins/observability-monitoring/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "observability-monitoring",
"version": "1.2.1",
"description": "Metrics collection, logging infrastructure, distributed tracing, SLO implementation, and monitoring dashboards",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/payment-processing/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "payment-processing",
"version": "1.2.1",
"description": "Payment gateway integration with Stripe, PayPal, checkout flow implementation, subscription billing, and PCI compliance",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

148
plugins/payment-processing/skills/stripe-integration/SKILL.md
View File

@@ -21,19 +21,21 @@ Master Stripe payment processing integration for robust, PCI-compliant payment f
### 1. Payment Flows ### 1. Payment Flows
**Checkout Session (Hosted)** **Checkout Sessions**
- Stripe-hosted payment page - Recommended for most integrations
- Minimal PCI compliance burden - Supports all UI paths:
- Fastest implementation - Stripe-hosted checkout page
- Supports one-time and recurring payments - Embedded checkout form (`ui_mode='embedded'`)
- Custom UI with Elements (Payment Element, Express Checkout Element) using `ui_mode='custom'`
- Provides built-in checkout capabilities (line items, discounts, tax, shipping, address collection, saved payment methods, and checkout lifecycle events)
- Lower integration and maintenance burden than Payment Intents
**Payment Intents (Custom UI)** **Payment Intents (Bespoke control)**
- Full control over payment UI - You calculate the final amount with taxes, discounts, subscriptions, and currency conversion yourself.
- More complex implementation and long-term maintenance burden
- Requires Stripe.js for PCI compliance - Requires Stripe.js for PCI compliance
- More complex implementation
- Better customization options
**Setup Intents (Save Payment Methods)** **Setup Intents (Save Payment Methods)**
@@ -77,7 +79,6 @@ stripe.api_key = "sk_test_..."
# Create a checkout session # Create a checkout session
session = stripe.checkout.Session.create( session = stripe.checkout.Session.create(
payment_method_types=['card'],
line_items=[{ line_items=[{
'price_data': { 'price_data': {
'currency': 'usd', 'currency': 'usd',
@@ -109,7 +110,6 @@ def create_checkout_session(amount, currency='usd'):
"""Create a one-time payment checkout session.""" """Create a one-time payment checkout session."""
try: try:
session = stripe.checkout.Session.create( session = stripe.checkout.Session.create(
payment_method_types=['card'],
line_items=[{ line_items=[{
'price_data': { 'price_data': {
'currency': currency, 'currency': currency,
@@ -136,11 +136,76 @@ def create_checkout_session(amount, currency='usd'):
raise raise
``` ```
### Pattern 2: Custom Payment Intent Flow ### Pattern 2: Checkout Sessions with Payment Element
```python
def create_checkout_session_for_elements(amount, currency='usd'):
"""Create a checkout session configured for Payment Element."""
session = stripe.checkout.Session.create(
mode='payment',
ui_mode='custom',
line_items=[{
'price_data': {
'currency': currency,
'product_data': {'name': 'Purchase'},
'unit_amount': amount,
},
'quantity': 1,
}],
return_url='https://yourdomain.com/complete?session_id={CHECKOUT_SESSION_ID}'
)
return session.client_secret # Send to frontend for stripe.initCheckout()
# Frontend (JavaScript)
"""
const stripe = Stripe('pk_test_...');
// initCheckout() is synchronous; loadActions() is async
const checkout = stripe.initCheckout({clientSecret});
const loadActionsResult = await checkout.loadActions();
if (loadActionsResult.type === 'success') {
const {actions} = loadActionsResult;
const session = actions.getSession();
const button = document.getElementById('pay-button');
const checkoutContainer = document.getElementById('checkout-container');
const emailInput = document.getElementById('email');
const emailErrors = document.getElementById('email-errors');
const errors = document.getElementById('confirm-errors');
// Display grand total (amount in smallest currency unit, e.g. cents)
checkoutContainer.append(`Total: ${session.total.total.amount}`);
// Mount Payment Element
const paymentElement = checkout.createPaymentElement();
paymentElement.mount('#payment-element');
// Store email for submission
emailInput.addEventListener('blur', () => {
actions.updateEmail(emailInput.value).then((result) => {
if (result.error) emailErrors.textContent = result.error.message;
});
});
// Handle form submission
button.addEventListener('click', () => {
actions.confirm().then((result) => {
if (result.type === 'error') errors.textContent = result.error.message;
});
});
}
"""
```
### Pattern 3: Payment Intents with Payment Element (Bespoke Control)
Use this when you need full control over the payment flow and cannot use Checkout Sessions
(e.g., you have your own tax, discount, or subscription calculation engine).
```python ```python
def create_payment_intent(amount, currency='usd', customer_id=None): def create_payment_intent(amount, currency='usd', customer_id=None):
"""Create a payment intent for custom checkout UI.""" """Create a payment intent for bespoke checkout UI with Payment Element."""
intent = stripe.PaymentIntent.create( intent = stripe.PaymentIntent.create(
amount=amount, amount=amount,
currency=currency, currency=currency,
@@ -148,40 +213,33 @@ def create_payment_intent(amount, currency='usd', customer_id=None):
automatic_payment_methods={ automatic_payment_methods={
'enabled': True, 'enabled': True,
}, },
metadata={
'integration_check': 'accept_a_payment'
}
) )
return intent.client_secret # Send to frontend return intent.client_secret # Send to frontend
# Frontend (JavaScript)
"""
const stripe = Stripe('pk_test_...');
const elements = stripe.elements();
const cardElement = elements.create('card');
cardElement.mount('#card-element');
const {error, paymentIntent} = await stripe.confirmCardPayment(
clientSecret,
{
payment_method: {
card: cardElement,
billing_details: {
name: 'Customer Name'
}
}
}
);
if (error) {
// Handle error
} else if (paymentIntent.status === 'succeeded') {
// Payment successful
}
"""
``` ```
### Pattern 3: Subscription Creation ```javascript
// Frontend: Mount Payment Element and confirm via Payment Intents
const stripe = Stripe('pk_test_...');
const elements = stripe.elements({clientSecret});
const paymentElement = elements.create('payment');
paymentElement.mount('#payment-element');
document.getElementById('pay-button').addEventListener('click', async () => {
const {error} = await stripe.confirmPayment({
elements,
confirmParams: {
return_url: 'https://yourdomain.com/complete',
},
});
if (error) {
document.getElementById('errors').textContent = error.message;
}
});
```
### Pattern 4: Subscription Creation
```python ```python
def create_subscription(customer_id, price_id): def create_subscription(customer_id, price_id):
@@ -204,7 +262,7 @@ def create_subscription(customer_id, price_id):
raise raise
``` ```
### Pattern 4: Customer Portal ### Pattern 5: Customer Portal
```python ```python
def create_customer_portal_session(customer_id): def create_customer_portal_session(customer_id):
@@ -414,7 +472,7 @@ def test_payment_flow():
amount=1000, amount=1000,
currency='usd', currency='usd',
customer=customer.id, customer=customer.id,
payment_method_types=['card'] automatic_payment_methods={'enabled': True},
) )
# Confirm with test card # Confirm with test card

10
plugins/performance-testing-review/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "performance-testing-review",
"version": "1.2.0",
"description": "Performance analysis, test coverage review, and AI-powered code quality assessment",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/python-development/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "python-development",
"version": "1.2.1",
"description": "Modern Python development with Python 3.12+, Django, FastAPI, async patterns, and production best practices",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/quantitative-trading/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "quantitative-trading",
"version": "1.2.1",
"description": "Quantitative analysis, algorithmic trading strategies, financial modeling, portfolio risk management, and backtesting",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/reverse-engineering/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "reverse-engineering",
"version": "1.0.0",
"description": "Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security",
"author": {
"name": "Dávid Balatoni",
"url": "https://github.com/balcsida"
},
"license": "MIT"
}

10
plugins/security-compliance/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "security-compliance",
"version": "1.2.0",
"description": "SOC2, HIPAA, and GDPR compliance validation, secrets scanning, compliance checklists, and regulatory documentation",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/security-scanning/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "security-scanning",
"version": "1.3.0",
"description": "SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

715
plugins/security-scanning/commands/security-hardening.md
View File

@@ -1,134 +1,653 @@
Implement comprehensive security hardening with defense-in-depth strategy through coordinated multi-agent orchestration: ---
description: "Orchestrate comprehensive security hardening with defense-in-depth strategy across all application layers"
argument-hint: "<target description> [--depth quick|standard|comprehensive] [--compliance owasp,soc2,gdpr,hipaa,pci-dss]"
---
[Extended thinking: This workflow implements a defense-in-depth security strategy across all application layers. It coordinates specialized security agents to perform comprehensive assessments, implement layered security controls, and establish continuous security monitoring. The approach follows modern DevSecOps principles with shift-left security, automated scanning, and compliance validation. Each phase builds upon previous findings to create a resilient security posture that addresses both current vulnerabilities and future threats.] # Security Hardening Orchestrator
## Phase 1: Comprehensive Security Assessment ## CRITICAL BEHAVIORAL RULES
### 1. Initial Vulnerability Scanning You MUST follow these rules exactly. Violating any of them is a failure.
- Use Task tool with subagent_type="security-auditor" 1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
- Prompt: "Perform comprehensive security assessment on: $ARGUMENTS. Execute SAST analysis with Semgrep/SonarQube, DAST scanning with OWASP ZAP, dependency audit with Snyk/Trivy, secrets detection with GitLeaks/TruffleHog. Generate SBOM for supply chain analysis. Identify OWASP Top 10 vulnerabilities, CWE weaknesses, and CVE exposures." 2. **Write output files.** Each step MUST produce its output file in `.security-hardening/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
- Output: Detailed vulnerability report with CVSS scores, exploitability analysis, attack surface mapping, secrets exposure report, SBOM inventory 3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
- Context: Initial baseline for all remediation efforts 4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
### 2. Threat Modeling and Risk Analysis ## Pre-flight Checks
- Use Task tool with subagent_type="security-auditor" Before starting, perform these checks:
- Prompt: "Conduct threat modeling using STRIDE methodology for: $ARGUMENTS. Analyze attack vectors, create attack trees, assess business impact of identified vulnerabilities. Map threats to MITRE ATT&CK framework. Prioritize risks based on likelihood and impact."
- Output: Threat model diagrams, risk matrix with prioritized vulnerabilities, attack scenario documentation, business impact analysis
- Context: Uses vulnerability scan results to inform threat priorities
### 3. Architecture Security Review ### 1. Check for existing session
- Use Task tool with subagent_type="backend-api-security::backend-architect" Check if `.security-hardening/state.json` exists:
- Prompt: "Review architecture for security weaknesses in: $ARGUMENTS. Evaluate service boundaries, data flow security, authentication/authorization architecture, encryption implementation, network segmentation. Design zero-trust architecture patterns. Reference threat model and vulnerability findings."
- Output: Security architecture assessment, zero-trust design recommendations, service mesh security requirements, data classification matrix
- Context: Incorporates threat model to address architectural vulnerabilities
## Phase 2: Vulnerability Remediation - If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
### 4. Critical Vulnerability Fixes ```
Found an in-progress security hardening session:
Target: [target from state]
Current step: [step from state]
- Use Task tool with subagent_type="security-auditor" 1. Resume from where we left off
- Prompt: "Coordinate immediate remediation of critical vulnerabilities (CVSS 7+) in: $ARGUMENTS. Fix SQL injections with parameterized queries, XSS with output encoding, authentication bypasses with secure session management, insecure deserialization with input validation. Apply security patches for CVEs." 2. Start fresh (archives existing session)
- Output: Patched code with vulnerability fixes, security patch documentation, regression test requirements ```
- Context: Addresses high-priority items from vulnerability assessment
### 5. Backend Security Hardening - If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
- Use Task tool with subagent_type="backend-api-security::backend-security-coder" ### 2. Initialize state
- Prompt: "Implement comprehensive backend security controls for: $ARGUMENTS. Add input validation with OWASP ESAPI, implement rate limiting and DDoS protection, secure API endpoints with OAuth2/JWT validation, add encryption for data at rest/transit using AES-256/TLS 1.3. Implement secure logging without PII exposure."
- Output: Hardened API endpoints, validation middleware, encryption implementation, secure configuration templates
- Context: Builds upon vulnerability fixes with preventive controls
### 6. Frontend Security Implementation Create `.security-hardening/` directory and `state.json`:
- Use Task tool with subagent_type="frontend-mobile-security::frontend-security-coder" ```json
- Prompt: "Implement frontend security measures for: $ARGUMENTS. Configure CSP headers with nonce-based policies, implement XSS prevention with DOMPurify, secure authentication flows with PKCE OAuth2, add SRI for external resources, implement secure cookie handling with SameSite/HttpOnly/Secure flags." {
- Output: Secure frontend components, CSP policy configuration, authentication flow implementation, security headers configuration "target": "$ARGUMENTS",
- Context: Complements backend security with client-side protections "status": "in_progress",
"depth": "comprehensive",
"compliance_frameworks": ["owasp"],
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
### 7. Mobile Security Hardening Parse `$ARGUMENTS` for `--depth` and `--compliance` flags. Use defaults if not specified.
- Use Task tool with subagent_type="frontend-mobile-security::mobile-security-coder" ### 3. Parse target description
- Prompt: "Implement mobile app security for: $ARGUMENTS. Add certificate pinning, implement biometric authentication, secure local storage with encryption, obfuscate code with ProGuard/R8, implement anti-tampering and root/jailbreak detection, secure IPC communications."
- Output: Hardened mobile application, security configuration files, obfuscation rules, certificate pinning implementation
- Context: Extends security to mobile platforms if applicable
## Phase 3: Security Controls Implementation Extract the target description from `$ARGUMENTS` (everything before the flags). This is referenced as `$TARGET` in prompts below.
### 8. Authentication and Authorization Enhancement ---
- Use Task tool with subagent_type="security-auditor" ## Phase 1: Assessment & Threat Modeling (Steps 13)
- Prompt: "Implement modern authentication system for: $ARGUMENTS. Deploy OAuth2/OIDC with PKCE, implement MFA with TOTP/WebAuthn/FIDO2, add risk-based authentication, implement RBAC/ABAC with principle of least privilege, add session management with secure token rotation."
- Output: Authentication service configuration, MFA implementation, authorization policies, session management system
- Context: Strengthens access controls based on architecture review
### 9. Infrastructure Security Controls ### Step 1: Vulnerability Scanning
- Use Task tool with subagent_type="deployment-strategies::deployment-engineer" Use the Task tool to launch the security auditor agent:
- Prompt: "Deploy infrastructure security controls for: $ARGUMENTS. Configure WAF rules for OWASP protection, implement network segmentation with micro-segmentation, deploy IDS/IPS systems, configure cloud security groups and NACLs, implement DDoS protection with rate limiting and geo-blocking."
- Output: WAF configuration, network security policies, IDS/IPS rules, cloud security configurations
- Context: Implements network-level defenses
### 10. Secrets Management Implementation ```
Task:
subagent_type: "security-auditor"
description: "Comprehensive vulnerability scan of $TARGET"
prompt: |
Perform a comprehensive security assessment on: $TARGET.
- Use Task tool with subagent_type="deployment-strategies::deployment-engineer" ## Instructions
- Prompt: "Implement enterprise secrets management for: $ARGUMENTS. Deploy HashiCorp Vault or AWS Secrets Manager, implement secret rotation policies, remove hardcoded secrets, configure least-privilege IAM roles, implement encryption key management with HSM support." 1. Execute SAST analysis (Semgrep/SonarQube patterns)
- Output: Secrets management configuration, rotation policies, IAM role definitions, key management procedures 2. Identify DAST scanning targets (OWASP ZAP patterns)
- Context: Eliminates secrets exposure vulnerabilities 3. Perform dependency audit (Snyk/Trivy patterns)
4. Run secrets detection (GitLeaks/TruffleHog patterns)
5. Generate SBOM for supply chain analysis
6. Identify OWASP Top 10 vulnerabilities, CWE weaknesses, and CVE exposures
7. Assign CVSS scores to all findings
## Phase 4: Validation and Compliance Provide a detailed vulnerability report with: CVSS scores, exploitability analysis,
attack surface mapping, secrets exposure report, and SBOM inventory.
```
### 11. Penetration Testing and Validation Save the agent's output to `.security-hardening/01-vulnerability-scan.md`.
- Use Task tool with subagent_type="security-auditor" Update `state.json`: set `current_step` to 2, add step 1 to `completed_steps`.
- Prompt: "Execute comprehensive penetration testing for: $ARGUMENTS. Perform authenticated and unauthenticated testing, API security testing, business logic testing, privilege escalation attempts. Use Burp Suite, Metasploit, and custom exploits. Validate all security controls effectiveness."
- Output: Penetration test report, proof-of-concept exploits, remediation validation, security control effectiveness metrics
- Context: Validates all implemented security measures
### 12. Compliance and Standards Verification ### Step 2: Threat Modeling & Risk Analysis
- Use Task tool with subagent_type="security-auditor" Read `.security-hardening/01-vulnerability-scan.md` to load vulnerability context.
- Prompt: "Verify compliance with security frameworks for: $ARGUMENTS. Validate against OWASP ASVS Level 2, CIS Benchmarks, SOC2 Type II requirements, GDPR/CCPA privacy controls, HIPAA/PCI-DSS if applicable. Generate compliance attestation reports."
- Output: Compliance assessment report, gap analysis, remediation requirements, audit evidence collection
- Context: Ensures regulatory and industry standard compliance
### 13. Security Monitoring and SIEM Integration Use the Task tool to launch the threat modeling expert:
- Use Task tool with subagent_type="incident-response::devops-troubleshooter" ```
- Prompt: "Implement security monitoring and SIEM for: $ARGUMENTS. Deploy Splunk/ELK/Sentinel integration, configure security event correlation, implement behavioral analytics for anomaly detection, set up automated incident response playbooks, create security dashboards and alerting." Task:
- Output: SIEM configuration, correlation rules, incident response playbooks, security dashboards, alert definitions subagent_type: "threat-modeling-expert"
- Context: Establishes continuous security monitoring description: "Threat modeling and risk analysis for $TARGET"
prompt: |
Conduct threat modeling using STRIDE methodology for: $TARGET.
## Configuration Options ## Vulnerability Context
[Insert full contents of .security-hardening/01-vulnerability-scan.md]
- scanning_depth: "quick" | "standard" | "comprehensive" (default: comprehensive) ## Instructions
- compliance_frameworks: ["OWASP", "CIS", "SOC2", "GDPR", "HIPAA", "PCI-DSS"] 1. Analyze attack vectors and create attack trees
- remediation_priority: "cvss_score" | "exploitability" | "business_impact" 2. Assess business impact of identified vulnerabilities
- monitoring_integration: "splunk" | "elastic" | "sentinel" | "custom" 3. Map threats to MITRE ATT&CK framework
- authentication_methods: ["oauth2", "saml", "mfa", "biometric", "passwordless"] 4. Prioritize risks based on likelihood and impact
5. Use vulnerability scan results to inform threat priorities
Provide: threat model diagrams, risk matrix with prioritized vulnerabilities,
attack scenario documentation, and business impact analysis.
```
Save the agent's output to `.security-hardening/02-threat-model.md`.
Update `state.json`: set `current_step` to 3, add step 2 to `completed_steps`.
### Step 3: Architecture Security Review
Read `.security-hardening/01-vulnerability-scan.md` and `.security-hardening/02-threat-model.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Architecture security review for $TARGET"
prompt: |
You are a backend security architect. Review the architecture for security weaknesses in: $TARGET.
## Vulnerability Scan Results
[Insert contents of .security-hardening/01-vulnerability-scan.md]
## Threat Model
[Insert contents of .security-hardening/02-threat-model.md]
## Instructions
1. Evaluate service boundaries, data flow security, authentication/authorization architecture
2. Review encryption implementation and network segmentation
3. Design zero-trust architecture patterns where applicable
4. Create a data classification matrix
5. Reference the threat model and vulnerability findings in your recommendations
Provide: security architecture assessment, zero-trust design recommendations,
service mesh security requirements, and data classification matrix.
```
Save the agent's output to `.security-hardening/03-architecture-review.md`.
Update `state.json`: set `current_step` to "checkpoint-1", add step 3 to `completed_steps`.
---
## PHASE CHECKPOINT 1 — User Approval Required
You MUST stop here and present the assessment results for review.
Display a summary of findings from `.security-hardening/01-vulnerability-scan.md`, `.security-hardening/02-threat-model.md`, and `.security-hardening/03-architecture-review.md` (critical vulnerabilities count, top threats, key architecture concerns) and ask:
```
Security assessment complete. Please review:
- .security-hardening/01-vulnerability-scan.md
- .security-hardening/02-threat-model.md
- .security-hardening/03-architecture-review.md
Critical vulnerabilities: [count]
High-risk threats: [count]
Architecture concerns: [count]
1. Approve — proceed to vulnerability remediation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise and re-checkpoint. If option 3, update `state.json` status and stop.
---
## Phase 2: Vulnerability Remediation (Steps 47)
### Step 4: Critical Vulnerability Fixes
Read `.security-hardening/01-vulnerability-scan.md` and `.security-hardening/02-threat-model.md`.
Use the Task tool:
```
Task:
subagent_type: "security-auditor"
description: "Remediate critical vulnerabilities for $TARGET"
prompt: |
Coordinate immediate remediation of critical vulnerabilities (CVSS 7+) in: $TARGET.
## Vulnerability Scan Results
[Insert contents of .security-hardening/01-vulnerability-scan.md]
## Threat Model
[Insert contents of .security-hardening/02-threat-model.md]
## Instructions
1. Fix SQL injections with parameterized queries
2. Fix XSS with output encoding
3. Fix authentication bypasses with secure session management
4. Fix insecure deserialization with input validation
5. Apply security patches for known CVEs
6. Document all changes and regression test requirements
Provide: patched code with vulnerability fixes, security patch documentation,
and regression test requirements.
```
Save the agent's output to `.security-hardening/04-critical-fixes.md`.
Update `state.json`: set `current_step` to 5, add step 4 to `completed_steps`.
### Step 5: Backend Security Hardening
Read `.security-hardening/03-architecture-review.md` and `.security-hardening/04-critical-fixes.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Backend security hardening for $TARGET"
prompt: |
You are a backend security engineer. Implement comprehensive backend security controls for: $TARGET.
## Architecture Review
[Insert contents of .security-hardening/03-architecture-review.md]
## Critical Fixes Applied
[Insert contents of .security-hardening/04-critical-fixes.md]
## Instructions
1. Add input validation with OWASP ESAPI patterns
2. Implement rate limiting and DDoS protection
3. Secure API endpoints with OAuth2/JWT validation
4. Add encryption for data at rest/transit using AES-256/TLS 1.3
5. Implement secure logging without PII exposure
6. Build upon the critical fixes already applied
Provide: hardened API endpoints, validation middleware, encryption implementation,
and secure configuration templates.
```
Save the agent's output to `.security-hardening/05-backend-hardening.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Frontend Security Implementation
Read `.security-hardening/03-architecture-review.md` and `.security-hardening/05-backend-hardening.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Frontend security implementation for $TARGET"
prompt: |
You are a frontend security engineer. Implement frontend security measures for: $TARGET.
## Architecture Review
[Insert contents of .security-hardening/03-architecture-review.md]
## Backend Hardening
[Insert contents of .security-hardening/05-backend-hardening.md]
## Instructions
1. Configure CSP headers with nonce-based policies
2. Implement XSS prevention with DOMPurify
3. Secure authentication flows with PKCE OAuth2
4. Add SRI for external resources
5. Implement secure cookie handling with SameSite/HttpOnly/Secure flags
6. Complement backend security with client-side protections
Provide: secure frontend components, CSP policy configuration,
authentication flow implementation, and security headers configuration.
```
Save the agent's output to `.security-hardening/06-frontend-hardening.md`.
**Note:** If the target has no frontend component (pure backend/API), skip this step — write a brief note in `06-frontend-hardening.md` explaining why it was skipped, and continue.
Update `state.json`: set `current_step` to 7, add step 6 to `completed_steps`.
### Step 7: Mobile Security Hardening
Read `.security-hardening/03-architecture-review.md` and `.security-hardening/05-backend-hardening.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Mobile security hardening for $TARGET"
prompt: |
You are a mobile security engineer. Implement mobile app security for: $TARGET.
## Architecture Review
[Insert contents of .security-hardening/03-architecture-review.md]
## Backend Hardening
[Insert contents of .security-hardening/05-backend-hardening.md]
## Instructions
1. Add certificate pinning
2. Implement biometric authentication
3. Secure local storage with encryption
4. Obfuscate code with ProGuard/R8
5. Implement anti-tampering and root/jailbreak detection
6. Secure IPC communications
Provide: hardened mobile application configuration, security configuration files,
obfuscation rules, and certificate pinning implementation.
```
Save the agent's output to `.security-hardening/07-mobile-hardening.md`.
**Note:** If the target has no mobile component, skip this step — write a brief note in `07-mobile-hardening.md` explaining why it was skipped, and continue.
Update `state.json`: set `current_step` to "checkpoint-2", add step 7 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display a summary of all remediation work from steps 47 and ask:
```
Vulnerability remediation complete. Please review:
- .security-hardening/04-critical-fixes.md
- .security-hardening/05-backend-hardening.md
- .security-hardening/06-frontend-hardening.md
- .security-hardening/07-mobile-hardening.md
Critical fixes applied: [count]
Backend controls added: [summary]
Frontend controls added: [summary]
Mobile controls added: [summary]
1. Approve — proceed to security controls & validation
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 3 until the user approves.
---
## Phase 3: Security Controls & Infrastructure (Steps 810)
### Step 8: Authentication & Authorization Enhancement
Read `.security-hardening/03-architecture-review.md` and `.security-hardening/05-backend-hardening.md`.
Use the Task tool:
```
Task:
subagent_type: "security-auditor"
description: "Enhance authentication and authorization for $TARGET"
prompt: |
Implement a modern authentication system for: $TARGET.
## Architecture Review
[Insert contents of .security-hardening/03-architecture-review.md]
## Backend Hardening
[Insert contents of .security-hardening/05-backend-hardening.md]
## Instructions
1. Deploy OAuth2/OIDC with PKCE
2. Implement MFA with TOTP/WebAuthn/FIDO2
3. Add risk-based authentication
4. Implement RBAC/ABAC with principle of least privilege
5. Add session management with secure token rotation
6. Strengthen access controls based on architecture review
Provide: authentication service configuration, MFA implementation,
authorization policies, and session management system.
```
Save the agent's output to `.security-hardening/08-auth-enhancement.md`.
Update `state.json`: set `current_step` to 9, add step 8 to `completed_steps`.
### Step 9: Infrastructure Security Controls
Read `.security-hardening/03-architecture-review.md` and `.security-hardening/08-auth-enhancement.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Deploy infrastructure security controls for $TARGET"
prompt: |
You are an infrastructure security engineer. Deploy infrastructure security controls for: $TARGET.
## Architecture Review
[Insert contents of .security-hardening/03-architecture-review.md]
## Auth Enhancement
[Insert contents of .security-hardening/08-auth-enhancement.md]
## Instructions
1. Configure WAF rules for OWASP protection
2. Implement network segmentation with micro-segmentation
3. Deploy IDS/IPS systems
4. Configure cloud security groups and NACLs
5. Implement DDoS protection with rate limiting and geo-blocking
Provide: WAF configuration, network security policies, IDS/IPS rules,
and cloud security configurations.
```
Save the agent's output to `.security-hardening/09-infra-security.md`.
Update `state.json`: set `current_step` to 10, add step 9 to `completed_steps`.
### Step 10: Secrets Management Implementation
Read `.security-hardening/01-vulnerability-scan.md` and `.security-hardening/09-infra-security.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement secrets management for $TARGET"
prompt: |
You are a DevOps security engineer. Implement enterprise secrets management for: $TARGET.
## Vulnerability Scan Results
[Insert contents of .security-hardening/01-vulnerability-scan.md]
## Infrastructure Security
[Insert contents of .security-hardening/09-infra-security.md]
## Instructions
1. Deploy HashiCorp Vault or AWS Secrets Manager configuration
2. Implement secret rotation policies
3. Remove hardcoded secrets
4. Configure least-privilege IAM roles
5. Implement encryption key management with HSM support
Provide: secrets management configuration, rotation policies,
IAM role definitions, and key management procedures.
```
Save the agent's output to `.security-hardening/10-secrets-management.md`.
Update `state.json`: set `current_step` to "checkpoint-3", add step 10 to `completed_steps`.
---
## PHASE CHECKPOINT 3 — User Approval Required
Display a summary of security controls from steps 810 and ask:
```
Security controls implementation complete. Please review:
- .security-hardening/08-auth-enhancement.md
- .security-hardening/09-infra-security.md
- .security-hardening/10-secrets-management.md
Auth controls: [summary]
Infrastructure controls: [summary]
Secrets management: [summary]
1. Approve — proceed to validation & compliance
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
Do NOT proceed to Phase 4 until the user approves.
---
## Phase 4: Validation & Compliance (Steps 1113)
### Step 11: Penetration Testing & Validation
Read `.security-hardening/04-critical-fixes.md`, `.security-hardening/05-backend-hardening.md`, and `.security-hardening/08-auth-enhancement.md`.
Use the Task tool:
```
Task:
subagent_type: "security-auditor"
description: "Penetration testing and validation for $TARGET"
prompt: |
Execute comprehensive penetration testing for: $TARGET.
## Critical Fixes Applied
[Insert contents of .security-hardening/04-critical-fixes.md]
## Backend Hardening
[Insert contents of .security-hardening/05-backend-hardening.md]
## Auth Enhancement
[Insert contents of .security-hardening/08-auth-enhancement.md]
## Instructions
1. Perform authenticated and unauthenticated testing
2. Execute API security testing
3. Test business logic vulnerabilities
4. Attempt privilege escalation
5. Validate all security controls effectiveness
6. Use Burp Suite, Metasploit, and custom exploit patterns
Provide: penetration test report, proof-of-concept exploits,
remediation validation, and security control effectiveness metrics.
```
Save the agent's output to `.security-hardening/11-pentest-results.md`.
Update `state.json`: set `current_step` to 12, add step 11 to `completed_steps`.
### Step 12: Compliance & Standards Verification
Read `.security-hardening/11-pentest-results.md`.
Use the Task tool:
```
Task:
subagent_type: "security-auditor"
description: "Compliance verification for $TARGET"
prompt: |
Verify compliance with security frameworks for: $TARGET.
## Penetration Test Results
[Insert contents of .security-hardening/11-pentest-results.md]
## Compliance Frameworks to Validate
[Insert compliance_frameworks from state.json — default: OWASP]
## Instructions
1. Validate against OWASP ASVS Level 2
2. Validate against CIS Benchmarks
3. Check SOC2 Type II requirements if applicable
4. Verify GDPR/CCPA privacy controls if applicable
5. Check HIPAA/PCI-DSS requirements if applicable
6. Generate compliance attestation reports
Provide: compliance assessment report, gap analysis,
remediation requirements, and audit evidence collection.
```
Save the agent's output to `.security-hardening/12-compliance-report.md`.
Update `state.json`: set `current_step` to 13, add step 12 to `completed_steps`.
### Step 13: Security Monitoring & SIEM Integration
Read `.security-hardening/09-infra-security.md` and `.security-hardening/12-compliance-report.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement security monitoring and SIEM for $TARGET"
prompt: |
You are a security operations engineer specializing in SIEM and incident response.
Implement security monitoring and SIEM integration for: $TARGET.
## Infrastructure Security
[Insert contents of .security-hardening/09-infra-security.md]
## Compliance Report
[Insert contents of .security-hardening/12-compliance-report.md]
## Instructions
1. Deploy SIEM integration (Splunk/ELK/Sentinel configuration)
2. Configure security event correlation rules
3. Implement behavioral analytics for anomaly detection
4. Set up automated incident response playbooks
5. Create security dashboards and alerting
6. Ensure monitoring covers compliance requirements
Provide: SIEM configuration, correlation rules, incident response playbooks,
security dashboards, and alert definitions.
```
Save the agent's output to `.security-hardening/13-monitoring-siem.md`.
Update `state.json`: set `current_step` to "complete", add step 13 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
Security hardening complete: $TARGET
## Output Files
- .security-hardening/01-vulnerability-scan.md
- .security-hardening/02-threat-model.md
- .security-hardening/03-architecture-review.md
- .security-hardening/04-critical-fixes.md
- .security-hardening/05-backend-hardening.md
- .security-hardening/06-frontend-hardening.md
- .security-hardening/07-mobile-hardening.md
- .security-hardening/08-auth-enhancement.md
- .security-hardening/09-infra-security.md
- .security-hardening/10-secrets-management.md
- .security-hardening/11-pentest-results.md
- .security-hardening/12-compliance-report.md
- .security-hardening/13-monitoring-siem.md
## Summary by Phase
- **Assessment**: [vulnerability count] vulnerabilities found, [threat count] threats modeled
- **Remediation**: [fix count] critical fixes applied, backend/frontend/mobile hardened
- **Controls**: Auth enhanced, infrastructure secured, secrets managed
- **Validation**: Pentest [pass/fail], compliance [frameworks validated]
## Success Criteria ## Success Criteria
- [ ] All critical vulnerabilities (CVSS 7+) remediated
- [ ] OWASP Top 10 vulnerabilities addressed
- [ ] Zero high-risk findings in penetration testing
- [ ] Compliance frameworks validation passed
- [ ] Security monitoring detecting and alerting on threats
- [ ] All secrets managed through secure vault
- [ ] Authentication implements MFA and secure session management
- [ ] Security tests integrated into CI/CD pipeline
- All critical vulnerabilities (CVSS 7+) remediated ## Next Steps
- OWASP Top 10 vulnerabilities addressed 1. Review all generated security artifacts
- Zero high-risk findings in penetration testing 2. Run the full security test suite to verify controls
- Compliance frameworks validation passed 3. Deploy monitoring configuration to production
- Security monitoring detecting and alerting on threats 4. Schedule regular security reviews
- Incident response time < 15 minutes for critical alerts ```
- SBOM generated and vulnerabilities tracked
- All secrets managed through secure vault
- Authentication implements MFA and secure session management
- Security tests integrated into CI/CD pipeline
## Coordination Notes
- Each phase provides detailed findings that inform subsequent phases
- Security-auditor agent coordinates with domain-specific agents for fixes
- All code changes undergo security review before implementation
- Continuous feedback loop between assessment and remediation
- Security findings tracked in centralized vulnerability management system
- Regular security reviews scheduled post-implementation
Security hardening target: $ARGUMENTS

10
plugins/seo-analysis-monitoring/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "seo-analysis-monitoring",
"version": "1.2.0",
"description": "Content freshness analysis, cannibalization detection, and authority building for SEO",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/seo-content-creation/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "seo-content-creation",
"version": "1.2.0",
"description": "SEO content writing, planning, and quality auditing with E-E-A-T optimization",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/seo-technical-optimization/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "seo-technical-optimization",
"version": "1.2.0",
"description": "Technical SEO optimization including meta tags, keywords, structure, and featured snippets",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/shell-scripting/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "shell-scripting",
"version": "1.2.1",
"description": "Production-grade Bash scripting with defensive programming, POSIX compliance, and comprehensive testing",
"author": {
"name": "Ryan Snodgrass",
"url": "https://github.com/rsnodgrass"
},
"license": "MIT"
}

4
plugins/startup-business-analyst/.claude-plugin/plugin.json
View File

@@ -1,8 +1,10 @@
{ {
"name": "startup-business-analyst", "name": "startup-business-analyst",
"description": "Comprehensive startup business analysis with market sizing (TAM/SAM/SOM), financial modeling, team planning, and strategic research", "description": "Comprehensive startup business analysis with market sizing (TAM/SAM/SOM), financial modeling, team planning, and strategic research",
"version": "1.0.4",
"author": { "author": {
"name": "Seth Hobson", "name": "Seth Hobson",
"email": "seth@major7apps.com" "email": "seth@major7apps.com"
} },
"license": "MIT"
} }

10
plugins/systems-programming/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "systems-programming",
"version": "1.2.1",
"description": "Systems programming with Rust, Go, C, and C++ for performance-critical and low-level development",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/tdd-workflows/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "tdd-workflows",
"version": "1.3.0",
"description": "Test-driven development methodology with red-green-refactor cycles and code review",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

701
plugins/tdd-workflows/commands/tdd-cycle.md
View File

@@ -1,12 +1,74 @@
Execute a comprehensive Test-Driven Development (TDD) workflow with strict red-green-refactor discipline: ---
description: "Execute a comprehensive TDD workflow with strict red-green-refactor discipline"
argument-hint: "<feature or module to implement> [--incremental|--suite] [--coverage 80]"
---
[Extended thinking: This workflow enforces test-first development through coordinated agent orchestration. Each phase of the TDD cycle is strictly enforced with fail-first verification, incremental implementation, and continuous refactoring. The workflow supports both single test and test suite approaches with configurable coverage thresholds.] # TDD Cycle Orchestrator
## CRITICAL BEHAVIORAL RULES
You MUST follow these rules exactly. Violating any of them is a failure.
1. **Execute steps in order.** Do NOT skip ahead, reorder, or merge steps.
2. **Write output files.** Each step MUST produce its output file in `.tdd-cycle/` before the next step begins. Read from prior step files — do NOT rely on context window memory.
3. **Stop at checkpoints.** When you reach a `PHASE CHECKPOINT`, you MUST stop and wait for explicit user approval before continuing. Use the AskUserQuestion tool with clear options.
4. **Halt on failure.** If any step fails (agent error, test failure, missing dependency), STOP immediately. Present the error and ask the user how to proceed. Do NOT silently continue.
5. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
6. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. This command IS the plan — execute it.
## Pre-flight Checks
Before starting, perform these checks:
### 1. Check for existing session
Check if `.tdd-cycle/state.json` exists:
- If it exists and `status` is `"in_progress"`: Read it, display the current step, and ask the user:
```
Found an in-progress TDD cycle session:
Feature: [name from state]
Current step: [step from state]
1. Resume from where we left off
2. Start fresh (archives existing session)
```
- If it exists and `status` is `"complete"`: Ask whether to archive and start fresh.
### 2. Initialize state
Create `.tdd-cycle/` directory and `state.json`:
```json
{
"feature": "$ARGUMENTS",
"status": "in_progress",
"mode": "suite",
"coverage_target": 80,
"current_step": 1,
"current_phase": 1,
"completed_steps": [],
"files_created": [],
"started_at": "ISO_TIMESTAMP",
"last_updated": "ISO_TIMESTAMP"
}
```
Parse `$ARGUMENTS` for `--incremental`, `--suite`, and `--coverage` flags. Use defaults if not specified (mode: suite, coverage: 80).
### 3. Parse feature description
Extract the feature description from `$ARGUMENTS` (everything before the flags). This is referenced as `$FEATURE` in prompts below.
---
## Configuration ## Configuration
### Coverage Thresholds ### Coverage Thresholds
- Minimum line coverage: 80% - Minimum line coverage: parsed from `--coverage` flag (default 80%)
- Minimum branch coverage: 75% - Minimum branch coverage: 75%
- Critical path coverage: 100% - Critical path coverage: 100%
@@ -17,125 +79,543 @@ Execute a comprehensive Test-Driven Development (TDD) workflow with strict red-g
- Class length > 200 lines - Class length > 200 lines
- Duplicate code blocks > 3 lines - Duplicate code blocks > 3 lines
## Phase 1: Test Specification and Design ---
### 1. Requirements Analysis ## Phase 1: Test Specification and Design (Steps 1-2)
- Use Task tool with subagent_type="comprehensive-review::architect-review" ### Step 1: Requirements Analysis
- Prompt: "Analyze requirements for: $ARGUMENTS. Define acceptance criteria, identify edge cases, and create test scenarios. Output a comprehensive test specification."
- Output: Test specification, acceptance criteria, edge case matrix
- Validation: Ensure all requirements have corresponding test scenarios
### 2. Test Architecture Design Use the Task tool to analyze requirements:
- Use Task tool with subagent_type="unit-testing::test-automator" ```
- Prompt: "Design test architecture for: $ARGUMENTS based on test specification. Define test structure, fixtures, mocks, and test data strategy. Ensure testability and maintainability." Task:
- Output: Test architecture, fixture design, mock strategy subagent_type: "general-purpose"
- Validation: Architecture supports isolated, fast, reliable tests description: "Analyze requirements for TDD: $FEATURE"
prompt: |
You are a software architect specializing in test-driven development.
## Phase 2: RED - Write Failing Tests Analyze requirements for: $FEATURE
### 3. Write Unit Tests (Failing) ## Deliverables
1. Define acceptance criteria with clear pass/fail conditions
2. Identify edge cases (null/empty, boundary values, error states, concurrent access)
3. Create a comprehensive test scenario matrix mapping requirements to test cases
4. Categorize tests: unit, integration, contract, property-based
5. Identify external dependencies that will need mocking
- Use Task tool with subagent_type="unit-testing::test-automator" Write your complete analysis as a single markdown document.
- Prompt: "Write FAILING unit tests for: $ARGUMENTS. Tests must fail initially. Include edge cases, error scenarios, and happy paths. DO NOT implement production code." ```
- Output: Failing unit tests, test documentation
- **CRITICAL**: Verify all tests fail with expected error messages
### 4. Verify Test Failure Save the agent's output to `.tdd-cycle/01-requirements.md`.
- Use Task tool with subagent_type="tdd-workflows::code-reviewer" Update `state.json`: set `current_step` to 2, add `"01-requirements.md"` to `files_created`, add step 1 to `completed_steps`.
- Prompt: "Verify that all tests for: $ARGUMENTS are failing correctly. Ensure failures are for the right reasons (missing implementation, not test errors). Confirm no false positives."
- Output: Test failure verification report
- **GATE**: Do not proceed until all tests fail appropriately
## Phase 3: GREEN - Make Tests Pass ### Step 2: Test Architecture Design
### 5. Minimal Implementation Read `.tdd-cycle/01-requirements.md` to load requirements context.
- Use Task tool with subagent_type="backend-development::backend-architect" Use the Task tool to design test architecture:
- Prompt: "Implement MINIMAL code to make tests pass for: $ARGUMENTS. Focus only on making tests green. Do not add extra features or optimizations. Keep it simple."
- Output: Minimal working implementation
- Constraint: No code beyond what's needed to pass tests
### 6. Verify Test Success ```
Task:
subagent_type: "general-purpose"
description: "Design test architecture for $FEATURE"
prompt: |
You are a test automation expert specializing in test architecture and TDD workflows.
- Use Task tool with subagent_type="unit-testing::test-automator" Design test architecture for: $FEATURE
- Prompt: "Run all tests for: $ARGUMENTS and verify they pass. Check test coverage metrics. Ensure no tests were accidentally broken."
- Output: Test execution report, coverage metrics
- **GATE**: All tests must pass before proceeding
## Phase 4: REFACTOR - Improve Code Quality ## Requirements
[Insert full contents of .tdd-cycle/01-requirements.md]
### 7. Code Refactoring ## Deliverables
1. Test structure and organization (directory layout, naming conventions)
2. Fixture design (shared setup, teardown, test data factories)
3. Mock/stub strategy (what to mock, what to use real implementations for)
4. Test data strategy (generators, factories, edge case data sets)
5. Test execution order and parallelization plan
6. Framework-specific configuration (matching project's existing test framework)
- Use Task tool with subagent_type="tdd-workflows::code-reviewer" Ensure architecture supports isolated, fast, reliable tests.
- Prompt: "Refactor implementation for: $ARGUMENTS while keeping tests green. Apply SOLID principles, remove duplication, improve naming, and optimize performance. Run tests after each refactoring." Write your complete design as a single markdown document.
- Output: Refactored code, refactoring report ```
- Constraint: Tests must remain green throughout
### 8. Test Refactoring Save the agent's output to `.tdd-cycle/02-test-architecture.md`.
- Use Task tool with subagent_type="unit-testing::test-automator" Update `state.json`: set `current_step` to "checkpoint-1", add step 2 to `completed_steps`.
- Prompt: "Refactor tests for: $ARGUMENTS. Remove test duplication, improve test names, extract common fixtures, and enhance test readability. Ensure tests still provide same coverage."
- Output: Refactored tests, improved test structure
- Validation: Coverage metrics unchanged or improved
## Phase 5: Integration and System Tests ---
### 9. Write Integration Tests (Failing First) ## PHASE CHECKPOINT 1 — User Approval Required
- Use Task tool with subagent_type="unit-testing::test-automator" You MUST stop here and present the test specification and architecture for review.
- Prompt: "Write FAILING integration tests for: $ARGUMENTS. Test component interactions, API contracts, and data flow. Tests must fail initially."
- Output: Failing integration tests
- Validation: Tests fail due to missing integration logic
### 10. Implement Integration Display a summary of the requirements analysis from `.tdd-cycle/01-requirements.md` and test architecture from `.tdd-cycle/02-test-architecture.md` (key test scenarios, architecture decisions, mock strategy) and ask:
- Use Task tool with subagent_type="backend-development::backend-architect" ```
- Prompt: "Implement integration code for: $ARGUMENTS to make integration tests pass. Focus on component interaction and data flow." Test specification and architecture complete. Please review:
- Output: Integration implementation - .tdd-cycle/01-requirements.md
- Validation: All integration tests pass - .tdd-cycle/02-test-architecture.md
## Phase 6: Continuous Improvement Cycle 1. Approve — proceed to RED phase (write failing tests)
2. Request changes — tell me what to adjust
3. Pause — save progress and stop here
```
### 11. Performance and Edge Case Tests Do NOT proceed to Phase 2 until the user selects option 1. If they select option 2, revise and re-checkpoint. If option 3, update `state.json` status and stop.
- Use Task tool with subagent_type="unit-testing::test-automator" ---
- Prompt: "Add performance tests and additional edge case tests for: $ARGUMENTS. Include stress tests, boundary tests, and error recovery tests."
- Output: Extended test suite
- Metric: Increased test coverage and scenario coverage
### 12. Final Code Review ## Phase 2: RED — Write Failing Tests (Steps 3-4)
- Use Task tool with subagent_type="comprehensive-review::architect-review" ### Step 3: Write Unit Tests (Failing)
- Prompt: "Perform comprehensive review of: $ARGUMENTS. Verify TDD process was followed, check code quality, test quality, and coverage. Suggest improvements."
- Output: Review report, improvement suggestions Read `.tdd-cycle/01-requirements.md` and `.tdd-cycle/02-test-architecture.md`.
- Action: Implement critical suggestions while maintaining green tests
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Write failing unit tests for $FEATURE"
prompt: |
You are a test automation expert specializing in TDD red phase.
Write FAILING unit tests for: $FEATURE
## Requirements
[Insert contents of .tdd-cycle/01-requirements.md]
## Test Architecture
[Insert contents of .tdd-cycle/02-test-architecture.md]
## Instructions
1. Tests must fail initially — DO NOT implement production code
2. Include edge cases, error scenarios, and happy paths
3. Use the project's existing test framework and conventions
4. Follow Arrange-Act-Assert pattern
5. Use descriptive test names (should_X_when_Y)
6. Ensure failures are for the RIGHT reasons (missing implementation, not syntax errors)
Write all test files. Report what test files were created and what they cover.
```
Save a summary to `.tdd-cycle/03-failing-tests.md` (list of test files, test count, coverage areas).
Update `state.json`: set `current_step` to 4, add step 3 to `completed_steps`.
### Step 4: Verify Test Failure
Use the Task tool with the local code-reviewer agent:
```
Task:
subagent_type: "code-reviewer"
description: "Verify tests fail correctly for $FEATURE"
prompt: |
Verify that all tests for: $FEATURE are failing correctly.
## Failing Tests
[Insert contents of .tdd-cycle/03-failing-tests.md]
## Instructions
1. Run the test suite and confirm all new tests fail
2. Ensure failures are for the right reasons (missing implementation, not test errors)
3. Confirm no false positives (tests that accidentally pass)
4. Verify no existing tests were broken
5. Check test quality: meaningful names, proper assertions, good error messages
Report your findings. This is a GATE — do not approve if tests pass or fail for wrong reasons.
```
Save output to `.tdd-cycle/04-failure-verification.md`.
**GATE**: Do not proceed to Phase 3 unless all tests fail appropriately. If verification fails, fix tests and re-verify.
Update `state.json`: set `current_step` to "checkpoint-2", add step 4 to `completed_steps`.
---
## PHASE CHECKPOINT 2 — User Approval Required
Display a summary of the failing tests from `.tdd-cycle/03-failing-tests.md` and verification from `.tdd-cycle/04-failure-verification.md` and ask:
```
RED phase complete. All tests are failing as expected.
Test count: [number]
Coverage areas: [summary]
Verification: [pass/fail summary]
1. Approve — proceed to GREEN phase (make tests pass)
2. Request changes — adjust tests before implementing
3. Pause — save progress and stop here
```
---
## Phase 3: GREEN — Make Tests Pass (Steps 5-6)
### Step 5: Minimal Implementation
Read `.tdd-cycle/01-requirements.md`, `.tdd-cycle/02-test-architecture.md`, and `.tdd-cycle/03-failing-tests.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement minimal code to pass tests for $FEATURE"
prompt: |
You are a backend architect implementing the GREEN phase of TDD.
Implement MINIMAL code to make tests pass for: $FEATURE
## Requirements
[Insert contents of .tdd-cycle/01-requirements.md]
## Test Architecture
[Insert contents of .tdd-cycle/02-test-architecture.md]
## Failing Tests
[Insert contents of .tdd-cycle/03-failing-tests.md]
## Instructions
1. Focus ONLY on making tests green — no extra features or optimizations
2. Use the simplest implementation that passes each test
3. Follow the project's existing code patterns and conventions
4. Keep methods/functions small and focused
5. Don't add error handling unless tests require it
6. Document shortcuts taken for the refactor phase
Write all code files. Report what files were created/modified and any technical debt noted.
```
Save a summary to `.tdd-cycle/05-implementation.md`.
Update `state.json`: set `current_step` to 6, add step 5 to `completed_steps`.
### Step 6: Verify Test Success
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Verify all tests pass for $FEATURE"
prompt: |
You are a test automation expert verifying TDD green phase completion.
Run all tests for: $FEATURE and verify they pass.
## Implementation
[Insert contents of .tdd-cycle/05-implementation.md]
## Instructions
1. Run the full test suite
2. Verify ALL new tests pass (green)
3. Verify no existing tests were broken
4. Check test coverage metrics against targets
5. Confirm implementation is truly minimal (no gold plating)
Report test execution results, coverage metrics, and any issues found.
```
Save output to `.tdd-cycle/06-green-verification.md`.
**GATE**: All tests must pass before proceeding. If tests fail, return to Step 5 and fix.
Update `state.json`: set `current_step` to "checkpoint-3", add step 6 to `completed_steps`.
---
## PHASE CHECKPOINT 3 — User Approval Required
Display results from `.tdd-cycle/06-green-verification.md` and ask:
```
GREEN phase complete. All tests passing.
Test results: [pass/fail counts]
Coverage: [metrics]
1. Approve — proceed to REFACTOR phase
2. Request changes — adjust implementation
3. Pause — save progress and stop here
```
---
## Phase 4: REFACTOR — Improve Code Quality (Steps 7-8)
### Step 7: Code Refactoring
Read `.tdd-cycle/05-implementation.md` and `.tdd-cycle/06-green-verification.md`.
Use the Task tool with the local code-reviewer agent:
```
Task:
subagent_type: "code-reviewer"
description: "Refactor implementation for $FEATURE"
prompt: |
Refactor the implementation for: $FEATURE while keeping all tests green.
## Implementation
[Insert contents of .tdd-cycle/05-implementation.md]
## Green Verification
[Insert contents of .tdd-cycle/06-green-verification.md]
## Instructions
1. Apply SOLID principles where appropriate
2. Remove code duplication
3. Improve naming for clarity
4. Optimize performance where tests support it
5. Run tests after each refactoring step — tests MUST remain green
6. Apply refactoring triggers: complexity > 10, method > 20 lines, class > 200 lines, duplication > 3 lines
Report all refactoring changes made and confirm tests still pass.
```
Save output to `.tdd-cycle/07-refactored-code.md`.
Update `state.json`: set `current_step` to 8, add step 7 to `completed_steps`.
### Step 8: Test Refactoring
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Refactor tests for $FEATURE"
prompt: |
You are a test automation expert refactoring tests for clarity and maintainability.
Refactor tests for: $FEATURE
## Current Tests
[Insert contents of .tdd-cycle/03-failing-tests.md]
## Refactored Code
[Insert contents of .tdd-cycle/07-refactored-code.md]
## Instructions
1. Remove test duplication — extract common fixtures
2. Improve test names for clarity and documentation value
3. Ensure tests still provide the same coverage
4. Optimize test execution speed where possible
5. Verify coverage metrics unchanged or improved
Report all test refactoring changes and confirm coverage is maintained.
```
Save output to `.tdd-cycle/08-refactored-tests.md`.
Update `state.json`: set `current_step` to "checkpoint-4", add step 8 to `completed_steps`.
---
## PHASE CHECKPOINT 4 — User Approval Required
Display refactoring summary from `.tdd-cycle/07-refactored-code.md` and `.tdd-cycle/08-refactored-tests.md` and ask:
```
REFACTOR phase complete.
Code changes: [summary of refactoring]
Test changes: [summary of test improvements]
Coverage: [maintained/improved]
1. Approve — proceed to integration testing
2. Request changes — adjust refactoring
3. Pause — save progress and stop here
```
---
## Phase 5: Integration and Extended Testing (Steps 9-11)
### Step 9: Write Integration Tests (Failing First)
Read `.tdd-cycle/07-refactored-code.md`.
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Write failing integration tests for $FEATURE"
prompt: |
You are a test automation expert writing integration tests in TDD style.
Write FAILING integration tests for: $FEATURE
## Refactored Implementation
[Insert contents of .tdd-cycle/07-refactored-code.md]
## Instructions
1. Test component interactions, API contracts, and data flow
2. Tests must fail initially (follow red-green-refactor)
3. Focus on integration points identified in the architecture
4. Include contract tests for API boundaries
5. Follow existing project test patterns
Write test files and report what they cover.
```
Save output to `.tdd-cycle/09-integration-tests.md`.
Update `state.json`: set `current_step` to 10, add step 9 to `completed_steps`.
### Step 10: Implement Integration
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Implement integration code for $FEATURE"
prompt: |
You are a backend architect implementing integration code.
Implement integration code for: $FEATURE to make integration tests pass.
## Integration Tests
[Insert contents of .tdd-cycle/09-integration-tests.md]
## Instructions
1. Focus on component interaction and data flow
2. Implement only what's needed to pass integration tests
3. Follow existing project patterns for integration code
Write code and report what was created/modified.
```
Save output to `.tdd-cycle/10-integration-impl.md`.
Update `state.json`: set `current_step` to 11, add step 10 to `completed_steps`.
### Step 11: Performance and Edge Case Tests
Use the Task tool:
```
Task:
subagent_type: "general-purpose"
description: "Add performance and edge case tests for $FEATURE"
prompt: |
You are a test automation expert adding extended test coverage.
Add performance tests and additional edge case tests for: $FEATURE
## Current Implementation
[Insert contents of .tdd-cycle/10-integration-impl.md]
## Instructions
1. Add stress tests and boundary tests
2. Add error recovery tests
3. Include performance benchmarks where appropriate
4. Ensure all new tests pass
Write test files and report coverage improvements.
```
Save output to `.tdd-cycle/11-extended-tests.md`.
Update `state.json`: set `current_step` to 12, add step 11 to `completed_steps`.
---
## Phase 6: Final Review (Step 12)
### Step 12: Final Code Review
Read all `.tdd-cycle/*.md` files.
Use the Task tool with the local code-reviewer agent:
```
Task:
subagent_type: "code-reviewer"
description: "Final TDD review of $FEATURE"
prompt: |
Perform comprehensive final review of: $FEATURE
## All Artifacts
[Insert contents of all .tdd-cycle/*.md files]
## Instructions
1. Verify TDD process was followed (red-green-refactor discipline)
2. Check code quality and SOLID principle adherence
3. Assess test quality and coverage completeness
4. Verify no anti-patterns (test-after, skipped refactoring, etc.)
5. Suggest any remaining improvements
Provide a final review report with findings and recommendations.
```
Save output to `.tdd-cycle/12-final-review.md`.
Update `state.json`: set `current_step` to "complete", add step 12 to `completed_steps`.
---
## Completion
Update `state.json`:
- Set `status` to `"complete"`
- Set `last_updated` to current timestamp
Present the final summary:
```
TDD cycle complete: $FEATURE
## Files Created
[List all .tdd-cycle/ output files]
## TDD Metrics
- Test count: [total tests written]
- Coverage: [line/branch/function coverage]
- Phases completed: Specification > RED > GREEN > REFACTOR > Integration > Review
- Mode: [incremental|suite]
## Artifacts
- Requirements: .tdd-cycle/01-requirements.md
- Test Architecture: .tdd-cycle/02-test-architecture.md
- Failing Tests: .tdd-cycle/03-failing-tests.md
- Failure Verification: .tdd-cycle/04-failure-verification.md
- Implementation: .tdd-cycle/05-implementation.md
- Green Verification: .tdd-cycle/06-green-verification.md
- Refactored Code: .tdd-cycle/07-refactored-code.md
- Refactored Tests: .tdd-cycle/08-refactored-tests.md
- Integration Tests: .tdd-cycle/09-integration-tests.md
- Integration Impl: .tdd-cycle/10-integration-impl.md
- Extended Tests: .tdd-cycle/11-extended-tests.md
- Final Review: .tdd-cycle/12-final-review.md
## Next Steps
1. Review all generated code and test files
2. Run the full test suite to verify everything passes
3. Create a pull request with the implementation
4. Monitor coverage metrics in CI
```
## Incremental Development Mode ## Incremental Development Mode
For test-by-test development: When `--incremental` flag is present:
1. Write ONE failing test 1. Write ONE failing test
2. Make ONLY that test pass 2. Make ONLY that test pass
3. Refactor if needed 3. Refactor if needed
4. Repeat for next test 4. Repeat for next test
Use this approach by adding `--incremental` flag to focus on one test at a time. The orchestrator adjusts the RED-GREEN-REFACTOR phases to operate on a single test at a time rather than full test suites.
## Test Suite Mode ## Validation Checklists
For comprehensive test suite development:
1. Write ALL tests for a feature/module (failing)
2. Implement code to pass ALL tests
3. Refactor entire module
4. Add integration tests
Use this approach by adding `--suite` flag for batch test development.
## Validation Checkpoints
### RED Phase Validation ### RED Phase Validation
@@ -159,35 +639,6 @@ Use this approach by adding `--suite` flag for batch test development.
- [ ] Performance improved or maintained - [ ] Performance improved or maintained
- [ ] Test readability improved - [ ] Test readability improved
## Coverage Reports
Generate coverage reports after each phase:
- Line coverage
- Branch coverage
- Function coverage
- Statement coverage
## Failure Recovery
If TDD discipline is broken:
1. **STOP** immediately
2. Identify which phase was violated
3. Rollback to last valid state
4. Resume from correct phase
5. Document lesson learned
## TDD Metrics Tracking
Track and report:
- Time in each phase (Red/Green/Refactor)
- Number of test-implementation cycles
- Coverage progression
- Refactoring frequency
- Defect escape rate
## Anti-Patterns to Avoid ## Anti-Patterns to Avoid
- Writing implementation before tests - Writing implementation before tests
@@ -198,24 +649,12 @@ Track and report:
- Ignoring failing tests - Ignoring failing tests
- Writing tests after implementation - Writing tests after implementation
## Success Criteria ## Failure Recovery
- 100% of code written test-first If TDD discipline is broken:
- All tests pass continuously
- Coverage exceeds thresholds
- Code complexity within limits
- Zero defects in covered code
- Clear test documentation
- Fast test execution (< 5 seconds for unit tests)
## Notes 1. **STOP** immediately
2. Identify which phase was violated
- Enforce strict RED-GREEN-REFACTOR discipline 3. Rollback to last valid state
- Each phase must be completed before moving to next 4. Resume from correct phase
- Tests are the specification 5. Document lesson learned
- If a test is hard to write, the design needs improvement
- Refactoring is NOT optional
- Keep test execution fast
- Tests should be independent and isolated
TDD implementation for: $ARGUMENTS

929
plugins/tdd-workflows/commands/tdd-green.md
View File

@@ -1,98 +1,79 @@
Implement minimal code to make failing tests pass in TDD green phase: ---
description: "Implement minimal code to make failing tests pass in TDD green phase"
argument-hint: "<description of failing tests or test file paths>"
---
[Extended thinking: This tool uses the test-automator agent to implement the minimal code necessary to make tests pass. It focuses on simplicity, avoiding over-engineering while ensuring all tests become green.] # TDD Green Phase
## CRITICAL BEHAVIORAL RULES
You MUST follow these rules exactly. Violating any of them is a failure.
1. **Implement only what tests require.** Do NOT add features, optimizations, or error handling beyond what failing tests demand.
2. **Run tests after each change.** Verify progress incrementally — do not batch implement and hope it works.
3. **Halt on failure.** If tests remain red after implementation or existing tests break, STOP and present the error to the user.
4. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
5. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. Execute directly.
## Implementation Process ## Implementation Process
Use Task tool with subagent_type="unit-testing::test-automator" to implement minimal passing code. Use the Task tool to implement minimal passing code:
Prompt: "Implement MINIMAL code to make these failing tests pass: $ARGUMENTS. Follow TDD green phase principles: ```
Task:
subagent_type: "general-purpose"
description: "Implement minimal code to pass failing tests"
prompt: |
You are a test automation expert implementing the GREEN phase of TDD.
1. **Pre-Implementation Analysis** Implement MINIMAL code to make these failing tests pass: $ARGUMENTS
- Review all failing tests and their error messages
- Identify the simplest path to make tests pass
- Map test requirements to minimal implementation needs
- Avoid premature optimization or over-engineering
- Focus only on making tests green, not perfect code
2. **Implementation Strategy** Follow TDD green phase principles:
- **Fake It**: Return hard-coded values when appropriate
- **Obvious Implementation**: When solution is trivial and clear
- **Triangulation**: Generalize only when multiple tests require it
- Start with the simplest test and work incrementally
- One test at a time - don't try to pass all at once
3. **Code Structure Guidelines** 1. **Pre-Implementation Analysis**
- Write the minimal code that could possibly work - Review all failing tests and their error messages
- Avoid adding functionality not required by tests - Identify the simplest path to make tests pass
- Use simple data structures initially - Map test requirements to minimal implementation needs
- Defer architectural decisions until refactor phase - Avoid premature optimization or over-engineering
- Keep methods/functions small and focused - Focus only on making tests green, not perfect code
- Don't add error handling unless tests require it
4. **Language-Specific Patterns** 2. **Implementation Strategy**
- **JavaScript/TypeScript**: Simple functions, avoid classes initially - **Fake It**: Return hard-coded values when appropriate
- **Python**: Functions before classes, simple returns - **Obvious Implementation**: When solution is trivial and clear
- **Java**: Minimal class structure, no patterns yet - **Triangulation**: Generalize only when multiple tests require it
- **C#**: Basic implementations, no interfaces yet - Start with the simplest test and work incrementally
- **Go**: Simple functions, defer goroutines/channels - One test at a time — don't try to pass all at once
- **Ruby**: Procedural before object-oriented when possible
5. **Progressive Implementation** 3. **Code Structure Guidelines**
- Make first test pass with simplest possible code - Write the minimal code that could possibly work
- Run tests after each change to verify progress - Avoid adding functionality not required by tests
- Add just enough code for next failing test - Use simple data structures initially
- Resist urge to implement beyond test requirements - Defer architectural decisions until refactor phase
- Keep track of technical debt for refactor phase - Keep methods/functions small and focused
- Document assumptions and shortcuts taken - Don't add error handling unless tests require it
6. **Common Green Phase Techniques** 4. **Progressive Implementation**
- Hard-coded returns for initial tests - Make first test pass with simplest possible code
- Simple if/else for limited test cases - Run tests after each change to verify progress
- Basic loops only when iteration tests require - Add just enough code for next failing test
- Minimal data structures (arrays before complex objects) - Resist urge to implement beyond test requirements
- In-memory storage before database integration - Keep track of technical debt for refactor phase
- Synchronous before asynchronous implementation - Document assumptions and shortcuts taken
7. **Success Criteria** 5. **Success Criteria**
All tests pass (green) - All tests pass (green)
No extra functionality beyond test requirements - No extra functionality beyond test requirements
Code is readable even if not optimal - Code is readable even if not optimal
No broken existing functionality - No broken existing functionality
✓ Implementation time is minimized - Clear path to refactoring identified
✓ Clear path to refactoring identified
8. **Anti-Patterns to Avoid** Output should include:
- Gold plating or adding unrequested features - Complete implementation code
- Implementing design patterns prematurely - Test execution results showing all green
- Complex abstractions without test justification - List of shortcuts taken for later refactoring
- Performance optimizations without metrics - Technical debt documentation
- Adding tests during green phase - Readiness assessment for refactor phase
- Refactoring during implementation ```
- Ignoring test failures to move forward
9. **Implementation Metrics**
- Time to green: Track implementation duration
- Lines of code: Measure implementation size
- Cyclomatic complexity: Keep it low initially
- Test pass rate: Must reach 100%
- Code coverage: Verify all paths tested
10. **Validation Steps**
- Run all tests and confirm they pass
- Verify no regression in existing tests
- Check that implementation is truly minimal
- Document any technical debt created
- Prepare notes for refactoring phase
Output should include:
- Complete implementation code
- Test execution results showing all green
- List of shortcuts taken for later refactoring
- Implementation time metrics
- Technical debt documentation
- Readiness assessment for refactor phase"
## Post-Implementation Checks ## Post-Implementation Checks
@@ -116,788 +97,8 @@ If tests still fail:
## Integration Points ## Integration Points
- Follows from tdd-red.md test creation - Follows from tdd-red test creation
- Prepares for tdd-refactor.md improvements - Prepares for tdd-refactor improvements
- Updates test coverage metrics - Updates test coverage metrics
- Triggers CI/CD pipeline verification - Triggers CI/CD pipeline verification
- Documents technical debt for tracking - Documents technical debt for tracking
## Best Practices
- Embrace "good enough" for this phase
- Speed over perfection (perfection comes in refactor)
- Make it work, then make it right, then make it fast
- Trust that refactoring phase will improve code
- Keep changes small and incremental
- Celebrate reaching green state!
## Complete Implementation Examples
### Example 1: Minimal → Production-Ready (User Service)
**Test Requirements:**
```typescript
describe("UserService", () => {
it("should create a new user", async () => {
const user = await userService.create({
email: "test@example.com",
name: "Test",
});
expect(user.id).toBeDefined();
expect(user.email).toBe("test@example.com");
});
it("should find user by email", async () => {
await userService.create({ email: "test@example.com", name: "Test" });
const user = await userService.findByEmail("test@example.com");
expect(user).toBeDefined();
});
});
```
**Stage 1: Fake It (Minimal)**
```typescript
class UserService {
create(data: { email: string; name: string }) {
return { id: "123", email: data.email, name: data.name };
}
findByEmail(email: string) {
return { id: "123", email: email, name: "Test" };
}
}
```
_Tests pass. Implementation is obviously fake but validates test structure._
**Stage 2: Simple Real Implementation**
```typescript
class UserService {
private users: Map<string, User> = new Map();
private nextId = 1;
create(data: { email: string; name: string }) {
const user = { id: String(this.nextId++), ...data };
this.users.set(user.email, user);
return user;
}
findByEmail(email: string) {
return this.users.get(email) || null;
}
}
```
_In-memory storage. Tests pass. Good enough for green phase._
**Stage 3: Production-Ready (Refactor Phase)**
```typescript
class UserService {
constructor(private db: Database) {}
async create(data: { email: string; name: string }) {
const existing = await this.db.query(
"SELECT * FROM users WHERE email = ?",
[data.email],
);
if (existing) throw new Error("User exists");
const id = await this.db.insert("users", data);
return { id, ...data };
}
async findByEmail(email: string) {
return this.db.queryOne("SELECT * FROM users WHERE email = ?", [email]);
}
}
```
_Database integration, error handling, validation - saved for refactor phase._
### Example 2: API-First Implementation (Express)
**Test Requirements:**
```javascript
describe("POST /api/tasks", () => {
it("should create task and return 201", async () => {
const res = await request(app)
.post("/api/tasks")
.send({ title: "Test Task" });
expect(res.status).toBe(201);
expect(res.body.id).toBeDefined();
expect(res.body.title).toBe("Test Task");
});
});
```
**Stage 1: Hardcoded Response**
```javascript
app.post("/api/tasks", (req, res) => {
res.status(201).json({ id: "1", title: req.body.title });
});
```
_Tests pass immediately. No logic needed yet._
**Stage 2: Simple Logic**
```javascript
let tasks = [];
let nextId = 1;
app.post("/api/tasks", (req, res) => {
const task = { id: String(nextId++), title: req.body.title };
tasks.push(task);
res.status(201).json(task);
});
```
_Minimal state management. Ready for more tests._
**Stage 3: Layered Architecture (Refactor)**
```javascript
// Controller
app.post('/api/tasks', async (req, res) => {
try {
const task = await taskService.create(req.body);
res.status(201).json(task);
} catch (error) {
res.status(400).json({ error: error.message });
}
});
// Service layer
class TaskService {
constructor(private repository: TaskRepository) {}
async create(data: CreateTaskDto): Promise<Task> {
this.validate(data);
return this.repository.save(data);
}
}
```
_Proper separation of concerns added during refactor phase._
### Example 3: Database Integration (Django)
**Test Requirements:**
```python
def test_product_creation():
product = Product.objects.create(name="Widget", price=9.99)
assert product.id is not None
assert product.name == "Widget"
def test_product_price_validation():
with pytest.raises(ValidationError):
Product.objects.create(name="Widget", price=-1)
```
**Stage 1: Model Only**
```python
class Product(models.Model):
name = models.CharField(max_length=200)
price = models.DecimalField(max_digits=10, decimal_places=2)
```
_First test passes. Second test fails - validation not implemented._
**Stage 2: Add Validation**
```python
class Product(models.Model):
name = models.CharField(max_length=200)
price = models.DecimalField(max_digits=10, decimal_places=2)
def clean(self):
if self.price < 0:
raise ValidationError("Price cannot be negative")
def save(self, *args, **kwargs):
self.clean()
super().save(*args, **kwargs)
```
_All tests pass. Minimal validation logic added._
**Stage 3: Rich Domain Model (Refactor)**
```python
class Product(models.Model):
name = models.CharField(max_length=200)
price = models.DecimalField(max_digits=10, decimal_places=2)
category = models.ForeignKey(Category, on_delete=models.CASCADE)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
class Meta:
indexes = [models.Index(fields=['category', '-created_at'])]
def clean(self):
if self.price < 0:
raise ValidationError("Price cannot be negative")
if self.price > 10000:
raise ValidationError("Price exceeds maximum")
def apply_discount(self, percentage: float) -> Decimal:
return self.price * (1 - percentage / 100)
```
_Additional features, indexes, business logic added when needed._
### Example 4: React Component Implementation
**Test Requirements:**
```typescript
describe('UserProfile', () => {
it('should display user name', () => {
render(<UserProfile user={{ name: 'John', email: 'john@test.com' }} />);
expect(screen.getByText('John')).toBeInTheDocument();
});
it('should display email', () => {
render(<UserProfile user={{ name: 'John', email: 'john@test.com' }} />);
expect(screen.getByText('john@test.com')).toBeInTheDocument();
});
});
```
**Stage 1: Minimal JSX**
```typescript
interface UserProfileProps {
user: { name: string; email: string };
}
const UserProfile: React.FC<UserProfileProps> = ({ user }) => (
<div>
<div>{user.name}</div>
<div>{user.email}</div>
</div>
);
```
_Tests pass. No styling, no structure._
**Stage 2: Basic Structure**
```typescript
const UserProfile: React.FC<UserProfileProps> = ({ user }) => (
<div className="user-profile">
<h2>{user.name}</h2>
<p>{user.email}</p>
</div>
);
```
_Added semantic HTML, className for styling hook._
**Stage 3: Production Component (Refactor)**
```typescript
const UserProfile: React.FC<UserProfileProps> = ({ user }) => {
const [isEditing, setIsEditing] = useState(false);
return (
<div className="user-profile" role="article" aria-label="User profile">
<header>
<h2>{user.name}</h2>
<button onClick={() => setIsEditing(true)} aria-label="Edit profile">
Edit
</button>
</header>
<section>
<p>{user.email}</p>
{user.bio && <p>{user.bio}</p>}
</section>
</div>
);
};
```
_Accessibility, interaction, additional features added incrementally._
## Decision Frameworks
### Framework 1: Fake vs. Real Implementation
**When to Fake It:**
- First test for a new feature
- Complex external dependencies (payment gateways, APIs)
- Implementation approach is still uncertain
- Need to validate test structure first
- Time pressure to see all tests green
**When to Go Real:**
- Second or third test reveals pattern
- Implementation is obvious and simple
- Faking would be more complex than real code
- Need to test integration points
- Tests explicitly require real behavior
**Decision Matrix:**
```
Complexity Low | High
↓ | ↓
Simple → REAL | FAKE first, real later
Complex → REAL | FAKE, evaluate alternatives
```
### Framework 2: Complexity Trade-off Analysis
**Simplicity Score Calculation:**
```
Score = (Lines of Code) + (Cyclomatic Complexity × 2) + (Dependencies × 3)
< 20 → Simple enough, implement directly
20-50 → Consider simpler alternative
> 50 → Defer complexity to refactor phase
```
**Example Evaluation:**
```typescript
// Option A: Direct implementation (Score: 45)
function calculateShipping(
weight: number,
distance: number,
express: boolean,
): number {
let base = weight * 0.5 + distance * 0.1;
if (express) base *= 2;
if (weight > 50) base += 10;
if (distance > 1000) base += 20;
return base;
}
// Option B: Simplest for green phase (Score: 15)
function calculateShipping(
weight: number,
distance: number,
express: boolean,
): number {
return express ? 50 : 25; // Fake it until more tests drive real logic
}
```
_Choose Option B for green phase, evolve to Option A as tests require._
### Framework 3: Performance Consideration Timing
**Green Phase: Focus on Correctness**
```
❌ Avoid:
- Caching strategies
- Database query optimization
- Algorithmic complexity improvements
- Premature memory optimization
✓ Accept:
- O(n²) if it makes code simpler
- Multiple database queries
- Synchronous operations
- Inefficient but clear algorithms
```
**When Performance Matters in Green Phase:**
1. Performance is explicit test requirement
2. Implementation would cause timeout in test suite
3. Memory leak would crash tests
4. Resource exhaustion prevents testing
**Performance Testing Integration:**
```typescript
// Add performance test AFTER functional tests pass
describe("Performance", () => {
it("should handle 1000 users within 100ms", () => {
const start = Date.now();
for (let i = 0; i < 1000; i++) {
userService.create({ email: `user${i}@test.com`, name: `User ${i}` });
}
expect(Date.now() - start).toBeLessThan(100);
});
});
```
## Framework-Specific Patterns
### React Patterns
**Simple Component → Hooks → Context:**
```typescript
// Green Phase: Props only
const Counter = ({ count, onIncrement }) => (
<button onClick={onIncrement}>{count}</button>
);
// Refactor: Add hooks
const Counter = () => {
const [count, setCount] = useState(0);
return <button onClick={() => setCount(c => c + 1)}>{count}</button>;
};
// Refactor: Extract to context
const Counter = () => {
const { count, increment } = useCounter();
return <button onClick={increment}>{count}</button>;
};
```
### Django Patterns
**Function View → Class View → Generic View:**
```python
# Green Phase: Simple function
def product_list(request):
products = Product.objects.all()
return JsonResponse({'products': list(products.values())})
# Refactor: Class-based view
class ProductListView(View):
def get(self, request):
products = Product.objects.all()
return JsonResponse({'products': list(products.values())})
# Refactor: Generic view
class ProductListView(ListView):
model = Product
context_object_name = 'products'
```
### Express Patterns
**Inline → Middleware → Service Layer:**
```javascript
// Green Phase: Inline logic
app.post("/api/users", (req, res) => {
const user = { id: Date.now(), ...req.body };
users.push(user);
res.json(user);
});
// Refactor: Extract middleware
app.post("/api/users", validateUser, (req, res) => {
const user = userService.create(req.body);
res.json(user);
});
// Refactor: Full layering
app.post("/api/users", validateUser, asyncHandler(userController.create));
```
## Refactoring Resistance Patterns
### Pattern 1: Test Anchor Points
Keep tests green during refactoring by maintaining interface contracts:
```typescript
// Original implementation (tests green)
function calculateTotal(items: Item[]): number {
return items.reduce((sum, item) => sum + item.price, 0);
}
// Refactoring: Add tax calculation (keep interface)
function calculateTotal(items: Item[]): number {
const subtotal = items.reduce((sum, item) => sum + item.price, 0);
const tax = subtotal * 0.1;
return subtotal + tax;
}
// Tests still green because return type/behavior unchanged
```
### Pattern 2: Parallel Implementation
Run old and new implementations side by side:
```python
def process_order(order):
# Old implementation (tests depend on this)
result_old = legacy_process(order)
# New implementation (testing in parallel)
result_new = new_process(order)
# Verify they match
assert result_old == result_new, "Implementation mismatch"
return result_old # Keep tests green
```
### Pattern 3: Feature Flags for Refactoring
```javascript
class PaymentService {
processPayment(amount) {
if (config.USE_NEW_PAYMENT_PROCESSOR) {
return this.newPaymentProcessor(amount);
}
return this.legacyPaymentProcessor(amount);
}
}
```
## Performance-First Green Phase Strategies
### Strategy 1: Type-Driven Development
Use types to guide minimal implementation:
```typescript
// Types define contract
interface UserRepository {
findById(id: string): Promise<User | null>;
save(user: User): Promise<void>;
}
// Green phase: In-memory implementation
class InMemoryUserRepository implements UserRepository {
private users = new Map<string, User>();
async findById(id: string) {
return this.users.get(id) || null;
}
async save(user: User) {
this.users.set(user.id, user);
}
}
// Refactor: Database implementation (same interface)
class DatabaseUserRepository implements UserRepository {
constructor(private db: Database) {}
async findById(id: string) {
return this.db.query("SELECT * FROM users WHERE id = ?", [id]);
}
async save(user: User) {
await this.db.insert("users", user);
}
}
```
### Strategy 2: Contract Testing Integration
```typescript
// Define contract
const userServiceContract = {
create: {
input: { email: "string", name: "string" },
output: { id: "string", email: "string", name: "string" },
},
};
// Green phase: Implementation matches contract
class UserService {
create(data: { email: string; name: string }) {
return { id: "123", ...data }; // Minimal but contract-compliant
}
}
// Contract test ensures compliance
describe("UserService Contract", () => {
it("should match create contract", () => {
const result = userService.create({ email: "test@test.com", name: "Test" });
expect(typeof result.id).toBe("string");
expect(typeof result.email).toBe("string");
expect(typeof result.name).toBe("string");
});
});
```
### Strategy 3: Continuous Refactoring Workflow
**Micro-Refactoring During Green Phase:**
```python
# Test passes with this
def calculate_discount(price, customer_type):
if customer_type == 'premium':
return price * 0.8
return price
# Immediate micro-refactor (tests still green)
DISCOUNT_RATES = {
'premium': 0.8,
'standard': 1.0
}
def calculate_discount(price, customer_type):
rate = DISCOUNT_RATES.get(customer_type, 1.0)
return price * rate
```
**Safe Refactoring Checklist:**
- ✓ Tests green before refactoring
- ✓ Change one thing at a time
- ✓ Run tests after each change
- ✓ Commit after each successful refactor
- ✓ No behavior changes, only structure
## Modern Development Practices (2024/2025)
### Type-Driven Development
**Python Type Hints:**
```python
from typing import Optional, List
from dataclasses import dataclass
@dataclass
class User:
id: str
email: str
name: str
class UserService:
def create(self, email: str, name: str) -> User:
return User(id="123", email=email, name=name)
def find_by_email(self, email: str) -> Optional[User]:
return None # Minimal implementation
```
**TypeScript Strict Mode:**
```typescript
// Enable strict mode in tsconfig.json
{
"compilerOptions": {
"strict": true,
"noUncheckedIndexedAccess": true,
"exactOptionalPropertyTypes": true
}
}
// Implementation guided by types
interface CreateUserDto {
email: string;
name: string;
}
class UserService {
create(data: CreateUserDto): User {
// Type system enforces contract
return { id: '123', email: data.email, name: data.name };
}
}
```
### AI-Assisted Green Phase
**Using Copilot/AI Tools:**
1. Write test first (human-driven)
2. Let AI suggest minimal implementation
3. Verify suggestion passes tests
4. Accept if truly minimal, reject if over-engineered
5. Iterate with AI for refactoring phase
**AI Prompt Pattern:**
```
Given these failing tests:
[paste tests]
Provide the MINIMAL implementation that makes tests pass.
Do not add error handling, validation, or features beyond test requirements.
Focus on simplicity over completeness.
```
### Cloud-Native Patterns
**Local → Container → Cloud:**
```javascript
// Green Phase: Local implementation
class CacheService {
private cache = new Map();
get(key) { return this.cache.get(key); }
set(key, value) { this.cache.set(key, value); }
}
// Refactor: Redis-compatible interface
class CacheService {
constructor(private redis) {}
async get(key) { return this.redis.get(key); }
async set(key, value) { return this.redis.set(key, value); }
}
// Production: Distributed cache with fallback
class CacheService {
constructor(private redis, private fallback) {}
async get(key) {
try {
return await this.redis.get(key);
} catch {
return this.fallback.get(key);
}
}
}
```
### Observability-Driven Development
**Add observability hooks during green phase:**
```typescript
class OrderService {
async createOrder(data: CreateOrderDto): Promise<Order> {
console.log("[OrderService] Creating order", { data }); // Simple logging
const order = { id: "123", ...data };
console.log("[OrderService] Order created", { orderId: order.id }); // Success log
return order;
}
}
// Refactor: Structured logging
class OrderService {
constructor(private logger: Logger) {}
async createOrder(data: CreateOrderDto): Promise<Order> {
this.logger.info("order.create.start", { data });
const order = await this.repository.save(data);
this.logger.info("order.create.success", {
orderId: order.id,
duration: Date.now() - start,
});
return order;
}
}
```
Tests to make pass: $ARGUMENTS

177
plugins/tdd-workflows/commands/tdd-red.md
View File

@@ -1,82 +1,92 @@
Write comprehensive failing tests following TDD red phase principles. ---
description: "Write comprehensive failing tests following TDD red phase principles"
argument-hint: "<feature or component to write tests for>"
---
[Extended thinking: Generates failing tests that properly define expected behavior using test-automator agent.] # TDD Red Phase
## Role ## CRITICAL BEHAVIORAL RULES
Generate failing tests using Task tool with subagent_type="unit-testing::test-automator". You MUST follow these rules exactly. Violating any of them is a failure.
## Prompt Template 1. **Write tests only — no production code.** Do NOT implement any production code during this phase.
2. **Verify tests fail.** All generated tests MUST fail when run. If any test passes, investigate and fix.
3. **Halt on error.** If test generation fails (syntax errors, import issues), STOP and present the error to the user.
4. **Use only local agents.** All `subagent_type` references use agents bundled with this plugin or `general-purpose`. No cross-plugin dependencies.
5. **Never enter plan mode autonomously.** Do NOT use EnterPlanMode. Execute directly.
"Generate comprehensive FAILING tests for: $ARGUMENTS ## Test Generation Process
## Core Requirements Use the Task tool to generate failing tests:
1. **Test Structure** ```
- Framework-appropriate setup (Jest/pytest/JUnit/Go/RSpec) Task:
- Arrange-Act-Assert pattern subagent_type: "general-purpose"
- should_X_when_Y naming convention description: "Generate comprehensive failing tests for TDD red phase"
- Isolated fixtures with no interdependencies prompt: |
You are a test automation expert specializing in TDD red phase test generation.
2. **Behavior Coverage** Generate comprehensive FAILING tests for: $ARGUMENTS
- Happy path scenarios
- Edge cases (empty, null, boundary values)
- Error handling and exceptions
- Concurrent access (if applicable)
3. **Failure Verification** ## Core Requirements
- Tests MUST fail when run
- Failures for RIGHT reasons (not syntax/import errors)
- Meaningful diagnostic error messages
- No cascading failures
4. **Test Categories** 1. **Test Structure**
- Unit: Isolated component behavior - Framework-appropriate setup (Jest/pytest/JUnit/Go/RSpec — match project conventions)
- Integration: Component interaction - Arrange-Act-Assert pattern
- Contract: API/interface contracts - should_X_when_Y naming convention
- Property: Mathematical invariants - Isolated fixtures with no interdependencies
## Framework Patterns 2. **Behavior Coverage**
- Happy path scenarios
- Edge cases (empty, null, boundary values)
- Error handling and exceptions
- Concurrent access (if applicable)
**JavaScript/TypeScript (Jest/Vitest)** 3. **Failure Verification**
- Tests MUST fail when run
- Failures for RIGHT reasons (not syntax/import errors)
- Meaningful diagnostic error messages
- No cascading failures
- Mock dependencies with `vi.fn()` or `jest.fn()` 4. **Test Categories**
- Use `@testing-library` for React components - Unit: Isolated component behavior
- Property tests with `fast-check` - Integration: Component interaction
- Contract: API/interface contracts
- Property: Mathematical invariants (if applicable)
**Python (pytest)** ## Quality Checklist
- Fixtures with appropriate scopes - Readable test names documenting intent
- Parametrize for multiple test cases - One behavior per test
- Hypothesis for property-based tests - No implementation leakage
- Meaningful test data (not 'foo'/'bar')
- Tests serve as living documentation
**Go** ## Anti-Patterns to Avoid
- Table-driven tests with subtests - Tests passing immediately
- `t.Parallel()` for parallel execution - Testing implementation vs behavior
- Use `testify/assert` for cleaner assertions - Complex setup code
- Multiple responsibilities per test
- Brittle tests tied to specifics
**Ruby (RSpec)** ## Output Requirements
- `let` for lazy loading, `let!` for eager - Complete test files with imports
- Contexts for different scenarios - Documentation of test purpose
- Shared examples for common behavior - Commands to run and verify failures
- Metrics: test count, coverage areas
- Next steps for green phase
```
## Quality Checklist ## Validation
- Readable test names documenting intent After generation:
- One behavior per test
- No implementation leakage
- Meaningful test data (not 'foo'/'bar')
- Tests serve as living documentation
## Anti-Patterns to Avoid 1. Run tests — confirm they fail
2. Verify helpful failure messages
- Tests passing immediately 3. Check test independence
- Testing implementation vs behavior 4. Ensure comprehensive coverage
- Complex setup code
- Multiple responsibilities per test
- Brittle tests tied to specifics
## Edge Case Categories ## Edge Case Categories
@@ -85,56 +95,3 @@ Generate failing tests using Task tool with subagent_type="unit-testing::test-au
- **Special Cases**: Unicode, whitespace, special characters - **Special Cases**: Unicode, whitespace, special characters
- **State**: Invalid transitions, concurrent modifications - **State**: Invalid transitions, concurrent modifications
- **Errors**: Network failures, timeouts, permissions - **Errors**: Network failures, timeouts, permissions
## Output Requirements
- Complete test files with imports
- Documentation of test purpose
- Commands to run and verify failures
- Metrics: test count, coverage areas
- Next steps for green phase"
## Validation
After generation:
1. Run tests - confirm they fail
2. Verify helpful failure messages
3. Check test independence
4. Ensure comprehensive coverage
## Example (Minimal)
```typescript
// auth.service.test.ts
describe("AuthService", () => {
let authService: AuthService;
let mockUserRepo: jest.Mocked<UserRepository>;
beforeEach(() => {
mockUserRepo = { findByEmail: jest.fn() } as any;
authService = new AuthService(mockUserRepo);
});
it("should_return_token_when_valid_credentials", async () => {
const user = { id: "1", email: "test@example.com", passwordHash: "hashed" };
mockUserRepo.findByEmail.mockResolvedValue(user);
const result = await authService.authenticate("test@example.com", "pass");
expect(result.success).toBe(true);
expect(result.token).toBeDefined();
});
it("should_fail_when_user_not_found", async () => {
mockUserRepo.findByEmail.mockResolvedValue(null);
const result = await authService.authenticate("none@example.com", "pass");
expect(result.success).toBe(false);
expect(result.error).toBe("INVALID_CREDENTIALS");
});
});
```
Test requirements: $ARGUMENTS

10
plugins/team-collaboration/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "team-collaboration",
"version": "1.2.0",
"description": "Team workflows, issue management, standup automation, and developer experience optimization",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

4
plugins/ui-design/.claude-plugin/plugin.json
View File

@@ -1,8 +1,10 @@
{ {
"name": "ui-design", "name": "ui-design",
"description": "Comprehensive UI/UX design plugin for mobile (iOS, Android, React Native) and web applications with design systems, accessibility, and modern patterns", "description": "Comprehensive UI/UX design plugin for mobile (iOS, Android, React Native) and web applications with design systems, accessibility, and modern patterns",
"version": "1.0.2",
"author": { "author": {
"name": "Seth Hobson", "name": "Seth Hobson",
"email": "seth@major7apps.com" "email": "seth@major7apps.com"
} },
"license": "MIT"
} }

10
plugins/unit-testing/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "unit-testing",
"version": "1.2.0",
"description": "Unit and integration test automation for Python and JavaScript with debugging support",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

10
plugins/web-scripting/.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "web-scripting",
"version": "1.2.0",
"description": "Web scripting with PHP and Ruby for web applications, CMS development, and backend services",
"author": {
"name": "Seth Hobson",
"email": "seth@major7apps.com"
},
"license": "MIT"
}

21
tools/requirements.txt Normal file
View File

@@ -0,0 +1,21 @@
# Core dependencies
yt-dlp>=2024.0.0
youtube-transcript-api>=0.6.0
Pillow>=10.0.0
# OCR (Tesseract) - also requires: apt install tesseract-ocr
pytesseract>=0.3.10
# Color palette extraction
colorthief>=0.2.1
# ---------------------------------------------------------
# OPTIONAL: EasyOCR (better for stylized text)
# ---------------------------------------------------------
# EasyOCR requires PyTorch (~2GB). Install separately:
#
# pip install torch torchvision --index-url https://download.pytorch.org/whl/cpu
# pip install easyocr
#
# Or just use tesseract (default) - it works great for most videos.

809
tools/yt-design-extractor.py Executable file
View File

@@ -0,0 +1,809 @@
#!/usr/bin/env python3
"""
YouTube Design Concept Extractor
=================================
Extracts transcript + keyframes from a YouTube video and produces
a structured markdown reference document ready for agent consumption.
Usage:
python3 tools/yt-design-extractor.py <youtube_url> [options]
Examples:
python3 tools/yt-design-extractor.py "https://youtu.be/eVnQFWGDEdY"
python3 tools/yt-design-extractor.py "https://youtu.be/eVnQFWGDEdY" --interval 30
python3 tools/yt-design-extractor.py "https://youtu.be/eVnQFWGDEdY" --scene-detect --ocr
python3 tools/yt-design-extractor.py "https://youtu.be/eVnQFWGDEdY" --full # all features
python3 tools/yt-design-extractor.py "https://youtu.be/eVnQFWGDEdY" --ocr --ocr-engine easyocr
Requirements:
pip install yt-dlp youtube-transcript-api
apt install ffmpeg
Optional (OCR via Tesseract):
pip install Pillow pytesseract
apt install tesseract-ocr
Optional (better OCR for stylized text):
pip install easyocr
Optional (color palette extraction):
pip install colorthief
"""
import argparse
import json
import os
import re
import shutil
import subprocess
import sys
import textwrap
from collections import Counter
from concurrent.futures import ThreadPoolExecutor, as_completed
from datetime import datetime
from pathlib import Path
from typing import Optional
# Optional imports - gracefully degrade if not available
PILLOW_AVAILABLE = False
TESSERACT_AVAILABLE = False
try:
from PIL import Image
PILLOW_AVAILABLE = True
except ImportError:
pass
try:
import pytesseract
TESSERACT_AVAILABLE = PILLOW_AVAILABLE
except ImportError:
pass
try:
import easyocr
EASYOCR_AVAILABLE = True
except ImportError:
EASYOCR_AVAILABLE = False
try:
from colorthief import ColorThief
COLORTHIEF_AVAILABLE = True
except ImportError:
COLORTHIEF_AVAILABLE = False
# ---------------------------------------------------------------------------
# Transcript extraction
# ---------------------------------------------------------------------------
def extract_video_id(url: str) -> str:
"""Pull the 11-char video ID out of any common YouTube URL format."""
patterns = [
r"(?:v=|/v/|youtu\.be/)([a-zA-Z0-9_-]{11})",
r"(?:embed/)([a-zA-Z0-9_-]{11})",
r"(?:shorts/)([a-zA-Z0-9_-]{11})",
]
for pat in patterns:
m = re.search(pat, url)
if m:
return m.group(1)
# Maybe the user passed a bare ID
if re.match(r"^[a-zA-Z0-9_-]{11}$", url):
return url
sys.exit(f"Could not extract video ID from: {url}")
def get_video_metadata(url: str) -> dict:
"""Use yt-dlp to pull title, description, chapters, duration, etc."""
cmd = [
"yt-dlp",
"--dump-json",
"--no-download",
"--no-playlist",
url,
]
print("[*] Fetching video metadata …")
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
except subprocess.TimeoutExpired:
sys.exit("yt-dlp metadata fetch timed out after 120s.")
if result.returncode != 0:
sys.exit(f"yt-dlp metadata failed:\n{result.stderr}")
try:
return json.loads(result.stdout)
except json.JSONDecodeError as e:
sys.exit(
f"yt-dlp returned invalid JSON: {e}\nFirst 200 chars: {result.stdout[:200]}"
)
def get_transcript(video_id: str) -> list[dict] | None:
"""Grab the transcript via youtube-transcript-api. Returns list of
{text, start, duration} dicts, or None if unavailable."""
try:
from youtube_transcript_api import YouTubeTranscriptApi
from youtube_transcript_api._errors import (
TranscriptsDisabled,
NoTranscriptFound,
VideoUnavailable,
)
except ImportError:
print("[!] youtube-transcript-api not installed. Skipping transcript.")
return None
try:
print("[*] Fetching transcript …")
ytt_api = YouTubeTranscriptApi()
transcript = ytt_api.fetch(video_id)
entries = []
for snippet in transcript:
entries.append(
{
"text": snippet.text,
"start": snippet.start,
"duration": snippet.duration,
}
)
return entries
except (TranscriptsDisabled, NoTranscriptFound, VideoUnavailable) as e:
print(f"[!] Transcript unavailable ({e}). Will proceed without it.")
return None
# ---------------------------------------------------------------------------
# Keyframe extraction
# ---------------------------------------------------------------------------
def download_video(url: str, out_dir: Path) -> Path:
"""Download video, preferring 720p or lower. Falls back to best available."""
out_template = str(out_dir / "video.%(ext)s")
cmd = [
"yt-dlp",
"-f",
"bestvideo[height<=720]+bestaudio/best[height<=720]/best",
"--merge-output-format",
"mp4",
"-o",
out_template,
"--no-playlist",
url,
]
print("[*] Downloading video (720p preferred) …")
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=600)
except subprocess.TimeoutExpired:
sys.exit(
"Video download timed out after 10 minutes. "
"The video may be too large or your connection too slow."
)
if result.returncode != 0:
sys.exit(f"yt-dlp download failed:\n{result.stderr}")
# Find the downloaded file
for f in out_dir.iterdir():
if f.name.startswith("video.") and f.suffix in (".mp4", ".mkv", ".webm"):
return f
sys.exit("Download succeeded but could not locate video file.")
def extract_frames_interval(
video_path: Path, out_dir: Path, interval: int = 30
) -> list[Path]:
"""Extract one frame every `interval` seconds."""
frames_dir = out_dir / "frames"
frames_dir.mkdir(exist_ok=True)
pattern = str(frames_dir / "frame_%04d.png")
cmd = [
"ffmpeg",
"-i",
str(video_path),
"-vf",
f"fps=1/{interval}",
"-q:v",
"2",
pattern,
"-y",
]
print(f"[*] Extracting frames every {interval}s …")
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=600)
except subprocess.TimeoutExpired:
sys.exit("Frame extraction timed out after 10 minutes.")
if result.returncode != 0:
print(f"[!] ffmpeg frame extraction failed (exit code {result.returncode}):")
print(f" {result.stderr[:500]}")
return []
frames = sorted(frames_dir.glob("frame_*.png"))
if not frames:
print(
"[!] WARNING: ffmpeg ran but produced no frames. "
"The video may be too short or corrupted."
)
else:
print(f" → captured {len(frames)} frames")
return frames
def extract_frames_scene(
video_path: Path, out_dir: Path, threshold: float = 0.3
) -> list[Path]:
"""Use ffmpeg scene-change detection to grab visually distinct frames."""
frames_dir = out_dir / "frames_scene"
frames_dir.mkdir(exist_ok=True)
pattern = str(frames_dir / "scene_%04d.png")
cmd = [
"ffmpeg",
"-i",
str(video_path),
"-vf",
f"select='gt(scene,{threshold})',showinfo",
"-vsync",
"vfr",
"-q:v",
"2",
pattern,
"-y",
]
print(f"[*] Extracting scene-change frames (threshold={threshold}) …")
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=600)
except subprocess.TimeoutExpired:
sys.exit("Scene-change frame extraction timed out after 10 minutes.")
if result.returncode != 0:
print(f"[!] ffmpeg scene detection failed (exit code {result.returncode}):")
print(f" {result.stderr[:500]}")
return []
frames = sorted(frames_dir.glob("scene_*.png"))
if not frames:
print("[!] No scene-change frames detected (try lowering --scene-threshold).")
else:
print(f" → captured {len(frames)} scene-change frames")
return frames
# ---------------------------------------------------------------------------
# OCR extraction
# ---------------------------------------------------------------------------
def ocr_frame_tesseract(frame_path: Path) -> str:
"""Extract text from a frame using Tesseract OCR. Converts to grayscale first."""
if not TESSERACT_AVAILABLE:
return ""
try:
img = Image.open(frame_path)
if img.mode != "L":
img = img.convert("L")
text = pytesseract.image_to_string(img, config="--psm 6")
return text.strip()
except Exception as e:
print(f"[!] OCR failed for {frame_path}: {e}")
return ""
def ocr_frame_easyocr(frame_path: Path, reader) -> str:
"""Extract text from a frame using EasyOCR (better for stylized text)."""
try:
results = reader.readtext(str(frame_path), detail=0)
return "\n".join(results).strip()
except Exception as e:
print(f"[!] OCR failed for {frame_path}: {e}")
return ""
def run_ocr_on_frames(
frames: list[Path], ocr_engine: str = "tesseract", workers: int = 4
) -> dict[Path, str]:
"""Run OCR on frames. Tesseract runs in parallel; EasyOCR sequentially.
Returns {frame_path: text}."""
if not frames:
return {}
results = {}
if ocr_engine == "easyocr":
if not EASYOCR_AVAILABLE:
sys.exit(
"EasyOCR was explicitly requested but is not installed.\n"
" Install: pip install torch torchvision --index-url "
"https://download.pytorch.org/whl/cpu && pip install easyocr\n"
" Or use: --ocr-engine tesseract"
)
else:
print("[*] Initializing EasyOCR (this may take a moment) …")
reader = easyocr.Reader(["en"], gpu=False, verbose=False)
if ocr_engine == "tesseract" and not TESSERACT_AVAILABLE:
print("[!] Tesseract/pytesseract not installed, skipping OCR")
return {}
print(f"[*] Running OCR on {len(frames)} frames ({ocr_engine}) …")
if ocr_engine == "easyocr":
# EasyOCR doesn't parallelize well, run sequentially
for i, frame in enumerate(frames):
results[frame] = ocr_frame_easyocr(frame, reader)
if (i + 1) % 10 == 0:
print(f" → processed {i + 1}/{len(frames)} frames")
else:
# Tesseract can run in parallel
with ThreadPoolExecutor(max_workers=workers) as executor:
future_to_frame = {
executor.submit(ocr_frame_tesseract, f): f for f in frames
}
for i, future in enumerate(as_completed(future_to_frame)):
frame = future_to_frame[future]
try:
results[frame] = future.result()
except Exception as e:
print(f"[!] OCR failed for {frame}: {e}")
results[frame] = ""
if (i + 1) % 10 == 0:
print(f" → processed {i + 1}/{len(frames)} frames")
# Count frames with meaningful text
with_text = sum(1 for t in results.values() if len(t) > 10)
print(f" → found text in {with_text}/{len(frames)} frames")
return results
# ---------------------------------------------------------------------------
# Color palette extraction
# ---------------------------------------------------------------------------
def extract_color_palette(frame_path: Path, color_count: int = 6) -> list[tuple]:
"""Extract dominant colors from a frame. Returns list of RGB tuples."""
if not COLORTHIEF_AVAILABLE:
return []
try:
ct = ColorThief(str(frame_path))
palette = ct.get_palette(color_count=color_count, quality=5)
return palette
except Exception as e:
print(f"[!] Color extraction failed for {frame_path}: {e}")
return []
def rgb_to_hex(rgb: tuple) -> str:
"""Convert RGB tuple to hex color string."""
return "#{:02x}{:02x}{:02x}".format(*rgb)
def analyze_color_palettes(frames: list[Path], sample_size: int = 10) -> dict:
"""Analyze color palettes across sampled frames."""
if not COLORTHIEF_AVAILABLE:
return {}
if not frames:
return {}
# Sample frames evenly across the video
step = max(1, len(frames) // sample_size)
sampled = frames[::step][:sample_size]
print(f"[*] Extracting color palettes from {len(sampled)} frames …")
all_colors = []
for frame in sampled:
palette = extract_color_palette(frame)
all_colors.extend(palette)
if not all_colors:
return {}
# Find most common colors (rounded to reduce similar colors)
def round_color(rgb, bucket_size=32):
return tuple((c // bucket_size) * bucket_size for c in rgb)
rounded = [round_color(c) for c in all_colors]
most_common = Counter(rounded).most_common(12)
return {
"dominant_colors": [rgb_to_hex(c) for c, _ in most_common[:6]],
"all_sampled_colors": [rgb_to_hex(c) for c in all_colors[:24]],
}
# ---------------------------------------------------------------------------
# Markdown assembly
# ---------------------------------------------------------------------------
def fmt_timestamp(seconds: float) -> str:
m, s = divmod(int(seconds), 60)
h, m = divmod(m, 60)
if h:
return f"{h}:{m:02d}:{s:02d}"
return f"{m}:{s:02d}"
def group_transcript(entries: list[dict], chunk_seconds: int = 60) -> list[dict]:
"""Merge transcript snippets into chunks of at least `chunk_seconds` duration."""
if not entries:
return []
groups = []
current = {"start": entries[0]["start"], "text": ""}
for e in entries:
if e["start"] - current["start"] >= chunk_seconds and current["text"]:
groups.append(current)
current = {"start": e["start"], "text": ""}
current["text"] += " " + e["text"]
if current["text"]:
groups.append(current)
for g in groups:
g["text"] = g["text"].strip()
return groups
def build_markdown(
meta: dict,
transcript: list[dict] | None,
interval_frames: list[Path],
scene_frames: list[Path],
out_dir: Path,
interval: int,
ocr_results: Optional[dict[Path, str]] = None,
color_analysis: Optional[dict] = None,
) -> Path:
"""Assemble the final reference markdown document."""
title = meta.get("title", "Untitled Video")
channel = meta.get("channel", meta.get("uploader", "Unknown"))
duration = meta.get("duration", 0)
description = meta.get("description", "")
chapters = meta.get("chapters") or []
video_url = meta.get("webpage_url", "")
tags = meta.get("tags") or []
ocr_results = ocr_results or {}
color_analysis = color_analysis or {}
lines: list[str] = []
# --- Header ---
lines.append(f"# {title}\n")
lines.append(f"> **Source:** [{channel}]({video_url}) ")
lines.append(f"> **Duration:** {fmt_timestamp(duration)} ")
lines.append(f"> **Extracted:** {datetime.now().strftime('%Y-%m-%d %H:%M')} ")
if tags:
lines.append(f"> **Tags:** {', '.join(tags[:15])}")
lines.append("")
# --- Color Palette (if extracted) ---
if color_analysis.get("dominant_colors"):
lines.append("## Color Palette\n")
lines.append("Dominant colors detected across the video:\n")
colors = color_analysis["dominant_colors"]
# Create color swatches as a table
lines.append("| Color | Hex |")
lines.append("|-------|-----|")
for hex_color in colors:
# Unicode block for color preview (won't show actual color but placeholder)
lines.append(f"| ████ | `{hex_color}` |")
lines.append("")
lines.append(f"*Full palette: {', '.join(f'`{c}`' for c in colors)}*\n")
# --- Description ---
if description:
lines.append("## Video Description\n")
# Trim excessively long descriptions
desc = description[:3000]
lines.append(f"```\n{desc}\n```\n")
# --- Chapters ---
if chapters:
lines.append("## Chapters\n")
lines.append("| Timestamp | Title |")
lines.append("|-----------|-------|")
for ch in chapters:
ts = fmt_timestamp(ch.get("start_time", 0))
lines.append(f"| `{ts}` | {ch.get('title', '')} |")
lines.append("")
# --- Transcript ---
if transcript:
grouped = group_transcript(transcript, chunk_seconds=60)
lines.append("## Transcript\n")
lines.append("<details><summary>Full transcript (click to expand)</summary>\n")
for g in grouped:
ts = fmt_timestamp(g["start"])
lines.append(f"**[{ts}]** {g['text']}\n")
lines.append("</details>\n")
# Also create a condensed key-points section with timestamps
lines.append("## Transcript (Condensed Segments)\n")
lines.append("Use these timestamped segments to cross-reference with frames.\n")
for g in grouped:
ts = fmt_timestamp(g["start"])
# First ~200 chars of each chunk as a preview
preview = g["text"][:200]
if len(g["text"]) > 200:
preview += ""
lines.append(f"- **`{ts}`** — {preview}")
lines.append("")
# --- Keyframes ---
all_frames = []
if interval_frames:
lines.append(f"## Keyframes (every {interval}s)\n")
lines.append("Visual reference frames captured at regular intervals.\n")
for i, f in enumerate(interval_frames):
rel = os.path.relpath(f, out_dir)
ts = fmt_timestamp(i * interval)
lines.append(f"### Frame at `{ts}`\n")
lines.append(f"![frame-{ts}]({rel})\n")
# Include OCR text if available
ocr_text = ocr_results.get(f, "").strip()
if ocr_text and len(ocr_text) > 5:
lines.append("<details><summary>📝 Text detected in frame</summary>\n")
lines.append(f"```\n{ocr_text}\n```")
lines.append("</details>\n")
all_frames.append((ts, rel, ocr_text))
lines.append("")
if scene_frames:
lines.append("## Scene-Change Frames\n")
lines.append("Frames captured when the visual content changed significantly.\n")
for i, f in enumerate(scene_frames):
rel = os.path.relpath(f, out_dir)
lines.append(f"### Scene {i + 1}\n")
lines.append(f"![scene-{i + 1}]({rel})\n")
# Include OCR text if available
ocr_text = ocr_results.get(f, "").strip()
if ocr_text and len(ocr_text) > 5:
lines.append("<details><summary>📝 Text detected in frame</summary>\n")
lines.append(f"```\n{ocr_text}\n```")
lines.append("</details>\n")
lines.append("")
# --- Visual Text Index (OCR summary) ---
frames_with_text = [
(ts, rel, txt) for ts, rel, txt in all_frames if txt and len(txt) > 10
]
if frames_with_text:
lines.append("## Visual Text Index\n")
lines.append("Searchable index of all text detected in video frames.\n")
lines.append("| Timestamp | Key Text (preview) |")
lines.append("|-----------|-------------------|")
for ts, rel, txt in frames_with_text:
# First line or first 80 chars as preview
preview = txt.split("\n")[0][:80].replace("|", "\\|")
if len(txt) > 80:
preview += ""
lines.append(f"| `{ts}` | {preview} |")
lines.append("")
# Full text dump for searchability
lines.append("### All Detected Text (Full)\n")
lines.append("<details><summary>Click to expand full OCR text</summary>\n")
for ts, rel, txt in frames_with_text:
lines.append(f"**[{ts}]**")
lines.append(f"```\n{txt}\n```\n")
lines.append("</details>\n")
# --- Frame index (for quick reference) ---
if all_frames:
lines.append("## Frame Index\n")
lines.append("| Timestamp | File | Has Text |")
lines.append("|-----------|------|----------|")
for ts, rel, txt in all_frames:
has_text = "" if txt and len(txt) > 10 else ""
lines.append(f"| `{ts}` | `{rel}` | {has_text} |")
lines.append("")
# --- Footer ---
lines.append("---\n")
lines.append("*Generated by `yt-design-extractor.py` — review and curate ")
lines.append("the content above, then feed this file to your agent.*\n")
md_path = out_dir / "extracted-reference.md"
md_path.write_text("\n".join(lines), encoding="utf-8")
print(f"[✓] Markdown reference written to {md_path}")
return md_path
# ---------------------------------------------------------------------------
# Main
# ---------------------------------------------------------------------------
def main():
parser = argparse.ArgumentParser(
description="Extract design concepts from a YouTube video into a "
"structured markdown reference document.",
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog=textwrap.dedent("""\
Examples:
%(prog)s "https://youtu.be/eVnQFWGDEdY"
%(prog)s "https://youtu.be/eVnQFWGDEdY" --full
%(prog)s "https://youtu.be/eVnQFWGDEdY" --interval 15 --scene-detect --ocr
%(prog)s "https://youtu.be/eVnQFWGDEdY" --ocr --ocr-engine easyocr --colors
%(prog)s "https://youtu.be/eVnQFWGDEdY" -o ./my-output
"""),
)
parser.add_argument("url", help="YouTube video URL or ID")
parser.add_argument(
"-o",
"--output-dir",
help="Output directory (default: ./yt-extract-<video_id>)",
)
parser.add_argument(
"--interval",
type=int,
default=30,
help="Seconds between keyframe captures (default: 30)",
)
parser.add_argument(
"--scene-detect",
action="store_true",
help="Also extract frames on scene changes (good for visual-heavy videos)",
)
parser.add_argument(
"--scene-threshold",
type=float,
default=0.3,
help="Scene change sensitivity 0.0-1.0, lower = more frames (default: 0.3)",
)
parser.add_argument(
"--transcript-only",
action="store_true",
help="Skip video download, only fetch transcript + metadata",
)
parser.add_argument(
"--chunk-seconds",
type=int,
default=60,
help="Group transcript into chunks of N seconds (default: 60)",
)
parser.add_argument(
"--ocr",
action="store_true",
help="Run OCR on frames to extract on-screen text",
)
parser.add_argument(
"--ocr-engine",
choices=["tesseract", "easyocr"],
default="tesseract",
help="OCR engine: 'tesseract' (fast) or 'easyocr' (better for stylized text)",
)
parser.add_argument(
"--colors",
action="store_true",
help="Extract color palette from frames",
)
parser.add_argument(
"--full",
action="store_true",
help="Enable all features: scene-detect, OCR, and color extraction",
)
args = parser.parse_args()
# --full enables everything
if args.full:
args.scene_detect = True
args.ocr = True
args.colors = True
# Upfront dependency checks
if not shutil.which("yt-dlp"):
sys.exit(
"Required tool 'yt-dlp' not found on PATH. Install with: pip install yt-dlp"
)
if not args.transcript_only and not shutil.which("ffmpeg"):
sys.exit(
"Required tool 'ffmpeg' not found on PATH. "
"Install with: make install-ocr (or: brew install ffmpeg)"
)
video_id = extract_video_id(args.url)
out_dir = Path(args.output_dir or f"./yt-extract-{video_id}")
out_dir.mkdir(parents=True, exist_ok=True)
# 1. Metadata
meta = get_video_metadata(args.url)
# Dump raw metadata for future reference
(out_dir / "metadata.json").write_text(
json.dumps(meta, indent=2, default=str), encoding="utf-8"
)
print(f" Title: {meta.get('title')}")
print(f" Channel: {meta.get('channel', meta.get('uploader'))}")
print(f" Duration: {fmt_timestamp(meta.get('duration', 0))}")
# 2. Transcript
transcript = get_transcript(video_id)
# 3. Keyframes
interval_frames: list[Path] = []
scene_frames: list[Path] = []
# OCR and color analysis results
ocr_results: dict[Path, str] = {}
color_analysis: dict = {}
if not args.transcript_only:
video_path = download_video(args.url, out_dir)
try:
interval_frames = extract_frames_interval(
video_path, out_dir, interval=args.interval
)
if args.scene_detect:
scene_frames = extract_frames_scene(
video_path, out_dir, threshold=args.scene_threshold
)
finally:
# Always clean up video file to save space
print("[*] Removing downloaded video to save space …")
video_path.unlink(missing_ok=True)
# 4. OCR extraction
if args.ocr:
all_frames_for_ocr = interval_frames + scene_frames
ocr_results = run_ocr_on_frames(
all_frames_for_ocr,
ocr_engine=args.ocr_engine,
)
# Save OCR results to JSON for reuse
ocr_json = {str(k): v for k, v in ocr_results.items()}
(out_dir / "ocr-results.json").write_text(
json.dumps(ocr_json, indent=2), encoding="utf-8"
)
# 5. Color palette analysis
if args.colors:
all_frames_for_color = interval_frames + scene_frames
color_analysis = analyze_color_palettes(all_frames_for_color)
if color_analysis:
(out_dir / "color-palette.json").write_text(
json.dumps(color_analysis, indent=2), encoding="utf-8"
)
else:
print("[*] --transcript-only: skipping video download")
# 6. Build markdown
md_path = build_markdown(
meta,
transcript,
interval_frames,
scene_frames,
out_dir,
args.interval,
ocr_results=ocr_results,
color_analysis=color_analysis,
)
# Summary
print("\n" + "=" * 60)
print("DONE! Output directory:", out_dir)
print("=" * 60)
print(f" Reference doc : {md_path}")
print(f" Metadata : {out_dir / 'metadata.json'}")
if interval_frames:
print(f" Interval frames: {len(interval_frames)} in frames/")
if scene_frames:
print(f" Scene frames : {len(scene_frames)} in frames_scene/")
if ocr_results:
frames_with_text = sum(1 for t in ocr_results.values() if len(t) > 10)
print(
f" OCR results : {frames_with_text} frames with text → ocr-results.json"
)
if color_analysis:
print(
f" Color palette : {len(color_analysis.get('dominant_colors', []))} colors → color-palette.json"
)
print()
print("Next steps:")
print(" 1. Review extracted-reference.md")
print(" 2. Curate/annotate the content for your agent")
print(" 3. Feed the file to Claude to generate a SKILL.md or agent definition")
if __name__ == "__main__":
main()