agent-bot/takt
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

resolved #45

Browse Source
This commit is contained in:
nrslib 2026-01-31 09:40:36 +09:00
parent 2cfe77977c
commit 6468fa6345
5 changed files with 1065 additions and 1410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

574
resources/global/en/workflows/expert-cqrs.yaml
View File

@ -2,13 +2,12 @@
# Review workflow with CQRS+ES, Frontend, Security, and QA experts # Review workflow with CQRS+ES, Frontend, Security, and QA experts
# #
# Flow: # Flow:
# plan -> implement -> ai_review -> cqrs_es_review -> frontend_review -> security_review -> qa_review -> supervise -> COMPLETE # plan -> implement -> ai_review -> reviewers (parallel) -> supervise -> COMPLETE
# ↓ ↓ ↓ ↓ ↓ ↓ # ↓ ├─ cqrs-es-review ↓
# ai_fix fix_cqrs_es fix_frontend fix_security fix_qa fix_supervisor # ai_fix ├─ frontend-review fix_supervisor
# # ├─ security-review
# Fix destination is determined by Coder based on change impact: # └─ qa-review
# - fix_security: MINOR->security_review, MAJOR->cqrs_es_review # any("needs_fix") → fix → reviewers
# - fix_qa: MINOR->qa_review, SECURITY->security_review, MAJOR->cqrs_es_review
# #
# Template Variables: # Template Variables:
# {iteration} - Workflow-wide turn count (total steps executed across all agents) # {iteration} - Workflow-wide turn count (total steps executed across all agents)
@ -190,7 +189,7 @@ steps:
- Scope creep detection - Scope creep detection
rules: rules:
- condition: No AI-specific issues found - condition: No AI-specific issues found
next: cqrs_es_review next: reviewers
- condition: AI-specific issues detected - condition: AI-specific issues detected
next: ai_fix next: ai_fix
@ -224,331 +223,220 @@ steps:
next: plan next: plan
# =========================================== # ===========================================
# Phase 3: CQRS+ES Review # Phase 3: Expert Reviews (Parallel)
# =========================================== # ===========================================
- name: cqrs_es_review - name: reviewers
edit: false parallel:
agent: ../agents/expert-cqrs/cqrs-es-reviewer.md - name: cqrs-es-review
report: edit: false
name: 04-cqrs-es-review.md agent: ../agents/expert-cqrs/cqrs-es-reviewer.md
format: | report:
```markdown name: 04-cqrs-es-review.md
# CQRS+ES Review format: |
```markdown
# CQRS+ES Review
## Result: APPROVE / REJECT ## Result: APPROVE / REJECT
## Summary ## Summary
{1-2 sentences summarizing result} {1-2 sentences summarizing result}
## Reviewed Perspectives ## Reviewed Perspectives
| Perspective | Result | Notes | | Perspective | Result | Notes |
|-------------|--------|-------| |-------------|--------|-------|
| Aggregate Design | ✅ | - | | Aggregate Design | ✅ | - |
| Event Design | ✅ | - | | Event Design | ✅ | - |
| Command/Query Separation | ✅ | - | | Command/Query Separation | ✅ | - |
| Projections | ✅ | - | | Projections | ✅ | - |
| Eventual Consistency | ✅ | - | | Eventual Consistency | ✅ | - |
## Issues (if REJECT) ## Issues (if REJECT)
| # | Location | Issue | Fix | | # | Location | Issue | Fix |
|---|----------|-------|-----| |---|----------|-------|-----|
| 1 | `src/file.ts:42` | Issue description | Fix method | | 1 | `src/file.ts:42` | Issue description | Fix method |
``` ```
allowed_tools: allowed_tools:
- Read - Read
- Glob - Glob
- Grep - Grep
- Write - Write
- WebSearch - WebSearch
- WebFetch - WebFetch
instruction_template: | rules:
Review the changes above from the CQRS (Command Query Responsibility Segregation) - condition: approved
and Event Sourcing perspective. - condition: needs_fix
instruction_template: |
Review the changes from the CQRS (Command Query Responsibility Segregation)
and Event Sourcing perspective. Do NOT review AI-specific issues (that's the ai_review step).
**Review Criteria:** **Review Criteria:**
- Aggregate design validity - Aggregate design validity
- Event design (granularity, naming, schema) - Event design (granularity, naming, schema)
- Command/Query separation - Command/Query separation
- Projection design - Projection design
- Eventual consistency considerations - Eventual consistency considerations
**Note**: If this project does not use CQRS+ES patterns, **Note**: If this project does not use CQRS+ES patterns,
review from a general domain design perspective. review from a general domain design perspective.
- name: frontend-review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# Frontend Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Component Design | ✅ | - |
| State Management | ✅ | - |
| Performance | ✅ | - |
| Accessibility | ✅ | - |
| Type Safety | ✅ | - |
## Issues (if REJECT)
| # | Location | Issue | Fix |
|---|----------|-------|-----|
| 1 | `src/file.tsx:42` | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Review the changes from the frontend development perspective.
**Review Criteria:**
- Component design (separation of concerns, granularity)
- State management (local/global decisions)
- Performance (re-rendering, memoization)
- Accessibility (keyboard support, ARIA)
- Data fetching patterns
- TypeScript type safety
**Note**: If this project does not include frontend code,
approve and proceed to the next step.
- name: security-review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# Security Review
## Result: APPROVE / REJECT
## Severity: None / Low / Medium / High / Critical
## Check Results
| Category | Result | Notes |
|----------|--------|-------|
| Injection | ✅ | - |
| Auth/Authz | ✅ | - |
| Data Protection | ✅ | - |
| Dependencies | ✅ | - |
## Vulnerabilities (if REJECT)
| # | Severity | Type | Location | Fix |
|---|----------|------|----------|-----|
| 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
## Warnings (non-blocking)
- {Security recommendations}
```
**Cognitive load reduction rules:**
- No issues -> Check table only (10 lines or less)
- Warnings -> + Warnings 1-2 lines (15 lines or less)
- Vulnerabilities -> + Table format (30 lines or less)
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Perform security review on the changes. Check for vulnerabilities including:
- Injection attacks (SQL, Command, XSS)
- Authentication/Authorization issues
- Data exposure risks
- Cryptographic weaknesses
- name: qa-review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QA Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Test Coverage | ✅ | - |
| Test Quality | ✅ | - |
| Error Handling | ✅ | - |
| Documentation | ✅ | - |
| Maintainability | ✅ | - |
## Issues (if REJECT)
| # | Category | Issue | Fix |
|---|----------|-------|-----|
| 1 | Testing | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Review the changes from the quality assurance perspective.
**Review Criteria:**
- Test coverage and quality
- Test strategy (unit/integration/E2E)
- Documentation (in-code and external)
- Error handling
- Logging and monitoring
- Maintainability
rules: rules:
- condition: CQRS+ES design is sound with no issues - condition: all("approved")
next: frontend_review
- condition: CQRS+ES design issues found
next: fix_cqrs_es
- name: fix_cqrs_es
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## CQRS+ES Review Feedback (This is the latest instruction - prioritize this)
{previous_response}
**Important**: Fix the issues pointed out by the CQRS+ES expert.
Areas of concern:
- Aggregate design
- Event design
- Command/Query separation
- Projections
- Eventual consistency
pass_previous_response: true
rules:
- condition: CQRS+ES issues have been fixed
next: cqrs_es_review
- condition: Unable to proceed with fixes
next: plan
# ===========================================
# Phase 4: Frontend Review
# ===========================================
- name: frontend_review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# Frontend Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Component Design | ✅ | - |
| State Management | ✅ | - |
| Performance | ✅ | - |
| Accessibility | ✅ | - |
| Type Safety | ✅ | - |
## Issues (if REJECT)
| # | Location | Issue | Fix |
|---|----------|-------|-----|
| 1 | `src/file.tsx:42` | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
Review the changes above from the frontend development perspective.
**Review Criteria:**
- Component design (separation of concerns, granularity)
- State management (local/global decisions)
- Performance (re-rendering, memoization)
- Accessibility (keyboard support, ARIA)
- Data fetching patterns
- TypeScript type safety
**Note**: If this project does not include frontend code,
approve and proceed to the next step.
rules:
- condition: Frontend design is sound with no issues
next: security_review
- condition: Frontend design issues found
next: fix_frontend
- name: fix_frontend
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Frontend Review Feedback (This is the latest instruction - prioritize this)
{previous_response}
**Important**: Fix the issues pointed out by the frontend expert.
Areas of concern:
- Component design
- State management
- Performance
- Accessibility
- Type safety
pass_previous_response: true
rules:
- condition: Frontend issues have been fixed
next: frontend_review
- condition: Unable to proceed with fixes
next: plan
# ===========================================
# Phase 5: Security Review
# ===========================================
- name: security_review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# Security Review
## Result: APPROVE / REJECT
## Severity: None / Low / Medium / High / Critical
## Check Results
| Category | Result | Notes |
|----------|--------|-------|
| Injection | ✅ | - |
| Auth/Authz | ✅ | - |
| Data Protection | ✅ | - |
| Dependencies | ✅ | - |
## Vulnerabilities (if REJECT)
| # | Severity | Type | Location | Fix |
|---|----------|------|----------|-----|
| 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
## Warnings (non-blocking)
- {Security recommendations}
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
Review the changes above from the security perspective.
**Review Criteria:**
- Injection attacks (SQL, command, XSS)
- Authentication/authorization flaws
- Sensitive information handling
- Encryption appropriateness
- OWASP Top 10
rules:
- condition: No security issues found
next: qa_review
- condition: Security vulnerabilities detected
next: fix_security
- name: fix_security
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Security Review Feedback (This is the latest instruction - prioritize this)
{previous_response}
**Important**: Fix the issues pointed out by the security expert.
Security issues should be addressed with highest priority.
Areas of concern:
- Injection vulnerabilities
- Authentication/authorization flaws
- Sensitive information exposure
- Encryption issues
## Completion: Determine Change Impact
When fix is complete, judge the **impact scope of changes**:
- Minor fix (re-run security review only)
- Examples: Add validation, add escaping, configuration changes
- Major fix (restart from CQRS+ES review)
- Examples: Data flow changes, API design changes, auth method changes, domain model changes
pass_previous_response: true
rules:
- condition: Minor security fix is complete
next: security_review
- condition: Major fix applied requiring CQRS+ES re-review
next: cqrs_es_review
- condition: Unable to proceed with fixes
next: plan
# ===========================================
# Phase 6: QA Review
# ===========================================
- name: qa_review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QA Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Test Coverage | ✅ | - |
| Test Quality | ✅ | - |
| Error Handling | ✅ | - |
| Documentation | ✅ | - |
| Maintainability | ✅ | - |
## Issues (if REJECT)
| # | Category | Issue | Fix |
|---|----------|-------|-----|
| 1 | Testing | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
Review the changes above from the quality assurance perspective.
**Review Criteria:**
- Test coverage and quality
- Test strategy (unit/integration/E2E)
- Documentation (in-code and external)
- Error handling
- Logging and monitoring
- Maintainability
rules:
- condition: Quality standards are met
next: supervise next: supervise
- condition: Quality issues found - condition: any("needs_fix")
next: fix_qa next: fix
- name: fix_qa - name: fix
edit: true edit: true
agent: ../agents/default/coder.md agent: ../agents/default/coder.md
allowed_tools: allowed_tools:
@ -560,41 +448,23 @@ steps:
- Bash - Bash
- WebSearch - WebSearch
- WebFetch - WebFetch
permission_mode: acceptEdits
rules:
- condition: Fix complete
next: reviewers
- condition: Cannot proceed, insufficient info
next: plan
instruction_template: | instruction_template: |
## QA Review Feedback (This is the latest instruction - prioritize this) ## Review Feedback (This is the latest instruction - prioritize this)
{previous_response} {previous_response}
**Important**: Fix the issues pointed out by the QA expert. **Important**: Address the feedback from the reviewers.
The "Original User Request" is reference information, not the latest instruction.
Areas of concern: Review the session conversation history and fix the issues raised by the reviewers.
- Adding/improving tests
- Adding/fixing documentation
- Error handling
- Log output
- Code quality
## Completion: Determine Change Impact
When fix is complete, judge the **impact scope of changes**:
- Minor fix (re-run QA review only)
- Examples: Add tests, add documentation, add logs, add comments
- Security-impacting fix (restart from security review)
- Examples: Error handling changes (error message content changes), input validation changes
- Major fix (restart from CQRS+ES review)
- Examples: Business logic changes, data model changes, API changes
pass_previous_response: true pass_previous_response: true
rules:
- condition: Minor QA fix is complete
next: qa_review
- condition: Security-impacting fix applied
next: security_review
- condition: Major fix applied requiring CQRS+ES re-review
next: cqrs_es_review
- condition: Unable to proceed with fixes
next: plan
# =========================================== # ===========================================
# Phase 7: Supervision # Phase 4: Supervision
# =========================================== # ===========================================
- name: supervise - name: supervise
edit: false edit: false

578
resources/global/en/workflows/expert.yaml
View File

@ -2,17 +2,16 @@
# Review workflow with Architecture, Frontend, Security, and QA experts # Review workflow with Architecture, Frontend, Security, and QA experts
# #
# Flow: # Flow:
# plan -> implement -> ai_review -> architect_review -> frontend_review -> security_review -> qa_review -> supervise -> COMPLETE # plan -> implement -> ai_review -> reviewers (parallel) -> supervise -> COMPLETE
# ↓ ↓ ↓ ↓ ↓ ↓ ↓ # ↓ ├─ arch-review ↓
# ai_fix fix_architect fix_frontend fix_security fix_qa fix_supervisor # ai_fix ├─ frontend-review fix_supervisor
# ├─ security-review
# └─ qa-review
# any("needs_fix") → fix → reviewers
# #
# AI review runs immediately after implementation to catch AI-specific issues early, # AI review runs immediately after implementation to catch AI-specific issues early,
# before expert reviews begin. # before expert reviews begin.
# #
# Fix destination is determined by Coder based on change impact:
# - fix_security: MINOR->security_review, MAJOR->architect_review
# - fix_qa: MINOR->qa_review, SECURITY->security_review, MAJOR->architect_review
#
# Boilerplate sections (Workflow Context, User Request, Previous Response, # Boilerplate sections (Workflow Context, User Request, Previous Response,
# Additional User Inputs, Instructions heading) are auto-injected by buildInstruction(). # Additional User Inputs, Instructions heading) are auto-injected by buildInstruction().
# Only step-specific content belongs in instruction_template. # Only step-specific content belongs in instruction_template.
@ -202,7 +201,7 @@ steps:
- Scope creep detection - Scope creep detection
rules: rules:
- condition: No AI-specific issues found - condition: No AI-specific issues found
next: architect_review next: reviewers
- condition: AI-specific issues detected - condition: AI-specific issues detected
next: ai_fix next: ai_fix
@ -236,69 +235,224 @@ steps:
next: plan next: plan
# =========================================== # ===========================================
# Phase 3: Architecture Review # Phase 3: Expert Reviews (Parallel)
# =========================================== # ===========================================
- name: architect_review - name: reviewers
edit: false parallel:
agent: ../agents/default/architecture-reviewer.md - name: arch-review
report: edit: false
name: 04-architect-review.md agent: ../agents/default/architecture-reviewer.md
format: | report:
```markdown name: 04-architect-review.md
# Architecture Review format: |
```markdown
# Architecture Review
## Result: APPROVE / IMPROVE / REJECT ## Result: APPROVE / IMPROVE / REJECT
## Summary ## Summary
{1-2 sentences summarizing result} {1-2 sentences summarizing result}
## Reviewed Aspects ## Reviewed Aspects
- [x] Structure/Design - [x] Structure/Design
- [x] Code Quality - [x] Code Quality
- [x] Change Scope - [x] Change Scope
- [x] Test Coverage - [x] Test Coverage
- [x] Dead Code - [x] Dead Code
- [x] Call Chain Verification - [x] Call Chain Verification
## Issues (if REJECT) ## Issues (if REJECT)
| # | Location | Issue | Fix | | # | Location | Issue | Fix |
|---|----------|-------|-----| |---|----------|-------|-----|
| 1 | `src/file.ts:42` | Issue description | Fix method | | 1 | `src/file.ts:42` | Issue description | Fix method |
## Improvement Suggestions (optional - non-blocking) ## Improvement Suggestions (optional - non-blocking)
- {Future improvement suggestions} - {Future improvement suggestions}
``` ```
**Cognitive load reduction rules:** **Cognitive load reduction rules:**
- APPROVE + no issues -> Summary only (5 lines or less) - APPROVE + no issues -> Summary only (5 lines or less)
- APPROVE + minor suggestions -> Summary + suggestions (15 lines or less) - APPROVE + minor suggestions -> Summary + suggestions (15 lines or less)
- REJECT -> Issues in table format (30 lines or less) - REJECT -> Issues in table format (30 lines or less)
allowed_tools: allowed_tools:
- Read - Read
- Glob - Glob
- Grep - Grep
- Write - Write
- WebSearch - WebSearch
- WebFetch - WebFetch
instruction_template: | rules:
Focus on **architecture and design** review. - condition: approved
- condition: needs_fix
instruction_template: |
Focus on **architecture and design** review. Do NOT review AI-specific issues (that's the ai_review step).
**Review Criteria:** **Review Criteria:**
- Structure/design validity - Structure/design validity
- Code quality - Code quality
- Change scope appropriateness - Change scope appropriateness
- Test coverage - Test coverage
- Dead code - Dead code
- Call chain verification - Call chain verification
- name: frontend-review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# Frontend Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Component Design | ✅ | - |
| State Management | ✅ | - |
| Performance | ✅ | - |
| Accessibility | ✅ | - |
| Type Safety | ✅ | - |
## Issues (if REJECT)
| # | Location | Issue | Fix |
|---|----------|-------|-----|
| 1 | `src/file.tsx:42` | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Review the changes from the frontend development perspective.
**Review Criteria:**
- Component design (separation of concerns, granularity)
- State management (local/global decisions)
- Performance (re-rendering, memoization)
- Accessibility (keyboard support, ARIA)
- Data fetching patterns
- TypeScript type safety
**Note**: If this project does not include frontend code,
approve and proceed to the next step.
- name: security-review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# Security Review
## Result: APPROVE / REJECT
## Severity: None / Low / Medium / High / Critical
## Check Results
| Category | Result | Notes |
|----------|--------|-------|
| Injection | ✅ | - |
| Auth/Authz | ✅ | - |
| Data Protection | ✅ | - |
| Dependencies | ✅ | - |
## Vulnerabilities (if REJECT)
| # | Severity | Type | Location | Fix |
|---|----------|------|----------|-----|
| 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
## Warnings (non-blocking)
- {Security recommendations}
```
**Cognitive load reduction rules:**
- No issues -> Check table only (10 lines or less)
- Warnings -> + Warnings 1-2 lines (15 lines or less)
- Vulnerabilities -> + Table format (30 lines or less)
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Perform security review on the changes. Check for vulnerabilities including:
- Injection attacks (SQL, Command, XSS)
- Authentication/Authorization issues
- Data exposure risks
- Cryptographic weaknesses
- name: qa-review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QA Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Test Coverage | ✅ | - |
| Test Quality | ✅ | - |
| Error Handling | ✅ | - |
| Documentation | ✅ | - |
| Maintainability | ✅ | - |
## Issues (if REJECT)
| # | Category | Issue | Fix |
|---|----------|-------|-----|
| 1 | Testing | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
Review the changes from the quality assurance perspective.
**Review Criteria:**
- Test coverage and quality
- Test strategy (unit/integration/E2E)
- Documentation (in-code and external)
- Error handling
- Logging and monitoring
- Maintainability
rules: rules:
- condition: No architecture or design issues found - condition: all("approved")
next: frontend_review next: supervise
- condition: Minor improvements needed but no structural issues - condition: any("needs_fix")
next: fix_architect next: fix
- condition: Structural issues found that require fixes
next: fix_architect
- name: fix_architect - name: fix
edit: true edit: true
agent: ../agents/default/coder.md agent: ../agents/default/coder.md
allowed_tools: allowed_tools:
@ -311,304 +465,22 @@ steps:
- WebSearch - WebSearch
- WebFetch - WebFetch
permission_mode: acceptEdits permission_mode: acceptEdits
rules:
- condition: Fix complete
next: reviewers
- condition: Cannot proceed, insufficient info
next: plan
instruction_template: | instruction_template: |
## Architect Feedback (This is the latest instruction - prioritize this) ## Review Feedback (This is the latest instruction - prioritize this)
{previous_response} {previous_response}
**Important**: Address the Architect's feedback. **Important**: Address the feedback from the reviewers.
"Original User Request" is for reference; it's not the latest instruction. The "Original User Request" is reference information, not the latest instruction.
Review the session conversation history and fix the Architect's issues. Review the session conversation history and fix the issues raised by the reviewers.
pass_previous_response: true pass_previous_response: true
rules:
- condition: Architect's issues have been fixed
next: architect_review
- condition: Unable to proceed with fixes
next: plan
# =========================================== # ===========================================
# Phase 4: Frontend Review # Phase 4: Supervision
# ===========================================
- name: frontend_review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# Frontend Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Component Design | ✅ | - |
| State Management | ✅ | - |
| Performance | ✅ | - |
| Accessibility | ✅ | - |
| Type Safety | ✅ | - |
## Issues (if REJECT)
| # | Location | Issue | Fix |
|---|----------|-------|-----|
| 1 | `src/file.tsx:42` | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
Review the changes from the frontend development perspective.
**Review Criteria:**
- Component design (separation of concerns, granularity)
- State management (local/global decisions)
- Performance (re-rendering, memoization)
- Accessibility (keyboard support, ARIA)
- Data fetching patterns
- TypeScript type safety
**Note**: If this project does not include frontend code,
approve and proceed to the next step.
rules:
- condition: Frontend design is sound with no issues
next: security_review
- condition: Frontend design issues found
next: fix_frontend
- name: fix_frontend
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Frontend Review Feedback (This is the latest instruction - prioritize this)
{previous_response}
**Important**: Fix the issues pointed out by the frontend expert.
Areas of concern:
- Component design
- State management
- Performance
- Accessibility
- Type safety
pass_previous_response: true
rules:
- condition: Frontend issues have been fixed
next: frontend_review
- condition: Unable to proceed with fixes
next: plan
# ===========================================
# Phase 5: Security Review
# ===========================================
- name: security_review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# Security Review
## Result: APPROVE / REJECT
## Severity: None / Low / Medium / High / Critical
## Check Results
| Category | Result | Notes |
|----------|--------|-------|
| Injection | ✅ | - |
| Auth/Authz | ✅ | - |
| Data Protection | ✅ | - |
| Dependencies | ✅ | - |
## Vulnerabilities (if REJECT)
| # | Severity | Type | Location | Fix |
|---|----------|------|----------|-----|
| 1 | High | SQLi | `src/db.ts:42` | Use parameterized query |
## Warnings (non-blocking)
- {Security recommendations}
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
Review the changes from the security perspective.
**Review Criteria:**
- Injection attacks (SQL, command, XSS)
- Authentication/authorization flaws
- Sensitive information handling
- Encryption appropriateness
- OWASP Top 10
rules:
- condition: No security issues found
next: qa_review
- condition: Security vulnerabilities detected
next: fix_security
- name: fix_security
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Security Review Feedback (This is the latest instruction - prioritize this)
{previous_response}
**Important**: Fix the issues pointed out by the security expert.
Security issues should be addressed with highest priority.
Areas of concern:
- Injection vulnerabilities
- Authentication/authorization flaws
- Sensitive information exposure
- Encryption issues
## Completion: Determine Change Impact
When fix is complete, judge the **impact scope of changes**:
- Minor fix (re-run security review only)
- Examples: Add validation, add escaping, configuration changes
- Major fix (restart from Architecture review)
- Examples: Data flow changes, API design changes, auth method changes, domain model changes
pass_previous_response: true
rules:
- condition: Minor security fix is complete
next: security_review
- condition: Major fix applied requiring architecture re-review
next: architect_review
- condition: Unable to proceed with fixes
next: plan
# ===========================================
# Phase 6: QA Review
# ===========================================
- name: qa_review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QA Review
## Result: APPROVE / REJECT
## Summary
{1-2 sentences summarizing result}
## Reviewed Perspectives
| Perspective | Result | Notes |
|-------------|--------|-------|
| Test Coverage | ✅ | - |
| Test Quality | ✅ | - |
| Error Handling | ✅ | - |
| Documentation | ✅ | - |
| Maintainability | ✅ | - |
## Issues (if REJECT)
| # | Category | Issue | Fix |
|---|----------|-------|-----|
| 1 | Testing | Issue description | Fix method |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
Review the changes from the quality assurance perspective.
**Review Criteria:**
- Test coverage and quality
- Test strategy (unit/integration/E2E)
- Documentation (in-code and external)
- Error handling
- Logging and monitoring
- Maintainability
rules:
- condition: Quality standards are met
next: supervise
- condition: Quality issues found
next: fix_qa
- name: fix_qa
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## QA Review Feedback (This is the latest instruction - prioritize this)
{previous_response}
**Important**: Fix the issues pointed out by the QA expert.
Areas of concern:
- Adding/improving tests
- Adding/fixing documentation
- Error handling
- Log output
- Code quality
## Completion: Determine Change Impact
When fix is complete, judge the **impact scope of changes**:
- Minor fix (re-run QA review only)
- Examples: Add tests, add documentation, add logs, add comments
- Security-impacting fix (restart from security review)
- Examples: Error handling changes (error message content changes), input validation changes
- Major fix (restart from Architecture review)
- Examples: Business logic changes, data model changes, API changes
pass_previous_response: true
rules:
- condition: Minor QA fix is complete
next: qa_review
- condition: Security-impacting fix applied
next: security_review
- condition: Major fix applied requiring architecture re-review
next: architect_review
- condition: Unable to proceed with fixes
next: plan
# ===========================================
# Phase 7: Supervision
# =========================================== # ===========================================
- name: supervise - name: supervise
edit: false edit: false

576
resources/global/ja/workflows/expert-cqrs.yaml
View File

@ -2,13 +2,12 @@
# CQRS+ES、フロントエンド、セキュリティ、QAの専門家によるレビューワークフロー # CQRS+ES、フロントエンド、セキュリティ、QAの専門家によるレビューワークフロー
# #
# フロー: # フロー:
# plan -> implement -> ai_review -> cqrs_es_review -> frontend_review -> security_review -> qa_review -> supervise -> COMPLETE # plan -> implement -> ai_review -> reviewers (parallel) -> supervise -> COMPLETE
# ↓ ↓ ↓ ↓ ↓ ↓ # ↓ ├─ cqrs-es-review ↓
# ai_fix fix_cqrs_es fix_frontend fix_security fix_qa fix_supervisor # ai_fix ├─ frontend-review fix_supervisor
# # ├─ security-review
# 修正時の戻り先はCoderが判断: # └─ qa-review
# - fix_security: MINOR→security_review, MAJOR→cqrs_es_review # any("needs_fix") → fix → reviewers
# - fix_qa: MINOR→qa_review, SECURITY→security_review, MAJOR→cqrs_es_review
# #
# ボイラープレートセクションWorkflow Context, User Request, Previous Response, # ボイラープレートセクションWorkflow Context, User Request, Previous Response,
# Additional User Inputs, Instructions headingはbuildInstruction()が自動挿入。 # Additional User Inputs, Instructions headingはbuildInstruction()が自動挿入。
@ -199,7 +198,7 @@ steps:
- スコープクリープの検出 - スコープクリープの検出
rules: rules:
- condition: AI特有の問題が見つからない - condition: AI特有の問題が見つからない
next: cqrs_es_review next: reviewers
- condition: AI特有の問題が検出された - condition: AI特有の問題が検出された
next: ai_fix next: ai_fix
@ -233,331 +232,220 @@ steps:
next: plan next: plan
# =========================================== # ===========================================
# Phase 3: CQRS+ES Review # Phase 3: Expert Reviews (Parallel)
# =========================================== # ===========================================
- name: cqrs_es_review - name: reviewers
edit: false parallel:
agent: ../agents/expert-cqrs/cqrs-es-reviewer.md - name: cqrs-es-review
report: edit: false
name: 04-cqrs-es-review.md agent: ../agents/expert-cqrs/cqrs-es-reviewer.md
format: | report:
```markdown name: 04-cqrs-es-review.md
# CQRS+ESレビュー format: |
```markdown
# CQRS+ESレビュー
## 結果: APPROVE / REJECT ## 結果: APPROVE / REJECT
## サマリー ## サマリー
{1-2文で結果を要約} {1-2文で結果を要約}
## 確認した観点 ## 確認した観点
| 観点 | 結果 | 備考 | | 観点 | 結果 | 備考 |
|------|------|------| |------|------|------|
| Aggregate設計 | ✅ | - | | Aggregate設計 | ✅ | - |
| イベント設計 | ✅ | - | | イベント設計 | ✅ | - |
| Command/Query分離 | ✅ | - | | Command/Query分離 | ✅ | - |
| プロジェクション | ✅ | - | | プロジェクション | ✅ | - |
| 結果整合性 | ✅ | - | | 結果整合性 | ✅ | - |
## 問題点REJECTの場合 ## 問題点REJECTの場合
| # | 場所 | 問題 | 修正案 | | # | 場所 | 問題 | 修正案 |
|---|------|------|--------| |---|------|------|--------|
| 1 | `src/file.ts:42` | 問題の説明 | 修正方法 | | 1 | `src/file.ts:42` | 問題の説明 | 修正方法 |
``` ```
allowed_tools: allowed_tools:
- Read - Read
- Glob - Glob
- Grep - Grep
- Write - Write
- WebSearch - WebSearch
- WebFetch - WebFetch
instruction_template: | rules:
CQRSコマンドクエリ責務分離とEvent Sourcingイベントソーシングの観点から - condition: approved
上記の変更をレビューしてください。 - condition: needs_fix
instruction_template: |
CQRSコマンドクエリ責務分離とEvent Sourcingイベントソーシングの観点から
変更をレビューしてください。AI特有の問題のレビューは不要ですai_reviewステップで実施済み
**レビュー観点:** **レビュー観点:**
- Aggregate設計の妥当性 - Aggregate設計の妥当性
- イベント設計(粒度、命名、スキーマ) - イベント設計(粒度、命名、スキーマ)
- Command/Queryの分離 - Command/Queryの分離
- プロジェクション設計 - プロジェクション設計
- 結果整合性の考慮 - 結果整合性の考慮
**注意**: このプロジェクトがCQRS+ESパターンを使用していない場合は、 **注意**: このプロジェクトがCQRS+ESパターンを使用していない場合は、
一般的なドメイン設計の観点からレビューしてください。 一般的なドメイン設計の観点からレビューしてください。
- name: frontend-review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# フロントエンドレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| コンポーネント設計 | ✅ | - |
| 状態管理 | ✅ | - |
| パフォーマンス | ✅ | - |
| アクセシビリティ | ✅ | - |
| 型安全性 | ✅ | - |
## 問題点REJECTの場合
| # | 場所 | 問題 | 修正案 |
|---|------|------|--------|
| 1 | `src/file.tsx:42` | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
フロントエンド開発の観点から変更をレビューしてください。
**レビュー観点:**
- コンポーネント設計(責務分離、粒度)
- 状態管理(ローカル/グローバルの判断)
- パフォーマンス(再レンダリング、メモ化)
- アクセシビリティキーボード操作、ARIA
- データフェッチパターン
- TypeScript型安全性
**注意**: このプロジェクトがフロントエンドを含まない場合は、
問題なしとして次に進んでください。
- name: security-review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# セキュリティレビュー
## 結果: APPROVE / REJECT
## 重大度: None / Low / Medium / High / Critical
## チェック結果
| カテゴリ | 結果 | 備考 |
|---------|------|------|
| インジェクション | ✅ | - |
| 認証・認可 | ✅ | - |
| データ保護 | ✅ | - |
| 依存関係 | ✅ | - |
## 脆弱性REJECTの場合
| # | 重大度 | 種類 | 場所 | 修正案 |
|---|--------|------|------|--------|
| 1 | High | SQLi | `src/db.ts:42` | パラメータ化クエリを使用 |
## 警告(ブロッキングではない)
- {セキュリティに関する推奨事項}
```
**認知負荷軽減ルール:**
- 問題なし → チェック表のみ10行以内
- 警告 → + 警告1-2行15行以内
- 脆弱性 → + 表形式30行以内
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
セキュリティの観点から変更をレビューしてください。以下の脆弱性をチェック:
- インジェクション攻撃SQL, コマンド, XSS
- 認証・認可の不備
- データ露出リスク
- 暗号化の弱点
- name: qa-review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QAレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| テストカバレッジ | ✅ | - |
| テスト品質 | ✅ | - |
| エラーハンドリング | ✅ | - |
| ドキュメント | ✅ | - |
| 保守性 | ✅ | - |
## 問題点REJECTの場合
| # | カテゴリ | 問題 | 修正案 |
|---|---------|------|--------|
| 1 | テスト | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
品質保証の観点から変更をレビューしてください。
**レビュー観点:**
- テストカバレッジと品質
- テスト戦略(単体/統合/E2E
- ドキュメント(コード内・外部)
- エラーハンドリング
- ログとモニタリング
- 保守性
rules: rules:
- condition: CQRS+ES設計に問題がない - condition: all("approved")
next: frontend_review
- condition: CQRS+ES設計に問題がある
next: fix_cqrs_es
- name: fix_cqrs_es
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## CQRS+ES Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: CQRS+ES専門家からの指摘を修正してください。
指摘されたポイント:
- Aggregate設計
- イベント設計
- Command/Query分離
- プロジェクション
- 結果整合性
pass_previous_response: true
rules:
- condition: CQRS+ES専門家の指摘に対する修正が完了した
next: cqrs_es_review
- condition: 修正を進行できない
next: plan
# ===========================================
# Phase 4: Frontend Review
# ===========================================
- name: frontend_review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# フロントエンドレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| コンポーネント設計 | ✅ | - |
| 状態管理 | ✅ | - |
| パフォーマンス | ✅ | - |
| アクセシビリティ | ✅ | - |
| 型安全性 | ✅ | - |
## 問題点REJECTの場合
| # | 場所 | 問題 | 修正案 |
|---|------|------|--------|
| 1 | `src/file.tsx:42` | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
フロントエンド開発の観点から上記の変更をレビューしてください。
**レビュー観点:**
- コンポーネント設計(責務分離、粒度)
- 状態管理(ローカル/グローバルの判断)
- パフォーマンス(再レンダリング、メモ化)
- アクセシビリティキーボード操作、ARIA
- データフェッチパターン
- TypeScript型安全性
**注意**: このプロジェクトがフロントエンドを含まない場合は、
問題なしとして次に進んでください。
rules:
- condition: フロントエンド設計に問題がない
next: security_review
- condition: フロントエンド設計に問題がある
next: fix_frontend
- name: fix_frontend
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Frontend Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: フロントエンド専門家からの指摘を修正してください。
指摘されたポイント:
- コンポーネント設計
- 状態管理
- パフォーマンス
- アクセシビリティ
- 型安全性
pass_previous_response: true
rules:
- condition: フロントエンドの指摘に対する修正が完了した
next: frontend_review
- condition: 修正を進行できない
next: plan
# ===========================================
# Phase 5: Security Review
# ===========================================
- name: security_review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# セキュリティレビュー
## 結果: APPROVE / REJECT
## 重大度: None / Low / Medium / High / Critical
## チェック結果
| カテゴリ | 結果 | 備考 |
|---------|------|------|
| インジェクション | ✅ | - |
| 認証・認可 | ✅ | - |
| データ保護 | ✅ | - |
| 依存関係 | ✅ | - |
## 脆弱性REJECTの場合
| # | 重大度 | 種類 | 場所 | 修正案 |
|---|--------|------|------|--------|
| 1 | High | SQLi | `src/db.ts:42` | パラメータ化クエリを使用 |
## 警告(ブロッキングではない)
- {セキュリティに関する推奨事項}
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
セキュリティの観点から上記の変更をレビューしてください。
**レビュー観点:**
- インジェクション攻撃SQL, コマンド, XSS
- 認証・認可の不備
- 機密情報の取り扱い
- 暗号化の適切性
- OWASP Top 10
rules:
- condition: セキュリティ上の問題がない
next: qa_review
- condition: セキュリティ上の脆弱性が検出された
next: fix_security
- name: fix_security
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Security Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: セキュリティ専門家からの指摘を修正してください。
セキュリティ問題は最優先で対応してください。
指摘されたポイント:
- インジェクション脆弱性
- 認証・認可の不備
- 機密情報の露出
- 暗号化の問題
## 修正完了時の判断
修正が完了したら、**変更の影響範囲**を判断してください:
- 軽微な修正(セキュリティレビューのみ再実施)
- : バリデーション追加、エスケープ処理追加、設定変更
- 大きな修正CQRS+ESレビューからやり直し
- : データフロー変更、API設計変更、認証方式変更、ドメインモデル変更
pass_previous_response: true
rules:
- condition: 軽微なセキュリティ修正が完了した
next: security_review
- condition: 大きな修正を行い、CQRS+ESレビューからやり直す必要がある
next: cqrs_es_review
- condition: 修正を進行できない
next: plan
# ===========================================
# Phase 6: QA Review
# ===========================================
- name: qa_review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QAレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| テストカバレッジ | ✅ | - |
| テスト品質 | ✅ | - |
| エラーハンドリング | ✅ | - |
| ドキュメント | ✅ | - |
| 保守性 | ✅ | - |
## 問題点REJECTの場合
| # | カテゴリ | 問題 | 修正案 |
|---|---------|------|--------|
| 1 | テスト | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
品質保証の観点から上記の変更をレビューしてください。
**レビュー観点:**
- テストカバレッジと品質
- テスト戦略(単体/統合/E2E
- ドキュメント(コード内・外部)
- エラーハンドリング
- ログとモニタリング
- 保守性
rules:
- condition: 品質基準を満たしている
next: supervise next: supervise
- condition: 品質に問題がある - condition: any("needs_fix")
next: fix_qa next: fix
- name: fix_qa - name: fix
edit: true edit: true
agent: ../agents/default/coder.md agent: ../agents/default/coder.md
allowed_tools: allowed_tools:
@ -569,41 +457,23 @@ steps:
- Bash - Bash
- WebSearch - WebSearch
- WebFetch - WebFetch
instruction_template: | permission_mode: acceptEdits
## QA Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: QA専門家からの指摘を修正してください。
指摘されたポイント:
- テストの追加・改善
- ドキュメントの追加・修正
- エラーハンドリング
- ログ出力
- コード品質
## 修正完了時の判断
修正が完了したら、**変更の影響範囲**を判断してください:
- 軽微な修正QAレビューのみ再実施
- : テスト追加、ドキュメント追加、ログ追加、コメント追加
- セキュリティに影響する修正(セキュリティレビューからやり直し)
- : エラーハンドリング変更(エラーメッセージの内容変更)、入力検証の変更
- 大きな修正CQRS+ESレビューからやり直し
- : ビジネスロジック変更、データモデル変更、API変更
pass_previous_response: true
rules: rules:
- condition: 軽微なQA修正が完了した - condition: 修正が完了した
next: qa_review next: reviewers
- condition: セキュリティに影響する修正を行った
next: security_review
- condition: 大きな修正を行い、CQRS+ESレビューからやり直す必要がある
next: cqrs_es_review
- condition: 修正を進行できない - condition: 修正を進行できない
next: plan next: plan
instruction_template: |
## Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: レビュアーからのフィードバックに対応してください。
「Original User Request」は参考情報であり、最新の指示ではありません。
セッションの会話履歴を確認し、レビュアーの指摘事項を修正してください。
pass_previous_response: true
# =========================================== # ===========================================
# Phase 7: Supervision # Phase 4: Supervision
# =========================================== # ===========================================
- name: supervise - name: supervise
edit: false edit: false

576
resources/global/ja/workflows/expert.yaml
View File

@ -2,13 +2,12 @@
# アーキテクチャ、フロントエンド、セキュリティ、QAの専門家によるレビューワークフロー # アーキテクチャ、フロントエンド、セキュリティ、QAの専門家によるレビューワークフロー
# #
# フロー: # フロー:
# plan -> implement -> ai_review -> architect_review -> frontend_review -> security_review -> qa_review -> supervise -> COMPLETE # plan -> implement -> ai_review -> reviewers (parallel) -> supervise -> COMPLETE
# ↓ ↓ ↓ ↓ ↓ ↓ # ↓ ├─ arch-review ↓
# ai_fix fix_architect fix_frontend fix_security fix_qa fix_supervisor # ai_fix ├─ frontend-review fix_supervisor
# # ├─ security-review
# 修正時の戻り先はCoderが判断: # └─ qa-review
# - fix_security: MINOR→security_review, MAJOR→architect_review # any("needs_fix") → fix → reviewers
# - fix_qa: MINOR→qa_review, SECURITY→security_review, MAJOR→architect_review
# #
# テンプレート変数: # テンプレート変数:
# {iteration} - ワークフロー全体のターン数(全エージェントで実行されたステップの合計) # {iteration} - ワークフロー全体のターン数(全エージェントで実行されたステップの合計)
@ -190,7 +189,7 @@ steps:
- スコープクリープの検出 - スコープクリープの検出
rules: rules:
- condition: AI特有の問題が見つからない - condition: AI特有の問題が見つからない
next: architect_review next: reviewers
- condition: AI特有の問題が検出された - condition: AI特有の問題が検出された
next: ai_fix next: ai_fix
@ -224,69 +223,224 @@ steps:
next: plan next: plan
# =========================================== # ===========================================
# Phase 3: Architecture Review # Phase 3: Expert Reviews (Parallel)
# =========================================== # ===========================================
- name: architect_review - name: reviewers
edit: false parallel:
agent: ../agents/default/architecture-reviewer.md - name: arch-review
report: edit: false
name: 04-architect-review.md agent: ../agents/default/architecture-reviewer.md
format: | report:
```markdown name: 04-architect-review.md
# アーキテクチャレビュー format: |
```markdown
# アーキテクチャレビュー
## 結果: APPROVE / IMPROVE / REJECT ## 結果: APPROVE / IMPROVE / REJECT
## サマリー ## サマリー
{1-2文で結果を要約} {1-2文で結果を要約}
## 確認した観点 ## 確認した観点
- [x] 構造・設計 - [x] 構造・設計
- [x] コード品質 - [x] コード品質
- [x] 変更スコープ - [x] 変更スコープ
- [x] テストカバレッジ - [x] テストカバレッジ
- [x] デッドコード - [x] デッドコード
- [x] 呼び出しチェーン検証 - [x] 呼び出しチェーン検証
## 問題点REJECTの場合 ## 問題点REJECTの場合
| # | 場所 | 問題 | 修正案 | | # | 場所 | 問題 | 修正案 |
|---|------|------|--------| |---|------|------|--------|
| 1 | `src/file.ts:42` | 問題の説明 | 修正方法 | | 1 | `src/file.ts:42` | 問題の説明 | 修正方法 |
## 改善提案(任意・ブロッキングではない) ## 改善提案(任意・ブロッキングではない)
- {将来的な改善提案} - {将来的な改善提案}
``` ```
**認知負荷軽減ルール:** **認知負荷軽減ルール:**
- APPROVE + 問題なし → サマリーのみ5行以内 - APPROVE + 問題なし → サマリーのみ5行以内
- APPROVE + 軽微な提案 → サマリー + 改善提案15行以内 - APPROVE + 軽微な提案 → サマリー + 改善提案15行以内
- REJECT → 問題点を表形式で30行以内 - REJECT → 問題点を表形式で30行以内
allowed_tools: allowed_tools:
- Read - Read
- Glob - Glob
- Grep - Grep
- Write - Write
- WebSearch - WebSearch
- WebFetch - WebFetch
instruction_template: | rules:
**アーキテクチャと設計**のレビューに集中してください。 - condition: approved
- condition: needs_fix
instruction_template: |
**アーキテクチャと設計**のレビューに集中してください。AI特有の問題のレビューは不要ですai_reviewステップで実施済み
**レビュー観点:** **レビュー観点:**
- 構造・設計の妥当性 - 構造・設計の妥当性
- コード品質 - コード品質
- 変更スコープの適切性 - 変更スコープの適切性
- テストカバレッジ - テストカバレッジ
- デッドコード - デッドコード
- 呼び出しチェーン検証 - 呼び出しチェーン検証
- name: frontend-review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# フロントエンドレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| コンポーネント設計 | ✅ | - |
| 状態管理 | ✅ | - |
| パフォーマンス | ✅ | - |
| アクセシビリティ | ✅ | - |
| 型安全性 | ✅ | - |
## 問題点REJECTの場合
| # | 場所 | 問題 | 修正案 |
|---|------|------|--------|
| 1 | `src/file.tsx:42` | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
フロントエンド開発の観点から変更をレビューしてください。
**レビュー観点:**
- コンポーネント設計(責務分離、粒度)
- 状態管理(ローカル/グローバルの判断)
- パフォーマンス(再レンダリング、メモ化)
- アクセシビリティキーボード操作、ARIA
- データフェッチパターン
- TypeScript型安全性
**注意**: このプロジェクトがフロントエンドを含まない場合は、
問題なしとして次に進んでください。
- name: security-review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# セキュリティレビュー
## 結果: APPROVE / REJECT
## 重大度: None / Low / Medium / High / Critical
## チェック結果
| カテゴリ | 結果 | 備考 |
|---------|------|------|
| インジェクション | ✅ | - |
| 認証・認可 | ✅ | - |
| データ保護 | ✅ | - |
| 依存関係 | ✅ | - |
## 脆弱性REJECTの場合
| # | 重大度 | 種類 | 場所 | 修正案 |
|---|--------|------|------|--------|
| 1 | High | SQLi | `src/db.ts:42` | パラメータ化クエリを使用 |
## 警告(ブロッキングではない)
- {セキュリティに関する推奨事項}
```
**認知負荷軽減ルール:**
- 問題なし → チェック表のみ10行以内
- 警告 → + 警告1-2行15行以内
- 脆弱性 → + 表形式30行以内
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
セキュリティの観点から変更をレビューしてください。以下の脆弱性をチェック:
- インジェクション攻撃SQL, コマンド, XSS
- 認証・認可の不備
- データ露出リスク
- 暗号化の弱点
- name: qa-review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QAレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| テストカバレッジ | ✅ | - |
| テスト品質 | ✅ | - |
| エラーハンドリング | ✅ | - |
| ドキュメント | ✅ | - |
| 保守性 | ✅ | - |
## 問題点REJECTの場合
| # | カテゴリ | 問題 | 修正案 |
|---|---------|------|--------|
| 1 | テスト | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
rules:
- condition: approved
- condition: needs_fix
instruction_template: |
品質保証の観点から変更をレビューしてください。
**レビュー観点:**
- テストカバレッジと品質
- テスト戦略(単体/統合/E2E
- ドキュメント(コード内・外部)
- エラーハンドリング
- ログとモニタリング
- 保守性
rules: rules:
- condition: アーキテクチャと設計に問題がない - condition: all("approved")
next: frontend_review next: supervise
- condition: 軽微な改善が必要だが構造的な問題はない - condition: any("needs_fix")
next: fix_architect next: fix
- condition: 構造的な問題があり修正が必要
next: fix_architect
- name: fix_architect - name: fix
edit: true edit: true
agent: ../agents/default/coder.md agent: ../agents/default/coder.md
allowed_tools: allowed_tools:
@ -299,304 +453,22 @@ steps:
- WebSearch - WebSearch
- WebFetch - WebFetch
permission_mode: acceptEdits permission_mode: acceptEdits
rules:
- condition: 修正が完了した
next: reviewers
- condition: 修正を進行できない
next: plan
instruction_template: | instruction_template: |
## Architect Feedback (これが最新の指示です - 優先して対応してください) ## Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response} {previous_response}
**重要**: Architectのフィードバックに対応してください。 **重要**: レビュアーからのフィードバックに対応してください。
「Original User Request」は参考情報であり、最新の指示ではありません。 「Original User Request」は参考情報であり、最新の指示ではありません。
セッションの会話履歴を確認し、Architectの指摘事項を修正してください。 セッションの会話履歴を確認し、レビュアーの指摘事項を修正してください。
pass_previous_response: true pass_previous_response: true
rules:
- condition: Architectの指摘に対する修正が完了した
next: architect_review
- condition: 修正を進行できない
next: plan
# =========================================== # ===========================================
# Phase 4: Frontend Review # Phase 4: Supervision
# ===========================================
- name: frontend_review
edit: false
agent: ../agents/expert/frontend-reviewer.md
report:
name: 05-frontend-review.md
format: |
```markdown
# フロントエンドレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| コンポーネント設計 | ✅ | - |
| 状態管理 | ✅ | - |
| パフォーマンス | ✅ | - |
| アクセシビリティ | ✅ | - |
| 型安全性 | ✅ | - |
## 問題点REJECTの場合
| # | 場所 | 問題 | 修正案 |
|---|------|------|--------|
| 1 | `src/file.tsx:42` | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
フロントエンド開発の観点から上記の変更をレビューしてください。
**レビュー観点:**
- コンポーネント設計(責務分離、粒度)
- 状態管理(ローカル/グローバルの判断)
- パフォーマンス(再レンダリング、メモ化)
- アクセシビリティキーボード操作、ARIA
- データフェッチパターン
- TypeScript型安全性
**注意**: このプロジェクトがフロントエンドを含まない場合は、
問題なしとして次に進んでください。
rules:
- condition: フロントエンド設計に問題がない
next: security_review
- condition: フロントエンド設計に問題がある
next: fix_frontend
- name: fix_frontend
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Frontend Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: フロントエンド専門家からの指摘を修正してください。
指摘されたポイント:
- コンポーネント設計
- 状態管理
- パフォーマンス
- アクセシビリティ
- 型安全性
pass_previous_response: true
rules:
- condition: フロントエンドの指摘に対する修正が完了した
next: frontend_review
- condition: 修正を進行できない
next: plan
# ===========================================
# Phase 5: Security Review
# ===========================================
- name: security_review
edit: false
agent: ../agents/expert/security-reviewer.md
report:
name: 06-security-review.md
format: |
```markdown
# セキュリティレビュー
## 結果: APPROVE / REJECT
## 重大度: None / Low / Medium / High / Critical
## チェック結果
| カテゴリ | 結果 | 備考 |
|---------|------|------|
| インジェクション | ✅ | - |
| 認証・認可 | ✅ | - |
| データ保護 | ✅ | - |
| 依存関係 | ✅ | - |
## 脆弱性REJECTの場合
| # | 重大度 | 種類 | 場所 | 修正案 |
|---|--------|------|------|--------|
| 1 | High | SQLi | `src/db.ts:42` | パラメータ化クエリを使用 |
## 警告(ブロッキングではない)
- {セキュリティに関する推奨事項}
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
セキュリティの観点から上記の変更をレビューしてください。
**レビュー観点:**
- インジェクション攻撃SQL, コマンド, XSS
- 認証・認可の不備
- 機密情報の取り扱い
- 暗号化の適切性
- OWASP Top 10
rules:
- condition: セキュリティ上の問題がない
next: qa_review
- condition: セキュリティ上の脆弱性が検出された
next: fix_security
- name: fix_security
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## Security Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: セキュリティ専門家からの指摘を修正してください。
セキュリティ問題は最優先で対応してください。
指摘されたポイント:
- インジェクション脆弱性
- 認証・認可の不備
- 機密情報の露出
- 暗号化の問題
## 修正完了時の判断
修正が完了したら、**変更の影響範囲**を判断してください:
- 軽微な修正(セキュリティレビューのみ再実施)
- : バリデーション追加、エスケープ処理追加、設定変更
- 大きな修正(アーキテクチャレビューからやり直し)
- : データフロー変更、API設計変更、認証方式変更、ドメインモデル変更
pass_previous_response: true
rules:
- condition: 軽微なセキュリティ修正が完了した
next: security_review
- condition: 大きな修正を行い、アーキテクチャレビューからやり直す必要がある
next: architect_review
- condition: 修正を進行できない
next: plan
# ===========================================
# Phase 6: QA Review
# ===========================================
- name: qa_review
edit: false
agent: ../agents/expert/qa-reviewer.md
report:
name: 07-qa-review.md
format: |
```markdown
# QAレビュー
## 結果: APPROVE / REJECT
## サマリー
{1-2文で結果を要約}
## 確認した観点
| 観点 | 結果 | 備考 |
|------|------|------|
| テストカバレッジ | ✅ | - |
| テスト品質 | ✅ | - |
| エラーハンドリング | ✅ | - |
| ドキュメント | ✅ | - |
| 保守性 | ✅ | - |
## 問題点REJECTの場合
| # | カテゴリ | 問題 | 修正案 |
|---|---------|------|--------|
| 1 | テスト | 問題の説明 | 修正方法 |
```
allowed_tools:
- Read
- Glob
- Grep
- Write
- WebSearch
- WebFetch
instruction_template: |
品質保証の観点から上記の変更をレビューしてください。
**レビュー観点:**
- テストカバレッジと品質
- テスト戦略(単体/統合/E2E
- ドキュメント(コード内・外部)
- エラーハンドリング
- ログとモニタリング
- 保守性
rules:
- condition: 品質基準を満たしている
next: supervise
- condition: 品質に問題がある
next: fix_qa
- name: fix_qa
edit: true
agent: ../agents/default/coder.md
allowed_tools:
- Read
- Glob
- Grep
- Edit
- Write
- Bash
- WebSearch
- WebFetch
instruction_template: |
## QA Review Feedback (これが最新の指示です - 優先して対応してください)
{previous_response}
**重要**: QA専門家からの指摘を修正してください。
指摘されたポイント:
- テストの追加・改善
- ドキュメントの追加・修正
- エラーハンドリング
- ログ出力
- コード品質
## 修正完了時の判断
修正が完了したら、**変更の影響範囲**を判断してください:
- 軽微な修正QAレビューのみ再実施
- : テスト追加、ドキュメント追加、ログ追加、コメント追加
- セキュリティに影響する修正(セキュリティレビューからやり直し)
- : エラーハンドリング変更(エラーメッセージの内容変更)、入力検証の変更
- 大きな修正(アーキテクチャレビューからやり直し)
- : ビジネスロジック変更、データモデル変更、API変更
pass_previous_response: true
rules:
- condition: 軽微なQA修正が完了した
next: qa_review
- condition: セキュリティに影響する修正を行った
next: security_review
- condition: 大きな修正を行い、アーキテクチャレビューからやり直す必要がある
next: architect_review
- condition: 修正を進行できない
next: plan
# ===========================================
# Phase 7: Supervision
# =========================================== # ===========================================
- name: supervise - name: supervise
edit: false edit: false

171
src/__tests__/workflow-expert-parallel.test.ts Normal file
View File

@ -0,0 +1,171 @@
/**
* Tests for expert/expert-cqrs workflow parallel review structure.
*
* Validates that:
* - expert and expert-cqrs workflows load successfully via loadWorkflow
* - The reviewers step is a parallel step with expected sub-steps
* - ai_review routes to reviewers (not individual review steps)
* - fix step routes back to reviewers
* - Aggregate rules (all/any) are configured on the reviewers step
* - Sub-step rules use simple approved/needs_fix conditions
*/
import { describe, it, expect } from 'vitest';
import { loadWorkflow } from '../config/loader.js';
describe('expert workflow parallel structure', () => {
const workflow = loadWorkflow('expert');
it('should load successfully', () => {
expect(workflow).not.toBeNull();
expect(workflow!.name).toBe('expert');
});
it('should have a reviewers parallel step', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
expect(reviewers).toBeDefined();
expect(reviewers!.parallel).toBeDefined();
expect(reviewers!.parallel!.length).toBe(4);
});
it('should have arch-review, frontend-review, security-review, qa-review as sub-steps', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
const subNames = reviewers!.parallel!.map((s) => s.name);
expect(subNames).toContain('arch-review');
expect(subNames).toContain('frontend-review');
expect(subNames).toContain('security-review');
expect(subNames).toContain('qa-review');
});
it('should have aggregate rules on reviewers step', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
expect(reviewers!.rules).toBeDefined();
const conditions = reviewers!.rules!.map((r) => r.condition);
expect(conditions).toContain('all("approved")');
expect(conditions).toContain('any("needs_fix")');
});
it('should have simple approved/needs_fix rules on each sub-step', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
for (const sub of reviewers!.parallel!) {
expect(sub.rules).toBeDefined();
const conditions = sub.rules!.map((r) => r.condition);
expect(conditions).toContain('approved');
expect(conditions).toContain('needs_fix');
}
});
it('should route ai_review to reviewers', () => {
const aiReview = workflow!.steps.find((s) => s.name === 'ai_review');
expect(aiReview).toBeDefined();
const approvedRule = aiReview!.rules!.find((r) => r.next === 'reviewers');
expect(approvedRule).toBeDefined();
});
it('should have a unified fix step routing back to reviewers', () => {
const fix = workflow!.steps.find((s) => s.name === 'fix');
expect(fix).toBeDefined();
const fixComplete = fix!.rules!.find((r) => r.next === 'reviewers');
expect(fixComplete).toBeDefined();
});
it('should not have individual review/fix steps', () => {
const stepNames = workflow!.steps.map((s) => s.name);
expect(stepNames).not.toContain('architect_review');
expect(stepNames).not.toContain('fix_architect');
expect(stepNames).not.toContain('frontend_review');
expect(stepNames).not.toContain('fix_frontend');
expect(stepNames).not.toContain('security_review');
expect(stepNames).not.toContain('fix_security');
expect(stepNames).not.toContain('qa_review');
expect(stepNames).not.toContain('fix_qa');
});
it('should route reviewers all("approved") to supervise', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
const approvedRule = reviewers!.rules!.find((r) => r.condition === 'all("approved")');
expect(approvedRule!.next).toBe('supervise');
});
it('should route reviewers any("needs_fix") to fix', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
const needsFixRule = reviewers!.rules!.find((r) => r.condition === 'any("needs_fix")');
expect(needsFixRule!.next).toBe('fix');
});
});
describe('expert-cqrs workflow parallel structure', () => {
const workflow = loadWorkflow('expert-cqrs');
it('should load successfully', () => {
expect(workflow).not.toBeNull();
expect(workflow!.name).toBe('expert-cqrs');
});
it('should have a reviewers parallel step', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
expect(reviewers).toBeDefined();
expect(reviewers!.parallel).toBeDefined();
expect(reviewers!.parallel!.length).toBe(4);
});
it('should have cqrs-es-review instead of arch-review', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
const subNames = reviewers!.parallel!.map((s) => s.name);
expect(subNames).toContain('cqrs-es-review');
expect(subNames).not.toContain('arch-review');
expect(subNames).toContain('frontend-review');
expect(subNames).toContain('security-review');
expect(subNames).toContain('qa-review');
});
it('should have aggregate rules on reviewers step', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
expect(reviewers!.rules).toBeDefined();
const conditions = reviewers!.rules!.map((r) => r.condition);
expect(conditions).toContain('all("approved")');
expect(conditions).toContain('any("needs_fix")');
});
it('should have simple approved/needs_fix rules on each sub-step', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
for (const sub of reviewers!.parallel!) {
expect(sub.rules).toBeDefined();
const conditions = sub.rules!.map((r) => r.condition);
expect(conditions).toContain('approved');
expect(conditions).toContain('needs_fix');
}
});
it('should route ai_review to reviewers', () => {
const aiReview = workflow!.steps.find((s) => s.name === 'ai_review');
expect(aiReview).toBeDefined();
const approvedRule = aiReview!.rules!.find((r) => r.next === 'reviewers');
expect(approvedRule).toBeDefined();
});
it('should have a unified fix step routing back to reviewers', () => {
const fix = workflow!.steps.find((s) => s.name === 'fix');
expect(fix).toBeDefined();
const fixComplete = fix!.rules!.find((r) => r.next === 'reviewers');
expect(fixComplete).toBeDefined();
});
it('should not have individual review/fix steps', () => {
const stepNames = workflow!.steps.map((s) => s.name);
expect(stepNames).not.toContain('cqrs_es_review');
expect(stepNames).not.toContain('fix_cqrs_es');
expect(stepNames).not.toContain('frontend_review');
expect(stepNames).not.toContain('fix_frontend');
expect(stepNames).not.toContain('security_review');
expect(stepNames).not.toContain('fix_security');
expect(stepNames).not.toContain('qa_review');
expect(stepNames).not.toContain('fix_qa');
});
it('should use cqrs-es-reviewer agent for the first sub-step', () => {
const reviewers = workflow!.steps.find((s) => s.name === 'reviewers');
const cqrsReview = reviewers!.parallel!.find((s) => s.name === 'cqrs-es-review');
expect(cqrsReview!.agent).toContain('cqrs-es-reviewer');
});
});