690517:1449 204 and 302 refactor #03
This commit is contained in:
@@ -0,0 +1,224 @@
|
||||
---
|
||||
name: verification-loop
|
||||
description: A comprehensive verification system for LCBP3-DMS development sessions with build, type check, lint, test, security scan, and diff review phases.
|
||||
version: 1.9.0
|
||||
scope: verification
|
||||
depends-on: []
|
||||
handoffs-to: [speckit-checker, speckit-tester]
|
||||
user-invocable: true
|
||||
---
|
||||
|
||||
# Verification Loop Skill
|
||||
|
||||
A comprehensive verification system for LCBP3-DMS development sessions.
|
||||
|
||||
## LCBP3 Context
|
||||
|
||||
See [`_LCBP3-CONTEXT.md`](../_LCBP3-CONTEXT.md) for project-specific verification requirements:
|
||||
- Backend: NestJS with TypeScript strict mode
|
||||
- Frontend: Next.js with TypeScript strict mode
|
||||
- Package manager: pnpm
|
||||
- Coverage goals: Backend 70%+, Business Logic 80%+
|
||||
- Security: ADR-016, ADR-018, ADR-019, ADR-023 compliance
|
||||
|
||||
## When to Use
|
||||
|
||||
Invoke this skill:
|
||||
- After completing a feature or significant code change
|
||||
- Before creating a PR
|
||||
- When you want to ensure quality gates pass
|
||||
- After refactoring
|
||||
- Before deploying to staging/production
|
||||
|
||||
## Verification Phases
|
||||
|
||||
### Phase 1: Build Verification
|
||||
|
||||
```bash
|
||||
# Backend build
|
||||
cd backend
|
||||
pnpm build 2>&1 | tail -20
|
||||
|
||||
# Frontend build
|
||||
cd frontend
|
||||
pnpm build 2>&1 | tail -20
|
||||
```
|
||||
|
||||
If build fails, STOP and fix before continuing.
|
||||
|
||||
### Phase 2: Type Check
|
||||
|
||||
```bash
|
||||
# Backend TypeScript
|
||||
cd backend
|
||||
pnpm typecheck 2>&1 | head -30
|
||||
|
||||
# Frontend TypeScript
|
||||
cd frontend
|
||||
pnpm typecheck 2>&1 | head -30
|
||||
```
|
||||
|
||||
Report all type errors. Fix critical ones before continuing.
|
||||
|
||||
### Phase 3: Lint Check
|
||||
|
||||
```bash
|
||||
# Backend lint
|
||||
cd backend
|
||||
pnpm lint 2>&1 | head -30
|
||||
|
||||
# Frontend lint
|
||||
cd frontend
|
||||
pnpm lint 2>&1 | head -30
|
||||
```
|
||||
|
||||
### Phase 4: Test Suite
|
||||
|
||||
```bash
|
||||
# Backend tests with coverage
|
||||
cd backend
|
||||
pnpm test -- --coverage 2>&1 | tail -50
|
||||
|
||||
# Frontend unit tests
|
||||
cd frontend
|
||||
pnpm test 2>&1 | tail -50
|
||||
|
||||
# Frontend E2E tests (if applicable)
|
||||
cd frontend
|
||||
npx playwright test 2>&1 | tail -50
|
||||
```
|
||||
|
||||
Report:
|
||||
- Total tests: X
|
||||
- Passed: X
|
||||
- Failed: X
|
||||
- Coverage: X%
|
||||
|
||||
### Phase 5: Security Scan
|
||||
|
||||
```bash
|
||||
# Check for hardcoded secrets
|
||||
grep -rn "sk-" --include="*.ts" --include="*.tsx" . 2>/dev/null | head -10
|
||||
grep -rn "api_key" --include="*.ts" --include="*.tsx" . 2>/dev/null | head -10
|
||||
grep -rn "password" --include="*.ts" --include="*.tsx" . 2>/dev/null | head -10
|
||||
|
||||
# Check for console.log (forbidden in committed code)
|
||||
grep -rn "console.log" --include="*.ts" --include="*.tsx" backend/src/ frontend/src/ 2>/dev/null | head -10
|
||||
|
||||
# Check for any types (forbidden)
|
||||
grep -rn ": any" --include="*.ts" --include="*.tsx" backend/src/ frontend/src/ 2>/dev/null | head -10
|
||||
|
||||
# Check for parseInt on UUID (ADR-019 violation)
|
||||
grep -rn "parseInt(" --include="*.ts" --include="*.tsx" backend/src/ frontend/src/ 2>/dev/null | head -10
|
||||
```
|
||||
|
||||
### Phase 6: ADR Compliance Check
|
||||
|
||||
```bash
|
||||
# Check for id ?? '' fallback (ADR-019 violation)
|
||||
grep -rn "id ?? ''" --include="*.ts" --include="*.tsx" frontend/src/ 2>/dev/null | head -10
|
||||
|
||||
# Check for Number() on UUID (ADR-019 violation)
|
||||
grep -rn "Number(" --include="*.ts" --include="*.tsx" frontend/src/ 2>/dev/null | head -10
|
||||
|
||||
# Check for + operator on UUID (ADR-019 violation)
|
||||
grep -rn "+ publicId\|+ id" --include="*.ts" --include="*.tsx" frontend/src/ 2>/dev/null | head -10
|
||||
```
|
||||
|
||||
### Phase 7: Diff Review
|
||||
|
||||
```bash
|
||||
# Show what changed
|
||||
git diff --stat
|
||||
git diff HEAD~1 --name-only
|
||||
|
||||
# Show detailed changes
|
||||
git diff
|
||||
```
|
||||
|
||||
Review each changed file for:
|
||||
- Unintended changes
|
||||
- Missing error handling (ADR-007)
|
||||
- Potential edge cases
|
||||
- UUID handling (ADR-019)
|
||||
- Security vulnerabilities (ADR-016)
|
||||
- AI boundary violations (ADR-018/023)
|
||||
|
||||
## Output Format
|
||||
|
||||
After running all phases, produce a verification report:
|
||||
|
||||
```
|
||||
VERIFICATION REPORT
|
||||
==================
|
||||
|
||||
Build: [PASS/FAIL]
|
||||
Types: [PASS/FAIL] (X errors)
|
||||
Lint: [PASS/FAIL] (X warnings)
|
||||
Tests: [PASS/FAIL] (X/Y passed, Z% coverage)
|
||||
Security: [PASS/FAIL] (X issues)
|
||||
ADR: [PASS/FAIL] (X violations)
|
||||
Diff: [X files changed]
|
||||
|
||||
Overall: [READY/NOT READY] for PR
|
||||
|
||||
Issues to Fix:
|
||||
1. ...
|
||||
2. ...
|
||||
```
|
||||
|
||||
## Continuous Mode
|
||||
|
||||
For long sessions, run verification every 15 minutes or after major changes:
|
||||
|
||||
```markdown
|
||||
Set a mental checkpoint:
|
||||
- After completing each function
|
||||
- After finishing a component
|
||||
- Before moving to next task
|
||||
|
||||
Run: /verify
|
||||
```
|
||||
|
||||
## Integration with LCBP3 Skills
|
||||
|
||||
This skill complements:
|
||||
- **speckit-checker**: Runs static analysis (lint, typecheck)
|
||||
- **speckit-tester**: Runs tests with coverage verification
|
||||
- **speckit-security-audit**: Performs security review against OWASP Top 10
|
||||
|
||||
This skill provides a unified verification loop that combines all checks into a single report.
|
||||
|
||||
## LCBP3-Specific Checks
|
||||
|
||||
### Tier 1 — CRITICAL (CI BLOCKER)
|
||||
|
||||
- [ ] **Security**: Auth, RBAC, Validation implemented
|
||||
- [ ] **UUID Strategy (ADR-019)**: No `parseInt` / `Number` / `+` on UUID
|
||||
- [ ] **Database correctness**: Schema verified before writing queries
|
||||
- [ ] **File upload security**: ClamAV + whitelist implemented
|
||||
- [ ] **AI validation boundary (ADR-018/023)**: AI via DMS API only
|
||||
- [ ] **Error handling (ADR-007)**: Layered error classification
|
||||
- [ ] **Forbidden patterns**: Zero `any`, zero `console.log`, UUID misuse
|
||||
|
||||
### Tier 2 — IMPORTANT (CODE REVIEW)
|
||||
|
||||
- [ ] **Architecture patterns**: Thin controller, business logic in service
|
||||
- [ ] **Test coverage**: 80%+ business logic, 70%+ backend overall
|
||||
- [ ] **Cache invalidation**: Implemented when data modified
|
||||
- [ ] **Naming conventions**: Follow domain terminology
|
||||
|
||||
### Tier 3 — GUIDELINES
|
||||
|
||||
- [ ] **Code style**: Prettier formatting
|
||||
- [ ] **Comment completeness**: Thai comments, JSDoc on public methods
|
||||
- [ ] **Minor optimizations**: Performance improvements where applicable
|
||||
|
||||
## References
|
||||
|
||||
- LCBP3 AGENTS.md: `AGENTS.md` (repo root)
|
||||
- ADR-007 Error Handling: `specs/06-Decision-Records/ADR-007-error-handling-strategy.md`
|
||||
- ADR-016 Security: `specs/06-Decision-Records/ADR-016-security-authentication.md`
|
||||
- ADR-019 UUID: `specs/06-Decision-Records/ADR-019-hybrid-identifier-strategy.md`
|
||||
- ADR-018 AI Boundary: `specs/06-Decision-Records/ADR-018-ai-boundary.md`
|
||||
- ADR-023 AI Architecture: `specs/06-Decision-Records/ADR-023-unified-ai-architecture.md`
|
||||
Reference in New Issue
Block a user