--- name: verification-loop description: A comprehensive verification system for LCBP3-DMS development sessions with build, type check, lint, test, security scan, and diff review phases. version: 1.9.0 scope: verification depends-on: [] handoffs-to: [speckit-checker, speckit-tester] user-invocable: true --- # Verification Loop Skill A comprehensive verification system for LCBP3-DMS development sessions. ## LCBP3 Context See [`_LCBP3-CONTEXT.md`](../_LCBP3-CONTEXT.md) for project-specific verification requirements: - Backend: NestJS with TypeScript strict mode - Frontend: Next.js with TypeScript strict mode - Package manager: pnpm - Coverage goals: Backend 70%+, Business Logic 80%+ - Security: ADR-016, ADR-018, ADR-019, ADR-023 compliance ## When to Use Invoke this skill: - After completing a feature or significant code change - Before creating a PR - When you want to ensure quality gates pass - After refactoring - Before deploying to staging/production ## Verification Phases ### Phase 1: Build Verification ```bash # Backend build cd backend pnpm build 2>&1 | tail -20 # Frontend build cd frontend pnpm build 2>&1 | tail -20 ``` If build fails, STOP and fix before continuing. ### Phase 2: Type Check ```bash # Backend TypeScript cd backend pnpm typecheck 2>&1 | head -30 # Frontend TypeScript cd frontend pnpm typecheck 2>&1 | head -30 ``` Report all type errors. Fix critical ones before continuing. ### Phase 3: Lint Check ```bash # Backend lint cd backend pnpm lint 2>&1 | head -30 # Frontend lint cd frontend pnpm lint 2>&1 | head -30 ``` ### Phase 4: Test Suite ```bash # Backend tests with coverage cd backend pnpm test -- --coverage 2>&1 | tail -50 # Frontend unit tests cd frontend pnpm test 2>&1 | tail -50 # Frontend E2E tests (if applicable) cd frontend npx playwright test 2>&1 | tail -50 ``` Report: - Total tests: X - Passed: X - Failed: X - Coverage: X% ### Phase 5: Security Scan ```bash # Check for hardcoded secrets grep -rn "sk-" --include="*.ts" --include="*.tsx" . 2>/dev/null | head -10 grep -rn "api_key" --include="*.ts" --include="*.tsx" . 2>/dev/null | head -10 grep -rn "password" --include="*.ts" --include="*.tsx" . 2>/dev/null | head -10 # Check for console.log (forbidden in committed code) grep -rn "console.log" --include="*.ts" --include="*.tsx" backend/src/ frontend/src/ 2>/dev/null | head -10 # Check for any types (forbidden) grep -rn ": any" --include="*.ts" --include="*.tsx" backend/src/ frontend/src/ 2>/dev/null | head -10 # Check for parseInt on UUID (ADR-019 violation) grep -rn "parseInt(" --include="*.ts" --include="*.tsx" backend/src/ frontend/src/ 2>/dev/null | head -10 ``` ### Phase 6: ADR Compliance Check ```bash # Check for id ?? '' fallback (ADR-019 violation) grep -rn "id ?? ''" --include="*.ts" --include="*.tsx" frontend/src/ 2>/dev/null | head -10 # Check for Number() on UUID (ADR-019 violation) grep -rn "Number(" --include="*.ts" --include="*.tsx" frontend/src/ 2>/dev/null | head -10 # Check for + operator on UUID (ADR-019 violation) grep -rn "+ publicId\|+ id" --include="*.ts" --include="*.tsx" frontend/src/ 2>/dev/null | head -10 ``` ### Phase 7: Diff Review ```bash # Show what changed git diff --stat git diff HEAD~1 --name-only # Show detailed changes git diff ``` Review each changed file for: - Unintended changes - Missing error handling (ADR-007) - Potential edge cases - UUID handling (ADR-019) - Security vulnerabilities (ADR-016) - AI boundary violations (ADR-018/023) ## Output Format After running all phases, produce a verification report: ``` VERIFICATION REPORT ================== Build: [PASS/FAIL] Types: [PASS/FAIL] (X errors) Lint: [PASS/FAIL] (X warnings) Tests: [PASS/FAIL] (X/Y passed, Z% coverage) Security: [PASS/FAIL] (X issues) ADR: [PASS/FAIL] (X violations) Diff: [X files changed] Overall: [READY/NOT READY] for PR Issues to Fix: 1. ... 2. ... ``` ## Continuous Mode For long sessions, run verification every 15 minutes or after major changes: ```markdown Set a mental checkpoint: - After completing each function - After finishing a component - Before moving to next task Run: /verify ``` ## Integration with LCBP3 Skills This skill complements: - **speckit-checker**: Runs static analysis (lint, typecheck) - **speckit-tester**: Runs tests with coverage verification - **speckit-security-audit**: Performs security review against OWASP Top 10 This skill provides a unified verification loop that combines all checks into a single report. ## LCBP3-Specific Checks ### Tier 1 — CRITICAL (CI BLOCKER) - [ ] **Security**: Auth, RBAC, Validation implemented - [ ] **UUID Strategy (ADR-019)**: No `parseInt` / `Number` / `+` on UUID - [ ] **Database correctness**: Schema verified before writing queries - [ ] **File upload security**: ClamAV + whitelist implemented - [ ] **AI validation boundary (ADR-018/023)**: AI via DMS API only - [ ] **Error handling (ADR-007)**: Layered error classification - [ ] **Forbidden patterns**: Zero `any`, zero `console.log`, UUID misuse ### Tier 2 — IMPORTANT (CODE REVIEW) - [ ] **Architecture patterns**: Thin controller, business logic in service - [ ] **Test coverage**: 80%+ business logic, 70%+ backend overall - [ ] **Cache invalidation**: Implemented when data modified - [ ] **Naming conventions**: Follow domain terminology ### Tier 3 — GUIDELINES - [ ] **Code style**: Prettier formatting - [ ] **Comment completeness**: Thai comments, JSDoc on public methods - [ ] **Minor optimizations**: Performance improvements where applicable ## References - LCBP3 AGENTS.md: `AGENTS.md` (repo root) - ADR-007 Error Handling: `specs/06-Decision-Records/ADR-007-error-handling-strategy.md` - ADR-016 Security: `specs/06-Decision-Records/ADR-016-security-authentication.md` - ADR-019 UUID: `specs/06-Decision-Records/ADR-019-hybrid-identifier-strategy.md` - ADR-018 AI Boundary: `specs/06-Decision-Records/ADR-018-ai-boundary.md` - ADR-023 AI Architecture: `specs/06-Decision-Records/ADR-023-unified-ai-architecture.md`