## Developer TODO (Project Mode)

### BUILD (green-field or new features)

```
1. Create _docs/00_problem/                      — describe what you're building, restrictions, acceptance criteria and samples of data system works with
   - problem.md                                   (required)
   - restrictions.md                              (required)
   - acceptance_criteria.md                       (required)
   - input_data                                   (required)
   - security_approach.md                         (optional)

2. /research                                     — produces solution drafts in _docs/01_solution/
   Run multiple times: Mode A → draft, Mode B → assess & revise
   Finalize as solution.md

3. /plan                                         — architecture, components, risks, tests, Jira epics → _docs/02_plans/

4. /decompose                                    — flat numbered task specs + _dependencies_table.md → _docs/02_tasks/

5. /implement                                    — auto-orchestrates all tasks: batches by dependencies, launches parallel implementers, runs code review, loops until done

6. /implement-black-box-tests                    — E2E tests via Docker consumer app (after all tasks)

7. commit & push
```

### SHIP (deploy and operate)

```
8. /implement-cicd                               — validate/enhance CI/CD pipeline
9. /deploy                                       — deployment strategy per environment
10. /observability                               — monitoring, logging, alerting plan
```

### EVOLVE (maintenance and improvement)

```
11. /refactor                                    — structured refactoring (skill, 6-phase workflow)
```

## Implementation Flow

### `/implement`

Reads flat task files and `_dependencies_table.md` from `_docs/02_tasks/`.

1. Parses dependency graph, detects which tasks are already completed
2. Computes next batch of tasks (max 4 parallel, respecting dependencies)
3. Assigns file ownership per agent to prevent conflicts
4. Launches `implementer` subagents in parallel immediately
5. Runs `/code-review` skill on the batch's changes
6. If review FAIL — blocks for user confirmation; otherwise continues
7. Runs tests, commits and pushes to remote
8. Loops until all tasks are done

### `/code-review`

Multi-phase code review invoked after each implementation batch:

1. Context loading — reads task specs to understand intent
2. Spec compliance — verifies each acceptance criterion is satisfied
3. Code quality — SOLID, DRY, KISS, error handling, naming, complexity
4. Security quick-scan — injection, secrets, input validation
5. Performance scan — O(n^2), N+1, unbounded fetches
6. Cross-task consistency — interface compatibility across batch

Produces structured findings with severity (Critical/High/Medium/Low) and verdict (PASS/FAIL/PASS_WITH_WARNINGS).

### `/implement-black-box-tests`

Reads `_docs/02_plans/integration_tests/` (produced by plan skill Step 1). Builds a separate Docker-based consumer app that exercises the system as a black box — no internal imports, no direct DB access. Runs E2E scenarios, produces a CSV test report.

Run after all tasks are done.

### `/implement-cicd`

Reviews existing CI/CD pipeline configuration, validates all stages work, optimizes performance (parallelization, caching), ensures quality gates are enforced (coverage, linting, security scanning).

Run after `/implement` or after all tasks.

### `/deploy`

Defines deployment strategy per environment: deployment procedures, rollback procedures, health checks, deployment checklist. Outputs `_docs/02_components/deployment_strategy.md`.

Run before first production release.

### `/observability`

Plans logging strategy, metrics collection, distributed tracing, alerting rules, and dashboards. Outputs `_docs/02_components/observability_plan.md`.

Run before first production release.

### Commit

After each confirmed batch, the `/implement` skill automatically commits and pushes to the remote branch.

## Available Skills

| Skill | Triggers | Purpose |
|-------|----------|---------|
| **research** | "research", "investigate", "assess solution" | 8-step research → solution drafts |
| **plan** | "plan", "decompose solution" | Architecture, components, risks, tests, epics |
| **decompose** | "decompose", "task decomposition" | Flat numbered task specs + dependency table |
| **implement** | "implement", "start implementation" | Orchestrate task batches with parallel agents |
| **code-review** | "code review", "review code" | 6-phase structured review with findings |
| **refactor** | "refactor", "refactoring", "improve code" | 6-phase structured refactoring workflow |
| **security** | "security audit", "OWASP" | OWASP-based security testing |

## Project Folder Structure

```
_docs/
├── 00_problem/
│   ├── problem.md
│   ├── restrictions.md
│   ├── acceptance_criteria.md
│   ├── input_data/
│   └── security_approach.md
├── 00_research/
│   ├── 00_ac_assessment.md
│   ├── 00_question_decomposition.md
│   ├── 01_source_registry.md
│   ├── 02_fact_cards.md
│   ├── 03_comparison_framework.md
│   ├── 04_reasoning_chain.md
│   └── 05_validation_log.md
├── 01_solution/
│   ├── solution_draft01.md
│   ├── solution_draft02.md
│   ├── solution.md
│   ├── tech_stack.md
│   └── security_analysis.md
├── 02_plans/
│   ├── architecture.md
│   ├── system-flows.md
│   ├── risk_mitigations.md
│   ├── components/
│   │   └── [##]_[name]/
│   │       ├── description.md
│   │       └── tests.md
│   ├── common-helpers/
│   ├── integration_tests/
│   │   ├── environment.md
│   │   ├── test_data.md
│   │   ├── functional_tests.md
│   │   ├── non_functional_tests.md
│   │   └── traceability_matrix.md
│   ├── diagrams/
│   └── FINAL_report.md
├── 02_tasks/
│   ├── [JIRA-ID]_initial_structure.md
│   ├── [JIRA-ID]_[short_name].md
│   ├── ...
│   └── _dependencies_table.md
├── 03_implementation/
│   ├── batch_01_report.md
│   ├── batch_02_report.md
│   ├── ...
│   └── FINAL_implementation_report.md
└── 04_refactoring/
    ├── baseline_metrics.md
    ├── discovery/
    ├── analysis/
    ├── test_specs/
    ├── coupling_analysis.md
    ├── execution_log.md
    ├── hardening/
    └── FINAL_report.md
```

## Implementation Tools

| Tool | Type | Purpose |
|------|------|---------|
| `implementer` | Subagent | Implements a single task from its spec. Launched by /implement. |
| `/implement` | Skill | Orchestrates all tasks: dependency batching, parallel agents, code review. |
| `/code-review` | Skill | Multi-phase code review with structured findings. |
| `/implement-black-box-tests` | Command | E2E tests via Docker consumer app. After all tasks. |
| `/implement-cicd` | Command | Validate and enhance CI/CD pipeline. |
| `/deploy` | Command | Plan deployment strategy per environment. |
| `/observability` | Command | Plan logging, metrics, tracing, alerting. |

## Automations (Planned)

Future automations to explore (Cursor Automations, launched March 2026):
- PR review: trigger code-review skill on PR open (start with Bugbot — read-only, comments only)
- Security scan: trigger security skill on push to main/dev
- Nightly: run integration tests on schedule

Status: experimental — validate with Bugbot first before adding write-heavy automations.

## Standalone Mode (Reference)

Only `research` and `refactor` support standalone mode by passing an explicit file:

```
/research @my_problem.md
/refactor @some_component.md
```

Output goes to `_standalone/` (git-ignored) instead of `_docs/`. Standalone mode relaxes guardrails — only the provided file is required; restrictions and acceptance criteria are optional.

## Single Component Mode (Decompose)

Decompose supports single component mode when given a component file from within `_docs/02_plans/components/`:

```
/decompose @_docs/02_plans/components/03_parser/description.md
```

This appends tasks for that component to the existing `_docs/02_tasks/` directory without running bootstrap or cross-verification steps.