zhongwei/gh-overlord-z-claudeshack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3a73d67d73e131b61521460b08c5b877d0e2f72
gh-overlord-z-claudeshack/skills/guardian/Templates/README.md
Zhongwei Li a3a73d67d7 Initial commit
2025-11-30 08:46:50 +08:00

305 lines
7.7 KiB
Markdown
Raw Blame History

# Guardian Templates
This directory contains templates for different Guardian review and planning tasks. Templates provide structured, consistent prompts for Haiku subagents with appropriate constraints and output formats.
## Available Templates
### security_review.json
**Focus**: Security vulnerabilities and OWASP Top 10
**Best For:**
- Authentication/authorization code
- Cryptographic implementations
- Input validation
- API endpoints
- Payment processing
- Sensitive data handling
**Output Format**: Suggestions with severity, CWE references, exploit scenarios
### performance_review.json
**Focus**: Performance optimization and efficiency
**Best For:**
- Database queries
- API performance
- Algorithm complexity
- Memory usage
- Async operations
- Caching opportunities
**Output Format**: Suggestions with complexity analysis and estimated improvements
### feature_planning.json
**Focus**: Breaking down complex features into subtasks
**Best For:**
- Large feature implementations
- Multi-component systems
- Complex refactoring
- Integration projects
**Output Format**: Subtasks with dependencies, estimates, risks, and acceptance criteria
## Using Templates
### Via Command Line
```bash
# List available templates
python guardian/scripts/template_loader.py --list
# Load a template
python guardian/scripts/template_loader.py --template security_review
# Show template configuration
python guardian/scripts/template_loader.py --template security_review --show-config
```
### Via Guardian Skill
```bash
# Use a template for review
python guardian/scripts/guardian.py review --file auth.py --template security_review
# Use a template for planning
python guardian/scripts/guardian.py plan --task "Build REST API" --template feature_planning
```
### In Code
```python
from template_loader import load_template, apply_template_to_context
# Load template
template = load_template('security_review')
# Apply to context
prompt = apply_template_to_context(template, minimal_context)
# Get configuration for context_filter.py
config = get_template_config(template)
```
## Creating Custom Templates
### Option 1: Base on Existing Template
```bash
python guardian/scripts/template_loader.py \
--create my_security_review \
--based-on security_review \
--description "Custom security review for our codebase"
```
This creates `my_security_review.json` which you can then customize.
### Option 2: Create from Scratch
```bash
python guardian/scripts/template_loader.py \
--create my_custom_review \
--description "Custom review template"
```
This creates a minimal template you can build on.
### Option 3: Manual Creation
Create a JSON file with this structure:
```json
{
"name": "my_review",
"description": "My custom review template",
"task_type": "review",
"focus": "my_focus_keywords",
"agent_prompt_template": "You are a READ-ONLY code reviewer...\n\n{context}\n\nReturn JSON array...",
"oracle_categories": ["patterns", "gotchas"],
"oracle_tags_required": ["tag1", "tag2"],
"max_oracle_patterns": 5,
"max_oracle_gotchas": 5,
"always_include_files": [],
"validation_rules": {
"min_confidence": 0.5,
"block_contradictions": true
}
}
```
## Template Structure
### Required Fields
- `name`: Unique template identifier
- `description`: Human-readable description
- `task_type`: "review", "plan", or "debug"
- `agent_prompt_template`: Prompt template with `{context}` placeholder
### Optional Fields
- `focus`: Keywords for context filtering (e.g., "security performance")
- `oracle_categories`: Oracle knowledge categories to load ["patterns", "gotchas", "corrections", "solutions"]
- `oracle_tags_required`: Tags to filter Oracle knowledge by
- `max_oracle_patterns`: Maximum Oracle patterns to include (default: 5)
- `max_oracle_gotchas`: Maximum Oracle gotchas to include (default: 5)
- `always_include_files`: Additional files to always include (e.g., config files)
- `validation_rules`: Rules for validating subagent suggestions
### Validation Rules
```json
{
"min_confidence": 0.5, // Minimum confidence score to present
"block_contradictions": true, // Block suggestions that contradict Oracle
"require_severity": false, // Require severity field in suggestions
"require_impact": false, // Require impact field in suggestions
"require_dependencies": false // Require dependencies field (for planning)
}
```
## Prompt Template Guidelines
### Critical Constraints Section
Always include:
```
CRITICAL CONSTRAINTS:
- DO NOT use Write, Edit, NotebookEdit, or Bash tools
- DO NOT modify any files
- DO NOT execute any code
- ONLY read the provided context and return suggestions
```
### Context Placeholder
Include `{context}` where minimal context should be inserted:
```
Your task: Review this code for security issues.
{context}
Return your findings...
```
### Output Format
Specify clear JSON output format:
```json
[
{
"text": "Clear description of the issue",
"category": "security|performance|style|bugs",
"file": "file path",
"line": line_number (if applicable, otherwise null)
}
]
```
### Reminder Section
End with:
```
Remember: You are READ-ONLY. Only analyze and suggest, never modify.
```
## Best Practices
### For Review Templates
1. **Be Specific**: Focus on particular types of issues (security, performance, style)
2. **Provide Examples**: Show what good/bad code looks like
3. **Reference Standards**: OWASP, CWE, language style guides
4. **Request Details**: Ask for line numbers, severity, remediation steps
### For Planning Templates
1. **Encourage Decomposition**: Break large tasks into small, testable pieces
2. **Request Dependencies**: Ask for task ordering and prerequisites
3. **Ask for Risks**: Identify potential issues early
4. **Require Estimates**: Time and complexity estimates help prioritization
### For All Templates
1. **Minimal Context**: Only request what's needed for the task
2. **Read-Only Focus**: Emphasize analysis over action
3. **Structured Output**: Request JSON for easy parsing
4. **Oracle Integration**: Leverage Oracle knowledge for context
## Template Versioning
Templates follow semantic versioning via filename suffixes:
- `security_review.json` - Latest version
- `security_review_v2.json` - Explicit version 2
- `security_review_legacy.json` - Deprecated version
When updating templates, create a new version and mark old ones as legacy.
## Contributing Templates
To contribute a new template:
1. Create your template following the structure above
2. Test it with real code reviews
3. Document what it's best for
4. Submit a PR with:
- Template JSON file
- Example usage
- Test results
Good templates help the entire community!
## Examples
### Example: Security Review
```bash
# Run security review on auth file
python guardian/scripts/guardian.py review \
--file src/auth.py \
--template security_review
# Guardian will:
# 1. Load security_review.json template
# 2. Extract minimal context (auth.py + security Oracle patterns)
# 3. Apply template to context
# 4. Spawn Haiku agent with structured prompt
# 5. Validate suggestions against Oracle
# 6. Present results with confidence scores
```
### Example: Performance Review
```bash
# Run performance review on database queries
python guardian/scripts/guardian.py review \
--file src/database/queries.py \
--template performance_review
# Focuses on:
# - Query complexity
# - N+1 problems
# - Missing indexes
# - Caching opportunities
```
### Example: Feature Planning
```bash
# Plan a new REST API
python guardian/scripts/guardian.py plan \
--task "Build REST API with auth and rate limiting" \
--template feature_planning
# Returns:
# - Subtask breakdown
# - Dependencies
# - Estimates
# - Risk assessment
```
Reference in New Issue View Git Blame Copy Permalink