faglo/remotion_service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: upgrade agent team with browser, MCP, CLI tools, rules, and hooks

Browse Source 
- Add Chrome browser access to 6 visual agents (18 tools each)
- Add Playwright access to 2 testing agents (22 tools each)
- Add 4 MCP servers: Postgres Pro, Redis, Lighthouse, Docker (.mcp.json)
- Add 3 new rules: testing.md, security.md, remotion-service.md
- Add Context7 library references to all domain agents
- Add CLI tool instructions per agent (curl, ffprobe, k6, semgrep, etc.)
- Update team protocol with new capabilities column
- Add orchestrator dispatch guidance for new agent capabilities
- Init git repo tracking docs + Claude config only

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Daniil
2026-03-21 22:46:16 +03:00
commit e6bfe7c946
49 changed files with 12381 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/superpowers/specs/2026-03-14-captions-wizard-integration-design.md
+218
View File
@@ -0,0 +1,218 @@
# Captions Wizard Integration — Design Spec
## Context
The backend captions module (`/api/captions/*`) and caption generation task (`/api/tasks/captions-generate/`) are fully implemented but have no frontend UI. This spec covers integrating captions into the Project Wizard as 3 new steps, allowing users to select/manage caption presets, trigger rendering, and view/download the captioned video.
## Requirements
- Add caption-settings, caption-processing, caption-result wizard steps (positions 9-11)
- Full CRUD for caption presets (system + user presets)
- Tab-switch layout: preset selection grid and full-page style editor
- Static preview text in the editor that updates live with style changes
- Reuse ProcessingStep for caption-processing
- Result step: video player + download + re-render button
- All UI text in Russian
## Wizard Step Flow
```
... → subtitle-revision → caption-settings → caption-processing → caption-result
```
| Step Key | Label | Component | New? |
|----------|-------|-----------|------|
| `caption-settings` | Настройка субтитров | `CaptionSettingsStep` | Yes |
| `caption-processing` | Обработка | `ProcessingStep` | Reused |
| `caption-result` | Результат | `CaptionResultStep` | Yes |
### Navigation
- `subtitle-revision``caption-settings` (change existing "Завершить проект" button to "Далее" + add `goToStep("caption-settings")` call)
- `caption-settings` "Генерировать" → sets active job → auto-navigates to `caption-processing`
- `caption-processing` job completes → auto-navigates to `caption-result`
- `caption-result` "Перегенерировать" → loops back to `caption-settings`
- `caption-result` "Завершить" → marks completed, wizard finished
## WizardContext Changes
New state fields in `WizardContextValue`:
```typescript
captionPresetId: string | null // Selected preset UUID
captionStyleConfig: object | null // Inline style override (custom not-yet-saved config)
captionedVideoPath: string | null // S3 path of rendered captioned video
```
These are persisted to `project.workspace_state.wizard` alongside existing fields.
### Auto-advance logic (WizardContext effect)
1. **Update `isJobActive` guard**: Add `currentStep === "caption-processing"` to the polling condition (alongside existing `"processing"` and `"transcription-processing"` checks) so task status polling fires during caption processing.
2. **New CAPTIONS_GENERATE case**: When `activeJobType === "CAPTIONS_GENERATE"` and task status becomes DONE → read `taskStatus.output_data.output_path` to get the captioned video S3 path (this data is NOT available in Redux notifications — it must come from the task status polling response). Store in `captionedVideoPath`, clear active job, navigate to `caption-result`.
### Where `transcription_id` comes from
The `useSubmitCaptionGenerate` hook needs a `transcription_id`. This comes from `transcriptionArtifactId` in WizardContext (set during the transcription flow). The hook reads it from context and passes it in the request body.
## CaptionSettingsStep
Two sub-views controlled by local state (`activeTab: "select" | "editor"`).
### Tab 1: Preset Selection ("Выбор пресета")
**Data**: `api.useQuery("get", "/api/captions/presets/")` → returns system + user presets
**Layout**:
- Grid of preset cards (3 columns)
- Each card:
- Dark preview area with styled "Пример" text (CSS-styled based on `style_config`)
- Preset name below preview
- "Системный" badge for `is_system === true`
- Edit (pencil) + Delete (trash) icon buttons — hidden for system presets
- Last card: "+ Создать пресет" (dashed border, click opens editor)
- Selected card: highlighted border (indigo)
**Footer**: "← Назад" (to subtitle-revision) + "Генерировать →" (disabled until preset selected)
**Actions**:
- Click card → `captionPresetId = preset.id`, highlight
- Click edit → `setActiveTab("editor")`, load preset's `style_config` into form
- Click delete → confirmation dialog → `DELETE /api/captions/presets/{id}/` → invalidate query cache
- Click "+ Создать" → `setActiveTab("editor")`, form with default values
- Click "Генерировать" → call `useSubmitCaptionGenerate()` → on success: `setActiveJob(job_id, "CAPTIONS_GENERATE")`, `markStepCompleted("caption-settings")`, `goToStep("caption-processing")`
### Tab 2: Style Editor ("Редактор стиля")
**Layout**:
- **Top**: Large preview panel (dark bg) — "Пример субтитров" text styled live from form values
- **Middle**: 4 sub-tabs for style config sections
- **Bottom**: Form controls for the active sub-tab
- **Footer**: "Отмена" (back to Tab 1) + "Сохранить пресет" (create or update)
**Sub-tabs and controls**:
| Sub-tab | Field | Control |
|---------|-------|---------|
| Текст | font_family | Select (Lobster, Inter, Roboto, Montserrat, etc. — include Lobster as it's the backend default) |
| Текст | font_size | Slider (16-96px) |
| Текст | font_weight | Select (400: Обычный / 700: Жирный) — numeric values, backend expects `int` |
| Текст | text_color | Color picker |
| Текст | highlight_color | Color picker |
| Текст | text_shadow | Toggle + text input |
| Текст | text_stroke_width | Number input (0-5px) |
| Текст | text_stroke_color | Color picker |
| Позиция | vertical_position | Select (top / center / bottom) |
| Позиция | horizontal_alignment | Select (left / center / right) |
| Позиция | padding_px | Number input |
| Позиция | max_width_pct | Slider (20-100%) |
| Позиция | lines_per_screen | Number input (1-4) |
| Анимация | highlight_style | Select (color / scale / underline / color_scale) |
| Анимация | highlight_scale | Slider (1.0-2.0) |
| Анимация | segment_transition | Select (fade / slide / none) |
| Анимация | fade_duration_frames | Number input |
| Анимация | animation_speed | Slider (0.5-2.0) |
| Фон | bg_color | Color picker |
| Фон | bg_blur_px | Number input (0-20) |
| Фон | bg_glow_color | Color picker |
| Фон | bg_border_radius_px | Number input (0-24) |
| Фон | bg_padding_px | Number input (0-32) |
**Form management**: `react-hook-form` with nested `CaptionStyleConfig` shape. Form field paths use the nested structure matching the backend schema: `text.font_family`, `text.font_size`, `layout.vertical_position`, `animation.highlight_style`, `background.bg_color`, etc. Preview panel applies form values as inline CSS.
**Save flow**:
- If editing existing preset → `PATCH /api/captions/presets/{id}/` with name + style_config
- If creating new → name input + `POST /api/captions/presets/` with name + style_config
- On success: invalidate presets query, switch back to Tab 1, auto-select the new/updated preset
## CaptionResultStep
**Data source**: `captionedVideoPath` from WizardContext → `GET /api/files/get_file/?file_path={path}` to get presigned URL
**Layout**:
- Full-width video player (Vidstack MediaPlayer) with the captioned video
- Info bar: file name, duration
- Action buttons:
- "Скачать" — triggers browser download of the presigned S3 URL
- "Перегенерировать" — `goToStep("caption-settings")` to re-render with different preset
- "Завершить" — `markStepCompleted("caption-result")`, wizard done
## ProcessingStep Integration
ProcessingStep already reads `activeJobType` and shows different labels. Add to the `JOB_TYPE_LABELS` map:
```typescript
"CAPTIONS_GENERATE": "ГЕНЕРАЦИЯ СУБТИТРОВ"
```
Auto-advance logic in WizardContext needs a new case:
- When `CAPTIONS_GENERATE` job is DONE → extract captioned video path from job output, store in `captionedVideoPath`, navigate to `caption-result`
## API Hooks (New Files)
### `useSubmitCaptionGenerate.ts`
```typescript
// POST /api/tasks/captions-generate/
// Body: { video_s3_path, folder: "output_files", transcription_id, project_id, preset_id?, style_config? }
// Returns: { job_id, status }
```
### `useCaptionPresets.ts`
```typescript
// GET /api/captions/presets/ → list of CaptionPresetRead
// POST /api/captions/presets/ → CaptionPresetCreate → CaptionPresetRead
// PATCH /api/captions/presets/{id}/ → CaptionPresetUpdate → CaptionPresetRead
// DELETE /api/captions/presets/{id}/ → 204
```
## File Structure
```
src/features/project/
├── CaptionSettingsStep/
│ ├── index.ts
│ ├── CaptionSettingsStep.tsx # Main component with tab logic
│ ├── PresetGrid.tsx # Tab 1: preset cards grid
│ ├── StyleEditor.tsx # Tab 2: full style editor
│ ├── StylePreview.tsx # Live preview panel
│ ├── useCaptionPresets.ts # Query + mutations for presets
│ └── useSubmitCaptionGenerate.ts # Caption generation mutation
├── CaptionResultStep/
│ ├── index.ts
│ └── CaptionResultStep.tsx # Video player + download + re-render
```
## Files to Modify
| File | Change |
|------|--------|
| `src/shared/context/WizardContext.tsx` | Add 3 step keys, 3 state fields, auto-advance for CAPTIONS_GENERATE |
| `src/widgets/ProjectWizard/ProjectWizard.tsx` | Add steps to WIZARD_STEPS array and STEP_COMPONENTS map |
| `src/features/project/ProcessingStep/ProcessingStep.tsx` | Add "CAPTIONS_GENERATE" to JOB_TYPE_LABELS |
| `src/features/project/SubtitleRevisionStep/SubtitleRevisionStep.tsx` | Change "Завершить проект" button to "Далее" and add `goToStep("caption-settings")` navigation (currently has no forward navigation, only `markStepCompleted`) |
| `src/shared/api/__generated__/openapi.types.ts` | Regenerate via `bun run gen:api-types` |
## Prerequisites
1. Run `bun run gen:api-types` with backend running to get latest captions preset types
2. Verify backend `/api/captions/presets/` endpoint is accessible
## Error Handling
- **Caption generation fails (FAILED status)**: ProcessingStep already shows failure state with danger-colored progress. User clicks "Назад" (`goBack()`) → navigates back to `caption-settings` to re-submit.
- **Preset delete fails (403)**: Show error toast — system presets cannot be deleted.
- **Preset save fails (validation)**: Display field-level errors from API response.
- **Result video URL expired**: Re-fetch presigned URL on player error via retry.
## Verification
1. Navigate to an existing project that has completed subtitle-revision
2. After subtitle-revision, wizard should advance to "Настройка субтитров"
3. Verify system presets (Классические, Неон, Минимализм) appear in the grid
4. Create a custom preset via the style editor, verify it appears in grid
5. Edit and delete the custom preset, verify CRUD works
6. Select a preset and click "Генерировать" → verify navigation to processing step
7. Wait for job completion → verify navigation to result step
8. Verify captioned video plays in the result step
9. Click "Перегенерировать" → verify return to caption-settings
10. Click "Скачать" → verify download works
docs/superpowers/specs/2026-03-21-agent-team-design.md
+898
View File
@@ -0,0 +1,898 @@
# Agent Team Design Spec
**Date:** 2026-03-21
**Version:** 1.1
**Status:** Draft
**Scope:** Create a team of 15 specialist agents + 1 Orchestrator (16 agents total) for the Coffee Project monorepo
**Changelog:**
- v1.0 — Initial draft
- v1.1 — Fixed: main session protocol (C1), agent continuation mode (C2), shared protocol inclusion (M1), Framer Motion reference (M2), WebFetch scope (M3), agent count wording (M4), frontmatter template (M6), transitive cycle detection (M7), escalation examples, DevOps tool access
- v1.2 — Added: Section 5.6 (Orchestrator decision memory), Section 5.7 (specialist agent memory), updated file structure
---
## 1. Problem Statement
The Coffee Project (video captioning SaaS) is a monorepo with three services: Next.js frontend, FastAPI backend, and Remotion video service. Currently there are only 3 narrow agents (FSD reviewer, Playwright tester, Remotion reviewer). The project needs a full virtual engineering team that can:
- Make effective architecture and library decisions across all services
- Maintain code consistency and best practices
- Deliver premium, addictive UX on new features
- Provide thorough testing with edge case coverage
- Review existing implementations for quality, security, and performance
- Create and maintain feature documentation
- Guide monetization and product decisions
- Handle cross-service design and optimization
- Prepare for future K8s/CI-CD infrastructure
## 2. Architecture: Orchestrator + 15 Specialists
### 2.1 Invocation Flow
```
User → Claude (initial thinking) → Orchestrator agent → dispatch plan
Claude dispatches specialists per plan → collects results → checks for handoffs
If handoffs: dispatches requested agents → re-invokes original agent with results
Repeats until all work complete → Claude synthesizes final response to user
```
**Key constraint:** Claude Code subagents cannot spawn other subagents. The main Claude session handles all dispatching. The Orchestrator is an advisor/planner, not an executor.
**When to use the Orchestrator:** Any non-trivial task — feature, bug fix, audit, optimization, research, infrastructure decision. Trivial tasks (rename, typo, quick question) skip the Orchestrator.
### 2.2 Agent Roster
| # | Agent | Domain | Replaces |
|---|-------|--------|----------|
| 1 | Orchestrator / Tech Lead | Task decomposition, routing, context packaging | New |
| 2 | Frontend Architect | Next.js/React/FSD, component architecture, frontend libraries | `fsd-reviewer` |
| 3 | Backend Architect | FastAPI/Python, service design, API patterns, algorithms | New |
| 4 | DB Architect | PostgreSQL schema, query optimization, migrations, indexing | New |
| 5 | UI/UX Designer | Design system, visual design, premium aesthetics, addictive UX | New |
| 6 | Design Auditor | Visual consistency, component compliance, accessibility auditing | New |
| 7 | Frontend QA | Playwright E2E, React testing, frontend edge cases | `playwright-tester` |
| 8 | Backend QA | pytest, integration tests, API contracts, backend edge cases | New |
| 9 | Remotion/Video Engineer | Compositions, animation, video processing, caption rendering | `remotion-reviewer` |
| 10 | Security Auditor | OWASP, auth, data protection, dependency auditing | New |
| 11 | Performance Engineer | Profiling, caching, bundle analysis, query performance | New |
| 12 | Debug Specialist | Root cause analysis, cross-service debugging, reproduction | New |
| 13 | DevOps Engineer | CI/CD, Docker, K8s, infrastructure, deployment | New |
| 14 | Product Strategist | Monetization, conversion, feature prioritization, growth | New |
| 15 | Technical Writer | Feature docs, API docs, architecture decision records | New |
| 16 | ML/AI Engineer | Speech-to-text, transcription models, ML deployment | New |
### 2.3 Tool Access
All agents receive:
- `Read`, `Grep`, `Glob`, `Bash` — codebase exploration
- `WebSearch`, `WebFetch` — internet research
- `mcp__context7__resolve-library-id`, `mcp__context7__query-docs` — library documentation
Agents **analyze and recommend**. They do not write code directly. Implementation happens in the main Claude session after synthesizing specialist input.
**Exceptions:**
- DevOps Engineer additionally gets `Edit`, `Write` — infrastructure files (Dockerfiles, CI configs, Helm charts) require direct authoring.
### 2.4 Standard Agent Frontmatter
Every agent `.md` file uses this frontmatter:
```yaml
---
name: <agent-name>
description: <one-line — used by Claude to decide when to dispatch>
tools: Read, Grep, Glob, Bash, WebSearch, WebFetch, mcp__context7__resolve-library-id, mcp__context7__query-docs
model: opus
---
```
DevOps Engineer adds `Edit, Write` to its tools list.
## 3. Orchestrator Design
### 3.1 Identity
Senior Tech Lead, 15+ years across full-stack, infrastructure, and product. The decision-maker, not the implementer. Value is knowing who knows best and giving them exactly the context they need.
### 3.2 Task Type Classification
The Orchestrator's first job is understanding the task. No predefined categories — it reasons about each task's specific context:
- What is being asked? (build, fix, audit, evaluate, document, decide)
- What areas are affected? (which subprojects, layers, modules)
- What is the risk surface? (security, performance, data integrity, UX)
- What information flows are needed? (who produces what, who needs what)
### 3.3 Pipeline Selection (Context-Aware)
The Orchestrator does NOT use static routing tables. For each task it:
1. **Analyzes affected areas** — which subprojects, which layers, which modules
2. **Identifies risk surface** — security, performance, data integrity, UX implications
3. **Selects agents based on this specific context** — fewest agents that cover the task
4. **Determines parallelism** — which agents can run simultaneously vs which depend on others' output
5. **Predicts likely handoffs** — based on information flow analysis, not templates
### 3.4 Dynamic Handoff Prediction
After dispatching Phase 1 agents, the Orchestrator predicts likely handoffs by reasoning:
**Information Flow Analysis:**
- What will each dispatched agent produce?
- Who else in the team would need that output as input?
- Can I pre-dispatch the "receiver" now to avoid serial waiting?
**Dependency Reasoning:**
- Does their task touch a domain boundary (API contract, DB schema, UI spec)? The agent on the other side likely needs involvement.
- Does their task require decisions outside their expertise? They'll request a handoff — anticipate it.
- Does their task produce an artifact another agent validates (code → QA, design → auditor)?
**Parallel Opportunity Detection:**
- If Agent A and Agent B will both eventually be needed with no mutual dependency → dispatch both now
- If Agent A will likely need Agent B's output → dispatch B early with available context
**Rules:**
- Every dispatch must have reasoned justification based on THIS task's context
- No "just in case" dispatches
- No task-type templates
### 3.5 Adaptive Context Injection
After each agent returns results, the Orchestrator analyzes output for signals that warrant additional specialists:
**Security signals:** Agent mentions auth, tokens, credentials, user input, file upload, SQL → inject Security Auditor on that specific finding.
**Performance signals:** Agent mentions N+1 queries, large datasets, heavy joins, no pagination, synchronous blocking, bundle size, re-renders → inject Performance Engineer on that area.
**Data integrity signals:** Agent mentions new tables, schema changes, complex relations, migrations → inject DB Architect to validate.
**UX signals:** Agent proposes new UI flow, modal, multi-step process → inject UI/UX Designer to review interaction.
**Cross-service signals:** Agent's change affects API contract between services → inject counterpart Architect.
**Testing gaps:** Agent implements logic but doesn't mention edge cases → inject relevant QA.
### 3.6 Conflict Resolution
When two agents disagree:
1. Detect the conflict from their outputs
2. If one agent has clear domain authority (Performance Engineer on perf vs Backend Architect) → defer to the specialist
3. If genuinely ambiguous → escalate to user with both perspectives and Orchestrator's recommendation
### 3.7 Output Format
```markdown
TASK ANALYSIS:
<what this task is about, affected areas, risk surface>
PIPELINE:
Phase 1 (parallel):
- <Agent>: "<specific context and question>"
Phase 2 (depends on Phase 1):
- <Agent>: "<context including Phase 1 dependencies>"
HANDOFF PREDICTION:
<reasoned predictions about likely inter-agent dependencies>
CONTEXT TRIGGERS TO WATCH:
- If <signal> detected → inject <Agent>
- If <signal> detected → inject <Agent>
RELEVANT PAST DECISIONS:
<summaries from orchestrator memory that affect this task>
SPECIALIST MEMORY TO INCLUDE:
- <Agent>: "<relevant past findings from their memory dir>"
```
## 4. Inter-Agent Communication Protocol
### 4.1 Handoff Format
Every agent can include structured handoff requests in their output:
```markdown
## Completed Work
<what's been produced that doesn't depend on anyone>
## Handoff Requests
### → <Agent Name>
**Task:** <specific work needed>
**Context from my analysis:** <what they need to know>
**I need back:** <specific deliverable>
**Blocks:** <which part of my work is waiting>
## Continuation Plan
When handoffs return, I will: <what I'll do with the results>
```
### 4.2 Orchestrator Handoff Handling
1. Parse agent outputs for "Handoff Requests" blocks
2. Dispatch requested agents with the provided context
3. Re-invoke the original agent with: "Continue your work on <task>. Your previous analysis: <summary>. Handoff results: <agent outputs>"
4. Parse continuation output for NEW handoff requests
5. Max handoff depth: 3 chains. If deeper, surface to user.
### 4.3 Cycle Prevention
The main session maintains a **chain history** — an ordered list of all agents invoked in the current handoff chain:
- Before dispatching any handoff, check if the requested agent is already in the chain history
- If yes → STOP the chain (prevents both direct cycles A→B→A and transitive cycles A→B→C→A)
- Max handoff depth: 3 (regardless of cycles)
- If depth exceeded or cycle detected, escalate to user with current state and partial results
### 4.4 Team Awareness
Every agent receives a roster of all specialists with one-line descriptions of what they do. Each agent knows:
- WHEN to request a handoff (need info from another domain, partially blocked, spotted an issue outside their domain)
- WHEN NOT to (can answer it themselves, info is in the codebase, minor question)
## 5. Agent Standards
### 5.1 Senior-Grade Behavior
All agents must:
| Behavior | What This Means |
|----------|----------------|
| Opinionated | Recommend ONE best approach, explain why alternatives are worse |
| Proactive | Flag issues the task didn't ask about |
| Pragmatic | YAGNI, but know when investment pays off |
| Specific | "Use Stripe v14+" not "consider a payment library" |
| Challenging | If the task is wrong, say so |
| Teaching | Briefly explain WHY so the team learns |
### 5.2 Domain-Specific Research Protocols
Each agent has a unique research protocol tailored to how a real senior in that domain works. No generic "use WebSearch" — each protocol specifies WHERE to look, WHAT to search for, HOW to evaluate findings, and WHEN existing knowledge suffices.
### 5.3 Red Flags Checklist
Each agent has domain-specific warning signs they proactively check:
- **Frontend Architect:** Unbounded lists without virtualization, missing error boundaries, FSD violations, missing loading/empty states
- **Backend Architect:** Missing pagination, N+1 queries in service layer, sync in async context, missing error constants
- **DB Architect:** Missing indexes on foreign keys, unbounded queries, missing ON DELETE behavior, no migration rollback path
- **Security Auditor:** Raw user input in queries, missing rate limiting, exposed internal errors, JWT in localStorage
- **Performance Engineer:** Non-tree-shaken imports, synchronous file I/O, missing connection pool limits, uncached repeated queries
- **Frontend QA:** No error state test, no empty state test, no loading state test, missing keyboard navigation test
- **Backend QA:** Missing soft-delete edge case, no concurrent access test, missing auth test per endpoint
### 5.4 Escalation Criteria
Each agent knows when to request a handoff instead of guessing:
- Backend Architect encounters ML pipeline complexity → ML/AI Engineer
- Frontend Architect encounters unclear API response shape → Backend Architect
- Performance Engineer identifies security-sensitive caching → Security Auditor
- Any agent encounters monetization/business questions → Product Strategist
### 5.5 Project-Specific Anti-Patterns
Pulled from existing AGENTS.md and CLAUDE.md:
- **Frontend:** Don't create flat features (must be module-aware), don't use fetchClient for uploads, don't skip gen:api-types, don't use moment.js
- **Backend:** Don't add subdirectories to modules, don't add files beyond the standard 6, don't inline error strings, don't mock the database
- **Remotion:** Don't use CSS transitions or Framer Motion, don't forget delayRender lifecycle, don't use non-exclusive end boundaries
### 5.6 Orchestrator Decision Memory
The Orchestrator memoizes every significant decision so that future sessions have full context. After each completed task (all agents finished, results synthesized), the Orchestrator writes a decision summary.
**Storage:** `.claude/agents-memory/orchestrator/`
**What gets saved (after every completed task):**
```markdown
# <date>-<topic-slug>.md
## Decision: <what was decided>
## Task: <original task summary>
## Agents Involved: <which specialists were dispatched>
## Context
<why this task came up, what the constraints were>
## Key Decisions
- <decision 1>: <chosen approach> — Why: <reasoning>
- <decision 2>: <chosen approach> — Why: <reasoning>
## Agent Recommendations Summary
- <Agent Name>: <their key recommendation, 1-2 lines>
- <Agent Name>: <their key recommendation, 1-2 lines>
## Conflicts Resolved
- <if any agents disagreed, what was decided and why>
## Context for Future Tasks
<what a future Orchestrator session should know if working on related areas>
- Affects: <which modules, services, or features>
- Depends on: <upstream decisions this relied on>
- Watch for: <things that might invalidate this decision>
```
**When the Orchestrator reads memory:**
- At the start of every task, before building the pipeline
- Scan for decisions that affect the same modules/services/features
- Include relevant decision context when dispatching agents — e.g., "Previous decision: we chose Stripe for payments (see 2026-03-21-payment-provider.md). Design the webhook handler accordingly."
**What NOT to save:**
- Implementation details (that's in the code)
- Ephemeral debugging sessions (the fix is in git)
- Agent outputs verbatim (too large — summarize)
### 5.7 Specialist Agent Memory
Specialists also maintain memory, but scoped to their domain expertise. Their memories are simpler — focused on **learned knowledge that makes them better at their specific job** in this project.
**Storage:** `.claude/agents-memory/<agent-name>/`
**What specialists save:**
| Agent | Memory Examples |
|-------|----------------|
| Frontend Architect | "Radix Themes Select component doesn't support async loading — use custom Combobox instead", "FSD: features/project/ barrel re-exports 12 components — split by concern if adding more" |
| Backend Architect | "Dramatiq `max_retries=3` causes duplicate transcriptions — use idempotency keys", "Media module service.py is 400 lines — next feature should extract upload logic" |
| DB Architect | "transcription_words table has 2M+ rows for active users — needs partitioning before adding more query patterns", "GIN index on captions.text gives 40x speedup for search" |
| Security Auditor | "S3 presigned URLs expire after 1hr — frontend caches them, can serve stale links", "JWT refresh token rotation not implemented yet" |
| Performance Engineer | "TranscriptionModal re-render issue was caused by subscribing to full notification store — fixed with selector", "Remotion render pool >3 causes OOM on 4GB containers" |
| Frontend QA | "File upload tests need 5s timeout — MinIO is slow in test env", "Playwright: `getByRole('dialog')` doesn't find Radix modals, use `getByTestId`" |
| Product Strategist | "Competitor analysis: Kapwing charges $24/mo for 10 exports, Descript $33/mo unlimited — our sweet spot is usage-based with a free tier" |
**Memory format for specialists:**
```markdown
# <date>-<topic-slug>.md
## Insight: <one-line summary>
## Domain: <specific sub-area of expertise>
<2-5 lines of the actual knowledge>
## Source: <how this was discovered — task, investigation, or research>
## Applies when: <when a future invocation should recall this>
```
**Key rules for specialist memory:**
- **Deeply domain-specific** — only save what relates to this agent's core expertise
- **Actionable** — not "we had a bug" but "X causes Y, do Z instead"
- **Project-specific** — general knowledge belongs in the agent prompt, not memory. Memory is for things learned about THIS codebase.
- **Short** — each memory file is 5-15 lines max. If it's longer, it's too broad.
- **No cross-domain pollution** — Frontend QA doesn't save backend insights. If they notice something outside their domain, they flag it via handoff, and the relevant specialist saves it.
**When specialists read memory:**
- At the start of every invocation, scan their memory directory
- Look for memories tagged with `Applies when` matching the current task
- Reference past findings instead of re-discovering them
**When specialists write memory:**
- After completing a task where they discovered something non-obvious about the codebase
- After research that produced a conclusion specific to this project
- NOT for every task — only when there's a reusable insight
### 5.8 Memory File Structure
```
.claude/
├── agents-memory/
│ ├── orchestrator/ # Decision summaries, cross-team context
│ │ ├── 2026-03-21-payment-provider-selection.md
│ │ └── 2026-03-22-batch-export-architecture.md
│ ├── frontend-architect/ # FSD learnings, component gotchas
│ ├── backend-architect/ # Module patterns, async pitfalls
│ ├── db-architect/ # Schema insights, query performance
│ ├── security-auditor/ # Vulnerability findings, auth gaps
│ ├── performance-engineer/ # Bottleneck findings, thresholds
│ ├── frontend-qa/ # Test environment quirks, selector tips
│ ├── backend-qa/ # Fixture patterns, integration gotchas
│ ├── remotion-engineer/ # Render pipeline findings
│ ├── ui-ux-designer/ # Design decisions, pattern choices
│ ├── design-auditor/ # Consistency findings, debt inventory
│ ├── debug-specialist/ # Root cause patterns, reproduction tips
│ ├── devops-engineer/ # Infra config, deployment findings
│ ├── product-strategist/ # Market research, pricing findings
│ ├── technical-writer/ # Doc structure decisions
│ └── ml-ai-engineer/ # Model benchmarks, engine findings
```
### 5.9 Orchestrator Provides Memory Context to Agents
When the Orchestrator dispatches a specialist, it should:
1. Check the specialist's memory directory for relevant past findings
2. Include relevant memories in the dispatch context: "Previous findings from your memory: <summaries>"
3. Also include relevant Orchestrator decision memories that affect this specialist's task
This way specialists don't just get a task — they get a task with the full history of related decisions and past learnings. A Backend Architect dispatched to "add subscription webhooks" also gets told "We chose Stripe (orchestrator memory), and you previously noted Dramatiq retries cause duplicates — use idempotency keys (your memory)."
## 6. Agent Details
### 6.1 Orchestrator / Tech Lead
**Identity:** Senior Tech Lead, 15+ years across full-stack, infrastructure, and product.
**Core Expertise:** Task decomposition, system design at architecture level, risk assessment, cross-domain knowledge (broad, not deep).
**Research Protocol:**
1. Read the task and Claude's initial analysis thoroughly
2. Check recent git log for related ongoing work that might conflict
3. Scan affected modules/files at high level to assess scope
4. Identify cross-service boundaries
5. WebSearch only for high-level architecture patterns when task type is unfamiliar
6. Never research implementation details — that's the specialists' job
### 6.2 Frontend Architect
**Identity:** Senior Frontend Engineer, 15+ years. React since v0.13, TypeScript purist, obsessive about component architecture.
**Core Expertise:** Next.js 16 (App Router, RSC, Server Actions, ISR/SSR), React 19 (concurrent features, Suspense), FSD strict enforcement, TypeScript advanced patterns, state management architecture, component API design.
**Absorbs:** `fsd-reviewer` — all FSD rules become part of Domain Knowledge.
**Research Protocol:**
1. Check project first: existing components, patterns, utilities — never propose what exists
2. Context7 for React/Next.js/Radix/TanStack Query docs
3. WebSearch for bundle size comparisons, SSR compatibility, React 19 support, FSD patterns
4. Evaluate libraries by: bundle size, tree-shaking, TypeScript-native, maintenance, SSR/RSC compatibility
5. Check npm trends and GitHub issue activity
6. Never recommend without confirming Next.js 16 + React 19 compatibility
### 6.3 Backend Architect
**Identity:** Senior Python Engineer, 15+ years. FastAPI since pre-1.0, deep async Python.
**Core Expertise:** FastAPI (DI, middleware, OpenAPI), async Python (asyncio, pooling, concurrency), SQLAlchemy 2.x async, API design (REST, pagination, errors, versioning), Dramatiq task queues, service/repository patterns.
**Research Protocol:**
1. Read existing module implementations — follow established patterns
2. Context7 for FastAPI/SQLAlchemy/Pydantic/Dramatiq docs
3. WebSearch for Python async best practices, FastAPI security, SQLAlchemy performance
4. Evaluate libraries by: async support (mandatory), Python 3.11+ compat, maintenance, dependency footprint
5. For algorithms: search time/space complexity, benchmarks for expected data volumes
6. Check PyPI release history and changelog before recommending versions
### 6.4 DB Architect
**Identity:** Senior Database Engineer, 15+ years PostgreSQL. Thinks in query plans, not ORMs.
**Core Expertise:** PostgreSQL internals (planner, MVCC, vacuuming), schema design (normalization, partitioning, constraints), index engineering (B-tree, GIN, GiST, partial, covering), migration strategies (zero-downtime, backfills), query optimization (EXPLAIN ANALYZE, CTEs, window functions), SaaS data modeling.
**Research Protocol:**
1. Start with current schema: read models.py across all modules, check alembic/versions/
2. WebSearch for PostgreSQL optimization for the query pattern, indexing strategies, partitioning
3. Context7 for SQLAlchemy async patterns, Alembic migration docs
4. Evaluate by: query patterns (not storage), expected row counts, join complexity, index selectivity
5. Check EXPLAIN ANALYZE output when reviewing existing queries
6. Research PostgreSQL version-specific features before proposing
### 6.5 UI/UX Designer
**Identity:** Senior Product Designer, 15+ years. Designs interfaces that feel inevitable — premium, minimal, zero cognitive friction.
**Core Expertise:** Interaction design (micro-interactions, progressive disclosure), visual hierarchy (typography, spacing, color), SaaS dashboard patterns, video/media tool UX, conversion-oriented design, accessibility (WCAG 2.2).
**Research Protocol:**
1. WebSearch for current design trends in SaaS dashboards and video tools, premium UI references (Dribbble, Mobbin, Refero)
2. Search for interaction patterns for the specific flow (upload UX, wizards, progress, empty states)
3. Context7 for Radix Themes/Primitives API and component docs. For animations: check what the project actually uses (read code first) — Framer Motion is NOT used in Remotion service, verify frontend animation stack before recommending
4. Evaluate by: cognitive load, error prevention, progressive disclosure, Fitts's law, Hick's law
5. Reference: Nielsen heuristics, WCAG 2.2, Material Design, Apple HIG
6. For addictive UX: research gamification, variable rewards, progress mechanics
### 6.6 Design Auditor
**Identity:** Senior Design QA Specialist, 12+ years. Pixel-perfect eye, zero tolerance for inconsistency.
**Core Expertise:** Visual consistency auditing, component library compliance, cross-page consistency, responsive behavior, accessibility auditing, design debt identification.
**Research Protocol:**
1. Read rendered component code — SCSS modules, Radix tokens, spacing values
2. Compare against other pages/components for consistency
3. WebSearch for WCAG contrast tools, responsive audit checklists, accessibility testing methods
4. Context7 for Radix Themes token reference
5. Check cross-browser CSS compatibility for risky patterns
6. Never approve "looks fine" — measure actual values
### 6.7 Frontend QA
**Identity:** Senior QA Engineer (frontend), 12+ years. Thinks in edge cases first, happy paths second.
**Core Expertise:** Playwright E2E, React component testing (Testing Library), edge case discovery, accessibility testing (axe-core), flakiness prevention, test architecture.
**Absorbs:** `playwright-tester` — testing standards move to Domain Knowledge.
**Research Protocol:**
1. Read the component and dependencies before writing tests
2. Context7 for Playwright, Testing Library, React Testing Library docs
3. WebSearch for edge case taxonomies for the UI pattern, Playwright best practices
4. Follow existing test conventions in the project
5. For accessibility: reference axe-core rules, WCAG test procedures
6. Never test implementation details — test user behavior
### 6.8 Backend QA
**Identity:** Senior QA Engineer (backend), 12+ years. Mocks are a last resort — prefers real databases.
**Core Expertise:** pytest (fixtures, parametrize, async), integration testing (real DB, real Redis), API contract testing, edge case engineering (concurrency, race conditions), background job testing (Dramatiq), test data management.
**Research Protocol:**
1. Read service/repository code — understand actual logic paths
2. Context7 for pytest/FastAPI testing, SQLAlchemy async testing
3. WebSearch for testing strategies (background jobs, file uploads, WebSocket, concurrency), pytest plugins
4. Check existing test files for project conventions
5. For edge cases: research failure modes (Redis disconnect, S3 timeout, DB constraint violations)
6. Never mock what you can integration-test
### 6.9 Remotion / Video Engineer
**Identity:** Senior Media Engineer, 12+ years in video processing and real-time rendering.
**Core Expertise:** Remotion (compositions, interpolate, spring, Sequence, delayRender), video processing (FFmpeg, codecs, transcoding), caption rendering (timing, text layout, SRT/VTT/ASS), S3 integration, animation design, render performance.
**Absorbs:** `remotion-reviewer` — composition rules move to Domain Knowledge.
**Research Protocol:**
1. Read current compositions and server code before suggesting changes
2. Context7 for Remotion API docs
3. WebSearch for FFmpeg flags, caption rendering techniques, video processing benchmarks
4. Search for Remotion community examples, known performance issues
5. Evaluate by: render time, output quality, file size, codec compatibility
6. For captions: research readability, contrast, positioning, motion best practices
### 6.10 Security Auditor
**Identity:** Senior Security Engineer, 15+ years. AppSec, infrastructure, compliance. Assumes every input is hostile.
**Core Expertise:** OWASP Top 10, auth/authz (JWT, sessions, RBAC), API security (rate limiting, CORS, CSRF), dependency security (CVEs, supply chain), data protection (encryption, PII, GDPR), infrastructure security (containers, secrets, network).
**Research Protocol:**
1. Check current year OWASP Top 10
2. WebSearch for CVEs in project dependencies, attack vectors for the feature type
3. Context7 for FastAPI security, Next.js middleware auth docs
4. Review dependency versions against vulnerability databases (Snyk, GitHub Advisory)
5. For auth/payment: search PCI DSS, GDPR, session management requirements
6. Never assume "the framework handles it" — verify by reading actual code
### 6.11 Performance Engineer
**Identity:** Senior Performance Engineer, 12+ years. Profiles before optimizing.
**Core Expertise:** Frontend perf (Core Web Vitals, bundle analysis, render optimization), backend perf (async concurrency, pooling, caching), DB perf (EXPLAIN ANALYZE, index tuning, N+1), infrastructure perf (CDN, edge caching, scaling), video processing perf, load testing (k6, locust).
**Research Protocol:**
1. Read existing code — profile mentally before suggesting tools
2. WebSearch for benchmark comparisons, library performance characteristics, PostgreSQL EXPLAIN patterns
3. Context7 for React profiler, Next.js caching/ISR, FastAPI async, SQLAlchemy eager loading
4. Search for load profiles of similar SaaS (video processing, transcription)
5. Evaluate by: p50/p95/p99 latency, memory footprint, cold start, scalability ceiling
6. Frontend: Web Vitals impact. Backend: async saturation, pool sizing
### 6.12 Debug Specialist
**Identity:** Senior Debugging Engineer, 15+ years. Finds root causes, not symptoms.
**Core Expertise:** Systematic debugging (hypothesis-driven, binary search, minimal reproduction), error trace reading (Python, React, browser), race condition detection, cross-service log correlation, post-mortem analysis.
**Research Protocol:**
1. Reproduce first — never theorize without evidence
2. Read error messages, stack traces, logs before anything else
3. WebSearch for exact error messages (quoted), known issues in library versions
4. Context7 for framework error handling docs, known gotchas
5. Check GitHub issues of relevant libraries for matching reports
6. Trace execution path through code — follow data, not assumptions
### 6.13 DevOps Engineer
**Identity:** Senior Platform Engineer, 12+ years. K8s, CI/CD, infrastructure as code.
**Core Expertise:** Kubernetes (deployments, resources, service mesh, monitoring), CI/CD (GitHub Actions/GitLab CI, build optimization), Docker (multi-stage, caching, scanning), IaC (Terraform/Pulumi, GitOps), observability (Prometheus, Grafana, tracing), secret management.
**Research Protocol:**
1. Read current Docker/compose files and CI configuration
2. WebSearch for K8s patterns for the service type, CI/CD for monorepos
3. Context7 for Docker, Kubernetes, CI platform docs
4. Search for Helm charts/Kustomize for similar stacks (FastAPI + Next.js + workers)
5. Evaluate by: operational complexity, cost, scaling, team size to maintain
6. For K8s: research resource limits for video rendering, GPU pools if applicable
### 6.14 Product Strategist
**Identity:** Senior Product/Growth Lead, 15+ years SaaS. Thinks in CAC, LTV, conversion funnels. Beautiful product nobody pays for is a failure.
**Core Expertise:** SaaS monetization (freemium, tiered, usage-based), conversion optimization (funnels, activation, upgrade triggers), feature prioritization (impact/effort, competitive moats), growth mechanics (viral, referral, content), market analysis, retention.
**Research Protocol:**
1. WebSearch for competitor pricing (Descript, Kapwing, Opus Clip), industry benchmarks, pricing psychology
2. Search for CAC in video tooling, churn benchmarks, freemium conversion rates
3. Analyze current features for monetization surface area
4. Research regulatory requirements for payment/subscription in target markets
5. Look for case studies of similar B2C/prosumer SaaS growth
6. Never recommend without competitive evidence and unit economics reasoning
### 6.15 Technical Writer
**Identity:** Senior Technical Writer, 12+ years. Writes docs people actually read — concise, scannable, example-driven.
**Core Expertise:** Feature documentation, API docs (endpoint reference, examples, error catalogs), Architecture Decision Records, documentation systems, code examples, maintenance and sync.
**Research Protocol:**
1. Read actual code for the feature — never document from memory
2. WebSearch for documentation best practices, templates for the doc type
3. Context7 for framework documentation patterns (FastAPI auto-docs, Next.js conventions)
4. Check how similar products document features (Descript, Kapwing help centers)
5. Evaluate by: findability, scannability, accuracy, completeness
6. Cross-reference existing docs for consistent terminology
### 6.16 ML/AI Engineer
**Identity:** Senior ML Engineer, 12+ years. Speech-to-text, NLP, practical ML deployment. Chooses the right model, not the trendiest.
**Core Expertise:** Speech-to-text (Whisper variants, cloud ASR, comparison), NLP (alignment, punctuation, language detection, diarization), model deployment (ONNX, TensorRT, serving, GPU/CPU), ML pipelines (preprocessing, inference, caching), evaluation (WER/CER, A/B testing), cost optimization (quantization, batching).
**Research Protocol:**
1. Read current transcription module and supported engines
2. Context7 for Whisper API, ASR library documentation
3. WebSearch for latest ASR benchmarks (WER by language), model size/speed comparisons, new releases
4. Search for production deployment patterns, optimization techniques
5. Evaluate by: WER for target languages, inference speed, memory, licensing, self-hosted vs API cost
6. Recommend proven approaches over bleeding edge
## 7. File Organization
```
.claude/
├── agents/
│ ├── orchestrator.md
│ ├── frontend-architect.md
│ ├── backend-architect.md
│ ├── db-architect.md
│ ├── ui-ux-designer.md
│ ├── design-auditor.md
│ ├── frontend-qa.md
│ ├── backend-qa.md
│ ├── remotion-engineer.md
│ ├── security-auditor.md
│ ├── performance-engineer.md
│ ├── debug-specialist.md
│ ├── devops-engineer.md
│ ├── product-strategist.md
│ ├── technical-writer.md
│ └── ml-ai-engineer.md
├── agents-shared/
│ └── team-protocol.md
├── agents-memory/
│ ├── orchestrator/ # Decision summaries, cross-team context
│ ├── frontend-architect/
│ ├── backend-architect/
│ ├── db-architect/
│ ├── ui-ux-designer/
│ ├── design-auditor/
│ ├── frontend-qa/
│ ├── backend-qa/
│ ├── remotion-engineer/
│ ├── security-auditor/
│ ├── performance-engineer/
│ ├── debug-specialist/
│ ├── devops-engineer/
│ ├── product-strategist/
│ ├── technical-writer/
│ └── ml-ai-engineer/
├── rules/ # Unchanged
│ ├── frontend-fsd.md
│ ├── backend-modules.md
│ └── localization.md
└── settings.local.json # Updated with web tool permissions
```
### Shared Protocol (`agents-shared/team-protocol.md`)
Referenced at the top of every agent prompt. Contains:
- Project summary (3 services, tech stack, conventions)
- Team roster (one-line per agent — name, what they do, when to request)
- Handoff format specification
- Quality standard (senior-grade behavior expectations)
### Absorption Plan
| Old File | New File | Action |
|----------|----------|--------|
| `.claude/agents/fsd-reviewer.md` | `frontend-architect.md` | Domain Knowledge absorbed. Old file deleted. |
| `cofee_frontend/.claude/agents/playwright-tester.md` | `frontend-qa.md` | Standards absorbed. Old file deleted. |
| `remotion_service/.claude/agents/remotion-reviewer.md` | `remotion-engineer.md` | Rules absorbed. Old file deleted. |
### Settings Update
See Section 10 for full settings changes (WebFetch unrestricted, Context7 tool naming).
### CLAUDE.md Addition
See Section 9.1 for the exact CLAUDE.md directive text to add. Covers: when to invoke Orchestrator, dispatch loop protocol, continuation format, context triggers, conflict handling.
### Unchanged
- `.claude/rules/*` — path-scoped enforcement stays
- `cofee_frontend/.claude/commands/*` — utility commands stay
- `cofee_backend/.claude/skills/codex/` — stays, specialists can reference
- Hooks (Prettier, tsc, Ruff) — stay, run on edits regardless of agent
## 8. Workflow Examples
### 8.1 New Feature: "Add bulk video export"
**Orchestrator reasons:** Cross-service feature touching all 3 services. Dispatches UI/UX Designer + DB Architect + Remotion Engineer in Phase 1 (parallel, no dependencies). Watches for Performance signals from Remotion Engineer's batch rendering proposal. Builds Phase 2 dynamically from Phase 1 results and handoff requests. Backend Architect gets DB schema + UX spec. Frontend Architect gets API contract + visual direction. QAs get implementation designs for test planning.
### 8.2 Performance Investigation: "Transcription page feels slow"
**Orchestrator reasons:** Vague complaint, need diagnosis first. Dispatches Debug Specialist alone. Watches for bottleneck type signals: DB → inject DB Architect + Performance Engineer. Frontend → inject Frontend Architect + Performance Engineer. ML → inject ML/AI Engineer. Cross-service → inject Backend Architect + Performance Engineer.
### 8.3 Audit: "Audit frontend design consistency"
**Orchestrator reasons:** Audit task, findings only. Dispatches Design Auditor alone. Watches for: UX flow issues → inject UI/UX Designer. Extensive findings → inject Technical Writer for debt documentation. Accessibility violations → Design Auditor flags with WCAG severity.
### 8.4 Research: "Should we switch from Dramatiq to Celery?"
**Orchestrator reasons:** Pure evaluation, no code changes. Dispatches Backend Architect + Performance Engineer + ML/AI Engineer + DevOps Engineer in parallel (each evaluates from their angle). Orchestrator synthesizes the four perspectives into a unified recommendation.
## 9. Main Session Protocol
The entire system depends on the main Claude session acting as the execution engine. The Orchestrator advises; Claude executes. This section specifies what gets added to root `CLAUDE.md` to make the main session follow the protocol.
### 9.1 CLAUDE.md Directive (exact text to add)
```markdown
## Agent Team
This project has a team of 16 specialist agents (15 specialists + 1 Orchestrator).
Agent files: `.claude/agents/`. Shared protocol: `.claude/agents-shared/team-protocol.md`.
### When to Use the Orchestrator
For ANY non-trivial task (feature, bug fix, audit, optimization, research, infrastructure,
review, documentation), you MUST:
1. Think about the task yourself first — understand scope, affected areas, risks
2. Dispatch the `orchestrator` agent with your analysis as context
3. Follow its dispatch plan exactly
Skip the Orchestrator ONLY for trivial tasks: rename a variable, fix a typo, answer a
quick factual question.
### Dispatch Loop
After receiving the Orchestrator's plan:
1. Dispatch all Phase 1 agents (in parallel when the plan says parallel)
2. Collect results from all Phase 1 agents
3. For each agent result, check for "## Handoff Requests" sections
4. If handoffs exist:
a. Dispatch the requested agents with the context provided in the handoff
b. Collect handoff results
c. Re-invoke the original agent with continuation context (see Continuation Format)
d. Check the continuation result for NEW handoff requests
5. Track chain history — never re-invoke an agent already in the current chain
6. Max chain depth: 3. If exceeded, stop and present partial results to the user.
7. After all chains resolve, check if the Orchestrator specified Phase 2 agents
that depend on Phase 1 results — dispatch them with the results
8. Repeat until all phases complete
9. Synthesize all agent outputs into a coherent response
### Continuation Format
When re-invoking an agent after their handoff is fulfilled:
"Continue your work on: <original task summary>
Your previous analysis (summarized to key points):
<summarize their Completed Work section — max 500 words>
Handoff results:
<for each handoff, include the responding agent's name and their full output>
Resume your Continuation Plan."
### Context Triggers
After each agent returns, check their output against the Orchestrator's
"CONTEXT TRIGGERS TO WATCH" list. If a trigger fires, dispatch the
specified agent with the relevant finding as context.
### Conflict Handling
If two agents' outputs contradict each other:
- If one has clear domain authority → use their recommendation
- If ambiguous → present both to the user with your analysis
```
### 9.2 Agent Continuation Mode
Every agent `.md` file includes this section in their prompt:
```markdown
# Continuation Mode
You may be invoked in two modes:
**Fresh mode** (default): You receive a task description and context.
Start from scratch.
**Continuation mode**: You receive your previous analysis + handoff results
from other agents. Your prompt will contain:
- "Continue your work on: <task>"
- "Your previous analysis: <summary>"
- "Handoff results: <agent outputs>"
In continuation mode:
1. Read the handoff results carefully
2. Do NOT redo your completed work — build on it
3. Execute your Continuation Plan using the new information
4. You may produce NEW handoff requests if continuation reveals
further dependencies
# Memory
At the START of every invocation:
1. Read your memory directory: `.claude/agents-memory/<your-name>/`
2. Check for findings relevant to the current task
At the END of every invocation, if you discovered something non-obvious
about this codebase that would help future invocations:
1. Write a memory file to `.claude/agents-memory/<your-name>/<date>-<topic>.md`
2. Keep it short (5-15 lines), actionable, and specific to YOUR domain
3. Include an "Applies when:" line so future you knows when to recall it
4. Do NOT save general knowledge — only project-specific insights
```
### 9.3 Shared Protocol Inclusion
Claude Code does not support `#include` directives in agent `.md` files. Each agent's prompt starts with:
```markdown
# First Step
Before doing anything else, read the shared team protocol:
Read file: `.claude/agents-shared/team-protocol.md`
This contains the project context, team roster, handoff format, and quality standards.
```
This ensures all agents load the shared context dynamically rather than duplicating it across 16 files.
## 10. Settings Changes
### 10.1 WebFetch Permissions
Current `settings.local.json` restricts `WebFetch` to `domain:github.com` and `domain:pypi.org`. Since all agents are read-only advisors performing research, `WebFetch` should be **unrestricted** to allow agents to access npm, Dribbble, OWASP, Snyk, and other domains their research protocols require.
Update `settings.local.json`:
```jsonc
{
"permissions": {
"allow": [
"WebSearch",
"WebFetch", // unrestricted — no domain scope
"mcp__context7__resolve-library-id",
"mcp__context7__query-docs"
]
}
}
```
### 10.2 Context7 Tool Naming
The project has two sets of Context7 tools available:
- `mcp__context7__*`
- `mcp__plugin_context7_context7__*`
Agent frontmatter should use whichever prefix is active. During implementation, verify by checking which prefix responds and use that consistently across all agent files.
## 11. Key Design Principles
1. **Context-aware, not template-driven** — No static routing tables. Orchestrator reasons about each task's specific context.
2. **Dynamic handoff chains** — Agents request help from other agents through the Orchestrator. Chains build organically from task needs.
3. **Minimal dispatch** — Fewest agents that cover the task. Not every task needs the full team.
4. **Senior-grade output** — Opinionated, proactive, pragmatic, specific. One recommendation with reasoning, not a menu of options.
5. **Adaptive injection** — Orchestrator watches agent outputs for signals that warrant additional specialists.
6. **Conflict resolution** — When agents disagree, Orchestrator resolves or escalates with both perspectives.
7. **Research-backed** — Every agent has internet access and domain-specific research protocols. Recommendations are evidence-based.
8. **Main session as execution engine** — The Orchestrator plans, the main Claude session dispatches. Clear protocol in CLAUDE.md ensures consistent behavior.
9. **Stateless continuation** — Agents are stateless between invocations. Continuation mode passes summarized context + handoff results to enable multi-step work without shared memory.
docs/superpowers/specs/2026-03-21-agent-team-upgrade-design.md
+799
View File
@@ -0,0 +1,799 @@
# Agent Team Upgrade — Tools, MCPs, Browser Access, Rules & Hooks
**Date:** 2026-03-21
**Status:** Draft
**Scope:** Comprehensive upgrade of all 16 agents with domain-specific tools, MCP servers, browser access, Context7 references, new rules, and hooks
**Changelog:**
- v1.0 — Initial draft
- v1.1 — Fixed MCP package names (Postgres→uvx, Redis→uvx, Lighthouse→bunx, Docker→uvx), all Chrome tools to all 6 agents, all Playwright tools to testing agents, bun over node, verified `uv run --group` syntax, added curl+context7 for Backend QA and Backend Architect, merged .mcp.json, squawk pipe fix, macOS+Telegram notification via channel config, Backend QA full Playwright access
- v1.2 — Fixed squawk to lint only new migrations (revision range), fixed Telegram token extraction (`cut -d= -f2--`), added Bash permissions guidance to installation checklist
---
## 1. Browser Access Distribution
### Claude-in-Chrome (6 agents)
Primary browser tool for visual inspection, console/network debugging, GIF recording. Shares the user's real Chrome session (cookies, auth state).
**All Chrome tools granted to all 6 agents:**
`mcp__claude-in-chrome__tabs_context_mcp`, `mcp__claude-in-chrome__tabs_create_mcp`, `mcp__claude-in-chrome__navigate`, `mcp__claude-in-chrome__computer`, `mcp__claude-in-chrome__read_page`, `mcp__claude-in-chrome__find`, `mcp__claude-in-chrome__form_input`, `mcp__claude-in-chrome__get_page_text`, `mcp__claude-in-chrome__javascript_tool`, `mcp__claude-in-chrome__read_console_messages`, `mcp__claude-in-chrome__read_network_requests`, `mcp__claude-in-chrome__resize_window`, `mcp__claude-in-chrome__gif_creator`, `mcp__claude-in-chrome__upload_image`, `mcp__claude-in-chrome__shortcuts_execute`, `mcp__claude-in-chrome__shortcuts_list`, `mcp__claude-in-chrome__switch_browser`, `mcp__claude-in-chrome__update_plan`
All tools are available to every Chrome agent. Per-agent instructions direct focus to specific tools:
| Agent | Focus Tools | Primary Use Cases |
|-------|------------|-------------------|
| **UI/UX Designer** | `gif_creator`, `resize_window`, `computer` (screenshot) | View localhost:3000 after changes, resize to mobile (375x812) / tablet (768x1024) / desktop (1440x900), GIF-record proposed interaction flows |
| **Design Auditor** | `javascript_tool`, `get_page_text`, `read_page`, `resize_window` | Extract computed styles via `getComputedStyle()`, cross-reference against `_variables.scss` tokens, screenshot components at breakpoints, read a11y tree for semantic structure |
| **Debug Specialist** | `read_console_messages`, `read_network_requests`, `javascript_tool` | Navigate to broken page, filter console by `"error\|warn"`, filter network by `"/api/"` for 4xx/5xx, execute diagnostic JS |
| **Frontend Architect** | `read_page`, `computer` (screenshot), `resize_window` | Spot-check Server Component rendering, verify hydration, validate layout after architectural changes |
| **Performance Engineer** | `javascript_tool`, `read_network_requests`, `resize_window` | Execute `performance.getEntries()` for LCP/FID/CLS, monitor network waterfall for slow `/api/` calls, measure TTFB |
| **Product Strategist** | `read_page`, `find`, `computer` (screenshot), `form_input` | Walk localhost:3000 as new user, assess onboarding/conversion flows, fill forms to test UX, screenshot critical pages, view competitor sites |
**Chrome Session Protocol (added to all 6 agents):**
```markdown
## Browser Inspection (Claude-in-Chrome)
When your task involves visual inspection or UI debugging:
1. Call `tabs_context_mcp` to discover existing tabs
2. Call `tabs_create_mcp` to create a fresh tab for this session
3. Store the returned tabId — use it for ALL subsequent browser calls
4. Navigate to `http://localhost:3000` (or the relevant URL)
Guidelines:
- Use `read_page` (accessibility tree) as primary page understanding tool
- Use `computer` with action `screenshot` only for visual verification (layout, colors, spacing)
- Before clicking: always screenshot first, then click CENTER of elements
- Filter console messages: always provide a pattern (e.g., "error|warn|Error")
- Filter network requests: use urlPattern "/api/" to avoid noise
- For responsive testing: resize to 375x812 (mobile), 768x1024 (tablet), 1440x900 (desktop)
- Close your tab when done — do not leave orphan tab groups
- NEVER trigger JavaScript alerts/confirms/prompts — they block all browser events
If your task does NOT involve visual inspection, skip browser tools entirely.
```
### Playwright MCP (2 testing agents)
Structured accessibility snapshots, headless execution, cross-browser validation. For test plan design and integration verification only.
**All Playwright tools granted to both testing agents:**
`mcp__playwright__browser_click`, `mcp__playwright__browser_close`, `mcp__playwright__browser_console_messages`, `mcp__playwright__browser_drag`, `mcp__playwright__browser_evaluate`, `mcp__playwright__browser_file_upload`, `mcp__playwright__browser_fill_form`, `mcp__playwright__browser_handle_dialog`, `mcp__playwright__browser_hover`, `mcp__playwright__browser_install`, `mcp__playwright__browser_navigate`, `mcp__playwright__browser_navigate_back`, `mcp__playwright__browser_network_requests`, `mcp__playwright__browser_press_key`, `mcp__playwright__browser_resize`, `mcp__playwright__browser_run_code`, `mcp__playwright__browser_select_option`, `mcp__playwright__browser_snapshot`, `mcp__playwright__browser_tabs`, `mcp__playwright__browser_take_screenshot`, `mcp__playwright__browser_type`, `mcp__playwright__browser_wait_for`
| Agent | Primary Use Cases |
|-------|-------------------|
| **Frontend QA** | Snapshot component a11y trees for test selector design, verify `data-testid` coverage, reproduce edge cases (empty states, error states, loading states), cross-browser validation, file upload testing, drag-and-drop testing, dialog handling |
| **Backend QA** | Verify frontend-backend integration — navigate authenticated flows, check that API responses render correctly, verify WebSocket notification delivery in UI, run Playwright code snippets via `browser_run_code` |
**Playwright Protocol (added to both agents):**
```markdown
## Browser Testing (Playwright MCP)
When verifying UI behavior or designing test plans:
1. Use `browser_snapshot` as your PRIMARY interaction tool (structured a11y tree, ref-based)
2. Use `browser_take_screenshot` only for visual verification — you CANNOT perform actions based on screenshots
3. Prefer `browser_snapshot` with incremental mode for token efficiency on complex pages
4. Use `browser_wait_for` before assertions on async-loaded content
5. Use `browser_console_messages` to check for JS errors during flows
6. Use `browser_network_requests` to verify API calls match expected contracts
7. Use `browser_run_code` for complex multi-step verification (async (page) => { ... })
8. Use `browser_handle_dialog` to accept/dismiss browser dialogs
This is Playwright, not Claude-in-Chrome. Key differences:
- Separate browser instance (does NOT share your login cookies)
- Ref-based interaction (from snapshot), not coordinate-based
- Supports headless mode and cross-browser (Chromium, Firefox, WebKit)
- No GIF recording
- Full Playwright API via browser_run_code
```
---
## 2. MCP Servers
Four new MCP servers, each scoped to specific agents via agent frontmatter `tools:` field.
**Note:** Postgres MCP Pro, Redis MCP, and Docker MCP are Python packages (run via `uvx`). Lighthouse MCP is a Node package (run via `bunx`). Exact MCP tool names are discovered at runtime after server start — agent frontmatter will list them once servers are running.
### 2a. Postgres MCP Pro
**Server:** `crystaldba/postgres-mcp` (PyPI: `postgres-mcp`)
**Connects to:** `postgresql://postgres:postgres@localhost:5332/cofee`
**Agents:** DB Architect, Performance Engineer, Backend Architect
**Capabilities used:**
- Live schema inspection — agents verify current DB state without reading `models.py`
- `pg_stat_statements` slow query analysis — Performance Engineer finds N+1 queries
- Index health checks — unused indexes, missing indexes on foreign keys across 11 modules
- EXPLAIN ANALYZE execution — DB Architect validates query plans for the 11-module schema
### 2b. Redis MCP
**Server:** `redis/mcp-redis` (PyPI: `redis-mcp-server`)
**Connects to:** `redis://localhost:6379`
**Agents:** Backend Architect, Debug Specialist
**Capabilities used:**
- Dramatiq queue inspection — see pending/failed transcription and render jobs, queue depths
- Pub/sub channel monitoring — debug WebSocket notification delivery (when `job_type === "TRANSCRIPTION_GENERATE"` notifications don't arrive)
- Key inspection — check task state, verify job progress tracking
### 2c. Lighthouse MCP
**Server:** `danielsogl/lighthouse-mcp-server` (npm: `@danielsogl/lighthouse-mcp`)
**Audits:** Any URL (passed as tool parameter per invocation, not config-level)
**Agents:** Performance Engineer, Design Auditor
**Capabilities used:**
- Core Web Vitals (LCP, FID, CLS) with structured JSON — not just a score, but actionable breakdown
- Accessibility audit (WCAG 2.1 AA) — Design Auditor uses alongside visual Chrome inspection and `pa11y`
- Performance budget checking — catch regressions when new dependencies are added
### 2d. Docker MCP
**Server:** `ckreiling/mcp-server-docker` (PyPI: `mcp-server-docker`)
**Connects to:** Docker socket
**Agents:** DevOps Engineer
**Capabilities used:**
- Container health checks across compose stack (postgres, redis, minio, api, worker, remotion)
- Log tailing per container — debug worker crashes, Remotion render failures
- Container restart — recover from stuck services
- Compose stack management — start/stop service groups
### Complete `.mcp.json` (project root)
```json
{
"mcpServers": {
"postgres": {
"command": "uvx",
"args": ["postgres-mcp", "--access-mode=unrestricted"],
"env": {
"DATABASE_URI": "postgresql://postgres:postgres@localhost:5332/cofee"
}
},
"redis": {
"command": "uvx",
"args": ["--from", "redis-mcp-server@latest", "redis-mcp-server", "--url", "redis://localhost:6379/0"]
},
"lighthouse": {
"command": "bunx",
"args": ["@danielsogl/lighthouse-mcp@latest"]
},
"docker": {
"command": "uvx",
"args": ["mcp-server-docker"]
}
}
}
```
---
## 3. CLI Tools
### 3a. Python Tools — `uv` dependency group
Add to `cofee_backend/pyproject.toml` under `[dependency-groups]`:
```toml
[dependency-groups]
tools = [
"semgrep",
"bandit",
"pip-audit",
"schemathesis",
"radon",
]
```
Install: `cd cofee_backend && uv sync --group tools`
Agents invoke with `cd cofee_backend && uv run --group tools <tool> ...`
(`uv run --group` is a valid flag — it includes the specified dependency group for the run without needing a prior `uv sync --group`.)
### 3b. Node Tools — bunx (zero-install)
No installation needed. Agents invoke directly:
| Tool | Command | Agent |
|------|---------|-------|
| pa11y | `bunx pa11y http://localhost:3000 --standard WCAG2AA --reporter json` | Design Auditor |
| knip | `cd cofee_frontend && bunx knip --include files,exports,dependencies` | Frontend Architect, Design Auditor |
| squawk | `cd cofee_backend && uv run alembic upgrade <prev>:head --sql 2>/dev/null \| bunx squawk` | DB Architect |
**Note:** Alembic migrations are `.py` files, not `.sql`. The pipe pattern (`alembic --sql | squawk`) outputs SQL to stdout for squawk to lint.
### 3c. Brew Binaries
```bash
brew install gitleaks k6 hyperfine
```
| Tool | Command | Agent |
|------|---------|-------|
| gitleaks | `gitleaks detect --source . --report-format json --no-banner` | Security Auditor |
| k6 | `k6 run --vus 50 --duration 30s <script>.js` | Performance Engineer |
| hyperfine | `hyperfine 'bun run build' --warmup 1` | Performance Engineer |
### 3d. Agent-Specific CLI Instructions
Each agent gets concrete commands in their instructions, not generic "use tool X":
**Security Auditor:**
```markdown
## Security Scanning Tools
Run these from the project root via Bash:
### Python SAST (backend)
cd cofee_backend && uv run --group tools semgrep scan --config p/python --config p/jwt cpv3/
cd cofee_backend && uv run --group tools bandit -r cpv3/ -ll # medium+ severity only
### Python dependency vulnerabilities
cd cofee_backend && uv run --group tools pip-audit
### Frontend SAST
Note: semgrep is installed in the backend's uv tools group but scans any language.
cd cofee_backend && uv run --group tools semgrep scan --config p/typescript --include "*.ts" --include "*.tsx" ../cofee_frontend/src/
### Secret detection (git history)
gitleaks detect --source . --report-format json --no-banner
All tools are installed project-locally (Python via uv tools group) or via brew (gitleaks).
Do NOT install new tools — use only what is listed above.
```
**Backend QA:**
```markdown
## API Fuzzing
Property-based testing against the FastAPI OpenAPI schema:
cd cofee_backend && uv run --group tools schemathesis run http://localhost:8000/api/schema/ --checks all --workers 4
This auto-generates edge-case payloads for all 11 module endpoints.
Requires the backend to be running (docker-compose up or uv run uvicorn).
## API Testing with curl
For quick endpoint verification and contract testing, use curl with proper headers:
### Authenticated request (replace <token> with a valid JWT)
curl -s -H "Authorization: Bearer <token>" -H "Content-Type: application/json" http://localhost:8000/api/projects/ | python3 -m json.tool
### POST with JSON body
curl -s -X POST -H "Authorization: Bearer <token>" -H "Content-Type: application/json" -d '{"name": "test"}' http://localhost:8000/api/projects/ | python3 -m json.tool
### Measure response time
curl -o /dev/null -s -w "HTTP %{http_code} in %{time_total}s\n" -H "Authorization: Bearer <token>" http://localhost:8000/api/projects/
### Health check
curl -s http://localhost:8000/api/system/health | python3 -m json.tool
Always include Authorization header for protected endpoints. Use -s (silent) and pipe through python3 -m json.tool for readable output.
```
**Backend Architect:**
```markdown
## Code Complexity Analysis
Check cyclomatic complexity of service files (your "when in doubt, put logic in service.py" rule means these grow):
cd cofee_backend && uv run --group tools radon cc cpv3/modules/*/service.py -a -nc
Grade C or worse = too complex, recommend extraction.
## API Testing with curl
Verify endpoints you've designed or modified:
### Authenticated request
curl -s -H "Authorization: Bearer <token>" -H "Content-Type: application/json" http://localhost:8000/api/<endpoint>/ | python3 -m json.tool
### POST with JSON body
curl -s -X POST -H "Authorization: Bearer <token>" -H "Content-Type: application/json" -d '{"key": "value"}' http://localhost:8000/api/<endpoint>/ | python3 -m json.tool
### Measure response time
curl -o /dev/null -s -w "HTTP %{http_code} in %{time_total}s\n" -H "Authorization: Bearer <token>" http://localhost:8000/api/<endpoint>/
Always test your endpoint changes before finalizing recommendations.
## MinIO / S3 Browsing
Browse uploaded videos and rendered outputs:
aws s3 ls --endpoint-url http://localhost:9000 s3://cofee-media/ --recursive
aws s3 ls --endpoint-url http://localhost:9000 s3://cofee-renders/
Requires AWS CLI configured with MinIO credentials (see .env).
```
**DB Architect:**
```markdown
## Migration Linting
Before approving any Alembic migration, lint the generated SQL:
cd cofee_backend && uv run alembic upgrade <prev>:head --sql 2>/dev/null | bunx squawk
Replace `<prev>` with the revision ID before the new migration (find it with `uv run alembic history`).
Squawk catches unsafe patterns: adding NOT NULL without default, CREATE INDEX without CONCURRENTLY, dropping columns with dependent views.
Do NOT lint all migrations from base — only lint the new one.
```
**Remotion Engineer:**
```markdown
## Video Inspection Tools
Validate input video before Remotion render:
ffprobe -v quiet -print_format json -show_format -show_streams /path/to/input.mp4
Check output after render (verify caption overlay, resolution, codec):
ffprobe -v quiet -print_format json -show_entries stream=width,height,r_frame_rate,codec_name /path/to/output.mp4
Extract specific frame to verify caption positioning:
ffmpeg -i /path/to/output.mp4 -vf "select=eq(n\,100)" -frames:v 1 /tmp/frame_100.png
Get container metadata (duration, bitrate, audio channels):
mediainfo --Output=JSON /path/to/video.mp4
```
**Performance Engineer:**
```markdown
## Load Testing
Load-test the transcription endpoint under concurrent video submissions:
k6 run --vus 50 --duration 30s <script>.js
Benchmark build times:
hyperfine 'cd cofee_frontend && bun run build' --warmup 1
hyperfine 'cd cofee_backend && uv run pytest tests/' --min-runs 3
```
**DevOps Engineer:**
```markdown
## MinIO / S3 Browsing
Browse and verify storage contents:
aws s3 ls --endpoint-url http://localhost:9000 s3://cofee-media/ --recursive
Requires AWS CLI configured with MinIO credentials (see .env).
```
---
## 4. Context7 Library References
Each agent gets specific library IDs in their instructions for targeted documentation lookup.
**Instruction block added to each agent:**
```markdown
## Context7 Documentation Lookup
When you need current API docs, use these pre-resolved library IDs:
- mcp__context7__resolve-library-id is NOT needed for these — call query-docs directly.
<agent-specific library table here>
Example: mcp__context7__query-docs with libraryId="/vercel/next.js" and topic="app router server components"
Note: Library IDs may change over time. If query-docs returns no results for a known library, fall back to resolve-library-id to get the current ID.
```
| Agent | Libraries |
|-------|-----------|
| **Frontend Architect** | `/vercel/next.js` (App Router, Server Components), `/tanstack/query` (v5 hooks, queries, mutations), `/websites/radix-ui_primitives` (component APIs, slot structure) |
| **Backend Architect** | `/websites/fastapi_tiangolo` (dependency injection, middleware), `/websites/sqlalchemy_en_21` (async sessions, relationships), `/pydantic/pydantic` (v2 validators, model_config), `/bogdanp/dramatiq` (actors, middleware, retry) |
| **DB Architect** | `/websites/sqlalchemy_en_21` (Alembic, DDL, type system), `/websites/sqlalchemy_en_20_orm` (relationship loading, hybrid properties) |
| **Remotion Engineer** | `/websites/remotion_dev` (interpolate, spring, composition config), `/remotion-dev/remotion` (bundle, render CLI), `/remotion-dev/skills` (best practices) |
| **Frontend QA** | `/websites/playwright_dev` (locators, expect, fixtures), `/microsoft/playwright` (test config, reporters), `/tanstack/query` (testing patterns) |
| **Backend QA** | `/websites/fastapi_tiangolo` (TestClient, dependency overrides), `/pydantic/pydantic` (schema edge cases), `/bogdanp/dramatiq` (test broker, StubBroker). For curl patterns, use `resolve-library-id` with query "curl" if needed. |
| **Performance Engineer** | `/vercel/next.js` (caching, ISR, static generation), `/websites/fastapi_tiangolo` (middleware, async patterns), `/redis/redis-py` (connection pooling, pipelines) |
| **Security Auditor** | `/websites/fastapi_tiangolo` (OAuth2, JWT, Security dependencies), `/pydantic/pydantic` (strict mode, input validation) |
| **ML/AI Engineer** | `/websites/fastapi_tiangolo` (BackgroundTasks, streaming), `/bogdanp/dramatiq` (actor retry, timeout, priority) |
| **DevOps Engineer** | `/vercel/next.js` (standalone output, Docker build), `/websites/fastapi_tiangolo` (workers, deployment settings) |
| **UI/UX Designer** | `/websites/radix-ui_primitives` (available components, API constraints) |
| **Design Auditor** | `/websites/radix-ui_primitives` (correct props, slot structure, accessibility) |
| **Orchestrator** | Generic access — queries ad-hoc based on task domain |
| **Technical Writer** | Generic access — queries based on documentation target |
| **Product Strategist** | Generic access — queries based on feature research |
---
## 5. New Rules Files
### 5a. `.claude/rules/testing.md` (no path scope — universal)
```markdown
# Testing Conventions
## Backend Tests
- Real DB + real Redis. No mocks. conftest.py has shared fixtures.
- Location: cofee_backend/tests/integration/<module>.py
- Naming: test_<action>_<scenario> (e.g., test_create_project_without_name)
- Run: cd cofee_backend && uv run pytest
- Single test: uv run pytest -k "test_name"
- API fuzzing: cd cofee_backend && uv run --group tools schemathesis run http://localhost:8000/api/schema/ --checks all
## Frontend E2E Tests
- Playwright with data-testid selectors on every interactive element
- Location: cofee_frontend/tests/
- Run: cd cofee_frontend && bun run test:e2e
- Every component root element must have data-testid
## General
- Never mock the database — use real test DB
- Tests must be deterministic — no Date.now(), no Math.random()
- Test error paths, not just happy paths
```
### 5b. `.claude/rules/security.md` (no path scope — universal)
```markdown
# Security Conventions
## Authentication
- JWT tokens via get_current_user dependency injection
- Passwords: bcrypt hash, never plain text
- Token refresh: handled by users module
## File Uploads
- Validated by extension + MIME type in files module
- Upload via uploadFile() from @shared/api/uploadFile — never raw FormData
- Endpoint: /api/files/upload/
## Secrets Management
- All config via get_settings() (cached @lru_cache) — never hardcode
- S3/MinIO credentials: env vars only, never in code or commits
- JWT secret: env var, never in code
## Data Protection
- Soft deletes: is_deleted flag — ensure deleted records never leak through API responses
- CORS: configured in main.py — restrict to frontend origin in production
- SQL injection: prevented by SQLAlchemy parameterized queries — never use raw SQL strings
- XSS: React auto-escapes — never use dangerouslySetInnerHTML
## Scanning Tools (for Security Auditor agent)
- Python SAST: semgrep + bandit (via uv run --group tools)
- Dependency CVEs: pip-audit (via uv run --group tools)
- Secret detection: gitleaks (via brew)
```
### 5c. `.claude/rules/remotion-service.md`
```yaml
---
paths:
- "remotion_service/**"
---
# Remotion Service Rules
## Animations
- ONLY use Remotion interpolate()/spring() for all animations
- NEVER use CSS transitions, CSS animations, or Framer Motion
- All timing must be frame-based, not time-based
## Compositions
- Deterministic frame rendering: no Date.now(), no Math.random(), no network calls during render
- All data must be passed via inputProps from the server
- useCurrentFrame() and useVideoConfig() for all timing calculations
## Server
- ElysiaJS, single POST /api/render endpoint
- Flow: receive S3 path + transcription → Remotion CLI render → upload to S3 → return path
- Health check: GET /health
## Captions
- All caption presets live in src/components/captions/
- Caption data format: Word[] with start/end timestamps from transcription module
## Video Inspection
- Use ffprobe (installed) to validate input video codec/resolution/fps before render
- Use ffprobe to verify output after render
- Use ffmpeg to extract single frames for visual caption verification
- Use mediainfo for detailed container metadata
```
---
## 6. Hooks
### 6a. PreCompact — Context Preservation
Added to `settings.local.json`. Hook stdout is injected into compaction context as a system reminder.
```json
{
"PreCompact": [
{
"matcher": "",
"hooks": [
{
"type": "command",
"command": "echo 'PRESERVE ACROSS COMPACTION: 1) All modified files and their purposes 2) Test results (pass/fail with commands) 3) Architecture decisions made this session 4) Error messages and resolutions 5) Current subproject (frontend/backend/remotion) 6) Pending agent handoff requests 7) Current task/phase in any active plan'"
}
]
}
]
}
```
### 6b. Notification — macOS Desktop Alert + Telegram
Two hooks fire on Notification events. macOS notification fires always. Telegram notification reads bot token and chat ID from the existing Telegram channel config at `~/.claude/channels/telegram/` — no env vars to configure, leverages what's already set up via `/telegram:configure`. Silently skips if Telegram channel is not configured.
```json
{
"Notification": [
{
"matcher": "",
"hooks": [
{
"type": "command",
"command": "osascript -e 'display notification \"Claude Code needs your attention\" with title \"Cofee Project\"' 2>/dev/null; exit 0"
},
{
"type": "command",
"command": "CHAT_ID=$(cat ~/.claude/channels/telegram/access.json 2>/dev/null | python3 -c \"import sys,json; a=json.load(sys.stdin); print(a['allowFrom'][0] if a.get('allowFrom') else '')\" 2>/dev/null) && TOKEN=$(grep TELEGRAM_BOT_TOKEN ~/.claude/channels/telegram/.env 2>/dev/null | cut -d= -f2-) && [ -n \"$CHAT_ID\" ] && [ -n \"$TOKEN\" ] && curl -s -X POST \"https://api.telegram.org/bot$TOKEN/sendMessage\" -d \"chat_id=$CHAT_ID\" -d \"text=Claude Code needs your attention (Cofee Project)\" > /dev/null 2>&1; exit 0"
}
]
}
]
}
```
### 6c. Backend Auto-Format Upgrade
Current backend hook runs only `ruff check`. Upgrade to `ruff check --fix` + `ruff format`:
**Before:**
```json
{
"type": "command",
"command": "filepath=$(cat | jq -r '.tool_input.file_path // empty') && case \"$filepath\" in */cofee_backend/cpv3/*.py) cd cofee_backend && uv run ruff check \"$filepath\" 2>&1 | head -20 ;; esac; exit 0"
}
```
**After:**
```json
{
"type": "command",
"command": "filepath=$(cat | jq -r '.tool_input.file_path // empty') && case \"$filepath\" in */cofee_backend/cpv3/*.py) cd cofee_backend && uv run ruff check --fix \"$filepath\" 2>&1 | head -20 && uv run ruff format \"$filepath\" 2>&1 | head -5 ;; esac; exit 0"
}
```
---
## 7. Per-Agent Instruction Changes
Summary of what changes in each agent's `.md` file.
### 7.1 Orchestrator (`orchestrator.md`)
**Changes:**
- Updated team roster table with new capabilities column showing what each agent can now do that it couldn't before
- Dispatch guidance: "If the task involves visual inspection, include 'Use Chrome browser tools to...' in the agent context"
- Dispatch guidance: "If the task involves database schema or query performance, dispatch DB Architect who can now inspect the live database via Postgres MCP"
- Dispatch guidance: "If the task involves Dramatiq job debugging, dispatch Debug Specialist or Backend Architect who can now inspect Redis directly"
### 7.2 UI/UX Designer (`ui-ux-designer.md`)
**Changes:**
- `tools:` add all Chrome tools (18 tools, see Section 1)
- Add Chrome Session Protocol block
- Add Context7 block with `/websites/radix-ui_primitives`
- Add instruction: "When proposing a design, if the dev server is running, navigate to localhost:3000 to see the current UI state before recommending changes"
- Add instruction: "Use `resize_window` to verify your proposals work at mobile (375x812), tablet (768x1024), and desktop (1440x900)"
- Add instruction: "Use `gif_creator` to record interaction demos when proposing animations or multi-step flows"
### 7.3 Design Auditor (`design-auditor.md`)
**Changes:**
- `tools:` add all Chrome tools (18 tools) + Lighthouse MCP tools
- Add Chrome visual audit protocol
- Add Context7 block with `/websites/radix-ui_primitives`
- Add Lighthouse accessibility audit instructions
- Add CLI tools block: `bunx pa11y` for WCAG 2.1 AA, `bunx knip` for dead FSD exports
- Add instruction: "Use `javascript_tool` with `getComputedStyle(document.querySelector('[data-testid=\"...\"]'))` to extract actual rendered values and compare against `_variables.scss` tokens"
- Add instruction: "Cross-reference Lighthouse accessibility issues with visual Chrome inspection — Lighthouse catches ARIA violations, Chrome shows visual presentation"
### 7.4 Debug Specialist (`debug-specialist.md`)
**Changes:**
- `tools:` add all Chrome tools (18 tools) + Redis MCP tools
- Add Chrome debugging protocol
- Add instruction: "For UI bugs, reproduce in Chrome before investigating code. Navigate to the affected page, interact with it, read console with pattern 'error|warn|Error', and check network requests filtered by '/api/'"
- Add instruction: "For notification delivery bugs, inspect Redis pub/sub channels directly to determine if the backend published the event"
- Add instruction: "For stuck Dramatiq jobs, inspect Redis keys to see queue depth and job state"
### 7.5 Frontend Architect (`frontend-architect.md`)
**Changes:**
- `tools:` add all Chrome tools (18 tools)
- Add Chrome spot-check protocol
- Add Context7 block with `/vercel/next.js`, `/tanstack/query`, `/websites/radix-ui_primitives`
- Add CLI tools block: `bunx knip` for dead exports
- Add instruction: "After recommending architectural changes, spot-check the result in Chrome to verify components render correctly and hydration succeeds"
### 7.6 Performance Engineer (`performance-engineer.md`)
**Changes:**
- `tools:` add all Chrome tools (18 tools) + Lighthouse MCP tools + Postgres MCP Pro tools
- Add Chrome performance protocol
- Add Context7 block with `/vercel/next.js`, `/websites/fastapi_tiangolo`, `/redis/redis-py`
- Add Lighthouse audit instructions: "Pass `url: 'http://localhost:3000'` as a tool parameter to each Lighthouse tool invocation"
- Add CLI tools block: `k6` for load testing, `hyperfine` for benchmarking
- Add instruction: "For backend performance, use Postgres MCP Pro to query pg_stat_statements for the slowest queries across the 11 modules"
- Add instruction: "For frontend performance, run Lighthouse audit first, then use Chrome JS execution for targeted measurements"
### 7.7 Product Strategist (`product-strategist.md`)
**Changes:**
- `tools:` add all Chrome tools (18 tools)
- Add Chrome UX walkthrough protocol
- Add instruction: "When evaluating the product, navigate localhost:3000 as a first-time user would. Document: what do they see first? What's the path to value? Where is friction?"
- Add instruction: "When comparing competitors, navigate to competitor sites and screenshot relevant flows"
- Add instruction: "Use `form_input` to fill sign-up/onboarding forms and test the conversion funnel end-to-end"
### 7.8 Frontend QA (`frontend-qa.md`)
**Changes:**
- `tools:` add all Playwright MCP tools (22 tools, see Section 1)
- Add Playwright protocol block
- Add Context7 block with `/websites/playwright_dev`, `/microsoft/playwright`, `/tanstack/query`
- Add instruction: "Use `browser_snapshot` to inspect the accessibility tree of components under test. Verify every interactive element has `data-testid`. Use the snapshot refs to design reliable test selectors"
- Add instruction: "Reproduce edge cases before recommending tests: navigate to the page, trigger empty states, error states, and loading states via Playwright to confirm the behavior you're testing for"
- Add instruction: "Use `browser_file_upload` to test file upload flows, `browser_drag` for drag-and-drop, `browser_handle_dialog` for confirmation dialogs"
### 7.9 Backend QA (`backend-qa.md`)
**Changes:**
- `tools:` add all Playwright MCP tools (22 tools, see Section 1)
- Add Playwright protocol block
- Add Context7 block with `/websites/fastapi_tiangolo`, `/pydantic/pydantic`, `/bogdanp/dramatiq`. For curl, use `resolve-library-id` with query "curl" if needed.
- Add CLI tools block: schemathesis commands + curl patterns with headers (see Section 3d)
- Add instruction: "For integration testing, use Playwright to verify that API responses render correctly in the frontend — navigate to the page, trigger the action, check network requests match expected contracts"
- Add instruction: "Run schemathesis against /api/schema/ to find endpoints that return 500 errors under edge-case payloads"
- Add instruction: "Use curl with -H 'Authorization: Bearer <token>' for quick endpoint verification. Always include Content-Type and Authorization headers for protected endpoints."
### 7.10 Security Auditor (`security-auditor.md`)
**Changes:**
- No new MCP tools
- Add Context7 block with `/websites/fastapi_tiangolo`, `/pydantic/pydantic`
- Add CLI tools block: semgrep, bandit, pip-audit, gitleaks commands (see Section 3d)
- Add instruction: "Start every security review by running the scanning tools. Report findings with severity, file:line, and remediation recommendation"
- Add instruction: "For the frontend, run semgrep with the typescript config against cofee_frontend/src/ (invoked from cofee_backend/ since semgrep is in the backend tools group)"
- Add instruction: "Check git history for leaked secrets with gitleaks before any deployment-related review"
### 7.11 DB Architect (`db-architect.md`)
**Changes:**
- `tools:` add Postgres MCP Pro tools
- Add Context7 block with `/websites/sqlalchemy_en_21`, `/websites/sqlalchemy_en_20_orm`
- Add CLI tools block: squawk via pipe pattern
- Add instruction: "Use Postgres MCP to inspect the live schema rather than reading models.py — the live database is the source of truth, models.py may be out of sync during migration development"
- Add instruction: "Before approving any Alembic migration, lint with squawk: `cd cofee_backend && uv run alembic upgrade head --sql | bunx squawk`"
- Add instruction: "Use pg_stat_statements to identify the slowest queries and recommend index improvements"
### 7.12 Backend Architect (`backend-architect.md`)
**Changes:**
- `tools:` add Redis MCP tools + Postgres MCP Pro tools
- Add Context7 block with `/websites/fastapi_tiangolo`, `/websites/sqlalchemy_en_21`, `/pydantic/pydantic`, `/bogdanp/dramatiq`
- Add CLI tools block: radon, curl patterns, MinIO browsing commands (see Section 3d)
- Add instruction: "Use Redis MCP to inspect Dramatiq queue state when designing or reviewing task processing patterns"
- Add instruction: "Check service.py complexity with radon — grade C or worse means the file needs extraction into helper functions"
- Add instruction: "Test your endpoint designs with curl before finalizing recommendations"
- Add instruction: "Browse MinIO buckets with `aws s3 ls --endpoint-url http://localhost:9000` when verifying file storage patterns. Requires AWS CLI configured with MinIO credentials (see .env)."
### 7.13 Remotion Engineer (`remotion-engineer.md`)
**Changes:**
- No new MCP tools
- Add Context7 block with `/websites/remotion_dev`, `/remotion-dev/remotion`, `/remotion-dev/skills`
- Add CLI tools block: ffprobe, mediainfo, ffmpeg commands (see Section 3d)
- Add instruction: "Validate input video before recommending Remotion composition changes: check codec, resolution, frame rate, and audio streams with ffprobe"
- Add instruction: "After render, verify output with ffprobe and extract a test frame with ffmpeg to confirm caption overlay positioning"
### 7.14 DevOps Engineer (`devops-engineer.md`)
**Changes:**
- `tools:` add Docker MCP tools
- Add Context7 block with `/vercel/next.js`, `/websites/fastapi_tiangolo`
- Add MinIO browsing via Bash instruction (requires AWS CLI + MinIO credentials from .env)
- Add instruction: "Use Docker MCP to inspect container health, tail logs, and manage the compose stack instead of crafting docker CLI commands"
- Add instruction: "For Next.js deployment, query Context7 for standalone output mode and Docker build patterns"
### 7.15 ML/AI Engineer (`ml-ai-engineer.md`)
**Changes:**
- No new MCP tools, no new CLI tools
- Add Context7 block with `/websites/fastapi_tiangolo`, `/bogdanp/dramatiq`
- Add instruction: "When modifying transcription actors, query Dramatiq docs for retry/timeout configuration and middleware patterns"
### 7.16 Technical Writer (`technical-writer.md`)
**Changes:**
- No new MCP tools, no new CLI tools
- Context7: generic access, queries based on documentation target
- Add instruction: "When documenting APIs, query the FastAPI docs for the current endpoint decorator patterns to ensure documentation matches implementation"
---
## 8. Installation Checklist
### One-time setup (run once):
1. **Python tools group:**
```bash
cd cofee_backend
# Add [dependency-groups] tools = [...] to pyproject.toml (see Section 3a)
uv sync --group tools
```
2. **Brew binaries:**
```bash
brew install gitleaks k6 hyperfine
```
3. **MCP servers — create `.mcp.json` in project root:**
Use the complete merged config from Section 2.
Then add MCP tool permissions to `settings.local.json` `permissions.allow` list once tool names are discovered.
4. **Rules files (create 3 new files):**
```
.claude/rules/testing.md (content: Section 5a)
.claude/rules/security.md (content: Section 5b)
.claude/rules/remotion-service.md (content: Section 5c)
```
5. **Hooks (update settings.local.json):**
- Add `PreCompact` hook (Section 6a)
- Add `Notification` hook (Section 6b) — Telegram works automatically if channel is configured via `/telegram:configure`
- Replace backend ruff hook with upgraded version (Section 6c)
6. **Bash permissions (update settings.local.json `permissions.allow`):**
Add these patterns so agents can run new CLI tools without per-invocation prompts:
```json
"Bash(uv run --group tools:*)",
"Bash(gitleaks:*)",
"Bash(k6:*)",
"Bash(hyperfine:*)",
"Bash(ffprobe:*)",
"Bash(ffmpeg:*)",
"Bash(mediainfo:*)",
"Bash(aws s3:*)",
"Bash(bunx pa11y:*)",
"Bash(bunx knip:*)",
"Bash(bunx squawk:*)"
```
7. **Agent files (update 16 .md files):**
- Update `tools:` frontmatter per Section 7
- Add browser protocol sections (Chrome or Playwright)
- Add Context7 library reference blocks
- Add CLI tool instruction blocks
### No installation needed:
- Node CLI tools (pa11y, knip, squawk) — agents use `bunx`, zero-install
- Chrome tools — already available via claude-in-chrome MCP
- Playwright tools — already available via playwright MCP
- Context7 — already configured
- Telegram notifications — uses existing channel config from `~/.claude/channels/telegram/`
### Verification after setup:
After completing installation, verify each MCP server starts correctly:
1. `uvx postgres-mcp --access-mode=unrestricted` with `DATABASE_URI` set — should connect to PostgreSQL
2. `uvx --from redis-mcp-server@latest redis-mcp-server --url redis://localhost:6379/0` — should connect to Redis
3. `bunx @danielsogl/lighthouse-mcp@latest` — should start Lighthouse server
4. `uvx mcp-server-docker` — should connect to Docker socket
Then dispatch a test task to one agent from each tool category to confirm tools work end-to-end.