Add Wave general-purpose pipelines

ADR, changelog, code-review, debug, doc-sync, explain, feature, hotfix, improve, onboard, plan, prototype, refactor, security-scan, smoke-test, speckit-flow, supervise, test-gen, and more. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 17:02:36 +01:00
parent bfbb7c87ad
commit fc24f9a8ab
26 changed files with 4625 additions and 0 deletions
--- a/.wave/pipelines/code-review.yaml
+++ b/.wave/pipelines/code-review.yaml
@@ -0,0 +1,165 @@
+kind: WavePipeline
+metadata:
+  name: code-review
+  description: "Comprehensive code review for pull requests"
+  release: true
+
+input:
+  source: cli
+  example: "review the authentication module"
+
+steps:
+  - id: diff-analysis
+    persona: navigator
+    workspace:
+      mount:
+        - source: ./
+          target: /project
+          mode: readonly
+    exec:
+      type: prompt
+      source: |
+        Analyze the code changes for: {{ input }}
+
+        1. Identify all modified files and their purposes
+        2. Map the change scope (which modules/packages affected)
+        3. Find related tests that should be updated
+        4. Check for breaking API changes
+
+        Produce a structured result matching the contract schema.
+    output_artifacts:
+      - name: diff
+        path: .wave/output/diff-analysis.json
+        type: json
+    handover:
+      contract:
+        type: json_schema
+        source: .wave/output/diff-analysis.json
+        schema_path: .wave/contracts/diff-analysis.schema.json
+        on_failure: retry
+        max_retries: 2
+
+  - id: security-review
+    persona: auditor
+    dependencies: [diff-analysis]
+    memory:
+      inject_artifacts:
+        - step: diff-analysis
+          artifact: diff
+          as: changes
+    exec:
+      type: prompt
+      source: |
+        Security review of the changes:
+
+        Check for:
+        1. SQL injection, XSS, CSRF vulnerabilities
+        2. Hardcoded secrets or credentials
+        3. Insecure deserialization
+        4. Missing input validation
+        5. Authentication/authorization gaps
+        6. Sensitive data exposure
+
+        Output findings with severity (CRITICAL/HIGH/MEDIUM/LOW).
+    output_artifacts:
+      - name: security
+        path: .wave/output/security-review.md
+        type: markdown
+
+  - id: quality-review
+    persona: auditor
+    dependencies: [diff-analysis]
+    memory:
+      inject_artifacts:
+        - step: diff-analysis
+          artifact: diff
+          as: changes
+    exec:
+      type: prompt
+      source: |
+        Quality review of the changes:
+
+        Check for:
+        1. Error handling completeness
+        2. Edge cases not covered
+        3. Code duplication
+        4. Naming consistency
+        5. Missing or inadequate tests
+        6. Performance implications
+        7. Documentation gaps
+
+        Output findings with severity and suggestions.
+    output_artifacts:
+      - name: quality
+        path: .wave/output/quality-review.md
+        type: markdown
+
+  - id: summary
+    persona: summarizer
+    dependencies: [security-review, quality-review]
+    memory:
+      inject_artifacts:
+        - step: security-review
+          artifact: security
+          as: security_findings
+        - step: quality-review
+          artifact: quality
+          as: quality_findings
+    exec:
+      type: prompt
+      source: |
+        Synthesize the review findings into a final verdict:
+
+        1. Overall assessment (APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION)
+        2. Critical issues that must be fixed
+        3. Suggested improvements (optional but recommended)
+        4. Positive observations
+
+        Format as a PR review comment ready to post.
+        Do NOT include a title/header line — the publish step adds one.
+    output_artifacts:
+      - name: verdict
+        path: .wave/output/review-summary.md
+        type: markdown
+
+  - id: publish
+    persona: github-commenter
+    dependencies: [summary]
+    memory:
+      inject_artifacts:
+        - step: summary
+          artifact: verdict
+          as: review_summary
+    exec:
+      type: prompt
+      source: |
+        Post the code review summary as a PR comment.
+
+        The original input was: {{ input }}
+        Extract the PR number or URL from the input.
+
+        1. Post the review as a PR comment using:
+           gh pr comment <PR_NUMBER_OR_URL> --body "## Code Review (Wave Pipeline)
+
+        <review content>
+
+        ---
+        *Generated by [Wave](https://github.com/re-cinq/wave) code-review pipeline*"
+
+    output_artifacts:
+      - name: publish-result
+        path: .wave/output/publish-result.json
+        type: json
+    handover:
+      contract:
+        type: json_schema
+        source: .wave/output/publish-result.json
+        schema_path: .wave/contracts/publish-result.schema.json
+        must_pass: true
+        on_failure: retry
+        max_retries: 2
+    outcomes:
+      - type: url
+        extract_from: .wave/output/publish-result.json
+        json_path: .comment_url
+        label: "Review Comment"