AI Agent

fvm_generate

Static analysis agent that generates Functional Verification Matrix (FVM) by cross-referencing FE routes, API calls, BE endpoints, and access policies to detect mismatches and verify security controls.

Typescript

Javascript

security

code-quality

npx claudepluginhub berrzebb/quorum --plugin quorum

Details

Tool AccessAll tools

RequirementsPower tools

Prompt Preview

Static analysis tool that cross-references FE routes, API calls, BE endpoints, and access policies to produce a Functional Verification Matrix (FVM). - Security audit — verify that access policies match actual endpoint behavior - New feature verification — generate expected auth matrix for new routes - FE↔BE gap detection — find API calls without matching endpoints (or vice versa) - Pre-deploym...

Agent Content

Similar Agents

gsd-nyquist-auditor

57.5k

Fills Nyquist validation gaps by generating runnable behavioral tests for phase requirements, running them adversarially, debugging failures (max 3 iterations), verifying coverage, and escalating blockers.

6 tools

gsd-build-get-shit-done

Stats

Stars8

Forks6

Last CommitApr 2, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

fvm_generate

Static analysis tool that cross-references FE routes, API calls, BE endpoints, and access policies to produce a Functional Verification Matrix (FVM).

When to Use

Security audit — verify that access policies match actual endpoint behavior
New feature verification — generate expected auth matrix for new routes
FE↔BE gap detection — find API calls without matching endpoints (or vice versa)
Pre-deployment check — ensure all routes have proper access control defined

Parameters

Param	Required	Default	Description
`--path`	Yes	—	Project root directory (must contain `web/src/` and `src/dashboard/`)
`--format`	No	`full`	`full` (all sections), `mismatches` (FE/BE gaps only), `matrix` (verification rows only)

Examples

# Full FVM with summary, mismatches, and matrix
quorum tool fvm_generate --path /path/to/project

# Only FE↔BE mismatches
quorum tool fvm_generate --path /path/to/project --format mismatches

# Raw verification matrix only
quorum tool fvm_generate --path /path/to/project --format matrix

# JSON output with structured data
quorum tool fvm_generate --path /path/to/project --json

What It Analyzes

FE Routes: web/src/router-paths.ts — path constants
Access Policies: web/src/pages/access-policy.ts — view/manage tiers per route
Route → Page Mapping: web/src/router.tsx — which component handles each route
FE API Calls: All api.get/post/put/patch/del() calls in web/src/
BE Endpoints: JSDoc headers in src/dashboard/routes/*.ts
Cross-reference: FE calls ↔ BE endpoints → find gaps

Access Tiers

Tier	Roles Allowed
`public`	All (including unauthenticated)
`authenticated`	superadmin, owner, manager, member, viewer
`team_member`	superadmin, owner, manager, member, viewer
`team_manager`	superadmin, owner, manager
`team_owner`	superadmin, owner
`superadmin`	superadmin only

GET requests use the view tier; mutations (POST/PUT/PATCH/DELETE) use the manage tier.

Output Format (full)

## FVM — Functional Verification Matrix

### Summary
- FE Routes: 25
- FE API Calls: 48
- BE Endpoints: 52
- FVM Rows: 762
- Mismatches: 4

### Mismatches
| Type | FE | BE | Files |
|------|----|----|-------|

### Verification Matrix
| Route | Page | Feature | API Endpoint | Method | Tier | Role | Expected |
|-------|------|---------|-------------|--------|------|------|----------|

Mismatch Types

Type	Meaning
FE-only	FE calls an API that has no BE endpoint
BE-only	BE defines an endpoint that no FE code calls