npx claudepluginhub berrzebb/quorum --plugin quorum```bash quorum tool audit_scan --pattern type-safety ``` Record: PASS or FAIL with file:line for each failure. ```bash <test_command_from_evidence> <test_runner> <related_test_dirs> ``` For T-2 (direct test exists): Grep for test files that import/reference changed modules. Record: PASS or FAIL with test counts. Compare `### Changed Files` from evidence against the actual diff scope. If evidenc...
Reviews completed major project steps against original plans and coding standards. Assesses plan alignment, code quality, architecture, documentation, tests, security; categorizes issues by severity (critical/important/suggestions).
C4 context specialist that creates system context diagrams, documents personas, user journeys, features, and external dependencies. Synthesizes container/component docs into high-level architecture.
Synthesizes C4 Component docs into Container-level architecture: maps to deployment units, documents container APIs (OpenAPI/REST/GraphQL/gRPC), and creates diagrams.
# CQ-1 + CQ-2: Read .claude/quorum/config.json → quality_rules.presets
# Run per_file:true checks for each changed file, per_file:false checks once
# Skip if no matching preset for this project type
# CQ-4: No forbidden patterns in new code
quorum tool audit_scan --pattern type-safety
Record: PASS or FAIL with file:line for each failure.
# T-1: Execute evidence test commands exactly as written
<test_command_from_evidence>
# T-3: Check for regressions in related scope (use test command from quality_rules.presets)
<test_runner> <related_test_dirs>
For T-2 (direct test exists): Grep for test files that import/reference changed modules.
Record: PASS or FAIL with test counts.
Compare ### Changed Files from evidence against the actual diff scope.
If evidence includes a diff basis (commit range), use git diff --name-only <base>..<head>.
Otherwise, fall back to git diff --name-only for uncommitted changes.
Flag any file in diff but not in evidence, or vice versa.
For each changed file:
Record: PASS, FAIL, or N/A.
# S-1: Hardcoded secrets/credentials
quorum tool audit_scan --pattern hardcoded
# S-2: OWASP security scan (SSRF, SQLi, XSS, path traversal, command injection)
node -e "import('${ADAPTER_ROOT}/../../core/security-scan.mjs').then(m => { const r = m.securityScan('.'); console.log(m.formatFindings(r)); if (r.summary.critical > 0) process.exit(1); })"
For new API endpoints: check for auth guard in route handler.
OWASP patterns checked: SSRF (SEC-01), SQL injection (SEC-02), XSS (SEC-03), path traversal (SEC-04), hardcoded secrets (SEC-05), insecure deserialization (SEC-06), command injection (SEC-07), missing auth (SEC-08), eval usage (SEC-09), sensitive data logging (SEC-10).
If semgrep is installed, the scan uses semgrep's OWASP ruleset instead of built-in patterns.
For changed files containing user-facing strings: check ko.json AND en.json.
Only runs if changed files include frontend paths (e.g., web/, src/dashboard/).
Check: page loads, elements exist in DOM, no console errors, build succeeds.
Requires test coverage to have been generated (e.g. npm run test:coverage, pytest --cov, etc.).
# Per-file coverage via tool-runner
quorum tool coverage_map --path <changed-file-dir>
For each changed source file (exclude test files):
statements.pct ≥ 85%branches.pct ≥ 75%Record: PASS or FAIL with file + actual% vs threshold.
node_modules/, .git/, coverage/ are excluded*.test.ts, *.spec.ts) are exempt from CQ-4