empathy-framework/.empathy.workflow_chains.yaml 2.template at main · Smart-AI-Memory/empathy-framework · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
# Empathy Framework - Workflow Chain Configuration
# Enables automatic workflow chaining based on results
#
# Usage:
#   1. Run primary workflow: empathy workflow run security-audit
#   2. If triggers match, framework suggests next workflow
#   3. User confirms (or auto-approves if configured)
#
# Copyright 2025 Smart-AI-Memory
# Licensed under Fair Source License 0.9

# Global Settings
global:
  # Whether to auto-approve chains without asking user
  auto_approve: false  # Set to true for fully automatic chaining

  # Maximum chain depth to prevent infinite loops
  max_chain_depth: 4

  # Default approval timeout (seconds)
  approval_timeout: 30

  # Show reasoning for each chain suggestion
  show_reasoning: true

# Workflow Chain Configurations
chains:
  # Security Audit → Follow-up Actions
  security-audit:
    auto_chain: true
    description: "Security scanning with intelligent follow-ups"
    triggers:
      # High severity issues → Bug prediction
      - condition: "high_severity_count > 3"
        next: "bug-predict"
        approval_required: false
        reason: "Many security issues found, predicting related bugs"

      # Critical vulnerabilities → Immediate code review
      - condition: "critical_issues > 0"
        next: "code-review"
        approval_required: true
        reason: "Critical vulnerabilities detected, thorough review needed"

      # SQL injection detected → Comprehensive security review
      - condition: "'sql_injection' in vulnerability_types"
        next: "perf-audit"
        approval_required: true
        reason: "SQL injection found, checking for performance/resource issues"

  # Code Review → Quality Assurance
  code-review:
    auto_chain: true
    description: "Code review with quality assurance follow-ups"
    triggers:
      # Large changes → Test generation
      - condition: "files_changed > 10"
        next: "test-gen"
        approval_required: false
        reason: "Large code changes detected, generating tests"

      # Low test coverage → Test generation
      - condition: "test_coverage < 0.6"
        next: "test-gen"
        approval_required: false
        reason: "Test coverage below 60%, generating missing tests"

      # Complexity issues → Bug prediction
      - condition: "high_complexity_count > 5"
        next: "bug-predict"
        approval_required: false
        reason: "High complexity files found, predicting potential bugs"

      # Security concerns → Security audit
      - condition: "security_concerns > 0"
        next: "security-audit"
        approval_required: true
        reason: "Security concerns identified, running comprehensive audit"

  # Bug Prediction → Preventive Actions
  bug-predict:
    auto_chain: true
    description: "Bug prediction with preventive measures"
    triggers:
      # High risk files → Test generation
      - condition: "high_risk_count > 5"
        next: "test-gen"
        approval_required: false
        reason: "High-risk patterns detected, generating defensive tests"

      # Memory leak patterns → Performance audit
      - condition: "'memory_leak' in pattern_types"
        next: "perf-audit"
        approval_required: false
        reason: "Memory leak patterns found, auditing performance"

      # Dangerous patterns → Code review
      - condition: "dangerous_patterns > 3"
        next: "code-review"
        approval_required: true
        reason: "Dangerous code patterns found, manual review recommended"

  # Performance Audit → Optimization
  perf-audit:
    auto_chain: true
    description: "Performance audit with optimization suggestions"
    triggers:
      # Critical performance issues → Code review
      - condition: "critical_perf_issues > 0"
        next: "code-review"
        approval_required: true
        reason: "Critical performance issues found, detailed review needed"

      # Memory issues → Bug prediction
      - condition: "memory_issues > 3"
        next: "bug-predict"
        approval_required: false
        reason: "Memory issues detected, predicting related bugs"

      # High optimization potential → Generate tests before refactoring
      - condition: "optimization_score < 50"
        next: "test-gen"
        approval_required: false
        reason: "Low optimization score, generating tests before refactoring"

  # Test Generation → Coverage Verification
  test-gen:
    auto_chain: true
    description: "Test generation with coverage verification"
    triggers:
      # Tests generated → Run security audit on new tests
      - condition: "tests_generated > 10"
        next: "security-audit"
        approval_required: false
        reason: "Many tests generated, verifying no security gaps"

      # Coverage still low → Bug prediction
      - condition: "coverage_improvement < 0.2"
        next: "bug-predict"
        approval_required: false
        reason: "Low coverage improvement, identifying high-risk areas"

# Workflow Chain Templates
# Pre-defined sequences for common scenarios
templates:
  # Comprehensive security review
  full-security-review:
    description: "Complete security assessment pipeline"
    workflows:
      - security-audit
      - bug-predict
      - code-review
      - test-gen

  # Quality assurance pipeline
  qa-pipeline:
    description: "Comprehensive quality assurance"
    workflows:
      - code-review
      - test-gen
      - bug-predict
      - perf-audit

  # Pre-release validation
  pre-release:
    description: "Full validation before release"
    workflows:
      - security-audit
      - perf-audit
      - bug-predict
      - test-gen

  # Refactoring safety net
  refactor-safe:
    description: "Safe refactoring with comprehensive checks"
    workflows:
      - test-gen
      - code-review
      - bug-predict

  # Performance optimization
  perf-optimize:
    description: "Performance optimization pipeline"
    workflows:
      - perf-audit
      - code-review
      - test-gen

  # Security hardening
  security-harden:
    description: "Security hardening pipeline"
    workflows:
      - security-audit
      - bug-predict
      - test-gen
      - code-review

# Custom Triggers (Advanced)
# Define custom trigger conditions using Python expressions
custom_triggers:
  # High complexity + low coverage = Risk
  high_risk_combination:
    condition: "complexity_score > 80 and test_coverage < 0.5"
    chain: ["test-gen", "bug-predict", "code-review"]
    approval_required: true
    reason: "High complexity with low coverage - high risk area"

  # Security + Performance issues
  security_perf_combo:
    condition: "security_issues > 0 and perf_issues > 0"
    chain: ["security-audit", "perf-audit", "code-review"]
    approval_required: true
    reason: "Both security and performance concerns detected"

  # Large refactor detection
  large_refactor:
    condition: "files_changed > 20 and lines_changed > 1000"
    chain: ["test-gen", "code-review", "bug-predict", "security-audit"]
    approval_required: true
    reason: "Large refactor detected - comprehensive validation needed"

# Approval Rules
approval_rules:
  # Auto-approve for low-risk chains
  auto_approve_if:
    - "next_workflow == 'test-gen' and risk_level == 'low'"
    - "next_workflow == 'bug-predict'"

  # Always require approval for these
  require_approval_if:
    - "next_workflow == 'code-review' and critical_issues > 0"
    - "next_workflow == 'security-audit' and in_production"
    - "chain_depth > 2"

# Notification Settings
notifications:
  # Show chain suggestions in terminal
  terminal: true

  # Log chains to file
  log_chains: true
  log_path: ".empathy/chain_history.jsonl"

  # Slack notifications (optional)
  slack:
    enabled: false
    webhook_url: ""
    notify_on: ["critical_issues", "chain_completed"]

# Rate Limiting
rate_limits:
  # Maximum chains per hour
  max_chains_per_hour: 20

  # Cooldown between chains (seconds)
  chain_cooldown: 5

  # Maximum cost per chain sequence
  max_chain_cost: 1.00

# Cost Optimization
cost_optimization:
  # Skip expensive chains if budget low
  skip_if_budget_low: true
  budget_threshold: 0.50

  # Use cheaper models for chain decisions
  use_cheap_tier: true

  # Batch similar chains
  batch_similar: true

# Debugging
debug:
  # Verbose chain logging
  verbose: false

  # Dry run mode (show chains without executing)
  dry_run: false

  # Show trigger evaluation details
  show_trigger_eval: false