Review Squad — Release Notes

What’s new in V3.9

Date 1 April 2026

Scope Design Voice + Security Intelligence

Agents updated Stevey (3 modes) + Jared (3 modes)

V3.9 adds two canonical intelligence layers to the squad's specialist agents. Stevey gains a Design Voice — greenfield/adaptive mode detection, aesthetic frameworks, current design vocabulary with shelf-life signals, craft depth across typography/color/motion/spatial composition, and a comprehensive anti-pattern list. Jared gains Security Intelligence — a structured threat taxonomy covering 12 Tier 1 OWASP vectors and 11 Tier 2 advanced vectors, each with exploit path, code signature, and hardened fix. A three-part finding reporting standard is enforced across all security findings. Both layers live as canonical reference files in agents/_shared/ and are referenced by all three modes of each agent.

Stevey Boy Choi Design Voice — all three modes

Greenfield / adaptive mode detection Stevey now opens every engagement by detecting whether the project is greenfield (no established design language) or adaptive (extending an existing system). Greenfield mode: propose a cohesive visual direction and justify aesthetic choices. Adaptive mode: audit and extend existing patterns without imposing a new language. Mode is declared explicitly in consult output.
Aesthetic frameworks: hierarchy, tension, rhythm, gestalt Four design frameworks are now operational in all three modes. Hierarchy: typographic scale and weight contrast to guide visual priority. Tension: deliberate asymmetry and contrast to create visual interest without noise. Rhythm: consistent spacing tokens and motion timing to build cadence. Gestalt: proximity, similarity, and continuity to communicate grouping and flow at a glance.
Design vocabulary with shelf-life signals Stevey tracks current design vocabulary — bento grids, layered depth, monochromatic brutalism, micro-interaction choreography — and flags dated patterns before implementing them. Glassmorphism and claymorphism are explicitly flagged as dated; use requires a strong aesthetic justification. This prevents aesthetic drift into patterns that age poorly without deliberate intent.
Craft depth: typography pairing Display/body pairing rules: serif display + grotesque body for editorial feel; geometric mono for technical brand; humanist sans throughout for approachable product. Weight contrast ≥ 2 steps for hierarchy. Optical sizing for display text at 48px+. Line-height contracts per context: 1.1–1.2 for display, 1.5–1.7 for body, 1.4 for UI labels.
Craft depth: color theory Temperature contrast: pair a warm primary with a cool neutral for energy without loudness. Tint stacking: use 5–10% opacity tints of brand color on surface layers to build depth without full saturation. Accent economy: one high-chroma accent maximum per screen — everything else neutral or low-chroma. Semantic color separation from brand color.
Craft depth: motion choreography Easing contract: ease-out for entrances (natural deceleration), ease-in for exits (natural acceleration), ease-in-out for state transitions. Duration contract: 150–200ms micro-interactions, 250–350ms page transitions, 400–600ms orchestrated sequences. Stagger: 30–60ms between sibling elements. Motion must reinforce spatial model — never decorative-only.
Craft depth: spatial composition 8px base grid; all spacing tokens are multiples. Section breathing room: 96–128px between major sections. Content density ladder: spacious (marketing/hero) → comfortable (dashboard) → compact (data tables) — pick one per context, don't mix. White space is a design element, not absence of content.
Anti-pattern registry Stevey now flags: MUI defaults without customization (token overrides and sx prop are not optional), generic card grids (every grid needs a reason — rhythm, not repetition), rainbow color palettes (semantic color ≠ decoration), hover-only affordances (touch users are real), animation-on-every-element (motion must have hierarchy), and icon-only actions without labels (accessibility and discoverability).
Mode-specific activation: consult → Design Direction Consult output now includes a Design Direction sub-section: detected mode (greenfield/adaptive), active aesthetic frameworks, proposed visual direction with justification, and anti-patterns to avoid for this specific project.
Mode-specific activation: implement → Aesthetic Decisions Implement output now includes an Aesthetic Decisions sub-section: design vocabulary in use, typography choices with pairing rationale, color decisions with temperature/tint strategy, motion timing contract, and spatial composition choices.
Mode-specific activation: review → Visual Design (5)→(7) Visual Design review checklist expanded from 5 to 7 items. Two new checks: Design vocabulary currency (are any patterns dated or shelf-expired?) and Anti-pattern presence (MUI defaults unmodified, icon-only actions, hover-only affordances, rainbow palette). Existing 5 checks preserved.
Canonical reference: agents/_shared/stevey-design-principles.md Full Design Voice content lives in a single canonical file. All three stevey agent definitions reference it. Updates to the design vocabulary, anti-patterns, or craft rules are made in one place and take effect across consult, implement, and review simultaneously.

Jared Security Intelligence — all three modes

Tier 1 OWASP Core — 12 vectors Full structured taxonomy: SQL injection, NoSQL injection, command injection, stored XSS, reflected XSS, DOM XSS, broken authentication, JWT misconfiguration, IDOR, path traversal, mass assignment, insecure deserialization, security misconfiguration, sensitive data exposure. Each entry includes: exploit path, code signature to grep for, and a hardened fix with inline code example.
Tier 2 Advanced Vectors — 11 vectors SSRF (internal network access via user-controlled URLs), JWT algorithm confusion (alg: none and RS256→HS256 downgrade), CSRF (state-changing requests without CSRF token), prototype pollution (untrusted key merge reaching Object.prototype), race condition/TOCTOU (check-then-act on shared state), ReDoS (unbounded backtracking regexes on user input), GraphQL attacks (introspection enabled in production, unbounded depth/complexity), open redirect (unvalidated redirect destinations), clickjacking (missing X-Frame-Options/CSP frame-ancestors), supply chain (dependency confusion, compromised transitive deps). Each entry same structure: exploit path + code signature + hardened fix.
Three-part finding reporting standard All security findings must be structured as: (1) Vector — named threat category from Tier 1 or Tier 2 taxonomy, (2) Evidence — exact file, line number, and code fragment that demonstrates the vulnerability, (3) Fix — specific remediation with code. Findings that cannot satisfy all three parts must not be raised. This enforces the same standard as the pre-flight gate system: no speculative security claims.
Mode-specific activation: consult → Threat Surface Consult output now includes a Threat Surface sub-section in the Security Requirements block: applicable Tier 1 vectors for this feature, any Tier 2 vectors warranted by the architecture, and specific hardening requirements derived from the taxonomy. Surfaces security requirements early so FC and Stevey can design against them.
Mode-specific activation: implement Security Intelligence is active during implementation — Jared writes against the taxonomy rather than from intuition. Input validation, parameterized queries, auth checks, and error handling are implemented with specific vectors in mind. JWT implementations explicitly address algorithm confusion. Mass assignment protection applied at every model boundary.
Mode-specific activation: review → Tier 1 (8) + Tier 2 (10) checklist Security review checklist restructured. Previous (4) generic checks replaced with: Tier 1 mandatory (8 items — injection, XSS, auth, IDOR, path traversal, mass assignment, deserialization, misconfiguration) applied to every review, Tier 2 conditional (10 items) applied when the changeset touches relevant surface areas (external HTTP calls trigger SSRF check, JWT code triggers algorithm confusion check, etc.). SQL injection phantom-finding rule from V3.7 preserved: confirmed injection patterns require parameterized query evidence or it doesn't get raised.
Canonical reference: agents/_shared/jared-security-intelligence.md Full Security Intelligence content — both tiers, all exploit paths, all hardened fixes — lives in a single canonical file. All three jared agent definitions reference it. Adding a new vector or updating a fix pattern requires editing one file.

agents/_shared/ New canonical reference infrastructure

Canonical reference pattern established V3.9 introduces agents/_shared/ as the home for canonical intelligence references that span multiple agent modes. The existing rules.md remains. Two new files added: stevey-design-principles.md and jared-security-intelligence.md. Pattern: agent definition files reference canonical files rather than duplicating content — a single edit propagates to all modes. Available for future squad members requiring multi-mode shared intelligence.

← V3.8 V3.9 V4.0 →