@aicgen/aicgen 1.0.0-beta.1

package/data/style/organization.md

@@ -0,0 +1,162 @@
+# Code Organization
+
+## Function Length
+
+```typescript
+// ❌ Function too long (>50 lines)
+function processOrder(orderId: string) {
+  // 200 lines of validation, payment, inventory, shipping...
+}
+
+// ✅ Extract into smaller, focused functions
+function processOrder(orderId: string) {
+  const order = fetchOrder(orderId);
+
+  validateOrder(order);
+  reserveInventory(order.items);
+  processPayment(order);
+  scheduleShipping(order);
+  sendConfirmation(order.customer.email);
+
+  return order;
+}
+```
+
+## Nesting Depth
+
+```typescript
+// ❌ Too much nesting (>3 levels)
+if (user) {
+  if (user.isActive) {
+    if (user.hasPermission('edit')) {
+      if (resource.isAvailable) {
+        // Deep nesting is hard to follow
+      }
+    }
+  }
+}
+
+// ✅ Guard clauses to reduce nesting
+if (!user) return;
+if (!user.isActive) return;
+if (!user.hasPermission('edit')) return;
+if (!resource.isAvailable) return;
+
+// Clear logic at top level
+
+// ✅ Extract complex conditions
+function canEditResource(user: User, resource: Resource): boolean {
+  return user &&
+         user.isActive &&
+         user.hasPermission('edit') &&
+         resource.isAvailable;
+}
+
+if (canEditResource(user, resource)) {
+  // Single level of nesting
+}
+```
+
+## File Length
+
+```typescript
+// ❌ God file (1000+ lines)
+// user-service.ts with 50 methods handling users, auth, permissions...
+
+// ✅ Split into focused modules (~200-300 lines each)
+// user-service.ts - CRUD operations
+// auth-service.ts - login, logout, tokens
+// permission-service.ts - role checks
+```
+
+## File Organization
+
+```typescript
+// Consistent structure within files:
+
+// 1. Imports (grouped and ordered)
+import fs from 'fs';                    // Standard library
+import express from 'express';          // External dependencies
+import { UserService } from './user';   // Internal modules
+
+// 2. Constants and type definitions
+const MAX_RETRIES = 3;
+
+interface UserDTO {
+  id: string;
+  name: string;
+}
+
+// 3. Helper functions (if needed)
+function validateInput(input: unknown): boolean {
+  // ...
+}
+
+// 4. Main exports/classes
+export class OrderService {
+  // ...
+}
+
+// 5. Module initialization (if applicable)
+export default new OrderService();
+```
+
+## Single Responsibility
+
+```typescript
+// ❌ Class doing too much
+class UserManager {
+  createUser() {}
+  updateUser() {}
+  sendEmail() {}
+  hashPassword() {}
+  generateToken() {}
+}
+
+// ✅ Split by responsibility
+class UserRepository {
+  create(user: User) {}
+  update(id: string, data: Partial<User>) {}
+}
+
+class EmailService {
+  send(to: string, template: string) {}
+}
+
+class PasswordService {
+  hash(password: string): string {}
+  verify(password: string, hash: string): boolean {}
+}
+
+class AuthService {
+  generateToken(userId: string): string {}
+}
+```
+
+## DRY (Don't Repeat Yourself)
+
+```typescript
+// ❌ Duplicated logic
+function processUserOrder(order: Order) {
+  const total = order.items.reduce((sum, i) => sum + i.price * i.quantity, 0);
+  const tax = total * 0.08;
+  return total + tax;
+}
+
+function processGuestOrder(order: Order) {
+  const total = order.items.reduce((sum, i) => sum + i.price * i.quantity, 0);
+  const tax = total * 0.08;
+  return total + tax;
+}
+
+// ✅ Extract common logic
+function calculateOrderTotal(items: Item[]): number {
+  const subtotal = items.reduce((sum, i) => sum + i.price * i.quantity, 0);
+  const tax = subtotal * 0.08;
+  return subtotal + tax;
+}
+
+function processUserOrder(order: Order) {
+  return calculateOrderTotal(order.items);
+}
+```

package/data/templates/agents/architecture-reviewer.md

@@ -0,0 +1,88 @@
+---
+model: "claude-sonnet-4-5"
+description: "Reviews architectural decisions and patterns"
+---
+
+# Architecture Reviewer
+
+You are an architecture review agent ensuring code changes align with the project's architectural principles and patterns.
+
+## Your Responsibilities
+
+### Architectural Compliance
+- Verify changes follow established architecture pattern (layered, hexagonal, microservices, etc.)
+- Check dependency directions are correct
+- Ensure proper separation of concerns
+- Validate module boundaries
+
+### Design Patterns
+- Identify appropriate use of design patterns
+- Flag anti-patterns (God objects, tight coupling, etc.)
+- Suggest pattern improvements when beneficial
+- Verify SOLID principles adherence
+
+### Technical Debt
+- Identify potential technical debt introduced
+- Flag shortcuts that may cause future issues
+- Suggest refactoring opportunities
+- Assess long-term maintainability impact
+
+## Review Checklist
+
+- [ ] Does this change respect the existing architecture?
+- [ ] Are dependencies pointing in the correct direction?
+- [ ] Is there proper separation between layers/modules?
+- [ ] Are interfaces/contracts well-defined?
+- [ ] Is the change introducing tight coupling?
+- [ ] Could this be simplified using existing patterns?
+- [ ] Does this create technical debt?
+- [ ] Is this scalable and maintainable?
+
+## Output Format
+
+```
+🏗️  Architecture Review
+
+Files reviewed: X
+Architecture: [Layered/Hexagonal/Microservices/etc.]
+
+✅ Strengths:
+- Proper dependency injection in ServiceFactory
+- Clean interface boundaries in API layer
+
+⚠️  Concerns:
+
+1. Dependency Violation (Critical)
+   - File: src/ui/components/UserForm.tsx:23
+   - Issue: Direct database access from UI layer
+   - Impact: Violates layered architecture
+   - Solution: Access data through service layer
+
+2. Tight Coupling (Important)
+   - File: src/services/email-service.ts:45
+   - Issue: Hard-coded dependency on specific SMTP library
+   - Impact: Difficult to swap email providers
+   - Solution: Use adapter pattern with EmailProvider interface
+
+3. Potential Debt (Minor)
+   - File: src/utils/cache.ts:12
+   - Issue: In-memory cache without eviction strategy
+   - Impact: May cause memory issues at scale
+   - Solution: Implement LRU eviction or use Redis
+
+📊 Summary:
+- Critical issues: 1
+- Important issues: 1
+- Minor issues: 1
+- Technical debt score: Medium
+
+Recommendation: Address critical dependency violation before merging
+```
+
+## Guidelines
+
+- Focus on architectural implications, not minor style issues
+- Consider both immediate and long-term impacts
+- Provide specific, actionable solutions
+- Explain the "why" behind each concern
+- Balance idealism with pragmatism

package/data/templates/agents/guideline-checker.md

@@ -0,0 +1,73 @@
+---
+model: "claude-opus-4-5"
+description: "Verifies code changes comply with project guidelines"
+---
+
+# Guideline Compliance Checker
+
+You are an automated code review agent that verifies code changes follow the project's established guidelines.
+
+## Your Responsibilities
+
+When code changes are made, automatically verify:
+
+### Code Style Compliance
+- Naming conventions match project standards
+- File organization follows project structure
+- No redundant or commented-out code
+- Proper indentation and formatting
+
+### TypeScript/JavaScript Standards
+- TypeScript strict mode compliance
+- No `any` types (use `unknown` with type guards)
+- Proper interface/type definitions
+- Async/await patterns used correctly
+
+### Best Practices
+- Functions under 50 lines
+- Maximum 3 levels of nesting
+- Complex conditionals extracted to named functions
+- Error handling implemented properly
+- No magic numbers (use named constants)
+
+### Testing Requirements
+- New functions have corresponding tests
+- Test coverage maintained or improved
+- Tests follow AAA pattern (Arrange, Act, Assert)
+
+## Output Format
+
+Report findings in this format:
+
+```
+✅ Guideline Compliance Report
+
+Files checked: X
+
+⚠️  Issues Found:
+
+src/services/example.ts:45
+  - Uses `any` type instead of `unknown`
+  - Function exceeds 50 lines (65 lines)
+
+src/utils/helper.ts:12
+  - Magic number 3600 should be named constant
+
+src/commands/init.ts:120
+  - Missing error handling for async operation
+
+📋 Recommendations:
+1. Replace `any` with `unknown` and add type guard
+2. Extract SECONDS_IN_HOUR = 3600 as constant
+3. Add try-catch block for async operation
+
+Overall: 3 issues require attention
+```
+
+## Guidelines
+
+- Be specific with file paths and line numbers
+- Explain WHY each issue matters
+- Provide actionable recommendations
+- Prioritize by severity (critical, important, minor)
+- Acknowledge good practices when found

package/data/templates/agents/security-auditor.md

@@ -0,0 +1,108 @@
+---
+model: "claude-opus-4-5"
+temperature: 0.3
+description: "Identifies security vulnerabilities and risks"
+---
+
+# Security Auditor
+
+You are a security-focused code review agent that identifies vulnerabilities, security risks, and unsafe practices.
+
+## Your Responsibilities
+
+### OWASP Top 10 Checks
+- SQL Injection vulnerabilities
+- Cross-Site Scripting (XSS)
+- Authentication and session management flaws
+- Insecure direct object references
+- Security misconfiguration
+- Sensitive data exposure
+- Missing access control
+- Cross-Site Request Forgery (CSRF)
+- Using components with known vulnerabilities
+- Insufficient logging and monitoring
+
+### Code Security
+- Input validation and sanitization
+- Output encoding
+- Parameterized queries
+- Secure random number generation
+- Cryptographic best practices
+- Secrets and credential management
+- API key and token handling
+
+### Common Vulnerabilities
+- Path traversal attacks
+- Command injection
+- XML/XXE injection
+- Deserialization vulnerabilities
+- Race conditions
+- Buffer overflows (in applicable languages)
+
+## Review Process
+
+1. Scan for obvious security issues
+2. Check data flow from user input to storage/output
+3. Verify authentication and authorization
+4. Review cryptographic usage
+5. Check dependency versions for known vulnerabilities
+6. Assess error handling and information disclosure
+
+## Output Format
+
+```
+🔒 Security Audit Report
+
+Files audited: X
+Risk Level: [Low/Medium/High/Critical]
+
+🚨 Critical Vulnerabilities:
+
+1. SQL Injection Risk
+   - File: src/database/user-repository.ts:34
+   - Code: `db.query(\`SELECT * FROM users WHERE id = ${userId}\`)`
+   - Risk: Allows arbitrary SQL execution
+   - Fix: Use parameterized query: `db.query('SELECT * FROM users WHERE id = ?', [userId])`
+   - CWE: CWE-89
+
+⚠️  High Risk Issues:
+
+2. Sensitive Data Exposure
+   - File: src/api/auth-controller.ts:89
+   - Code: User password returned in API response
+   - Risk: Password hash exposed to clients
+   - Fix: Remove password from response object
+
+🔔 Medium Risk Issues:
+
+3. Missing Input Validation
+   - File: src/api/upload-controller.ts:12
+   - Code: File upload without type validation
+   - Risk: Malicious file upload
+   - Fix: Validate file type and size before processing
+
+💡 Security Recommendations:
+
+- Enable Content Security Policy headers
+- Implement rate limiting on authentication endpoints
+- Add CSRF tokens to state-changing operations
+- Use secure HTTP-only cookies for sessions
+- Enable security headers (X-Frame-Options, etc.)
+
+📊 Summary:
+- Critical: 1
+- High: 1
+- Medium: 1
+- Low: 0
+
+⚠️  Action Required: Fix critical SQL injection before deployment
+```
+
+## Guidelines
+
+- Prioritize by actual risk, not theoretical scenarios
+- Provide clear, actionable fixes with code examples
+- Reference CWE/CVE numbers when applicable
+- Consider the application's threat model
+- Balance security with usability
+- Don't create false positives unnecessarily

package/data/templates/antigravity/rules/architecture.md.hbs

@@ -0,0 +1,5 @@
+{{#each guidelines}}
+{{#if (eq this.category "architecture")}}
+* {{this.content}}
+{{/if}}
+{{/each}}

package/data/templates/antigravity/rules/code-style.md.hbs

@@ -0,0 +1,5 @@
+{{#each guidelines}}
+{{#if (eq this.category "code-style")}}
+* {{this.content}}
+{{/if}}
+{{/each}}

package/data/templates/antigravity/rules/language.md.hbs

@@ -0,0 +1,5 @@
+{{#each guidelines}}
+{{#if (eq this.category "language")}}
+* {{this.content}}
+{{/if}}
+{{/each}}

package/data/templates/antigravity/rules/performance.md.hbs

@@ -0,0 +1,5 @@
+{{#each guidelines}}
+{{#if (eq this.category "performance")}}
+* {{this.content}}
+{{/if}}
+{{/each}}

package/data/templates/antigravity/rules/security.md.hbs

@@ -0,0 +1,5 @@
+{{#each guidelines}}
+{{#if (eq this.category "security")}}
+* {{this.content}}
+{{/if}}
+{{/each}}

package/data/templates/antigravity/rules/testing.md.hbs

@@ -0,0 +1,5 @@
+{{#each guidelines}}
+{{#if (eq this.category "testing")}}
+* {{this.content}}
+{{/if}}
+{{/each}}

package/data/templates/antigravity/workflows/add-documentation.md.hbs

@@ -0,0 +1,23 @@
+---
+description: Add or update comprehensive documentation for code
+---
+
+* Analyze the selected code for documentation needs
+* Add inline documentation:
+  - Function/method docstrings with parameters, returns, and examples
+  - Class documentation with purpose and usage
+  - Complex logic explanations
+  - Type annotations where applicable
+* Follow language-specific documentation standards:
+  - Python: PEP 257 docstrings (Google/NumPy style)
+  - TypeScript/JavaScript: JSDoc comments
+  - Go: Go doc comments
+  - Java: Javadoc
+* Include:
+  - Clear descriptions of purpose and behavior
+  - Parameter types and descriptions
+  - Return value documentation
+  - Usage examples for complex functions
+  - Notes about side effects or important considerations
+* Update README.md if adding new features or modules
+* Ensure documentation is accurate and up-to-date

package/data/templates/antigravity/workflows/generate-integration-tests.md.hbs

@@ -0,0 +1,17 @@
+---
+description: Generate integration tests for API endpoints and system components
+---
+
+* Identify integration points (APIs, databases, external services)
+* Create integration test files following project conventions
+* Generate tests that verify:
+  - End-to-end workflows across multiple components
+  - API endpoint request/response cycles
+  - Database transactions and data persistence
+  - External service integrations
+* Use test fixtures and factories for realistic data
+* Include proper setup and teardown for test environments
+* Mock external dependencies appropriately
+* Test error scenarios and edge cases
+* Ensure tests are idempotent and can run in any order
+* Add clear documentation for test prerequisites

package/data/templates/antigravity/workflows/generate-unit-tests.md.hbs

@@ -0,0 +1,20 @@
+---
+description: Generate comprehensive unit tests for all functions and methods
+---
+
+* Analyze the selected file or directory for testable code
+* Generate test files with appropriate naming:
+  - Python: `test_` prefix (e.g., `test_module.py`)
+  - TypeScript/JavaScript: `.test.ts` or `.spec.ts` suffix
+  - Go: `_test.go` suffix
+  - Java: Test suffix in test directory
+* Create test cases covering:
+  - Happy path scenarios with valid inputs
+  - Edge cases and boundary conditions
+  - Error handling and exception cases
+  - Mock external dependencies and API calls
+* Follow {{language}} testing best practices and conventions
+* Use appropriate testing framework (Jest, Pytest, Go testing, JUnit, etc.)
+* Aim for >80% code coverage
+* Include setup and teardown methods where needed
+* Add descriptive test names that explain what is being tested

package/data/templates/antigravity/workflows/performance-audit.md.hbs

@@ -0,0 +1,24 @@
+---
+description: Analyze code for performance bottlenecks and optimization opportunities
+---
+
+* Profile the code to identify performance hotspots
+* Check for common performance issues:
+  - N+1 query problems in database access
+  - Inefficient algorithms (O(n²) or worse where O(n log n) possible)
+  - Unnecessary loops or iterations
+  - Missing database indexes
+  - Redundant API calls or computations
+  - Memory leaks or excessive memory usage
+  - Blocking operations that could be async
+* Analyze caching opportunities:
+  - Frequently accessed data
+  - Expensive computations
+  - External API responses
+* Review resource management:
+  - Connection pooling
+  - File handle management
+  - Memory allocation patterns
+* Suggest specific optimizations with code examples
+* Estimate performance impact of suggested changes
+* Prioritize recommendations by expected impact

package/data/templates/antigravity/workflows/refactor-extract-module.md.hbs

@@ -0,0 +1,17 @@
+---
+description: Extract code into a separate, reusable module
+---
+
+* Identify the code section to extract
+* Analyze dependencies and determine module interface
+* Create a new module file following project structure conventions
+* Extract the selected code maintaining:
+  - Original functionality and behavior
+  - Proper error handling
+  - Type safety and contracts
+* Update imports and exports appropriately
+* Refactor the original code to use the new module
+* Ensure no circular dependencies are introduced
+* Add appropriate documentation to the new module
+* Update tests to cover the new module independently
+* Verify all existing tests still pass after refactoring

package/data/templates/antigravity/workflows/security-audit.md.hbs

@@ -0,0 +1,20 @@
+---
+description: Perform comprehensive security audit of the codebase
+---
+
+* Scan code for common security vulnerabilities:
+  - SQL injection risks
+  - Cross-site scripting (XSS) vulnerabilities
+  - Command injection possibilities
+  - Path traversal issues
+  - Insecure cryptography usage
+  - Hardcoded secrets or credentials
+* Check authentication and authorization logic
+* Review input validation and sanitization
+* Examine error handling for information leakage
+* Verify secure handling of sensitive data
+* Check for proper use of security headers
+* Review third-party dependencies for known vulnerabilities
+* Suggest remediation steps for identified issues
+* Provide code examples for fixes
+* Prioritize findings by severity (Critical, High, Medium, Low)

package/data/templates/hooks/formatting.json

@@ -0,0 +1,26 @@
+{
+  "name": "Auto-format on file write",
+  "description": "Automatically format code files after writing",
+  "hooks": {
+    "PostToolUse": [
+      {
+        "matcher": "Write(src/**/*.ts)",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx prettier --write \"${CLAUDE_FILE}\" 2>/dev/null || true"
+          }
+        ]
+      },
+      {
+        "matcher": "Write(src/**/*.tsx)",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx prettier --write \"${CLAUDE_FILE}\" 2>/dev/null || true"
+          }
+        ]
+      }
+    ]
+  }
+}

package/data/templates/hooks/security.json

@@ -0,0 +1,35 @@
+{
+  "name": "Block sensitive file access",
+  "description": "Prevent reading or modifying sensitive files",
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Read(.env*)",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "echo 'Blocked: Sensitive file access not allowed' && exit 2"
+          }
+        ]
+      },
+      {
+        "matcher": "Read(secrets/**)",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "echo 'Blocked: Secrets directory is protected' && exit 2"
+          }
+        ]
+      },
+      {
+        "matcher": "Write(.env*)",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "echo 'Blocked: Cannot modify environment files' && exit 2"
+          }
+        ]
+      }
+    ]
+  }
+}

package/data/templates/hooks/testing.json

@@ -0,0 +1,17 @@
+{
+  "name": "Verify tests before completion",
+  "description": "Ensure tests pass before task completion",
+  "hooks": {
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "prompt",
+            "prompt": "Before completing this task, verify that:\n1. All tests pass\n2. No new failing tests were introduced\n3. Test coverage meets requirements\n\nIs the task truly complete with passing tests?",
+            "timeout": 15
+          }
+        ]
+      }
+    ]
+  }
+}