@anhth2/spec-driven-dev-plugin 0.5.0

package/hooks/data-guard.js

@@ -0,0 +1,141 @@
+#!/usr/bin/env node
+/**
+ * data-guard.js — Claude Code PreToolUse Hook
+ *
+ * Blocks AI from reading, writing, or executing commands involving
+ * sensitive files (credentials, secrets, private keys, .env, etc.)
+ *
+ * Install: copy to your project and register in .claude/settings.json
+ * (see hooks/settings.json for registration template)
+ *
+ * Exit codes:
+ *   0 = allow the tool call
+ *   2 = block the tool call (Claude Code interprets this as a hard block)
+ */
+
+const readline = require('readline');
+
+// ── Sensitive file patterns ────────────────────────────────────────────────
+
+const SENSITIVE_PATH_PATTERNS = [
+  // Environment files
+  /^\.env$/i,
+  /^\.env\./i,
+  /\.env$/i,
+
+  // Secret/credential files
+  /secret/i,
+  /credential/i,
+  /password/i,
+  /passwd/i,
+  /private[_-]?key/i,
+  /api[_-]?key/i,
+  /access[_-]?token/i,
+  /auth[_-]?token/i,
+
+  // Crypto keys and certificates
+  /\.key$/i,
+  /\.pem$/i,
+  /\.p12$/i,
+  /\.pfx$/i,
+  /\.jks$/i,
+  /\.keystore$/i,
+
+  // Framework-specific prod configs
+  /application-(prod|production|staging)\.(yml|yaml|properties)$/i,
+  /appsettings\.(Production|Staging)\.json$/i,
+  /database\.yml$/i,
+  /config\/master\.key$/i,
+  /storage\/oauth-private\.key$/i,
+
+  // Secret directories
+  /^secrets\//i,
+  /\/secrets\//i,
+  /^\.secrets\//i,
+];
+
+const SENSITIVE_BASH_PATTERNS = [
+  /\bprintenv\b/i,
+  /\benv\b.*\|\s*(grep|awk|sed).*secret/i,
+  /cat\s+\.env/i,
+  /docker\s+inspect/i,
+  /kubectl\s+get\s+secret.*-o\s+yaml/i,
+];
+
+// ── Helpers ────────────────────────────────────────────────────────────────
+
+function isSensitivePath(filePath) {
+  if (!filePath) return false;
+  const normalized = filePath.replace(/\\/g, '/');
+  return SENSITIVE_PATH_PATTERNS.some(pattern => pattern.test(normalized));
+}
+
+function isSensitiveCommand(command) {
+  if (!command) return false;
+  return SENSITIVE_BASH_PATTERNS.some(pattern => pattern.test(command));
+}
+
+function block(reason) {
+  console.error(`\n🔒 DATA GUARD — BLOCKED\n${reason}\n`);
+  console.error('If you need configuration values, describe what you need');
+  console.error('without sharing actual secrets. Use placeholder values in generated code.\n');
+  process.exit(2);
+}
+
+// ── Main ───────────────────────────────────────────────────────────────────
+
+let rawInput = '';
+
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => { rawInput += chunk; });
+process.stdin.on('end', () => {
+  let input;
+  try {
+    input = JSON.parse(rawInput);
+  } catch {
+    // Cannot parse input — allow (fail open, not fail closed)
+    process.exit(0);
+  }
+
+  const toolName  = input.tool_name  || '';
+  const toolInput = input.tool_input || {};
+
+  // ── Read tool ─────────────────────────────────────────────────────────
+  if (toolName === 'Read') {
+    const filePath = toolInput.file_path || '';
+    if (isSensitivePath(filePath)) {
+      block(`Attempted to READ sensitive file: ${filePath}`);
+    }
+  }
+
+  // ── Write tool ────────────────────────────────────────────────────────
+  if (toolName === 'Write') {
+    const filePath = toolInput.file_path || '';
+    if (isSensitivePath(filePath)) {
+      block(`Attempted to WRITE to sensitive file: ${filePath}`);
+    }
+  }
+
+  // ── Edit tool ─────────────────────────────────────────────────────────
+  if (toolName === 'Edit') {
+    const filePath = toolInput.file_path || '';
+    if (isSensitivePath(filePath)) {
+      block(`Attempted to EDIT sensitive file: ${filePath}`);
+    }
+  }
+
+  // ── Bash tool ─────────────────────────────────────────────────────────
+  if (toolName === 'Bash') {
+    const command = toolInput.command || '';
+    if (isSensitiveCommand(command)) {
+      block(`Attempted to execute sensitive command: ${command}`);
+    }
+    // Also check if the command references a sensitive file path
+    if (isSensitivePath(command)) {
+      block(`Bash command references a sensitive file path: ${command}`);
+    }
+  }
+
+  // Allow all other tool calls
+  process.exit(0);
+});

package/hooks/settings.json

@@ -0,0 +1,18 @@
+{
+  "_comment": "Claude Code hook registration template. Copy this content into your project's .claude/settings.json",
+  "_docs": "https://docs.anthropic.com/claude/claude-code/hooks",
+
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Read|Write|Edit|Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node .claude/hooks/data-guard.js"
+          }
+        ]
+      }
+    ]
+  }
+}

package/modules/angular/architecture-snippets/component-patterns.md

@@ -0,0 +1,187 @@
+# Angular — Component Architecture Patterns
+
+## Smart / Container Component Pattern
+
+```typescript
+// order-list.component.ts — Smart component: manages state, injects services
+import { Component, OnInit, inject } from '@angular/core';
+import { CommonModule } from '@angular/common';
+import { OrderService } from '../services/order.service';
+import { OrderListItemComponent } from './order-list-item.component';
+import { Order } from '../models/order.model';
+
+@Component({
+  selector: 'app-order-list',
+  standalone: true,
+  imports: [CommonModule, OrderListItemComponent],
+  template: `
+    <div class="order-list">
+      <app-order-list-item
+        *ngFor="let order of orders"
+        [order]="order"
+        (cancel)="onCancelOrder($event)"
+      />
+    </div>
+  `
+})
+export class OrderListComponent implements OnInit {
+  private orderService = inject(OrderService);
+  orders: Order[] = [];
+
+  ngOnInit(): void {
+    this.orderService.getOrders().subscribe(orders => this.orders = orders);
+  }
+
+  onCancelOrder(orderId: number): void {
+    this.orderService.cancelOrder(orderId).subscribe(() => {
+      this.orders = this.orders.filter(o => o.id !== orderId);
+    });
+  }
+}
+```
+
+## Dumb / Presentational Component Pattern
+
+```typescript
+// order-list-item.component.ts — Dumb component: pure I/O, OnPush, no service injection
+import { Component, Input, Output, EventEmitter, ChangeDetectionStrategy } from '@angular/core';
+import { Order } from '../models/order.model';
+
+@Component({
+  selector: 'app-order-list-item',
+  standalone: true,
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="order-item">
+      <span>{{ order.id }}</span>
+      <span>{{ order.status }}</span>
+      <button (click)="cancel.emit(order.id)" [disabled]="order.status === 'CANCELLED'">
+        Cancel
+      </button>
+    </div>
+  `
+})
+export class OrderListItemComponent {
+  @Input({ required: true }) order!: Order;
+  @Output() cancel = new EventEmitter<number>();
+}
+```
+
+## Service with HttpClient Pattern
+
+```typescript
+// order.service.ts
+import { Injectable, inject } from '@angular/core';
+import { HttpClient, HttpParams } from '@angular/common/http';
+import { Observable } from 'rxjs';
+import { Order, CreateOrderRequest, OrderResponse } from '../models/order.model';
+import { environment } from '@env/environment';
+
+@Injectable({ providedIn: 'root' })
+export class OrderService {
+  private http = inject(HttpClient);
+  private baseUrl = `${environment.apiUrl}/v1/orders`;
+
+  getOrders(customerId?: number): Observable<Order[]> {
+    let params = new HttpParams();
+    if (customerId) params = params.set('customerId', customerId.toString());
+    return this.http.get<Order[]>(this.baseUrl, { params });
+  }
+
+  getOrder(id: number): Observable<Order> {
+    return this.http.get<Order>(`${this.baseUrl}/${id}`);
+  }
+
+  createOrder(request: CreateOrderRequest): Observable<OrderResponse> {
+    return this.http.post<OrderResponse>(this.baseUrl, request);
+  }
+
+  cancelOrder(id: number): Observable<void> {
+    return this.http.patch<void>(`${this.baseUrl}/${id}/cancel`, {});
+  }
+}
+```
+
+## Signal-Based State Pattern (Angular 17+)
+
+```typescript
+// order.store.ts — using Angular Signals for state management
+import { Injectable, signal, computed } from '@angular/core';
+import { Order } from '../models/order.model';
+
+@Injectable({ providedIn: 'root' })
+export class OrderStore {
+  private _orders = signal<Order[]>([]);
+  private _loading = signal(false);
+  private _error = signal<string | null>(null);
+
+  // Public readable signals
+  readonly orders = this._orders.asReadonly();
+  readonly loading = this._loading.asReadonly();
+  readonly error = this._error.asReadonly();
+
+  // Computed signals
+  readonly pendingOrders = computed(() =>
+    this._orders().filter(o => o.status === 'PENDING')
+  );
+  readonly orderCount = computed(() => this._orders().length);
+
+  setOrders(orders: Order[]): void {
+    this._orders.set(orders);
+  }
+
+  setLoading(loading: boolean): void {
+    this._loading.set(loading);
+  }
+
+  setError(error: string | null): void {
+    this._error.set(error);
+  }
+
+  removeOrder(id: number): void {
+    this._orders.update(orders => orders.filter(o => o.id !== id));
+  }
+}
+```
+
+## Route Guard Pattern
+
+```typescript
+// auth.guard.ts
+import { inject } from '@angular/core';
+import { CanActivateFn, Router } from '@angular/router';
+import { AuthService } from '../services/auth.service';
+
+export const authGuard: CanActivateFn = (route, state) => {
+  const auth = inject(AuthService);
+  const router = inject(Router);
+
+  if (auth.isAuthenticated()) {
+    return true;
+  }
+  return router.createUrlTree(['/login'], { queryParams: { returnUrl: state.url } });
+};
+```
+
+## Standalone Component with Lazy Loading
+
+```typescript
+// app.routes.ts
+import { Routes } from '@angular/router';
+import { authGuard } from './guards/auth.guard';
+
+export const APP_ROUTES: Routes = [
+  {
+    path: 'orders',
+    canActivate: [authGuard],
+    loadComponent: () =>
+      import('./features/orders/order-list.component').then(m => m.OrderListComponent)
+  },
+  {
+    path: 'orders/:id',
+    canActivate: [authGuard],
+    loadComponent: () =>
+      import('./features/orders/order-detail.component').then(m => m.OrderDetailComponent)
+  }
+];
+```

package/modules/angular/module.yaml

@@ -0,0 +1,6 @@
+name: "Angular"
+version: "1.0.0"
+description: "Angular 17+ frontend with component-based architecture"
+language: "TypeScript"
+framework: "Angular"
+stack_type: "frontend"

package/modules/angular/stack-profile.yaml

@@ -0,0 +1,38 @@
+build:
+  compile: "ng build"
+  test: "ng test --watch=false"
+  run: "ng serve"
+
+architecture:
+  style: "Component → Service → HTTP Client → Backend API"
+  key_rules:
+    - "Smart (container) components manage state and inject services"
+    - "Dumb (presentational) components receive data via @Input and emit via @Output"
+    - "Business logic lives in services, not in component classes"
+    - "Use OnPush change detection for all pure presentational components"
+    - "HTTP calls must be in services, never in component files"
+
+coding_standards:
+  naming:
+    components: "PascalCase + Component suffix (e.g., OrderListComponent)"
+    services: "PascalCase + Service suffix (e.g., OrderService)"
+    pipes: "PascalCase + Pipe suffix (e.g., CurrencyFormatPipe)"
+    directives: "PascalCase + Directive suffix (e.g., HighlightDirective)"
+    guards: "PascalCase + Guard suffix (e.g., AuthGuard)"
+    files:
+      component: "{feature}.component.ts / .html / .scss"
+      service: "{feature}.service.ts"
+      model: "{feature}.model.ts"
+      store: "{feature}.store.ts"
+  patterns:
+    state_management: "NgRx (complex) or Angular Signals (simple/medium)"
+    http_error_handling: "HttpInterceptor catches 4xx/5xx globally"
+    lazy_loading: "All feature modules must be lazily loaded"
+
+testing:
+  unit: "Jasmine + Karma or Jest"
+  e2e: "Cypress or Playwright"
+  patterns:
+    - "Use TestBed.configureTestingModule for component tests"
+    - "Mock services with jasmine.createSpyObj or jest.fn()"
+    - "Test component DOM via DebugElement and By.css selectors"

package/modules/context-engineering/architecture-snippets/context-design.md

@@ -0,0 +1,119 @@
+# Context Engineering — Design Templates and Patterns
+
+## System Context Design Template
+
+```markdown
+# System Context: {Agent Name}
+
+## Role
+You are {role description}. You help {target user} to {primary purpose}.
+
+## Scope
+In scope:
+- {capability 1}
+- {capability 2}
+
+Out of scope (do not attempt):
+- {excluded capability 1}
+- {excluded capability 2}
+
+## Output Format
+Always respond with:
+- {format requirement 1, e.g., "structured YAML when producing artifacts"}
+- {format requirement 2, e.g., "numbered steps for procedural instructions"}
+- {format requirement 3, e.g., "a CHECKPOINT before any destructive action"}
+
+## Constraints
+- {constraint 1, e.g., "Never make changes without explicit user confirmation"}
+- {constraint 2, e.g., "Always cite source files when referencing code"}
+
+## Tools Available
+- {tool name}: {what it does and when to use it}
+```
+
+## Context Layering: Persistent vs Ephemeral
+
+```
+┌─────────────────────────────────────────────────┐
+│  PERSISTENT (system prompt — stable, pre-loaded) │
+│  - Role and persona                              │
+│  - Output format requirements                    │
+│  - Constraint rules                              │
+│  - Domain knowledge (project context)            │
+└────────────────────┬────────────────────────────┘
+                     │ passed once at session start
+┌────────────────────▼────────────────────────────┐
+│  SESSION (loaded once per task)                  │
+│  - Project-context.yaml                          │
+│  - CLAUDE.md                                     │
+│  - Business dictionary                           │
+└────────────────────┬────────────────────────────┘
+                     │ loaded on demand
+┌────────────────────▼────────────────────────────┐
+│  EPHEMERAL (per-turn, discarded after use)       │
+│  - Tool results                                  │
+│  - File contents read mid-task                   │
+│  - User clarification answers                    │
+└─────────────────────────────────────────────────┘
+```
+
+## Context Handoff Between Agents
+
+When passing work from one agent to another, include a structured handoff payload:
+
+```yaml
+# Agent Handoff Payload
+handoff_from: "{source agent name}"
+handoff_to: "{target agent name}"
+task_id: "{unique task identifier}"
+status: "partial_complete"  # pending | partial_complete | blocked | ready_for_review
+
+# What was accomplished
+completed:
+  - "{step 1 done}"
+  - "{step 2 done}"
+
+# What the next agent must do
+pending:
+  - "{step 3 to do}"
+  - "{step 4 to do}"
+
+# Decisions made (so next agent doesn't re-litigate)
+decisions:
+  - decision: "{what was decided}"
+    rationale: "{why}"
+
+# Artifacts produced (file paths)
+artifacts:
+  - path: "{file path}"
+    type: "{type: spec | code | test | report}"
+    status: "{draft | approved | final}"
+
+# Context the next agent needs immediately
+context_snapshot:
+  project_name: "{name}"
+  domain: "{domain}"
+  uc_id: "{UC-ID}"
+  tech_stack: "{stack}"
+```
+
+## Context Compression Pattern
+
+When conversation history grows large, compress before the next turn:
+
+```
+CONTEXT SUMMARY (replaces N previous turns):
+Task: {what we are doing}
+Progress: {what has been completed so far}
+Current state: {where we are now}
+Key decisions: {decisions that must not be reversed}
+Pending: {what still needs to be done}
+Files produced: {list of artifact paths}
+```
+
+Compression rules:
+1. Keep all decisions and their rationale.
+2. Keep all file paths that were created.
+3. Drop intermediate reasoning that led to a confirmed decision.
+4. Keep any user corrections or explicit preferences.
+5. Keep any open questions that are still unresolved.

package/modules/context-engineering/module.yaml

@@ -0,0 +1,9 @@
+name: "Context Engineering"
+version: "1.0.0"
+description: "AI context design, prompt engineering, and system context workflows"
+stack_type: "ai-first"
+use_cases:
+  - "Designing AI system contexts"
+  - "Reverse engineering existing prompts"
+  - "Context window optimization"
+  - "Multi-agent coordination"

package/modules/context-engineering/stack-profile.yaml

@@ -0,0 +1,61 @@
+context_types:
+  system:
+    description: "Persistent instruction context that defines agent behavior and constraints"
+    lifetime: "entire session"
+    examples:
+      - "Role and persona definition"
+      - "Output format requirements"
+      - "Capability constraints and safety boundaries"
+  user:
+    description: "Per-turn input from the human, including instructions and data"
+    lifetime: "current turn"
+  tool:
+    description: "Results returned from tool calls (function outputs, search results)"
+    lifetime: "current turn or until referenced"
+  memory:
+    description: "Persistent state stored and retrieved across turns or sessions"
+    lifetime: "configurable — session, project, or long-term"
+
+context_optimization:
+  rules:
+    - "Front-load the most decision-relevant context (primacy effect)"
+    - "Remove redundant instructions — each rule stated once"
+    - "Separate stable context (system prompt) from dynamic context (user message)"
+    - "Use structured formats (YAML/JSON/Markdown headers) for scannable context"
+    - "Compress historical context before adding new turns (rolling summary)"
+    - "Reference external documents by path rather than inlining large content"
+  token_budget_targets:
+    system_prompt: "under 2000 tokens for most use cases"
+    context_window_reserve: "20% of max window for model output"
+
+evaluation_criteria:
+  clarity:
+    description: "Is each instruction unambiguous and actionable?"
+    test: "Would two different agents interpret this identically?"
+  completeness:
+    description: "Does context include all information the agent needs?"
+    test: "Can the agent complete the task without asking for clarification?"
+  relevance:
+    description: "Is every sentence load-bearing for the task?"
+    test: "Would removing this sentence change agent behavior?"
+  consistency:
+    description: "Are there no contradictory instructions?"
+    test: "Can all rules be simultaneously satisfied?"
+
+common_patterns:
+  rag:
+    name: "Retrieval-Augmented Generation"
+    use_when: "Agent needs knowledge beyond training cutoff or domain-specific facts"
+    structure: "System: role + instructions | User: query | Tool: retrieved chunks | User: synthesize"
+  chain_of_thought:
+    name: "Chain of Thought"
+    use_when: "Complex reasoning tasks requiring intermediate steps"
+    structure: "Include 'think step by step' or explicit reasoning scaffold in system prompt"
+  few_shot:
+    name: "Few-Shot Examples"
+    use_when: "Output format or classification must match specific patterns"
+    structure: "Provide 2-5 input/output pairs before the actual task"
+  multi_agent:
+    name: "Multi-Agent Coordination"
+    use_when: "Task can be parallelized or requires specialist sub-agents"
+    structure: "Orchestrator context + worker contexts + handoff format definition"