@brunosps00/dev-workflow 0.6.1 → 0.8.0

package/scaffold/skills/docker-compose-recipes/services/rabbitmq.yml

@@ -0,0 +1,29 @@
+# RabbitMQ 3 (management) — message broker + UI
+# Env vars: RABBITMQ_USER, RABBITMQ_PASSWORD, RABBITMQ_PORT (default 5672), RABBITMQ_UI_PORT (default 15672)
+# Application-side: AMQP_URL=amqp://${RABBITMQ_USER}:${RABBITMQ_PASSWORD}@rabbitmq:5672/
+
+rabbitmq:
+  image: rabbitmq:3-management-alpine
+  restart: unless-stopped
+  environment:
+    RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER:-app}
+    RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-app}
+  ports:
+    - "${RABBITMQ_PORT:-5672}:5672"
+    - "${RABBITMQ_UI_PORT:-15672}:15672"
+  volumes:
+    - rabbitmq_data:/var/lib/rabbitmq
+  healthcheck:
+    test: ["CMD", "rabbitmq-diagnostics", "ping"]
+    interval: 10s
+    timeout: 5s
+    retries: 10
+    start_period: 30s
+
+# volumes:
+#   rabbitmq_data: {}
+#
+# Prod notes:
+# - Drop the management UI port (15672) or put it behind a reverse proxy with auth.
+# - Use rabbitmq:3-alpine (no management) in prod; manage via the cluster API.
+# - Mount a custom rabbitmq.conf for clustering, queue limits, and TLS.

package/scaffold/skills/docker-compose-recipes/services/redis.yml

@@ -0,0 +1,25 @@
+# Redis 7 — cache, pub/sub, BullMQ backend
+# Env vars: REDIS_PORT (default 6379), REDIS_PASSWORD (optional in dev)
+# Application-side: REDIS_URL=redis://redis:6379  or  redis://:${REDIS_PASSWORD}@redis:6379
+
+redis:
+  image: redis:7-alpine
+  restart: unless-stopped
+  command: ${REDIS_PASSWORD:+redis-server --requirepass ${REDIS_PASSWORD}}
+  ports:
+    - "${REDIS_PORT:-6379}:6379"
+  volumes:
+    - redis_data:/data
+  healthcheck:
+    test: ["CMD", "redis-cli", "ping"]
+    interval: 5s
+    timeout: 3s
+    retries: 10
+    start_period: 3s
+
+# volumes:
+#   redis_data: {}
+#
+# Prod notes:
+# - Always set REDIS_PASSWORD in prod. Drop public port; expose only on internal network.
+# - For persistence in prod, mount a Redis config file with appendonly yes and tune save points.

package/scaffold/skills/docker-compose-recipes/services/smtp4dev.yml

@@ -0,0 +1,27 @@
+# smtp4dev — Windows-friendly SMTP capture, .NET-based
+# Env vars: SMTP4DEV_SMTP_PORT (default 2525), SMTP4DEV_UI_PORT (default 5000)
+# Application-side SMTP config:
+#   SMTP_HOST=smtp4dev ; SMTP_PORT=25 (internal) ; SMTP_USER= ; SMTP_PASSWORD= ; SMTP_SECURE=false
+
+smtp4dev:
+  image: rnwood/smtp4dev:v3
+  restart: unless-stopped
+  ports:
+    - "${SMTP4DEV_SMTP_PORT:-2525}:25"
+    - "${SMTP4DEV_UI_PORT:-5000}:80"
+  environment:
+    ServerOptions__HostName: smtp4dev
+  volumes:
+    - smtp4dev_data:/smtp4dev
+  healthcheck:
+    test: ["CMD", "wget", "--quiet", "--spider", "http://localhost:80"]
+    interval: 10s
+    timeout: 3s
+    retries: 5
+    start_period: 5s
+
+# volumes:
+#   smtp4dev_data: {}
+#
+# Prod notes:
+# - DEV ONLY. Do not ship to prod.

package/scaffold/skills/docker-compose-recipes/services/traefik.yml

@@ -0,0 +1,42 @@
+# Traefik 3 — reverse proxy + dev TLS via mkcert
+# Env vars: TRAEFIK_HTTP_PORT (default 80), TRAEFIK_HTTPS_PORT (default 443), TRAEFIK_DASHBOARD_PORT (default 8080)
+# Use Docker labels on other services to route traffic, e.g.:
+#   labels:
+#     - "traefik.enable=true"
+#     - "traefik.http.routers.web.rule=Host(`web.localhost`)"
+#     - "traefik.http.services.web.loadbalancer.server.port=3000"
+
+traefik:
+  image: traefik:v3.1
+  restart: unless-stopped
+  command:
+    - "--api.insecure=true"
+    - "--providers.docker=true"
+    - "--providers.docker.exposedbydefault=false"
+    - "--entrypoints.web.address=:80"
+    - "--entrypoints.websecure.address=:443"
+  ports:
+    - "${TRAEFIK_HTTP_PORT:-80}:80"
+    - "${TRAEFIK_HTTPS_PORT:-443}:443"
+    - "${TRAEFIK_DASHBOARD_PORT:-8080}:8080"
+  volumes:
+    - /var/run/docker.sock:/var/run/docker.sock:ro
+    - traefik_certs:/certs
+  healthcheck:
+    test: ["CMD", "wget", "--quiet", "--spider", "http://localhost:8080/ping"]
+    interval: 10s
+    timeout: 3s
+    retries: 5
+    start_period: 5s
+
+# volumes:
+#   traefik_certs: {}
+#
+# Dev TLS notes:
+# - Run `mkcert -install && mkcert localhost '*.localhost'` once on the host, mount the certs
+#   into traefik_certs, and configure tls.options for HTTPS routes.
+#
+# Prod notes:
+# - REMOVE --api.insecure=true. Bind the dashboard to a private network or behind basic auth.
+# - Replace Docker provider with file/Kubernetes provider for prod orchestration.
+# - Use ACME/Let's Encrypt resolver for prod TLS (configure --certificatesresolvers.le.acme.*).

package/scaffold/skills/docker-compose-recipes/services/typesense.yml

@@ -0,0 +1,25 @@
+# Typesense — alternative to Meilisearch, focus on typo tolerance and ranking
+# Env vars: TYPESENSE_API_KEY, TYPESENSE_PORT (default 8108)
+# Application-side: TYPESENSE_HOST=typesense; TYPESENSE_PORT=8108; TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
+
+typesense:
+  image: typesense/typesense:0.27.1
+  restart: unless-stopped
+  command: --data-dir /data --api-key=${TYPESENSE_API_KEY:-typesense-dev-key} --enable-cors
+  ports:
+    - "${TYPESENSE_PORT:-8108}:8108"
+  volumes:
+    - typesense_data:/data
+  healthcheck:
+    test: ["CMD", "curl", "-f", "http://localhost:8108/health"]
+    interval: 10s
+    timeout: 3s
+    retries: 5
+    start_period: 5s
+
+# volumes:
+#   typesense_data: {}
+#
+# Prod notes:
+# - Generate a strong TYPESENSE_API_KEY; rotate periodically.
+# - For HA, run a 3-node cluster (see Typesense docs for clustering).

package/scaffold/skills/dw-council/SKILL.md

@@ -1,13 +1,6 @@
 ---
 name: dw-council
-description: |
-  Orchestrates a multi-advisor debate (3-5 archetypes) to stress-test
-  high-stakes product, architecture, or scope decisions. Uses parallel
-  subagents with steel-manning, concession tracking, and dissent-preserving
-  synthesis. Invoked opt-in via `--council` flag from dw-brainstorm and
-  dw-create-techspec, or standalone when the user explicitly needs a
-  rigorous debate. Do not use for small decisions, routine implementation,
-  or when a single answer is already obvious.
+description: Multi-advisor debate (3-5 archetypes) with steel-manning and dissent preserved, for high-stakes product or architecture calls.
 allowed-tools:
   - Read
   - Task

package/scaffold/skills/dw-memory/SKILL.md

@@ -1,13 +1,6 @@
 ---
 name: dw-memory
-description: |
-  Maintains workflow-scoped memory for dev-workflow PRD runs using
-  .dw/spec/prd-<name>/MEMORY.md (shared) and .dw/spec/prd-<name>/tasks/<N>_memory.md
-  (task-local). Use when a dev-workflow command needs to persist or recall
-  durable cross-task context (decisions, constraints, risks) across task
-  executions. Invoked from dw-run-task, dw-run-plan, dw-autopilot, and
-  dw-resume. Do not use for PR review remediation, user preferences, or
-  event-log summarization.
+description: Two-tier workflow memory (shared + per-task) with promotion test, so cross-task context survives without bloating files.
 allowed-tools:
   - Read
   - Write

package/scaffold/skills/dw-review-rigor/SKILL.md

@@ -1,12 +1,6 @@
 ---
 name: dw-review-rigor
-description: |
-  Applies review discipline to code-review and analysis commands:
-  de-duplicates issues, orders by severity, verifies intent before flagging,
-  prioritizes signal over volume, and skips concerns that linters already
-  catch. Invoked from dw-code-review, dw-review-implementation, and
-  dw-refactoring-analysis. Do not use for fetching reviews from external
-  providers or for executing fixes.
+description: Five rules for review output — dedupe, severity-order, verify intent, skip linter noise, prefer signal over volume.
 allowed-tools:
   - Read
   - Grep

package/scaffold/skills/dw-verify/SKILL.md

@@ -1,11 +1,6 @@
 ---
 name: dw-verify
-description: |
-  Enforces fresh verification evidence before any completion, fix, or passing
-  claim — and before commits or PR creation. Use when a dev-workflow command
-  is about to report success, hand off work, or commit code. Invoked from
-  dw-run-task, dw-run-plan, dw-fix-qa, dw-bugfix, dw-code-review, dw-generate-pr,
-  and dw-quick. Do not use for early planning or brainstorming.
+description: Demands fresh verification evidence before any success claim or commit. No PASS report, no claim — no exceptions.
 allowed-tools:
   - Bash
   - Read