@dezycro-ai/agent-plugin 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/.claude-plugin/plugin.json +7 -0
  2. package/LICENSE +18 -0
  3. package/PERSONAS.md +309 -0
  4. package/README.md +125 -0
  5. package/bin/resolve-auth.js +112 -0
  6. package/dist/hooks/lib/authoring.d.ts +118 -0
  7. package/dist/hooks/lib/authoring.js +277 -0
  8. package/dist/hooks/lib/config.d.ts +28 -0
  9. package/dist/hooks/lib/config.js +175 -0
  10. package/dist/hooks/lib/controller-match.d.ts +16 -0
  11. package/dist/hooks/lib/controller-match.js +96 -0
  12. package/dist/hooks/lib/coverage.d.ts +17 -0
  13. package/dist/hooks/lib/coverage.js +66 -0
  14. package/dist/hooks/lib/hashing.d.ts +8 -0
  15. package/dist/hooks/lib/hashing.js +49 -0
  16. package/dist/hooks/lib/logging.d.ts +13 -0
  17. package/dist/hooks/lib/logging.js +72 -0
  18. package/dist/hooks/lib/publish-spec.d.ts +17 -0
  19. package/dist/hooks/lib/publish-spec.js +64 -0
  20. package/dist/hooks/lib/quality-gate.d.ts +67 -0
  21. package/dist/hooks/lib/quality-gate.js +187 -0
  22. package/dist/hooks/lib/router.d.ts +32 -0
  23. package/dist/hooks/lib/router.js +717 -0
  24. package/dist/hooks/lib/state.d.ts +34 -0
  25. package/dist/hooks/lib/state.js +238 -0
  26. package/dist/hooks/lib/undo.d.ts +11 -0
  27. package/dist/hooks/lib/undo.js +71 -0
  28. package/dist/hooks/lib/verify.d.ts +28 -0
  29. package/dist/hooks/lib/verify.js +94 -0
  30. package/dist/hooks/lib/workbook.d.ts +21 -0
  31. package/dist/hooks/lib/workbook.js +77 -0
  32. package/dist/hooks/types.d.ts +249 -0
  33. package/dist/hooks/types.js +14 -0
  34. package/hooks/companion-runner +108 -0
  35. package/hooks/hooks.json +74 -0
  36. package/install.js +84 -0
  37. package/package.json +50 -0
  38. package/prompts/existing-work-ranker.md +47 -0
  39. package/prompts/prd-drafter.md +53 -0
  40. package/prompts/prd-question.md +66 -0
  41. package/prompts/trd-context-gate.md +57 -0
  42. package/prompts/trd-discovery.md +71 -0
  43. package/prompts/trd-drafter.md +63 -0
  44. package/prompts/trd-question.md +61 -0
  45. package/prompts/trd-reviewer.md +74 -0
  46. package/prompts/workbook-sweep.md +89 -0
  47. package/setup.js +35 -0
  48. package/skills/author/SKILL.md +285 -0
  49. package/skills/import-features/SKILL.md +428 -0
  50. package/skills/init/SKILL.md +133 -0
  51. package/skills/publish-spec/SKILL.md +101 -0
  52. package/skills/status/SKILL.md +76 -0
  53. package/skills/sync/SKILL.md +76 -0
  54. package/skills/verify/SKILL.md +248 -0
  55. package/skills/work/SKILL.md +201 -0
@@ -0,0 +1,428 @@
1
+ ---
2
+ name: import-features
3
+ description: Reverse-engineers a codebase into Dezycro features with user-behavior PRDs and matching TRDs. Use when user asks to import, scan, or analyze a codebase into Dezycro, extract product requirements, or generate PRDs and TRDs from code.
4
+ allowed-tools:
5
+ - AskUserQuestion
6
+ - mcp__dezycro__*
7
+ - Read
8
+ - Glob
9
+ - Grep
10
+ - Agent
11
+ - TaskCreate
12
+ - TaskUpdate
13
+ ---
14
+
15
+ # Import Codebase into Dezycro
16
+
17
+ Analyze this codebase and create **user-facing features** in Dezycro with PRDs describing user behavior and experience. Then generate TRDs describing how those features are implemented technically.
18
+
19
+ **Your primary role**: You are a product manager documenting what users experience — not a developer documenting how code works.
20
+
21
+ > **⛔ DUPLICATION GATE — READ THIS FIRST**
22
+ >
23
+ > You MUST call `list_features` and `search` to check for existing features BEFORE calling `create_feature` even once.
24
+ > If you call `create_feature` without first completing Step 3 (deduplication), you are violating this skill.
25
+ > There are NO exceptions — not "the project looks empty", not "the user said create", not "I'll check later."
26
+ > Step 3 is as mandatory as Step 1. You cannot skip it.
27
+
28
+ ## What is a feature?
29
+
30
+ A product capability that a distinct type of user interacts with. Not an internal service, not infrastructure.
31
+
32
+ | Good features | Bad features |
33
+ |---|---|
34
+ | Login & Registration | Kafka Consumer |
35
+ | Project Dashboard | Redis Cache |
36
+ | Document Editor | Flyway Migrations |
37
+ | Team Management | Editing Documents (verb) |
38
+
39
+ ---
40
+
41
+ ## Prerequisites
42
+
43
+ Verify the Dezycro MCP server is connected by calling `list_workspaces`. If it fails, tell the user to run: `npx dezycro-setup`
44
+
45
+ ---
46
+
47
+ ## Process
48
+
49
+ Follow these steps **in order**. Do NOT skip steps.
50
+
51
+ ### Step 1: Select Workspace and Project
52
+
53
+ 1. Call `list_workspaces`.
54
+ 2. Use `AskUserQuestion` with workspace names as `options` to let the user pick.
55
+ If only one workspace, confirm: question "Use workspace 'X'?", options: ["Yes", "No, cancel"]
56
+ 3. Call `list_projects` with the chosen workspaceId.
57
+ 4. Use `AskUserQuestion` with project names + "Create new project" as options.
58
+ If creating: ask for name via `AskUserQuestion`, then call `create_project`.
59
+ 5. Store workspaceId and projectId.
60
+
61
+ **IMPORTANT**: Always use `AskUserQuestion` with `options` — never ask the user to type numbers or text.
62
+
63
+ ---
64
+
65
+ ### Step 2: Discover User Flows
66
+
67
+ Your goal is to find **what users can do** in this application. Focus on user-facing flows, not internal architecture.
68
+
69
+ **How to find user flows:**
70
+
71
+ 1. **Start with routes/pages** — entry points to user flows:
72
+ - Frontend: route definitions, page components, navigation menus
73
+ - Backend: REST controllers, API route files, GraphQL resolvers
74
+
75
+ 2. **Map each route to a user flow**:
76
+ - `/login`, `/register` → "Authentication & Onboarding"
77
+ - `/dashboard` → "Dashboard"
78
+ - `/settings/team` → "Team Management"
79
+
80
+ 3. **Read actual UI/API code** to understand what users do — don't guess from filenames.
81
+
82
+ 4. **Group related routes into features**:
83
+ - `/settings/profile`, `/settings/password`, `/settings/notifications` → "User Settings"
84
+ - `/projects`, `/projects/new`, `/projects/:id` → "Project Management"
85
+
86
+ **What to SKIP:**
87
+ - Infrastructure: databases, caching, queues, CI/CD, deployment
88
+ - Internal services: background workers, schedulers, migrations
89
+ - Libraries: utility functions, shared components without user-facing purpose
90
+ - Configuration: env files, build config, linters
91
+
92
+ ---
93
+
94
+ ### Step 2.5: Design the Folder Structure
95
+
96
+ > **Why this matters:** Dezycro uses **folder-scoped knowledge** — features in the same folder share context at full weight when the AI answers chat questions, generates TRDs, detects conflicts, or guides an AI coding agent. Folders outside the current one are deprioritized and drafts outside the folder are excluded entirely. **Bad folder grouping degrades the quality of every AI-assisted action in the product.** Good folder grouping compounds value.
97
+ >
98
+ > Treat folders as **domain boundaries**, not visual categorization. Two features belong in the same folder only if you would want the AI to automatically use one as context when working on the other.
99
+
100
+ #### Folder design principles
101
+
102
+ **1. Cohesion over neatness.** Group features that share a domain model, user flow surface, or data. "Cart Management" and "Payment Processing" belong together because editing one affects how you think about the other. "Cart Management" and "User Profile Settings" do not — they live in different mental models.
103
+
104
+ **2. Use hierarchy when it reflects real containment.** Don't create nested folders just to feel organized. A folder hierarchy is meaningful only when the parent feature governs or scopes its children. For example, `Checkout/Cart Management` is meaningful if there will eventually be a parent-level PRD about checkout policies. Otherwise, flat grouping is better.
105
+
106
+ **3. Aim for 3–8 features per folder.** Fewer than 3 and the folder adds no value (a lone feature may as well be at root). More than 8 and cohesion breaks down — split it. Hard cap: don't put more than 12 features in one folder.
107
+
108
+ **4. Folders should be stable, not fashionable.** Name folders after enduring product areas ("Authentication", "Billing", "Project Management"), not current initiatives ("Q4 Revamp", "Phase 2 Features"). The folder tree will outlive any single project timeline.
109
+
110
+ **5. Deep nesting is mostly unnecessary.** For most projects, 1 or 2 levels of folders are enough. 3 levels is rare and should be justified. Deep nesting fragments the knowledge base without adding real cohesion.
111
+
112
+ **6. The project root is just another folder.** Features at root are treated as siblings of each other. Cross-cutting features (like "Admin Dashboard" or "System Settings") that touch many domains often belong at root rather than forced into a category.
113
+
114
+ #### How to derive folders from the codebase
115
+
116
+ Use the code's structure as a hint, but translate to the product domain:
117
+
118
+ | Code signal | Folder candidate |
119
+ |---|---|
120
+ | A backend module / microservice boundary (e.g., `payment-service`) | A folder for that domain |
121
+ | A frontend route prefix (e.g., `/admin/*`) | A folder for that area |
122
+ | A natural user journey (e.g., checkout flow across several pages) | A folder containing the flow's features |
123
+ | A permission boundary (e.g., "admin-only" features) | Often a folder |
124
+
125
+ **Don't mirror the code structure 1:1.** Code organization often reflects technical concerns (one module per team, one service per deployment unit) that don't match product domains. Always ask: "Would a product manager put these together?"
126
+
127
+ #### Cohesion check before proposing
128
+
129
+ For each folder you plan to propose, ask:
130
+
131
+ 1. **"If I'm writing the PRD for Feature A in this folder, would knowing about Feature B genuinely help me?"** If no → they don't belong in the same folder.
132
+ 2. **"If A and B have conflicting requirements, is that something I'd want flagged?"** If yes → same folder. If no → different folders.
133
+ 3. **"Would it make sense for an AI coding agent working on Feature A to automatically read Feature B's docs?"** If yes → same folder.
134
+
135
+ If you can't answer "yes" to all three for a given pair, they probably belong in separate folders.
136
+
137
+ #### Edge cases
138
+
139
+ - **Single-feature folder:** Avoid. If only one feature fits a domain, leave it at root until more join.
140
+ - **Cross-cutting features:** Features that touch multiple domains (e.g., "Search", "Notifications") usually belong at root, not forced into a specific category.
141
+ - **Orphan candidates:** If a feature doesn't fit any natural group, place it at root. Don't invent a "Miscellaneous" folder — it defeats the purpose of folder scoping.
142
+
143
+ ---
144
+
145
+ ### Step 3: Deduplicate Against Existing Features
146
+
147
+ > **This step is MANDATORY. You must complete 3a and 3b before proposing anything.**
148
+ > Do NOT rationalize skipping it ("project looks empty", "user just wants to create", "I'll check later").
149
+ > The `list_features` and `search` calls are required — no exceptions.
150
+
151
+ #### 3a: Inventory Existing Features
152
+
153
+ **Required API calls — you must make these:**
154
+
155
+ ```
156
+ list_features(workspaceId, projectId) // root level
157
+ list_features(workspaceId, projectId, parentDirectoryId=X) // for EACH directory returned
158
+ // repeat recursively until all directories are traversed
159
+ ```
160
+
161
+ Build a complete list of existing features: `id`, `name`, directory path, and whether PRD/TRD have content (from `documentSummaries`).
162
+
163
+ **If the project has zero existing features:** Say "No existing features found — all proposals will be NEW." then skip to Step 3c.
164
+
165
+ **If the project has existing features:** You MUST proceed to Step 3b. Do NOT skip it.
166
+
167
+ #### 3b: Semantic Match Against Existing Features
168
+
169
+ **Required API calls — you must make at least one `search` call per proposed feature:**
170
+
171
+ ```
172
+ search(workspaceId, projectId, query="<feature's core user flows>", maxResults="5")
173
+ ```
174
+
175
+ For example:
176
+ - Proposed "Document Editor" → `search(... query="document editing creating saving draft")`
177
+ - Proposed "Team Management" → `search(... query="invite team member roles permissions")`
178
+
179
+ For each proposed feature, combine the name comparison + search results to classify it:
180
+
181
+ | Classification | Criteria | Action |
182
+ |---|---|---|
183
+ | **🆕 NEW** | No name match AND no meaningful search results | Will be created |
184
+ | **✅ EXACT MATCH** | Existing feature covers the same scope | Skip — do not recreate |
185
+ | **🔄 PARTIAL MATCH** | Existing feature covers some but not all flows | Suggest updating existing feature |
186
+
187
+ **Matching rules:**
188
+ - A search result is "meaningful" if it describes the same user flows — not just keyword overlap.
189
+ - When in doubt, classify as PARTIAL MATCH rather than NEW.
190
+ - Different names can still be duplicates (e.g., "Authentication" and "Login & Sign Up").
191
+
192
+ #### 3c: Propose the Feature Structure
193
+
194
+ Present the full picture — what's new, what already exists, and what needs updating:
195
+
196
+ ```
197
+ 📁 Authentication & Onboarding
198
+ ✅ Login & Registration — ALREADY EXISTS (feature: "User Authentication", has PRD + TRD)
199
+ 🆕 Password Recovery — NEW (flows: forgot password, reset link, new password)
200
+
201
+ 📁 Projects
202
+ 🔄 Project Dashboard — PARTIAL MATCH (existing "Projects" covers create/list but not filtering or stats)
203
+ → Suggest: update existing "Projects" feature PRD to add filter, sort, stats flows
204
+ 🆕 Project Setup — NEW (flows: create project, edit settings, archive)
205
+
206
+ 📁 Documents
207
+ 🆕 Document Editor — NEW (flows: create, edit, save, AI chat, version history)
208
+ ✅ Knowledge Base — ALREADY EXISTS (feature: "Knowledge Base", has PRD)
209
+
210
+ 📁 Team
211
+ 🔄 Team Management — PARTIAL MATCH (existing "Team" covers invites but not role changes)
212
+ → Suggest: update existing "Team" feature PRD to add role management flows
213
+ 🆕 Organization Settings — NEW (flows: rename org, billing, API keys)
214
+
215
+ Summary: 3 new · 2 already exist · 2 need updates
216
+ ```
217
+
218
+ **Rules:**
219
+ - Every feature must represent something a user DOES
220
+ - Feature names should read like product capabilities, not code modules
221
+ - Group by product area, not by code structure
222
+ - Aim for 8–25 features total (including existing ones) — be selective, not exhaustive
223
+ - For EXACT MATCH features, clearly state which existing feature covers it and whether it has PRD/TRD content
224
+ - For PARTIAL MATCH features, describe specifically what's missing from the existing feature
225
+
226
+ Use `AskUserQuestion` to confirm:
227
+ question "Does this look right?",
228
+ options: ["Yes, create new and update existing", "Yes, but only create new (skip updates)", "I want to make changes"]
229
+
230
+ If they want changes, ask what to add/remove/reclassify, iterate, then confirm again.
231
+
232
+ ---
233
+
234
+ ### Step 4: Create and Update in Dezycro
235
+
236
+ > **⛔ STOP — Before calling `create_feature`, verify ALL of these are true:**
237
+ > 1. You called `list_features` to inventory existing features (Step 3a) — if you didn't, go back and do it NOW
238
+ > 2. You called `search` for at least the first 3 proposed features (Step 3b) — if you didn't, go back and do it NOW
239
+ > 3. You showed the user a proposal with ✅/🆕/🔄 classifications (Step 3c)
240
+ > 4. The user approved the proposal via `AskUserQuestion`
241
+ >
242
+ > If ANY of these are false, STOP and complete the missing step before proceeding.
243
+
244
+ Once approved, handle each classification differently:
245
+
246
+ **For NEW features:**
247
+ 1. Create directories (top-down, parents first) via `create_directory`
248
+ 2. Create features via `create_feature`, then `move_feature` into directories
249
+ 3. For EACH feature, call `list_feature_documents` to get the PRD and TRD docIds
250
+ 4. Track all featureIds and their PRD docIds — you need them for Step 5
251
+
252
+ **For EXACT MATCH features:**
253
+ - Do nothing. Do NOT recreate them.
254
+ - If a PRD/TRD exists but is empty (check `documentSummaries`), note it for Step 5 — the user may want to write/rewrite the content.
255
+
256
+ **For PARTIAL MATCH features (if user chose to update):**
257
+ 1. Retrieve the existing feature's `featureId` from the inventory in Step 3a.
258
+ 2. Call `list_feature_documents` to get the existing PRD/TRD docIds.
259
+ 3. Track these for Step 5 — the PRD will be updated (not replaced) to cover the missing flows.
260
+ 4. Do NOT create a new feature or move anything.
261
+
262
+ Report progress: "Created 3/8 new features... Queued 2 existing features for update..."
263
+
264
+ ---
265
+
266
+ ### Step 5: Write PRDs
267
+
268
+ For each feature (both NEW and PARTIAL MATCH), read the relevant code and write or update a PRD.
269
+
270
+ **For NEW features:** Write a full PRD covering all user flows within the feature.
271
+
272
+ **For PARTIAL MATCH features (updating existing PRDs):**
273
+ 1. First, read the existing PRD content by calling `list_feature_documents` then reading the document.
274
+ 2. Identify which flows are already documented and which are missing.
275
+ 3. Write an updated PRD that **preserves all existing content** and **adds the missing flows**.
276
+ 4. Do NOT rewrite or rephrase existing sections unless they are factually wrong — only add what's missing.
277
+ 5. If the existing PRD uses a different structure than the template below, follow the existing structure for consistency.
278
+
279
+ **For EXACT MATCH features:** Skip unless the PRD is empty (no content). If empty, write a full PRD as if it were new.
280
+
281
+ #### Your mindset while writing PRDs
282
+
283
+ You are a product manager who has watched users interact with the product. You are describing what users see, click, enter, and experience. You have no idea how the backend works — and that's intentional.
284
+
285
+ **Before writing each PRD, ask yourself:**
286
+ > "Would a product manager say this? Or is this something only a developer would know?"
287
+
288
+ If only a developer would say it — leave it out of the PRD. It belongs in the TRD.
289
+
290
+ #### PRD Structure
291
+
292
+ Each PRD must contain these sections:
293
+
294
+ **Overview**
295
+ - What is this feature?
296
+ - Why does it exist? What user problem does it solve?
297
+ - Who uses it?
298
+
299
+ **User Flows**
300
+ For each flow within this feature:
301
+ - Flow name (e.g., "Create New Document")
302
+ - Step-by-step from the USER's perspective
303
+ - Include: happy path + key error/edge cases
304
+
305
+ **Business Rules**
306
+ - Validation rules the user encounters (e.g., "email must be unique")
307
+ - Permission constraints (e.g., "only admins can delete")
308
+ - Tier/plan limits (e.g., "free tier limited to 3 projects")
309
+ - Character limits, file size limits, etc.
310
+
311
+ **Dependencies**
312
+ - Which other features does this connect to? (user-facing connections only)
313
+
314
+ ---
315
+
316
+ #### PRD Quality Rules — CRITICAL
317
+
318
+ **INCLUDE in PRDs:**
319
+ - What the user sees on screen
320
+ - What the user clicks, types, selects
321
+ - What happens after each action
322
+ - What errors or messages the user sees
323
+ - What permissions control who can do what
324
+ - What limits or constraints the user encounters
325
+
326
+ **NEVER include in PRDs:**
327
+ - API endpoints or HTTP methods
328
+ - Database table or column names
329
+ - Class names, file paths, or component names
330
+ - Request/response JSON formats
331
+ - Backend validation logic or algorithms
332
+ - Service names, repository names, or method calls
333
+ - Infrastructure or architecture details
334
+
335
+ ---
336
+
337
+ #### PRD — Good vs. Bad Examples
338
+
339
+ **❌ BAD PRD paragraph** (technical contamination):
340
+ > When the user submits the login form, the frontend calls `POST /api/v1/auth/login` with `{email, password}`. The `AuthController` validates credentials against the `users` table using bcrypt comparison. On success, a JWT is issued and stored in `localStorage`.
341
+
342
+ **✅ GOOD PRD paragraph** (user behavior only):
343
+ > The user enters their email address and password on the Login screen, then clicks "Sign In." If the credentials are correct, they are taken to their Dashboard. If not, they see an error message: "Invalid email or password." After 5 failed attempts, the account is temporarily locked and the user is shown instructions to reset their password.
344
+
345
+ ---
346
+
347
+ **❌ BAD PRD paragraph** (technical contamination):
348
+ > The `DocumentService.create()` method creates a new `Document` entity in PostgreSQL with `status=DRAFT`. The S3 key is generated from the workspace UUID.
349
+
350
+ **✅ GOOD PRD paragraph** (user behavior only):
351
+ > When the user clicks "New Document," a blank document is created and they are taken to the editor. The document is saved automatically as a draft every 30 seconds. A "Saving..." indicator appears in the top bar while saving is in progress.
352
+
353
+ ---
354
+
355
+ #### PRD Writing Process (Per Feature)
356
+
357
+ Follow this chain of thought before writing:
358
+
359
+ 1. **Identify users**: Who interacts with this feature? (admin, member, guest, etc.)
360
+ 2. **List flows**: What distinct tasks can each user type perform?
361
+ 3. **Walk each flow as a user**: Step through it as if you're clicking through the UI
362
+ 4. **Extract business rules**: What limits, permissions, or validations does the user encounter?
363
+ 5. **Write the PRD**: Use the structure above, user language only
364
+ 6. **Self-check**: Read each sentence and ask "Does this describe what a user sees/does, or what code does?" — remove any sentence that describes code
365
+
366
+ **Target length**: 500–2000 words per PRD depending on feature complexity.
367
+
368
+ Upload each PRD via `update_document(workspaceId, featureId, prdDocId, content)`, then immediately mark it complete via `change_document_status(workspaceId, featureId, prdDocId, status="COMPLETE")`.
369
+
370
+ Report progress: "Writing PRD 3/15: Document Editor..."
371
+
372
+ ---
373
+
374
+ ### Step 6: Write TRDs
375
+
376
+ After ALL PRDs are written, use `AskUserQuestion`:
377
+ question "All PRDs written. Write TRDs from the code?",
378
+ options: ["Yes, write TRDs from code", "No, I'm done for now"]
379
+
380
+ **If "Write TRDs from code"** (the only auto path now — guided per-feature TRD authoring is done via `/dezycro:author --doc trd` after import):
381
+
382
+ For each feature (NEW, PARTIAL MATCH, and EXACT MATCH with empty TRDs), read the backend code and write or update a TRD.
383
+
384
+ **For PARTIAL MATCH features:** Read the existing TRD first. Preserve existing content and add sections covering the newly documented flows. Do NOT rewrite existing sections unless factually wrong.
385
+
386
+ The TRD is the technical complement to the PRD. Where the PRD says "user sees an error", the TRD says "the endpoint returns HTTP 401 with `{error: 'INVALID_CREDENTIALS'}` and the frontend renders the error message from `auth/errors.ts`."
387
+
388
+ #### TRD Structure
389
+
390
+ - **Architecture Overview**: How this feature is structured technically
391
+ - **Components**: Services, controllers, repositories, entities involved (with file paths)
392
+ - **API Contracts**: Request/response shapes, status codes, auth requirements
393
+ - **Data Model**: Database tables, columns, relationships, migrations
394
+ - **Business Logic**: Core algorithms, validation rules, state machines in the code
395
+ - **External Dependencies**: Third-party services, queues, caches, gRPC calls
396
+ - **Error Handling**: How failures are handled, retry strategies, fallbacks
397
+ - **Security**: Auth checks, tenant scoping, permission enforcement
398
+
399
+ #### TRD Quality Rules
400
+
401
+ - Write from the DEVELOPER's perspective — this is for engineers
402
+ - Reference specific classes, methods, SQL, and config
403
+ - Include actual API request/response examples from the code
404
+ - Document the implementation as-is, not as it should be
405
+ - 800–3000 words per TRD depending on complexity
406
+
407
+ Get the TRD docId via `list_feature_documents` (type "TRD"). If no TRD document exists, create one first with `create_document(workspaceId, featureId, "TRD")`. Then upload content via `update_document`, then mark it complete via `change_document_status(workspaceId, featureId, trdDocId, status="COMPLETE")`.
408
+
409
+ Report progress: "Writing TRD 3/15: Document Editor..."
410
+
411
+ ---
412
+
413
+ ## Rules
414
+
415
+ - **Never create duplicates** — always inventory existing features and deduplicate before creating
416
+ - **Prefer updating over recreating** — if a feature partially exists, update it rather than making a new one
417
+ - **Preserve existing content** — when updating PRDs/TRDs, add missing flows without rewriting existing sections
418
+ - **Folders are domain boundaries, not categorization** — features in the same folder must share a domain model, user flow surface, or data; bad folder grouping degrades every AI-assisted action in the product
419
+ - **Apply the cohesion check** — for every folder, verify you'd want the AI to use one feature as context when working on another
420
+ - **Avoid single-feature folders and deep nesting** — a folder with one feature adds nothing; more than 2 levels of nesting is rarely justified
421
+ - **Don't mirror code structure** — code organization reflects technical concerns that often don't match product domains
422
+ - **User flows only in PRDs** — skip infrastructure, internal services, background jobs
423
+ - **Technical details only in TRDs** — endpoints, schemas, components, algorithms
424
+ - **Always use AskUserQuestion** with options for any user choice
425
+ - **Always wait for approval** before creating anything
426
+ - **Write from code** — read the actual source, don't invent
427
+ - **Handle errors gracefully** — log and continue
428
+ - **Report progress** at each step
@@ -0,0 +1,133 @@
1
+ ---
2
+ name: init
3
+ description: Set up a repository for Dezycro — connects to workspace/project, detects environment, writes .dezycro/config.json. Run once per repo.
4
+ ---
5
+
6
+ # Dezycro Repository Setup
7
+
8
+ You are setting up this repository to work with Dezycro. This is a one-time setup that creates `.dezycro/config.json`.
9
+
10
+ ## Prerequisites
11
+
12
+ Before starting, verify the Dezycro MCP server is connected by calling `list_workspaces`. If it fails, tell the user:
13
+
14
+ > The Dezycro MCP server is not configured. Add it to your Claude Code MCP settings:
15
+ >
16
+ > ```json
17
+ > {
18
+ > "mcpServers": {
19
+ > "dezycro": {
20
+ > "url": "https://mcp.dezycro.ai/mcp",
21
+ > "headers": {
22
+ > "Authorization": "Bearer dzy_YOUR_API_KEY"
23
+ > }
24
+ > }
25
+ > }
26
+ > }
27
+ > ```
28
+ >
29
+ > Get your API key from **Dezycro > Settings > API Keys**.
30
+
31
+ Then stop. Do not proceed without a working MCP connection.
32
+
33
+ ## Step 1: Select Workspace
34
+
35
+ 1. Call `list_workspaces`.
36
+ 2. If only one workspace, auto-select it and confirm with the user.
37
+ 3. If multiple, list them and ask the user to pick.
38
+ 4. Store the `workspaceId`.
39
+
40
+ ## Step 2: Select Project
41
+
42
+ 1. Call `list_projects` with the chosen `workspaceId`.
43
+ 2. If the user wants an existing project, list them and ask to pick.
44
+ 3. If the user wants a new project, ask for a name and call `create_project`.
45
+ 4. Store the `projectId`.
46
+
47
+ ## Step 3: Detect Environment Setup
48
+
49
+ Scan the repository root for common patterns. Use the Glob tool to check for these files:
50
+
51
+ 1. **docker-compose.yml** or **docker-compose.yaml** — suggest `docker-compose up -d` as setup command
52
+ 2. **package.json** — read it, check for `dev` or `start` scripts. If found, suggest `npm run dev` or `yarn dev`.
53
+ 3. **Makefile** — read it, check for `run`, `dev`, or `serve` targets.
54
+
55
+ Present what you found to the user:
56
+
57
+ > I detected the following in your repo:
58
+ > - `docker-compose.yml` found — setup: `docker-compose up -d`, teardown: `docker-compose down`
59
+ >
60
+ > Does this look right? You can also enter a custom command or skip environment setup.
61
+
62
+ If nothing detected, ask:
63
+
64
+ > How do you start your local dev environment? Enter a command (e.g., `docker-compose up -d`) or type "skip" to configure later.
65
+
66
+ ## Step 4: API URL and Health Check
67
+
68
+ Ask the user:
69
+
70
+ > What is your local API URL? (default: `http://localhost:3000`)
71
+
72
+ Then:
73
+
74
+ > Health check endpoint? (default: `/health`)
75
+
76
+ Combine the API URL + health check path into a full health check command: `curl -sf {apiUrl}{healthPath}`
77
+
78
+ ## Step 5: Remote Environment (Optional)
79
+
80
+ Ask:
81
+
82
+ > Do you want to configure a remote dev environment too? (e.g., a shared dev/staging server)
83
+
84
+ If yes, ask for:
85
+ - Environment name (e.g., `dev`, `staging`)
86
+ - API URL (e.g., `https://api.dev.example.com`)
87
+ - Health check endpoint (default: same as local)
88
+
89
+ ## Step 6: Write Config
90
+
91
+ Create the `.dezycro/` directory and write `.dezycro/config.json`:
92
+
93
+ ```json
94
+ {
95
+ "version": 1,
96
+ "projectId": "<selected projectId>",
97
+ "workspaceId": "<selected workspaceId>",
98
+ "environments": {
99
+ "local": {
100
+ "setup": "<detected or entered setup command>",
101
+ "apiUrl": "<entered API URL>",
102
+ "teardown": "<detected or entered teardown command>",
103
+ "healthCheck": "curl -sf <apiUrl><healthPath>",
104
+ "default": true
105
+ }
106
+ }
107
+ }
108
+ ```
109
+
110
+ Omit `setup` and `teardown` keys if the user skipped environment setup. Include remote environments if configured (without `default: true`).
111
+
112
+ Use the Bash tool to create the directory: `mkdir -p .dezycro`
113
+ Use the Write tool to write the config file.
114
+
115
+ ## Step 7: Gitignore Check
116
+
117
+ Read `.gitignore` (if it exists) and check if it already covers `.dezycro/`. If not, suggest adding:
118
+
119
+ ```
120
+ # Dezycro local state
121
+ .dezycro/active-feature.json
122
+ .dezycro/bin/
123
+ ```
124
+
125
+ Ask the user if they want `.dezycro/config.json` committed (recommended) or gitignored too. If they want it gitignored, add `.dezycro/` instead.
126
+
127
+ ## Done
128
+
129
+ Tell the user:
130
+
131
+ > Dezycro setup complete! Your config is at `.dezycro/config.json`.
132
+ >
133
+ > Next: run `/dezycro:work <feature-name>` to start working on a feature.
@@ -0,0 +1,101 @@
1
+ ---
2
+ name: publish-spec
3
+ description: Auto-detect and upload an OpenAPI spec for the active feature. Triggers JEP generation. Requires an active feature (run /dezycro:work first).
4
+ ---
5
+
6
+ # Publish Feature API Spec
7
+
8
+ You are detecting the project's OpenAPI spec, optionally filtering it to feature-relevant endpoints, and uploading it to trigger JEP generation.
9
+
10
+ ## Step 1: Read Active Feature
11
+
12
+ Read `.dezycro/active-feature.json` using the Read tool. If the file does not exist, tell the user:
13
+
14
+ > No active feature. Run `/dezycro:work <feature-name>` first to select a feature.
15
+
16
+ Then stop.
17
+
18
+ Extract `featureId`, `featureName`.
19
+
20
+ ## Step 2: Read Config
21
+
22
+ Read `.dezycro/config.json` to get `workspaceId`.
23
+
24
+ ## Step 3: Auto-Detect OpenAPI Spec
25
+
26
+ Search for OpenAPI spec files in this order. Use Glob to find files, then Read to check their content:
27
+
28
+ 1. **Spring Boot / Java / Kotlin**:
29
+ - Glob: `**/build/generated/openapi/*.json`
30
+ - Glob: `**/target/generated-docs/openapi*.json`
31
+ - Glob: `**/src/main/resources/openapi*.json`
32
+ - Glob: `**/src/main/resources/openapi*.yaml`
33
+
34
+ 2. **Express / Node.js**:
35
+ - Glob: `**/swagger-output.json`
36
+ - Glob: `**/openapi.json`
37
+ - Glob: `**/openapi.yaml`
38
+ - Glob: `**/docs/openapi*.{json,yaml}`
39
+
40
+ 3. **Go**:
41
+ - Glob: `**/docs/swagger.json`
42
+ - Glob: `**/api/openapi*.{json,yaml}`
43
+
44
+ 4. **Generic**:
45
+ - Glob: `**/*openapi*.{json,yaml,yml}`
46
+ - Glob: `**/*swagger*.{json,yaml,yml}`
47
+
48
+ 5. **Live endpoint** (if an environment is running):
49
+ - Read `.dezycro/config.json` for the default environment's `apiUrl`
50
+ - Try: `curl -sf <apiUrl>/v3/api-docs` via Bash
51
+ - Try: `curl -sf <apiUrl>/swagger.json` via Bash
52
+
53
+ If **multiple files found**, list them and ask the user to pick.
54
+
55
+ If **no files found**, tell the user:
56
+ > No OpenAPI spec detected. You can:
57
+ > 1. Provide a file path to your spec
58
+ > 2. Provide a URL to fetch the spec from
59
+ > 3. Start your server and I'll try to fetch it from `/v3/api-docs`
60
+
61
+ ## Step 4: Validate Spec
62
+
63
+ Read the selected file. Check that it contains either:
64
+ - `"openapi"` key (OpenAPI 3.x)
65
+ - `"swagger"` key (Swagger 2.x)
66
+
67
+ If it's YAML, note that `publish_feature_spec` expects JSON — you will need to mention this to the user if conversion is needed.
68
+
69
+ If invalid, tell the user:
70
+ > This doesn't look like a valid OpenAPI spec (no `openapi` or `swagger` key found). Please check the file.
71
+
72
+ ## Step 5: Filter (Optional)
73
+
74
+ Ask the user:
75
+
76
+ > The spec contains N endpoints. Want to:
77
+ > 1. Upload the full spec (recommended for most cases)
78
+ > 2. Filter to specific path prefixes (e.g., `/api/otp/*`)
79
+ > 3. Filter by tag
80
+
81
+ If they choose to filter, extract only the matching paths and their referenced schemas. Construct a valid OpenAPI document with just the filtered content.
82
+
83
+ ## Step 6: Upload
84
+
85
+ Upload via the MCP tool. The tool handles multipart upload internally:
86
+
87
+ ```
88
+ publish_feature_spec(workspaceId, featureId, openApiFragment)
89
+ ```
90
+
91
+ Where `openApiFragment` is the JSON string of the spec. The MCP tool uploads it as a multipart file to the backend (max 5 MB).
92
+
93
+ ## Step 7: Report
94
+
95
+ Tell the user:
96
+
97
+ > Spec published for "<featureName>". JEP generation workflow has been triggered — this typically takes 2-5 minutes.
98
+ >
99
+ > Once complete, run `/dezycro:verify` to pull the verifier binary and test your implementation.
100
+ >
101
+ > You can check generation status by running `/dezycro:status`.