@lenne.tech/cli 0.0.125 → 1.0.1

package/build/templates/claude-commands/sec-review.md

@@ -0,0 +1,62 @@
+---
+description: Perform security review of code changes
+---
+
+Perform a complete security review:
+
+## 🔐 1. Controller/Resolver Security
+
+Check all modified Controller/Resolver files:
+- [ ] Were @Restricted decorators removed or weakened?
+- [ ] Were @Roles decorators made more permissive?
+- [ ] Are there new endpoints without security decorators?
+- [ ] Are the roles appropriate (not too open)?
+
+## 🔐 2. Model Security
+
+Check all modified Model files:
+- [ ] Is securityCheck() method correctly implemented?
+- [ ] Admin check: `user?.hasRole(RoleEnum.ADMIN)`
+- [ ] Creator check: `equalIds(user, this.createdBy)`
+- [ ] Were security checks weakened?
+- [ ] Are sensitive properties protected with @Restricted?
+
+## 🔐 3. Input Validation
+
+Check all Input/DTO files:
+- [ ] Are all inputs validated?
+- [ ] Required fields correctly marked?
+- [ ] Type safety ensured?
+- [ ] No unsafe data types (e.g., any)?
+
+## 🔐 4. Ownership & Authorization
+
+Check service methods:
+- [ ] Update/Delete: Ownership checks present?
+- [ ] Check: `userId === object.createdBy` OR `user.isAdmin`
+- [ ] serviceOptions.roles correctly set?
+- [ ] No authorization bypasses?
+
+## 🔐 5. Data Exposure
+
+Check GraphQL/REST responses:
+- [ ] Sensitive fields marked with `hideField: true`?
+- [ ] Passwords/Tokens not in responses?
+- [ ] securityCheck() filters correctly?
+
+## 🔐 6. Test Coverage
+
+Check tests:
+- [ ] Security failure tests present (403 responses)?
+- [ ] Tests with different roles (Admin, User, Other)?
+- [ ] Ownership tests present?
+
+## 📋 Report
+
+Create a list of all findings:
+- **Critical**: Severe security issues
+- **Warning**: Potential problems
+- **Info**: Improvement suggestions
+- **OK**: Everything secure
+
+**On Critical/Warning findings: STOP and inform the developer!**

package/build/templates/claude-commands/skill-optimize.md

@@ -0,0 +1,140 @@
+---
+description: Optimize Claude skill files if too large
+---
+
+Analyze and optimize large skill files for better Claude Code performance:
+
+## 📊 1. Skill File Analysis
+
+Analyze all skill files:
+```bash
+# Count lines of all SKILL.md files
+find src/templates/claude-skills -name "SKILL.md" -exec wc -l {} \;
+
+# Or more detailed
+for skill in src/templates/claude-skills/*/SKILL.md; do
+  lines=$(wc -l < "$skill")
+  name=$(basename $(dirname "$skill"))
+  echo "$name: $lines lines"
+done
+```
+
+## 🎯 2. Determine Optimization Needs
+
+**Target Sizes:**
+- ✅ **Optimal:** 500-800 lines (fastest loading)
+- ⚠️ **Acceptable:** 800-1,800 lines (borderline)
+- ❌ **Too Large:** > 1,800 lines (MUST be optimized)
+
+Identify files over 1,800 lines for optimization.
+
+## 📑 3. Identify Large Sections
+
+For each oversized SKILL.md:
+```bash
+# Show sections with line numbers
+grep -n "^## " SKILL.md
+
+# Calculate section sizes
+# Sections > 200 lines are candidates for extraction
+```
+
+**Typical large sections:**
+- Quality Review processes (often 500-1000 lines)
+- Security Rules (often 300-500 lines)
+- Configuration Guides (often 200-300 lines)
+- Test Guidelines (often 400-600 lines)
+- Example Collections (often 300-500 lines)
+
+## 🔧 4. Perform Modularization
+
+For each large section (> 200 lines):
+
+**A. Extract section:**
+```bash
+# Create separate .md file
+# e.g., security-rules.md, quality-review.md, configuration.md
+```
+
+**B. Add frontmatter:**
+```markdown
+---
+name: skill-name-section-name
+version: 1.0.0
+description: What this file contains
+---
+```
+
+**C. Replace in SKILL.md:**
+```markdown
+## Section Name
+
+**📖 For complete [section topic] with all details, see: `section-file.md`**
+
+**Quick overview:**
+- Key point 1
+- Key point 2
+- Key point 3
+
+**Critical reminders:**
+- [ ] Important checkpoint 1
+- [ ] Important checkpoint 2
+```
+
+## 📏 5. Extraction Strategy
+
+**What to extract:**
+- ✅ Detailed process descriptions
+- ✅ Extensive examples
+- ✅ Long checklists
+- ✅ Reference documentation
+- ✅ Troubleshooting guides
+
+**What NOT to extract:**
+- ❌ Core workflow (Phases 1-7)
+- ❌ Critical warnings (Security, declare keyword)
+- ❌ Command syntax (brief reference)
+- ❌ Skill description and "When to Use"
+
+## ✅ 6. Quality Assurance
+
+After each extraction:
+- [ ] SKILL.md has clear reference (📖) to detail file
+- [ ] Detail file has frontmatter
+- [ ] Compact summary remains in SKILL.md
+- [ ] No information is lost
+- [ ] Line count significantly reduced
+
+## 📊 7. Measure Success
+
+```bash
+# Before/After comparison
+echo "Original: 3,309 lines"
+echo "After optimization: $(wc -l < SKILL.md) lines"
+echo "Reduction: $((3309 - $(wc -l < SKILL.md))) lines"
+echo "Percentage: $(echo "scale=1; (3309 - $(wc -l < SKILL.md)) * 100 / 3309" | bc)%"
+```
+
+**Success if:**
+- ✅ SKILL.md under 1,800 lines (ideal: under 1,500)
+- ✅ 5-8 modular detail files created
+- ✅ 30-50% reduction achieved
+- ✅ All information still available
+
+## 🎯 8. Create Report
+
+Create summary:
+```
+=== Skill Optimization Report ===
+
+📁 Optimized Skills:
+- skill-name: 3,309 → 1,890 lines (-43%)
+
+📄 Created Detail Files:
+- security-rules.md (9.2K)
+- quality-review.md (29K)
+- configuration.md (7.0K)
+...
+
+✅ All skills now within optimal range!
+```

package/build/templates/claude-commands/test-generate.md

@@ -0,0 +1,45 @@
+---
+description: Generate comprehensive tests for changes
+---
+
+Analyze recent changes and create appropriate tests:
+
+1. **Identify all changed/new modules**:
+   ```bash
+   git status --short
+   git diff --name-only
+   ```
+
+2. **For each new module** in `src/server/modules/`:
+   - Create E2E test in `tests/modules/<module-name>.e2e-spec.ts`
+   - Analyze existing tests as templates
+   - Fully understand TestHelper (read source code)
+
+3. **For each modified module**:
+   - Update existing test in `tests/modules/`
+   - Test new/changed properties
+   - Test changed validations
+
+4. **Security Testing**:
+   - Check @Restricted/@Roles decorators
+   - Test with Admin User (user.roles contains 'admin')
+   - Test with Creator (user.id === object.createdBy)
+   - Test with Other User (should fail with 403)
+   - Test permission failures
+
+5. **Test Execution**:
+   ```bash
+   npm run test:e2e
+   ```
+   - On errors: Debug with console.log
+   - Fix errors
+   - Re-run tests
+
+6. **Cleanup**:
+   - Remove all console.log statements
+   - Verify tests still pass
+
+**Important:**
+- NEVER weaken @Restricted/@Roles to fix tests
+- ALWAYS test with least privileged user
+- ALWAYS follow existing test patterns