@ojokesusu/lintasai 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/publish-npm.yml +40 -0
- package/.github/workflows/validate.yml +93 -0
- package/AUDIT_POST_SETUP_PROMPT_v1.md +280 -0
- package/BOOTSTRAP_PROJECT_DOCS_PROMPT_v1.md +3 -0
- package/CHANGELOG.md +313 -0
- package/CLAUDE_universal_v1.md +1021 -0
- package/CONTRIBUTING.md +101 -0
- package/FIRST_SESSION_PROMPT_v1.md +7 -0
- package/JALANKAN_KIT.md +188 -0
- package/LICENSE +21 -0
- package/MULAI_DI_SINI.md +145 -0
- package/PROJECT_KICKOFF_PROMPT_v1.md +3 -0
- package/PROJECT_LIFECYCLE_PROMPT_v1.md +536 -0
- package/PROJECT_MIGRATION_PROMPT_v1.md +3 -0
- package/README.md +505 -0
- package/SETUP_POLA_B_PROMPT_v1.md +5 -0
- package/SPLIT_REPO_MIGRATION_PROMPT_v1.md +485 -0
- package/TEAM_ROLLOUT_GUIDE_v1.md +172 -0
- package/UPDATE_DOCS_PROMPT_v1.md +3 -0
- package/UPDATE_KIT_PROMPT_v1.md +213 -0
- package/bin/lintasai.js +81 -0
- package/docs/SIGNED_RELEASE.md +162 -0
- package/install-windows.ps1 +225 -0
- package/kit.ps1 +508 -0
- package/lib/agents-md.ps1 +174 -0
- package/lib/git-helpers.ps1 +104 -0
- package/lib/kit-files.psd1 +133 -0
- package/lib/manifest-signing.ps1 +65 -0
- package/lib/manifest.ps1 +267 -0
- package/lib/rollback.ps1 +241 -0
- package/lib/safety.ps1 +193 -0
- package/lib/template-deploy.ps1 +242 -0
- package/lib/version-detect.ps1 +161 -0
- package/package.json +36 -0
- package/setup-pola-b.ps1 +687 -0
- package/templates/ANALOGI_LIBRARY.md +7 -0
- package/templates/CLAUDE_TEAM_GUIDE.md +505 -0
- package/templates/CROSS_REPO_TYPES_PIPELINE.md +473 -0
- package/templates/DB_SCHEMA_SCAN_PROMPT.md +194 -0
- package/templates/DISCORD_BOT_INTEGRATION.md +187 -0
- package/templates/GLOSSARY_NON_PROGRAMMER.md +361 -0
- package/templates/INDEX.md +157 -0
- package/templates/MCP_SETUP.md +1145 -0
- package/templates/MIGRATE_TO_SUBFOLDER_PROMPT_v1.md +220 -0
- package/templates/ONBOARDING.md +172 -0
- package/templates/PROJECT_STARTER_TEMPLATES.md +264 -0
- package/templates/PROMPT_LIBRARY.md +790 -0
- package/templates/RLS_SETUP_PROMPT.md +167 -0
- package/templates/SECURITY_INCIDENT_PLAYBOOK.md +191 -0
- package/templates/SPLIT_REPO_AGENTS_TEMPLATES.md +32 -0
- package/templates/SPLIT_REPO_NON_PROGRAMMER_PROMPTS.md +604 -0
- package/templates/SPLIT_REPO_TOOLS_SETUP.md +388 -0
- package/templates/STACK_DETECTION_PATTERN.md +261 -0
- package/templates/STACK_GUIDE.md +564 -0
- package/templates/STACK_MIGRATION_GUIDE.md +154 -0
- package/templates/STACK_VERSIONS.md +31 -0
- package/templates/UPDATE_GUIDE.md +246 -0
- package/templates/_EXAMPLE.md +110 -0
- package/templates/_PATTERNS.md +173 -0
- package/templates/architecture.md +180 -0
- package/templates/architecture_auto.md +61 -0
- package/templates/decisions/README.md +108 -0
- package/templates/decisions/_TEMPLATE.md +84 -0
- package/templates/feature-flags-advanced.md +171 -0
- package/templates/github/CODEOWNERS.template +61 -0
- package/templates/github/GENERATE_TYPES_SCRIPT.md +77 -0
- package/templates/github/PUBLISH_SHARED_WORKFLOW.yml +52 -0
- package/templates/github/RECEIVE_BACKEND_UPDATE.yml +106 -0
- package/templates/github/RENOVATE_FRONTEND.json +28 -0
- package/templates/github/TRIGGER_FRONTEND_UPDATE.yml +29 -0
- package/templates/github/pull_request_template.md +44 -0
- package/templates/github/scripts/ai-review.js +153 -0
- package/templates/github/workflows/ai-review.yml +61 -0
- package/templates/github/workflows/backup-schemas.yml +169 -0
- package/templates/glossary.md +110 -0
- package/templates/split-agents/BACKEND.md +149 -0
- package/templates/split-agents/FRONTEND.md +141 -0
- package/templates/split-agents/SHARED.md +82 -0
- package/templates/split-agents/TOOLS.md +77 -0
- package/tests/Run-Tests.ps1 +19 -0
- package/tests/lib-safety.Tests.ps1 +66 -0
- package/tests/rollback.Tests.ps1 +66 -0
- package/tests/uninstall.Tests.ps1 +265 -0
- package/tests/update-kit.Tests.ps1 +78 -0
- package/uninstall.ps1 +794 -0
- package/update-kit.ps1 +907 -0
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
name: Publish to NPM on tag
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
tags: ["v*"]
|
|
6
|
+
workflow_dispatch:
|
|
7
|
+
|
|
8
|
+
jobs:
|
|
9
|
+
publish:
|
|
10
|
+
runs-on: ubuntu-latest
|
|
11
|
+
permissions:
|
|
12
|
+
contents: read
|
|
13
|
+
steps:
|
|
14
|
+
- uses: actions/checkout@v4
|
|
15
|
+
- uses: actions/setup-node@v4
|
|
16
|
+
with:
|
|
17
|
+
node-version: "20"
|
|
18
|
+
registry-url: "https://registry.npmjs.org"
|
|
19
|
+
|
|
20
|
+
- name: Verify version (tag mode) atau skip (manual dispatch)
|
|
21
|
+
run: |
|
|
22
|
+
PKG_VERSION=$(node -p "require('./package.json').version")
|
|
23
|
+
echo "Package version: $PKG_VERSION"
|
|
24
|
+
if [[ "$GITHUB_REF" == refs/tags/v* ]]; then
|
|
25
|
+
TAG_VERSION="${GITHUB_REF#refs/tags/v}"
|
|
26
|
+
echo "Tag version: $TAG_VERSION"
|
|
27
|
+
if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then
|
|
28
|
+
echo "ERROR: Tag version ($TAG_VERSION) does not match package.json ($PKG_VERSION)"
|
|
29
|
+
exit 1
|
|
30
|
+
fi
|
|
31
|
+
echo "OK: tag matches package.json"
|
|
32
|
+
else
|
|
33
|
+
echo "Not a tag trigger (GITHUB_REF=$GITHUB_REF). Skipping version match check."
|
|
34
|
+
echo "Will publish package.json version: $PKG_VERSION"
|
|
35
|
+
fi
|
|
36
|
+
|
|
37
|
+
- name: Publish to npm
|
|
38
|
+
run: npm publish --access public
|
|
39
|
+
env:
|
|
40
|
+
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
name: lintasAI validate
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [main]
|
|
8
|
+
workflow_dispatch: {}
|
|
9
|
+
|
|
10
|
+
jobs:
|
|
11
|
+
ps-parse:
|
|
12
|
+
runs-on: windows-latest
|
|
13
|
+
steps:
|
|
14
|
+
- uses: actions/checkout@v4
|
|
15
|
+
- name: Parse all PowerShell scripts
|
|
16
|
+
shell: pwsh
|
|
17
|
+
run: |
|
|
18
|
+
$files = Get-ChildItem -Path . -Filter *.ps1 -Recurse | Where-Object { $_.FullName -notmatch '\\.bak' }
|
|
19
|
+
$failed = @()
|
|
20
|
+
foreach ($f in $files) {
|
|
21
|
+
$errors = $null
|
|
22
|
+
$null = [System.Management.Automation.Language.Parser]::ParseFile($f.FullName, [ref]$null, [ref]$errors)
|
|
23
|
+
if ($errors.Count -gt 0) {
|
|
24
|
+
Write-Host "PARSE FAIL: $($f.Name)"
|
|
25
|
+
$errors | Format-List
|
|
26
|
+
$failed += $f.Name
|
|
27
|
+
} else { Write-Host "ok: $($f.Name)" }
|
|
28
|
+
}
|
|
29
|
+
if ($failed.Count -gt 0) { exit 1 }
|
|
30
|
+
|
|
31
|
+
smoke-setup:
|
|
32
|
+
runs-on: windows-latest
|
|
33
|
+
needs: ps-parse
|
|
34
|
+
steps:
|
|
35
|
+
- uses: actions/checkout@v4
|
|
36
|
+
with:
|
|
37
|
+
path: 'kit-source'
|
|
38
|
+
- name: Smoke test setup-pola-b in temp project
|
|
39
|
+
shell: pwsh
|
|
40
|
+
env:
|
|
41
|
+
CI: 'true'
|
|
42
|
+
run: |
|
|
43
|
+
$proj = Join-Path $env:RUNNER_TEMP "fake-proj"
|
|
44
|
+
New-Item -ItemType Directory -Force $proj | Out-Null
|
|
45
|
+
Copy-Item -Recurse kit-source "$proj\.claude-kit"
|
|
46
|
+
Push-Location $proj
|
|
47
|
+
try {
|
|
48
|
+
& .\.claude-kit\setup-pola-b.ps1
|
|
49
|
+
if ($LASTEXITCODE -ne 0) { throw "setup failed" }
|
|
50
|
+
& .\.claude-kit\kit.ps1 doctor
|
|
51
|
+
if ($LASTEXITCODE -ne 0) { throw "doctor failed" }
|
|
52
|
+
Write-Host "smoke OK"
|
|
53
|
+
} finally { Pop-Location }
|
|
54
|
+
|
|
55
|
+
yaml-lint:
|
|
56
|
+
runs-on: ubuntu-latest
|
|
57
|
+
steps:
|
|
58
|
+
- uses: actions/checkout@v4
|
|
59
|
+
- name: YAML structure
|
|
60
|
+
run: |
|
|
61
|
+
for f in .github/workflows/*.yml; do python -c "import yaml,sys; yaml.safe_load(open('$f'))"; done
|
|
62
|
+
|
|
63
|
+
pester-tests:
|
|
64
|
+
runs-on: windows-latest
|
|
65
|
+
needs: ps-parse
|
|
66
|
+
steps:
|
|
67
|
+
- uses: actions/checkout@v4
|
|
68
|
+
- name: Install Pester
|
|
69
|
+
shell: pwsh
|
|
70
|
+
run: Install-Module -Name Pester -MinimumVersion 5.0 -Force -SkipPublisherCheck
|
|
71
|
+
- name: Run tests
|
|
72
|
+
shell: pwsh
|
|
73
|
+
run: |
|
|
74
|
+
cd $env:GITHUB_WORKSPACE
|
|
75
|
+
.\tests\Run-Tests.ps1
|
|
76
|
+
|
|
77
|
+
pssa-lint:
|
|
78
|
+
runs-on: windows-latest
|
|
79
|
+
steps:
|
|
80
|
+
- uses: actions/checkout@v4
|
|
81
|
+
- name: Install PSScriptAnalyzer
|
|
82
|
+
shell: pwsh
|
|
83
|
+
run: Install-Module -Name PSScriptAnalyzer -Force -SkipPublisherCheck -Scope CurrentUser
|
|
84
|
+
- name: Run PSScriptAnalyzer
|
|
85
|
+
shell: pwsh
|
|
86
|
+
run: |
|
|
87
|
+
$results = Invoke-ScriptAnalyzer -Path . -Recurse -Severity Error,Warning -ExcludeRule PSAvoidUsingWriteHost,PSUseShouldProcessForStateChangingFunctions
|
|
88
|
+
if ($results) {
|
|
89
|
+
$results | Format-Table -AutoSize
|
|
90
|
+
Write-Error "PSScriptAnalyzer found $($results.Count) issues"
|
|
91
|
+
exit 1
|
|
92
|
+
}
|
|
93
|
+
Write-Host "PSScriptAnalyzer: clean"
|
|
@@ -0,0 +1,280 @@
|
|
|
1
|
+
Tolong jalankan AUDIT KOMPREHENSIF di proyek ini, dengan ANALOGI NON-PROGRAMMER di setiap finding (biar staff IT non-programmer paham). Paste prompt ini = implicit consent untuk audit READ-ONLY (scan multi-dimensional, tidak ada file proyek yang diubah). User confirm dulu sebelum execute fix apapun.
|
|
2
|
+
|
|
3
|
+
> Cocok dijalankan SETELAH `JALANKAN_KIT.md` selesai (bulk-bootstrap docs sudah jadi → AI sudah load context lengkap → audit hasilnya akurat). Bisa juga standalone kapan saja setelah setup awal.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Filosofi audit ini
|
|
8
|
+
|
|
9
|
+
1. **READ-ONLY by default** — audit cuma SCAN + LAPORAN. Tidak ada `Edit`, `Write`, atau `Bash` destruktif. User pegang kontrol penuh "mau fix yang mana".
|
|
10
|
+
2. **Multi-dimensional** — bukan cuma "refactor code". Cek 8 dimensi: Refactor / Security / QA-Test / Database / DevOps / Performance / Docs gap / Onboarding readiness.
|
|
11
|
+
3. **Ranked low → high risk** — staff non-programmer butuh tahu "mana yang aman dikerjakan dulu". Quick wins yang risk merusak system = LOW jadi prioritas. HIGH RISK (auth/encryption/data migration) di-defer sampai test foundation siap.
|
|
12
|
+
4. **Analogi non-programmer di SETIAP finding** — istilah programming (N+1, race condition, IDOR, transaction) WAJIB punya analogi sehari-hari (kantor, lemari arsip, ATM, tukang pos, brankas). Lihat `docs/GLOSSARY_NON_PROGRAMMER.md` untuk style guide.
|
|
13
|
+
5. **Adversarial verify per finding** — default `is_real=false` kalau tidak 100% yakin. Cegah halusinasi inflate jumlah finding.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## WORKFLOW (lakukan otomatis tanpa konfirmasi tambahan AI-side, kecuali Popup #1 + Popup #2 di akhir)
|
|
18
|
+
|
|
19
|
+
### Bagian 1 — Pre-audit verification
|
|
20
|
+
|
|
21
|
+
1. Verify project sudah di-setup pakai lintasAI:
|
|
22
|
+
- `AGENTS.md` ada di root proyek
|
|
23
|
+
- `docs/architecture_auto.md` ada (registry TOC)
|
|
24
|
+
- `.claude-kit/` folder ada di root
|
|
25
|
+
2. Read `AGENTS.md` + relevant section `CLAUDE_universal_v1.md` (terutama section 4.4 Audit Post-Setup Pattern + 13 Glossary).
|
|
26
|
+
3. Read `docs/architecture.md` + `docs/architecture_auto.md` (READ-MINIMAL — paham landscape, BUKAN baca semua `.md`).
|
|
27
|
+
4. Cek memory snapshot relevan (project-* memories) untuk konteks yang AI dulu pelajari.
|
|
28
|
+
|
|
29
|
+
### Bagian 2 — Multi-Dimensional Audit (paralel via Workflow tool)
|
|
30
|
+
|
|
31
|
+
5. **Jalankan Workflow tool** dengan 8 paralel auditor (1 per dimensi):
|
|
32
|
+
|
|
33
|
+
| Dimensi | Fokus utama |
|
|
34
|
+
|---|---|
|
|
35
|
+
| 🧹 **Refactor** | File >300 baris yang bisa dipecah, duplicate logic 3+ tempat, helper opportunity, magic numbers, type safety, unused exports |
|
|
36
|
+
| 🔒 **Security** | Missing rate-limit di endpoint sensitive, IDOR risk, missing authz check post-auth, audit log gap, secret handling, input validation, session hijack, OWASP Top 10 |
|
|
37
|
+
| ✅ **QA/Test** | HIGH RISK files tanpa test, hot path tanpa test, edge case yang ada di docs tapi tanpa test, regression risk untuk refactor candidate |
|
|
38
|
+
| 🗄️ **Database** | N+1 query patterns, missing indexes, cascade behavior risk, multi-tenant isolation, transaction missing, hot path query inefficiency |
|
|
39
|
+
| ☁️ **DevOps** | Backup strategy adequacy, monitoring/alerting, cost optimization, deployment safety, cron dependency risk, env var drift, CI/CD gap |
|
|
40
|
+
| ⚡ **Performance** | Bundle size, serverless cold start, DB query perf, cache strategy gap, image optimization, API response time |
|
|
41
|
+
| 📚 **Docs gap** | File CRITICAL belum ter-cover bulk-bootstrap, ADR yang harus ditulis, architecture.md `[TBD]` fields, glossary domain terms missing |
|
|
42
|
+
| 🎓 **Onboarding** | PostgreSQL role per-staff, env var sharing flow, GitHub access policy, ANTHROPIC_API_KEY, Claude Code install panduan, "good first issue" backlog, eskalasi tree |
|
|
43
|
+
|
|
44
|
+
Setiap auditor lapor 5-15 finding dengan struktur:
|
|
45
|
+
|
|
46
|
+
```json
|
|
47
|
+
{
|
|
48
|
+
"dimension": "string",
|
|
49
|
+
"title": "<teknis singkat>",
|
|
50
|
+
"severity": "critical|high|medium|low|info",
|
|
51
|
+
"file": "<path>",
|
|
52
|
+
"line": "<approximate range>",
|
|
53
|
+
"description": "<apa masalahnya>",
|
|
54
|
+
"why_problem": "<kenapa ini masalah>",
|
|
55
|
+
"impact": "<konsekuensi kalau dibiarkan>",
|
|
56
|
+
"fix_steps": ["step 1", "step 2", ...],
|
|
57
|
+
"fix_effort": "5min|30min|2hr|8hr+|multi-day",
|
|
58
|
+
"blast_radius": "single-file|module|cross-module|system-wide",
|
|
59
|
+
"risk_of_introducing_bug": "low|medium|high",
|
|
60
|
+
"verify_strategy": ["lint", "build", "test ...", "manual smoke test ..."],
|
|
61
|
+
"rollback": "<perintah rollback>"
|
|
62
|
+
}
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
6. **Adversarial verify per finding** (Workflow phase 2):
|
|
66
|
+
- Untuk SETIAP finding, spawn 1 verifier agent dengan default `is_real=false`.
|
|
67
|
+
- Verifier baca file yang dimaksud, konfirmasi finding nyata (bukan halusinasi).
|
|
68
|
+
- Cek severity tepat (jangan inflate/deflate).
|
|
69
|
+
- Cek `fix_steps` reasonable + `risk_of_introducing_bug` akurat.
|
|
70
|
+
|
|
71
|
+
7. **Synthesize ranked output** (Workflow phase 3):
|
|
72
|
+
- **Tier 1 LOW RISK first**: findings dengan `risk_of_introducing_bug=low`, sort by effort ascending. Ini quick wins yang aman dikerjakan duluan.
|
|
73
|
+
- **Tier 2 MEDIUM RISK after Tier 1**: findings dengan `risk_of_introducing_bug=medium`. Butuh test foundation Tier 1 dulu.
|
|
74
|
+
- **Tier 3 HIGH RISK hold merge**: findings dengan `risk_of_introducing_bug=high`. Branch protection ON, paired review, smoke test prod 5+ menit.
|
|
75
|
+
|
|
76
|
+
### Bagian 3 — Translate findings ke ANALOGI non-programmer
|
|
77
|
+
|
|
78
|
+
8. **WAJIB**: tiap finding di-augment dengan format ini (Bahasa Indonesia ramah, junior-friendly):
|
|
79
|
+
|
|
80
|
+
```markdown
|
|
81
|
+
**[N] <Title teknis singkat>**
|
|
82
|
+
- 📖 **Analogi**: <bahasa sehari-hari, pakai contoh kantor/Excel/lemari arsip/ATM/tukang pos/brankas>
|
|
83
|
+
- 🎯 **Kenapa penting**: <1-2 kalimat awam, no jargon>
|
|
84
|
+
- 🛠 **Fix**: <pointer cepat, sebut file/line dan langkah kasar>
|
|
85
|
+
- ⏱ <effort> · 🚦 <severity> · ⚠ Risk <risk_of_bug>
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
**Sumber analogi**: `docs/ANALOGI_LIBRARY.md` berisi 30 jargon × 3 layer analogi (sehari-hari + tools digital populer + contoh konkret). Tabel ringkas + style guide tools digital di `CLAUDE_universal_v1.md` section 4.4.
|
|
89
|
+
|
|
90
|
+
**3 layer analogi WAJIB per finding** (TIDAK CUKUP 1 analogi):
|
|
91
|
+
1. **🏢 Sehari-hari**: kantor / dapur / lemari arsip / loket bank (universal)
|
|
92
|
+
2. **📱 Tools digital populer**: Tokopedia / Gojek / WhatsApp / BCA mobile / Excel / Google Drive / Notion / Discord / dll. (Indonesia-context)
|
|
93
|
+
3. **🎯 Contoh konkret**: kapan situasi muncul di proyek user (1 kalimat)
|
|
94
|
+
|
|
95
|
+
Contoh quick reference (lihat `docs/ANALOGI_LIBRARY.md` untuk 30 jargon lengkap):
|
|
96
|
+
|
|
97
|
+
| Jargon | 🏢 Sehari-hari | 📱 Tools digital |
|
|
98
|
+
|---|---|---|
|
|
99
|
+
| N+1 query | Tukang pos antar 30 surat satu-satu padahal punya 30 motor | **Tokopedia** checkout 20 barang satu-satu vs masukin keranjang |
|
|
100
|
+
| Missing rate-limit | Loket bank tanpa antrian, 1 orang spam 1000x/menit | **BCA mobile** pencet kirim OTP unlimited → spam SMS korban |
|
|
101
|
+
| Race condition | 2 orang nyamber stapler bersama di detik sama | **Shopee flash sale** stok 1, 2 orang klik "Beli" detik sama |
|
|
102
|
+
| IDOR | Loker arsip nomor urut, ganti #47→#48 buka loker bos | **Tokopedia** ganti `invoice=12345`→`12346` muncul invoice orang lain |
|
|
103
|
+
| God Component | Staff serabutan urus semua (kasir + telepon + gudang + laporan) | **Excel** 1 workbook isi stok+gaji+absensi+pivot semua tumpuk |
|
|
104
|
+
| Memory leak | Staff dapur ambil piring kotor gak pernah cuci, dapur penuh | **WhatsApp** chat masuk dengan foto/video gak dihapus, storage penuh |
|
|
105
|
+
| HOLD MERGE | Laporan keuangan rapi tapi belum boleh masuk arsip sebelum bos cap | **BCA mobile** transfer di atas limit → tunggu OTP |
|
|
106
|
+
|
|
107
|
+
Untuk istilah BARU yang belum di `docs/ANALOGI_LIBRARY.md`, AI bikin 3-layer analogi konsisten + suggest tambah ke library via LAZY-GENERATE.
|
|
108
|
+
|
|
109
|
+
### Bagian 4 — Generate Sprint Execution Plan
|
|
110
|
+
|
|
111
|
+
9. Group findings jadi Sprint berdasarkan urgency + dependencies:
|
|
112
|
+
|
|
113
|
+
- **Sprint 0 — URGENCY** (~30 menit): finding dengan severity=critical DAN risk_of_bug=low DAN fix_effort=5min. "Stop bleeding" priorities (backup broken, secret leak, dst.)
|
|
114
|
+
- **Sprint 1 — Quick Wins** (1-2 hari): semua Tier 1 dengan fix_effort ≤ 30min, behavior unchanged
|
|
115
|
+
- **Sprint 2 — Test Foundation** (3-5 hari): semua test gap untuk HIGH RISK files + docs polish. **WAJIB sebelum Sprint 3.**
|
|
116
|
+
- **Sprint 3 — Tier 2 Medium + Onboarding Prep** (1-2 minggu): touch behavior, cross-module refactor, onboarding setup
|
|
117
|
+
- **Sprint 4+ — Tier 3 HIGH RISK** (1-2 minggu per finding): paired review, HOLD MERGE, branch protection
|
|
118
|
+
|
|
119
|
+
### Bagian 5 — Popup #1: Pilih tier (READONLY preview)
|
|
120
|
+
|
|
121
|
+
10. **AI WAJIB tanya user** dengan `AskUserQuestion` (atau format teks setara di IDE lain). Posisi: setelah Workflow synthesize selesai, sebelum tampil detail.
|
|
122
|
+
|
|
123
|
+
```
|
|
124
|
+
POPUP READONLY: <N> finding audit siap di-tampilkan dengan analogi non-programmer.
|
|
125
|
+
Status sekarang: READONLY (cuma preview, belum ada file proyek yang berubah).
|
|
126
|
+
|
|
127
|
+
Pilih tier mana yang mau dilihat detailnya?
|
|
128
|
+
|
|
129
|
+
(1) Tier 1 - Mudah (<X> item, ~<E1> jam total kerja)
|
|
130
|
+
→ Perbaikan ringan: <sample categories>
|
|
131
|
+
→ Risk merusak system: LOW
|
|
132
|
+
|
|
133
|
+
(2) Tier 2 - Sedang (<Y> item, ~<E2> hari)
|
|
134
|
+
→ Refactor cross-module: <sample categories>
|
|
135
|
+
→ Risk: MEDIUM. Wajib test foundation Sprint 2 dulu.
|
|
136
|
+
|
|
137
|
+
(3) Tier 3 - Hati-hati (<Z> item, ~<E3> hari per finding)
|
|
138
|
+
→ Refactor auth/encryption/schema: <sample>
|
|
139
|
+
→ Risk: HIGH. HOLD MERGE. Setelah Sprint 1-2 stable.
|
|
140
|
+
|
|
141
|
+
(4) Semua tier + execution plan terstruktur ⭐ DEFAULT
|
|
142
|
+
→ Output paling panjang tapi paling lengkap.
|
|
143
|
+
→ Cocok untuk di-track sebagai master TODO di docs/decisions/.
|
|
144
|
+
|
|
145
|
+
Default (kosong/Enter) → (4) Semua tier.
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
11. Tunggu jawaban user:
|
|
149
|
+
- **"1"** → tampilkan Tier 1 dengan analogi (group per dimensi).
|
|
150
|
+
- **"2"** → tampilkan Tier 2.
|
|
151
|
+
- **"3"** → tampilkan Tier 3.
|
|
152
|
+
- **"4" / Enter / kosong** ⭐ DEFAULT → tampilkan SEMUA tier + Sprint execution plan.
|
|
153
|
+
|
|
154
|
+
### Bagian 6 — Display findings dengan analogi non-programmer
|
|
155
|
+
|
|
156
|
+
12. **Group per dimensi** dalam tiap tier (mudah di-skim):
|
|
157
|
+
|
|
158
|
+
```markdown
|
|
159
|
+
## 🟢 TIER 1 — MUDAH (X item, ~Y jam total)
|
|
160
|
+
|
|
161
|
+
### 🗄️ Database (N item)
|
|
162
|
+
[1] Title teknis
|
|
163
|
+
- 📖 Analogi: ...
|
|
164
|
+
- 🎯 Kenapa penting: ...
|
|
165
|
+
- 🛠 Fix: edit `path/file.ts` line N, ...
|
|
166
|
+
- ⏱ 5min · 🚦 Medium · ⚠ Risk LOW
|
|
167
|
+
|
|
168
|
+
[2] Title teknis
|
|
169
|
+
- ...
|
|
170
|
+
|
|
171
|
+
### 🔒 Security (N item)
|
|
172
|
+
[N] ...
|
|
173
|
+
|
|
174
|
+
### 🧹 Refactor (N item)
|
|
175
|
+
...
|
|
176
|
+
|
|
177
|
+
### ✅ QA/Test (N item)
|
|
178
|
+
...
|
|
179
|
+
|
|
180
|
+
[dst. per dimensi]
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
13. Setelah display semua tier, tutup dengan Sprint execution plan:
|
|
184
|
+
|
|
185
|
+
```markdown
|
|
186
|
+
## 📋 EXECUTION PLAN
|
|
187
|
+
|
|
188
|
+
### 🔥 Sprint 0 — URGENCY (30 menit)
|
|
189
|
+
1. Item #<X> — <judul> (5min)
|
|
190
|
+
2. ...
|
|
191
|
+
|
|
192
|
+
### 🟢 Sprint 1 — Quick Wins (1-2 hari)
|
|
193
|
+
| Hari | Item | Effort |
|
|
194
|
+
|---|---|---|
|
|
195
|
+
| Pagi 1 | #<...> | 3 jam |
|
|
196
|
+
| ...
|
|
197
|
+
|
|
198
|
+
[Sprint 2, 3, 4+]
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
### Bagian 7 — Popup #2: Mau lanjut apa?
|
|
202
|
+
|
|
203
|
+
14. **AI WAJIB tanya user** lagi setelah display findings:
|
|
204
|
+
|
|
205
|
+
```
|
|
206
|
+
Status: READONLY preview selesai. Tidak ada file yang diubah, tidak ada commit, tidak ada push.
|
|
207
|
+
|
|
208
|
+
Mau lanjut ke step berikutnya?
|
|
209
|
+
|
|
210
|
+
(1) 🔥 Eksekusi Sprint 0 (URGENCY, ~30 menit)
|
|
211
|
+
→ AI kerjakan item Sprint 0 langsung, lapor per item.
|
|
212
|
+
→ BACA dulu yang akan dikerjakan, AI baru execute setelah konfirm.
|
|
213
|
+
|
|
214
|
+
(2) 📝 Tulis full report ke docs/decisions/<YYYY-MM-DD>-audit-findings.md
|
|
215
|
+
→ Semua finding + analogi + execution plan jadi 1 file Markdown.
|
|
216
|
+
→ Owner bisa di-track via git, share ke staff, reference untuk Sprint planning.
|
|
217
|
+
|
|
218
|
+
(3) 🎯 Pick 1 finding spesifik untuk fix detail
|
|
219
|
+
→ Kasih nomor (mis. "fix #1 dulu") → AI kerjakan dengan safety net penuh.
|
|
220
|
+
→ Branch baru + commit kecil + verify lint/build/test + rollback siap.
|
|
221
|
+
|
|
222
|
+
(4) ⏸ Stop, owner review dulu
|
|
223
|
+
→ Output preview siap. Owner review, kasih instruksi spesifik nanti di sesi baru.
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
15. Tunggu jawaban:
|
|
227
|
+
- **"1"** → run Sprint 0 dengan branch terpisah + commit per item + smoke test (untuk akses: cek backup workflow, revoke cross-tenant role, dst.)
|
|
228
|
+
- **"2"** → tulis file `docs/decisions/<YYYY-MM-DD>-audit-findings.md` lengkap, lapor lokasi file
|
|
229
|
+
- **"3"** → tanya nomor finding, lalu execute dengan safety net pattern (lihat Bagian 8)
|
|
230
|
+
- **"4"** → tutup: *"Preview siap. Sesi berikutnya tinggal brief 'lanjut Sprint 0' atau 'fix item #X' kapan saja."*
|
|
231
|
+
|
|
232
|
+
### Bagian 8 — Safety Net Pattern (kalau owner pilih execute)
|
|
233
|
+
|
|
234
|
+
Untuk SETIAP refactor yang AI eksekusi (Sprint 0 atau pick spesifik):
|
|
235
|
+
|
|
236
|
+
1. **Branch terpisah**: `git checkout -b fix/audit-<short-slug>`
|
|
237
|
+
2. **Read existing test** (kalau ada vitest di area yang akan disentuh) untuk paham contract
|
|
238
|
+
3. **List intended behavior PRESERVED** sebelum touch code (kontrak before/after) — tulis ke commit message body
|
|
239
|
+
4. **Per refactor = 1 atomic commit kecil** (reversible via `git revert HEAD`)
|
|
240
|
+
5. **Verify**: `pnpm lint && pnpm build && pnpm test` lulus
|
|
241
|
+
6. **Smoke test alur kritis manual** (untuk fix yang touch auth/DB/payment): list 3 alur untuk owner verify
|
|
242
|
+
7. **HIGH RISK (Tier 3)** = HOLD MERGE, owner approve dulu
|
|
243
|
+
8. **Lapor per item**: "✅ Item #<N> selesai. Commit: <sha>. Test pass. Smoke test: <list>. Rollback: `git revert <sha>`."
|
|
244
|
+
|
|
245
|
+
### Aturan AI selama workflow ini
|
|
246
|
+
|
|
247
|
+
- **READ-ONLY default**: Bagian 2-6 = scan + report. Tidak ada `Edit`/`Write`/`Bash destruktif`. Pakai Workflow tool untuk parallel scan.
|
|
248
|
+
- **Implicit consent dari user paste prompt** = setuju AI lakukan audit read-only sampai Popup #1.
|
|
249
|
+
- **Popup #1 + Popup #2 WAJIB** — tunggu user pilih tier + lanjutan.
|
|
250
|
+
- **ANALOGI non-programmer WAJIB** di tiap finding (Bagian 3 style guide). Kalau istilah belum ada di `docs/GLOSSARY_NON_PROGRAMMER.md`, AI bikin analogi konsisten + suggest tambah ke glossary.
|
|
251
|
+
- **Adversarial verify WAJIB** — cegah halusinasi. Default `is_real=false`.
|
|
252
|
+
- **Sprint plan = guidance, BUKAN auto-execute**. Owner pegang kontrol final.
|
|
253
|
+
- **Multi-Divisi review WAJIB** di akhir (per CLAUDE_universal_v1.md section 4.1).
|
|
254
|
+
- Semua respons AI dalam **Bahasa Indonesia** ramah, junior-friendly.
|
|
255
|
+
|
|
256
|
+
---
|
|
257
|
+
|
|
258
|
+
## Untuk Staff Baru (Day 0 Pertama Kali Audit)
|
|
259
|
+
|
|
260
|
+
Kalau staff IT non-programmer pertama kali pakai audit ini di proyek (mereka belum tahu codebase), AI WAJIB:
|
|
261
|
+
|
|
262
|
+
1. **Phase 1** — Foundation reading: pastikan staff sudah baca `docs/GLOSSARY_NON_PROGRAMMER.md` + `docs/SECURITY_INCIDENT_PLAYBOOK.md`
|
|
263
|
+
2. **Phase 2** — Project context: brief staff tentang stack + domain + status sebelum audit (auto via Guided Step-by-Step Pattern di `CLAUDE_universal_v1.md` section 4.3)
|
|
264
|
+
3. **Phase 3** — Audit dengan extra hand-holding: di Popup #2, default ke option (4) Stop supaya staff baru tidak langsung execute fix tanpa supervisor approval
|
|
265
|
+
|
|
266
|
+
---
|
|
267
|
+
|
|
268
|
+
## Konteks tambahan untuk Workflow tool
|
|
269
|
+
|
|
270
|
+
- Setiap auditor dimensi WAJIB read minimal:
|
|
271
|
+
- `docs/architecture_auto.md` (TOC paham landscape)
|
|
272
|
+
- `prisma/schema.prisma` (kalau ada Prisma)
|
|
273
|
+
- 1-2 file CRITICAL di area yang di-audit (dari dim-specific hint)
|
|
274
|
+
- JANGAN baca semua `docs/*.md` di awal (boros token, lawan dari section 7.3 READ-MINIMAL)
|
|
275
|
+
- Output schema STRUCTURED supaya synthesize gampang (lihat Bagian 2 step 5)
|
|
276
|
+
- Concurrency cap 16 = aman untuk 8 auditor + adversarial verify per finding
|
|
277
|
+
|
|
278
|
+
---
|
|
279
|
+
|
|
280
|
+
Mulai dari langkah 1 sekarang.
|