@ojokesusu/lintasai 1.1.2

package/lib/rollback.ps1

@@ -0,0 +1,241 @@
+#Requires -Version 5.1
+Set-StrictMode -Version Latest
+# NOTE: ErrorActionPreference sengaja TIDAK di-set 'Stop' di scope file ini, supaya
+# rollback bisa graceful no-op kalau manifest tidak ada / tidak ada .bak files.
+# Critical calls pakai -ErrorAction Stop per-call, dibungkus try/catch lokal.
+
+function Find-ManifestPath {
+    param([Parameter(Mandatory=$true)][string]$ProjectRoot)
+    # Probe 3 lokasi kandidat — setup-pola-b.ps1 bisa naruh manifest di project-root
+    # ATAU di .claude-kit/ tergantung mode setup. Cek semua sebelum nyerah.
+    $candidates = @(
+        (Join-Path $ProjectRoot '.install-manifest.json'),
+        (Join-Path $ProjectRoot '.claude-kit\.install-manifest.json'),
+        (Join-Path $ProjectRoot '.claude-kit\install-manifest.json')
+    )
+    foreach ($c in $candidates) {
+        if (Test-Path $c) { return $c }
+    }
+    return $null
+}
+
+function Get-FileSha256 {
+    param([Parameter(Mandatory=$true)][string]$Path)
+    $hash = Get-FileHash -Path $Path -Algorithm SHA256
+    return $hash.Hash.ToLowerInvariant()
+}
+
+function Read-ManifestJson {
+    param([Parameter(Mandatory=$true)][string]$Path)
+    $raw = [System.IO.File]::ReadAllText($Path, [System.Text.Encoding]::UTF8)
+    return (ConvertFrom-Json -InputObject $raw)
+}
+
+function Write-ManifestJson {
+    param(
+        [Parameter(Mandatory=$true)][string]$Path,
+        [Parameter(Mandatory=$true)]$Manifest
+    )
+    $json = ConvertTo-Json -InputObject $Manifest -Depth 12
+    $tmp  = "$Path.tmp"
+    [System.IO.File]::WriteAllText($tmp, $json, `
+        (New-Object System.Text.UTF8Encoding($false)))
+    Move-Item -Path $tmp -Destination $Path -Force
+}
+
+function Find-LatestBackup {
+    param(
+        [Parameter(Mandatory=$true)][string]$OriginalPath
+    )
+    $dir  = Split-Path -Parent $OriginalPath
+    $leaf = Split-Path -Leaf   $OriginalPath
+    if (-not (Test-Path $dir)) { return $null }
+    $pattern = "$leaf.bak.*"
+    $candidates = Get-ChildItem -Path $dir -Filter $pattern -File `
+        -ErrorAction SilentlyContinue
+    if (-not $candidates -or $candidates.Count -eq 0) { return $null }
+    # Sort by timestamp suffix after ".bak." (descending lexicographic).
+    $sorted = $candidates | Sort-Object -Property Name -Descending
+    return $sorted[0].FullName
+}
+
+function Confirm-Rollback {
+    param([switch]$Force)
+    if ($Force) { return $true }
+    $c = 'n'
+    try {
+        $c = Read-Host 'Lanjut rollback? (y/N)'
+    } catch {
+        $c = 'n'
+    }
+    if ($null -eq $c) { return $false }
+    $cn = $c.Trim().ToLowerInvariant()
+    return ($cn -eq 'y' -or $cn -eq 'yes')
+}
+
+function Test-GitDirty {
+    param([Parameter(Mandatory=$true)][string]$Root)
+    try {
+        $out = & git -C $Root status --porcelain 2>$null
+        if ($LASTEXITCODE -ne 0) { return $false }
+        if ([string]::IsNullOrWhiteSpace($out)) { return $false }
+        return $true
+    } catch {
+        return $false
+    }
+}
+
+function Invoke-Rollback {
+    [CmdletBinding()]
+    param(
+        [string]$ProjectRoot = (Get-Location).Path,
+        [switch]$Force,
+        [switch]$DryRun
+    )
+
+    try {
+        $root = (Resolve-Path -Path $ProjectRoot -ErrorAction Stop).Path
+    } catch {
+        Write-Host ("[INFO] ProjectRoot tidak valid: {0}. Tidak ada yang di-rollback." -f $ProjectRoot)
+        return @{ status = 'no-project-root'; restored = 0; skipped = 0 }
+    }
+
+    $manifestPath = Find-ManifestPath -ProjectRoot $root
+    if (-not $manifestPath) {
+        Write-Host '[INFO] Tidak ada manifest. Belum pernah install atau setup belum jalan. Tidak ada yang di-rollback.'
+        return @{ status = 'no-manifest'; restored = 0; skipped = 0 }
+    }
+
+    if (Test-GitDirty -Root $root) {
+        Write-Warning ("Working tree git dirty di {0}. " + `
+            "Pertimbangkan stash/commit sebelum rollback." -f $root)
+    }
+
+    try {
+        $manifest = Read-ManifestJson -Path $manifestPath
+    } catch {
+        Write-Host ("[ERROR] Gagal parse manifest {0}: {1}" -f $manifestPath, $_.Exception.Message)
+        return @{ status = 'manifest-parse-error'; restored = 0; skipped = 0 }
+    }
+
+    $hasFilesProp = $false
+    if ($manifest -and $manifest.PSObject -and $manifest.PSObject.Properties) {
+        $hasFilesProp = (@($manifest.PSObject.Properties.Name) -contains 'files')
+    }
+    if (-not $hasFilesProp) {
+        Write-Host "[INFO] Manifest tidak punya properti 'files'. Tidak ada yang di-rollback."
+        return @{ status = 'manifest-no-files'; restored = 0; skipped = 0 }
+    }
+
+    # Pre-scan: ada minimal 1 .bak file yang nyambung ke manifest entry?
+    # Kalau zero .bak → fresh install belum pernah di-update, return graceful no-op.
+    $hasAnyBak = $false
+    foreach ($entry in $manifest.files) {
+        $absOrig = Join-Path $root $entry.path
+        $entryDir = Split-Path -Parent $absOrig
+        $entryLeaf = Split-Path -Leaf $entry.path
+        if (Test-Path $entryDir) {
+            $entryCandidates = Get-ChildItem -Path $entryDir -Filter "$entryLeaf.bak*" `
+                -File -ErrorAction SilentlyContinue
+            if ($entryCandidates) { $hasAnyBak = $true; break }
+        }
+    }
+    if (-not $hasAnyBak) {
+        Write-Host '[OK] Manifest ada tapi tidak ada file .bak. Tidak ada yang di-rollback (fresh install belum di-update).'
+        return @{ status = 'no-backups'; restored = 0; skipped = 0 }
+    }
+
+    $plan = New-Object System.Collections.ArrayList
+    foreach ($entry in $manifest.files) {
+        $orig = Join-Path $root $entry.path
+        $bak  = Find-LatestBackup -OriginalPath $orig
+        $null = $plan.Add([pscustomobject]@{
+            Entry    = $entry
+            Original = $orig
+            Backup   = $bak
+        })
+    }
+
+    if ($DryRun) {
+        foreach ($p in $plan) {
+            if ($null -ne $p.Backup) {
+                Write-Host ("would restore: {0} <- {1}" -f `
+                    $p.Original, $p.Backup)
+            } else {
+                Write-Host ("skip (no backup): {0}" -f $p.Original)
+            }
+        }
+        return [pscustomobject]@{
+            dryRun   = $true
+            restored = 0
+            skipped  = ($plan | Where-Object { $null -eq $_.Backup }).Count
+            items    = $plan
+        }
+    }
+
+    if (-not (Confirm-Rollback -Force:$Force)) {
+        Write-Host 'Dibatalkan.'
+        return [pscustomobject]@{
+            cancelled = $true
+            restored  = 0
+            skipped   = $plan.Count
+            items     = @()
+        }
+    }
+
+    $restored = 0
+    $skipped  = 0
+    $items    = New-Object System.Collections.ArrayList
+
+    foreach ($p in $plan) {
+        if ($null -eq $p.Backup) {
+            $skipped++
+            $null = $items.Add([pscustomobject]@{
+                path    = $p.Entry.path
+                action  = 'skip'
+                reason  = 'no-backup'
+            })
+            continue
+        }
+        Copy-Item -Path $p.Backup -Destination $p.Original -Force
+        $newHash = Get-FileSha256 -Path $p.Original
+        # Update manifest entry in place.
+        if ($p.Entry.PSObject.Properties.Name -contains 'sha256') {
+            $p.Entry.sha256 = $newHash
+        } else {
+            $p.Entry | Add-Member -NotePropertyName 'sha256' `
+                -NotePropertyValue $newHash -Force
+        }
+        if ($p.Entry.PSObject.Properties.Name -contains 'rolledBackAt') {
+            $p.Entry.rolledBackAt = (Get-Date).ToString('o')
+        } else {
+            $p.Entry | Add-Member -NotePropertyName 'rolledBackAt' `
+                -NotePropertyValue ((Get-Date).ToString('o')) -Force
+        }
+        $restored++
+        $null = $items.Add([pscustomobject]@{
+            path    = $p.Entry.path
+            action  = 'restore'
+            backup  = $p.Backup
+            sha256  = $newHash
+        })
+    }
+
+    Write-ManifestJson -Path $manifestPath -Manifest $manifest
+
+    return [pscustomobject]@{
+        restored = $restored
+        skipped  = $skipped
+        items    = $items
+    }
+}
+
+function Get-RollbackPreview {
+    [CmdletBinding()]
+    param(
+        [string]$ProjectRoot = (Get-Location).Path
+    )
+    return (Invoke-Rollback -ProjectRoot $ProjectRoot -DryRun)
+}
+
+# Functions auto-exposed via dot-source (no Export-ModuleMember karena .ps1 di-load via `. $path`)

package/lib/safety.ps1

@@ -0,0 +1,193 @@
+<#
+.SYNOPSIS
+  lib/safety.ps1 - Shared safety helpers untuk lintasAI kit scripts.
+
+.DESCRIPTION
+  Module ini berisi helper path-safety yang dipakai bersama oleh script kit
+  (setup-pola-b.ps1, uninstall.ps1, dst.) untuk mencegah path traversal,
+  symlink/junction redirect, dan operasi pada path di luar project root.
+
+  Helpers yang di-export:
+    - Initialize-SafeProjectPath : Set $script:ProjectRoot + $script:ProjectRootCanonical
+                                   sekaligus (containment base). Wajib dipanggil
+                                   sekali sebelum Resolve-SafeProjectPath kalau caller
+                                   ingin API eksplisit (bukan set variable manual).
+    - Resolve-SafeProjectPath  : Validasi + resolve relative path dari manifest
+                                 ke absolute path dalam project root. Reject
+                                 absolute path, parent traversal ('..'), dan
+                                 path yang escape root. Accept -RelPath (legacy)
+                                 atau alias -RelativePath. Behavior reject =
+                                 throw exception (non-recoverable security boundary).
+    - Test-PathHasReparsePoint : Detect reparse point (junction/symlink) di
+                                 target path ATAU di parent segment manapun
+                                 antara $ProjectRoot dan target.
+    - Get-FileSha256           : SHA-256 file hash dalam lower-case hex string.
+
+  Kontrak penting:
+    Caller bisa pakai Initialize-SafeProjectPath -ProjectRoot <full path> ATAU
+    set manual: $script:ProjectRootCanonical = <full path with trailing separator>.
+    Variable ini dibaca oleh helper sebagai base containment check.
+
+.NOTES
+  Versi  : 1.0.0
+  Tanggal: 2026-06-04
+  Catatan keamanan: jangan ubah logic reject tanpa review - ini security boundary.
+#>
+
+# ---- Project-root initializer ----
+# Set $script:ProjectRoot + $script:ProjectRootCanonical sekaligus. API eksplisit
+# supaya caller (dan test harness) tidak perlu tahu detail internal variable name.
+# Test/caller equivalent ke pattern manual lama:
+#   $ProjectRoot = $path
+#   $script:ProjectRootCanonical = $path + '\'
+function Initialize-SafeProjectPath {
+    param(
+        [Parameter(Mandatory)][string]$ProjectRoot
+    )
+    # Normalize via GetFullPath supaya '.', '..' di input ter-resolve sebelum kita simpan.
+    try {
+        $normalized = [System.IO.Path]::GetFullPath($ProjectRoot)
+    } catch {
+        throw "Initialize-SafeProjectPath: invalid ProjectRoot '$ProjectRoot' ($($_.Exception.Message))"
+    }
+    $script:ProjectRoot = $normalized
+    # Pastikan trailing DirectorySeparatorChar supaya containment check structural (cegah prefix collision).
+    if (-not $normalized.EndsWith([System.IO.Path]::DirectorySeparatorChar)) {
+        $script:ProjectRootCanonical = $normalized + [System.IO.Path]::DirectorySeparatorChar
+    } else {
+        $script:ProjectRootCanonical = $normalized
+    }
+    # Set $ProjectRoot di parent scope juga supaya legacy callers yang baca $ProjectRoot tanpa $script:
+    # tetap dapat value. Set-Variable -Scope 1 = scope caller (yang dot-source / panggil function ini).
+    try { Set-Variable -Name ProjectRoot -Value $normalized -Scope 1 -ErrorAction SilentlyContinue } catch {}
+}
+
+# ---- Path-traversal & symlink helpers ----
+# Resolve a manifest-supplied relative path safely:
+#  - Reject absolute paths (drive-letter, leading \ or /).
+#  - Reject paths containing '..' segments.
+#  - Normalize via [System.IO.Path]::GetFullPath() and verify containment in $ProjectRoot.
+#  - Throws on reject (security boundary - jangan silent-fallback).
+function Resolve-SafeProjectPath {
+    param(
+        # Accept legacy nama -RelPath, alias -RelativePath untuk API yang lebih jelas.
+        [Parameter(Mandatory)]
+        [Alias('RelativePath')]
+        [string]$RelPath,
+        [string]$Label = 'entry'
+    )
+    # Defense-in-depth: pastikan $script:ProjectRootCanonical SELALU diakhiri DirectorySeparatorChar.
+    # Tanpa trailing separator, StartsWith() bisa false-match: "C:\proj" matches "C:\proj-evil\foo".
+    # Caller seharusnya sudah set ini, tapi normalize lagi di sini supaya containment check structural.
+    if ($script:ProjectRootCanonical -and -not $script:ProjectRootCanonical.EndsWith([System.IO.Path]::DirectorySeparatorChar)) {
+        $script:ProjectRootCanonical += [System.IO.Path]::DirectorySeparatorChar
+    }
+    if ([string]::IsNullOrWhiteSpace($script:ProjectRootCanonical)) {
+        throw "Resolve-SafeProjectPath: ProjectRoot belum di-initialize. Panggil Initialize-SafeProjectPath dulu."
+    }
+    if ([string]::IsNullOrWhiteSpace($RelPath)) {
+        $msg = "REJECT empty path for $Label"
+        Write-Host $msg -ForegroundColor Red
+        throw $msg
+    }
+    # Block absolute paths: drive-letter (C:\), UNC (\\server\), leading separators.
+    if ([System.IO.Path]::IsPathRooted($RelPath) -or $RelPath -match '^[a-zA-Z]:' -or $RelPath -match '^[\\/]') {
+        $msg = "REJECT absolute path in manifest ($Label): $RelPath"
+        Write-Host $msg -ForegroundColor Red
+        throw $msg
+    }
+    # Block parent traversal segments.
+    if ($RelPath -match '(^|[\\/])\.\.([\\/]|$)') {
+        $msg = "REJECT parent-traversal segment in manifest ($Label): $RelPath"
+        Write-Host $msg -ForegroundColor Red
+        throw $msg
+    }
+    # Pakai $script:ProjectRoot (ter-set oleh Initialize-SafeProjectPath) atau fallback ke $ProjectRoot caller scope.
+    $rootForJoin = if ($script:ProjectRoot) { $script:ProjectRoot } else { $ProjectRoot }
+    $candidate = Join-Path $rootForJoin ($RelPath -replace '/', '\')
+    try {
+        $full = [System.IO.Path]::GetFullPath($candidate)
+    } catch {
+        $msg = "REJECT invalid path in manifest ($Label): $RelPath"
+        Write-Host $msg -ForegroundColor Red
+        throw $msg
+    }
+    # Containment check (case-insensitive prefix-with-separator).
+    if (-not $full.StartsWith($script:ProjectRootCanonical, [System.StringComparison]::OrdinalIgnoreCase)) {
+        $msg = "REJECT path escapes project root ($Label): $RelPath -> $full"
+        Write-Host $msg -ForegroundColor Red
+        throw $msg
+    }
+    return $full
+}
+
+# Detect reparse points (junction / symlink) anywhere in the path between $ProjectRoot
+# and the target. Junction in mid-path lets attacker redirect a contained path to outside.
+# Returns $true kalau target ATAU parent segment apapun adalah reparse point.
+function Test-PathHasReparsePoint {
+    param([Parameter(Mandatory)][string]$FullPath)
+    $rootClean = $script:ProjectRootCanonical.TrimEnd([System.IO.Path]::DirectorySeparatorChar)
+    # Structural ancestor walk: pakai DirectoryInfo.Parent (bukan Split-Path string-based)
+    # supaya loop exit kondisi struktural (root drive), bukan length-based yang bisa kena edge case
+    # (mis. UNC path, drive root tanpa trailing sep, atau path lebih pendek dari rootClean).
+    $current = $null
+    if (Test-Path -LiteralPath $FullPath) {
+        try {
+            $startItem = Get-Item -Force -LiteralPath $FullPath -ErrorAction Stop
+            if ($startItem.Attributes -band [System.IO.FileAttributes]::ReparsePoint) {
+                return $true
+            }
+            # Untuk file: pakai Directory; untuk folder: pakai DirectoryInfo itself.
+            if ($startItem.PSIsContainer) {
+                $current = [System.IO.DirectoryInfo]$startItem
+            } else {
+                $current = $startItem.Directory
+            }
+        } catch {
+            # Kalau Get-Item gagal, defensive return true (treat as suspicious).
+            return $true
+        }
+    } else {
+        # Path tidak ada di disk: walk parents tetap perlu (parent bisa reparse point).
+        try {
+            $current = [System.IO.DirectoryInfo](Split-Path -Parent $FullPath)
+        } catch {
+            return $false
+        }
+    }
+    while ($current -and $current.FullName -ne $current.Root.FullName) {
+        try {
+            $info = Get-Item -Force -LiteralPath $current.FullName -ErrorAction Stop
+            if ($info.Attributes -band [System.IO.FileAttributes]::ReparsePoint) {
+                return $true
+            }
+        } catch {
+            return $true
+        }
+        $current = $current.Parent
+        if (-not $current) { break }
+        # Stop kalau sudah keluar (atau sama dengan) project root canonical.
+        if ($current.FullName.Length -lt $rootClean.Length) { break }
+    }
+    return $false
+}
+
+# ---- File hashing helper ----
+# Compute SHA-256 hash dari file, return lower-case hex string.
+# Wrapper tipis di atas Get-FileHash supaya caller (manifest, integrity check, test) tidak
+# perlu mikirin algo + casing setiap kali. Throws kalau file tidak ada / tidak bisa dibaca.
+function Get-FileSha256 {
+    param(
+        [Parameter(Mandatory)][string]$FilePath
+    )
+    if (-not (Test-Path -LiteralPath $FilePath)) {
+        throw "Get-FileSha256: file tidak ditemukan: $FilePath"
+    }
+    $hash = Get-FileHash -LiteralPath $FilePath -Algorithm SHA256 -ErrorAction Stop
+    return $hash.Hash.ToLowerInvariant()
+}
+
+# Functions auto-exposed via dot-source (no Export-ModuleMember karena .ps1 di-load via `. $path`).
+# Caller pakai pattern: . (Join-Path $PSScriptRoot 'lib\safety.ps1')
+# Setelah dot-source, Initialize-SafeProjectPath, Resolve-SafeProjectPath,
+# Test-PathHasReparsePoint, Get-FileSha256 accessible di caller scope.

package/lib/template-deploy.ps1

@@ -0,0 +1,242 @@
+<#
+.SYNOPSIS
+  lib/template-deploy.ps1 - Helper deploy template file dari kit ke project.
+
+.DESCRIPTION
+  Extract logic copy template + placeholder substitution dari setup-pola-b.ps1
+  supaya bisa di-reuse oleh script lain (update-kit.ps1, kit.ps1, dst.) dan
+  di-test independen.
+
+  Helpers yang di-export:
+    - Copy-TemplateWithPlaceholder : Copy file dari kit ke target dengan
+                                     placeholder substitution. Mode: skip kalau
+                                     target sudah ada, backup, atau overwrite.
+                                     Returns object { copied, action, sha256 }.
+    - Copy-StaticTemplate          : Copy file kit -> target TANPA substitution
+                                     (verbatim, untuk file generic seperti
+                                     _PATTERNS.md). Mode existing-file sama.
+                                     Returns object { copied, action, sha256 }.
+    - Get-SupportedPlaceholders    : List placeholder yang di-support setup
+                                     standar (NAMA_PROYEK, TANGGAL_HARI_INI,
+                                     NAMA_KAMU, URL_REPO_STANDAR, VERSI_KIT).
+
+  Kontrak penting:
+    - Pakai .Replace() literal (bukan -replace regex) supaya input user dengan
+      karakter $0/$1/$ tidak corrupt output.
+    - Write file dengan UTF-8 NO-BOM (System.Text.UTF8Encoding $false) -- PS 5.1
+      default UTF8 with BOM, sebagian tool sensitif.
+    - SHA256 hash di-compute dari file TARGET setelah write (bukan source) supaya
+      reflect content actual yang ada di disk (post-substitution).
+    - Returns object dengan field: copied (bool), action (string), sha256 (string|null).
+        action = 'created'  : target tidak ada sebelumnya, write sukses.
+        action = 'updated'  : target ada, di-overwrite (dengan/tanpa backup).
+        action = 'skipped'  : target ada, mode = Skip (default anti-overwrite).
+        action = 'missing'  : source tidak ada (graceful skip, return copied=false).
+    - No global state: semua input via parameter, output via return value. Function
+      TIDAK baca/tulis $script:installedItems atau global lain.
+
+.NOTES
+  Versi  : 1.0.0
+  Tanggal: 2026-06-06
+  PowerShell 5.1+ compatible.
+#>
+
+# ---- Placeholder catalog ----
+# Single source of truth untuk placeholder yang di-support oleh setup standar.
+# Caller boleh kirim placeholder tambahan lewat -Placeholders, ini cuma referensi.
+function Get-SupportedPlaceholders {
+    [CmdletBinding()]
+    param()
+    return @(
+        '<NAMA_PROYEK>',
+        '<TANGGAL_HARI_INI>',
+        '<NAMA_KAMU>',
+        '<URL_REPO_STANDAR>',
+        '<VERSI_KIT>'
+    )
+}
+
+# ---- Internal helper: hitung SHA256 lower-case hex dari file ----
+# Local helper supaya template-deploy.ps1 self-contained (tidak depend ke safety.ps1).
+# Caller yang sudah load safety.ps1 boleh ignore -- ini private scope.
+function _Get-FileSha256Hex {
+    param([Parameter(Mandatory)][string]$Path)
+    if (-not (Test-Path -LiteralPath $Path)) { return $null }
+    return (Get-FileHash -LiteralPath $Path -Algorithm SHA256).Hash
+}
+
+# ---- Internal helper: write UTF-8 NO-BOM ----
+# PS 5.1 default UTF8 = with BOM (corrupt sebagian linter/parser).
+# Pakai System.IO.File untuk write tanpa BOM, konsisten dengan setup-pola-b.ps1.
+function _Write-Utf8NoBom {
+    param(
+        [Parameter(Mandatory)][string]$Path,
+        [Parameter(Mandatory)][string]$Content
+    )
+    $enc = New-Object System.Text.UTF8Encoding $false
+    [System.IO.File]::WriteAllText($Path, $Content, $enc)
+}
+
+# ---- Internal helper: handle existing target file ----
+# Return $true kalau caller boleh proceed write, $false kalau harus skip.
+# Mode:
+#   'Skip'      : target ada -> return $false (no write).
+#   'Backup'    : target ada -> backup ke .backup-<timestamp>, return $true.
+#   'Overwrite' : target ada -> langsung overwrite, return $true.
+function _Resolve-ExistingTarget {
+    param(
+        [Parameter(Mandatory)][string]$TargetPath,
+        [Parameter(Mandatory)][ValidateSet('Skip','Backup','Overwrite')][string]$Mode,
+        [string]$BackupSuffix
+    )
+    if (-not (Test-Path -LiteralPath $TargetPath)) {
+        # Target tidak ada -- caller bebas write.
+        return $true
+    }
+    switch ($Mode) {
+        'Skip' { return $false }
+        'Overwrite' { return $true }
+        'Backup' {
+            if (-not $BackupSuffix) {
+                $BackupSuffix = Get-Date -Format 'yyyyMMdd-HHmmss'
+            }
+            $bakPath = "$TargetPath.backup-$BackupSuffix"
+            Copy-Item -LiteralPath $TargetPath -Destination $bakPath -Force
+            return $true
+        }
+    }
+    return $false
+}
+
+# ---- Public: Copy template dengan placeholder substitution ----
+# Source: file template di kit (mis. AGENTS.md.template, templates/architecture.md).
+# Target: lokasi tujuan di project (mis. <proj>/AGENTS.md, <proj>/docs/architecture.md).
+# Placeholders: hashtable @{ '<NAMA_PROYEK>' = 'akses'; '<TANGGAL_HARI_INI>' = '2026-06-06' }.
+#   Key harus exact match (termasuk angle brackets) ke string di template.
+#   Pakai .Replace() literal -- safe untuk value dengan $/regex chars.
+# IfExists: 'Skip' (default), 'Backup', 'Overwrite'.
+# BackupSuffix: optional, default = timestamp now (yyyyMMdd-HHmmss).
+#
+# Returns: PSCustomObject {
+#   copied: bool       -- true kalau file ditulis (created atau updated).
+#   action: string     -- 'created' | 'updated' | 'skipped' | 'missing'.
+#   sha256: string|null -- SHA256 hash file TARGET setelah write, null kalau skipped/missing.
+# }
+function Copy-TemplateWithPlaceholder {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory)][string]$SourcePath,
+        [Parameter(Mandatory)][string]$TargetPath,
+        [hashtable]$Placeholders = @{},
+        [ValidateSet('Skip','Backup','Overwrite')][string]$IfExists = 'Skip',
+        [string]$BackupSuffix
+    )
+
+    # ---- Validasi source ada ----
+    if (-not (Test-Path -LiteralPath $SourcePath)) {
+        return [PSCustomObject]@{
+            copied = $false
+            action = 'missing'
+            sha256 = $null
+        }
+    }
+
+    # ---- Cek target existing, decide skip/backup/overwrite ----
+    $targetExists = Test-Path -LiteralPath $TargetPath
+    $proceed = _Resolve-ExistingTarget -TargetPath $TargetPath -Mode $IfExists -BackupSuffix $BackupSuffix
+    if (-not $proceed) {
+        return [PSCustomObject]@{
+            copied = $false
+            action = 'skipped'
+            sha256 = $null
+        }
+    }
+
+    # ---- Ensure parent dir exists ----
+    $parentDir = Split-Path -Parent $TargetPath
+    if ($parentDir -and -not (Test-Path -LiteralPath $parentDir)) {
+        New-Item -ItemType Directory -Path $parentDir -Force | Out-Null
+    }
+
+    # ---- Read template + apply substitution ----
+    $content = Get-Content -LiteralPath $SourcePath -Raw -Encoding UTF8
+    if ($null -eq $content) { $content = '' }
+
+    if ($Placeholders -and $Placeholders.Count -gt 0) {
+        foreach ($key in $Placeholders.Keys) {
+            $value = [string]$Placeholders[$key]
+            # Pakai .Replace() literal (bukan -replace regex) supaya value dengan
+            # karakter $0/$1/$/backslash tidak corrupt output.
+            $content = $content.Replace($key, $value)
+        }
+    }
+
+    # ---- Write target ----
+    _Write-Utf8NoBom -Path $TargetPath -Content $content
+
+    # ---- Compute hash dari file TARGET (post-substitution) ----
+    $sha = _Get-FileSha256Hex -Path $TargetPath
+
+    $action = if ($targetExists) { 'updated' } else { 'created' }
+    return [PSCustomObject]@{
+        copied = $true
+        action = $action
+        sha256 = $sha
+    }
+}
+
+# ---- Public: Copy template tanpa substitution (verbatim copy) ----
+# Untuk file generic yang tidak punya placeholder (mis. _PATTERNS.md, _EXAMPLE.md,
+# CODEOWNERS.template, decisions/_TEMPLATE.md).
+#
+# Implementation: tetap pakai _Write-Utf8NoBom (bukan Copy-Item) supaya konsisten
+# encoding output -- file template di kit-dev mungkin di-save dengan BOM oleh editor,
+# kita normalize ke NO-BOM saat deploy.
+#
+# Returns: PSCustomObject sama seperti Copy-TemplateWithPlaceholder.
+function Copy-StaticTemplate {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory)][string]$SourcePath,
+        [Parameter(Mandatory)][string]$TargetPath,
+        [ValidateSet('Skip','Backup','Overwrite')][string]$IfExists = 'Skip',
+        [string]$BackupSuffix
+    )
+
+    if (-not (Test-Path -LiteralPath $SourcePath)) {
+        return [PSCustomObject]@{
+            copied = $false
+            action = 'missing'
+            sha256 = $null
+        }
+    }
+
+    $targetExists = Test-Path -LiteralPath $TargetPath
+    $proceed = _Resolve-ExistingTarget -TargetPath $TargetPath -Mode $IfExists -BackupSuffix $BackupSuffix
+    if (-not $proceed) {
+        return [PSCustomObject]@{
+            copied = $false
+            action = 'skipped'
+            sha256 = $null
+        }
+    }
+
+    $parentDir = Split-Path -Parent $TargetPath
+    if ($parentDir -and -not (Test-Path -LiteralPath $parentDir)) {
+        New-Item -ItemType Directory -Path $parentDir -Force | Out-Null
+    }
+
+    # Re-read + re-write supaya output guaranteed UTF-8 NO-BOM (normalize encoding).
+    $content = Get-Content -LiteralPath $SourcePath -Raw -Encoding UTF8
+    if ($null -eq $content) { $content = '' }
+    _Write-Utf8NoBom -Path $TargetPath -Content $content
+
+    $sha = _Get-FileSha256Hex -Path $TargetPath
+
+    $action = if ($targetExists) { 'updated' } else { 'created' }
+    return [PSCustomObject]@{
+        copied = $true
+        action = $action
+        sha256 = $sha
+    }
+}