@ojokesusu/lintasai 1.1.2

package/CHANGELOG.md

@@ -0,0 +1,313 @@
+# Changelog
+
+Semua perubahan signifikan ke kit ini didokumentasikan di file ini.
+
+Format mengikuti [Keep a Changelog](https://keepachangelog.com/id-ID/1.1.0/),
+dan kit ini mengikuti [Semantic Versioning](https://semver.org/lang/id/).
+
+## Label spesial (auto-detect oleh `kit.ps1 update`)
+
+- **[BREAKING]** — Ada perubahan tidak backward-compatible. Wajib baca migration notes.
+- **[SCAN-REQUIRED]** — Wajib regenerate `docs/` (re-paste `BOOTSTRAP_PROJECT_DOCS_PROMPT_v1.md`).
+
+Tanpa label, update aman: `docs/` user TIDAK perlu di-scan ulang.
+
+---
+
+## [Unreleased]
+
+Slot tambahan untuk perubahan berikutnya sebelum versi v1.0.2.
+
+---
+
+## v1.1.2 [2026-06-06]
+
+### Changed
+
+#### Drop --provenance flag (private repo compatibility)
+- publish-npm.yml: remove `--provenance` flag dari npm publish command
+- Reason: npm provenance signing requires PUBLIC GitHub source repo (npm policy). lintasAI repo is private by design (internal tool untuk staff IT).
+- Trade-off: package npm tidak punya signed provenance badge
+- Defense in depth tetap valid via: NPM 2FA, granular token scope @ojokesusu, token rotation 365 hari
+
+#### Permissions cleanup
+- Remove `id-token: write` permission (no longer needed tanpa provenance)
+- Workflow runs with minimum required permissions (principle of least privilege)
+
+### Notes
+- Kit content tetap distribusi via public npm package (`@ojokesusu/lintasai`)
+- GitHub repo tetap private (internal access only)
+- Bisa balik ke provenance nanti kalau repo dijadikan public
+
+---
+
+## v1.1.1 [2026-06-06]
+
+### Fixed
+
+#### Publish Workflow Compatibility
+- publish-npm.yml: "Verify version" step sekarang handle BOTH tag push (auto-trigger on `v*` push) DAN workflow_dispatch (manual "Run workflow" UI button)
+- Previously: workflow_dispatch fail dengan "Tag version (refs/heads/main) does not match package.json"
+- Sekarang: kalau bukan tag trigger, skip version match check + publish package.json version langsung
+
+### Notes
+- Pertama kali publish ke npm: gunakan tag push (`git tag v1.1.1 && git push --tags`)
+- Manual re-publish via "Run workflow" UI sekarang aman
+
+---
+
+## v1.1.0 [2026-06-06]
+
+### Added (Major Features)
+
+#### NPM Publish Wrapper (Single-Command Bootstrap)
+- New: package.json + bin/lintasai.js Node.js launcher
+- Staff IT non-programmer (20-30 orang) sekarang bisa `npx @ojokesusu/lintasai init` (1 command, no git clone)
+- Auto-publish to npm registry on tag push via .github/workflows/publish-npm.yml (with provenance)
+- Commands supported: init, update, doctor, version, rollback, uninstall
+- Windows-only enforcement (cross-platform planned v2.0+)
+
+#### Architecture Refactor (Modularization)
+- setup-pola-b.ps1: 841 LOC -> orchestrator (~250 LOC) via dot-sourcing
+- Extracted 5 new lib modules:
+  - lib/manifest.ps1: Manifest write/sign/verify
+  - lib/template-deploy.ps1: Template copy with placeholder substitution
+  - lib/git-helpers.ps1: .git/ cleanup + MOTW unblock
+  - lib/agents-md.ps1: AGENTS.md fill template
+  - lib/version-detect.ps1: Kit version detection (supports both CHANGELOG formats)
+- Maintainability: future changes to manifest/template logic now isolated to lib modules
+- Backward compatible: all 27 Pester tests still pass
+
+#### PSScriptAnalyzer CI Integration
+- New job pssa-lint di .github/workflows/validate.yml
+- Catches issues AI-generated code might miss (unused vars, naming convention, security warnings)
+- Excludes PSAvoidUsingWriteHost + PSUseShouldProcessForStateChangingFunctions (false positives untuk CLI scripts)
+
+### Changed
+- README.md: NPM install method sekarang PRIMARY (Cara 1), git clone Cara 2 (advanced)
+- setup-pola-b.ps1: Restructured to orchestrator pattern
+
+### Tests
+- All 27 Pester tests pass
+- Lib module isolation tested
+- Smoke test (setup + doctor + version) pass
+
+### Migration Notes
+- Existing kit users (v1.0.x): no action required, refactor is internal
+- New install: prefer `npx @ojokesusu/lintasai init` over git clone
+- Owner setup needed for npm publish: GitHub Settings -> Secrets -> NPM_TOKEN (Automation token from npmjs.com)
+
+---
+
+## v1.0.1 [2026-06-06] - Post-Audit Fixes + Test Expansion
+
+### Fixed (CRITICAL from adversarial audit)
+- GPG verify-tag: was verifying branch name (broken), now properly resolves tag exact dari HEAD + verify-tag tag name. Fail-closed (throw) kalau verify fail, kecuali -AllowUnsignedTag explicit.
+- HMAC manifest signing: drop machine UUID binding (was not actually secret + broke cross-machine portability). Now kit-version constant key + LINTASAI_MANIFEST_SECRET env var override.
+- Decoupled -Force flag: -AllowModified (uninstall), -AllowUnsignedTag (update-kit GPG), -AllowUntrustedRepo (update-kit URL). -Force still works dengan deprecation warning.
+- ANALOGI_LIBRARY.md restored from deprecated state (5+ files actively reference, non-programmer team needs jargon library)
+
+### Added (test coverage)
+- tests/uninstall.Tests.ps1 (3 Describe blocks)
+- tests/update-kit.Tests.ps1 (3 Describe blocks)
+- tests/rollback.Tests.ps1 (2 Describe blocks)
+
+### Added (UX non-programmer)
+- MULAI_DI_SINI.md: 1-page bahasa awam onboarding
+- templates/GLOSSARY_NON_PROGRAMMER.md: expand dengan destructive ops, force-push, rm -rf, DROP, schema, API, endpoint
+- JALANKAN_KIT.md: disclaimer "INI BUAT AI BACA, BUKAN KAMU" di top
+
+### Changed (consistency)
+- SPLIT_REPO_MIGRATION_PROMPT_v1.md: Tier A/B/C → Frontend/Backend (15+ occurrences)
+- JALANKAN_KIT.md + 6 other files: deprecated file refs (BOOTSTRAP/MIGRATION/KICKOFF/UPDATE_DOCS prompts) → PROJECT_LIFECYCLE_PROMPT_v1.md (Stage A/B/C/D)
+- lib/kit-files.psd1: complete (30 missing files added — deprecated stubs, team templates, decisions, github assets)
+
+### Versioning Policy (NEW)
+- Stop force-pushing v1.0.0. Future: v1.0.x untuk fix, v1.x.0 untuk fitur, vX.0.0 untuk breaking.
+
+---
+
+## [1.0.0] — 2026-06-03
+
+First public release lintasAI kit — standar kerja AI-first untuk tim IT non-programmer Indonesia.
+
+### Ditambahkan
+
+- **Pola A** (global install via `~/.claude/`) + **Pola B** (embed kit di proyek via `.claude-kit/`) untuk version-locked per project.
+- **17 file tim profesional auto-deploy** saat setup-pola-b.ps1 jalan:
+  - `.github/`: workflows/ai-review.yml + workflows/backup-schemas.yml + scripts/ai-review.js + CODEOWNERS + pull_request_template.md
+  - `docs/`: CLAUDE_TEAM_GUIDE.md + PROMPT_LIBRARY.md + ONBOARDING.md + STACK_GUIDE.md + MCP_SETUP.md + RLS_SETUP_PROMPT.md + DB_SCHEMA_SCAN_PROMPT.md + GLOSSARY_NON_PROGRAMMER.md + SECURITY_INCIDENT_PLAYBOOK.md + feature-flags-advanced.md
+  - `docs/decisions/`: _TEMPLATE.md + README.md
+- **Single-paste workflow** `JALANKAN_KIT.md` (20-step) untuk sesi Claude pertama: scan → auto-decide grouping → bulk-bootstrap docs dengan 4 opsi (Generate ALL default / Pilih kategori / Skeleton-first / DB schema only).
+- **`CLAUDE_universal_v1.md` aturan kerja universal** (auto-load tiap sesi AI) dengan section:
+  - 4.1 Tinjauan Multi-Divisi (12 divisi review)
+  - 4.2 Pattern-Driven Workflow (AI auto-apply PROMPT_LIBRARY pattern dari natural language staff)
+  - 4.3 Guided Step-by-Step Pattern untuk Staff Baru (6-phase universal first-time workflow)
+  - 7.1-7.4 Aturan dokumentasi tim profesional
+- **15 prompt pattern siap-pakai** di `PROMPT_LIBRARY.md` (Prompts 1-10 generic + 11-15 chat-driven workflow + activate feature flag).
+- **Multi-Schema Strategy** di `MCP_SETUP.md`: Option A (shared schema restricted) + Option B (per-staff isolated full CREATE) + Option C (hybrid sandbox + read prod) + 3-layer backup plan.
+- **Workflow rollback playbook** (`CLAUDE_TEAM_GUIDE.md` section 13b): git revert via Claude <5 menit dengan post-mortem template + fire drill quarterly.
+- **Security Incident Playbook** (`docs/SECURITY_INCIDENT_PLAYBOOK.md`) untuk staff IT non-programmer: 6-step STOP-DM-WAIT procedure + decision matrix per tipe token + 5 yang TIDAK BOLEH dilakukan + quick checklist printable.
+- **AI Reviewer di GitHub Actions** (`templates/github/scripts/ai-review.js`) dengan secret leak detection 9 pattern (sk-ant-/eyJ/xoxb/ghp_/glpat/AKIA/service_role/postgres://password@/`.env*` files).
+- **Backup automation** (`templates/github/workflows/backup-schemas.yml`) — daily pg_dump per-schema ke Supabase Storage, retention 30 hari, Slack webhook alert.
+- **Glossary untuk Non-Programmer** (`docs/GLOSSARY_NON_PROGRAMMER.md`) 300+ entry dengan analogi Indonesia-context (Google Drive, Word, Notion, Canva, Discord, Tokopedia, IFTTT, Zapier, Spotify, Gojek).
+- **Risk Level Decision Tree** (Low/Medium/High klasifikasi task) — pengganti feature flag default untuk early-stage project.
+- **Feature flag advanced** (`templates/feature-flags-advanced.md`) — POST-LAUNCH activation via Prompt 15 saat project ready (env var Vercel `NEXT_PUBLIC_FF_<AREA>_<NAMA>` + decision tree 5 kriteria risiko tinggi + cleanup ritual + per-user hash canary).
+- **`kit.ps1` single entry point**: setup / update / uninstall / doctor / scan / version / help subcommand.
+- **`update-kit.ps1` atomic re-clone** dengan backup + auto-rollback kalau git clone gagal (CRITICAL FIX di v1.0.0 untuk PowerShell 5.1 stderr handling).
+- **`setup-pola-b.ps1`** auto-detect Pola B nested extract + Mark-of-the-Web unblock + secure password sharing reminder + **tulis `.install-manifest.json`** (sha256 hash per file kit-template) untuk safe uninstall. **NonInteractive shell hardening**: SEMUA Read-Host (CLAUDE.md detection / auto-flatten nested extract / AGENTS.md backup confirm) di-wrap try/catch dengan default-safe fallback ([2] biarkan / 'N' abort) supaya setup tidak crash di Claude Code / VSCode tab Output / CI / `powershell -NonInteractive`. Sama untuk `install-windows.ps1` Read-Host overwrite confirm.
+- **`uninstall.ps1` safe diff-based delete** — baca `.install-manifest.json`, classify file dengan 7 kategori: PRISTINE (auto-delete), MODIFIED (skip default, `-Force` = backup + hapus), SYMLINK (skip selalu — junction/symlink tidak diikuti, cegah leak isi file di luar project ke .bak), BLOCKED (path escape ke luar project root, REJECT — proteksi path traversal kalau manifest di-tamper), LOCKED (hash gagal — file di-buka editor/AV, skip + hint), MISSING (skip silent), BACKUP (preserved dari setup `-Force` re-run sebelumnya). Direktori cuma dihapus kalau EMPTY setelah file kit dibersihkan → project file kamu di `docs/` & `.github/` AMAN. **Path traversal protection**: manifest entries dengan `..\\` segments / absolute path / drive-letter prefix DITOLAK; canonical path harus StartsWith($ProjectRoot). **Reparse-point check**: leaf + tiap parent segment diperiksa, junction/symlink dimanapun di path = SKIP. **TOCTOU close**: re-hash file tepat sebelum delete, skip kalau berubah sejak plan. **project_root hard-fail**: kalau manifest tidak match lokasi sekarang → abort (override via `-AllowProjectRootMismatch`). **schema_version validation**: reject unknown schema. Default skip `AGENTS.md` (heavy customization, pakai `-DeleteAgents` override). Pakai `-Yes` untuk CI auto-confirm, `-KeepKit` suppress instruksi self-delete. Mencegah insiden seperti `rm -rf docs/` yang ikut hapus file proyek asli.
+- **Manifest anonymized** — `project_root='<PROJECT_ROOT>'` + `installed_by='<USER>'` di JSON (tidak leak Windows username / absolute home path saat manifest committed ke git).
+- **`.claude-kit/.gitignore` auto-generated** saat setup — ignore `.install-manifest.json` + `*.bak` + `*.env*` + `*.pem` + `*.key` (defense-in-depth supaya environment metadata + secret tidak ke-commit walaupun user run `git add .claude-kit/`).
+- **Audit Post-Setup Pattern** (`AUDIT_POST_SETUP_PROMPT_v1.md` + `CLAUDE_universal_v1.md` section 4.4 + `PROMPT_LIBRARY.md` Prompt 16 + `JALANKAN_KIT.md` step 21) — workflow read-only komprehensif yang otomatis ditawarkan setelah `JALANKAN_KIT.md` (Popup #4 default "y"). Scan 8 dimensi paralel via Workflow tool (refactor / security / qa-test / database / devops / performance / docs-gap / onboarding) → adversarial verify per finding (cegah halusinasi, default `is_real=false`) → synthesize ranked 3 tier (low → high `risk_of_introducing_bug`) → **TIAP finding WAJIB punya 3-LAYER ANALOGI NON-PROGRAMMER**: (1) 🏢 sehari-hari (kantor/lemari arsip/loket bank), (2) 📱 tools digital populer Indonesia-context (Tokopedia, Gojek, WhatsApp, BCA mobile, Excel, Google Drive, Notion, Discord, dll.), (3) 🎯 contoh konkret kapan situasi muncul di proyek. Library lengkap 30 jargon di `docs/ANALOGI_LIBRARY.md` (auto-deployed oleh setup-pola-b.ps1). Contoh: N+1 query = "Tokopedia checkout 20 barang satu-satu vs masukin keranjang", missing rate-limit = "BCA mobile pencet kirim OTP unlimited → spam SMS korban", race condition = "Shopee flash sale 2 orang klik Beli detik sama", IDOR = "Tokopedia ganti `invoice=12345`→`12346` muncul invoice orang lain", God Component = "Excel 1 workbook isi stok+gaji+absensi+pivot semua tumpuk", memory leak = "WhatsApp chat masuk foto/video gak dihapus storage penuh", TOCTOU = "Shopee lihat stok 3 → checkout muncul habis", HOLD MERGE = "BCA mobile transfer di atas limit → tunggu OTP", dst. Sprint execution plan: Sprint 0 URGENCY (~30 menit stop-bleeding) → Sprint 1 quick wins (~6-8 jam zero behavior change) → Sprint 2 test foundation (~30-40 jam) → Sprint 3 medium refactor (~1-2 minggu) → Sprint 4+ HIGH RISK (HOLD MERGE, paired review, 1-2 minggu per finding). Status READONLY default; Popup #1 pilih tier 1/2/3/4 (4=semua default); Popup #2 pilih lanjutan (execute Sprint 0 / write report ke `docs/decisions/` / pick item / stop). Pattern-Driven mapping intent staff non-programmer: "audit project" / "ada bug?" / "lemot" / "ready hire staff?" / "refactor messy" auto-route ke fokus dimensi yang relevan. Mencegah refactor reckless tanpa context — semua finding ranked + verified + dengan analogi yang bisa dibaca staff IT non-programmer Day 0 (yang familiar dengan Tokopedia/Gojek/WhatsApp/Excel langsung paham tanpa background dev).
+- **Update Strategy Pattern — 4-Tier Auto-Classify** (`UPDATE_KIT_PROMPT_v1.md` + `docs/UPDATE_GUIDE.md` + `CLAUDE_universal_v1.md` section 4.5 + `PROMPT_LIBRARY.md` Prompt 17 + `update-kit.ps1` enhancement). Filosofi: **AI yang lakukan update analysis + execution, staff cuma chat natural + confirm**. Staff IT non-programmer TIDAK perlu baca CHANGELOG 200 baris dan klasifikasi sendiri "ini breaking apa bukan" — itu tugas AI. **4-Tier classification** dengan analogi tools digital populer: Tier 1 silent (tanpa label, fix typo/perbaikan ringan = kayak **WhatsApp 2.23.10 → 2.23.11 auto-update background**), Tier 2 AI auto-sync (tanpa label, aturan/fitur baru = kayak **iPhone iOS 17.3 → 17.4 minor, fitur baru aktif setelah restart**), Tier 3 `[BREAKING]` (struktur/format ganti = kayak **iPhone iOS 16 → iOS 17 major, migration screen wajib**), Tier 4 `[SCAN-REQUIRED]` (bulk-bootstrap logic ganti = kayak **Tokopedia Seller ganti algoritma kategori, re-mapping produk wajib**). **Dual-mode update**: Chat-based ("lintasAI v1.2.0 rilis, update" → AI parse CHANGELOG → classify tier → compose summary → confirm → execute) untuk staff non-programmer; PS Script (`kit.ps1 update`) untuk power user / CI. **update-kit.ps1 enhancement**: 4 fungsi baru — `Get-LatestChangelogEntry` (parse versi terbaru), `Classify-UpdateTier` (regex `[BREAKING]`/`[SCAN-REQUIRED]` + keyword matching), `Format-UpdateSummary` (compose ringkasan dengan analogi tools digital), `Invoke-BackupCleanup` (auto-hapus `.bak` > 30 hari + keep max 3 latest per file). **Backup retention**: NO folder `migrations/` per breaking change (over-engineering); INSTEAD tiap `[BREAKING]` CHANGELOG entry punya inline section "Migration Steps" dengan PS commands. Backup files auto-cleanup di akhir tiap `kit.ps1 update`. AI auto-trigger update analysis kalau intent staff: "ada versi baru?" / "update kit" / "lintasAI vX.Y rilis" / "kit ku ketinggalan" / "cek update". **Mencegah** staff stress baca technical CHANGELOG + decide tier sendiri — semua otomatis dengan analogi yang familiar (WhatsApp/iPhone/Tokopedia/Google Drive/Excel).
+- **Pre-launch audit comprehensive** (76-agent workflow + adversarial verify + simulate fresh clone) — confirmed 37 bug + 4 blocker fix sebelum v1.0.0 launch.
+
+### Catatan
+
+- Mode: **first public release**. Akan dipakai untuk uji-coba pertama oleh tim IT non-programmer.
+- Future iteration v1.0.1+: simplification opportunities (reduce README, merge ONBOARDING overlap dgn TEAM_GUIDE, fix MCP_SETUP section numbering, split STACK_GUIDE migration sections ke file terpisah, extract CLAUDE_universal section 4.1+4.3 examples ke reference files).
+- Kalau ada bug di field: lapor via channel chat tim, fix akan masuk v1.0.1.
+
+---
+
+## Pre-Release Development (Internal Iteration)
+
+> **Note:** All `v1.0.0 [REPUBLISH ...]` entries di bawah ini adalah pre-release iteration sebelum first public release. Versi tag `v1.0.0` di-force-push berulang kali selama development internal — TIDAK ada perubahan versi semver semantic. Entries dipertahankan untuk historical context + audit trail. Per `Versioning Policy` di v1.0.1: force-push v1.0.0 dihentikan, future fix pakai v1.0.x, fitur v1.x.0, breaking vX.0.0.
+
+### v1.0.0 [REPUBLISH 2026-06-06] - Real-Time Cross-Repo Trigger
+
+#### Added (cross-repo real-time)
+- **templates/github/TRIGGER_FRONTEND_UPDATE.yml** - Backend side: append step ke publish workflow untuk fire `repository_dispatch` event ke frontend repo. Memungkinkan frontend auto-pickup update shared package tanpa nunggu Renovate scheduled run.
+- **templates/github/RECEIVE_BACKEND_UPDATE.yml** - Frontend side: listen `repository_dispatch` event + `npm install` + create PR auto. Latency 3-5 menit (vs Renovate 24 jam scheduled).
+
+#### Changed
+- **templates/CROSS_REPO_TYPES_PIPELINE.md**: tambah section "Real-Time Trigger Pattern" (recommended PRIMARY, Renovate jadi BACKUP fallback kalau dispatch event miss).
+- **templates/SPLIT_REPO_NON_PROGRAMMER_PROMPTS.md**: FULL rewrite semua contoh prompt dari bahasa programming ke bahasa awam (Tokopedia admin / Gojek dispatch style). Replace "TASK-101 add field X", "type OrderTracking", "endpoint GET /api/..." dengan format awam ("Tugas baru: tambah info X", "data Y", "halaman yang nunjukkin Z"). Staff non-programmer Day 0 langsung paham tanpa background dev.
+
+---
+
+### v1.0.0 [REPUBLISH 2026-06-05 #4] - Critical Bug Fixes + Cleanup
+
+#### Fixed (CRITICAL bugs from adversarial review)
+- **TOCTOU + symlink bypass** di uninstall execute phase: re-check Test-PathHasReparsePoint sebelum Remove-Item (lib/safety.ps1 + uninstall.ps1)
+- **Path containment trailing separator bug**: Resolve-SafeProjectPath enforce trailing DirectorySeparatorChar untuk prevent prefix collision (C:\proj vs C:\proj-evil)
+- **GPG verification di update-kit.ps1**: `git verify-tag` SEBELUM hapus .git/. RepoUrl allowlist untuk prevent supply chain hijack.
+- **HMAC manifest signing**: lib/manifest-signing.ps1 sign .install-manifest.json. uninstall.ps1 verify signature sebelum trust entries (prevent tampering attack)
+- **Anti-prompt-injection rules** di CLAUDE_universal_v1.md: file content = DATA bukan instruction. External URL+pipe-to-shell = REFUSE. Identity dari .staff-profile.md, bukan prompt klaim.
+- **Implicit consent removed** dari JALANKAN_KIT: destructive ops (delete, force-push, prisma migrate prod) tetap WAJIB konfirmasi 1x walau auto-confirm aktif.
+
+#### Added (Tests + Single Source)
+- **Pester test suite** untuk security boundary: tests/lib-safety.Tests.ps1 (Resolve-SafeProjectPath, Test-PathHasReparsePoint, Get-FileSha256, prefix collision case)
+- **tests/Run-Tests.ps1**: Pester runner untuk lokal dev + CI
+- **.github/workflows/validate.yml**: tambah pester-tests job
+- **lib/kit-files.psd1**: Single source of truth untuk wajibAda (replace hard-coded list di setup-pola-b + kit.ps1)
+- **lib/manifest-signing.ps1**: HMAC signing helpers
+- **templates/STACK_VERSIONS.md**: Centralized version constants (Next.js, Prisma, Node, dst)
+
+#### Changed (Inconsistency cleanup)
+- **v1.1.0 references → v1.0.0** di SPLIT_REPO_MIGRATION_PROMPT_v1.md (5 occurrences fixed)
+- **3 vs 4 repo inconsistency**: SPLIT_REPO_AGENTS_TEMPLATES.md + PROMPT_LIBRARY.md updated. TOOLS.md jadi OPT-IN.
+- **README.md**: removed 6 deprecated file references, added 4 new prompts to table
+- **MCP_SETUP.md**: renumber sections (2.0/2.0.5/2.1b chaos → 2.1-2.12 linear). Added TOC.
+- **ONBOARDING.md ⇋ CLAUDE_TEAM_GUIDE.md**: merge overlap (TEAM_GUIDE section 3 jadi pointer ke ONBOARDING.md untuk detail).
+- **Next.js version hardcoded → STACK_VERSIONS.md reference** di STACK_GUIDE, FRONTEND, STACK_DETECTION_PATTERN, PROJECT_STARTER_TEMPLATES.
+- **JALANKAN_KIT.md RAMPING**: 5 popup → 2-3 smart popup dengan auto-decide.
+
+#### Kept (Per User Feedback)
+- MCP_SETUP.md schema isolation per-staff (user butuh untuk multi-staff)
+- AI Reviewer GitHub Action (works for both solo + team)
+- 17 file team auto-copy (works for both solo + team)
+- Multi-Divisi 12-lens (existing)
+- Split Repo Migration capability + Auto-Push 3 Repo flow
+- Discord-only webhook
+- Project Starter Templates catalog
+
+#### Migration Notes
+Force-push v1.0.0 (no version bump per user preference). User belum distribusi.
+Setelah update, re-clone fresh: `git clone --depth 1 -b v1.0.0 https://github.com/ojokesusu/lintasAI.git .claude-kit`
+
+---
+
+### v1.0.0 [REPUBLISH 2026-06-05] - Split Repo Migration + 20 Tools
+
+#### Added (4 new files)
+
+- **templates/CROSS_REPO_TYPES_PIPELINE.md** - Full automation guide: backend auto-publish @<project>/shared + frontend Renovate auto-PR + Discord notif. End-to-end workflow Day 1 backend → Day 2 frontend auto-coordinate.
+- **templates/github/RENOVATE_FRONTEND.json** - Renovate config template untuk frontend repo (auto-PR @<project>/shared updates).
+- **templates/github/PUBLISH_SHARED_WORKFLOW.yml** - GitHub Actions template: backend push → generate types → bump version → publish ke GitHub Packages → Discord notif.
+- **templates/github/GENERATE_TYPES_SCRIPT.md** - Setup tsup + Prisma generate untuk auto types pipeline.
+
+- **SPLIT_REPO_MIGRATION_PROMPT_v1.md** (root) - Single-paste prompt untuk owner migrate monolith ke 3 repo split (default; 4 repo opt-in untuk team >20 staff atau compliance audit). AI analyze project + propose plan + execute auto-push step-by-step. Effort ~1.5 jam dengan auto-push flow (was 4-6 minggu manual).
+
+- **templates/SPLIT_REPO_AGENTS_TEMPLATES.md** - 4 AGENTS.md template (frontend, backend, shared, tools). AI customize dengan project name.
+
+- **templates/SPLIT_REPO_NON_PROGRAMMER_PROMPTS.md** - Cheatsheet prompt staff non-programmer dengan analogi tools digital (Tokopedia, Gojek, WhatsApp, Discord).
+
+- **templates/SPLIT_REPO_TOOLS_SETUP.md** - Setup guide 18+ tools (Swagger, Storybook, Playwright, Discord webhook, Sentry, dst). Tier 1/2/3 priority.
+
+- **templates/DISCORD_BOT_INTEGRATION.md** - Discord server structure + webhook setup + bot custom guide
+
+- **templates/STACK_DETECTION_PATTERN.md** - Pattern untuk AI auto-detect stack saat user pertama kali pakai lintasAI
+
+- **templates/PROJECT_STARTER_TEMPLATES.md** - Catalog 4 starter templates + how-to (default: project setengah jadi SKIP starter)
+
+- **templates/split-agents/FRONTEND.md, BACKEND.md, SHARED.md, TOOLS.md** - 4 AGENTS.md template (was 1 mega-file, sekarang split)
+
+#### Changed
+
+- setup-pola-b.ps1: wajibAda tambah 4 file split repo
+- kit.ps1: doctor wajibAda update
+- templates/split-agents/FRONTEND.md: tambah section "Session Start Auto-Check" (versi compare + Swagger fetch + Discord context).
+- templates/split-agents/BACKEND.md: tambah section "Auto-Publish @<project>/shared (Trigger Rule)" - WAJIB update shared sebelum commit.
+- templates/PROMPT_LIBRARY.md: tambah Prompt 18-20 (split repo migration, AGENTS.md deploy, non-programmer cheatsheet)
+- JALANKAN_KIT.md: tambah Popup #5 auto-offer split repo migration ke first-time user
+- Discord-only webhook (user feedback): remove generic Slack/Telegram references
+- Removed: TypeScript strict + AI error explainer section (already covered di docs/ generated JALANKAN_KIT.md)
+- templates/SPLIT_REPO_AGENTS_TEMPLATES.md jadi index stub (point ke split-agents/ subfolder)
+- templates/SPLIT_REPO_TOOLS_SETUP.md: Playwright + DevContainer elevate dari Bonus ke Tier 2 (non-programmer recommended)
+- **3 repo default (was 4)**: akses-tools merged dalam backend/scripts/ dengan CODEOWNERS owner-only. Skip terpisah repo kecuali team grow >20 staff atau compliance audit.
+- **Option B (Frontend Shell Wrapper) default top recommendation**: API route shell 3-baris forward ke backend. Privacy preserved (logic di compiled package @<project>/backend-client). Keep Next.js Server Action velocity.
+- **Auto-Push 3 Repo Flow**: Owner pre-buat 3 repo empty di GitHub, paste URLs ke AI, AI handle file mapping + git init + commit + push ke 3 repo. Total effort ~1.5 jam.
+
+#### Why v1.0.0 republish (bukan v1.1.0)?
+
+User belum distribusi lintasAI ke siapapun. Tidak ada existing user yang perlu version bump. Force-push v1.0.0 lebih clean.
+
+Catatan: setelah ada user external, baru pakai semantic versioning strict (v1.0.x patch, v1.x.0 minor, vX.0.0 major).
+
+---
+
+### v1.0.0 [REPUBLISH 2026-06-04] - Hardening
+
+#### Added
+- `kit.ps1 rollback` subcommand (auto-restore from .bak via lib/rollback.ps1) [BREAKING-safety-net]
+- `kit.ps1 version` subcommand (print currently-installed kit version)
+- `kit.ps1 doctor` integrity verification (sha256 diff vs manifest baseline, 3-bucket: PRISTINE/MODIFIED/MISSING)
+- `update-kit.ps1` pre-clone version check (no-op if already on latest tag, saves bandwidth & time)
+- `lib/rollback.ps1` (new module, exports Invoke-Rollback + Get-RollbackPreview)
+- `lib/safety.ps1` (extracted from uninstall.ps1: Resolve-SafeProjectPath, Test-PathHasReparsePoint, Get-FileSha256, Read-Manifest, dst)
+- `.github/workflows/validate.yml` (CI: ps-parse + smoke-setup + yaml-lint on push/PR)
+- `docs/SIGNED_RELEASE.md` (GPG verification workflow untuk owner + staff; auto-deployed)
+- `PROJECT_LIFECYCLE_PROMPT_v1.md` (merge of 4 stage prompts: kickoff/bootstrap-docs/update-docs/migration)
+
+#### Changed
+- Entry-point prompts: 9 -> 4 (5 deprecated jadi stub, preserve git history)
+- Multi-divisi 12-lens review: sekarang auto-detect (skip untuk simple Q&A; full untuk refactor besar / arsitektur / security)
+- ANALOGI 30-jargon library: deprecated, AI generate on-demand per CLAUDE rule (5 grounding samples inline)
+- `uninstall.ps1`: refactor extract safety helpers ke lib/safety.ps1 (DRY, reusable dari rollback module)
+
+#### Deprecated
+- `FIRST_SESSION_PROMPT_v1.md` -> use JALANKAN_KIT.md
+- `SETUP_POLA_B_PROMPT_v1.md` -> use JALANKAN_KIT.md
+- `BOOTSTRAP_PROJECT_DOCS_PROMPT_v1.md` -> Stage B in PROJECT_LIFECYCLE_PROMPT_v1.md
+- `PROJECT_KICKOFF_PROMPT_v1.md` -> Stage A in PROJECT_LIFECYCLE_PROMPT_v1.md
+- `PROJECT_MIGRATION_PROMPT_v1.md` -> Stage D in PROJECT_LIFECYCLE_PROMPT_v1.md
+- `UPDATE_DOCS_PROMPT_v1.md` -> Stage C in PROJECT_LIFECYCLE_PROMPT_v1.md
+- `templates/ANALOGI_LIBRARY.md` -> AI on-demand
+
+#### Migration steps (staff IT) [SCAN-REQUIRED untuk staff yang sudah install < v1.0.0-2026-06-04]
+1. Cek versi current: `.claude-kit\kit.ps1 version`
+2. Update: `.claude-kit\kit.ps1 update` (auto-classify Tier 3)
+3. AI baca CHANGELOG, eksekusi migration: stub files lama akan otomatis ter-replace
+4. Verify: `.claude-kit\kit.ps1 doctor` -> harus output PRISTINE: <count>, MISSING: 0