npm - @ojokesusu/lintasai - Versions diffs - 1.1.2 - Mend

@ojokesusu/lintasai 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

package/.github/workflows/publish-npm.yml +40 -0
package/.github/workflows/validate.yml +93 -0
package/AUDIT_POST_SETUP_PROMPT_v1.md +280 -0
package/BOOTSTRAP_PROJECT_DOCS_PROMPT_v1.md +3 -0
package/CHANGELOG.md +313 -0
package/CLAUDE_universal_v1.md +1021 -0
package/CONTRIBUTING.md +101 -0
package/FIRST_SESSION_PROMPT_v1.md +7 -0
package/JALANKAN_KIT.md +188 -0
package/LICENSE +21 -0
package/MULAI_DI_SINI.md +145 -0
package/PROJECT_KICKOFF_PROMPT_v1.md +3 -0
package/PROJECT_LIFECYCLE_PROMPT_v1.md +536 -0
package/PROJECT_MIGRATION_PROMPT_v1.md +3 -0
package/README.md +505 -0
package/SETUP_POLA_B_PROMPT_v1.md +5 -0
package/SPLIT_REPO_MIGRATION_PROMPT_v1.md +485 -0
package/TEAM_ROLLOUT_GUIDE_v1.md +172 -0
package/UPDATE_DOCS_PROMPT_v1.md +3 -0
package/UPDATE_KIT_PROMPT_v1.md +213 -0
package/bin/lintasai.js +81 -0
package/docs/SIGNED_RELEASE.md +162 -0
package/install-windows.ps1 +225 -0
package/kit.ps1 +508 -0
package/lib/agents-md.ps1 +174 -0
package/lib/git-helpers.ps1 +104 -0
package/lib/kit-files.psd1 +133 -0
package/lib/manifest-signing.ps1 +65 -0
package/lib/manifest.ps1 +267 -0
package/lib/rollback.ps1 +241 -0
package/lib/safety.ps1 +193 -0
package/lib/template-deploy.ps1 +242 -0
package/lib/version-detect.ps1 +161 -0
package/package.json +36 -0
package/setup-pola-b.ps1 +687 -0
package/templates/ANALOGI_LIBRARY.md +7 -0
package/templates/CLAUDE_TEAM_GUIDE.md +505 -0
package/templates/CROSS_REPO_TYPES_PIPELINE.md +473 -0
package/templates/DB_SCHEMA_SCAN_PROMPT.md +194 -0
package/templates/DISCORD_BOT_INTEGRATION.md +187 -0
package/templates/GLOSSARY_NON_PROGRAMMER.md +361 -0
package/templates/INDEX.md +157 -0
package/templates/MCP_SETUP.md +1145 -0
package/templates/MIGRATE_TO_SUBFOLDER_PROMPT_v1.md +220 -0
package/templates/ONBOARDING.md +172 -0
package/templates/PROJECT_STARTER_TEMPLATES.md +264 -0
package/templates/PROMPT_LIBRARY.md +790 -0
package/templates/RLS_SETUP_PROMPT.md +167 -0
package/templates/SECURITY_INCIDENT_PLAYBOOK.md +191 -0
package/templates/SPLIT_REPO_AGENTS_TEMPLATES.md +32 -0
package/templates/SPLIT_REPO_NON_PROGRAMMER_PROMPTS.md +604 -0
package/templates/SPLIT_REPO_TOOLS_SETUP.md +388 -0
package/templates/STACK_DETECTION_PATTERN.md +261 -0
package/templates/STACK_GUIDE.md +564 -0
package/templates/STACK_MIGRATION_GUIDE.md +154 -0
package/templates/STACK_VERSIONS.md +31 -0
package/templates/UPDATE_GUIDE.md +246 -0
package/templates/_EXAMPLE.md +110 -0
package/templates/_PATTERNS.md +173 -0
package/templates/architecture.md +180 -0
package/templates/architecture_auto.md +61 -0
package/templates/decisions/README.md +108 -0
package/templates/decisions/_TEMPLATE.md +84 -0
package/templates/feature-flags-advanced.md +171 -0
package/templates/github/CODEOWNERS.template +61 -0
package/templates/github/GENERATE_TYPES_SCRIPT.md +77 -0
package/templates/github/PUBLISH_SHARED_WORKFLOW.yml +52 -0
package/templates/github/RECEIVE_BACKEND_UPDATE.yml +106 -0
package/templates/github/RENOVATE_FRONTEND.json +28 -0
package/templates/github/TRIGGER_FRONTEND_UPDATE.yml +29 -0
package/templates/github/pull_request_template.md +44 -0
package/templates/github/scripts/ai-review.js +153 -0
package/templates/github/workflows/ai-review.yml +61 -0
package/templates/github/workflows/backup-schemas.yml +169 -0
package/templates/glossary.md +110 -0
package/templates/split-agents/BACKEND.md +149 -0
package/templates/split-agents/FRONTEND.md +141 -0
package/templates/split-agents/SHARED.md +82 -0
package/templates/split-agents/TOOLS.md +77 -0
package/tests/Run-Tests.ps1 +19 -0
package/tests/lib-safety.Tests.ps1 +66 -0
package/tests/rollback.Tests.ps1 +66 -0
package/tests/uninstall.Tests.ps1 +265 -0
package/tests/update-kit.Tests.ps1 +78 -0
package/uninstall.ps1 +794 -0
package/update-kit.ps1 +907 -0

package/templates/RLS_SETUP_PROMPT.md ADDED Viewed

@@ -0,0 +1,167 @@
+# templates/RLS_SETUP_PROMPT.md — Setup Row-Level Security per Schema
+> Versi 1 · 2026-06-01
+> Untuk staff IT / developer schema-scoped yang akses Supabase pakai role `creative_<dev>.<project-ref>`.
+---
+## 1. Untuk OWNER — Template pesan announcement ke staff IT
+Copy template ini, ganti placeholder `{{DEV}}`, `{{SCHEMA}}`, `{{PASSWORD-KAMU}}`, `{{PROJECT_REF}}`, `{{POOLER_HOST}}`:
+```
+Halo {{DEV}}, ada update KEAMANAN database. Kita rapikan akses supaya tiap orang HANYA bisa ke
+schema-nya sendiri (isolasi antar-tenant).
+PERUBAHAN PENTING:
+- Mulai sekarang pakai koneksi role KHUSUS kamu: username `creative_{{DEV}}.{{PROJECT_REF}}`.
+- JANGAN pakai lagi string yang usernamanya `postgres.` — itu akses penuh ke SEMUA tenant, ditutup demi keamanan.
+- Password kamu TIDAK aku ubah: pakai password `creative_{{DEV}}` yang lama. Kalau tidak punya/lupa, balas ini, nanti aku kirim yang baru.
+Koneksi kamu (schema: {{SCHEMA}}):
+  App/runtime (6543): postgresql://creative_{{DEV}}.{{PROJECT_REF}}:[PASSWORD-KAMU]@{{POOLER_HOST}}:6543/postgres
+  DDL/migrasi (5432): postgresql://creative_{{DEV}}.{{PROJECT_REF}}:[PASSWORD-KAMU]@{{POOLER_HOST}}:5432/postgres?sslmode=require
+TUGAS (kerjakan via Claude Code kamu, yang sudah buka project app kamu) — paste prompt RLS_SETUP di bawah.
+Kalau ragu, tanya aku dulu sebelum REVOKE/ENABLE di tabel yang dipakai app.
+```
+**Cara pakai**:
+1. Ganti placeholder per-dev (mis. `{{DEV}}` → `sandi`, `{{SCHEMA}}` → `pbn`).
+2. Kirim via password manager (1Password / Bitwarden Send) atau encrypted DM yang auto-delete.
+3. JANGAN kirim password actual di body pesan; kirim password via password manager terpisah.
+---
+## 2. Untuk STAFF IT — Prompt RLS Setup (paste ke Claude Code)
+**Persiapan dulu** (sebelum paste prompt):
+- Pastikan Claude Code sudah dibuka di folder project app kamu (mis. `D:\projects\<your-app>\`).
+- Pastikan kamu sudah dapat connection string dari owner (jangan paste password ke chat).
+- Update `.env.local` proyek dengan connection string baru (port 6543, username `creative_<dev>.<project-ref>`).
+**Paste prompt ini ke Claude Code**:
+```
+Saya developer schema `{{SCHEMA}}` di database Supabase yang dipakai bersama banyak tenant (PRODUCTION).
+Tugas: amankan schema `{{SCHEMA}}` dengan Row Level Security (RLS) supaya pemegang anon/publishable key
+(PUBLIK) tidak bisa baca/tulis data atau melewati cek role app.
+ATURAN WAJIB:
+1) Jangan ENABLE RLS tanpa bikin policy dulu (RLS tanpa policy = app error semua query gagal).
+2) Tes lewat APP asli (login tiap role), bukan psql — koneksi langsung saya bypass RLS karena saya owner tabel.
+3) Jangan pakai USING(true) untuk operasi TULIS; policy tulis harus cek role app yang authoritative.
+4) Hanya sentuh schema {{SCHEMA}}. JANGAN touch schema lain.
+LANGKAH:
+1. Baca kode app saya (folder `src/`, `app/`, `lib/`, dst.) untuk pahami:
+   - Role app apa saja yang dipakai (mis. `admin_access`, `pic`, `staff`, `anon`).
+   - Tabel mana yang public-readable (mis. landing page data) vs auth-required.
+   - JWT claim path yang dipakai app (mis. `request.jwt.claims->>'role'` atau header custom).
+2. List semua tabel di schema {{SCHEMA}}:
+   ```sql
+   SELECT table_name FROM information_schema.tables
+   WHERE table_schema = '{{SCHEMA}}' AND table_type = 'BASE TABLE'
+   ORDER BY table_name;
+   ```
+3. Untuk SETIAP tabel, urutan eksekusi:
+   a. Bikin policy SELECT (read) — cek role yang boleh baca.
+   b. Bikin policy INSERT/UPDATE/DELETE (write) — cek role app authoritative.
+   c. Verify policy syntax bener (DROP POLICY IF EXISTS sebelum CREATE biar idempotent).
+   d. ENABLE RLS: `ALTER TABLE {{SCHEMA}}.<tabel> ENABLE ROW LEVEL SECURITY;`
+   e. REVOKE anon: `REVOKE ALL ON {{SCHEMA}}.<tabel> FROM anon;` (kalau app wajib login).
+   f. Test via APP asli — login → action → verify behavior.
+   g. Test anon access — pakai publishable_key, harus 401/403 atau empty.
+4. Setelah SEMUA tabel selesai:
+   a. Bikin docs/db-rls.md ringkas: per tabel, role apa yang boleh apa.
+   b. Update docs/architecture_auto.md dengan entry [db-rls.md](db-rls.md).
+   c. Commit ke git: `chore(db): setup RLS for schema {{SCHEMA}}`.
+PENTING:
+- Kerjakan tabel per tabel, HATI-HATI, tes setiap selesai sekelompok (3-5 tabel).
+- Kalau ragu di salah satu tabel, STOP dan tanya owner sebelum lanjut.
+- Kalau test app gagal setelah ENABLE RLS, DISABLE dulu (`ALTER TABLE ... DISABLE ROW LEVEL SECURITY`),
+  debug policy, baru ENABLE lagi.
+- JANGAN run `DROP POLICY` untuk policy app existing tanpa konfirmasi owner.
+Mulai dari langkah 1 (baca kode app) sekarang.
+```
+---
+## 3. Verifikasi setelah RLS aktif
+Setelah staff IT selesai, owner verify dengan checklist ini:
+- [ ] Semua tabel di schema `{{SCHEMA}}` punya RLS enabled (`SELECT relname, relrowsecurity FROM pg_class WHERE relnamespace = '{{SCHEMA}}'::regnamespace AND relkind = 'r';`).
+- [ ] Semua tabel punya minimal 1 policy (`SELECT tablename, policyname FROM pg_policies WHERE schemaname = '{{SCHEMA}}';`).
+- [ ] Test app dari browser tanpa login → menu / data terkunci.
+- [ ] Test curl dengan publishable_key ke endpoint tabel sensitif → 401/403.
+- [ ] Test login sebagai role app yang valid → semua fitur jalan.
+- [ ] `docs/db-rls.md` ada di repo dengan ringkasan per tabel.
+---
+## 4. Anti-pattern (LARANGAN)
+### 4.1. ENABLE RLS sebelum policy lengkap
+```sql
+-- SALAH — app langsung 500 error semua query
+ALTER TABLE pbn.posts ENABLE ROW LEVEL SECURITY;
+-- belum ada policy → default deny → semua query gagal
+```
+**Yang benar**: bikin policy dulu (SELECT + INSERT + UPDATE + DELETE), baru ENABLE.
+### 4.2. Pakai USING(true) untuk write policy
+```sql
+-- SALAH — semua user (termasuk anon) bisa update apapun
+CREATE POLICY posts_update ON pbn.posts FOR UPDATE USING (true);
+```
+**Yang benar**: cek role app authoritative.
+```sql
+CREATE POLICY posts_update ON pbn.posts FOR UPDATE
+  USING (current_setting('request.jwt.claims', true)::json->>'role' = 'admin_access')
+  WITH CHECK (current_setting('request.jwt.claims', true)::json->>'role' = 'admin_access');
+```
+### 4.3. Tes RLS via psql owner
+```bash
+# SALAH — psql sebagai owner tabel BYPASS RLS otomatis
+psql "postgresql://creative_a.ref:pwd@...:6543/postgres"
+SELECT * FROM pbn.posts;  -- jalan, padahal RLS aktif
+```
+**Yang benar**: tes via app asli yang pakai JWT app role. PostgreSQL native role (`creative_a`) BUKAN role app.
+### 4.4. Sentuh schema orang lain
+```sql
+-- SALAH — staff IT touch schema yang bukan miliknya
+ALTER TABLE rtp.bets ENABLE ROW LEVEL SECURITY;
+```
+**Yang benar**: hanya sentuh schema sendiri (`pbn` kalau kamu creative_a di tim PBN).
+---
+## 5. Troubleshooting
+### "permission denied for table X" setelah ENABLE RLS
+- Cek `SELECT * FROM pg_policies WHERE tablename = 'X';` — ada policy belum?
+- Cek JWT claim app — apakah role-nya match dengan policy `USING` clause?
+- Cek apakah connection string app pakai role yang BUKAN tabel owner (RLS skip owner).
+### App jalan tapi data kosong setelah RLS
+- Policy SELECT terlalu strict (mis. cek role yang tidak ada di JWT user current).
+- DISABLE sementara untuk debug: `ALTER TABLE X DISABLE ROW LEVEL SECURITY;`
+- Cek query asli yang app jalankan vs claim JWT yang dikirim.
+### Migration Prisma gagal setelah RLS
+- Prisma migrate jalan sebagai owner tabel = bypass RLS, tapi pakai DDL connection (port 5432).
+- Pastikan connection string DDL pakai `?sslmode=require`.
+- Kalau masih gagal, owner perlu `GRANT ALL ON SCHEMA <schema> TO postgres;` sementara untuk migrate.
+---
+## Referensi
+- Supabase RLS docs: https://supabase.com/docs/guides/database/postgres/row-level-security
+- PostgreSQL CREATE POLICY: https://www.postgresql.org/docs/current/sql-createpolicy.html
+- JWT claim helper Supabase: https://supabase.com/docs/guides/auth/server-side/creating-a-client

package/templates/SECURITY_INCIDENT_PLAYBOOK.md ADDED Viewed

@@ -0,0 +1,191 @@
+# Security Incident Playbook — Untuk Staff IT Non-Programmer
+> Wajib baca **sebelum** mulai kerja task pertama.
+> File ini cuma dipakai saat **ADA SIGNAL** keamanan. Tidak perlu di-eksekusi rutin.
+---
+## 🚨 Kapan Playbook Ini Dipakai?
+Pakai langkah di bawah kalau kamu lihat **salah satu** signal berikut:
+| Signal | Sumber | Contoh |
+|---|---|---|
+| 🚨 Email "Secret Detected" | GitHub | *"GitGuardian detected token in commit abc123 by @bagus"* |
+| 🚨 AI Reviewer warning di PR | `.github/scripts/ai-review.js` | Comment: *"⚠️ Possible token leak at line 42: pattern matches `sk-ant-`"* |
+| 🚨 Email anomaly | Vercel / Supabase / Anthropic | *"Unusual usage spike detected: 5000 requests in last hour from IP X"* |
+| 🚨 File `.env.local` muncul di `git status` | Terminal lokal | `git status` show `.env.local: untracked` — tapi seharusnya di `.gitignore` |
+| 🚨 Token ter-paste tidak sengaja | Channel chat tim, screenshot | Tanpa sengaja kamu/teman paste isi `.env.local` di Slack/Discord |
+| 🚨 Akses tidak diakui | Email "New device login" | *"Login dari IP 1.2.3.4 di Russia"* — bukan kamu |
+**TIDAK termasuk security incident**:
+- Bug kode biasa (pakai workflow PR normal)
+- Performance issue (DB slow, halaman lambat)
+- UI typo
+---
+## 📞 Step-by-Step (URUTAN WAJIB — Jangan Skip)
+### Step 1 — STOP coding sekarang juga (10 detik)
+Jangan commit, jangan push, jangan close terminal. Biarkan semua state apa adanya.
+**Kenapa**: kalau token bocor, tiap detik = window untuk attacker pakai token. Tapi kamu juga jangan rush — tindakan salah bisa hapus jejak forensik.
+### Step 2 — JANGAN buka channel chat publik (30 detik)
+Token bocor itu **sensitive info**. Jangan:
+- ❌ Post di `#tasks-akses` (semua staff lihat + screenshot bisa)
+- ❌ Reply thread PR yang affected (token mungkin keulang di reply)
+- ❌ Email "to all" — multiplier risk
+### Step 3 — DM Owner LANGSUNG (1 menit)
+Kirim **DM private** ke owner dengan template ini:
+```
+🚨 SECURITY ALERT
+Signal: <tempel email/screenshot/copy text exact yang trigger>
+Sumber: <GitHub Secret Scanning / AI Reviewer / email Vercel / dll>
+PR/commit terkait: <link kalau ada>
+Waktu deteksi: <jam>
+Status: saya STOP coding, nunggu instruksi.
+```
+Contoh:
+```
+🚨 SECURITY ALERT
+Signal: Email GitHub "GitGuardian detected token in commit 7f8a9d2"
+Sumber: GitHub Secret Scanning
+PR/commit terkait: https://github.com/ojokesusu/akses/pull/42
+Waktu deteksi: 14:23 WIB
+Status: saya STOP coding, nunggu instruksi.
+```
+### Step 4 — Tunggu instruksi owner (max 30 menit)
+Owner akan eksekusi salah satu (kamu tidak perlu lakukan ini sendiri):
+- **Rotate token affected** (generate token baru, invalidate yang bocor)
+- **Force-push history rewrite** kalau token sudah di-commit ke main (cuma owner punya akses)
+- **Audit log** Vercel/Supabase — cek ada akses tidak sah selama window bocor?
+- **Update env var** di semua environment (Production, Preview, Development)
+### Step 5 — Setelah owner kasih sinyal AMAN
+Owner DM kamu: *"Resolved. Token sudah di-rotate. Kamu boleh lanjut coding."*
+Lakukan:
+1. Pull `main` terbaru (kalau history di-rewrite, force-pull diperlukan)
+2. Update `.env.local` lokal dengan token baru (owner kirim via DM)
+3. Lanjut task yang tadi di-pause
+### Step 6 — Post-Mortem (dalam 24 jam)
+Owner / kamu tulis post-mortem di `docs/incidents/<YYYY-MM-DD>-<slug>.md`:
+```markdown
+# Incident: Token Anthropic bocor di PR #42
+## Tanggal
+2026-06-15
+## Durasi terpapar
+14:23 - 14:38 WIB (15 menit dari commit sampai rotate)
+## Apa yang terjadi
+Saat copy `.env.example` jadi `.env.local`, tidak sengaja juga commit `.env.local`
+ke branch `feat/inbox-filter`. GitHub Secret Scanning detect token Anthropic
+`sk-ant-...` di file `.env.local` baris 12.
+## Kenapa lolos review?
+- `.gitignore` ada `.env.local`, tapi pre-commit hook tidak aktif.
+- AI Reviewer tidak konfigurasi pattern Anthropic token.
+- Staff (saya) tidak cek `git status` sebelum push.
+## Action items
+- [ ] (Owner) Setup pre-commit hook `.env*` block
+- [ ] (Owner) Tambah pattern `sk-ant-` di AI Reviewer warning rules
+- [ ] (Staff) Tambah ke onboarding: WAJIB `git status` cek sebelum push pertama kali
+- [ ] (Owner) Audit Anthropic usage log selama 14:23-14:38 — ada akses tidak sah?
+## Lesson learned
+Staff baru hire WAJIB tau `.env.local` tidak boleh di-commit.
+Tambah micro-win Day 0 task: simulasi staging .env biar staff hands-on cek `git status`.
+```
+---
+## 🚫 Yang TIDAK BOLEH Dilakukan
+1. ❌ **Jangan rotate token sendiri** — owner only operation. Staff coba rotate bisa break production.
+2. ❌ **Jangan delete commit dari history sendiri** (`git reset --hard`, `git push --force`) — bisa destructive, hilang work tim lain.
+3. ❌ **Jangan post screenshot di channel chat** — token visible di screenshot = bocor lagi.
+4. ❌ **Jangan diam tanpa lapor** — 30 menit silence = window besar buat attacker.
+5. ❌ **Jangan panik continue coding** — tiap commit tambahan = makin susah forensik.
+---
+## 📋 Template Decision Matrix untuk Owner
+Owner pakai matrix ini saat terima alert dari staff:
+| Tipe Token | Severity | Action |
+|---|---|---|
+| Anthropic API key | 🔴 High | Rotate via console.anthropic.com → Settings → Keys → revoke + create new. Update Vercel env vars. |
+| Supabase Service Role Key | 🔴 Critical | Rotate via Supabase Dashboard → Settings → API → Reset. Update Vercel + audit DB access log. |
+| GitHub Personal Access Token | 🟠 Medium | Revoke di GitHub Settings → Developer settings → Personal access tokens. |
+| Vercel deploy token | 🟠 Medium | Vercel Dashboard → Settings → Tokens → revoke + create new. |
+| Database password (creative_<dev>) | 🔴 High | Supabase Dashboard → Database → Roles → reset password user affected. Update `.env.local` semua dev. |
+| `.env.local` file ter-commit | 🔴 High | Rotate SEMUA token di file (asumsi semua bocor). Force-push history rewrite. |
+| Sensitive PII di code/log | 🟠 Medium | Cek scope leak, notify legal kalau >1 user PII. GDPR/UU PDP compliance check. |
+---
+## 🔐 Preventive Measures (Owner Setup, Bukan Staff)
+Setup ini sekali, otomatis protect kedepan:
+| Layer | Tool | Setup |
+|---|---|---|
+| GitHub Secret Scanning | Settings → Code security & analysis | Enable "Secret scanning" + "Push protection" (block push kalau detect secret) |
+| GitGuardian (alternatif) | gitguardian.com → connect GitHub | Auto-scan tiap commit, lebih banyak pattern |
+| Pre-commit hook | `.husky/pre-commit` | Check `.env*` not staged: `git diff --cached --name-only \| grep -E '^\.env' && exit 1` |
+| AI Reviewer custom rules | `.github/scripts/ai-review.js` | Tambah pattern: `sk-ant-`, `eyJ\\w+`, `xoxb-`, `ghp_`, `postgres://.*:.*@` |
+| Vercel anomaly alert | Vercel Settings → Notifications | Enable usage spike notification |
+| Supabase activity log | Supabase Dashboard → Logs | Review weekly untuk unusual queries |
+---
+## 📞 Eskalasi (Kalau Owner Tidak Reply >1 Jam)
+Kalau alert serius (data breach, multiple token bocor) dan owner tidak reply >1 jam:
+1. **Cek channel emergency**: `#emergency` atau nomor HP owner
+2. **Cek backup owner** (kalau ada deputi/co-founder)
+3. **Untuk Anthropic API**: minimal kamu bisa email `support@anthropic.com` lapor token compromise (mereka revoke dari sisi mereka)
+4. **Untuk Supabase**: email `support@supabase.io` dengan project ref + nature of leak
+5. **Untuk GitHub**: report di Security tab repo
+---
+## ✅ Quick Checklist Kalau Kamu Encounter
+```
+[ ] Step 1: STOP coding
+[ ] Step 2: TIDAK post di channel publik
+[ ] Step 3: DM owner dengan template Security Alert
+[ ] Step 4: Tunggu instruksi (max 30 menit)
+[ ] Step 5: Lanjut coding setelah owner sinyal aman
+[ ] Step 6: Post-mortem dalam 24 jam
+```
+Print checklist ini, tempel di laptop. Saat panik, baca checklist > improvise.
+---
+> **Filosofi**: security incident BUKAN ujian skill — semua orang bisa salah klik atau tidak sengaja commit file rahasia. Yang membedakan tim profesional vs amatir = **cara handle saat ada incident**. Playbook ini cuma tools — yang penting **kamu PERTAMA-TAMA lapor owner**, bukan sembunyiin atau coba fix sendiri tanpa expertise.

package/templates/SPLIT_REPO_AGENTS_TEMPLATES.md ADDED Viewed

@@ -0,0 +1,32 @@
+# AGENTS.md Templates - Split Repo (INDEX)
+> 3 AGENTS.md template DEFAULT untuk 3 repo split (OPT-IN: 4th template untuk tools repo kalau team >20 staff).
+> File ini cuma index. Detail per repo ada di split-agents/ subfolder.
+## Templates Available
+1. [Frontend Repo AGENTS.md](split-agents/FRONTEND.md) - Untuk <project>-frontend (Frontend staff: dapat edit data CRUD, tidak DDL)
+2. [Backend Repo AGENTS.md](split-agents/BACKEND.md) - Untuk <project>-backend (Backend staff + owner: full DB control termasuk DDL)
+3. [Shared Repo AGENTS.md](split-agents/SHARED.md) - Untuk <project>-shared (types only; both Frontend & Backend dapat akses read)
+4. [Tools Repo AGENTS.md](split-agents/TOOLS.md) - Untuk <project>-tools (owner + Backend staff kalau pakai 4-repo split) **(OPT-IN)**
+## Cara AI Pakai
+Saat split repo migration:
+1. Owner pilih untuk deploy template (Y/N)
+2. AI read template per file (FRONTEND.md, BACKEND.md, dst)
+3. AI customize dengan project name + GitHub username staff
+4. AI deploy ke masing-masing repo:
+   - <project>-frontend/AGENTS.md
+   - <project>-backend/AGENTS.md
+   - <project>-shared/AGENTS.md
+   - <project>-tools/AGENTS.md
+5. Commit per repo dengan message: "feat: add AGENTS.md from lintasAI v1.0.0 template"
+## Customization Variables
+Saat deploy, replace placeholder:
+- `<project>` -> nama project user (e.g., "akses")
+- `<project>-frontend` -> nama repo frontend
+- `<project>-backend` -> nama repo backend
+- `<owner>` -> GitHub username owner