@open-mercato/cli 0.6.6-develop.6483.1.b623f50e2b → 0.6.6-develop.6484.1.2d3741fd58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/.turbo/turbo-build.log +3 -3
  2. package/dist/agentic/guides/module-facts.json +53 -53
  3. package/dist/agentic/guides/modules/ai_assistant.md +1 -1
  4. package/dist/agentic/guides/modules/api_docs.md +1 -1
  5. package/dist/agentic/guides/modules/api_keys.md +1 -1
  6. package/dist/agentic/guides/modules/attachments.md +1 -1
  7. package/dist/agentic/guides/modules/audit_logs.md +1 -1
  8. package/dist/agentic/guides/modules/auth.md +1 -1
  9. package/dist/agentic/guides/modules/business_rules.md +1 -1
  10. package/dist/agentic/guides/modules/catalog.md +1 -1
  11. package/dist/agentic/guides/modules/channel_gmail.md +1 -1
  12. package/dist/agentic/guides/modules/channel_imap.md +1 -1
  13. package/dist/agentic/guides/modules/checkout.md +1 -1
  14. package/dist/agentic/guides/modules/communication_channels.md +1 -1
  15. package/dist/agentic/guides/modules/configs.md +1 -1
  16. package/dist/agentic/guides/modules/content.md +1 -1
  17. package/dist/agentic/guides/modules/currencies.md +1 -1
  18. package/dist/agentic/guides/modules/customer_accounts.md +1 -1
  19. package/dist/agentic/guides/modules/customers.md +1 -1
  20. package/dist/agentic/guides/modules/dashboards.md +1 -1
  21. package/dist/agentic/guides/modules/data_sync.md +1 -1
  22. package/dist/agentic/guides/modules/dictionaries.md +1 -1
  23. package/dist/agentic/guides/modules/directory.md +1 -1
  24. package/dist/agentic/guides/modules/entities.md +1 -1
  25. package/dist/agentic/guides/modules/events.md +1 -1
  26. package/dist/agentic/guides/modules/feature_toggles.md +1 -1
  27. package/dist/agentic/guides/modules/gateway_stripe.md +1 -1
  28. package/dist/agentic/guides/modules/generators.md +1 -1
  29. package/dist/agentic/guides/modules/inbox_ops.md +1 -1
  30. package/dist/agentic/guides/modules/integrations.md +1 -1
  31. package/dist/agentic/guides/modules/messages.md +1 -1
  32. package/dist/agentic/guides/modules/notifications.md +1 -1
  33. package/dist/agentic/guides/modules/onboarding.md +1 -1
  34. package/dist/agentic/guides/modules/payment_gateways.md +1 -1
  35. package/dist/agentic/guides/modules/perspectives.md +1 -1
  36. package/dist/agentic/guides/modules/planner.md +1 -1
  37. package/dist/agentic/guides/modules/portal.md +1 -1
  38. package/dist/agentic/guides/modules/progress.md +1 -1
  39. package/dist/agentic/guides/modules/query_index.md +1 -1
  40. package/dist/agentic/guides/modules/record_locks.md +1 -1
  41. package/dist/agentic/guides/modules/resources.md +1 -1
  42. package/dist/agentic/guides/modules/sales.md +1 -1
  43. package/dist/agentic/guides/modules/scheduler.md +1 -1
  44. package/dist/agentic/guides/modules/search.md +1 -1
  45. package/dist/agentic/guides/modules/security.md +1 -1
  46. package/dist/agentic/guides/modules/shipping_carriers.md +1 -1
  47. package/dist/agentic/guides/modules/sso.md +1 -1
  48. package/dist/agentic/guides/modules/staff.md +1 -1
  49. package/dist/agentic/guides/modules/storage_s3.md +1 -1
  50. package/dist/agentic/guides/modules/sync_akeneo.md +1 -1
  51. package/dist/agentic/guides/modules/sync_excel.md +1 -1
  52. package/dist/agentic/guides/modules/system_status_overlays.md +1 -1
  53. package/dist/agentic/guides/modules/translations.md +1 -1
  54. package/dist/agentic/guides/modules/webhooks.md +1 -1
  55. package/dist/agentic/guides/modules/workflows.md +1 -1
  56. package/dist/agentic/shared/AGENTS.md.template +16 -10
  57. package/dist/agentic/shared/ai/agentic.config.json +61 -0
  58. package/dist/agentic/shared/ai/skills/om-auto-continue-pr/SKILL.md +16 -318
  59. package/dist/agentic/shared/ai/skills/om-auto-continue-pr-loop/SKILL.md +16 -581
  60. package/dist/agentic/shared/ai/skills/om-auto-create-pr/SKILL.md +16 -397
  61. package/dist/agentic/shared/ai/skills/om-auto-create-pr-loop/SKILL.md +16 -738
  62. package/dist/agentic/shared/ai/skills/om-auto-fix-issue/SKILL.md +27 -0
  63. package/dist/agentic/shared/ai/skills/om-auto-review-pr/SKILL.md +16 -565
  64. package/dist/agentic/shared/ai/skills/om-help/references/skills-catalog.md +1 -1
  65. package/dist/agentic/shared/ai/skills/tiers.json +47 -0
  66. package/dist/agentic/shared/ai/skills/tiers.schema.json +73 -0
  67. package/dist/agentic/shared/ai/trackers/github.md +376 -0
  68. package/dist/agentic/shared/scripts/install-skills.sh +483 -0
  69. package/dist/lib/agentic-setup.js +9 -40
  70. package/dist/lib/agentic-setup.js.map +2 -2
  71. package/package.json +5 -5
  72. package/src/lib/agentic-setup.ts +19 -42
  73. package/dist/agentic/shared/ai/skills/om-auto-continue-pr/STANDALONE.md +0 -98
  74. package/dist/agentic/shared/ai/skills/om-auto-continue-pr-loop/STANDALONE.md +0 -96
  75. package/dist/agentic/shared/ai/skills/om-auto-create-pr/STANDALONE.md +0 -98
  76. package/dist/agentic/shared/ai/skills/om-auto-create-pr-loop/STANDALONE.md +0 -96
  77. package/dist/agentic/shared/ai/skills/om-auto-fix-github/SKILL.md +0 -419
  78. package/dist/agentic/shared/ai/skills/om-auto-fix-github/STANDALONE.md +0 -98
  79. package/dist/agentic/shared/ai/skills/om-auto-review-pr/STANDALONE.md +0 -98
  80. package/dist/agentic/shared/ai/skills/om-code-review/SKILL.md +0 -108
  81. package/dist/agentic/shared/ai/skills/om-code-review/references/review-checklist.md +0 -83
  82. package/dist/agentic/shared/ai/skills/om-integration-tests/SKILL.md +0 -279
  83. package/dist/agentic/shared/ai/skills/om-prepare-issue/SKILL.md +0 -202
  84. package/dist/agentic/shared/ai/skills/om-spec-writing/SKILL.md +0 -85
  85. package/dist/agentic/shared/ai/skills/om-spec-writing/references/spec-checklist.md +0 -67
  86. package/dist/agentic/shared/ai/skills/om-spec-writing/references/spec-template.md +0 -86
@@ -1,202 +0,0 @@
1
- ---
2
- name: om-prepare-issue
3
- description: Capture a feature the user wants built later without building it now. Researches and writes a spec via the om-spec-writing conventions, ships it as a docs-only spec PR against `develop` (reusing om-auto-create-pr mechanics; `skip-qa`, `documentation`), then opens a tracking GitHub issue that links the spec path and the spec PR so the work can be picked up later with om-auto-fix-github or om-implement-spec. Use for "park this idea", "write a spec and an issue for later", "prepare an issue to build X eventually", "spec it out but don't implement yet".
4
- ---
5
-
6
- # Prepare Issue (deferred work)
7
-
8
- Turn a "we want this eventually" brief into durable, actionable backlog without implementing it. The deliverable is three linked artifacts:
9
-
10
- 1. A **spec** under `.ai/specs/` written to `om-spec-writing` standards.
11
- 2. A **docs-only spec PR** against `develop` that adds only that spec file (`documentation`, `skip-qa`).
12
- 3. A **GitHub issue** to implement the spec, linking both the spec path and the spec PR.
13
-
14
- This skill is for **deferred** work. It does NOT implement the feature. If the user wants the feature built now, hand off to `om-auto-create-pr` (free-form task) or `om-implement-spec` (after the spec exists) instead.
15
-
16
- This skill reuses the worktree/branch/commit/label discipline of `.ai/skills/om-auto-create-pr/SKILL.md` for the PR, the spec methodology of `.ai/skills/om-spec-writing/SKILL.md` for the spec, and the issue-claim/linking conventions of `.ai/skills/om-auto-fix-github/SKILL.md` for the tracking issue. Read those before deviating.
17
-
18
- ## Arguments
19
-
20
- - `{brief}` (required) — free-form description of the feature to capture. One sentence or several paragraphs.
21
- - `--slug <kebab-case>` (optional) — override the slug used in the spec filename and branch. Default: derived from the brief.
22
- - `--enterprise` (optional) — write the spec under `.ai/specs/enterprise/` instead of `.ai/specs/` (commercial scope). Default: OSS scope (`.ai/specs/`).
23
- - `--priority <low|medium|high|extreme>` (optional) — priority label for the tracking issue. Default: unset (treated as `priority-medium`).
24
- - `--no-issue` (optional) — write the spec and open the spec PR, but skip issue creation. Use when the user only wants the spec on record.
25
- - `--force` (optional) — bypass the claim-conflict check when a previous run left a branch or spec file behind.
26
-
27
- ## Workflow
28
-
29
- ### 0. Pre-flight and claim
30
-
31
- Follow `.ai/skills/om-auto-create-pr/SKILL.md` step 0 verbatim. This is new docs work, so the branch MUST use the `feat/` prefix.
32
-
33
- ```bash
34
- CURRENT_USER=$(gh api user --jq '.login')
35
- DATE=$(date -u +%Y-%m-%d)
36
- SLUG="{slug-or-derived}"
37
- SPEC_DIR=".ai/specs" # or .ai/specs/enterprise when --enterprise
38
- SPEC_PATH="${SPEC_DIR}/${DATE}-${SLUG}.md"
39
- BRANCH="feat/prepare-${SLUG}"
40
- ```
41
-
42
- A run is **already in progress** when ANY of these is true (treat as re-entry if the current user owns it, otherwise STOP and ask via `AskUserQuestion` unless `--force`):
43
-
44
- - A file at `$SPEC_PATH` already exists on `origin/develop` or any remote branch.
45
- - A remote branch `origin/${BRANCH}` already exists.
46
- - An open PR already adds `$SPEC_PATH`.
47
- - An open issue already tracks the same feature (search before creating — see step 5).
48
-
49
- ### 1. Triage the brief before writing
50
-
51
- Read enough context to write a credible spec, not to build it:
52
-
53
- - Match the brief to rows in the root `AGENTS.md` Task Router and read every matching guide (module, UI, search, events, etc.).
54
- - Check `.ai/specs/` and `.ai/specs/enterprise/` for an existing spec covering the same area. If one exists, extend or supersede it instead of duplicating — confirm the direction with the user via `AskUserQuestion`.
55
- - Skim `.ai/lessons.md`.
56
-
57
- Reduce the brief to: goal in one sentence, affected modules/packages, and the rough scope. If a wrong assumption would force a spec rewrite, surface it as an Open Question (see step 2) rather than guessing.
58
-
59
- ### 2. Write the spec with om-spec-writing
60
-
61
- Follow `.ai/skills/om-spec-writing/SKILL.md` end to end. Key points for this skill:
62
-
63
- - Create the spec at `$SPEC_PATH` (`{YYYY-MM-DD}-{kebab-title}.md`, `date` UTC). Enterprise scope goes under `.ai/specs/enterprise/`.
64
- - Start with a **Skeleton Spec** (TLDR + 2-3 key sections). If critical unknowns exist, add a numbered **Open Questions** block right after the TLDR and **STOP** — ask the user before filling in the rest. This is a hard gate; do not invent answers to architecture-blocking questions.
65
- - After answers land, expand the spec: Problem Statement, Proposed Solution, Phasing (stories), Implementation Plan (testable Steps), and the architectural concerns the `om-spec-writing` lens requires (singular naming, FK-only cross-module links, `organization_id` scoping, undoability, zod validation, encryption maps for sensitive columns, canonical primitives, Design System tokens, Frontend Architecture Contract when UI is touched).
66
- - The spec MUST include an **integration coverage** section listing the affected API paths and key UI paths the implementer will need to test (root `AGENTS.md` → Documentation and Specifications requires this for every feature).
67
- - Apply the `om-spec-writing` Spec Checklist and Final Compliance Review before finalizing.
68
-
69
- Do NOT write any implementation code, migrations, or module files. The only file this run adds is the spec.
70
-
71
- ### 3. Isolated worktree, branch, and first commit
72
-
73
- Follow `.ai/skills/om-auto-create-pr/SKILL.md` steps 4–5 verbatim. Base is always `develop`. Commit the spec as the first commit, then push.
74
-
75
- ```bash
76
- git add "$SPEC_PATH"
77
- git commit -m "docs(spec): add ${SLUG} spec for deferred implementation"
78
- git push -u origin "$BRANCH"
79
- ```
80
-
81
- If the Open Questions gate in step 2 is still unresolved, do not create the worktree or push — resolve the questions with the user first.
82
-
83
- ### 4. Open the spec PR
84
-
85
- This is a docs-only / spec-only PR. The minimum validation gate is the docs-only gate from `.ai/skills/om-auto-create-pr/SKILL.md` step 7:
86
-
87
- - `yarn lint` if it catches markdown/YAML issues.
88
- - `git diff --check` — no trailing whitespace, no merge markers.
89
- - A manual re-read of the spec.
90
-
91
- Never run the full code gate (`yarn test` / `yarn typecheck` / `yarn build:app`) for a spec-only run.
92
-
93
- Open the PR against `develop`:
94
-
95
- ```bash
96
- gh pr create --base develop \
97
- --title "docs(spec): ${SLUG} — deferred implementation spec" \
98
- --body-file <(cat <<'EOF'
99
- ## Goal
100
- - {one-line feature summary from the brief}
101
-
102
- ## What this PR adds
103
- - Spec only: `{SPEC_PATH}`. No implementation, no code, no migrations.
104
-
105
- ## Why now
106
- - Captures deferred work as a reviewable spec so it can be implemented later via `om-implement-spec` / `om-auto-fix-github`.
107
-
108
- ## Tracking issue
109
- - {issue URL — filled in after step 5, or "see follow-up comment"}
110
-
111
- ## Backward Compatibility
112
- - No contract surface changes (spec document only).
113
- EOF
114
- )
115
- ```
116
-
117
- Apply labels per root `AGENTS.md` PR workflow, each followed by a short explanatory comment (per the `om-auto-create-pr` label-comment rule):
118
-
119
- - `review` — "PR is ready for code review."
120
- - `documentation` — "spec-only deliverable under `.ai/specs/`."
121
- - `skip-qa` — "spec/docs-only; no customer-facing runtime behavior."
122
-
123
- Never add `needs-qa` to a prepare-issue PR — it adds no runtime behavior to exercise.
124
-
125
- ### 5. Create the tracking issue
126
-
127
- Skip this step only when `--no-issue` was passed.
128
-
129
- First, avoid duplicates — search for an existing tracking issue:
130
-
131
- ```bash
132
- gh issue list --state open --search "${SLUG} in:title,body" --json number,title,url
133
- ```
134
-
135
- If a credible duplicate exists, link the spec/PR in a comment on that issue instead of opening a new one, and report which issue you reused.
136
-
137
- Otherwise create the issue. It MUST link the spec path and the spec PR, and name the recommended implementer skill so a future run can pick it up:
138
-
139
- ```bash
140
- gh issue create \
141
- --title "Implement: {feature title}" \
142
- --label "feature" \
143
- --body-file <(cat <<'EOF'
144
- ## Summary
145
- - {one-line feature summary from the brief}
146
-
147
- ## Spec
148
- - Implementation spec: `{SPEC_PATH}`
149
- - Spec PR: {spec PR URL}
150
-
151
- ## How to implement
152
- - Once the spec PR merges, run `/om-implement-spec {SPEC_PATH}` (multi-phase) or `/om-auto-fix-github {thisIssueNumber}` (smaller scope).
153
- - Do not start implementation until the spec PR is merged into `develop`.
154
-
155
- ## Scope notes
156
- - {affected modules/packages}
157
- - {non-goals captured in the spec}
158
- EOF
159
- )
160
- ```
161
-
162
- Label rules for the issue:
163
-
164
- - Always add the `feature` category label (or `refactor` / `bug` when the brief is clearly one of those).
165
- - Add `enterprise` when `--enterprise` was passed.
166
- - Add a priority label only when `--priority` was passed (`priority-low` / `priority-medium` / `priority-high` / `priority-extreme`); otherwise leave priority unset (treated as `priority-medium`).
167
- - Do NOT add pipeline labels (`review`, `qa`, `merge-queue`, …) to the issue — those are PR-only.
168
-
169
- ### 6. Cross-link the artifacts
170
-
171
- Make the three artifacts point at each other so the trail is navigable:
172
-
173
- - Edit the spec PR body (or post a comment) so the `Tracking issue` line resolves to the real issue URL.
174
- - The issue already links the spec path and spec PR from step 5.
175
- - Optionally add a one-line reference to the issue at the top of the spec (e.g. `Tracking issue: #{n}`), committed and pushed to the PR branch.
176
-
177
- ### 7. Cleanup and report back
178
-
179
- Clean up any worktree you created (per `.ai/skills/om-auto-create-pr/SKILL.md` step 13). Then report:
180
-
181
- ```text
182
- prepare-issue: {brief}
183
- Spec: {SPEC_PATH}
184
- Spec PR: {url}
185
- Tracking issue: {url | skipped (--no-issue) | reused #{n}}
186
- Branch: {branch}
187
- Status: {spec-and-issue ready | open-questions pending — answer to continue}
188
- ```
189
-
190
- If the Open Questions gate is still pending, say so explicitly and list the unanswered questions — do not claim the spec is complete.
191
-
192
- ## Rules
193
-
194
- - This skill captures deferred work only. NEVER implement the feature, write module code, or run migrations. The only file added is the spec.
195
- - Always write the spec with `om-spec-writing` standards, including the Open Questions hard gate and the integration-coverage section.
196
- - The spec PR is docs-only: run only the docs-only validation gate, never the full code gate.
197
- - Spec PR labels are `review`, `documentation`, `skip-qa` — never `needs-qa`. Post a short comment after each label.
198
- - Base branch is always `develop`. Branch uses the `feat/prepare-<slug>` prefix; never `codex/`.
199
- - The tracking issue MUST link the spec path and the spec PR, and name the recommended implementer skill (`om-implement-spec` / `om-auto-fix-github`).
200
- - Search for an existing tracking issue before creating a new one; reuse via comment if a credible duplicate exists.
201
- - Respect existing claims/locks per `om-auto-create-pr` step 0 and `om-auto-fix-github` step 0; never silently clobber another actor's branch, spec file, or issue.
202
- - Never paste secrets, tokens, or `.env` content into the spec, PR, or issue.
@@ -1,85 +0,0 @@
1
- ---
2
- name: om-spec-writing
3
- description: Guide for creating high-quality specifications for {{PROJECT_NAME}}. Use when starting a new SPEC or reviewing specs against architectural standards.
4
- ---
5
-
6
- # Spec Writing & Review
7
-
8
- Design and review specifications (SPECs) against Open Mercato architecture and quality rules.
9
-
10
- ## Workflow
11
-
12
- 1. **Load Context**: Read `AGENTS.md` for module conventions and `.ai/specs/` for existing specs.
13
- 2. **Initialize**: Create `{date}-{title}.md` in `.ai/specs/`.
14
- 3. **Start Minimal**: Write a Skeleton Spec (TLDR + 2-3 key sections). Do NOT write the full spec in one pass.
15
- - Scan for **critical unknowns** — decisions that block data model, scope, or architecture.
16
- - If unknowns exist, add a numbered **Open Questions** block (`Q1`, `Q2`, …) after the TLDR.
17
- - **STOP after presenting the skeleton.** Do not proceed until the user answers all questions.
18
- 4. **Iterate**: Apply answers, remove Open Questions block. Repeat if new unknowns surface.
19
- 5. **Research**: Challenge requirements against open-source market leaders.
20
- 6. **Design**: Create architecture, data models, API contracts.
21
- 7. **Implementation Breakdown**: Break into **Phases** (stories) and **Steps** (testable tasks).
22
- 8. **Review**: Apply the [Spec Checklist](references/spec-checklist.md).
23
- 9. **Output**: Finalize the specification file.
24
-
25
- ## Output Formats
26
-
27
- ### 1. New Specification
28
-
29
- Use the [Specification Template](references/spec-template.md). Adapt if needed, but ensure core concerns are addressed.
30
-
31
- **Required sections**: TLDR, Problem Statement, Proposed Solution, Data Models, API Contracts, Risks, Changelog.
32
-
33
- ### 2. Architectural Review
34
-
35
- ```markdown
36
- # Architectural Review: {SPEC-0XX: Title}
37
-
38
- ## Summary
39
- {1-3 sentences: what the spec proposes and overall health}
40
-
41
- ## Findings
42
-
43
- ### Critical
44
- {Cross-module ORM, tenant isolation leaks, missing auth guards}
45
-
46
- ### High
47
- {Missing undo logic, incorrect module placement, missing phase strategy}
48
-
49
- ### Medium
50
- {Missing failure scenarios, inconsistent terminology}
51
-
52
- ### Low
53
- {Style suggestions, nits}
54
- ```
55
-
56
- ## Review Heuristics
57
-
58
- 1. **Command Graph vs. Independent Ops**: Graph Save (coupled calculation) or Compound Command (independent steps)?
59
- 2. **Architectural Diff**: Cut standard CRUD noise. Focus on what's unique.
60
- 3. **Singularity Law**: Singular naming for entities, commands, events, feature IDs.
61
- 4. **Undo Contract**: Is the "Undo" logic as detailed as the "Execute"?
62
- 5. **Module Isolation**: Using Event Bus for side effects or cheating with direct imports?
63
- 6. **Canonical Mechanisms**: Does the spec reach for the framework primitives (`makeCrudRoute`, `<CrudForm>`, `<DataTable>`, `apiCall` / `useGuardedMutation`, DI-resolved cache, `createModuleEvents`) or invent its own substitute? See `AGENTS.md` → **Mandatory Module Mechanisms** for the full canon and links. No raw `fetch`, no raw `<form>`, no `new Redis(...)`, no manual cross-module ORM joins.
64
- 7. **Sensitive Data**: For every PII / GDPR / address / contact / free-text-about-people / integration-credential column the spec proposes, does it declare an `encryption.ts` `defaultEncryptionMaps` entry and route reads through `findWithDecryption`? See `AGENTS.md` → CRITICAL Rule #11 (Encryption maps) + the "Encryption maps for sensitive data" row of the Mandatory Module Mechanisms table and `.ai/skills/om-data-model-design/SKILL.md` § Sensitive Data and Encryption Maps. No hand-rolled AES, no `crypto.subtle`, no "TODO encrypt later".
65
- 8. **Design System**: Does every UI mock / className snippet in the spec match the DS canon — semantic status tokens (no `text-red-*` / `bg-green-*`), Tailwind text scale (no `text-[11px]` / `text-[13px]`), shared primitives (`StatusBadge`, `Alert`, `FormField`, `SectionHeader`, `CollapsibleSection`, `LoadingMessage` / `Spinner` / `DataLoader`, `EmptyState`), lucide-react icons in page body (never inline `<svg>`), dialog `Cmd/Ctrl+Enter` submit + `Escape` cancel, `aria-label` on every icon-only button? See `AGENTS.md` → CRITICAL Rule #10 (Strict Design System alignment for every UI change) and `.ai/skills/om-backend-ui-design/SKILL.md`. Specs that touch existing pages MUST honour the Boy Scout rule.
66
-
67
- ## Quick Rule Reference
68
-
69
- - **Singular naming** for entities, commands, events, feature IDs.
70
- - **FK IDs only** for cross-module links — no ORM relationships.
71
- - **`organization_id`** is mandatory for all tenant-scoped entities.
72
- - **Undoability** is the default for state changes.
73
- - **Zod validation** for all API inputs.
74
- - **Encryption maps** for every sensitive / GDPR-relevant column (declare in `<module>/encryption.ts`, read via `findWithDecryption`) — see `AGENTS.md` → Data Encryption.
75
- - **Canonical primitives** for CRUD APIs (`makeCrudRoute`), backend forms (`CrudForm`), tables (`DataTable`), HTTP (`apiCall` — never raw `fetch`), non-`CrudForm` writes (`useGuardedMutation`), cache (DI-resolved `@open-mercato/cache`), events (`createModuleEvents`) — see `AGENTS.md` → Mandatory Module Mechanisms.
76
- - **Design System** tokens and shared UI primitives — no hardcoded status colors, no arbitrary text sizes, no inline `<svg>` in page-body UI. See `AGENTS.md` → Design System.
77
-
78
- ## Reference Materials
79
-
80
- - [Spec Template](references/spec-template.md)
81
- - [Spec Checklist](references/spec-checklist.md) — § 3 covers encryption maps; § 5 covers canonical mechanisms + DS
82
- - [AGENTS.md](../../../AGENTS.md) — Mandatory Module Mechanisms table; CRITICAL Rule #10 (Design System); CRITICAL Rule #11 (Encryption maps)
83
- - [`.ai/skills/om-data-model-design/SKILL.md`](../om-data-model-design/SKILL.md) → Sensitive Data and Encryption Maps
84
- - [`.ai/skills/om-module-scaffold/SKILL.md`](../om-module-scaffold/SKILL.md) → Encryption maps
85
- - [`.ai/skills/om-backend-ui-design/SKILL.md`](../om-backend-ui-design/SKILL.md) — DS-compliant pages
@@ -1,67 +0,0 @@
1
- # Spec Review Checklist
2
-
3
- Every item must be answered in the spec or marked N/A with justification.
4
-
5
- ## 1. Design Logic & Phasing
6
-
7
- - [ ] TLDR defines scope, value, and clear boundaries
8
- - [ ] MVP is explicit; future work is deferred and labeled
9
- - [ ] User stories map to API/data/UI sections
10
- - [ ] Phase plan is testable and incrementally deliverable
11
-
12
- ## 2. Architecture & Module Isolation
13
-
14
- - [ ] Cross-module links use FK IDs only (no direct ORM relations)
15
- - [ ] Tenant isolation and `organization_id` scoping are explicit
16
- - [ ] Module placement is in `src/modules/<id>/`
17
- - [ ] DI usage is specified (Awilix)
18
- - [ ] Event/subscriber boundaries are clear and non-circular
19
-
20
- ## 3. Data Integrity & Security
21
-
22
- - [ ] Entities include `id`, `organization_id`, `tenant_id`, `created_at`, `updated_at`, `deleted_at`, `is_active`
23
- - [ ] Write operations define transaction boundaries — specs touching multi-phase scalar + relation writes MUST name `withAtomicFlush({ transaction: true })` and declare that cache invalidation / side effects (`emitCrudSideEffects`) fire AFTER commit (outside the flush block)
24
- - [ ] Input validation uses zod schemas
25
- - [ ] All user input validated before business logic/persistence
26
- - [ ] Auth guards declared per-method in `metadata` (`requireAuth`, `requireFeatures`) — never legacy top-level `export const requireAuth`
27
- - [ ] Tenant isolation: every scoped query filters by `organization_id` (and `tenant_id` where applicable)
28
- - [ ] **Encryption maps mechanism is used (no hand-rolled crypto).** For every PII / GDPR-relevant column the spec proposes — names, addresses, contacts, free-text notes about people, integration credentials, secrets, document numbers — the spec MUST declare them in a module-level `<module>/encryption.ts` exporting `defaultEncryptionMaps: ModuleEncryptionMap[]` (type from `@open-mercato/shared/modules/encryption`). Reads MUST go through `findWithDecryption` / `findOneWithDecryption` (5-arg `(em, entity, where, options?, scope?)`) from `@open-mercato/shared/lib/encryption/find`. Equality-lookup columns (e.g. login email) declare a sibling `hashField`. No `crypto.subtle`, no custom KMS calls, no "TODO encrypt later". See `AGENTS.md` → CRITICAL Rule #11 (Encryption maps) + the "Encryption maps for sensitive data" row of the Mandatory Module Mechanisms table; `.ai/skills/om-data-model-design/SKILL.md` § Sensitive Data and Encryption Maps.
29
-
30
- ## 4. Commands, Events & Naming
31
-
32
- - [ ] Naming is singular and consistent
33
- - [ ] All mutations are commands with undo logic
34
- - [ ] Events declared in `<module>/events.ts` via `createModuleEvents({ moduleId, events } as const)` before emitting; cross-module side effects use `subscribers/*.ts`, never direct cross-module imports
35
- - [ ] Side-effect reversibility is documented
36
-
37
- ## 5. API & UI — Canonical Mechanisms
38
-
39
- - [ ] API contracts are complete (request/response/errors)
40
- - [ ] Routes include `openApi` expectations
41
- - [ ] **Canonical mechanisms — no DIY substitutes.** The spec MUST reach for the framework primitives, not invent its own. See `AGENTS.md` → **Mandatory Module Mechanisms**.
42
- - [ ] **CRUD APIs** use `makeCrudRoute({ entity, entityId, operations, schema, indexer: { entityType } })` from `@open-mercato/shared/lib/crud/factory`. Custom write routes use the mutation guard registry: map the route to `create`/`update`/`delete` (action endpoints usually `update`), collect registered guards, append `bridgeLegacyGuard(container)` when present, call `runMutationGuards(...)` with `{ userFeatures }` before mutation, merge `modifiedPayload`, and run returned `afterSuccessCallbacks` after while catching/logging callback failures.
43
- - [ ] **API route files export `metadata`** with per-method `requireAuth` / `requireFeatures` (no top-level `export const requireAuth`).
44
- - [ ] **Backend forms** use `<CrudForm>` from `@open-mercato/ui/backend/CrudForm` with helpers `createCrud` / `updateCrud` / `deleteCrud` from `@open-mercato/ui/backend/utils/crud`, throwing `createCrudFormError` from `@open-mercato/ui/backend/utils/serverErrors` for field-level errors. No raw `<form>`, no raw `fetch`.
45
- - [ ] **Lists** use `<DataTable entityId apiPath columns />` from `@open-mercato/ui/backend/DataTable` with stable `entityId` / `extensionTableId` so widget injection (columns / row actions / bulk actions / filters / toolbar) keeps working.
46
- - [ ] **HTTP clients** use `apiCall` / `apiCallOrThrow` / `readApiResultOrThrow` from `@open-mercato/ui/backend/utils/apiCall` — never raw `fetch`.
47
- - [ ] **Non-`CrudForm` writes** are wrapped in `useGuardedMutation(...).runMutation(...)` and pass `retryLastMutation` in the injection context.
48
- - [ ] **Cache** is resolved via DI (`container.resolve('cache')`) — never `new Redis(...)` or raw SQLite. Tags include `tenant:<id>` / `org:<id>`.
49
- - [ ] **Design System compliance for every UI mock and className snippet in the spec.** See `AGENTS.md` → CRITICAL Rule #10 (Strict Design System alignment) and `.ai/skills/om-backend-ui-design/SKILL.md`.
50
- - [ ] Use semantic status tokens (`text-status-error-text`, `bg-status-success-bg`, `border-status-warning-border`, `text-status-info-icon`, `text-destructive`, `bg-destructive`) — NEVER hardcoded shades like `text-red-500`, `bg-green-100`, `text-amber-*`, `text-emerald-*`, `bg-blue-*`. Status tokens already cover dark mode; no `dark:` overrides.
51
- - [ ] Use the Tailwind text scale (`text-xs` 12, `text-sm` 14, `text-base` 16, `text-lg` 18, `text-xl` 20, `text-2xl` 24) or `text-overline` for 11px uppercase labels — NEVER arbitrary sizes (`text-[11px]`, `text-[13px]`, `text-[15px]`, `p-[13px]`, `rounded-[24px]`, `z-[9999]`).
52
- - [ ] Use shared primitives instead of raw HTML: `<Alert variant=...>` for inline status, `flash('msg', 'success|error|warning|info')` for toasts, `useConfirmDialog()` for destructive confirmations, `<StatusBadge>` for entity status, `<FormField label error>` to wrap form inputs, `<SectionHeader title count action>` for section headers, `<CollapsibleSection>` for collapsible regions, `<LoadingMessage>` / `<Spinner>` / `<DataLoader>` for async states, `<EmptyState>` (or DataTable `emptyState` prop) for empty lists.
53
- - [ ] Use lucide-react icons in PAGE BODY UI (`Page`, `DataTable`, `CrudForm`, cards, buttons) — never inline `<svg>`. Sizes from the `size-{3|4|5|6}` scale; `strokeWidth` is not overridden per-instance. `page.meta.ts` icons follow the `React.createElement('svg', …)` pattern.
54
- - [ ] Every dialog supports `Cmd/Ctrl+Enter` to submit and `Escape` to cancel.
55
- - [ ] Every icon-only button has an `aria-label`.
56
- - [ ] Boy Scout rule: when the spec edits an existing page, any line touched gets migrated to semantic tokens / DS scale.
57
- - [ ] i18n keys are planned for user-facing strings (`useT()` client-side, `resolveTranslations()` server-side; never hard-coded labels)
58
- - [ ] Pagination limits defined (`pageSize <= 100`)
59
-
60
- ## 6. Risks & Anti-Patterns
61
-
62
- - [ ] Risks include concrete scenarios with severity and mitigation
63
- - [ ] Blast radius and detection described
64
- - [ ] Does not introduce cross-module ORM links
65
- - [ ] Does not skip undoability for state changes
66
- - [ ] Does not mix MVP with speculative future phases
67
- - [ ] Does not introduce hand-rolled AES, raw `fetch`, raw `<form>`, `new Redis(...)`, or arbitrary Tailwind sizes / status colors
@@ -1,86 +0,0 @@
1
- # {Title}
2
-
3
- **Date**: {YYYY-MM-DD}
4
- **Status**: Draft
5
-
6
- ## TLDR
7
-
8
- **Key Points:**
9
- - [What is being built — 1-2 sentences]
10
- - [Primary goal / value proposition]
11
-
12
- **Scope:**
13
- - [Feature 1]
14
- - [Feature 2]
15
-
16
- ## Open Questions *(remove before finalizing)*
17
-
18
- - **Q1**: [Critical unknown — e.g. "Should this store data per-tenant or globally?"]
19
- - **Q2**: [Critical unknown — e.g. "Does this replace X or coexist with it?"]
20
-
21
- ---
22
-
23
- ## Overview
24
-
25
- [What this feature does and why. Target audience and key benefits.]
26
-
27
- > **Market Reference**: [Name the open-source leader you studied. What did you adopt vs. reject?]
28
-
29
- ## Problem Statement
30
-
31
- [Specific pain points or gaps this solves.]
32
-
33
- ## Proposed Solution
34
-
35
- [High-level technical approach.]
36
-
37
- ### Design Decisions (Optional)
38
-
39
- | Decision | Rationale |
40
- |----------|-----------|
41
- | [Choice] | [Why this over alternatives] |
42
-
43
- ## User Stories
44
-
45
- - **[User]** wants to **[Action]** so that **[Benefit]**
46
-
47
- ## Data Models
48
-
49
- ### [Entity Name] (Singular)
50
-
51
- - `id`: string (UUID)
52
- - `organization_id`: string (FK)
53
- - `created_at`: Date
54
- - `updated_at`: Date
55
- - ...
56
-
57
- ## API Contracts
58
-
59
- ### [Endpoint Name]
60
-
61
- - `METHOD /api/path`
62
- - Request: `{...}`
63
- - Response: `{...}`
64
-
65
- ## Implementation Plan
66
-
67
- ### Phase 1: [Name]
68
-
69
- 1. [Step — testable]
70
- 2. [Step — testable]
71
-
72
- ### Phase 2: [Name]
73
-
74
- 1. [Step]
75
-
76
- ## Risks
77
-
78
- | Risk | Severity | Mitigation | Residual |
79
- |------|----------|------------|----------|
80
- | [What goes wrong] | High/Med/Low | [How addressed] | [What remains] |
81
-
82
- ## Changelog
83
-
84
- | Date | Change |
85
- |------|--------|
86
- | {date} | Initial spec |