@paulduvall/claude-dev-toolkit 0.0.1-alpha.2 → 0.0.1-alpha.5

package/commands/experiments/xgovernance.md

@@ -0,0 +1,149 @@
+---
+description: Comprehensive development governance framework for policies, audits, and compliance
+tags: [governance, policies, audits, compliance, controls, standards]
+---
+
+Manage development governance based on the arguments provided in $ARGUMENTS.
+
+First, examine current governance structure and documentation:
+!find . -name "*policy*" -o -name "*governance*" -o -name "*compliance*" | head -10
+!ls -la | grep -E "(POLICY|COMPLIANCE|GOVERNANCE)"
+!find . -name "*.md" | grep -E "(policy|standard|procedure)" | head -5
+
+Based on $ARGUMENTS, perform the appropriate governance operation:
+
+## 1. Policy Management
+
+If managing policies (--policy):
+!find . -name "POLICY.md" -o -name "policies/" | head -3
+!grep -r "policy" . --include="*.md" | head -5
+
+Policy operations:
+- Create new development policies
+- Validate existing policy compliance
+- Update policies based on requirements
+- Track policy exceptions and approvals
+- Enforce policy across projects
+
+## 2. Governance Audit
+
+If running audit (--audit):
+!git log --since="30 days ago" --pretty=format:"%h %s" | head -10
+!find . -name "*audit*" -o -name "*review*" | head -5
+!ls -la .github/ 2>/dev/null || echo "No GitHub configuration found"
+
+Audit activities:
+- Review code quality standards compliance
+- Check security policy adherence
+- Validate development process maturity
+- Assess risk management effectiveness
+- Generate audit findings and recommendations
+
+## 3. Compliance Assessment
+
+If checking compliance (--compliance):
+!grep -r "compliance" . --include="*.md" --include="*.yml" | head -5
+!find . -name "*cert*" -o -name "*standard*" | head -3
+
+Compliance checks:
+- SOC 2 compliance validation
+- ISO 27001 adherence assessment
+- GDPR data protection compliance
+- Industry-specific regulatory requirements
+- Certification readiness evaluation
+
+## 4. Controls Implementation
+
+If managing controls (--controls):
+!find . -name "*.yml" -o -name "*.yaml" | grep -E "(workflow|action|pipeline)" | head -5
+!ls -la .github/workflows/ 2>/dev/null || echo "No CI/CD workflows found"
+
+Governance controls:
+- Implement automated compliance checks
+- Set up governance monitoring
+- Configure approval workflows
+- Establish access controls
+- Monitor control effectiveness
+
+## 5. Standards Management
+
+If managing standards (--standards):
+!find . -name "*standard*" -o -name "*guideline*" | head -5
+!python -m flake8 --version 2>/dev/null || echo "No Python linting standards"
+!eslint --version 2>/dev/null || echo "No JavaScript linting standards"
+
+Standards enforcement:
+- Define coding standards
+- Implement documentation standards
+- Establish security standards
+- Create architecture guidelines
+- Monitor standards compliance
+
+## 6. Review Processes
+
+If managing reviews (--review):
+!git log --grep="review" --oneline | head -5
+!find . -name "CODEOWNERS" -o -name "*review*" | head -3
+
+Review governance:
+- Code review requirements and processes
+- Architecture review checkpoints
+- Security review mandatory gates
+- Compliance review procedures
+- Approval workflow management
+
+## 7. Gap Analysis
+
+If performing gap analysis (--gap-analysis):
+!find . -name "*.md" | xargs grep -l "requirement" | head -5
+!grep -r "TODO\|FIXME" . --include="*.py" --include="*.js" | wc -l
+
+Identify gaps in:
+- Policy coverage and implementation
+- Compliance requirements fulfillment
+- Control effectiveness
+- Process maturity
+- Documentation completeness
+
+## 8. Metrics and Reporting
+
+If generating reports (--metrics, --dashboard):
+!git shortlog -sn --since="30 days ago" | head -10
+!find . -name "*test*" | wc -l
+!uptime
+
+Governance metrics:
+- Policy compliance rates
+- Audit finding resolution time
+- Control effectiveness measures
+- Process maturity indicators
+- Risk exposure levels
+
+Think step by step about governance requirements and provide:
+
+1. **Current State Assessment**:
+   - Existing governance structure
+   - Policy coverage and gaps
+   - Compliance status
+   - Control effectiveness
+
+2. **Risk Analysis**:
+   - Governance risk exposure
+   - Compliance risks
+   - Process risks
+   - Technology risks
+
+3. **Improvement Plan**:
+   - Priority governance actions
+   - Policy updates needed
+   - Control enhancements
+   - Process improvements
+
+4. **Implementation Roadmap**:
+   - Phased implementation approach
+   - Resource requirements
+   - Timeline and milestones
+   - Success metrics
+
+Generate comprehensive governance assessment with actionable recommendations for improving organizational governance maturity.
+

package/commands/experiments/xgreen.md

@@ -0,0 +1,66 @@
+---
+description: Make failing tests pass following TDD Green phase principles with minimal implementation
+tags: [tdd, testing, green-phase, minimal-implementation, specifications]
+---
+
+# /xgreen — Make Tests Pass
+
+Implement minimal code to make failing tests pass following TDD Green phase principles.
+
+Think step by step:
+1. Check for SpecDriven AI project structure and existing tests
+2. Identify currently failing tests and their requirements
+3. Guide minimal implementation to make tests pass
+4. Verify all tests pass before proceeding to refactor phase
+
+## Usage
+
+```bash
+/xgreen --minimal            # Implement just enough to pass
+/xgreen --check              # Verify tests pass
+```
+
+## Implementation Steps
+
+When implementing code to make tests pass:
+
+1. **For minimal implementation (--minimal)**:
+   - Check if SpecDriven AI project structure exists (specs/ directory)
+   - If not found, suggest running `!xsetup --env` to initialize
+   - Verify that failing tests exist in @specs/tests/
+   - If no tests found, suggest creating tests first with `/xred --spec <spec-id>`
+   - Run test suite to identify failing tests and their requirements
+   - Provide guidance on GREEN phase principles for minimal implementation
+   - After implementation, verify tests pass with detailed output
+
+2. **For verification (--check)**:
+   - Run comprehensive test suite with detailed reporting
+   - Show test coverage information if available
+   - Provide clear pass/fail status for GREEN phase completion
+   - Guide next steps in TDD workflow based on results
+
+3. **Error handling**:
+   - Validate project structure and test environment
+   - Handle cases where tests are already passing
+   - Provide clear feedback on test failures and requirements
+   - Suggest appropriate next steps based on current state
+
+## GREEN Phase Principles
+
+Guide implementation following these principles:
+- Make tests pass with MINIMAL code only
+- Don't worry about code quality or elegance yet
+- Hardcode values if necessary to make tests pass
+- Focus on making tests green, not perfect code
+- Avoid adding extra functionality beyond test requirements
+- Save optimization and refactoring for the next phase
+
+## Expected Outputs
+
+- Clear identification of failing tests and requirements
+- Guidance for minimal implementation strategies
+- Verification that all tests pass after implementation
+- Test coverage reporting when available
+- Next steps in TDD workflow (refactor or commit)
+
+Use $ARGUMENTS to handle command-line parameters and `!` prefix for running test commands and coverage analysis.

package/commands/experiments/xiac.md

@@ -0,0 +1,118 @@
+---
+description: Comprehensive Infrastructure as Code management with focus on AWS IAM, Terraform, CloudFormation, and infrastructure validation
+tags: [infrastructure, terraform, cloudformation, iam, aws, security, compliance]
+---
+
+Manage Infrastructure as Code operations based on the arguments provided in $ARGUMENTS.
+
+First, examine the current IaC setup:
+!find . -name "*.tf" -o -name "*.yml" -o -name "*.yaml" | grep -E "(terraform|cloudformation|infra)" | head -10
+!ls -la terraform/ cloudformation/ infrastructure/ iac/ 2>/dev/null || echo "No IaC directories found"
+!which terraform 2>/dev/null && terraform version || echo "Terraform not available"
+!which aws 2>/dev/null && aws --version || echo "AWS CLI not available"
+!docker --version 2>/dev/null || echo "Docker not available"
+
+Based on $ARGUMENTS, perform the appropriate Infrastructure as Code operation:
+
+## 1. Infrastructure Scanning and Discovery
+
+If scanning infrastructure (--scan, --discover, --inventory):
+!find . -name "*.tf" | head -10
+!find . -name "*.yml" -o -name "*.yaml" | xargs grep -l "Resources\|AWSTemplateFormatVersion" 2>/dev/null | head -5
+!aws sts get-caller-identity 2>/dev/null || echo "AWS credentials not configured"
+!aws iam list-roles --max-items 5 2>/dev/null || echo "No AWS access or roles not accessible"
+
+Scan and discover infrastructure:
+- Analyze existing IaC files and configurations
+- Discover cloud resources and dependencies
+- Generate infrastructure inventory
+- Detect configuration drift
+- Map resource relationships
+
+## 2. Terraform Operations
+
+If managing Terraform (--terraform, --tf-validate, --tf-plan):
+!terraform version 2>/dev/null || echo "Terraform not installed"
+!ls -la *.tf terraform/ 2>/dev/null || echo "No Terraform files found"
+!terraform init -backend=false 2>/dev/null || echo "Terraform not initialized"
+!terraform validate 2>/dev/null || echo "Terraform validation failed"
+
+Manage Terraform infrastructure:
+- Validate and format Terraform configurations
+- Plan and apply infrastructure changes
+- Manage Terraform state and modules
+- Handle provider configurations
+- Perform terraform operations safely
+
+## 3. CloudFormation Operations
+
+If managing CloudFormation (--cloudformation, --cf-validate, --cf-deploy):
+!find . -name "*.yml" -o -name "*.yaml" -o -name "*.json" | xargs grep -l "AWSTemplateFormatVersion" 2>/dev/null | head -5
+!aws cloudformation validate-template --template-body file://template.yml 2>/dev/null || echo "No valid CloudFormation templates found"
+!aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE 2>/dev/null | head -10 || echo "No CloudFormation access"
+
+Manage CloudFormation infrastructure:
+- Validate and lint CloudFormation templates
+- Deploy and manage CloudFormation stacks
+- Handle stack updates and rollbacks
+- Manage nested stacks and dependencies
+- Monitor stack events and status
+
+## 4. IAM Security Management
+
+If managing IAM (--iam-roles, --iam-policies, --iam-validate):
+!find . -name "*.tf" -o -name "*.yml" -o -name "*.yaml" | xargs grep -l "iam\|IAM" 2>/dev/null | head -5
+!aws iam list-roles --max-items 10 2>/dev/null || echo "IAM access not available"
+!grep -r "aws_iam\|AWS::IAM" . --include="*.tf" --include="*.yml" --include="*.yaml" | head -5 2>/dev/null
+
+Manage IAM security:
+- Analyze and validate IAM roles and policies
+- Check least privilege compliance
+- Scan for overly permissive policies
+- Validate IAM policy syntax and logic
+- Assess security posture and risks
+
+## 5. Security and Compliance Scanning
+
+If performing security analysis (--security-scan, --compliance, --secrets-scan):
+!pip install checkov 2>/dev/null || echo "Install checkov: pip install checkov"
+!checkov -f . --framework terraform cloudformation 2>/dev/null || echo "Checkov not available"
+!grep -r "password\|secret\|key" . --include="*.tf" --include="*.yml" --include="*.yaml" | grep -v "example\|template" | head -5 2>/dev/null
+
+Perform security analysis:
+- Scan for security vulnerabilities
+- Check compliance with security standards
+- Detect hardcoded secrets and credentials
+- Validate encryption and security controls
+- Generate security assessment reports
+
+Think step by step about Infrastructure as Code requirements and provide:
+
+1. **Current State Assessment**:
+   - Existing IaC tool usage and maturity
+   - Infrastructure security posture
+   - Compliance gaps and risks
+   - Resource organization and management
+
+2. **IaC Strategy**:
+   - Tool selection and standardization
+   - Module and template design patterns
+   - State management and collaboration
+   - Security and compliance integration
+
+3. **Implementation Plan**:
+   - IaC adoption and migration strategy
+   - CI/CD pipeline integration
+   - Testing and validation framework
+   - Team training and knowledge transfer
+
+4. **Operational Excellence**:
+   - Monitoring and drift detection
+   - Cost optimization strategies
+   - Disaster recovery and backup
+   - Continuous security assessment
+
+Generate comprehensive Infrastructure as Code management plan with security controls, compliance checks, automation strategies, and operational best practices.
+
+If no specific operation is provided, perform IaC readiness assessment and recommend implementation strategy based on current infrastructure setup and organizational needs.
+

package/commands/experiments/xincident.md

@@ -0,0 +1,137 @@
+---
+description: Incident response automation, post-mortem analysis, and system reliability improvement through SpecDriven AI methodology
+tags: [incident-response, monitoring, post-mortem, reliability, automation]
+---
+
+# /xincident - Incident Response & Management
+
+## Purpose
+Automate incident response procedures, facilitate post-mortem analysis, and improve system reliability through SpecDriven AI methodology.
+
+## Usage
+
+### Incident Response
+```bash
+/xincident --respond <alert>      # Automated incident response procedures
+/xincident --triage <severity>    # Triage and prioritize incidents
+/xincident --escalate <level>     # Escalation procedures and notifications
+/xincident --status <incident-id> # Update incident status and timeline
+```
+
+### Communication & Coordination
+```bash
+/xincident --communicate <team>   # Generate incident communication templates
+/xincident --notify <stakeholders> # Notify relevant stakeholders
+/xincident --updates <incident-id> # Create status updates for stakeholders
+/xincident --bridge <participants> # Set up communication bridge
+```
+
+### Investigation & Analysis
+```bash
+/xincident --investigate <symptoms> # Guide investigation procedures
+/xincident --timeline <incident-id> # Build incident timeline
+/xincident --evidence <source>      # Collect and preserve evidence
+/xincident --root-cause <incident>  # Root cause analysis framework
+```
+
+### Recovery & Mitigation
+```bash
+/xincident --recover <system>     # System recovery procedures
+/xincident --rollback <deployment> # Automated rollback procedures
+/xincident --mitigate <impact>    # Implement mitigation strategies
+/xincident --validate <recovery>  # Validate recovery success
+```
+
+### Post-Mortem & Learning
+```bash
+/xincident --postmortem <id>      # Generate post-mortem template
+/xincident --lessons <incident>   # Capture lessons learned
+/xincident --actions <findings>   # Create action items from analysis
+/xincident --improvement <area>   # Process improvement recommendations
+```
+
+### Monitoring & Prevention
+```bash
+/xincident --metrics <timeframe>  # Incident metrics and trends
+/xincident --patterns <history>   # Identify recurring patterns
+/xincident --prevention <type>    # Preventive measures recommendations
+/xincident --readiness <team>     # Assess incident response readiness
+```
+
+## Examples
+
+### Respond to Production Alert
+```bash
+/xincident --respond "api-latency-high"
+# Creates: incidents/2024-01-15-api-latency/response-plan.md with automated procedures
+```
+
+### Generate Post-Mortem Report
+```bash
+/xincident --postmortem "inc-2024-001"
+# Creates: incidents/inc-2024-001/postmortem.md with timeline, root cause, and actions
+```
+
+### Escalate Critical Incident
+```bash
+/xincident --escalate "level-2"
+# Generates: escalation notifications and procedures for level-2 incidents
+```
+
+### Analyze Incident Patterns
+```bash
+/xincident --patterns "last-quarter"
+# Creates: reports/incident-patterns-q4.md with trend analysis and recommendations
+```
+
+## SpecDriven AI Integration
+
+### Incident Specifications
+- Links incidents to specifications: `{#inc1a authority=system}`
+- Traces failures to requirements
+- Validates recovery against specifications
+
+### Dual Coverage
+- **Incident Coverage**: All critical systems have response procedures
+- **Recovery Coverage**: All failure modes have documented recovery
+
+### Traceability
+- Links incidents to system specifications
+- Traces post-mortem actions to requirements
+- Connects patterns to architectural decisions
+
+## Incident Response Framework
+
+### Severity Levels
+- **SEV-1**: Critical impact, immediate response required
+- **SEV-2**: High impact, response within 1 hour
+- **SEV-3**: Medium impact, response within 4 hours
+- **SEV-4**: Low impact, response within 24 hours
+
+### Response Phases
+1. **Detection**: Alert generation and initial assessment
+2. **Response**: Immediate containment and mitigation
+3. **Recovery**: System restoration and validation
+4. **Learning**: Post-mortem and improvement actions
+
+### Communication Templates
+- **Initial Alert**: Stakeholder notification template
+- **Status Updates**: Regular progress communications
+- **Resolution Notice**: Incident closure notification
+- **Post-Mortem Summary**: Executive summary template
+
+## Integration Points
+
+- **Monitoring systems**: Alert integration and automation
+- **Communication tools**: Slack, email, and PagerDuty integration
+- **Documentation**: Links to system specifications and runbooks
+- **JIRA/GitHub**: Issue tracking and action item management
+- **CI/CD**: Automated rollback and deployment procedures
+
+## Output Formats
+
+- **Response procedures**: Step-by-step incident response guides
+- **Communication templates**: Stakeholder notification templates
+- **Post-mortem reports**: Structured analysis and learning documents
+- **Metrics dashboards**: Incident trends and performance indicators
+- **Action plans**: Improvement roadmaps and prevention strategies

package/commands/experiments/xinfra.md

@@ -0,0 +1,115 @@
+---
+description: Manage infrastructure operations, container orchestration, cloud resources, and deployment automation
+tags: [infrastructure, containers, kubernetes, cloud, terraform, monitoring, scaling]
+---
+
+Manage infrastructure operations and cloud resources based on the arguments provided in $ARGUMENTS.
+
+First, examine the current infrastructure setup:
+!find . -name "*.tf" -o -name "*.yml" -o -name "*.yaml" | grep -E "(terraform|infra|k8s|docker)" | head -10
+!ls -la docker-compose.yml Dockerfile terraform/ k8s/ infrastructure/ 2>/dev/null || echo "No infrastructure files found"
+!which docker 2>/dev/null && docker --version || echo "Docker not available"
+!which kubectl 2>/dev/null && kubectl version --client || echo "kubectl not available"
+!which terraform 2>/dev/null && terraform version || echo "Terraform not available"
+
+Based on $ARGUMENTS, perform the appropriate infrastructure operation:
+
+## 1. Container Management
+
+If managing containers (--containers, --docker, --kubernetes):
+!docker ps 2>/dev/null || echo "Docker daemon not running"
+!kubectl get nodes 2>/dev/null || echo "No Kubernetes cluster connection"
+!ls -la docker-compose.yml 2>/dev/null || echo "No docker-compose.yml found"
+
+Manage container infrastructure:
+- Docker container orchestration
+- Kubernetes cluster operations
+- Container registry management
+- Service mesh configuration
+- Resource allocation and limits
+
+## 2. Infrastructure as Code
+
+If managing IaC (--terraform, --iac, --provision):
+!find . -name "*.tf" | head -5
+!terraform --version 2>/dev/null || echo "Terraform not installed"
+!find . -name "*.yml" -o -name "*.yaml" | xargs grep -l "AWSTemplateFormatVersion\|Resources" 2>/dev/null | head -3
+
+Manage infrastructure code:
+- Terraform configuration and state
+- CloudFormation template management
+- Infrastructure provisioning automation
+- Resource dependency management
+- State management and locking
+
+## 3. Monitoring and Observability
+
+If setting up monitoring (--monitoring, --observability, --alerts):
+!find . -name "*prometheus*" -o -name "*grafana*" | head -5
+!ps aux | grep -E "(prometheus|grafana|jaeger)" | grep -v grep
+!netstat -tuln 2>/dev/null | grep -E "(9090|3000|16686)" || echo "No monitoring services detected"
+
+Configure monitoring infrastructure:
+- Prometheus metrics collection
+- Grafana dashboard setup
+- Alert manager configuration
+- Distributed tracing setup
+- Log aggregation systems
+
+## 4. Scaling and Performance
+
+If configuring scaling (--scaling, --performance, --capacity):
+!kubectl get hpa 2>/dev/null || echo "No HPA configured"
+!find . -name "*.yml" -o -name "*.yaml" | xargs grep -l "autoscaling" 2>/dev/null | head -3
+!docker stats --no-stream 2>/dev/null | head -5 || echo "No container stats available"
+
+Implement scaling strategies:
+- Horizontal Pod Autoscaling (HPA)
+- Vertical Pod Autoscaling (VPA)
+- Cluster autoscaling configuration
+- Load balancer optimization
+- Resource quota management
+
+## 5. Security and Compliance
+
+If managing security (--security, --compliance, --rbac):
+!kubectl get networkpolicies 2>/dev/null || echo "No network policies found"
+!find . -name "*.tf" | xargs grep -l "security_group\|iam_" 2>/dev/null | head -3
+!kubectl get rbac 2>/dev/null || echo "No RBAC configured"
+
+Implement security measures:
+- Network policy configuration
+- RBAC setup and management
+- Security group rules
+- Encryption at rest and in transit
+- Compliance scanning and reporting
+
+Think step by step about infrastructure requirements and provide:
+
+1. **Infrastructure Assessment**:
+   - Current infrastructure state analysis
+   - Resource utilization evaluation
+   - Security posture assessment
+   - Compliance gap identification
+
+2. **Architecture Strategy**:
+   - Scalability planning recommendations
+   - High availability design patterns
+   - Disaster recovery planning
+   - Multi-cloud considerations
+
+3. **Implementation Plan**:
+   - Infrastructure as Code setup
+   - Container orchestration strategy
+   - Monitoring and observability integration
+   - Security controls implementation
+
+4. **Operational Excellence**:
+   - Automation opportunities
+   - Cost optimization strategies
+   - Performance monitoring setup
+   - Incident response procedures
+
+Generate comprehensive infrastructure configuration with security controls, monitoring setup, scaling strategies, and operational best practices.
+
+If no specific operation is provided, perform infrastructure health assessment and recommend improvements based on current setup and industry best practices.