@planu/cli 0.27.0 → 0.29.0

package/dist/engine/spec-templates/templates-auth-crud.js

@@ -0,0 +1,198 @@
+// engine/spec-templates/templates-auth-crud.ts — Auth JWT + CRUD entity templates.
+// Extracted from catalog.ts to keep file sizes within limits.
+/** JWT Authentication spec template. */
+export const AUTH_JWT_TEMPLATE = {
+    id: 'auth-jwt',
+    name: 'JWT Authentication',
+    category: 'auth',
+    description: 'User authentication flow with JWT tokens: login, logout, refresh, and guards.',
+    tags: ['auth', 'jwt', 'security', 'session'],
+    variables: [
+        {
+            key: 'EntityName',
+            label: 'Entity name',
+            description: 'The name of the authenticated entity (User, Admin, Member…)',
+            example: 'User',
+            required: true,
+        },
+        {
+            key: 'TokenExpiry',
+            label: 'Token expiry',
+            description: 'JWT access token expiry duration',
+            example: '15 minutes',
+            required: false,
+            defaultValue: '15 minutes',
+        },
+    ],
+    huTemplate: `# HU: JWT Authentication for {{EntityName}}
+
+## User Story
+As a {{EntityName}}, I want to securely authenticate with JWT tokens so that my session is stateless and protected.
+
+## Acceptance Criteria
+
+### AC-1: Login endpoint
+- [ ] POST /auth/login accepts credentials and returns access + refresh tokens
+- [ ] Access token expires after {{TokenExpiry}}
+- [ ] Refresh token stored server-side and rotated on each use
+- [ ] Failed login returns 401 with no sensitive detail
+
+### AC-2: Protected route guard
+- [ ] Every protected endpoint validates the Bearer token
+- [ ] Expired or invalid tokens return 401
+- [ ] Tampered tokens are rejected and logged
+
+### AC-3: Token refresh
+- [ ] POST /auth/refresh issues new access token given a valid refresh token
+- [ ] Refresh token is single-use (rotation strategy)
+
+### AC-4: Logout
+- [ ] POST /auth/logout invalidates the refresh token server-side
+- [ ] Client-side storage is cleared by the caller
+
+### AC-5: Security requirements
+- [ ] Passwords stored as salted hash (bcrypt or Argon2 equivalent)
+- [ ] HTTPS enforced in production
+- [ ] Rate limiting on /auth/login (max 5 requests/minute per IP)
+- [ ] Brute-force protection with account lockout after N failures
+
+## Out of Scope
+- OAuth2 / SSO providers (create separate spec)
+- Multi-factor authentication (create separate spec)
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: JWT Authentication for {{EntityName}}
+
+## Affected Files
+- auth/login handler
+- auth/refresh handler
+- auth/logout handler
+- auth/middleware (token guard)
+- storage/token-store (refresh token persistence)
+- config/auth-config (token secrets, expiry settings)
+
+## Types / Entities
+- \`{{EntityName}}\`: id, email, passwordHash, createdAt
+- \`AuthTokenPair\`: accessToken, refreshToken, expiresIn
+- \`RefreshTokenRecord\`: token, entityId, expiresAt, usedAt
+
+## Risks
+- Token secret exposure → rotate secrets without downtime (risk: high)
+- Refresh token replay attack → single-use rotation required
+- Brute force on login → rate limiting + lockout required
+
+## Estimation (rough)
+- Dev: 8–16 hours
+- Review: 2–4 hours
+- Difficulty: 3/5
+`,
+    progressTemplate: `# PROGRESS: JWT Authentication for {{EntityName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Login endpoint
+- [ ] AC-2: Protected route guard
+- [ ] AC-3: Token refresh
+- [ ] AC-4: Logout
+- [ ] AC-5: Security requirements
+`,
+};
+/** CRUD Entity spec template. */
+export const CRUD_ENTITY_TEMPLATE = {
+    id: 'crud-entity',
+    name: 'CRUD Entity',
+    category: 'crud',
+    description: 'Full Create/Read/Update/Delete lifecycle for any data entity.',
+    tags: ['crud', 'rest', 'api', 'database'],
+    variables: [
+        {
+            key: 'EntityName',
+            label: 'Entity name',
+            description: 'Name of the entity (singular, PascalCase)',
+            example: 'Product',
+            required: true,
+        },
+        {
+            key: 'EntityPlural',
+            label: 'Entity plural',
+            description: 'Plural form of the entity name',
+            example: 'Products',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: CRUD for {{EntityName}}
+
+## User Story
+As a user, I want to create, view, update and delete {{EntityPlural}} so that I can manage them effectively.
+
+## Acceptance Criteria
+
+### AC-1: Create {{EntityName}}
+- [ ] POST /{{EntityPlural}} accepts valid payload and persists the entity
+- [ ] Duplicate detection where applicable
+- [ ] Returns the created entity with generated ID and timestamps
+
+### AC-2: List {{EntityPlural}}
+- [ ] GET /{{EntityPlural}} returns paginated list
+- [ ] Supports filtering and sorting by key fields
+- [ ] Empty list returns 200 with empty array (not 404)
+
+### AC-3: Get single {{EntityName}}
+- [ ] GET /{{EntityPlural}}/:id returns the entity or 404
+- [ ] Soft-deleted entities return 404
+
+### AC-4: Update {{EntityName}}
+- [ ] PATCH /{{EntityPlural}}/:id applies partial update
+- [ ] PUT /{{EntityPlural}}/:id replaces the full entity
+- [ ] Returns updated entity on success
+
+### AC-5: Delete {{EntityName}}
+- [ ] DELETE /{{EntityPlural}}/:id performs soft delete by default
+- [ ] Hard delete available as a privileged action
+- [ ] Returns 204 No Content on success
+
+### AC-6: Validation
+- [ ] All inputs validated at the API boundary
+- [ ] Invalid fields return 422 with per-field error messages
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: CRUD for {{EntityName}}
+
+## Affected Files
+- handlers/{{EntityPlural}}/create
+- handlers/{{EntityPlural}}/list
+- handlers/{{EntityPlural}}/get
+- handlers/{{EntityPlural}}/update
+- handlers/{{EntityPlural}}/delete
+- storage/{{EntityPlural}}-repository
+- types/{{EntityName}}
+
+## Types / Entities
+- \`{{EntityName}}\`: id, createdAt, updatedAt, deletedAt (nullable)
+- \`Create{{EntityName}}Input\`: entity fields (validated)
+- \`Update{{EntityName}}Input\`: partial entity fields
+- \`List{{EntityPlural}}Query\`: page, limit, sortBy, order, filters
+
+## Risks
+- Missing soft-delete → data loss risk
+- Unbounded list without pagination → performance risk
+- Missing input validation → injection risk
+
+## Estimation (rough)
+- Dev: 6–12 hours
+- Review: 1–3 hours
+- Difficulty: 2/5
+`,
+    progressTemplate: `# PROGRESS: CRUD for {{EntityName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Create {{EntityName}}
+- [ ] AC-2: List {{EntityPlural}}
+- [ ] AC-3: Get single {{EntityName}}
+- [ ] AC-4: Update {{EntityName}}
+- [ ] AC-5: Delete {{EntityName}}
+- [ ] AC-6: Validation
+`,
+};
+//# sourceMappingURL=templates-auth-crud.js.map

package/dist/engine/spec-templates/templates-auth-crud.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-auth-crud.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-auth-crud.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,8DAA8D;AAI9D,wCAAwC;AACxC,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,oBAAoB;IAC1B,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,+EAA+E;IAC5F,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC;IAC5C,SAAS,EAAE;QACT;YACE,GAAG,EAAE,YAAY;YACjB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,6DAA6D;YAC1E,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,aAAa;YAClB,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,kCAAkC;YAC/C,OAAO,EAAE,YAAY;YACrB,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE,YAAY;SAC3B;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;CAwBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC;AAEF,iCAAiC;AACjC,MAAM,CAAC,MAAM,oBAAoB,GAAsB;IACrD,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,aAAa;IACnB,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,+DAA+D;IAC5E,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC;IACzC,SAAS,EAAE;QACT;YACE,GAAG,EAAE,YAAY;YACjB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,2CAA2C;YACxD,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,cAAc;YACnB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,gCAAgC;YAC7C,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;CA0BvB;IACC,gBAAgB,EAAE;;;;;;;;;;;CAWnB;CACA,CAAC"}

package/dist/engine/spec-templates/templates-data-security.d.ts

@@ -0,0 +1,6 @@
+import type { SpecTemplateEntry } from '../../types/spec-templates.js';
+/** Data migration spec template. */
+export declare const DATA_MIGRATION_TEMPLATE: SpecTemplateEntry;
+/** Security feature spec template. */
+export declare const SECURITY_FEATURE_TEMPLATE: SpecTemplateEntry;
+//# sourceMappingURL=templates-data-security.d.ts.map

package/dist/engine/spec-templates/templates-data-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-data-security.d.ts","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-data-security.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,oCAAoC;AACpC,eAAO,MAAM,uBAAuB,EAAE,iBA8ErC,CAAC;AAEF,sCAAsC;AACtC,eAAO,MAAM,yBAAyB,EAAE,iBAuFvC,CAAC"}

package/dist/engine/spec-templates/templates-data-security.js

@@ -0,0 +1,172 @@
+// engine/spec-templates/templates-data-security.ts — Data migration + security feature templates.
+// Extracted from catalog-extra.ts to keep file sizes within limits.
+/** Data migration spec template. */
+export const DATA_MIGRATION_TEMPLATE = {
+    id: 'data-migration',
+    name: 'Data Migration',
+    category: 'data',
+    description: 'Safe, reversible database or data migration with rollback support.',
+    tags: ['migration', 'database', 'schema', 'data'],
+    variables: [
+        {
+            key: 'MigrationName',
+            label: 'Migration name',
+            description: 'Short descriptive name for this migration',
+            example: 'Add email_verified column to users',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: Data Migration — {{MigrationName}}
+
+## User Story
+As a developer, I want to apply the migration "{{MigrationName}}" safely so that production data is not at risk.
+
+## Acceptance Criteria
+
+### AC-1: Migration script
+- [ ] Migration has an "up" (apply) and "down" (rollback) operation
+- [ ] Script is idempotent (safe to run multiple times)
+- [ ] Each step is transactional where supported by the database
+
+### AC-2: Data safety
+- [ ] Pre-migration backup documented in runbook
+- [ ] No destructive operation without a confirmed backup
+- [ ] Migration tested on a staging copy of production data
+
+### AC-3: Zero-downtime strategy
+- [ ] Migration can be applied while the application is running
+- [ ] Backward-compatible schema changes first (expand), then cleanup (contract)
+- [ ] Feature flag used if application code needs to switch behavior
+
+### AC-4: Rollback
+- [ ] Rollback procedure documented and tested
+- [ ] Rollback does not cause data loss
+- [ ] Time to rollback < 15 minutes
+
+### AC-5: Observability
+- [ ] Migration duration logged
+- [ ] Row counts before/after logged for verification
+- [ ] Anomalies (unexpected row counts) trigger alerts
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: Data Migration — {{MigrationName}}
+
+## Affected Files
+- migrations/{{MigrationName}}/up
+- migrations/{{MigrationName}}/down
+- runbooks/{{MigrationName}}-rollback
+
+## Types / Entities
+- Migration metadata: id, name, appliedAt, duration, rolledBack
+
+## Risks
+- Data loss on rollback → mandatory backup before apply
+- Long-running migration → table locks in production
+- Missing idempotency → partial application leaves DB in bad state
+
+## Estimation (rough)
+- Dev: 4–12 hours
+- Review: 2–4 hours
+- Difficulty: 3/5
+`,
+    progressTemplate: `# PROGRESS: Data Migration — {{MigrationName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Migration script
+- [ ] AC-2: Data safety
+- [ ] AC-3: Zero-downtime strategy
+- [ ] AC-4: Rollback
+- [ ] AC-5: Observability
+`,
+};
+/** Security feature spec template. */
+export const SECURITY_FEATURE_TEMPLATE = {
+    id: 'security-feature',
+    name: 'Security Feature',
+    category: 'security',
+    description: 'Security hardening: rate limiting, input sanitization, audit logging, etc.',
+    tags: ['security', 'hardening', 'audit', 'rate-limiting'],
+    variables: [
+        {
+            key: 'FeatureName',
+            label: 'Security feature name',
+            description: 'Name of the security feature being implemented',
+            example: 'Rate Limiting',
+            required: true,
+        },
+        {
+            key: 'ProtectedResource',
+            label: 'Protected resource or area',
+            description: 'What is being protected by this feature',
+            example: 'authentication endpoints',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: Security Feature — {{FeatureName}}
+
+## User Story
+As a security engineer, I want {{FeatureName}} applied to {{ProtectedResource}} so that attack vectors are reduced.
+
+## Acceptance Criteria
+
+### AC-1: Implementation
+- [ ] {{FeatureName}} implemented at the correct layer (edge, gateway, application)
+- [ ] Configuration externalized (not hardcoded)
+- [ ] Enabled in production, configurable in development
+
+### AC-2: Bypass prevention
+- [ ] Cannot be bypassed by manipulating headers or query parameters
+- [ ] Handles IPv4, IPv6, and forwarded IP headers correctly
+- [ ] Works behind reverse proxies and CDNs
+
+### AC-3: Observability
+- [ ] Blocked/throttled requests logged with reason
+- [ ] Metrics exported: blocked count, block rate, top blocked IPs
+- [ ] Alert triggers when block rate exceeds threshold
+
+### AC-4: Testing
+- [ ] Unit tests cover allowed and blocked cases
+- [ ] Integration tests simulate attack patterns
+- [ ] Penetration test checklist updated
+
+### AC-5: Documentation
+- [ ] Security runbook updated with new feature
+- [ ] Limits and thresholds documented with rationale
+- [ ] On-call playbook updated for incident response
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: Security Feature — {{FeatureName}}
+
+## Affected Files
+- middleware/{{FeatureName}}
+- config/security-config
+- monitoring/security-alerts
+- runbooks/security-incident
+
+## Types / Entities
+- \`{{FeatureName}}Config\`: thresholds, enabled, dryRun
+- \`SecurityEvent\`: type, resource, ip, timestamp, blocked
+
+## Risks
+- False positives blocking legitimate users → dry-run mode first
+- Missing coverage for all entry points → security audit required
+- Misconfiguration under proxy → test in staging with proxy enabled
+
+## Estimation (rough)
+- Dev: 4–12 hours
+- Review: 2–4 hours
+- Difficulty: 3/5
+`,
+    progressTemplate: `# PROGRESS: Security Feature — {{FeatureName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Implementation
+- [ ] AC-2: Bypass prevention
+- [ ] AC-3: Observability
+- [ ] AC-4: Testing
+- [ ] AC-5: Documentation
+`,
+};
+//# sourceMappingURL=templates-data-security.js.map

package/dist/engine/spec-templates/templates-data-security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-data-security.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-data-security.ts"],"names":[],"mappings":"AAAA,kGAAkG;AAClG,oEAAoE;AAIpE,oCAAoC;AACpC,MAAM,CAAC,MAAM,uBAAuB,GAAsB;IACxD,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,oEAAoE;IACjF,IAAI,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC;IACjD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,eAAe;YACpB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,2CAA2C;YACxD,OAAO,EAAE,oCAAoC;YAC7C,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+Bb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;CAmBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC;AAEF,sCAAsC;AACtC,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,kBAAkB;IACxB,QAAQ,EAAE,UAAU;IACpB,WAAW,EAAE,4EAA4E;IACzF,IAAI,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,eAAe,CAAC;IACzD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,aAAa;YAClB,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,mBAAmB;YACxB,KAAK,EAAE,4BAA4B;YACnC,WAAW,EAAE,yCAAyC;YACtD,OAAO,EAAE,0BAA0B;YACnC,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+Bb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;CAqBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC"}

package/dist/engine/spec-templates/templates-perf-integration.d.ts

@@ -0,0 +1,6 @@
+import type { SpecTemplateEntry } from '../../types/spec-templates.js';
+/** Performance optimization spec template. */
+export declare const PERFORMANCE_OPTIMIZATION_TEMPLATE: SpecTemplateEntry;
+/** Third-party integration spec template. */
+export declare const THIRD_PARTY_INTEGRATION_TEMPLATE: SpecTemplateEntry;
+//# sourceMappingURL=templates-perf-integration.d.ts.map

package/dist/engine/spec-templates/templates-perf-integration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-perf-integration.d.ts","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-perf-integration.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,8CAA8C;AAC9C,eAAO,MAAM,iCAAiC,EAAE,iBAkG/C,CAAC;AAEF,6CAA6C;AAC7C,eAAO,MAAM,gCAAgC,EAAE,iBA8F9C,CAAC"}

package/dist/engine/spec-templates/templates-perf-integration.js

@@ -0,0 +1,199 @@
+// engine/spec-templates/templates-perf-integration.ts — Performance + third-party integration templates.
+// Extracted from catalog-extra.ts to keep file sizes within limits.
+/** Performance optimization spec template. */
+export const PERFORMANCE_OPTIMIZATION_TEMPLATE = {
+    id: 'performance-optimization',
+    name: 'Performance Optimization',
+    category: 'performance',
+    description: 'Measurable performance improvements with before/after benchmarks.',
+    tags: ['performance', 'optimization', 'caching', 'benchmarks'],
+    variables: [
+        {
+            key: 'TargetArea',
+            label: 'Target area',
+            description: 'The specific area to optimize (e.g. API response time, DB queries)',
+            example: 'API response time',
+            required: true,
+        },
+        {
+            key: 'CurrentBaseline',
+            label: 'Current baseline',
+            description: 'Current measured performance metric',
+            example: 'P95 latency: 800ms',
+            required: false,
+            defaultValue: 'TBD — measure before starting',
+        },
+        {
+            key: 'TargetGoal',
+            label: 'Target goal',
+            description: 'Desired performance metric after optimization',
+            example: 'P95 latency: < 200ms',
+            required: false,
+            defaultValue: 'TBD — define after baseline measurement',
+        },
+    ],
+    huTemplate: `# HU: Performance Optimization — {{TargetArea}}
+
+## User Story
+As a user, I want {{TargetArea}} to be faster so that the application feels responsive.
+
+## Baseline
+- Current: {{CurrentBaseline}}
+- Target: {{TargetGoal}}
+
+## Acceptance Criteria
+
+### AC-1: Baseline measurement
+- [ ] Benchmark suite established before any changes
+- [ ] Metrics captured: P50, P95, P99 latency, throughput, error rate
+- [ ] Benchmark results stored for comparison
+
+### AC-2: Optimization implementation
+- [ ] Root cause of performance issue identified and documented
+- [ ] Optimization applied at the correct layer
+- [ ] No correctness regression introduced by optimization
+
+### AC-3: Cache strategy (if applicable)
+- [ ] Cache invalidation strategy defined
+- [ ] Cache hit rate monitored
+- [ ] Cache warm-up procedure documented
+
+### AC-4: Validation
+- [ ] Post-optimization benchmark shows improvement vs baseline
+- [ ] Target goal reached or documented with explanation if not
+- [ ] Load test confirms improvement holds under concurrent traffic
+
+### AC-5: Observability
+- [ ] Performance metrics added to dashboard
+- [ ] Regression alert configured (auto-detect if P95 degrades)
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: Performance Optimization — {{TargetArea}}
+
+## Affected Files
+- (determined during root-cause analysis)
+- monitoring/dashboards/{{TargetArea}}
+- benchmarks/{{TargetArea}}
+
+## Types / Entities
+- \`BenchmarkResult\`: timestamp, p50, p95, p99, throughput, errorRate
+- \`CacheEntry\` (if caching): key, value, ttl, hitCount
+
+## Risks
+- Optimization that breaks correctness → benchmark must include correctness tests
+- Cache inconsistency → strong consistency tests required
+- Performance regression after unrelated change → regression alert required
+
+## Estimation (rough)
+- Dev: 4–20 hours (highly variable by root cause)
+- Review: 2–4 hours
+- Difficulty: 3–4/5
+`,
+    progressTemplate: `# PROGRESS: Performance Optimization — {{TargetArea}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Baseline measurement
+- [ ] AC-2: Optimization implementation
+- [ ] AC-3: Cache strategy
+- [ ] AC-4: Validation
+- [ ] AC-5: Observability
+`,
+};
+/** Third-party integration spec template. */
+export const THIRD_PARTY_INTEGRATION_TEMPLATE = {
+    id: 'third-party-integration',
+    name: 'Third-Party Integration',
+    category: 'integration',
+    description: 'Integrating with an external service (payment, email, SMS, CRM, etc.).',
+    tags: ['integration', 'external', 'api', 'webhook'],
+    variables: [
+        {
+            key: 'ServiceName',
+            label: 'Service name',
+            description: 'Name of the external service to integrate',
+            example: 'Stripe',
+            required: true,
+        },
+        {
+            key: 'IntegrationPurpose',
+            label: 'Purpose',
+            description: 'What the integration enables',
+            example: 'payment processing',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: {{ServiceName}} Integration
+
+## User Story
+As a developer, I want to integrate {{ServiceName}} so that the platform can handle {{IntegrationPurpose}} reliably.
+
+## Acceptance Criteria
+
+### AC-1: Credentials management
+- [ ] API keys and secrets stored in environment variables (never hardcoded)
+- [ ] Separate credentials for development, staging, and production
+- [ ] Credential rotation documented in runbook
+
+### AC-2: Core integration
+- [ ] {{ServiceName}} SDK or HTTP client initialized with proper config
+- [ ] All calls wrapped in retry logic with exponential backoff
+- [ ] Timeouts configured (no infinite waits)
+
+### AC-3: Error handling
+- [ ] {{ServiceName}} API errors mapped to internal error types
+- [ ] Network failures do not crash the application
+- [ ] Errors logged with enough context for debugging
+
+### AC-4: Webhooks (if applicable)
+- [ ] Webhook endpoint validates signature before processing
+- [ ] Events processed idempotently (replay-safe)
+- [ ] Failed event processing alerts the on-call team
+
+### AC-5: Observability
+- [ ] All outbound calls logged (method, status, latency)
+- [ ] Circuit breaker implemented for high-traffic paths
+
+### AC-6: Testing
+- [ ] Unit tests mock {{ServiceName}} client
+- [ ] Integration tests use sandbox/test environment
+- [ ] Webhook tests replay recorded payloads
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: {{ServiceName}} Integration
+
+## Affected Files
+- integrations/{{ServiceName}}/client
+- integrations/{{ServiceName}}/webhook-handler
+- integrations/{{ServiceName}}/error-mapper
+- config/{{ServiceName}}-config
+- tests/integrations/{{ServiceName}}
+
+## Types / Entities
+- \`{{ServiceName}}Config\`: apiKey, baseUrl, timeout, retries
+- \`{{ServiceName}}Error\`: code, message, retryable
+- \`WebhookEvent\`: id, type, payload, receivedAt
+
+## Risks
+- Vendor API changes without notice → pin SDK version, monitor changelogs
+- Rate limits exceeded → implement request queuing
+- Credentials leaked → secrets manager mandatory
+
+## Estimation (rough)
+- Dev: 8–20 hours
+- Review: 2–4 hours
+- Difficulty: 3/5
+`,
+    progressTemplate: `# PROGRESS: {{ServiceName}} Integration
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Credentials management
+- [ ] AC-2: Core integration
+- [ ] AC-3: Error handling
+- [ ] AC-4: Webhooks
+- [ ] AC-5: Observability
+- [ ] AC-6: Testing
+`,
+};
+//# sourceMappingURL=templates-perf-integration.js.map

package/dist/engine/spec-templates/templates-perf-integration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-perf-integration.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-perf-integration.ts"],"names":[],"mappings":"AAAA,yGAAyG;AACzG,oEAAoE;AAIpE,8CAA8C;AAC9C,MAAM,CAAC,MAAM,iCAAiC,GAAsB;IAClE,EAAE,EAAE,0BAA0B;IAC9B,IAAI,EAAE,0BAA0B;IAChC,QAAQ,EAAE,aAAa;IACvB,WAAW,EAAE,mEAAmE;IAChF,IAAI,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,SAAS,EAAE,YAAY,CAAC;IAC9D,SAAS,EAAE;QACT;YACE,GAAG,EAAE,YAAY;YACjB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,oEAAoE;YACjF,OAAO,EAAE,mBAAmB;YAC5B,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,iBAAiB;YACtB,KAAK,EAAE,kBAAkB;YACzB,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,oBAAoB;YAC7B,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE,+BAA+B;SAC9C;QACD;YACE,GAAG,EAAE,YAAY;YACjB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,+CAA+C;YAC5D,OAAO,EAAE,sBAAsB;YAC/B,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE,yCAAyC;SACxD;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;CAoBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC;AAEF,6CAA6C;AAC7C,MAAM,CAAC,MAAM,gCAAgC,GAAsB;IACjE,EAAE,EAAE,yBAAyB;IAC7B,IAAI,EAAE,yBAAyB;IAC/B,QAAQ,EAAE,aAAa;IACvB,WAAW,EAAE,wEAAwE;IACrF,IAAI,EAAE,CAAC,aAAa,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC;IACnD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,aAAa;YAClB,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,2CAA2C;YACxD,OAAO,EAAE,QAAQ;YACjB,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,oBAAoB;YACzB,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,8BAA8B;YAC3C,OAAO,EAAE,oBAAoB;YAC7B,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;CAuBvB;IACC,gBAAgB,EAAE;;;;;;;;;;;CAWnB;CACA,CAAC"}

package/dist/engine/tool-groups/context-analyzer.d.ts

@@ -0,0 +1,11 @@
+import type { ContextSuggestion } from '../../types/index.js';
+/**
+ * Analyzes the last invoked tool and suggests groups that should be activated.
+ * Returns suggestions sorted by confidence (highest first).
+ */
+export declare function analyzeContext(lastToolUsed: string, enabledGroups: Set<string>): ContextSuggestion[];
+/**
+ * Returns the group id that a given tool belongs to, or undefined.
+ */
+export declare function findGroupForTool(toolName: string): string | undefined;
+//# sourceMappingURL=context-analyzer.d.ts.map

package/dist/engine/tool-groups/context-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context-analyzer.d.ts","sourceRoot":"","sources":["../../../src/engine/tool-groups/context-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,kBAAkB,CAAC;AAQ/E;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,GACzB,iBAAiB,EAAE,CA2BrB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAErE"}

package/dist/engine/tool-groups/context-analyzer.js

@@ -0,0 +1,40 @@
+import toolGroupsConfigJson from '../../config/tool-groups.json' with { type: 'json' };
+const config = toolGroupsConfigJson;
+const TRIGGER_CONFIDENCE = 0.9;
+const MEMBER_CONFIDENCE = 0.5;
+/**
+ * Analyzes the last invoked tool and suggests groups that should be activated.
+ * Returns suggestions sorted by confidence (highest first).
+ */
+export function analyzeContext(lastToolUsed, enabledGroups) {
+    const suggestions = [];
+    for (const group of config.groups) {
+        if (enabledGroups.has(group.id)) {
+            continue;
+        }
+        const isTrigger = group.triggerTools?.includes(lastToolUsed) ?? false;
+        const isMember = group.tools.includes(lastToolUsed);
+        if (isTrigger) {
+            suggestions.push({
+                suggestedGroup: group.id,
+                reason: `Tool "${lastToolUsed}" is a trigger for group "${group.name}"`,
+                confidence: TRIGGER_CONFIDENCE,
+            });
+        }
+        else if (isMember) {
+            suggestions.push({
+                suggestedGroup: group.id,
+                reason: `Tool "${lastToolUsed}" belongs to group "${group.name}"`,
+                confidence: MEMBER_CONFIDENCE,
+            });
+        }
+    }
+    return suggestions.sort((a, b) => b.confidence - a.confidence);
+}
+/**
+ * Returns the group id that a given tool belongs to, or undefined.
+ */
+export function findGroupForTool(toolName) {
+    return config.groups.find((g) => g.tools.includes(toolName))?.id;
+}
+//# sourceMappingURL=context-analyzer.js.map

package/dist/engine/tool-groups/context-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context-analyzer.js","sourceRoot":"","sources":["../../../src/engine/tool-groups/context-analyzer.ts"],"names":[],"mappings":"AACA,OAAO,oBAAoB,MAAM,+BAA+B,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AAEvF,MAAM,MAAM,GAAG,oBAAyD,CAAC;AAEzE,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAC/B,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAE9B;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,YAAoB,EACpB,aAA0B;IAE1B,MAAM,WAAW,GAAwB,EAAE,CAAC;IAE5C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,IAAI,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,EAAE,QAAQ,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC;QACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEpD,IAAI,SAAS,EAAE,CAAC;YACd,WAAW,CAAC,IAAI,CAAC;gBACf,cAAc,EAAE,KAAK,CAAC,EAAE;gBACxB,MAAM,EAAE,SAAS,YAAY,6BAA6B,KAAK,CAAC,IAAI,GAAG;gBACvE,UAAU,EAAE,kBAAkB;aAC/B,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,QAAQ,EAAE,CAAC;YACpB,WAAW,CAAC,IAAI,CAAC;gBACf,cAAc,EAAE,KAAK,CAAC,EAAE;gBACxB,MAAM,EAAE,SAAS,YAAY,uBAAuB,KAAK,CAAC,IAAI,GAAG;gBACjE,UAAU,EAAE,iBAAiB;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;AACjE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC;AACnE,CAAC"}