@planu/cli 0.27.0 → 0.29.0

package/dist/engine/spec-templates/catalog.js

@@ -1,386 +1,15 @@
 // engine/spec-templates/catalog.ts — Built-in template catalog (language-agnostic).
 // Each template is framework/language agnostic: no TypeScript-specific terms.
-// Templates 6-8 (data, security, performance) live in catalog-extra.ts to keep file size ≤500L.
+// Templates are defined in dedicated files and assembled here.
+import { AUTH_JWT_TEMPLATE, CRUD_ENTITY_TEMPLATE } from './templates-auth-crud.js';
+import { REST_API_ENDPOINT_TEMPLATE, UI_FORM_TEMPLATE } from './templates-api-ui.js';
 import { EXTRA_TEMPLATES } from './catalog-extra.js';
-/** Full catalog of built-in spec templates (core entries — templates 1–5). */
-const CORE_TEMPLATES = [
-    {
-        id: 'auth-jwt',
-        name: 'JWT Authentication',
-        category: 'auth',
-        description: 'User authentication flow with JWT tokens: login, logout, refresh, and guards.',
-        tags: ['auth', 'jwt', 'security', 'session'],
-        variables: [
-            {
-                key: 'EntityName',
-                label: 'Entity name',
-                description: 'The name of the authenticated entity (User, Admin, Member…)',
-                example: 'User',
-                required: true,
-            },
-            {
-                key: 'TokenExpiry',
-                label: 'Token expiry',
-                description: 'JWT access token expiry duration',
-                example: '15 minutes',
-                required: false,
-                defaultValue: '15 minutes',
-            },
-        ],
-        huTemplate: `# HU: JWT Authentication for {{EntityName}}
-
-## User Story
-As a {{EntityName}}, I want to securely authenticate with JWT tokens so that my session is stateless and protected.
-
-## Acceptance Criteria
-
-### AC-1: Login endpoint
-- [ ] POST /auth/login accepts credentials and returns access + refresh tokens
-- [ ] Access token expires after {{TokenExpiry}}
-- [ ] Refresh token stored server-side and rotated on each use
-- [ ] Failed login returns 401 with no sensitive detail
-
-### AC-2: Protected route guard
-- [ ] Every protected endpoint validates the Bearer token
-- [ ] Expired or invalid tokens return 401
-- [ ] Tampered tokens are rejected and logged
-
-### AC-3: Token refresh
-- [ ] POST /auth/refresh issues new access token given a valid refresh token
-- [ ] Refresh token is single-use (rotation strategy)
-
-### AC-4: Logout
-- [ ] POST /auth/logout invalidates the refresh token server-side
-- [ ] Client-side storage is cleared by the caller
-
-### AC-5: Security requirements
-- [ ] Passwords stored as salted hash (bcrypt or Argon2 equivalent)
-- [ ] HTTPS enforced in production
-- [ ] Rate limiting on /auth/login (max 5 requests/minute per IP)
-- [ ] Brute-force protection with account lockout after N failures
-
-## Out of Scope
-- OAuth2 / SSO providers (create separate spec)
-- Multi-factor authentication (create separate spec)
-`,
-        fichaTecnicaTemplate: `# FICHA TÉCNICA: JWT Authentication for {{EntityName}}
-
-## Affected Files
-- auth/login handler
-- auth/refresh handler
-- auth/logout handler
-- auth/middleware (token guard)
-- storage/token-store (refresh token persistence)
-- config/auth-config (token secrets, expiry settings)
-
-## Types / Entities
-- \`{{EntityName}}\`: id, email, passwordHash, createdAt
-- \`AuthTokenPair\`: accessToken, refreshToken, expiresIn
-- \`RefreshTokenRecord\`: token, entityId, expiresAt, usedAt
-
-## Risks
-- Token secret exposure → rotate secrets without downtime (risk: high)
-- Refresh token replay attack → single-use rotation required
-- Brute force on login → rate limiting + lockout required
-
-## Estimation (rough)
-- Dev: 8–16 hours
-- Review: 2–4 hours
-- Difficulty: 3/5
-`,
-        progressTemplate: `# PROGRESS: JWT Authentication for {{EntityName}}
-
-## Status: draft
-
-## Criteria
-- [ ] AC-1: Login endpoint
-- [ ] AC-2: Protected route guard
-- [ ] AC-3: Token refresh
-- [ ] AC-4: Logout
-- [ ] AC-5: Security requirements
-`,
-    },
-    {
-        id: 'crud-entity',
-        name: 'CRUD Entity',
-        category: 'crud',
-        description: 'Full Create/Read/Update/Delete lifecycle for any data entity.',
-        tags: ['crud', 'rest', 'api', 'database'],
-        variables: [
-            {
-                key: 'EntityName',
-                label: 'Entity name',
-                description: 'Name of the entity (singular, PascalCase)',
-                example: 'Product',
-                required: true,
-            },
-            {
-                key: 'EntityPlural',
-                label: 'Entity plural',
-                description: 'Plural form of the entity name',
-                example: 'Products',
-                required: true,
-            },
-        ],
-        huTemplate: `# HU: CRUD for {{EntityName}}
-
-## User Story
-As a user, I want to create, view, update and delete {{EntityPlural}} so that I can manage them effectively.
-
-## Acceptance Criteria
-
-### AC-1: Create {{EntityName}}
-- [ ] POST /{{EntityPlural}} accepts valid payload and persists the entity
-- [ ] Duplicate detection where applicable
-- [ ] Returns the created entity with generated ID and timestamps
-
-### AC-2: List {{EntityPlural}}
-- [ ] GET /{{EntityPlural}} returns paginated list
-- [ ] Supports filtering and sorting by key fields
-- [ ] Empty list returns 200 with empty array (not 404)
-
-### AC-3: Get single {{EntityName}}
-- [ ] GET /{{EntityPlural}}/:id returns the entity or 404
-- [ ] Soft-deleted entities return 404
-
-### AC-4: Update {{EntityName}}
-- [ ] PATCH /{{EntityPlural}}/:id applies partial update
-- [ ] PUT /{{EntityPlural}}/:id replaces the full entity
-- [ ] Returns updated entity on success
-
-### AC-5: Delete {{EntityName}}
-- [ ] DELETE /{{EntityPlural}}/:id performs soft delete by default
-- [ ] Hard delete available as a privileged action
-- [ ] Returns 204 No Content on success
-
-### AC-6: Validation
-- [ ] All inputs validated at the API boundary
-- [ ] Invalid fields return 422 with per-field error messages
-`,
-        fichaTecnicaTemplate: `# FICHA TÉCNICA: CRUD for {{EntityName}}
-
-## Affected Files
-- handlers/{{EntityPlural}}/create
-- handlers/{{EntityPlural}}/list
-- handlers/{{EntityPlural}}/get
-- handlers/{{EntityPlural}}/update
-- handlers/{{EntityPlural}}/delete
-- storage/{{EntityPlural}}-repository
-- types/{{EntityName}}
-
-## Types / Entities
-- \`{{EntityName}}\`: id, createdAt, updatedAt, deletedAt (nullable)
-- \`Create{{EntityName}}Input\`: entity fields (validated)
-- \`Update{{EntityName}}Input\`: partial entity fields
-- \`List{{EntityPlural}}Query\`: page, limit, sortBy, order, filters
-
-## Risks
-- Missing soft-delete → data loss risk
-- Unbounded list without pagination → performance risk
-- Missing input validation → injection risk
-
-## Estimation (rough)
-- Dev: 6–12 hours
-- Review: 1–3 hours
-- Difficulty: 2/5
-`,
-        progressTemplate: `# PROGRESS: CRUD for {{EntityName}}
-
-## Status: draft
-
-## Criteria
-- [ ] AC-1: Create {{EntityName}}
-- [ ] AC-2: List {{EntityPlural}}
-- [ ] AC-3: Get single {{EntityName}}
-- [ ] AC-4: Update {{EntityName}}
-- [ ] AC-5: Delete {{EntityName}}
-- [ ] AC-6: Validation
-`,
-    },
-    {
-        id: 'rest-api-endpoint',
-        name: 'REST API Endpoint',
-        category: 'api',
-        description: 'A single REST endpoint with validation, error handling, and documentation.',
-        tags: ['api', 'rest', 'endpoint', 'openapi'],
-        variables: [
-            {
-                key: 'EndpointName',
-                label: 'Endpoint name',
-                description: 'Short descriptive name for this endpoint',
-                example: 'Submit Order',
-                required: true,
-            },
-            {
-                key: 'HttpMethod',
-                label: 'HTTP Method',
-                description: 'HTTP method: GET, POST, PUT, PATCH, DELETE',
-                example: 'POST',
-                required: true,
-            },
-            {
-                key: 'Path',
-                label: 'URL path',
-                description: 'The URL path for this endpoint',
-                example: '/orders/submit',
-                required: true,
-            },
-        ],
-        huTemplate: `# HU: REST API Endpoint — {{EndpointName}}
-
-## User Story
-As an API consumer, I want a reliable {{HttpMethod}} {{Path}} endpoint so that I can {{EndpointName}} without client-side workarounds.
-
-## Acceptance Criteria
-
-### AC-1: Request validation
-- [ ] Input schema validated at the boundary
-- [ ] Invalid requests return 422 with structured error messages
-- [ ] Content-Type header checked when applicable
-
-### AC-2: Core business logic
-- [ ] {{EndpointName}} logic is encapsulated in a dedicated use-case function
-- [ ] Side effects (emails, notifications, jobs) are isolated and testable
-
-### AC-3: Response contract
-- [ ] Success response follows the API response envelope convention
-- [ ] HTTP status codes match the operation semantics
-- [ ] Response schema is documented (OpenAPI or equivalent)
-
-### AC-4: Error handling
-- [ ] All error paths return structured JSON (not stack traces)
-- [ ] 404 returned for missing resources
-- [ ] 409 returned for conflicts
-- [ ] 500 never leaks internal details
-
-### AC-5: Idempotency (if applicable)
-- [ ] Idempotency key header supported for non-idempotent operations
-- [ ] Duplicate requests handled gracefully
-
-### AC-6: Observability
-- [ ] Endpoint logged with method, path, status, latency
-- [ ] Errors reported to the monitoring system
-`,
-        fichaTecnicaTemplate: `# FICHA TÉCNICA: REST API Endpoint — {{EndpointName}}
-
-## Affected Files
-- handlers/{{Path}} (route handler)
-- use-cases/{{EndpointName}} (business logic)
-- validators/{{EndpointName}}-input
-- openapi/paths/{{Path}} (documentation)
-
-## Types / Entities
-- \`{{EndpointName}}Input\`: validated request payload
-- \`{{EndpointName}}Output\`: response body shape
-- \`ApiError\`: code, message, details[]
-
-## Risks
-- Missing idempotency for mutation → duplicate side effects
-- Unbounded response size → add pagination or field projection
-- Missing auth guard → unauthorized access
-
-## Estimation (rough)
-- Dev: 4–8 hours
-- Review: 1–2 hours
-- Difficulty: 2/5
-`,
-        progressTemplate: `# PROGRESS: REST API Endpoint — {{EndpointName}}
-
-## Status: draft
-
-## Criteria
-- [ ] AC-1: Request validation
-- [ ] AC-2: Core business logic
-- [ ] AC-3: Response contract
-- [ ] AC-4: Error handling
-- [ ] AC-5: Idempotency
-- [ ] AC-6: Observability
-`,
-    },
-    {
-        id: 'ui-form',
-        name: 'UI Form',
-        category: 'ui',
-        description: 'Interactive form with validation, error display, and accessibility.',
-        tags: ['ui', 'form', 'ux', 'accessibility', 'validation'],
-        variables: [
-            {
-                key: 'FormName',
-                label: 'Form name',
-                description: 'Name of the form (e.g. Registration, Checkout, Contact)',
-                example: 'Registration',
-                required: true,
-            },
-        ],
-        huTemplate: `# HU: {{FormName}} Form
-
-## User Story
-As a user, I want to fill out the {{FormName}} form with clear guidance so that I can complete the action without confusion.
-
-## Acceptance Criteria
-
-### AC-1: Field validation
-- [ ] Required fields marked visually
-- [ ] Validation runs on blur and on submit
-- [ ] Error messages appear adjacent to invalid fields
-- [ ] Valid fields show positive feedback
-
-### AC-2: Submit behavior
-- [ ] Form is disabled (loading state) during submission
-- [ ] Success state shown after successful submission
-- [ ] Errors from the API are displayed inline
-
-### AC-3: Accessibility
-- [ ] All inputs have visible labels
-- [ ] Error messages linked via aria-describedby
-- [ ] Form navigable via keyboard (Tab, Enter, Escape)
-- [ ] Screen reader announces validation errors
-
-### AC-4: Responsive design
-- [ ] Form renders correctly on mobile, tablet, and desktop
-- [ ] Touch targets meet minimum size (44×44 px)
-
-### AC-5: Reset and cancel
-- [ ] Reset clears all fields and removes error state
-- [ ] Cancel navigates away without data loss warning if form is pristine
-- [ ] Cancel shows confirmation dialog if form has unsaved changes
-`,
-        fichaTecnicaTemplate: `# FICHA TÉCNICA: {{FormName}} Form
-
-## Affected Files
-- components/{{FormName}}Form
-- hooks/use{{FormName}}Form (form state, validation)
-- api/{{FormName}}-client (submission)
-- i18n/{{FormName}}-form.json (strings)
-
-## Types / Entities
-- \`{{FormName}}FormValues\`: all field values
-- \`{{FormName}}FormErrors\`: per-field error messages
-- \`{{FormName}}FormState\`: idle | submitting | success | error
-
-## Risks
-- Missing server-side validation mirror → inconsistent UX
-- Missing loading state → double submissions
-- Missing ARIA attributes → accessibility failures
-
-## Estimation (rough)
-- Dev: 4–10 hours
-- Review: 1–2 hours
-- Difficulty: 2/5
-`,
-        progressTemplate: `# PROGRESS: {{FormName}} Form
-
-## Status: draft
-
-## Criteria
-- [ ] AC-1: Field validation
-- [ ] AC-2: Submit behavior
-- [ ] AC-3: Accessibility
-- [ ] AC-4: Responsive design
-- [ ] AC-5: Reset and cancel
-`,
-    },
-];
 /** Full catalog of built-in spec templates (core + extra). */
-export const BUILT_IN_TEMPLATES = [...CORE_TEMPLATES, ...EXTRA_TEMPLATES];
+export const BUILT_IN_TEMPLATES = [
+    AUTH_JWT_TEMPLATE,
+    CRUD_ENTITY_TEMPLATE,
+    REST_API_ENDPOINT_TEMPLATE,
+    UI_FORM_TEMPLATE,
+    ...EXTRA_TEMPLATES,
+];
 //# sourceMappingURL=catalog.js.map

package/dist/engine/spec-templates/catalog.js.map

@@ -1 +1 @@
-{"version":3,"file":"catalog.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/catalog.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,8EAA8E;AAC9E,gGAAgG;AAGhG,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,8EAA8E;AAC9E,MAAM,cAAc,GAAwB;IAC1C;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+EAA+E;QAC5F,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC;QAC5C,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,YAAY;gBACjB,KAAK,EAAE,aAAa;gBACpB,WAAW,EAAE,6DAA6D;gBAC1E,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,GAAG,EAAE,aAAa;gBAClB,KAAK,EAAE,cAAc;gBACrB,WAAW,EAAE,kCAAkC;gBAC/C,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,KAAK;gBACf,YAAY,EAAE,YAAY;aAC3B;SACF;QACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCf;QACG,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;CAwBzB;QACG,gBAAgB,EAAE;;;;;;;;;;CAUrB;KACE;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+DAA+D;QAC5E,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC;QACzC,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,YAAY;gBACjB,KAAK,EAAE,aAAa;gBACpB,WAAW,EAAE,2CAA2C;gBACxD,OAAO,EAAE,SAAS;gBAClB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,GAAG,EAAE,cAAc;gBACnB,KAAK,EAAE,eAAe;gBACtB,WAAW,EAAE,gCAAgC;gBAC7C,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,IAAI;aACf;SACF;QACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCf;QACG,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;CA0BzB;QACG,gBAAgB,EAAE;;;;;;;;;;;CAWrB;KACE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,4EAA4E;QACzF,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC;QAC5C,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,cAAc;gBACnB,KAAK,EAAE,eAAe;gBACtB,WAAW,EAAE,0CAA0C;gBACvD,OAAO,EAAE,cAAc;gBACvB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,GAAG,EAAE,YAAY;gBACjB,KAAK,EAAE,aAAa;gBACpB,WAAW,EAAE,4CAA4C;gBACzD,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,GAAG,EAAE,MAAM;gBACX,KAAK,EAAE,UAAU;gBACjB,WAAW,EAAE,gCAAgC;gBAC7C,OAAO,EAAE,gBAAgB;gBACzB,QAAQ,EAAE,IAAI;aACf;SACF;QACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCf;QACG,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;CAsBzB;QACG,gBAAgB,EAAE;;;;;;;;;;;CAWrB;KACE;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,SAAS;QACf,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,qEAAqE;QAClF,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,YAAY,CAAC;QACzD,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,UAAU;gBACf,KAAK,EAAE,WAAW;gBAClB,WAAW,EAAE,yDAAyD;gBACtE,OAAO,EAAE,cAAc;gBACvB,QAAQ,EAAE,IAAI;aACf;SACF;QACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCf;QACG,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;CAsBzB;QACG,gBAAgB,EAAE;;;;;;;;;;CAUrB;KACE;CACF,CAAC;AAEF,8DAA8D;AAC9D,MAAM,CAAC,MAAM,kBAAkB,GAAwB,CAAC,GAAG,cAAc,EAAE,GAAG,eAAe,CAAC,CAAC"}
+{"version":3,"file":"catalog.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/catalog.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,8EAA8E;AAC9E,+DAA+D;AAG/D,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AACnF,OAAO,EAAE,0BAA0B,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACrF,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,8DAA8D;AAC9D,MAAM,CAAC,MAAM,kBAAkB,GAAwB;IACrD,iBAAiB;IACjB,oBAAoB;IACpB,0BAA0B;IAC1B,gBAAgB;IAChB,GAAG,eAAe;CACnB,CAAC"}

package/dist/engine/spec-templates/templates-api-ui.d.ts

@@ -0,0 +1,6 @@
+import type { SpecTemplateEntry } from '../../types/spec-templates.js';
+/** REST API endpoint spec template. */
+export declare const REST_API_ENDPOINT_TEMPLATE: SpecTemplateEntry;
+/** UI Form spec template. */
+export declare const UI_FORM_TEMPLATE: SpecTemplateEntry;
+//# sourceMappingURL=templates-api-ui.d.ts.map

package/dist/engine/spec-templates/templates-api-ui.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-api-ui.d.ts","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-api-ui.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,uCAAuC;AACvC,eAAO,MAAM,0BAA0B,EAAE,iBAmGxC,CAAC;AAEF,6BAA6B;AAC7B,eAAO,MAAM,gBAAgB,EAAE,iBAkF9B,CAAC"}

package/dist/engine/spec-templates/templates-api-ui.js

@@ -0,0 +1,188 @@
+// engine/spec-templates/templates-api-ui.ts — REST API endpoint + UI form templates.
+// Extracted from catalog.ts to keep file sizes within limits.
+/** REST API endpoint spec template. */
+export const REST_API_ENDPOINT_TEMPLATE = {
+    id: 'rest-api-endpoint',
+    name: 'REST API Endpoint',
+    category: 'api',
+    description: 'A single REST endpoint with validation, error handling, and documentation.',
+    tags: ['api', 'rest', 'endpoint', 'openapi'],
+    variables: [
+        {
+            key: 'EndpointName',
+            label: 'Endpoint name',
+            description: 'Short descriptive name for this endpoint',
+            example: 'Submit Order',
+            required: true,
+        },
+        {
+            key: 'HttpMethod',
+            label: 'HTTP Method',
+            description: 'HTTP method: GET, POST, PUT, PATCH, DELETE',
+            example: 'POST',
+            required: true,
+        },
+        {
+            key: 'Path',
+            label: 'URL path',
+            description: 'The URL path for this endpoint',
+            example: '/orders/submit',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: REST API Endpoint — {{EndpointName}}
+
+## User Story
+As an API consumer, I want a reliable {{HttpMethod}} {{Path}} endpoint so that I can {{EndpointName}} without client-side workarounds.
+
+## Acceptance Criteria
+
+### AC-1: Request validation
+- [ ] Input schema validated at the boundary
+- [ ] Invalid requests return 422 with structured error messages
+- [ ] Content-Type header checked when applicable
+
+### AC-2: Core business logic
+- [ ] {{EndpointName}} logic is encapsulated in a dedicated use-case function
+- [ ] Side effects (emails, notifications, jobs) are isolated and testable
+
+### AC-3: Response contract
+- [ ] Success response follows the API response envelope convention
+- [ ] HTTP status codes match the operation semantics
+- [ ] Response schema is documented (OpenAPI or equivalent)
+
+### AC-4: Error handling
+- [ ] All error paths return structured JSON (not stack traces)
+- [ ] 404 returned for missing resources
+- [ ] 409 returned for conflicts
+- [ ] 500 never leaks internal details
+
+### AC-5: Idempotency (if applicable)
+- [ ] Idempotency key header supported for non-idempotent operations
+- [ ] Duplicate requests handled gracefully
+
+### AC-6: Observability
+- [ ] Endpoint logged with method, path, status, latency
+- [ ] Errors reported to the monitoring system
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: REST API Endpoint — {{EndpointName}}
+
+## Affected Files
+- handlers/{{Path}} (route handler)
+- use-cases/{{EndpointName}} (business logic)
+- validators/{{EndpointName}}-input
+- openapi/paths/{{Path}} (documentation)
+
+## Types / Entities
+- \`{{EndpointName}}Input\`: validated request payload
+- \`{{EndpointName}}Output\`: response body shape
+- \`ApiError\`: code, message, details[]
+
+## Risks
+- Missing idempotency for mutation → duplicate side effects
+- Unbounded response size → add pagination or field projection
+- Missing auth guard → unauthorized access
+
+## Estimation (rough)
+- Dev: 4–8 hours
+- Review: 1–2 hours
+- Difficulty: 2/5
+`,
+    progressTemplate: `# PROGRESS: REST API Endpoint — {{EndpointName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Request validation
+- [ ] AC-2: Core business logic
+- [ ] AC-3: Response contract
+- [ ] AC-4: Error handling
+- [ ] AC-5: Idempotency
+- [ ] AC-6: Observability
+`,
+};
+/** UI Form spec template. */
+export const UI_FORM_TEMPLATE = {
+    id: 'ui-form',
+    name: 'UI Form',
+    category: 'ui',
+    description: 'Interactive form with validation, error display, and accessibility.',
+    tags: ['ui', 'form', 'ux', 'accessibility', 'validation'],
+    variables: [
+        {
+            key: 'FormName',
+            label: 'Form name',
+            description: 'Name of the form (e.g. Registration, Checkout, Contact)',
+            example: 'Registration',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: {{FormName}} Form
+
+## User Story
+As a user, I want to fill out the {{FormName}} form with clear guidance so that I can complete the action without confusion.
+
+## Acceptance Criteria
+
+### AC-1: Field validation
+- [ ] Required fields marked visually
+- [ ] Validation runs on blur and on submit
+- [ ] Error messages appear adjacent to invalid fields
+- [ ] Valid fields show positive feedback
+
+### AC-2: Submit behavior
+- [ ] Form is disabled (loading state) during submission
+- [ ] Success state shown after successful submission
+- [ ] Errors from the API are displayed inline
+
+### AC-3: Accessibility
+- [ ] All inputs have visible labels
+- [ ] Error messages linked via aria-describedby
+- [ ] Form navigable via keyboard (Tab, Enter, Escape)
+- [ ] Screen reader announces validation errors
+
+### AC-4: Responsive design
+- [ ] Form renders correctly on mobile, tablet, and desktop
+- [ ] Touch targets meet minimum size (44×44 px)
+
+### AC-5: Reset and cancel
+- [ ] Reset clears all fields and removes error state
+- [ ] Cancel navigates away without data loss warning if form is pristine
+- [ ] Cancel shows confirmation dialog if form has unsaved changes
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: {{FormName}} Form
+
+## Affected Files
+- components/{{FormName}}Form
+- hooks/use{{FormName}}Form (form state, validation)
+- api/{{FormName}}-client (submission)
+- i18n/{{FormName}}-form.json (strings)
+
+## Types / Entities
+- \`{{FormName}}FormValues\`: all field values
+- \`{{FormName}}FormErrors\`: per-field error messages
+- \`{{FormName}}FormState\`: idle | submitting | success | error
+
+## Risks
+- Missing server-side validation mirror → inconsistent UX
+- Missing loading state → double submissions
+- Missing ARIA attributes → accessibility failures
+
+## Estimation (rough)
+- Dev: 4–10 hours
+- Review: 1–2 hours
+- Difficulty: 2/5
+`,
+    progressTemplate: `# PROGRESS: {{FormName}} Form
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Field validation
+- [ ] AC-2: Submit behavior
+- [ ] AC-3: Accessibility
+- [ ] AC-4: Responsive design
+- [ ] AC-5: Reset and cancel
+`,
+};
+//# sourceMappingURL=templates-api-ui.js.map

package/dist/engine/spec-templates/templates-api-ui.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-api-ui.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-api-ui.ts"],"names":[],"mappings":"AAAA,qFAAqF;AACrF,8DAA8D;AAI9D,uCAAuC;AACvC,MAAM,CAAC,MAAM,0BAA0B,GAAsB;IAC3D,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,mBAAmB;IACzB,QAAQ,EAAE,KAAK;IACf,WAAW,EAAE,4EAA4E;IACzF,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC;IAC5C,SAAS,EAAE;QACT;YACE,GAAG,EAAE,cAAc;YACnB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,0CAA0C;YACvD,OAAO,EAAE,cAAc;YACvB,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,YAAY;YACjB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,4CAA4C;YACzD,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,MAAM;YACX,KAAK,EAAE,UAAU;YACjB,WAAW,EAAE,gCAAgC;YAC7C,OAAO,EAAE,gBAAgB;YACzB,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;CAsBvB;IACC,gBAAgB,EAAE;;;;;;;;;;;CAWnB;CACA,CAAC;AAEF,6BAA6B;AAC7B,MAAM,CAAC,MAAM,gBAAgB,GAAsB;IACjD,EAAE,EAAE,SAAS;IACb,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,qEAAqE;IAClF,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,YAAY,CAAC;IACzD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,WAAW;YAClB,WAAW,EAAE,yDAAyD;YACtE,OAAO,EAAE,cAAc;YACvB,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;CAsBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC"}

package/dist/engine/spec-templates/templates-auth-crud.d.ts

@@ -0,0 +1,6 @@
+import type { SpecTemplateEntry } from '../../types/spec-templates.js';
+/** JWT Authentication spec template. */
+export declare const AUTH_JWT_TEMPLATE: SpecTemplateEntry;
+/** CRUD Entity spec template. */
+export declare const CRUD_ENTITY_TEMPLATE: SpecTemplateEntry;
+//# sourceMappingURL=templates-auth-crud.d.ts.map

package/dist/engine/spec-templates/templates-auth-crud.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-auth-crud.d.ts","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-auth-crud.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,wCAAwC;AACxC,eAAO,MAAM,iBAAiB,EAAE,iBA+F/B,CAAC;AAEF,iCAAiC;AACjC,eAAO,MAAM,oBAAoB,EAAE,iBAgGlC,CAAC"}