@planu/cli 0.28.0 → 0.30.0

package/dist/engine/spec-templates/templates-auth-crud.js

@@ -0,0 +1,225 @@
+// engine/spec-templates/templates-auth-crud.ts — Auth JWT + CRUD entity templates.
+// Extracted from catalog.ts to keep file sizes within limits.
+/** JWT Authentication spec template. */
+export const AUTH_JWT_TEMPLATE = {
+    id: 'auth-jwt',
+    name: 'JWT Authentication',
+    category: 'auth',
+    description: 'User authentication flow with JWT tokens: login, logout, refresh, and guards.',
+    tags: ['auth', 'jwt', 'security', 'session'],
+    complexityScore: 'M',
+    estimationBase: {
+        hoursMin: 16,
+        hoursMax: 32,
+        notes: 'Includes token rotation, rate limiting, and brute-force protection',
+    },
+    criteria: [
+        { id: 'AC-1', title: 'Login endpoint', required: true },
+        { id: 'AC-2', title: 'Protected route guard', required: true },
+        { id: 'AC-3', title: 'Token refresh', required: true },
+        { id: 'AC-4', title: 'Logout', required: false },
+        { id: 'AC-5', title: 'Security requirements', required: true },
+    ],
+    variables: [
+        {
+            key: 'EntityName',
+            label: 'Entity name',
+            description: 'The name of the authenticated entity (User, Admin, Member…)',
+            example: 'User',
+            required: true,
+        },
+        {
+            key: 'TokenExpiry',
+            label: 'Token expiry',
+            description: 'JWT access token expiry duration',
+            example: '15 minutes',
+            required: false,
+            defaultValue: '15 minutes',
+        },
+    ],
+    huTemplate: `# HU: JWT Authentication for {{EntityName}}
+
+## User Story
+As a {{EntityName}}, I want to securely authenticate with JWT tokens so that my session is stateless and protected.
+
+## Acceptance Criteria
+
+### AC-1: Login endpoint
+- [ ] POST /auth/login accepts credentials and returns access + refresh tokens
+- [ ] Access token expires after {{TokenExpiry}}
+- [ ] Refresh token stored server-side and rotated on each use
+- [ ] Failed login returns 401 with no sensitive detail
+
+### AC-2: Protected route guard
+- [ ] Every protected endpoint validates the Bearer token
+- [ ] Expired or invalid tokens return 401
+- [ ] Tampered tokens are rejected and logged
+
+### AC-3: Token refresh
+- [ ] POST /auth/refresh issues new access token given a valid refresh token
+- [ ] Refresh token is single-use (rotation strategy)
+
+### AC-4: Logout
+- [ ] POST /auth/logout invalidates the refresh token server-side
+- [ ] Client-side storage is cleared by the caller
+
+### AC-5: Security requirements
+- [ ] Passwords stored as salted hash (bcrypt or Argon2 equivalent)
+- [ ] HTTPS enforced in production
+- [ ] Rate limiting on /auth/login (max 5 requests/minute per IP)
+- [ ] Brute-force protection with account lockout after N failures
+
+## Out of Scope
+- OAuth2 / SSO providers (create separate spec)
+- Multi-factor authentication (create separate spec)
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: JWT Authentication for {{EntityName}}
+
+## Affected Files
+- auth/login handler
+- auth/refresh handler
+- auth/logout handler
+- auth/middleware (token guard)
+- storage/token-store (refresh token persistence)
+- config/auth-config (token secrets, expiry settings)
+
+## Types / Entities
+- \`{{EntityName}}\`: id, email, passwordHash, createdAt
+- \`AuthTokenPair\`: accessToken, refreshToken, expiresIn
+- \`RefreshTokenRecord\`: token, entityId, expiresAt, usedAt
+
+## Risks
+- Token secret exposure → rotate secrets without downtime (risk: high)
+- Refresh token replay attack → single-use rotation required
+- Brute force on login → rate limiting + lockout required
+
+## Estimation (rough)
+- Dev: 8–16 hours
+- Review: 2–4 hours
+- Difficulty: 3/5
+`,
+    progressTemplate: `# PROGRESS: JWT Authentication for {{EntityName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Login endpoint
+- [ ] AC-2: Protected route guard
+- [ ] AC-3: Token refresh
+- [ ] AC-4: Logout
+- [ ] AC-5: Security requirements
+`,
+};
+/** CRUD Entity spec template. */
+export const CRUD_ENTITY_TEMPLATE = {
+    id: 'crud-entity',
+    name: 'CRUD Entity',
+    category: 'crud',
+    description: 'Full Create/Read/Update/Delete lifecycle for any data entity.',
+    tags: ['crud', 'rest', 'api', 'database'],
+    complexityScore: 'S',
+    estimationBase: {
+        hoursMin: 6,
+        hoursMax: 12,
+        notes: 'Standard CRUD with validation and soft delete',
+    },
+    criteria: [
+        { id: 'AC-1', title: 'Create entity', required: true },
+        { id: 'AC-2', title: 'List entities', required: true },
+        { id: 'AC-3', title: 'Get single entity', required: true },
+        { id: 'AC-4', title: 'Update entity', required: true },
+        { id: 'AC-5', title: 'Delete entity', required: true },
+        { id: 'AC-6', title: 'Validation', required: true },
+    ],
+    variables: [
+        {
+            key: 'EntityName',
+            label: 'Entity name',
+            description: 'Name of the entity (singular, PascalCase)',
+            example: 'Product',
+            required: true,
+        },
+        {
+            key: 'EntityPlural',
+            label: 'Entity plural',
+            description: 'Plural form of the entity name',
+            example: 'Products',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: CRUD for {{EntityName}}
+
+## User Story
+As a user, I want to create, view, update and delete {{EntityPlural}} so that I can manage them effectively.
+
+## Acceptance Criteria
+
+### AC-1: Create {{EntityName}}
+- [ ] POST /{{EntityPlural}} accepts valid payload and persists the entity
+- [ ] Duplicate detection where applicable
+- [ ] Returns the created entity with generated ID and timestamps
+
+### AC-2: List {{EntityPlural}}
+- [ ] GET /{{EntityPlural}} returns paginated list
+- [ ] Supports filtering and sorting by key fields
+- [ ] Empty list returns 200 with empty array (not 404)
+
+### AC-3: Get single {{EntityName}}
+- [ ] GET /{{EntityPlural}}/:id returns the entity or 404
+- [ ] Soft-deleted entities return 404
+
+### AC-4: Update {{EntityName}}
+- [ ] PATCH /{{EntityPlural}}/:id applies partial update
+- [ ] PUT /{{EntityPlural}}/:id replaces the full entity
+- [ ] Returns updated entity on success
+
+### AC-5: Delete {{EntityName}}
+- [ ] DELETE /{{EntityPlural}}/:id performs soft delete by default
+- [ ] Hard delete available as a privileged action
+- [ ] Returns 204 No Content on success
+
+### AC-6: Validation
+- [ ] All inputs validated at the API boundary
+- [ ] Invalid fields return 422 with per-field error messages
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: CRUD for {{EntityName}}
+
+## Affected Files
+- handlers/{{EntityPlural}}/create
+- handlers/{{EntityPlural}}/list
+- handlers/{{EntityPlural}}/get
+- handlers/{{EntityPlural}}/update
+- handlers/{{EntityPlural}}/delete
+- storage/{{EntityPlural}}-repository
+- types/{{EntityName}}
+
+## Types / Entities
+- \`{{EntityName}}\`: id, createdAt, updatedAt, deletedAt (nullable)
+- \`Create{{EntityName}}Input\`: entity fields (validated)
+- \`Update{{EntityName}}Input\`: partial entity fields
+- \`List{{EntityPlural}}Query\`: page, limit, sortBy, order, filters
+
+## Risks
+- Missing soft-delete → data loss risk
+- Unbounded list without pagination → performance risk
+- Missing input validation → injection risk
+
+## Estimation (rough)
+- Dev: 6–12 hours
+- Review: 1–3 hours
+- Difficulty: 2/5
+`,
+    progressTemplate: `# PROGRESS: CRUD for {{EntityName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Create {{EntityName}}
+- [ ] AC-2: List {{EntityPlural}}
+- [ ] AC-3: Get single {{EntityName}}
+- [ ] AC-4: Update {{EntityName}}
+- [ ] AC-5: Delete {{EntityName}}
+- [ ] AC-6: Validation
+`,
+};
+//# sourceMappingURL=templates-auth-crud.js.map

package/dist/engine/spec-templates/templates-auth-crud.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-auth-crud.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-auth-crud.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,8DAA8D;AAI9D,wCAAwC;AACxC,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,oBAAoB;IAC1B,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,+EAA+E;IAC5F,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC;IAC5C,eAAe,EAAE,GAAG;IACpB,cAAc,EAAE;QACd,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE,oEAAoE;KAC5E;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE;QACvD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC9D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;QACtD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE;QAChD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE;KAC/D;IACD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,YAAY;YACjB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,6DAA6D;YAC1E,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,aAAa;YAClB,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,kCAAkC;YAC/C,OAAO,EAAE,YAAY;YACrB,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE,YAAY;SAC3B;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;CAwBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC;AAEF,iCAAiC;AACjC,MAAM,CAAC,MAAM,oBAAoB,GAAsB;IACrD,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,aAAa;IACnB,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,+DAA+D;IAC5E,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC;IACzC,eAAe,EAAE,GAAG;IACpB,cAAc,EAAE;QACd,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE,+CAA+C;KACvD;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;QACtD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;QACtD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC1D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;QACtD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;QACtD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE;KACpD;IACD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,YAAY;YACjB,KAAK,EAAE,aAAa;YACpB,WAAW,EAAE,2CAA2C;YACxD,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,cAAc;YACnB,KAAK,EAAE,eAAe;YACtB,WAAW,EAAE,gCAAgC;YAC7C,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;CA0BvB;IACC,gBAAgB,EAAE;;;;;;;;;;;CAWnB;CACA,CAAC"}

package/dist/engine/spec-templates/templates-data-security.d.ts

@@ -0,0 +1,6 @@
+import type { SpecTemplateEntry } from '../../types/spec-templates.js';
+/** Data migration spec template. */
+export declare const DATA_MIGRATION_TEMPLATE: SpecTemplateEntry;
+/** Security feature spec template. */
+export declare const SECURITY_FEATURE_TEMPLATE: SpecTemplateEntry;
+//# sourceMappingURL=templates-data-security.d.ts.map

package/dist/engine/spec-templates/templates-data-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-data-security.d.ts","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-data-security.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,oCAAoC;AACpC,eAAO,MAAM,uBAAuB,EAAE,iBA2FrC,CAAC;AAEF,sCAAsC;AACtC,eAAO,MAAM,yBAAyB,EAAE,iBAoGvC,CAAC"}

package/dist/engine/spec-templates/templates-data-security.js

@@ -0,0 +1,198 @@
+// engine/spec-templates/templates-data-security.ts — Data migration + security feature templates.
+// Extracted from catalog-extra.ts to keep file sizes within limits.
+/** Data migration spec template. */
+export const DATA_MIGRATION_TEMPLATE = {
+    id: 'data-migration',
+    name: 'Data Migration',
+    category: 'data',
+    description: 'Safe, reversible database or data migration with rollback support.',
+    tags: ['migration', 'database', 'schema', 'data'],
+    complexityScore: 'M',
+    estimationBase: {
+        hoursMin: 16,
+        hoursMax: 40,
+        notes: 'Includes rollback strategy and zero-downtime approach',
+    },
+    criteria: [
+        { id: 'AC-1', title: 'Migration script', required: true },
+        { id: 'AC-2', title: 'Data safety', required: true },
+        { id: 'AC-3', title: 'Zero-downtime strategy', required: false },
+        { id: 'AC-4', title: 'Rollback', required: true },
+        { id: 'AC-5', title: 'Observability', required: false },
+    ],
+    variables: [
+        {
+            key: 'MigrationName',
+            label: 'Migration name',
+            description: 'Short descriptive name for this migration',
+            example: 'Add email_verified column to users',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: Data Migration — {{MigrationName}}
+
+## User Story
+As a developer, I want to apply the migration "{{MigrationName}}" safely so that production data is not at risk.
+
+## Acceptance Criteria
+
+### AC-1: Migration script
+- [ ] Migration has an "up" (apply) and "down" (rollback) operation
+- [ ] Script is idempotent (safe to run multiple times)
+- [ ] Each step is transactional where supported by the database
+
+### AC-2: Data safety
+- [ ] Pre-migration backup documented in runbook
+- [ ] No destructive operation without a confirmed backup
+- [ ] Migration tested on a staging copy of production data
+
+### AC-3: Zero-downtime strategy
+- [ ] Migration can be applied while the application is running
+- [ ] Backward-compatible schema changes first (expand), then cleanup (contract)
+- [ ] Feature flag used if application code needs to switch behavior
+
+### AC-4: Rollback
+- [ ] Rollback procedure documented and tested
+- [ ] Rollback does not cause data loss
+- [ ] Time to rollback < 15 minutes
+
+### AC-5: Observability
+- [ ] Migration duration logged
+- [ ] Row counts before/after logged for verification
+- [ ] Anomalies (unexpected row counts) trigger alerts
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: Data Migration — {{MigrationName}}
+
+## Affected Files
+- migrations/{{MigrationName}}/up
+- migrations/{{MigrationName}}/down
+- runbooks/{{MigrationName}}-rollback
+
+## Types / Entities
+- Migration metadata: id, name, appliedAt, duration, rolledBack
+
+## Risks
+- Data loss on rollback → mandatory backup before apply
+- Long-running migration → table locks in production
+- Missing idempotency → partial application leaves DB in bad state
+
+## Estimation (rough)
+- Dev: 4–12 hours
+- Review: 2–4 hours
+- Difficulty: 3/5
+`,
+    progressTemplate: `# PROGRESS: Data Migration — {{MigrationName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Migration script
+- [ ] AC-2: Data safety
+- [ ] AC-3: Zero-downtime strategy
+- [ ] AC-4: Rollback
+- [ ] AC-5: Observability
+`,
+};
+/** Security feature spec template. */
+export const SECURITY_FEATURE_TEMPLATE = {
+    id: 'security-feature',
+    name: 'Security Feature',
+    category: 'security',
+    description: 'Security hardening: rate limiting, input sanitization, audit logging, etc.',
+    tags: ['security', 'hardening', 'audit', 'rate-limiting'],
+    complexityScore: 'M',
+    estimationBase: {
+        hoursMin: 16,
+        hoursMax: 32,
+        notes: 'Includes penetration test checklist and monitoring setup',
+    },
+    criteria: [
+        { id: 'AC-1', title: 'Implementation', required: true },
+        { id: 'AC-2', title: 'Bypass prevention', required: true },
+        { id: 'AC-3', title: 'Observability', required: false },
+        { id: 'AC-4', title: 'Testing', required: true },
+        { id: 'AC-5', title: 'Documentation', required: false },
+    ],
+    variables: [
+        {
+            key: 'FeatureName',
+            label: 'Security feature name',
+            description: 'Name of the security feature being implemented',
+            example: 'Rate Limiting',
+            required: true,
+        },
+        {
+            key: 'ProtectedResource',
+            label: 'Protected resource or area',
+            description: 'What is being protected by this feature',
+            example: 'authentication endpoints',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: Security Feature — {{FeatureName}}
+
+## User Story
+As a security engineer, I want {{FeatureName}} applied to {{ProtectedResource}} so that attack vectors are reduced.
+
+## Acceptance Criteria
+
+### AC-1: Implementation
+- [ ] {{FeatureName}} implemented at the correct layer (edge, gateway, application)
+- [ ] Configuration externalized (not hardcoded)
+- [ ] Enabled in production, configurable in development
+
+### AC-2: Bypass prevention
+- [ ] Cannot be bypassed by manipulating headers or query parameters
+- [ ] Handles IPv4, IPv6, and forwarded IP headers correctly
+- [ ] Works behind reverse proxies and CDNs
+
+### AC-3: Observability
+- [ ] Blocked/throttled requests logged with reason
+- [ ] Metrics exported: blocked count, block rate, top blocked IPs
+- [ ] Alert triggers when block rate exceeds threshold
+
+### AC-4: Testing
+- [ ] Unit tests cover allowed and blocked cases
+- [ ] Integration tests simulate attack patterns
+- [ ] Penetration test checklist updated
+
+### AC-5: Documentation
+- [ ] Security runbook updated with new feature
+- [ ] Limits and thresholds documented with rationale
+- [ ] On-call playbook updated for incident response
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: Security Feature — {{FeatureName}}
+
+## Affected Files
+- middleware/{{FeatureName}}
+- config/security-config
+- monitoring/security-alerts
+- runbooks/security-incident
+
+## Types / Entities
+- \`{{FeatureName}}Config\`: thresholds, enabled, dryRun
+- \`SecurityEvent\`: type, resource, ip, timestamp, blocked
+
+## Risks
+- False positives blocking legitimate users → dry-run mode first
+- Missing coverage for all entry points → security audit required
+- Misconfiguration under proxy → test in staging with proxy enabled
+
+## Estimation (rough)
+- Dev: 4–12 hours
+- Review: 2–4 hours
+- Difficulty: 3/5
+`,
+    progressTemplate: `# PROGRESS: Security Feature — {{FeatureName}}
+
+## Status: draft
+
+## Criteria
+- [ ] AC-1: Implementation
+- [ ] AC-2: Bypass prevention
+- [ ] AC-3: Observability
+- [ ] AC-4: Testing
+- [ ] AC-5: Documentation
+`,
+};
+//# sourceMappingURL=templates-data-security.js.map

package/dist/engine/spec-templates/templates-data-security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-data-security.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-data-security.ts"],"names":[],"mappings":"AAAA,kGAAkG;AAClG,oEAAoE;AAIpE,oCAAoC;AACpC,MAAM,CAAC,MAAM,uBAAuB,GAAsB;IACxD,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,oEAAoE;IACjF,IAAI,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC;IACjD,eAAe,EAAE,GAAG;IACpB,cAAc,EAAE;QACd,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE,uDAAuD;KAC/D;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,IAAI,EAAE;QACzD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE;QACpD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,KAAK,EAAE;QAChE,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE;QACjD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE;KACxD;IACD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,eAAe;YACpB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,2CAA2C;YACxD,OAAO,EAAE,oCAAoC;YAC7C,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+Bb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;CAmBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC;AAEF,sCAAsC;AACtC,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,kBAAkB;IACxB,QAAQ,EAAE,UAAU;IACpB,WAAW,EAAE,4EAA4E;IACzF,IAAI,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,eAAe,CAAC;IACzD,eAAe,EAAE,GAAG;IACpB,cAAc,EAAE;QACd,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE,0DAA0D;KAClE;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE;QACvD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC1D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE;QACvD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;QAChD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE;KACxD;IACD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,aAAa;YAClB,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,IAAI;SACf;QACD;YACE,GAAG,EAAE,mBAAmB;YACxB,KAAK,EAAE,4BAA4B;YACnC,WAAW,EAAE,yCAAyC;YACtD,OAAO,EAAE,0BAA0B;YACnC,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+Bb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;CAqBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC"}

package/dist/engine/spec-templates/templates-industry-ecom.d.ts

@@ -0,0 +1,6 @@
+import type { SpecTemplateEntry } from '../../types/spec-templates.js';
+/** E-commerce cart and checkout template. */
+export declare const ECOMMERCE_CART_CHECKOUT_TEMPLATE: SpecTemplateEntry;
+/** E-commerce inventory template. */
+export declare const ECOMMERCE_INVENTORY_TEMPLATE: SpecTemplateEntry;
+//# sourceMappingURL=templates-industry-ecom.d.ts.map

package/dist/engine/spec-templates/templates-industry-ecom.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-industry-ecom.d.ts","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-industry-ecom.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,6CAA6C;AAC7C,eAAO,MAAM,gCAAgC,EAAE,iBAyG9C,CAAC;AAEF,qCAAqC;AACrC,eAAO,MAAM,4BAA4B,EAAE,iBAiG1C,CAAC"}

package/dist/engine/spec-templates/templates-industry-ecom.js

@@ -0,0 +1,209 @@
+// engine/spec-templates/templates-industry-ecom.ts — E-commerce industry templates.
+// AC-04: Templates by industry — e-commerce vertical (split from health-ecom).
+/** E-commerce cart and checkout template. */
+export const ECOMMERCE_CART_CHECKOUT_TEMPLATE = {
+    id: 'ecommerce-cart-checkout',
+    name: 'Carrito y proceso de compra',
+    category: 'industry',
+    subcategory: 'ecommerce',
+    description: 'Carrito de compras con cupones, calculo de impuestos y proceso de checkout.',
+    tags: ['ecommerce', 'cart', 'checkout', 'payments', 'coupons'],
+    complexityScore: 'L',
+    estimationBase: {
+        hoursMin: 40,
+        hoursMax: 80,
+        notes: 'Incluye cupones, impuestos y multiples metodos de pago',
+    },
+    criteria: [
+        { id: 'AC-1', title: 'Gestion del carrito', required: true },
+        { id: 'AC-2', title: 'Cupones y descuentos', required: false },
+        { id: 'AC-3', title: 'Calculo de impuestos', required: true },
+        { id: 'AC-4', title: 'Proceso de checkout', required: true },
+        { id: 'AC-5', title: 'Confirmacion de compra', required: true },
+        { id: 'AC-6', title: 'Recuperacion de carrito', required: false },
+    ],
+    variables: [
+        {
+            key: 'StoreName',
+            label: 'Nombre de la tienda',
+            description: 'Nombre del e-commerce',
+            example: 'MiTienda',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: Carrito y Checkout — {{StoreName}}
+
+## Historia de Usuario
+Como comprador de {{StoreName}}, quiero agregar productos al carrito y completar la compra de forma fluida y segura.
+
+## Criterios de Aceptacion
+
+### AC-1: Gestion del carrito
+- [ ] Se pueden agregar, actualizar cantidad y eliminar productos del carrito
+- [ ] El carrito persiste entre sesiones (usuario autenticado) o en almacenamiento local (anonimo)
+- [ ] Se muestra subtotal actualizado en tiempo real
+- [ ] Los productos sin stock se marcan automaticamente
+
+### AC-2: Cupones y descuentos
+- [ ] Se puede aplicar un codigo de cupon al carrito
+- [ ] Los cupones validan vigencia, condiciones minimas y uso unico si aplica
+- [ ] El descuento se refleja en el resumen antes de confirmar
+
+### AC-3: Calculo de impuestos
+- [ ] Los impuestos se calculan segun la direccion de envio
+- [ ] El desglose de impuestos se muestra transparentemente
+- [ ] Las reglas de impuestos son configurables por region
+
+### AC-4: Proceso de checkout
+- [ ] El checkout recopila direccion de envio, metodo de pago y datos de facturacion
+- [ ] Se valida toda la informacion antes de procesar el pago
+- [ ] El proceso es resistente a fallos parciales (no se cobra sin confirmar pedido)
+
+### AC-5: Confirmacion de compra
+- [ ] Se muestra resumen de pedido con numero de orden
+- [ ] Se envia confirmacion por email con detalles del pedido
+- [ ] El inventario se actualiza al confirmar la compra
+
+### AC-6: Recuperacion de carrito
+- [ ] Se envia recordatorio de carrito abandonado despues de N horas
+- [ ] El enlace de recuperacion restaura el carrito con los productos originales
+- [ ] Los productos no disponibles se indican al recuperar
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: Carrito y Checkout — {{StoreName}}
+
+## Archivos Afectados
+- cart/management
+- cart/coupons
+- checkout/tax-calculator
+- checkout/payment-processor
+- checkout/confirmation
+- notifications/cart-recovery
+
+## Tipos / Entidades
+- \`Cart\`: id, userId, items[], couponCode, subtotal, tax, total
+- \`CartItem\`: productId, quantity, unitPrice
+- \`Order\`: id, cartId, status, paymentId, shippingAddress, createdAt
+
+## Riesgos
+- Doble cobro → idempotencia en procesamiento de pago
+- Precio desactualizado en carrito → revalidar precios en checkout
+- Carrito inconsistente → recalcular totales en cada operacion
+
+## Estimacion
+- Dev: 40–80 horas
+- Review: 8–16 horas
+- Dificultad: 4/5
+`,
+    progressTemplate: `# PROGRESS: Carrito y Checkout — {{StoreName}}
+
+## Estado: borrador
+
+## Criterios
+- [ ] AC-1: Gestion del carrito
+- [ ] AC-2: Cupones y descuentos
+- [ ] AC-3: Calculo de impuestos
+- [ ] AC-4: Proceso de checkout
+- [ ] AC-5: Confirmacion de compra
+- [ ] AC-6: Recuperacion de carrito
+`,
+};
+/** E-commerce inventory template. */
+export const ECOMMERCE_INVENTORY_TEMPLATE = {
+    id: 'ecommerce-inventory',
+    name: 'Gestion de inventario',
+    category: 'industry',
+    subcategory: 'ecommerce',
+    description: 'Control de stock, alertas de inventario bajo y variantes de producto.',
+    tags: ['ecommerce', 'inventory', 'stock', 'products', 'variants'],
+    complexityScore: 'M',
+    estimationBase: {
+        hoursMin: 24,
+        hoursMax: 48,
+        notes: 'Incluye variantes de producto y alertas de stock',
+    },
+    criteria: [
+        { id: 'AC-1', title: 'Control de stock', required: true },
+        { id: 'AC-2', title: 'Alertas de inventario', required: true },
+        { id: 'AC-3', title: 'Variantes de producto', required: true },
+        { id: 'AC-4', title: 'Movimientos de inventario', required: true },
+        { id: 'AC-5', title: 'Reportes', required: false },
+    ],
+    variables: [
+        {
+            key: 'StoreName',
+            label: 'Nombre de la tienda',
+            description: 'Nombre del e-commerce',
+            example: 'MiTienda',
+            required: true,
+        },
+    ],
+    huTemplate: `# HU: Inventario — {{StoreName}}
+
+## Historia de Usuario
+Como administrador de {{StoreName}}, quiero gestionar el inventario de productos para mantener el stock actualizado y recibir alertas cuando este bajo.
+
+## Criterios de Aceptacion
+
+### AC-1: Control de stock
+- [ ] Cada producto/variante tiene una cantidad en stock
+- [ ] El stock se decrementa automaticamente al confirmar una venta
+- [ ] Los productos sin stock no pueden agregarse al carrito
+- [ ] Se soporta stock por ubicacion/almacen (multi-warehouse)
+
+### AC-2: Alertas de inventario
+- [ ] Se generan alertas cuando el stock cae bajo el umbral configurado
+- [ ] Las alertas son configurables por producto o categoria
+- [ ] Se notifica por email y/o dashboard
+
+### AC-3: Variantes de producto
+- [ ] Cada producto puede tener variantes (talla, color, etc.)
+- [ ] Cada variante tiene su propio stock independiente
+- [ ] Las variantes comparten la ficha de producto base
+
+### AC-4: Movimientos de inventario
+- [ ] Todo cambio de stock se registra como movimiento (entrada, salida, ajuste)
+- [ ] Cada movimiento incluye razon, cantidad y actor
+- [ ] El historial de movimientos es consultable por producto y periodo
+
+### AC-5: Reportes
+- [ ] Reporte de productos con stock bajo
+- [ ] Reporte de movimientos por periodo
+- [ ] Exportable en CSV o equivalente
+`,
+    fichaTecnicaTemplate: `# FICHA TÉCNICA: Inventario — {{StoreName}}
+
+## Archivos Afectados
+- inventory/stock-manager
+- inventory/alerts
+- inventory/variants
+- inventory/movements
+- inventory/reports
+
+## Tipos / Entidades
+- \`Product\`: id, name, variants[], category
+- \`Variant\`: id, productId, attributes, stock, sku
+- \`StockMovement\`: variantId, type, quantity, reason, actor, timestamp
+
+## Riesgos
+- Sobreventa → reserva de stock al agregar al carrito con TTL
+- Inconsistencia en stock multi-almacen → transacciones atomicas
+- Alertas no enviadas → cola de notificaciones con reintentos
+
+## Estimacion
+- Dev: 24–48 horas
+- Review: 4–8 horas
+- Dificultad: 3/5
+`,
+    progressTemplate: `# PROGRESS: Inventario — {{StoreName}}
+
+## Estado: borrador
+
+## Criterios
+- [ ] AC-1: Control de stock
+- [ ] AC-2: Alertas de inventario
+- [ ] AC-3: Variantes de producto
+- [ ] AC-4: Movimientos de inventario
+- [ ] AC-5: Reportes
+`,
+};
+//# sourceMappingURL=templates-industry-ecom.js.map

package/dist/engine/spec-templates/templates-industry-ecom.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-industry-ecom.js","sourceRoot":"","sources":["../../../src/engine/spec-templates/templates-industry-ecom.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,+EAA+E;AAI/E,6CAA6C;AAC7C,MAAM,CAAC,MAAM,gCAAgC,GAAsB;IACjE,EAAE,EAAE,yBAAyB;IAC7B,IAAI,EAAE,6BAA6B;IACnC,QAAQ,EAAE,UAAU;IACpB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,6EAA6E;IAC1F,IAAI,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC;IAC9D,eAAe,EAAE,GAAG;IACpB,cAAc,EAAE;QACd,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE,wDAAwD;KAChE;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC5D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,KAAK,EAAE;QAC9D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC7D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC5D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC/D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAAK,EAAE;KAClE;IACD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,WAAW;YAChB,KAAK,EAAE,qBAAqB;YAC5B,WAAW,EAAE,uBAAuB;YACpC,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;CAwBvB;IACC,gBAAgB,EAAE;;;;;;;;;;;CAWnB;CACA,CAAC;AAEF,qCAAqC;AACrC,MAAM,CAAC,MAAM,4BAA4B,GAAsB;IAC7D,EAAE,EAAE,qBAAqB;IACzB,IAAI,EAAE,uBAAuB;IAC7B,QAAQ,EAAE,UAAU;IACpB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,uEAAuE;IACpF,IAAI,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,CAAC;IACjE,eAAe,EAAE,GAAG;IACpB,cAAc,EAAE;QACd,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE,kDAAkD;KAC1D;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,IAAI,EAAE;QACzD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC9D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC9D,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,IAAI,EAAE;QAClE,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE;KACnD;IACD,SAAS,EAAE;QACT;YACE,GAAG,EAAE,WAAW;YAChB,KAAK,EAAE,qBAAqB;YAC5B,WAAW,EAAE,uBAAuB;YACpC,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,IAAI;SACf;KACF;IACD,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCb;IACC,oBAAoB,EAAE;;;;;;;;;;;;;;;;;;;;;;;CAuBvB;IACC,gBAAgB,EAAE;;;;;;;;;;CAUnB;CACA,CAAC"}

package/dist/engine/spec-templates/templates-industry-fintech.d.ts

@@ -0,0 +1,8 @@
+import type { SpecTemplateEntry } from '../../types/spec-templates.js';
+/** Fintech KYC verification template. */
+export declare const FINTECH_KYC_TEMPLATE: SpecTemplateEntry;
+/** Fintech transactions template. */
+export declare const FINTECH_TRANSACTIONS_TEMPLATE: SpecTemplateEntry;
+/** Fintech compliance template. */
+export declare const FINTECH_COMPLIANCE_TEMPLATE: SpecTemplateEntry;
+//# sourceMappingURL=templates-industry-fintech.d.ts.map