@planu/cli 0.80.1 → 0.81.1

package/dist/cli/commands/create.js.map

@@ -1 +1 @@
-{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../src/cli/commands/create.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAE5E,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAE1C,MAAM,CAAC,MAAM,aAAa,GAAe;IACvC,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,mBAAmB;IAChC,KAAK,EAAE,wEAAwE;IAE/E,KAAK,CAAC,GAAG,CAAC,IAAc,EAAE,KAAmB;QAC3C,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC;YACxC,IAAI;YACJ,OAAO,EAAE;gBACP,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACpC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBAC3C,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACpC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aAC5B;YACD,MAAM,EAAE,KAAK;YACb,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,+BAA+B,aAAa,CAAC,KAAK,IAAI,CAAC,CAAC;YAC7F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAE,MAAM,CAAC,IAA2B,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAClF,MAAM,WAAW,GAAI,MAAM,CAAC,WAAkC,IAAI,KAAK,CAAC;QAExE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;YACpC,KAAK;YACL,WAAW;YACX,WAAW;YACX,IAAI,EAAE,MAAM,CAAC,IAAkD;YAC/D,KAAK,EAAE,MAAM,CAAC,KAAoD;YAClE,MAAM,EAAE,MAAM,CAAC,MAAsD;YACrE,OAAO,EAAG,MAAM,CAAC,OAA8B,IAAI,SAAS;SAC7D,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,KAAK,EAAE,CAAC;YACjB,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,eAAe,CAAC,IAAI,MAAM,IAAI,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;CACF,CAAC"}
+{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../src/cli/commands/create.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAE5E,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAE1C,MAAM,CAAC,MAAM,aAAa,GAAe;IACvC,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,mBAAmB;IAChC,KAAK,EAAE,wEAAwE;IAE/E,KAAK,CAAC,GAAG,CAAC,IAAc,EAAE,KAAmB;QAC3C,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC;YACxC,IAAI;YACJ,OAAO,EAAE;gBACP,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACpC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBAC3C,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACpC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aAC5B;YACD,MAAM,EAAE,KAAK;YACb,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,+BAA+B,aAAa,CAAC,KAAK,IAAI,CAAC,CAAC;YAC7F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAE,MAAM,CAAC,IAA2B,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAClF,MAAM,WAAW,GAAI,MAAM,CAAC,WAAkC,IAAI,KAAK,CAAC;QAExE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;YACpC,KAAK;YACL,WAAW;YACX,WAAW;YACX,IAAI,EAAE,MAAM,CAAC,IAA4B;YACzC,KAAK,EAAE,MAAM,CAAC,KAA8B;YAC5C,MAAM,EAAE,MAAM,CAAC,MAAgC;YAC/C,OAAO,EAAG,MAAM,CAAC,OAA8B,IAAI,SAAS;SAC7D,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,KAAK,EAAE,CAAC;YACjB,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,eAAe,CAAC,IAAI,MAAM,IAAI,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/cli/commands/list.js.map

@@ -1 +1 @@
-{"version":3,"file":"list.js","sourceRoot":"","sources":["../../../src/cli/commands/list.ts"],"names":[],"mappings":"AAAA,mEAAmE;AAEnE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,MAAM,CAAC,MAAM,WAAW,GAAe;IACrC,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,mCAAmC;IAChD,KAAK,EAAE,gEAAgE;IAEvE,KAAK,CAAC,GAAG,CAAC,IAAc,EAAE,KAAmB;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;YAC3B,IAAI;YACJ,OAAO,EAAE;gBACP,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACtC,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACpC,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aACjC;YACD,MAAM,EAAE,KAAK;YACb,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAI,MAAM,CAAC,YAAY,CAAwB,IAAI,eAAe,EAAE,CAAC;QAEpF,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC;YACnC,SAAS;YACT,MAAM,EAAE,MAAM,CAAC,MAAsD;YACrE,IAAI,EAAE,MAAM,CAAC,IAAkD;SAChE,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;CACF,CAAC"}
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../../src/cli/commands/list.ts"],"names":[],"mappings":"AAAA,mEAAmE;AAEnE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,MAAM,CAAC,MAAM,WAAW,GAAe;IACrC,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,mCAAmC;IAChD,KAAK,EAAE,gEAAgE;IAEvE,KAAK,CAAC,GAAG,CAAC,IAAc,EAAE,KAAmB;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;YAC3B,IAAI;YACJ,OAAO,EAAE;gBACP,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACtC,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBACpC,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aACjC;YACD,MAAM,EAAE,KAAK;YACb,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAI,MAAM,CAAC,YAAY,CAAwB,IAAI,eAAe,EAAE,CAAC;QAEpF,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC;YACnC,SAAS;YACT,MAAM,EAAE,MAAM,CAAC,MAAgC;YAC/C,IAAI,EAAE,MAAM,CAAC,IAA4B;SAC1C,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/config/ac-gap-keywords.json

@@ -0,0 +1,144 @@
+[
+  {
+    "id": "error-handling",
+    "domain": "error-handling",
+    "language": "en",
+    "keywords": [
+      "error",
+      "fail",
+      "invalid",
+      "exception",
+      "reject",
+      "4xx",
+      "5xx",
+      "not found",
+      "404",
+      "500",
+      "timeout",
+      "unavailable",
+      "catch",
+      "handling"
+    ]
+  },
+  {
+    "id": "security",
+    "domain": "security",
+    "language": "en",
+    "keywords": [
+      "auth",
+      "permission",
+      "role",
+      "unauthorized",
+      "forbidden",
+      "jwt",
+      "token",
+      "csrf",
+      "xss",
+      "inject",
+      "sanitize",
+      "rate limit",
+      "throttle",
+      "secure",
+      "encrypt",
+      "https"
+    ]
+  },
+  {
+    "id": "performance",
+    "domain": "performance",
+    "language": "en",
+    "keywords": [
+      "performance",
+      "latency",
+      "response time",
+      "load",
+      "concurrent",
+      "throughput",
+      "cache",
+      "slow",
+      "fast",
+      "benchmark",
+      "sla",
+      "p95",
+      "p99"
+    ]
+  },
+  {
+    "id": "accessibility",
+    "domain": "accessibility",
+    "language": "en",
+    "keywords": ["accessibility", "a11y", "wcag", "aria", "screen reader", "keyboard", "focus", "contrast", "alt text"]
+  },
+  {
+    "id": "data-validation",
+    "domain": "data-validation",
+    "language": "en",
+    "keywords": [
+      "validate",
+      "validation",
+      "required field",
+      "max length",
+      "min length",
+      "format",
+      "schema",
+      "constraint",
+      "sanitize",
+      "input",
+      "boundary"
+    ]
+  },
+  {
+    "id": "observability",
+    "domain": "observability",
+    "language": "en",
+    "keywords": ["log", "metric", "trace", "monitor", "alert", "audit", "observability", "telemetry", "event"]
+  },
+  {
+    "id": "edge-cases",
+    "domain": "edge-cases",
+    "language": "en",
+    "keywords": [
+      "edge",
+      "empty",
+      "null",
+      "boundary",
+      "concurrent",
+      "race condition",
+      "duplicate",
+      "overflow",
+      "underflow",
+      "missing",
+      "optional"
+    ]
+  },
+  {
+    "id": "rollback",
+    "domain": "rollback",
+    "language": "en",
+    "keywords": ["rollback", "undo", "revert", "restore", "migration", "transaction", "atomic", "idempotent"]
+  },
+  {
+    "id": "web-ui",
+    "domain": "web-ui",
+    "language": "en",
+    "keywords": [
+      "ui",
+      "frontend",
+      "form",
+      "page",
+      "view",
+      "component",
+      "modal",
+      "button",
+      "screen",
+      "layout",
+      "render",
+      "display",
+      "react",
+      "vue",
+      "angular",
+      "html",
+      "css"
+    ]
+  }
+]

package/dist/config/challenge-scenarios.json

@@ -0,0 +1,114 @@
+[
+  {
+    "id": "data-partial-write",
+    "category": "data-consistency",
+    "triggerKeywords": ["transaction", "update", "create", "modify", "save"],
+    "scenario": "Partial write: server crashes mid-transaction",
+    "probability": "low",
+    "impact": "critical",
+    "handlingKeywords": ["transaction", "atomic", "rollback"],
+    "handlingFound": "Transactions mentioned",
+    "handlingMissing": "Not addressed",
+    "requiredHandling": "Wrap multi-step writes in database transactions. Implement saga pattern for distributed operations.",
+    "dataConsistency": "ACID properties must be maintained. No orphaned records.",
+    "userExperience": "Transparent: user sees either success or clean failure with clear error message."
+  },
+  {
+    "id": "data-stale-cache",
+    "category": "data-consistency",
+    "triggerKeywords": ["cache", "real-time", "concurrent"],
+    "scenario": "Stale data served from cache after underlying data changes",
+    "probability": "high",
+    "impact": "medium",
+    "handlingKeywords": ["invalidat", "ttl", "websocket", "real-time"],
+    "handlingFound": "Some cache strategy mentioned",
+    "handlingMissing": "Not addressed",
+    "requiredHandling": "Implement cache invalidation on writes. Use TTL for time-sensitive data. Consider event-driven invalidation.",
+    "dataConsistency": "Define acceptable staleness window per data type. Document cache strategy.",
+    "userExperience": "Show \"last updated\" timestamp. Offer manual refresh option."
+  },
+  {
+    "id": "data-duplicate-submit",
+    "category": "data-consistency",
+    "triggerKeywords": [],
+    "scenario": "User double-clicks submit, causing duplicate records",
+    "probability": "high",
+    "impact": "medium",
+    "handlingKeywords": ["idempoten", "debounce", "disable", "lock"],
+    "handlingFound": "Some prevention mentioned",
+    "handlingMissing": "Not addressed",
+    "requiredHandling": "Implement idempotency keys for mutations. Disable submit button on click. Use unique constraints in DB.",
+    "dataConsistency": "No duplicate records from repeated submissions.",
+    "userExperience": "Button disabled during submission. Clear success/error feedback."
+  },
+  {
+    "id": "security-auth-bypass",
+    "category": "security",
+    "triggerKeywords": ["auth", "login", "user", "permission", "role"],
+    "scenario": "Unauthorized access attempt / authentication bypass",
+    "probability": "high",
+    "impact": "critical",
+    "handlingKeywords": ["auth", "jwt", "session", "middleware"],
+    "handlingFound": "Authentication mentioned",
+    "handlingMissing": "No explicit auth handling",
+    "requiredHandling": "Validate auth tokens on every request. Implement RBAC. Never trust client-side auth state.",
+    "dataConsistency": "Ensure RLS policies are enabled. No data leak through unauthorized queries.",
+    "userExperience": "Redirect to login on 401. Clear error messages without leaking implementation details."
+  },
+  {
+    "id": "security-injection",
+    "category": "security",
+    "triggerKeywords": ["input", "form", "query", "search", "user"],
+    "scenario": "SQL injection / XSS / command injection via user input",
+    "probability": "high",
+    "impact": "critical",
+    "handlingKeywords": ["sanitiz", "escap", "parameterized", "prepared"],
+    "handlingFound": "Some sanitization mentioned",
+    "handlingMissing": "Not explicitly addressed",
+    "requiredHandling": "Use parameterized queries (never string concatenation). Sanitize HTML output. Use CSP headers.",
+    "dataConsistency": "Injection can corrupt or exfiltrate data. Use least-privilege DB connections.",
+    "userExperience": "Transparent to user. Invalid input is silently sanitized."
+  },
+  {
+    "id": "scale-high-traffic",
+    "category": "scale",
+    "triggerKeywords": ["user", "request", "api", "endpoint"],
+    "scenario": "Traffic spike: 10x normal load in 60 seconds",
+    "probability": "medium",
+    "impact": "critical",
+    "handlingKeywords": ["rate-limit", "throttl", "queue", "cache", "cdn", "auto-scal"],
+    "handlingFound": "Some scaling strategy mentioned",
+    "handlingMissing": "No scaling strategy defined",
+    "requiredHandling": "Define rate limits per user and per IP. Implement request queuing for expensive operations. Use CDN for static assets.",
+    "dataConsistency": "Eventual consistency acceptable under load. No data loss.",
+    "userExperience": "Graceful degradation. Show 'service busy' instead of 500 errors."
+  },
+  {
+    "id": "failure-network-timeout",
+    "category": "failure",
+    "triggerKeywords": ["api", "external", "service", "http", "fetch"],
+    "scenario": "External API or service becomes unavailable / times out",
+    "probability": "medium",
+    "impact": "high",
+    "handlingKeywords": ["timeout", "retry", "fallback", "circuit-breaker", "circuit breaker"],
+    "handlingFound": "Timeout/retry strategy mentioned",
+    "handlingMissing": "No timeout or fallback defined",
+    "requiredHandling": "Set explicit timeouts on all external calls. Implement exponential backoff. Define fallback behavior (cached data, graceful degradation).",
+    "dataConsistency": "Operations that fail mid-way must be idempotent or rolled back.",
+    "userExperience": "Show cached/stale data with staleness indicator. Never hang indefinitely."
+  },
+  {
+    "id": "failure-disk-full",
+    "category": "failure",
+    "triggerKeywords": ["file", "upload", "storage", "media", "image"],
+    "scenario": "Storage exhaustion: disk full or quota exceeded",
+    "probability": "low",
+    "impact": "high",
+    "handlingKeywords": ["quota", "limit", "storage", "disk"],
+    "handlingFound": "Storage limits mentioned",
+    "handlingMissing": "No storage limit handling",
+    "requiredHandling": "Check available space before writes. Implement quota enforcement. Alert when approaching limits.",
+    "dataConsistency": "Partial uploads must be cleaned up. No orphaned files.",
+    "userExperience": "Clear error: 'Storage quota exceeded. Please free up space.' with actionable next step."
+  }
+]

package/dist/config/code-quality-thresholds.json

@@ -0,0 +1,114 @@
+[
+  {
+    "id": "typescript",
+    "language": "typescript",
+    "maxFileLines": 400,
+    "maxFunctionLines": 80,
+    "maxParams": 4,
+    "maxNestingDepth": 5,
+    "maxCyclomaticComplexity": 15,
+    "minCoverageStatements": 90,
+    "minCoverageBranches": 80,
+    "minCoverageFunctions": 90,
+    "minCoverageLines": 90,
+    "duplicateLineThreshold": 4
+  },
+  {
+    "id": "javascript",
+    "language": "javascript",
+    "maxFileLines": 400,
+    "maxFunctionLines": 80,
+    "maxParams": 4,
+    "maxNestingDepth": 5,
+    "maxCyclomaticComplexity": 15,
+    "minCoverageStatements": 80,
+    "minCoverageBranches": 70,
+    "minCoverageFunctions": 80,
+    "minCoverageLines": 80,
+    "duplicateLineThreshold": 4
+  },
+  {
+    "id": "python",
+    "language": "python",
+    "maxFileLines": 500,
+    "maxFunctionLines": 50,
+    "maxParams": 5,
+    "maxNestingDepth": 4,
+    "maxCyclomaticComplexity": 10,
+    "minCoverageStatements": 85,
+    "minCoverageBranches": 75,
+    "minCoverageFunctions": 85,
+    "minCoverageLines": 85,
+    "duplicateLineThreshold": 4
+  },
+  {
+    "id": "go",
+    "language": "go",
+    "maxFileLines": 300,
+    "maxFunctionLines": 50,
+    "maxParams": 4,
+    "maxNestingDepth": 4,
+    "maxCyclomaticComplexity": 10,
+    "minCoverageStatements": 80,
+    "minCoverageBranches": 70,
+    "minCoverageFunctions": 80,
+    "minCoverageLines": 80,
+    "duplicateLineThreshold": 3
+  },
+  {
+    "id": "rust",
+    "language": "rust",
+    "maxFileLines": 500,
+    "maxFunctionLines": 60,
+    "maxParams": 5,
+    "maxNestingDepth": 5,
+    "maxCyclomaticComplexity": 15,
+    "minCoverageStatements": 75,
+    "minCoverageBranches": 65,
+    "minCoverageFunctions": 75,
+    "minCoverageLines": 75,
+    "duplicateLineThreshold": 4
+  },
+  {
+    "id": "java",
+    "language": "java",
+    "maxFileLines": 600,
+    "maxFunctionLines": 60,
+    "maxParams": 5,
+    "maxNestingDepth": 5,
+    "maxCyclomaticComplexity": 15,
+    "minCoverageStatements": 80,
+    "minCoverageBranches": 70,
+    "minCoverageFunctions": 80,
+    "minCoverageLines": 80,
+    "duplicateLineThreshold": 4
+  },
+  {
+    "id": "csharp",
+    "language": "csharp",
+    "maxFileLines": 600,
+    "maxFunctionLines": 60,
+    "maxParams": 5,
+    "maxNestingDepth": 5,
+    "maxCyclomaticComplexity": 15,
+    "minCoverageStatements": 80,
+    "minCoverageBranches": 70,
+    "minCoverageFunctions": 80,
+    "minCoverageLines": 80,
+    "duplicateLineThreshold": 4
+  },
+  {
+    "id": "default",
+    "language": "default",
+    "maxFileLines": 500,
+    "maxFunctionLines": 60,
+    "maxParams": 5,
+    "maxNestingDepth": 5,
+    "maxCyclomaticComplexity": 15,
+    "minCoverageStatements": 80,
+    "minCoverageBranches": 70,
+    "minCoverageFunctions": 80,
+    "minCoverageLines": 80,
+    "duplicateLineThreshold": 4
+  }
+]

package/dist/config/compliance-frameworks.json

@@ -0,0 +1,150 @@
+[
+  {
+    "id": "gdpr",
+    "name": "GDPR",
+    "fullName": "General Data Protection Regulation",
+    "type": "privacy",
+    "regions": ["EU", "EEA", "GB"],
+    "triggerKeywords": ["eu", "europe", "european", "gdpr", "user", "personal data", "email"],
+    "dataTypes": ["pii", "behavioral", "location", "biometric"],
+    "criteria": [
+      "Implement user consent mechanism with explicit opt-in before collecting personal data",
+      "Provide data subject rights: access, rectification, erasure (right to be forgotten)",
+      "Document data processing activities in a Record of Processing Activities (RoPA)",
+      "Implement data breach notification process (72-hour reporting window)",
+      "Appoint Data Protection Officer if processing at scale"
+    ],
+    "references": [
+      "https://gdpr.eu/",
+      "https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/"
+    ]
+  },
+  {
+    "id": "iso-27001",
+    "name": "ISO 27001",
+    "fullName": "ISO/IEC 27001 - Information Security Management",
+    "type": "security",
+    "regions": ["global"],
+    "triggerKeywords": ["security", "enterprise", "saas", "b2b", "compliance", "audit", "iso"],
+    "dataTypes": ["credentials", "financial", "pii"],
+    "criteria": [
+      "Implement information security policy and management framework",
+      "Conduct regular risk assessments and maintain risk register",
+      "Implement access control with principle of least privilege",
+      "Establish incident response and security monitoring procedures",
+      "Perform regular security training and awareness programs"
+    ],
+    "references": [
+      "https://www.iso.org/isoiec-27001-information-security.html",
+      "https://www.bsigroup.com/en-GB/iso-27001-information-security/"
+    ]
+  },
+  {
+    "id": "ieee-730",
+    "name": "IEEE 730",
+    "fullName": "IEEE Standard for Software Quality Assurance",
+    "type": "quality",
+    "regions": ["global"],
+    "triggerKeywords": ["software quality", "qa", "quality assurance", "testing", "ieee"],
+    "dataTypes": [],
+    "criteria": [
+      "Define and document Software Quality Assurance Plan (SQAP)",
+      "Implement code review processes with documented review criteria",
+      "Establish traceability between requirements, design, and test cases",
+      "Define defect classification and resolution procedures",
+      "Conduct formal inspections at each development phase gate"
+    ],
+    "references": ["https://standards.ieee.org/ieee/730/5284/", "https://ieeexplore.ieee.org/document/9415778"]
+  },
+  {
+    "id": "ieee-29119",
+    "name": "IEEE 29119",
+    "fullName": "IEEE Standard for Software Testing",
+    "type": "testing",
+    "regions": ["global"],
+    "triggerKeywords": ["testing", "test plan", "test strategy", "ieee", "software testing"],
+    "dataTypes": [],
+    "criteria": [
+      "Document test strategy covering scope, approach, resources, and schedule",
+      "Define test levels: unit, integration, system, acceptance",
+      "Implement test completion criteria with measurable coverage thresholds",
+      "Maintain test case documentation with expected vs actual results",
+      "Conduct risk-based testing to prioritize test effort"
+    ],
+    "references": ["https://www.softwaretestingstandard.org/", "https://standards.ieee.org/ieee/29119-1/5248/"]
+  },
+  {
+    "id": "iso-9001",
+    "name": "ISO 9001",
+    "fullName": "ISO 9001 - Quality Management Systems",
+    "type": "quality",
+    "regions": ["global"],
+    "triggerKeywords": ["quality", "iso", "certification", "enterprise", "compliance", "process"],
+    "dataTypes": [],
+    "criteria": [
+      "Define and document quality management processes and procedures",
+      "Implement customer feedback collection and analysis mechanisms",
+      "Establish continuous improvement processes with measurable KPIs",
+      "Conduct internal audits and management reviews",
+      "Control nonconforming outputs with documented corrective actions"
+    ],
+    "references": ["https://www.iso.org/iso-9001-quality-management.html", "https://asq.org/quality-resources/iso-9001"]
+  },
+  {
+    "id": "hipaa",
+    "name": "HIPAA",
+    "fullName": "Health Insurance Portability and Accountability Act",
+    "type": "privacy",
+    "regions": ["US"],
+    "triggerKeywords": ["health", "medical", "patient", "hipaa", "healthcare", "ehr", "phi"],
+    "dataTypes": ["health", "pii"],
+    "criteria": [
+      "Implement Administrative Safeguards: workforce training, access management policies",
+      "Implement Physical Safeguards: facility access controls, workstation security",
+      "Implement Technical Safeguards: encryption, audit controls, automatic logoff",
+      "Execute Business Associate Agreements (BAA) with all third-party data processors",
+      "Establish minimum necessary standard for PHI access"
+    ],
+    "references": [
+      "https://www.hhs.gov/hipaa/for-professionals/index.html",
+      "https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html"
+    ]
+  },
+  {
+    "id": "pci-dss",
+    "name": "PCI DSS",
+    "fullName": "Payment Card Industry Data Security Standard",
+    "type": "security",
+    "regions": ["global"],
+    "triggerKeywords": ["payment", "card", "stripe", "credit card", "checkout", "billing", "transaction"],
+    "dataTypes": ["financial"],
+    "criteria": [
+      "Never store sensitive card data (CVV, full PAN) after authorization",
+      "Encrypt transmission of cardholder data over public networks (TLS 1.2+)",
+      "Implement strong access control measures and unique user IDs",
+      "Regularly test security systems and processes (penetration testing)",
+      "Maintain information security policy and vulnerability management program"
+    ],
+    "references": [
+      "https://www.pcisecuritystandards.org/",
+      "https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf"
+    ]
+  },
+  {
+    "id": "wcag-21",
+    "name": "WCAG 2.1",
+    "fullName": "Web Content Accessibility Guidelines 2.1",
+    "type": "accessibility",
+    "regions": ["global"],
+    "triggerKeywords": ["web", "frontend", "ui", "accessibility", "wcag", "a11y", "government", "public"],
+    "dataTypes": [],
+    "criteria": [
+      "All images must have descriptive alt text (WCAG 1.1.1)",
+      "Color is not used as the only visual means of conveying information (WCAG 1.4.1)",
+      "All functionality must be operable via keyboard (WCAG 2.1.1)",
+      "Users must have enough time to read and use content (WCAG 2.2)",
+      "Content must be robust enough to be interpreted by assistive technologies (WCAG 4.1)"
+    ],
+    "references": ["https://www.w3.org/WAI/standards-guidelines/wcag/", "https://www.w3.org/WAI/WCAG21/quickref/"]
+  }
+]