@qazuor/claude-code-config 0.1.0

package/templates/commands/audit/security-audit.md

@@ -0,0 +1,231 @@
+---
+name: security-audit
+description: Comprehensive security audit and vulnerability assessment
+type: audit
+category: quality
+config_required:
+  - SECURITY_SCAN_COMMAND: "Command to run security scans (e.g., pnpm audit)"
+  - AUTH_PATTERN: "Authentication pattern used (e.g., JWT, OAuth, Clerk)"
+  - DATABASE_ORM: "ORM/Database library (e.g., Drizzle, Prisma)"
+  - VALIDATION_LIBRARY: "Input validation library (e.g., Zod)"
+---
+
+# Security Audit Command
+
+## Purpose
+
+Performs comprehensive security audit validating authentication, authorization, input validation, data protection, and security best practices.
+
+## ⚙️ Configuration
+
+| Setting | Description | Example |
+|---------|-------------|---------|
+| SECURITY_SCAN_COMMAND | Dependency security scan | `pnpm audit` |
+| AUTH_PATTERN | Authentication method | `JWT`, `OAuth`, `Clerk` |
+| DATABASE_ORM | Database ORM used | `Drizzle`, `Prisma` |
+| VALIDATION_LIBRARY | Input validation | `Zod`, `Joi` |
+| REPORT_OUTPUT | Report file path | `.claude/reports/security-audit-report.md` |
+
+## Usage
+
+```bash
+/security-audit [options]
+```
+
+### Options
+
+- `--scope <area>`: Focus on specific area (auth, api, database, frontend, all)
+- `--depth <level>`: Analysis depth (quick, standard, thorough)
+- `--report`: Generate detailed report
+- `--fix-suggestions`: Include automated fix suggestions
+
+## Audit Checklist
+
+### 1. Authentication & Authorization
+
+| Check | Validation |
+|-------|------------|
+| Authentication implementation | {{AUTH_PATTERN}} properly configured |
+| Token validation | Expiry and signature verification |
+| Session management | Secure session handling |
+| Authorization checks | RBAC/permissions on protected routes |
+| Password policies | Strong password requirements |
+
+### 2. Input Validation & Sanitization
+
+| Check | Validation |
+|-------|------------|
+| Input validation | All inputs validated with {{VALIDATION_LIBRARY}} |
+| SQL injection prevention | {{DATABASE_ORM}} parameterized queries |
+| XSS prevention | Output encoding/escaping |
+| CSRF protection | Token validation on state changes |
+| Path traversal | File access validation |
+
+### 3. Data Protection
+
+| Check | Validation |
+|-------|------------|
+| Encryption at rest | Sensitive data encrypted |
+| Encryption in transit | HTTPS enforced |
+| Secret management | No hardcoded secrets |
+| Environment variables | Proper configuration |
+| Logging | No sensitive data logged |
+
+### 4. API Security
+
+| Check | Validation |
+|-------|------------|
+| Rate limiting | Implemented on public endpoints |
+| Authentication | Required where needed |
+| Error handling | No information leakage |
+| CORS configuration | Properly configured |
+| Request validation | Size limits enforced |
+
+### 5. Infrastructure & Configuration
+
+| Check | Validation |
+|-------|------------|
+| Security headers | CSP, HSTS, X-Frame-Options |
+| Dependency vulnerabilities | {{SECURITY_SCAN_COMMAND}} passing |
+| Debug mode | Disabled in production |
+| Error stack traces | Hidden in production |
+| Admin interfaces | Protected |
+
+### 6. Code Security Patterns
+
+| Check | Validation |
+|-------|------------|
+| Dangerous functions | No eval, Function constructor |
+| Secure randomness | Cryptographically secure RNG |
+| Error handling | No information disclosure |
+| File operations | Safe file handling |
+| Cookie security | HttpOnly, Secure, SameSite |
+
+## Output Format
+
+### Terminal Output
+
+```text
+🔒 Security Audit Report
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+📋 Summary
+  Total Checks: {{TOTAL}}
+  Passed: {{PASSED}} ({{PERCENTAGE}}%)
+  Failed: {{FAILED}} ({{PERCENTAGE}}%)
+  Warnings: {{WARNINGS}} ({{PERCENTAGE}}%)
+
+🔴 Critical Issues ({{COUNT}})
+  {{#each CRITICAL_ISSUES}}
+  {{INDEX}}. {{TITLE}}
+     Location: {{FILE}}:{{LINE}}
+     Fix: {{FIX_SUGGESTION}}
+  {{/each}}
+
+🟠 High Priority Issues ({{COUNT}})
+  {{#each HIGH_ISSUES}}
+  {{INDEX}}. {{TITLE}}
+     Location: {{FILE}}:{{LINE}}
+     Fix: {{FIX_SUGGESTION}}
+  {{/each}}
+
+🟡 Medium Priority Issues ({{COUNT}})
+  {{#each MEDIUM_ISSUES}}
+  {{INDEX}}. {{TITLE}}
+  {{/each}}
+
+🟢 Passed Checks
+  {{#each PASSED_CHECKS}}
+  ✓ {{CHECK_NAME}}
+  {{/each}}
+
+💡 Recommendations
+  {{#each RECOMMENDATIONS}}
+  {{INDEX}}. {{RECOMMENDATION}}
+  {{/each}}
+
+📄 Detailed report: {{REPORT_OUTPUT}}
+```
+
+### Report File Structure
+
+```markdown
+# Security Audit Report
+
+**Date**: {{AUDIT_DATE}}
+**Scope**: {{SCOPE}}
+**Depth**: {{DEPTH}}
+
+## Executive Summary
+
+{{SUMMARY}}
+
+## Critical Issues
+
+### CRIT-{{ID}}: {{TITLE}}
+- **Severity**: Critical
+- **Location**: {{FILE}}:{{LINE}}
+- **Description**: {{DESCRIPTION}}
+- **Impact**: {{IMPACT}}
+- **Fix**: {{FIX_STEPS}}
+- **References**: {{LINKS}}
+
+## High Priority Issues
+
+{{#each HIGH_ISSUES}}
+### HIGH-{{ID}}: {{TITLE}}
+{{DETAILS}}
+{{/each}}
+
+## Passed Checks
+
+{{PASSED_CHECKS_LIST}}
+
+## Recommendations
+
+{{RECOMMENDATIONS_LIST}}
+```
+
+## Integration with Workflow
+
+### Phase 3 - Validation
+
+Run during validation phase:
+- After implementation complete
+- Before deployment
+- As part of `/quality-check`
+
+### CI/CD Integration
+
+```yaml
+- name: Security Audit
+  run: {{CLI_TOOL}} /security-audit --report
+```
+
+## Common Vulnerabilities Detected
+
+### Critical
+- Missing authentication checks
+- SQL injection vulnerabilities
+- XSS vulnerabilities
+- Hardcoded secrets
+- Insecure data exposure
+
+### High
+- Missing authorization checks
+- Insufficient input validation
+- Weak session management
+- Missing rate limiting
+
+### Medium
+- Missing security headers
+- Outdated dependencies
+- Information disclosure
+- Insecure cookie configuration
+
+## Related Commands
+
+- `/quality-check` - Comprehensive validation (includes security)
+- `/performance-audit` - Performance audits
+- `/accessibility-audit` - Accessibility checks
+- `/code-check` - Code quality validation

package/templates/commands/code-check.md

@@ -0,0 +1,127 @@
+---
+name: code-check
+description: Run linting and type checking validation
+type: quality
+category: validation
+config_required:
+  - TYPECHECK_COMMAND: "Command to run type checking (e.g., pnpm typecheck)"
+  - LINT_COMMAND: "Command to run linting (e.g., pnpm lint)"
+  - PROJECT_ROOT: "Project root directory path"
+---
+
+# Code Check Command
+
+## Purpose
+
+Run linting and type checking validation across the codebase. Stops at first error for immediate fixing.
+
+## ⚙️ Configuration
+
+| Setting | Description | Example |
+|---------|-------------|---------|
+| TYPECHECK_COMMAND | Type checking command | `pnpm typecheck` |
+| LINT_COMMAND | Linting command | `pnpm lint` |
+| PROJECT_ROOT | Project root directory | `/path/to/project` |
+| STOP_ON_ERROR | Stop on first error | `true` |
+
+## Usage
+
+```bash
+/code-check
+```
+
+## Execution Flow
+
+### 1. Type Checking
+
+**Process:**
+
+| Step | Action |
+|------|--------|
+| 1 | Navigate to {{PROJECT_ROOT}} |
+| 2 | Execute {{TYPECHECK_COMMAND}} |
+| 3 | Validate type compilation |
+| 4 | Stop on first error |
+
+**Output on Error:**
+
+```text
+❌ Type Check Failed
+
+File: {{FILE_PATH}}:{{LINE}}:{{COL}}
+Error: {{ERROR_MESSAGE}}
+
+Fix required before proceeding.
+```
+
+### 2. Lint Validation
+
+**Process:**
+
+| Step | Action |
+|------|--------|
+| 1 | Execute {{LINT_COMMAND}} |
+| 2 | Apply linting rules |
+| 3 | Check code style |
+| 4 | Stop on first error |
+
+**Output on Error:**
+
+```text
+❌ Lint Failed
+
+File: {{FILE_PATH}}:{{LINE}}:{{COL}}
+Rule: {{RULE_NAME}}
+Error: {{ERROR_MESSAGE}}
+
+Fix required before proceeding.
+```
+
+## Quality Standards
+
+| Category | Checks |
+|----------|--------|
+| **Type Safety** | Strict mode, no implicit any, import resolution |
+| **Code Style** | Formatting, import organization, best practices |
+| **Code Quality** | No unused code, proper error handling |
+
+## Output Format
+
+### Success
+
+```text
+✅ CODE CHECK PASSED
+
+Type Check:
+✅ All files compile successfully
+✅ No type errors found
+
+Lint:
+✅ All linting rules passed
+✅ Code style consistent
+
+🚀 Ready to proceed
+```
+
+### Failure
+
+```text
+❌ CODE CHECK FAILED
+
+{{ERROR_DETAILS}}
+
+Fix required before proceeding.
+```
+
+## Related Commands
+
+- `/quality-check` - Full quality validation
+- `/run-tests` - Test execution
+- `/review-code` - Code review
+
+## When to Use
+
+- Before committing changes
+- Before code reviews
+- As part of CI/CD pipeline
+- Required by `/quality-check`

package/templates/commands/five-why.md

@@ -0,0 +1,225 @@
+---
+name: five-why
+description: Root cause analysis using Five Whys technique
+type: development
+category: analysis
+config_required:
+  - problem_categories: "Define problem types (technical, process, system)"
+  - analysis_depth: "Configure analysis depth and iteration count"
+  - solution_framework: "Define solution evaluation criteria"
+---
+
+# Five Why Command
+
+## Purpose
+
+Systematic root cause analysis using Five Whys technique to identify underlying causes of problems, bugs, or architectural decisions.
+
+## ⚙️ Configuration
+
+| Setting | Description | Example |
+|---------|-------------|---------|
+| `problem_categories` | Problem classification types | `technical, process, system` |
+| `analysis_depth` | Number of why iterations | `5` (default) |
+| `solution_types` | Solution categories | `immediate, process, architectural` |
+| `evaluation_criteria` | Solution assessment factors | `effort, risk, benefit` |
+
+## Usage
+
+```bash
+/five-why {problem_description}
+```
+
+## Execution Flow
+
+### Step 1: Problem Analysis
+
+**Agent**: `debugger`
+
+- Analyze presented problem
+- Gather context and information
+- Identify symptoms vs causes
+- Prepare for systematic questioning
+
+### Step 2: Five Whys Analysis
+
+**Process**:
+
+1. Problem Statement: Clear issue definition
+2. Why #1: Immediate cause
+3. Why #2: Underlying cause
+4. Why #3: Deeper cause
+5. Why #4: Systemic cause
+6. Why #5: Root cause
+
+### Step 3: Root Cause Identification
+
+- Identify fundamental cause
+- Validate logic
+- Assess impact and scope
+- Categorize problem type
+
+### Step 4: Solution Development
+
+- Generate solution options
+- Analyze tradeoffs
+- Assess complexity
+- Present recommendations
+
+## Problem Categories
+
+### Technical Problems
+
+**Areas**: Bugs, performance, architecture, integration, deployment
+
+**Focus**: Code-level issues, system design, configuration, dependencies
+
+### Process Problems
+
+**Areas**: Workflow, communication, quality gaps, deployment failures
+
+**Focus**: Process design, tools, knowledge gaps, resource allocation
+
+### System Problems
+
+**Areas**: Scalability, reliability, security, maintenance
+
+**Focus**: Architecture design, infrastructure, operational procedures
+
+## Output Format
+
+```text
+🔍 FIVE WHYS ANALYSIS COMPLETE
+
+Problem: {problem_statement}
+
+📋 Analysis:
+
+❓ Why #1: {question}
+💡 Answer: {immediate_cause}
+   Evidence: {supporting_data}
+
+❓ Why #2: {question}
+💡 Answer: {underlying_cause}
+   Evidence: {supporting_data}
+
+[... continues through Why #5]
+
+🎯 ROOT CAUSE: {root_cause}
+
+📊 Impact:
+- Severity: {level}
+- Scope: {affected_areas}
+- Users Affected: {count}
+
+🔧 Solution Options:
+
+Option 1: {name}
+✅ Pros: {benefits}
+❌ Cons: {tradeoffs}
+Implementation: {steps}
+
+Option 2: {name}
+[Similar structure...]
+
+🎯 RECOMMENDED: {option} ({rationale})
+```
+
+## Analysis Techniques
+
+### Systematic Questioning
+
+**Question Types**:
+
+- Open-ended (avoid yes/no)
+- Evidence-based
+- Context-gathering
+- Assumption-challenging
+
+### Evidence Collection
+
+**Data Sources**:
+
+- Logs and metrics
+- Performance data
+- User reports
+- Code history
+- Configuration changes
+
+## Common Use Cases
+
+### Bug Investigation
+
+```text
+Problem: {symptom}
+Why chain → Root cause: {technical_gap}
+Solution: {fix} + {process_improvement}
+```
+
+### Performance Issues
+
+```text
+Problem: {slow_response}
+Why chain → Root cause: {design_limitation}
+Solution: {optimization} + {monitoring}
+```
+
+### Architecture Decisions
+
+```text
+Problem: {complexity}
+Why chain → Root cause: {planning_gap}
+Solution: {refactor} + {standards}
+```
+
+## Solution Development
+
+### Solution Categories
+
+| Category | Characteristics | When to Use |
+|----------|----------------|-------------|
+| Immediate | Quick fixes, low risk | Critical issues, time-sensitive |
+| Process | Systematic improvements | Recurring problems, quality needs |
+| Architectural | Fundamental changes | Scalability, strategic requirements |
+
+### Tradeoff Analysis
+
+**Assessment Factors**:
+
+- Implementation effort
+- Technical risk
+- User impact
+- Long-term maintenance
+- Business value
+
+## Related Commands
+
+- `/start-refactor-plan` - Architectural solutions
+- `/review-code` - Code quality analysis
+- `/quality-check` - Systematic quality problems
+
+## When to Use
+
+- Bug investigation
+- Performance analysis
+- Process problems
+- Architecture decisions
+- Incident post-mortems
+
+## Best Practices
+
+### Analysis Quality
+
+- Focus on process, not blame
+- Use evidence-based reasoning
+- Challenge assumptions
+- Validate each level
+- Stop at actionable root cause
+
+### Solution Development
+
+- Generate multiple options
+- Consider short and long-term
+- Assess effort realistically
+- Include process improvements
+- Present clear tradeoffs