@ryuenn3123/agentic-senior-core 2.5.22 → 3.0.0

package/.agent-context/blueprints/infrastructure-as-code.md

@@ -1,62 +0,0 @@
-# Infrastructure as Code (IaC) Blueprint
-
-> ClickOps is a sin. If it's not in code, it doesn't exist. Treats your servers like cattle, not pets.
-
-## 1. Tooling (March 2026)
-- **Standard:** Terraform / OpenTofu (HCL) or Pulumi (TypeScript/Go/Python).
-- **BANNED:** AWS CloudFormation (verbose, slow, vendor-locked) unless mandated by enterprise policy. AWS CDK is acceptable but requires rigorous linting to prevent runaway loops.
-
-## 2. Directory Structure (Blast Radius Management)
-Never put all your infrastructure into a single `main.tf` or a single state file.
-- **BANNED:** Flat structure. A single mistake could destroy the database while updating an S3 bucket.
-- **REQUIRED (Component/Environment Split):**
-  ```
-  infrastructure/
-    modules/
-      vpc/
-      rds/
-      eks/
-    environments/
-      dev/
-        vpc/    (depends on modules/vpc)
-        rds/    (runs its own state file)
-      prod/
-        vpc/
-        rds/
-  ```
-
-## 3. Remote State & Locking
-State files contain sensitive data (passwords, IP addresses) and represent the source of truth for your physical architecture.
-- **Rule:** ALWAYS use a remote backend (S3, GCS, HCP Terraform) with state locking (DynamoDB, native GCS/HCP).
-- **BANNED:** Committing `terraform.tfstate` or `Pulumi.dev.yaml` to Git. Ensure `*.tfstate` is in `.gitignore`.
-
-## 4. Hardcoded Values & Secrets
-- **Rule:** NEVER hardcode ARNs, IPs, or passwords in your IaC.
-- **REQUIRED:** Pass variables via `.tfvars` (which are gitignored) or environment variables (`TF_VAR_db_password`). Use a Secret Manager (AWS Secrets Manager, HashiCorp Vault) and reference the secret dynamically.
-- **Example:**
-  ```hcl
-  # ❌ BANNED
-  password = "SuperSecretPassword123!"
-
-  # ✅ REQUIRED
-  data "aws_secretsmanager_secret_version" "db" {
-    secret_id = aws_secretsmanager_secret.db.id
-  }
-  password = jsondecode(data.aws_secretsmanager_secret_version.db.secret_string)["password"]
-  ```
-
-## 5. Principle of Least Privilege (IAM)
-- **Rule:** Wildcards (`*`) in IAM policies are strictly banned unless absolutely necessary (e.g., specific S3 actions).
-- **BANNED:** Assigning `AmazonS3FullAccess` to a worker node that only needs to read from one bucket.
-- **REQUIRED:** Explicit resource ARNs and explicit Actions.
-  ```hcl
-  statement {
-    effect    = "Allow"
-    actions   = ["s3:GetObject"]
-    resources = ["arn:aws:s3:::my-specific-bucket/uploads/*"]
-  }
-  ```
-
-## 6. Immutable Infrastructure
-- **Rule:** If a server is unhealthy, terminate it. Do not SSH into it to fix it.
-- **Rule:** Use Auto Scaling Groups (ASGs) even if the desired capacity is 1. This ensures the component is self-healing.

package/.agent-context/blueprints/kubernetes-manifests.md

@@ -1,76 +0,0 @@
-# Kubernetes Manifests Blueprint
-
-> Kubernetes is a declarative state machine. Tell it what you want, not how to do it.
-
-## 1. Bare Minimum Requirements
-Every application deployed to Kubernetes MUST include at minimum:
-1. `Deployment` (or `StatefulSet`/`DaemonSet`)
-2. `Service`
-3. `ConfigMap` (for non-sensitive config)
-4. `Secret` (managed externally, e.g., via ExternalSecrets)
-5. `Ingress` (or `Gateway APIRoute`)
-
-## 2. Resource Limits & Requests (Mandatory)
-A container without resource limits is a noisy neighbor that will eventually crash the node.
-- **Rule:** EVERY container in a Pod MUST have BOTH `requests` and `limits` defined for CPU and Memory.
-- **BANNED:** Omitting the `resources` block.
-- **REQUIRED:**
-  ```yaml
-  resources:
-    requests:
-      memory: "256Mi"
-      cpu: "100m"
-    limits:
-      memory: "512Mi"
-      cpu: "500m"
-  ```
-
-## 3. Liveness & Readiness Probes (Mandatory)
-Kubernetes needs to know when your app is ready to serve traffic and if it needs to be restarted.
-- **Rule:** EVERY container MUST define a `readinessProbe` and a `livenessProbe`.
-- **BANNED:** Assuming the container is ready just because the process started.
-- **REQUIRED:**
-  ```yaml
-  livenessProbe:
-    httpGet:
-      path: /healthz
-      port: 8080
-    initialDelaySeconds: 5
-    periodSeconds: 10
-  readinessProbe:
-    httpGet:
-      path: /ready
-      port: 8080
-    initialDelaySeconds: 5
-    periodSeconds: 5
-  ```
-
-## 4. The `latest` Tag Fallacy
-- **Rule:** NEVER use the `:latest` tag for container images in production.
-- **Why:** Deployments containing the `latest` tag cannot be easily rolled back, and nodes may cache different versions of `latest`.
-- **REQUIRED:** Use explicit semantic versioning (`:v1.2.3`) or Git SHA hashes (`:sha-7a8f9b`).
-
-## 5. Configuration & Secrets Management
-- **Rule:** Application configuration must be injected via Environment Variables originating from `ConfigMaps` or `Secrets`.
-- **BANNED:** Hardcoding environment variables in the `Deployment` manifest.
-- **BANNED:** Storing Base64-encoded `Secret` manifests in version control.
-- **REQUIRED:** Use tools like `External Secrets Operator` to pull secrets from AWS Secrets Manager / HashiCorp Vault into the cluster securely.
-  ```yaml
-  envFrom:
-    - configMapRef:
-        name: app-config
-    - secretRef:
-        name: app-secrets
-  ```
-
-## 6. Security Context
-By default, containers run as `root`. This is a massive security risk.
-- **Rule:** Containers MUST run as a non-root user. The filesystem should be read-only where possible.
-- **REQUIRED:**
-  ```yaml
-  securityContext:
-    runAsNonRoot: true
-    runAsUser: 1000
-    readOnlyRootFilesystem: true
-    allowPrivilegeEscalation: false
-  ```

package/.agent-context/blueprints/laravel-api.md

@@ -1,233 +0,0 @@
-# Blueprint: Laravel API
-
-> PHP backend API service using Laravel 13, PHP 8.3+, Form Requests, Eloquent, and Scribe for docs.
-
-## Tech Stack
-
-| Layer | Technology |
-|-------|-----------|
-| Framework | Laravel 13 |
-| Validation | Form Requests |
-| ORM | Eloquent |
-| Migration | Laravel Migrations |
-| Testing | Pest PHP |
-| Static analysis | PHPStan (level 8) |
-| Formatting | Laravel Pint |
-| API docs | Scribe |
-
-## Laravel 13 Upgrade Guardrails
-
-- Target `laravel/framework:^13.0` with PHP 8.3+.
-- Use `PreventRequestForgery` when explicitly disabling or excluding CSRF middleware in tests and routes.
-- Keep `upsert` calls explicit with a non-empty `uniqueBy` value for MySQL and MariaDB paths.
-- Decide cache object strategy up front: primitive payloads, or explicit `serializable_classes` allow-list.
-- For existing Laravel 12 projects, keep framework-12-compatible middleware and APIs until upgrade is done; treat this blueprint as target-state guidance.
-
----
-
-## Project Structure
-
-```
-project-name/
-├── app/
-│   ├── Modules/
-│   │   └── User/
-│   │       ├── Controllers/
-│   │       │   └── UserController.php
-│   │       ├── Services/
-│   │       │   └── UserService.php
-│   │       ├── Repositories/
-│   │       │   └── UserRepository.php
-│   │       ├── Requests/
-│   │       │   ├── StoreUserRequest.php
-│   │       │   └── UpdateUserRequest.php
-│   │       ├── Resources/
-│   │       │   └── UserResource.php
-│   │       ├── Models/
-│   │       │   └── User.php
-│   │       ├── Policies/
-│   │       │   └── UserPolicy.php
-│   │       └── Exceptions/
-│   │           └── UserNotFoundException.php
-│   │
-│   ├── Shared/
-│   │   ├── Exceptions/
-│   │   │   └── Handler.php
-│   │   └── Traits/
-│   │       └── ApiResponse.php
-│   │
-│   └── Providers/
-│
-├── database/
-│   ├── factories/
-│   │   └── UserFactory.php
-│   ├── migrations/
-│   └── seeders/
-│
-├── routes/
-│   └── api.php
-│
-├── tests/
-│   ├── Feature/
-│   │   └── User/
-│   │       └── UserEndpointTest.php
-│   └── Unit/
-│       └── User/
-│           └── UserServiceTest.php
-│
-├── phpstan.neon
-├── .env.example
-├── composer.json
-└── Dockerfile
-```
-
----
-
-## File Patterns
-
-### Controller — Thin Transport Layer
-```php
-<?php
-
-declare(strict_types=1);
-
-namespace App\Modules\User\Controllers;
-
-use App\Modules\User\Requests\StoreUserRequest;
-use App\Modules\User\Resources\UserResource;
-use App\Modules\User\Services\UserService;
-use Illuminate\Http\JsonResponse;
-use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
-use Symfony\Component\HttpFoundation\Response;
-
-final class UserController
-{
-    public function __construct(
-        private readonly UserService $userService,
-    ) {}
-
-    public function store(StoreUserRequest $request): JsonResponse
-    {
-        $user = $this->userService->create($request->validated());
-
-        return (new UserResource($user))
-            ->response()
-            ->setStatusCode(Response::HTTP_CREATED);
-    }
-
-    public function index(): AnonymousResourceCollection
-    {
-        return UserResource::collection(
-            $this->userService->listPaginated()
-        );
-    }
-}
-```
-
-### Form Request — Boundary Validation
-```php
-<?php
-
-declare(strict_types=1);
-
-namespace App\Modules\User\Requests;
-
-use Illuminate\Foundation\Http\FormRequest;
-
-final class StoreUserRequest extends FormRequest
-{
-    /** @return array<string, array<int, string>> */
-    public function rules(): array
-    {
-        return [
-            'name' => ['required', 'string', 'max:100'],
-            'email' => ['required', 'email', 'unique:users,email'],
-            'password' => ['required', 'string', 'min:8', 'confirmed'],
-        ];
-    }
-}
-```
-
-### Service — Business Logic
-```php
-<?php
-
-declare(strict_types=1);
-
-namespace App\Modules\User\Services;
-
-use App\Modules\User\Models\User;
-use App\Modules\User\Repositories\UserRepository;
-use Illuminate\Contracts\Pagination\LengthAwarePaginator;
-use Illuminate\Support\Facades\Hash;
-use Illuminate\Support\Facades\Log;
-
-final class UserService
-{
-    public function __construct(
-        private readonly UserRepository $userRepository,
-    ) {}
-
-    /** @param array{name: string, email: string, password: string} $data */
-    public function create(array $data): User
-    {
-        $data['password'] = Hash::make($data['password']);
-        $user = $this->userRepository->create($data);
-
-        Log::info('User created', ['user_id' => $user->id, 'email' => $user->email]);
-
-        return $user;
-    }
-
-    public function listPaginated(int $perPage = 15): LengthAwarePaginator
-    {
-        return $this->userRepository->paginate($perPage);
-    }
-}
-```
-
-### API Resource — Response Transformer
-```php
-<?php
-
-declare(strict_types=1);
-
-namespace App\Modules\User\Resources;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-/** @mixin \App\Modules\User\Models\User */
-final class UserResource extends JsonResource
-{
-    /** @return array<string, mixed> */
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'name' => $this->name,
-            'email' => $this->email,
-            'created_at' => $this->created_at?->toISOString(),
-        ];
-        // NEVER expose: password, remember_token, email_verified_at (unless needed)
-    }
-}
-```
-
----
-
-## Scaffolding Checklist
-
-- [ ] Create Laravel project: `composer create-project laravel/laravel:^13.0`
-- [ ] Confirm core dependencies: `laravel/framework:^13.0`, `laravel/tinker:^3.0`, `phpunit/phpunit:^12.0`, `pestphp/pest:^4.0`
-- [ ] Optional AI workflow: install `laravel/boost:^2.0` and run `php artisan boost:install`
-- [ ] Set up modular structure under `app/Modules/`
-- [ ] Create shared error handler with consistent JSON responses
-- [ ] Create shared `ApiResponse` trait for standard response format
-- [ ] Install and configure PHPStan level 8
-- [ ] Install and configure Laravel Pint
-- [ ] Install Pest PHP for testing
-- [ ] Install Scribe for API documentation
-- [ ] Create first module following the pattern above
-- [ ] Create `.env.example` with all required variables
-- [ ] Run `php artisan test`, `./vendor/bin/phpstan`, `./vendor/bin/pint` — zero errors

package/.agent-context/blueprints/mobile-app.md

@@ -1,91 +0,0 @@
-# Mobile App Blueprint
-
-This blueprint defines a production starter for mobile products that need strict separation between UI flow, device integration, offline behavior, and backend contracts.
-
-## Reference Architecture
-
-Use a three-layer mobile module boundary:
-
-- Transport layer: navigation routes, deep links, push notification handlers, platform lifecycle hooks.
-- Service layer: screen orchestration, input validation, business workflows, permission policy decisions.
-- Repository layer: API clients, local persistence, cache synchronization, device adapter wrappers.
-
-## Suggested Structure
-
-```text
-mobile/
-	app/
-		navigation/
-		screens/
-		feature-flags/
-	features/
-		checkout/
-			ui/
-			service/
-			repository/
-			contracts/
-			tests/
-			index.ts
-		account/
-			ui/
-			service/
-			repository/
-			contracts/
-			tests/
-			index.ts
-	shared/
-		design-tokens/
-		telemetry/
-		error-boundaries/
-		accessibility/
-```
-
-## State and Data Rules
-
-- Keep transient UI state local to the screen component.
-- Keep feature workflow state in service-level orchestrators.
-- Keep remote and local synchronization logic in repository adapters.
-- Enforce idempotent retry semantics for background sync and push-triggered refresh.
-
-## Device and Platform Boundaries
-
-- Wrap native modules behind explicit interfaces.
-- Keep iOS/Android-specific behavior in adapter files, not in feature UI components.
-- Centralize permission checks for camera, location, notifications, and storage.
-- Define fallback behavior for denied permissions before QA sign-off.
-
-## Offline and Failure Handling
-
-- Define offline-first behavior per feature (read-only, queued writes, or blocked operations).
-- Persist pending mutations with retry metadata.
-- Show explicit user-facing recovery actions for network and permission failures.
-- Log mobile crash context with feature name, operation, and user impact summary.
-
-## Testing Baseline
-
-- Unit tests: service decisions, validation, and adapter boundary behavior.
-- Integration tests: repository sync logic with mocked device/network behavior.
-- End-to-end tests: critical journeys (login, primary conversion flow, error recovery path).
-- Accessibility checks: screen reader labels, focus order, and reduced-motion behavior.
-
-## Release Governance
-
-Before shipping each mobile release candidate:
-
-- Verify signing and packaging pipeline integrity.
-- Verify crash-free session and startup stability thresholds.
-- Verify telemetry/analytics payload schema compatibility.
-- Verify rollback strategy for binary release and remote config toggles.
-
-## Recommended Stack Pairings
-
-- React Native for teams that want JavaScript or TypeScript alignment and shared web hiring pool.
-- Flutter for teams that want consistent rendering across platforms and widget-driven architecture.
-
-## Blueprint Checklist
-
-- [ ] Feature boundaries are modular and explicit.
-- [ ] Device adapters are isolated from UI rendering code.
-- [ ] Offline and permission failure behavior is documented.
-- [ ] Critical mobile journeys are covered by automated tests.
-- [ ] Release package and telemetry gates are enforced before ship.