@ryuenn3123/agentic-senior-core 2.5.22 → 3.0.0

package/.agent-context/skills/backend/errors.md

@@ -1,138 +0,0 @@
-# Error Handling & Recovery
-
-**Tier:** ADVANCE | **Source:** awesome-copilot (typed errors) + antigravity (recovery patterns) + minimax (error boundary)
-
-## Rule: Never Swallow Errors
-
- **WRONG:**
-```javascript
-try {
-  const payment = await processPayment();
-} catch (err) {
-  console.log('oops');  // <- Error lost, no recovery
-}
-```
-
- **CORRECT:**
-```javascript
-try {
-  const payment = await processPayment();
-} catch (err) {
-  if (err instanceof PaymentDeclinedError) {
-    // KNOWN: Card declined, user can try again with different card
-    throw err;
-  } else if (err instanceof NetworkTimeoutError) {
-    // MAYBE TEMPORARY: Retry with exponential backoff
-    return await retryWithBackoff(() => processPayment());
-  } else {
-    // UNKNOWN: Log + alert ops team
-    logger.error({ err, context: { customerId, amount } });
-    throw new InternalServerError('Payment processing failed');
-  }
-}
-```
-
----
-
-## Typed Error Codes
-
-Instead of generic "Error", use specific, typed errors:
-
-### Node.js + Custom Error Classes
-
-```javascript
-class ApplicationError extends Error {
-  constructor(code, message, statusCode = 500, details = {}) {
-    super(message);
-    this.code = code;  // Machine-readable
-    this.statusCode = statusCode;  // HTTP status
-    this.details = details;
-  }
-}
-
-class PaymentDeclinedError extends ApplicationError {
-  constructor(reason) {
-    super('PAYMENT_DECLINED', `Card declined: ${reason}`, 402, { reason });
-  }
-}
-
-// Usage in service:
-if (customer.balance < amount) {
-  throw new PaymentDeclinedError('Insufficient funds');
-}
-
-// Transport layer catches and responds:
-app.post('/payments/charge', async (req, res) => {
-  try {
-    const result = await paymentService.charge(req.body);
-    res.json(result);
-  } catch (err) {
-    if (err instanceof ApplicationError) {
-      res.status(err.statusCode).json({
-        error: err.code,
-        message: err.message,
-        details: err.details
-      });
-    } else {
-      res.status(500).json({ error: 'INTERNAL_SERVER_ERROR' });
-    }
-  }
-});
-```
-
----
-
-## Correlation IDs (Debug Multi-Service Requests)
-
-When requests span multiple services, trace them with correlation IDs:
-
-```javascript
-// Transport layer: Generate or receive correlation ID
-app.use((req, res, next) => {
-  req.correlationId = req.headers['x-correlation-id'] || generateUUID();
-  res.setHeader('x-correlation-id', req.correlationId);
-  next();
-});
-
-// Service layer: Attach to all logs
-logger.info({
-  message: 'Processing payment',
-  correlationId: req.correlationId,
-  customerId,
-  amount
-});
-
-// Logs across all services will have same correlationId
-```
-
----
-
-## Retry Strategy
-
-```javascript
-async function retryWithBackoff(fn, maxAttempts = 3) {
-  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      if (attempt === maxAttempts) throw err;
-      if (!(err instanceof NetworkTimeoutError)) throw err;
-      
-      const delay = Math.pow(2, attempt - 1) * 1000;  // 1s, 2s, 4s
-      await sleep(delay);
-    }
-  }
-}
-```
-
----
-
-## Checklist
-
-- [ ] All caught errors are typed (not generic `Error`)
-- [ ] All errors have machine-readable code
-- [ ] Production errors logged with context (correlationId, userId)
-- [ ] Retry logic only for transient failures (timeouts, 5xx)
-- [ ] User-level errors have helpful messages (no SQL/stack traces)
-- [ ] Critical errors alert ops (Slack, PagerDuty)
-- Keep retry and rollback behavior explicit.

package/.agent-context/skills/backend/validation.md

@@ -1,117 +0,0 @@
-# Input Validation & Parameterized Queries
-
-**Tier:** ADVANCE | **Source:** awesome-copilot (boundaries) + antigravity (security halt) + minimax (validation patterns)
-
-## Why Validation at Boundaries Matters
-
-Rule: **All external input is untrusted.** Validate at API entry point before touching business logic or database.
-
-Common vulnerabilities when skipped:
-- SQL injection: Unparameterized queries with user input
-- Type confusion: String input treated as number
-- Business logic bypass: Missing eligibility checks
-- Data corruption: Invalid state transitions
-
-**SECURITY HALT:** If you find unvalidated input directly in database queries, stop feature development. Fix first.
-
----
-
-## Layer 1: HTTP Request Validation
-
-Validate shape, type, required fields **before** touching service layer.
-
-### Node.js + Zod (Type-Safe)
-
-```javascript
-import { z } from 'zod';
-
-const chargeSchema = z.object({
-  amount: z.number().min(50).max(100000),
-  customerId: z.string().uuid(),
-  cardToken: z.string().min(10).max(1000),
-});
-
-app.post('/payments/charge', async (req, res) => {
-  // Validate shape + types
-  const parsed = chargeSchema.safeParse(req.body);
-  if (!parsed.success) {
-    return res.status(400).json({
-      error: 'Invalid request',
-      details: parsed.error.errors
-    });
-  }
-
-  // Now safe to pass to service
-  const result = await paymentService.charge(parsed.data);
-  res.json(result);
-});
-```
-
-### Python + Pydantic
-
-```python
-from pydantic import BaseModel, Field
-
-class ChargeRequest(BaseModel):
-    amount: float = Field(..., ge=50, le=100000)
-    customer_id: str = Field(..., min_length=36, max_length=36)
-    card_token: str = Field(..., min_length=10, max_length=1000)
-
-@app.post("/payments/charge")
-async def charge_payment(req: ChargeRequest):
-    result = await payment_service.charge(req.dict())
-    return result
-```
-
----
-
-## Layer 2: SQL Query Parameterization
-
-###  WRONG (SQL Injection)
-
-```javascript
-const customerId = req.body.customerId;
-const query = `SELECT * FROM customers WHERE id = '${customerId}'`;
-// Input: '; DROP TABLE customers; --'
-```
-
-###  CORRECT (Parameterized)
-
-```javascript
-await db.one(
-  'SELECT * FROM customers WHERE id = $1',
-  [customerId]  // Parameterized
-);
-```
-
----
-
-## Layer 3: Business Logic Validation
-
-```javascript
-async charge({ amount, customerId, cardToken }) {
-  // Already validated: amount in range, customerId is UUID
-
-  // Now validate business rules
-  const customer = await customerRepo.findById(customerId);
-  if (!customer) throw new NotFoundError('Customer');
-  if (customer.status !== 'active') throw new BusinessError('Account suspended');
-  if (customer.dailyLimit && customer.dailySpent + amount > customer.dailyLimit) {
-    throw new BusinessError('Daily limit exceeded');
-  }
-
-  // Safe to proceed
-}
-```
-
----
-
-## Checklist
-
-- [ ] All route handlers validate request shape (Zod/Pydantic)
-- [ ] All database queries use parameterized statements
-- [ ] All external API responses validated before use
-- [ ] Business rules checked in Service layer
-- [ ] Error messages safe (no SQL leaked to client)
-- [ ] Tests cover invalid inputs
-- Keep validation deterministic and testable.

package/.agent-context/skills/backend.md

@@ -1,29 +0,0 @@
-# Backend Skill Pack
-
-Default tier: `advance`
-
-## Purpose
-Build backend systems with strict layer separation, typed boundaries, and operational safety.
-
-## In Scope
-- Transport, service, repository, and domain separation
-- Validation at boundaries
-- Error handling and observability
-- Data access and transaction safety
-- API and event contract design
-
-## Must-Have Checks
-- No business logic in transport layer
-- No HTTP objects in application layer
-- No raw SQL in controllers or services
-- All external input validated before business logic
-- Typed errors and explicit failure paths
-
-## Evidence
-- Unit and integration tests
-- API contract docs
-- Validation schemas
-- Release gate output
-
-## Fallback
-- Standard mode is allowed only for legacy compatibility and must be flagged in release evidence.

package/.agent-context/skills/cli/.evidence/compatibility-manifest.json

@@ -1,5 +0,0 @@
-{
-  "ides": ["cursor", "windsurf", "copilot"],
-  "nodeMin": "18.15",
-  "platforms": ["windows", "mac", "linux"]
-}

package/.agent-context/skills/cli/.evidence/sbom-excerpt.json

@@ -1,10 +0,0 @@
-{
-  "bomFormat": "CycloneDX",
-  "specVersion": "1.4",
-  "components": [
-    {
-      "type": "library",
-      "name": "node:fs/promises"
-    }
-  ]
-}

package/.agent-context/skills/cli/.evidence/test-report.json

@@ -1,8 +0,0 @@
-{
-  "passed": true,
-  "total": 12,
-  "failed": 0,
-  "skipped": 0,
-  "durationMs": 1500,
-  "lastRun": "2026-04-08T00:00:00Z"
-}

package/.agent-context/skills/cli/CHANGELOG.md

@@ -1,6 +0,0 @@
----
-tier: production
----
-# Changelog
-## 1.0.0
-- Initial release

package/.agent-context/skills/cli/README.md

@@ -1,56 +0,0 @@
-# CLI Engineering Skills
-
-Default tier: `advance`
-
-This domain covers command design, safe mutation workflows, and machine-readable output conventions for automation.
-
-## Topics
-- [Init Flow](init.md) - Deterministic project initialization with explicit write plans
-- [Upgrade Flow](upgrade.md) - Safe upgrades with dry-run, rollback, and compatibility checks
-- [Machine-Readable Output](output.md) - Stable JSON output and deterministic exit semantics
-- [Safety and Telemetry](safety-telemetry.md) - Operational signal capture and release-facing CLI governance summaries
-
-## Operating Model
-- Use `advance` for normal command work.
-- Escalate to `expert` when commands mutate user state or require migration safety.
-
-## Above-Line Additions
-- Mandatory dry-run support for mutating commands.
-- Structured error payloads for CI/CD and bots.
-- Explicit rollback plans for upgrade paths.
-- Plug-and-play init presets for common stacks and blueprints.
-
-## Installation and Entry Paths
-
-Choose the path that fits your workflow:
-
-- `agentic-senior-core launch` for a numbered interactive chooser.
-- `npm install -g @fatidaprilian/agentic-senior-core` for a global command.
-- `npm exec --yes @fatidaprilian/agentic-senior-core init` for a one-off run.
-- `npx @fatidaprilian/agentic-senior-core init` for a package-managed local run.
-- GitHub template for zero-install project bootstrap.
-
-## Preset Starts
-
-Use presets when you want fewer choices at the start:
-
-- `frontend-web` - TypeScript + API Next.js + balanced profile.
-- `backend-api` - Python + FastAPI + balanced profile.
-- `fullstack-product` - TypeScript + API Next.js + balanced profile.
-- `platform-governance` - Go + Go service + strict profile.
-- `mobile-react-native` - React Native + mobile app + balanced profile.
-- `mobile-flutter` - Flutter + mobile app + balanced profile.
-- `observability-platform` - Go + observability + strict profile.
-- `typescript-nestjs-service` - TypeScript + NestJS module blueprint + balanced profile.
-- `java-enterprise-api` - Java + Spring Boot API + strict profile.
-- `dotnet-enterprise-api` - C# + ASP.NET API + strict profile.
-- `php-laravel-api` - PHP + Laravel API + balanced profile.
-- `kubernetes-platform` - Go + Kubernetes manifests + strict profile.
-
-Example:
-
-```bash
-agentic-senior-core init --preset frontend-web
-agentic-senior-core init --preset backend-api --ci true
-agentic-senior-core launch
-```

package/.agent-context/skills/cli/compatibility-manifest.json

@@ -1,8 +0,0 @@
-{
-  "schemaVersion": "compatibility-manifest-v1",
-  "artifactType": "skill-domain",
-  "domain": "cli",
-  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
-  "nodeMin": "18",
-  "platforms": ["windows", "linux", "macos"]
-}

package/.agent-context/skills/cli/init.md

@@ -1,38 +0,0 @@
-# Init Flow
-
-Tier: ADVANCE
-
-Initialization commands must be deterministic, reversible where possible, and explicit about filesystem mutations.
-
-## Design Principles
-
-- Predictable output for identical input flags.
-- Safe defaults when users omit options.
-- Preflight summary before any file write.
-
-## Required Init Sequence
-
-1. Validate prerequisites (runtime, permissions, existing files).
-2. Resolve stack/profile/blueprint selection.
-3. Print write plan summary.
-4. Apply scaffold atomically.
-5. Emit machine-readable onboarding report.
-
-## Write Safety
-
-- Refuse to overwrite existing files without explicit flag.
-- Use idempotent initialization where feasible.
-- Keep generated files grouped by feature intent, not random dump.
-
-## Anti-Patterns
-
-- Hidden writes without disclosure.
-- Interactive-only flow with no non-interactive equivalent.
-- Ambiguous defaults that vary by environment.
-
-## Review Checklist
-
-- [ ] Preflight checks are explicit and actionable.
-- [ ] Generated file set is deterministic.
-- [ ] Dry-run preview exists for init planning.
-- [ ] Exit codes distinguish validation vs runtime failures.

package/.agent-context/skills/cli/output.md

@@ -1,36 +0,0 @@
-# Machine-Readable Output
-
-Tier: ADVANCE
-
-CLI output must support both human readability and automation reliability.
-
-## Output Contract
-
-- Human mode: concise narrative and actionable next steps.
-- JSON mode: deterministic schema, stable field names, and clear status.
-
-## JSON Schema Guidelines
-
-- Include `version`, `timestamp`, `status`, and `summary`.
-- Include `artifacts` list for produced files.
-- Include `errors` array with machine-readable codes.
-- Avoid embedding plain stack traces in public payloads.
-
-## Exit Code Conventions
-
-- `0`: success
-- `1`: validation or runtime failure
-- `2`: policy/gate failure
-
-## Determinism Rules
-
-- Stable key ordering where practical.
-- No random IDs unless explicitly requested.
-- Timestamps in ISO 8601 format.
-
-## Review Checklist
-
-- [ ] JSON output passes schema validation.
-- [ ] Exit codes match documented behavior.
-- [ ] Error payload includes code and remediation hint.
-- [ ] Human output remains concise and useful.

package/.agent-context/skills/cli/package.json

@@ -1,5 +0,0 @@
-{
-  "name": "@agentic-skills/cli",
-  "version": "1.0.0",
-  "author": "agentic"
-}

package/.agent-context/skills/cli/safety-telemetry.md

@@ -1,39 +0,0 @@
-# Safety and Telemetry
-
-Tier: ADVANCE
-
-CLI safety telemetry captures operational signals that help maintainers detect drift, reduce onboarding failures, and enforce release quality.
-
-## Signal Categories
-
-Capture and review machine-readable CLI signals:
-
-- Validation and release-gate status.
-- Preflight failure categories.
-- Rollback trigger frequency.
-- Preset usage distribution across onboarding sessions.
-
-## Output Contract
-
-Telemetry reports should remain automation-friendly:
-
-- Stable JSON shape.
-- ISO timestamps.
-- Explicit status fields.
-- Actionable blocker summary.
-
-Human-facing logs can remain concise, but automation payloads should preserve full diagnostic details.
-
-## Governance Use Cases
-
-- Weekly maintainership report generation.
-- Detecting repeated onboarding failures caused by conflicting local files.
-- Tracking whether preset expansion improves adoption.
-- Confirming rollback operations remain low-frequency and controlled.
-
-## Review Checklist
-
-- [ ] Safety signals are emitted in machine-readable format.
-- [ ] Preset and failure telemetry are captured consistently.
-- [ ] Operational reports include blocker summaries.
-- [ ] Telemetry output is suitable for CI artifact upload.

package/.agent-context/skills/cli/tests/.gitkeep

@@ -1 +0,0 @@
-# Keep this empty tests directory for V2.0-004 trust-scorer tests

package/.agent-context/skills/cli/upgrade.md

@@ -1,38 +0,0 @@
-# Upgrade Flow
-
-Tier: ADVANCE
-
-Upgrade commands must prioritize compatibility, transparency, and recovery.
-
-## Required Controls
-
-- Dry-run mode to preview changes.
-- Compatibility checks before mutation.
-- Backup or rollback path for critical files.
-
-## Upgrade Sequence
-
-1. Read current version and target version.
-2. Evaluate compatibility matrix.
-3. Produce migration plan (files to add/change/remove).
-4. Execute with transactional mindset.
-5. Emit post-upgrade report with changed artifacts.
-
-## Failure Handling
-
-- On partial failure, rollback modified artifacts or provide deterministic recovery instructions.
-- Never leave silent half-upgraded state.
-- Exit with explicit status code and structured error payload.
-
-## Anti-Patterns
-
-- In-place mutation without preview.
-- Version bump without migration note.
-- Breaking changes in minor release without contract guard.
-
-## Review Checklist
-
-- [ ] Dry-run output is complete and stable.
-- [ ] Upgrade report captures all changed files.
-- [ ] Rollback path is tested.
-- [ ] Compatibility failures block mutation.

package/.agent-context/skills/cli.md

@@ -1,32 +0,0 @@
-# CLI Skill Pack
-
-Default tier: `advance`
-
-## Purpose
-Create smart command-line workflows that guide users efficiently and safely.
-
-## In Scope
-- Interactive initialization and upgrade flows
-- Safe defaults and confirmation steps
-- Machine-readable output for automation
-- Validation and self-healing hooks
-- Cross-platform shell behavior
-- Preset ergonomics and operational telemetry outputs
-
-## Must-Have Checks
-- Explicit command help and examples
-- Deterministic output format for automation
-- Safe destructive-action guards
-- Validation before mutation
-- Exit codes reflect success and failure clearly
-- Preset catalog remains discoverable and tested in smoke tests
-
-## Evidence
-- CLI smoke tests
-- Machine-readable report output
-- Upgrade dry-run output
-- Cross-platform execution notes
-- Weekly governance report references CLI trust tier and release posture
-
-## Fallback
-- Standard mode can remain available for compatibility, but advance is the default user experience.

package/.agent-context/skills/distribution/.evidence/compatibility-manifest.json

@@ -1,9 +0,0 @@
-{
-  "schemaVersion": "compatibility-manifest-v1",
-  "artifactType": "skill-domain-evidence",
-  "domain": "distribution",
-  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
-  "nodeMin": "18",
-  "platforms": ["windows", "linux", "macos"],
-  "validatedAt": "2026-04-11T12:00:00Z"
-}

package/.agent-context/skills/distribution/.evidence/sbom-excerpt.json

@@ -1,6 +0,0 @@
-{
-  "format": "cyclonedx",
-  "component": "@agentic-skills/distribution",
-  "version": "1.0.0",
-  "dependencies": []
-}

package/.agent-context/skills/distribution/.evidence/test-report.json

@@ -1,8 +0,0 @@
-{
-  "passed": true,
-  "total": 14,
-  "failed": 0,
-  "skipped": 0,
-  "durationMs": 1300,
-  "lastRun": "2026-04-11T12:00:00Z"
-}

package/.agent-context/skills/distribution/CHANGELOG.md

@@ -1,7 +0,0 @@
----
-tier: production
----
-# Changelog
-## 1.0.0
-- Expanded distribution skill depth with provenance attestation guidance.
-- Added evidence bundle metadata for trust-tier verification.

package/.agent-context/skills/distribution/README.md

@@ -1,27 +0,0 @@
-# Distribution Engineering Skills
-
-Default tier: `expert`
-
-This domain governs release packaging, compatibility policy, and rollback readiness.
-
-## Topics
-- [Publish Hygiene](publish.md) - Package integrity, provenance, and release evidence
-- [Rollback](rollback.md) - Recovery-first release operations
-- [Compatibility](compatibility.md) - Runtime/tooling support policy and guardrails
-- [Provenance Attestation](provenance-attestation.md) - SBOM linkage, artifact identity, and maintainership traceability
-
-## Operating Model
-- Use `expert` as the default distribution tier.
-- Block release if rollback and compatibility guarantees are not verified.
-
-## Above-Line Additions
-- Release gates tied to benchmark and compatibility checks.
-- Supply-chain artifacts (SBOM/provenance) as first-class outputs.
-- Explicit rollback drills before critical releases.
-
-## Usage Example
-
-```bash
-npm run gate:release
-npm run report:governance-weekly
-```

package/.agent-context/skills/distribution/compatibility-manifest.json

@@ -1,8 +0,0 @@
-{
-  "schemaVersion": "compatibility-manifest-v1",
-  "artifactType": "skill-domain",
-  "domain": "distribution",
-  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
-  "nodeMin": "18",
-  "platforms": ["windows", "linux", "macos"]
-}