@sk8metal/michi-cli 0.8.1 → 0.8.3

package/docs/user-guide/release/ci-setup.md

@@ -39,297 +39,25 @@ michiは以下のCI/CDツールをサポートしています：
 - **メリット**: 高いカスタマイズ性、柔軟なパイプライン設定
 - **設定ファイル**: `screwdriver.yaml`
 
-## Node.js/TypeScript プロジェクトのCI/CD設定
 
-### GitHub Actions設定例
+## 言語別CI/CD設定ガイド
 
-**.github/workflows/test.yml**
+各言語のCI/CD設定については、以下のドキュメントを参照してください:
 
-```yaml
-name: Test
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [18.x, 20.x]
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: 'npm'
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run lint
-        run: npm run lint
-
-      - name: Run tests
-        run: npm test
-
-      - name: Build
-        run: npm run build
-
-      - name: Upload coverage
-        uses: codecov/codecov-action@v3
-        if: matrix.node-version == '20.x'
-        with:
-          files: ./coverage/coverage-final.json
-```
-
-### Screwdriver設定例
-
-**screwdriver.yaml**
-
-```yaml
-shared:
-  image: node:20
-
-jobs:
-  main:
-    requires: [~pr, ~commit]
-    steps:
-      - install: npm ci
-      - lint: npm run lint
-      - test: npm test
-      - build: npm run build
-      - coverage: |
-          if [ -d "coverage" ]; then
-            echo "Coverage report generated"
-          fi
-```
-
-### package.jsonスクリプト設定
-
-```json
-{
-  "scripts": {
-    "test": "vitest run --coverage",
-    "test:watch": "vitest",
-    "lint": "eslint src/**/*.ts",
-    "lint:fix": "eslint src/**/*.ts --fix",
-    "build": "tsc",
-    "type-check": "tsc --noEmit"
-  }
-}
-```
-
-## Java（Gradle）プロジェクトのCI/CD設定
-
-### GitHub Actions設定例
-
-**.github/workflows/test.yml**
+- **[Node.js/TypeScript プロジェクト](./ci-setup-nodejs.md)**
+  - GitHub Actions設定
+  - Screwdriver設定
+  - Phase A/Bテスト実行
 
-```yaml
-name: Test
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        java-version: [17, 21]
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup JDK
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: ${{ matrix.java-version }}
-          cache: 'gradle'
-
-      - name: Grant execute permission for gradlew
-        run: chmod +x gradlew
-
-      - name: Run checkstyle
-        run: ./gradlew checkstyleMain checkstyleTest
-
-      - name: Run tests
-        run: ./gradlew test
-
-      - name: Build
-        run: ./gradlew build
+- **[Java（Gradle）プロジェクト](./ci-setup-java.md)**
+  - GitHub Actions設定
+  - Screwdriver設定
+  - Phase A/Bテスト実行
 
-      - name: Upload test results
-        uses: actions/upload-artifact@v3
-        if: failure()
-        with:
-          name: test-results
-          path: build/reports/tests/test/
-```
-
-### Screwdriver設定例
-
-**screwdriver.yaml**
-
-```yaml
-shared:
-  image: openjdk:17
-
-jobs:
-  main:
-    requires: [~pr, ~commit]
-    steps:
-      - setup: chmod +x gradlew
-      - checkstyle: ./gradlew checkstyleMain checkstyleTest
-      - test: ./gradlew test
-      - build: ./gradlew build
-      - report: |
-          if [ -d "build/reports" ]; then
-            echo "Test reports generated"
-          fi
-```
-
-### build.gradle設定
-
-```gradle
-plugins {
-    id 'java'
-    id 'checkstyle'
-    id 'jacoco'
-}
-
-test {
-    useJUnitPlatform()
-    testLogging {
-        events "passed", "skipped", "failed"
-    }
-}
-
-jacoco {
-    toolVersion = "0.8.10"
-}
-
-jacocoTestReport {
-    reports {
-        xml.required = true
-        html.required = true
-    }
-}
-
-checkstyle {
-    toolVersion = '10.12.0'
-    configFile = file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-```
-
-## PHP プロジェクトのCI/CD設定
-
-### GitHub Actions設定例
-
-**.github/workflows/test.yml**
-
-```yaml
-name: Test
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        php-version: ['8.1', '8.2', '8.3']
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php-version }}
-          coverage: xdebug
-          tools: composer:v2
-
-      - name: Cache Composer packages
-        uses: actions/cache@v3
-        with:
-          path: vendor
-          key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-php-
-
-      - name: Install dependencies
-        run: composer install --prefer-dist --no-progress
-
-      - name: Run PHPStan
-        run: composer phpstan
-
-      - name: Run tests
-        run: composer test
-
-      - name: Upload coverage
-        uses: codecov/codecov-action@v3
-        if: matrix.php-version == '8.3'
-        with:
-          files: ./coverage.xml
-```
-
-### Screwdriver設定例
-
-**screwdriver.yaml**
-
-```yaml
-shared:
-  image: php:8.3
-
-jobs:
-  main:
-    requires: [~pr, ~commit]
-    steps:
-      - install-composer: |
-          php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-          php composer-setup.php
-          php -r "unlink('composer-setup.php');"
-      - install: php composer.phar install --prefer-dist --no-progress
-      - phpstan: php composer.phar phpstan
-      - test: php composer.phar test
-```
-
-### composer.json設定
-
-```json
-{
-  "scripts": {
-    "test": "phpunit --coverage-clover coverage.xml",
-    "test:unit": "phpunit --testsuite Unit",
-    "phpstan": "phpstan analyse src tests --level=8",
-    "cs-fix": "php-cs-fixer fix"
-  },
-  "require-dev": {
-    "phpunit/phpunit": "^10.0",
-    "phpstan/phpstan": "^1.10",
-    "friendsofphp/php-cs-fixer": "^3.0"
-  }
-}
-```
+- **[PHP プロジェクト](./ci-setup-php.md)**
+  - GitHub Actions設定
+  - Screwdriver設定
+  - Phase A/Bテスト実行
 
 ## CI/CDのベストプラクティス
 
@@ -397,93 +125,12 @@ jobs:
     path: build/reports/
 ```
 
-## トラブルシューティング
-
-### Node.js関連
-
-#### 問題: `npm ci` が失敗する
-
-**原因**: package-lock.jsonが古い
-
-**解決方法**:
-```bash
-# ローカルで再生成
-rm -rf node_modules package-lock.json
-npm install
-git add package-lock.json
-git commit -m "fix: update package-lock.json"
-```
-
-#### 問題: テストがローカルでは成功するがCI/CDで失敗
-
-**原因**: 環境依存の問題（タイムゾーン、ファイルパス等）
-
-**解決方法**:
-```javascript
-// タイムゾーンを固定
-process.env.TZ = 'UTC';
-
-// ファイルパスは絶対パスではなく相対パス
-const configPath = path.join(__dirname, '../config.json');
-```
 
-### Java（Gradle）関連
-
-#### 問題: Gradleビルドが遅い
-
-**原因**: キャッシュが効いていない
-
-**解決方法**:
-```yaml
-# GitHub Actionsでキャッシュを有効化
-- uses: actions/setup-java@v4
-  with:
-    cache: 'gradle'
-
-# または手動でキャッシュ
-- uses: actions/cache@v3
-  with:
-    path: |
-      ~/.gradle/caches
-      ~/.gradle/wrapper
-    key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
-```
-
-#### 問題: `./gradlew: Permission denied`
-
-**原因**: 実行権限がない
-
-**解決方法**:
-```yaml
-- name: Grant execute permission
-  run: chmod +x gradlew
-```
-
-### PHP関連
-
-#### 問題: Composer installが失敗
-
-**原因**: メモリ不足
-
-**解決方法**:
-```yaml
-- name: Install dependencies
-  run: composer install --prefer-dist --no-progress
-  env:
-    COMPOSER_MEMORY_LIMIT: -1
-```
-
-#### 問題: PHPStanがCI/CDで異なる結果を返す
+## トラブルシューティング
 
-**原因**: PHPバージョンの違い
+CI/CD設定の問題については、以下のドキュメントを参照してください:
 
-**解決方法**:
-```yaml
-# 特定のPHPバージョンを指定
-- uses: shivammathur/setup-php@v2
-  with:
-    php-version: '8.3'  # プロジェクトと同じバージョン
-```
+👉 **[CI/CDトラブルシューティングガイド](./ci-setup-troubleshooting.md)**
 
 ## CI/CD設定のチェックリスト
 

package/docs/user-guide/templates/test-specs/e2e-test-spec-template.md

@@ -85,7 +85,9 @@ Example:
 | UF-002 | Product Purchase | User browses, adds to cart, and completes checkout | High | 8 |
 | UF-003 | Password Reset | User resets forgotten password | Medium | 4 |
 
-### 3.3 Browser/Device Matrix
+### 3.3 Browser/Device Matrix (Optional)
+
+**Note**: This matrix is optional. Include it if you need to test across multiple browsers and devices.
 
 Test each user flow on the following combinations:
 
@@ -506,7 +508,9 @@ describe('User Registration Flow', () => {
 });
 ```
 
-## Appendix C: Screenshot and Video Configuration
+## Appendix C: Screenshot and Video Configuration (Optional)
+
+**Note**: This section is optional. Include it if you need to configure screenshot and video capture for your E2E tests.
 
 ### Playwright Configuration
 
@@ -533,7 +537,9 @@ module.exports = {
 };
 ```
 
-## Appendix D: Execution Timing
+## Appendix D: Execution Timing (Optional)
+
+**Note**: This section is optional. Include it if you need to specify when E2E tests should be executed.
 
 ## Phase B (Before Release) - Manual Execution
 

package/docs/user-guide/templates/test-specs/security-test-spec-template.md

@@ -603,47 +603,12 @@ sonar-scanner \
 
 ---
 
-## Appendix B: Common Attack Payloads
-
-### SQL Injection Payloads
-
-```sql
-' OR '1'='1' --
-' OR '1'='1' /*
-admin' --
-admin' #
-' UNION SELECT NULL, username, password FROM users --
-1'; DROP TABLE users; --
-```
-
-### XSS Payloads
-
-```html
-<script>alert('XSS')</script>
-<img src=x onerror=alert('XSS')>
-<svg onload=alert('XSS')>
-<iframe src="javascript:alert('XSS')">
-<body onload=alert('XSS')>
-```
 
-### Path Traversal Payloads
-
-```text
-../../etc/passwd
-....//....//etc/passwd
-..%2F..%2Fetc%2Fpasswd
-..%252F..%252Fetc%252Fpasswd
-```
+## Appendix B: Common Attack Payloads
 
-### LDAP Injection Payloads
+攻撃ペイロードの詳細なリストは、以下のリファレンスドキュメントを参照してください:
 
-```text
-*)(uid=*))(|(uid=*
-admin)(&(password=*))
-*)(objectClass=*)
-```
-
----
+👉 **[一般的な攻撃ペイロード](../../reference/security-test-payloads.md)**
 
 ## Appendix C: Execution Timing
 
@@ -657,8 +622,4 @@ Security tests are executed manually before creating a release tag:
 4. All critical and high-severity vulnerabilities must be fixed before release
 5. Medium/low vulnerabilities should be documented and scheduled for future fix
 
-Security tests are **NOT** executed automatically in CI/CD during PR phase (Phase A), except for:
-- Static code analysis (SonarQube)
-- Dependency vulnerability scanning (Snyk)
-
-These automated scans can run in Phase A, but comprehensive security testing is done in Phase B.
+**Note**: All security tests, including static code analysis and dependency vulnerability scanning, are executed manually in Phase B. CI/CD during PR phase (Phase A) only runs unit tests, linting, and build checks.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sk8metal/michi-cli",
-  "version": "0.8.1",
+  "version": "0.8.3",
   "description": "Managed Intelligent Comprehensive Hub for Integration - AI-driven development workflow automation",
   "license": "MIT",
   "type": "module",
@@ -81,7 +81,6 @@
     "commander": "^14.0.2",
     "dotenv": "^17.2.3",
     "exceljs": "^4.4.0",
-    "googleapis": "^166.0.0",
     "inquirer": "^13.0.1",
     "jira-client": "^8.2.2",
     "markdown-it": "^14.0.0",
@@ -91,7 +90,7 @@
   "devDependencies": {
     "@eslint/js": "^9.39.1",
     "@types/markdown-it": "^14.1.2",
-    "@types/node": "^24.10.1",
+    "@types/node": "^25.0.2",
     "@types/turndown": "^5.0.4",
     "@typescript-eslint/eslint-plugin": "^8.46.4",
     "@typescript-eslint/parser": "^8.46.4",

package/scripts/confluence-sync.ts

@@ -6,7 +6,7 @@
 import { readFileSync } from 'fs';
 import { resolve } from 'path';
 import axios from 'axios';
-import { config } from 'dotenv';
+import { loadEnv } from './utils/env-loader.js';
 import { loadProjectMeta } from './utils/project-meta.js';
 import { validateFeatureNameOrThrow } from './utils/feature-name-validator.js';
 import { getConfig, getConfigPath } from './utils/config-loader.js';
@@ -15,7 +15,7 @@ import { validateForConfluenceSync } from './utils/config-validator.js';
 import { updateSpecJsonAfterConfluenceSync, loadSpecJson } from './utils/spec-updater.js';
 
 // 環境変数読み込み
-config();
+loadEnv();
 
 /**
  * セキュリティ: CQLクエリ文字列のエスケープ

package/scripts/jira-sync.ts

@@ -20,7 +20,7 @@
 import { readFileSync } from 'fs';
 import { resolve } from 'path';
 import axios from 'axios';
-import { config } from 'dotenv';
+import { loadEnv } from './utils/env-loader.js';
 import { loadProjectMeta } from './utils/project-meta.js';
 import { validateFeatureNameOrThrow } from './utils/feature-name-validator.js';
 import { getConfig, getConfigPath } from './utils/config-loader.js';
@@ -30,7 +30,7 @@ import {
   type SpecJson,
 } from './utils/spec-updater.js';
 
-config();
+loadEnv();
 
 /**
  * JIRA Issue基本型

package/scripts/multi-project-estimate.ts

@@ -3,14 +3,14 @@
  */
 
 import { Octokit } from '@octokit/rest';
-import { config } from 'dotenv';
+import { loadEnv } from './utils/env-loader.js';
 import ExcelJS from 'exceljs';
 import { resolve, join, dirname } from 'path';
 import { writeFileSync, mkdirSync, unlinkSync, readFileSync } from 'fs';
 import { tmpdir } from 'os';
 import { mkdir } from 'fs/promises';
 
-config();
+loadEnv();
 
 // EstimateData型定義（estimate-generator.tsから統合）
 export interface EstimateData {

package/scripts/pr-automation.ts

@@ -3,9 +3,9 @@
  */
 
 import { Octokit } from '@octokit/rest';
-import { config } from 'dotenv';
+import { loadEnv } from './utils/env-loader.js';
 
-config();
+loadEnv();
 
 interface PROptions {
   branch: string;

package/scripts/pre-flight-check.ts

@@ -6,9 +6,9 @@
 import { existsSync, readFileSync } from 'fs';
 import { join } from 'path';
 import axios from 'axios';
-import { config } from 'dotenv';
+import { loadEnv } from './utils/env-loader.js';
 
-config();
+loadEnv();
 
 interface PreFlightResult {
   valid: boolean;

package/scripts/resource-dashboard.ts

@@ -4,11 +4,11 @@
  */
 
 import { Octokit } from '@octokit/rest';
-import { config } from 'dotenv';
+import { loadEnv } from './utils/env-loader.js';
 import { ConfluenceClient, getConfluenceConfig } from './confluence-sync.js';
 import { getConfig } from './utils/config-loader.js';
 
-config();
+loadEnv();
 
 interface ProjectResource {
   projectName: string;

package/scripts/spec-impl-workflow.ts

@@ -7,7 +7,7 @@
  * - 終了時: PR作成、Epic + 最初の Story を「レビュー待ち」に移動、PRリンクをコメント
  */
 
-import { config } from 'dotenv';
+import { loadEnv } from './utils/env-loader.js';
 import { JIRAClient } from './jira-sync.js';
 import { getConfig } from './utils/config-loader.js';
 import {
@@ -16,7 +16,7 @@ import {
   JiraInfo,
 } from './utils/spec-loader.js';
 
-config();
+loadEnv();
 
 /**
  * spec-impl 統合ワークフローのオプション