@sniper.ai/core 1.0.0 → 2.0.0

package/framework/templates/prd.md

@@ -1,18 +1,26 @@
 # Product Requirements Document: {project_name}
 
+> **Version:** 1
 > **Status:** Draft
+> **Last Updated:** {date}
 > **Author:** Planning Team — Product Manager
-> **Date:** {date}
 > **Source:** `docs/brief.md`, `docs/personas.md`, `docs/risks.md`
+> **Change Log:**
+> - v1 ({date}): Initial version
 
 ## 1. Problem Statement
+<!-- sniper:managed:problem-statement:start -->
 <!-- Specific problem, who has it, evidence it's real, current alternatives -->
+<!-- sniper:managed:problem-statement:end -->
 
 ## 2. Solution Overview
+<!-- sniper:managed:solution-overview:start -->
 <!-- High-level description of the product solution -->
+<!-- sniper:managed:solution-overview:end -->
 
 ## 3. User Stories
 
+<!-- sniper:managed:user-stories:start -->
 ### P0 — Critical (Must Ship)
 | ID | As a... | I want to... | So that... | Acceptance Criteria |
 |----|---------|-------------|-----------|-------------------|
@@ -27,15 +35,19 @@
 | ID | As a... | I want to... | So that... | Acceptance Criteria |
 |----|---------|-------------|-----------|-------------------|
 | US-020 | | | | |
+<!-- sniper:managed:user-stories:end -->
 
 ## 4. Functional Requirements
+<!-- sniper:managed:functional-requirements:start -->
 <!-- Detailed functional requirements organized by feature area -->
 
 ### 4.1 {Feature Area 1}
 - FR-001:
 - FR-002:
+<!-- sniper:managed:functional-requirements:end -->
 
 ## 5. Non-Functional Requirements
+<!-- sniper:managed:non-functional-requirements:start -->
 | Category | Requirement | Target |
 |----------|------------|--------|
 | Performance | | |
@@ -43,27 +55,38 @@
 | Scalability | | |
 | Availability | | |
 | Accessibility | | |
+<!-- sniper:managed:non-functional-requirements:end -->
 
 ## 6. Success Metrics
+<!-- sniper:managed:success-metrics:start -->
 | Metric | Target | Measurement Method |
 |--------|--------|-------------------|
 | | | |
+<!-- sniper:managed:success-metrics:end -->
 
 ## 7. Scope Boundaries
 
+<!-- sniper:managed:scope:start -->
 ### In Scope (v1)
 -
 
 ### Explicitly Out of Scope
 -
+<!-- sniper:managed:scope:end -->
 
 ## 8. Dependencies & Integrations
+<!-- sniper:managed:dependencies:start -->
 <!-- External services, APIs, third-party tools required -->
+<!-- sniper:managed:dependencies:end -->
 
 ## 9. Constraints
+<!-- sniper:managed:constraints:start -->
 <!-- Technical, business, regulatory, timeline constraints -->
+<!-- sniper:managed:constraints:end -->
 
 ## 10. Risks & Mitigations
+<!-- sniper:managed:risks:start -->
 | Risk | Likelihood | Impact | Mitigation |
 |------|-----------|--------|------------|
 | | | | |
+<!-- sniper:managed:risks:end -->

package/framework/templates/refactor-scope.md

@@ -0,0 +1,52 @@
+# Refactor Scope: {title}
+
+> **Refactor ID:** REF-{NNN}
+> **Status:** Scoping
+> **Date:** {date}
+> **Author:** Impact Analyst
+
+## Refactor Summary
+<!-- sniper:managed:summary:start -->
+<!-- What is being changed and why -->
+<!-- sniper:managed:summary:end -->
+
+## Blast Radius
+<!-- sniper:managed:blast-radius:start -->
+
+### Files Affected
+| Directory | File Count | Impact Level | Notes |
+|-----------|-----------|-------------|-------|
+| | | High / Medium / Low | |
+
+### Total: {N} files, {N} instances of the pattern
+
+<!-- sniper:managed:blast-radius:end -->
+
+## Pattern Inventory
+<!-- sniper:managed:pattern-inventory:start -->
+<!-- Count of each pattern instance that needs migration -->
+
+| Pattern | Count | Files | Example |
+|---------|-------|-------|---------|
+| | | | `path/to/file.ts:42` |
+
+<!-- sniper:managed:pattern-inventory:end -->
+
+## Risk Assessment
+<!-- sniper:managed:risks:start -->
+
+| Risk | Likelihood | Impact | Mitigation |
+|------|-----------|--------|------------|
+| | High/Medium/Low | High/Medium/Low | |
+
+<!-- sniper:managed:risks:end -->
+
+## Compatibility Concerns
+<!-- sniper:managed:compatibility:start -->
+<!-- API consumers, downstream dependencies, database migrations -->
+<!-- sniper:managed:compatibility:end -->
+
+## Estimated Effort
+<!-- sniper:managed:effort:start -->
+<!-- S/M/L/XL with justification based on file count and complexity -->
+<!-- sniper:managed:effort:end -->

package/framework/templates/release-readiness.md

@@ -0,0 +1,66 @@
+# Release Readiness: {version}
+
+> **Date:** {date}
+> **Previous Release:** {previous_version}
+> **Recommendation:** {ready / not-ready}
+> **Version Bump:** {major / minor / patch}
+
+## Version Recommendation
+<!-- sniper:managed:version:start -->
+<!-- Recommended version bump with justification -->
+<!-- sniper:managed:version:end -->
+
+## Changelog
+<!-- sniper:managed:changelog:start -->
+
+### Features
+-
+
+### Bug Fixes
+-
+
+### Breaking Changes
+-
+
+### Internal / Refactoring
+-
+
+### Documentation
+-
+
+<!-- sniper:managed:changelog:end -->
+
+## Breaking Changes
+<!-- sniper:managed:breaking-changes:start -->
+
+| Change | Affected | Migration Required |
+|--------|----------|-------------------|
+| | APIs / Schema / Config / Behavior | Yes / No |
+
+<!-- sniper:managed:breaking-changes:end -->
+
+## Migration Guide
+<!-- sniper:managed:migration-guide:start -->
+<!-- Steps users need to take to upgrade (if breaking changes exist) -->
+<!-- sniper:managed:migration-guide:end -->
+
+## Documentation Status
+<!-- sniper:managed:doc-status:start -->
+
+| Document | Status | Action Needed |
+|----------|--------|---------------|
+| | Up to date / Outdated / Missing | |
+
+<!-- sniper:managed:doc-status:end -->
+
+## Release Checklist
+<!-- sniper:managed:release-checklist:start -->
+
+- [ ] All tests passing
+- [ ] Breaking changes documented
+- [ ] Migration guide written (if applicable)
+- [ ] Changelog reviewed
+- [ ] Documentation updated
+- [ ] Version bumped in package files
+
+<!-- sniper:managed:release-checklist:end -->

package/framework/templates/retro.yaml

@@ -0,0 +1,44 @@
+# Sprint Retrospective Template
+# Produced by: retro-analyst
+# Input: completed sprint stories, review gate results, code changes
+
+sprint: 0
+date: ""
+stories_completed: 0
+stories_carried_over: 0
+
+findings:
+  new_conventions:
+    # - rule: "Description of the convention"
+    #   confidence: high | medium
+    #   evidence: "Which stories demonstrated this pattern"
+    #   recommendation: codify | monitor | ignore
+    #   applies_to: [role-1, role-2]
+    []
+
+  new_anti_patterns:
+    # - description: "Description of the anti-pattern"
+    #   occurrences: 0
+    #   stories: ["STORY-XXX"]
+    #   recommendation: codify | monitor | ignore
+    #   severity: high | medium | low
+    #   applies_to: [role-1, role-2]
+    []
+
+  review_gate_failures:
+    # - check: "Name of the check that failed"
+    #   failures: 0
+    #   pattern: "Common thread across failures"
+    #   already_tracked: false
+    []
+
+  estimation_calibration:
+    overestimates: []
+    underestimates: []
+    patterns:
+      # - "Description of estimation pattern"
+      []
+
+  positive_patterns:
+    # - "Description of a positive pattern worth reinforcing"
+    []

package/framework/templates/security.md

@@ -1,14 +1,20 @@
 # Security Assessment: {project_name}
 
+> **Version:** 1
 > **Status:** Draft
+> **Last Updated:** {date}
 > **Author:** Planning Team — Security Analyst
-> **Date:** {date}
+> **Change Log:**
+> - v1 ({date}): Initial version
 
 ## Security Overview
+<!-- sniper:managed:overview:start -->
 <!-- 2-3 sentence summary of the project's security posture and key concerns -->
+<!-- sniper:managed:overview:end -->
 
 ## Authentication & Authorization
 
+<!-- sniper:managed:auth:start -->
 ### Authentication Model
 <!-- OAuth 2.0 / JWT / Session-based / API Keys / Multi-factor -->
 
@@ -17,9 +23,11 @@
 
 ### Session Management
 <!-- Token lifecycle, refresh strategy, revocation, concurrent sessions -->
+<!-- sniper:managed:auth:end -->
 
 ## Data Security
 
+<!-- sniper:managed:data-security:start -->
 ### Data Classification
 | Data Type | Classification | Storage | Encryption | Retention |
 |-----------|---------------|---------|------------|-----------|
@@ -32,9 +40,11 @@
 
 ### PII Handling
 <!-- What PII is collected, how it's stored, who can access it, deletion policy -->
+<!-- sniper:managed:data-security:end -->
 
 ## API Security
 
+<!-- sniper:managed:api-security:start -->
 ### Input Validation
 <!-- Validation strategy, sanitization, schema enforcement -->
 
@@ -54,9 +64,11 @@
 | Insecure Deserialization | | |
 | Known Vulnerabilities | | |
 | Insufficient Logging | | |
+<!-- sniper:managed:api-security:end -->
 
 ## Infrastructure Security
 
+<!-- sniper:managed:infra-security:start -->
 ### Network Architecture
 <!-- VPC, subnets, security groups, WAF, CDN -->
 
@@ -65,12 +77,16 @@
 
 ### Logging & Monitoring
 <!-- Security event logging, alerting, SIEM integration -->
+<!-- sniper:managed:infra-security:end -->
 
 ## Compliance Requirements
+<!-- sniper:managed:compliance:start -->
 <!-- Applicable frameworks: SOC 2, GDPR, HIPAA, PCI-DSS, etc. -->
+<!-- sniper:managed:compliance:end -->
 
 ## Threat Model
 
+<!-- sniper:managed:threat-model:start -->
 ### Attack Surface
 <!-- Entry points, trust boundaries, data flows -->
 
@@ -78,13 +94,18 @@
 | Threat | Likelihood | Impact | Mitigation |
 |--------|-----------|--------|------------|
 | | | | |
+<!-- sniper:managed:threat-model:end -->
 
 ## Recommendations
+<!-- sniper:managed:recommendations:start -->
 <!-- Prioritized security recommendations for implementation -->
 1.
 2.
 3.
+<!-- sniper:managed:recommendations:end -->
 
 ## Open Questions
+<!-- sniper:managed:open-questions:start -->
 1.
 2.
+<!-- sniper:managed:open-questions:end -->

package/framework/templates/story.md

@@ -1,16 +1,23 @@
 # Story {epic}.{number}: {title}
 
+> **Version:** 1
+> **Last Updated:** {date}
 > **Epic:** {epic title} (`docs/epics/{epic}.md`)
 > **Complexity:** S | M | L | XL
 > **Priority:** P{0|1|2}
 > **File Ownership:** {directories this story touches}
 > **Dependencies:** {story dependencies or "None"}
+> **Change Log:**
+> - v1 ({date}): Initial version
 
 ## Description
+<!-- sniper:managed:description:start -->
 <!-- What this story implements, in user-facing terms -->
+<!-- sniper:managed:description:end -->
 
 ## Embedded Context
 
+<!-- sniper:managed:embedded-context:start -->
 ### From PRD
 <!-- COPY the relevant requirements and user stories from docs/prd.md -->
 
@@ -19,19 +26,28 @@
 
 ### From UX Spec
 <!-- COPY relevant screen descriptions, user flows, component specs (if frontend story) -->
+<!-- sniper:managed:embedded-context:end -->
 
 ## Acceptance Criteria
+<!-- sniper:managed:acceptance-criteria:start -->
 <!-- Testable assertions in Given/When/Then format -->
 1. **Given** ... **When** ... **Then** ...
 2. **Given** ... **When** ... **Then** ...
+<!-- sniper:managed:acceptance-criteria:end -->
 
 ## Test Requirements
+<!-- sniper:managed:test-requirements:start -->
 - [ ] Unit tests:
 - [ ] Integration tests:
 - [ ] E2E tests (if applicable):
+<!-- sniper:managed:test-requirements:end -->
 
 ## Implementation Notes
+<!-- sniper:managed:implementation-notes:start -->
 <!-- Specific patterns, libraries, or approaches to use -->
+<!-- sniper:managed:implementation-notes:end -->
 
 ## Out of Scope
+<!-- sniper:managed:out-of-scope:start -->
 <!-- What this story does NOT include, to prevent scope creep -->
+<!-- sniper:managed:out-of-scope:end -->

package/framework/templates/threat-model.md

@@ -0,0 +1,71 @@
+# Threat Model: {title}
+
+> **Audit ID:** SEC-{NNN}
+> **Status:** Analyzing
+> **Date:** {date}
+> **Author:** Threat Modeler
+
+## Attack Surface Map
+<!-- sniper:managed:attack-surface:start -->
+<!-- All entry points with authentication requirements -->
+
+| Entry Point | Type | Auth Required | Auth Method | Notes |
+|------------|------|--------------|-------------|-------|
+| | API / Webhook / Upload / Admin / WebSocket | Yes/No | JWT/Session/API Key/None | |
+
+<!-- sniper:managed:attack-surface:end -->
+
+## Trust Boundaries
+<!-- sniper:managed:trust-boundaries:start -->
+<!-- Where authenticated/unauthenticated, internal/external, user/admin boundaries exist -->
+
+### Boundary: {name}
+- **Separates:** {trusted side} ↔ {untrusted side}
+- **Enforced by:** {mechanism — middleware, firewall, etc.}
+- **Data crossing:** {what data crosses this boundary}
+
+<!-- sniper:managed:trust-boundaries:end -->
+
+## Data Classification
+<!-- sniper:managed:data-classification:start -->
+
+| Data Type | Classification | Stored In | Encrypted at Rest | Encrypted in Transit | Retention |
+|-----------|---------------|-----------|-------------------|---------------------|-----------|
+| | PII / Credentials / Financial / Internal | | Yes/No | Yes/No | |
+
+<!-- sniper:managed:data-classification:end -->
+
+## Threat Inventory (STRIDE)
+<!-- sniper:managed:threat-inventory:start -->
+
+### {Component/Flow Name}
+
+| Category | Threat | Likelihood | Impact | Risk | Mitigation |
+|----------|--------|-----------|--------|------|------------|
+| Spoofing | | H/M/L | H/M/L | | |
+| Tampering | | H/M/L | H/M/L | | |
+| Repudiation | | H/M/L | H/M/L | | |
+| Info Disclosure | | H/M/L | H/M/L | | |
+| Denial of Service | | H/M/L | H/M/L | | |
+| Elevation of Privilege | | H/M/L | H/M/L | | |
+
+<!-- sniper:managed:threat-inventory:end -->
+
+## Dependency Risk
+<!-- sniper:managed:dependency-risk:start -->
+
+| Package | Version | Known CVEs | Maintained | Risk Level |
+|---------|---------|------------|------------|------------|
+| | | Yes/No | Yes/No | High/Medium/Low |
+
+<!-- sniper:managed:dependency-risk:end -->
+
+## Priority Threats
+<!-- sniper:managed:priority-threats:start -->
+<!-- Top 5 threats ranked by likelihood x impact -->
+
+| Rank | Threat | Component | Likelihood x Impact | Recommended Action |
+|------|--------|-----------|--------------------|--------------------|
+| 1 | | | | |
+
+<!-- sniper:managed:priority-threats:end -->

package/framework/templates/ux-spec.md

@@ -1,20 +1,28 @@
 # UX Specification: {project_name}
 
+> **Version:** 1
 > **Status:** Draft
+> **Last Updated:** {date}
 > **Author:** Planning Team — UX Designer
-> **Date:** {date}
 > **Source:** `docs/prd.md`, `docs/personas.md`
+> **Change Log:**
+> - v1 ({date}): Initial version
 
 ## 1. Information Architecture
+<!-- sniper:managed:information-architecture:start -->
 <!-- Page hierarchy and navigation structure -->
+<!-- sniper:managed:information-architecture:end -->
 
 ## 2. Screen Inventory
+<!-- sniper:managed:screen-inventory:start -->
 | Screen | Purpose | User Stories | Key Components |
 |--------|---------|-------------|----------------|
 | | | | |
+<!-- sniper:managed:screen-inventory:end -->
 
 ## 3. User Flows
 
+<!-- sniper:managed:user-flows:start -->
 ### 3.1 {Flow Name}
 <!-- Step-by-step with decision points, error paths -->
 ```
@@ -23,32 +31,41 @@ Step 1: User does X
   → Error: Show error message, stay on current screen
 Step 2: ...
 ```
+<!-- sniper:managed:user-flows:end -->
 
 ## 4. Component Hierarchy
+<!-- sniper:managed:component-hierarchy:start -->
 <!-- Reusable UI components and their variants -->
 
 ### 4.1 {Component Name}
 - **States:** default, hover, active, disabled, loading, error
 - **Props/Variants:**
 - **Accessibility:**
+<!-- sniper:managed:component-hierarchy:end -->
 
 ## 5. Interaction Patterns
+<!-- sniper:managed:interaction-patterns:start -->
 <!-- Loading states, transitions, empty states, error states -->
 
 ### Loading States
 ### Empty States
 ### Error States
 ### Confirmation Dialogs
+<!-- sniper:managed:interaction-patterns:end -->
 
 ## 6. Responsive Strategy
+<!-- sniper:managed:responsive:start -->
 | Breakpoint | Width | Layout Changes |
 |-----------|-------|---------------|
 | Mobile | < 768px | |
 | Tablet | 768-1024px | |
 | Desktop | > 1024px | |
+<!-- sniper:managed:responsive:end -->
 
 ## 7. Accessibility Requirements
+<!-- sniper:managed:accessibility:start -->
 - **WCAG Level:** AA
 - **Keyboard Navigation:**
 - **Screen Reader Support:**
 - **Color Contrast:**
+<!-- sniper:managed:accessibility:end -->

package/framework/templates/vulnerability-report.md

@@ -0,0 +1,56 @@
+# Vulnerability Report: {title}
+
+> **Audit ID:** SEC-{NNN}
+> **Status:** Analyzing
+> **Date:** {date}
+> **Author:** Vulnerability Scanner
+
+## Findings Summary
+<!-- sniper:managed:findings-summary:start -->
+
+| Severity | Count |
+|----------|-------|
+| Critical | |
+| High | |
+| Medium | |
+| Low | |
+| **Total** | |
+
+<!-- sniper:managed:findings-summary:end -->
+
+## Vulnerability Inventory
+<!-- sniper:managed:vulnerabilities:start -->
+
+### VULN-001: {title}
+- **Severity:** Critical / High / Medium / Low
+- **Category:** {OWASP Top 10 category, e.g., A01:2021 Broken Access Control}
+- **Location:** `path/to/file.ts:42`
+- **Description:** {what the vulnerability is}
+- **Evidence:** {the specific code pattern that creates the vulnerability}
+- **Impact:** {what an attacker could achieve by exploiting this}
+- **Remediation:** {how to fix it}
+```
+// Example fix
+```
+
+<!-- sniper:managed:vulnerabilities:end -->
+
+## Patterns of Concern
+<!-- sniper:managed:patterns:start -->
+<!-- Systemic issues that appear across multiple locations -->
+
+### {Pattern Name}
+- **Occurrences:** {count} locations
+- **Description:** {what the pattern is and why it's concerning}
+- **Locations:** {list of file:line references}
+- **Systemic Fix:** {how to address this across the codebase}
+
+<!-- sniper:managed:patterns:end -->
+
+## Positive Findings
+<!-- sniper:managed:positive:start -->
+<!-- Security practices that are done well and should be maintained -->
+
+- {Positive finding — e.g., "Consistent use of parameterized queries in `src/db/` layer"}
+
+<!-- sniper:managed:positive:end -->

package/framework/templates/workspace-brief.md

@@ -0,0 +1,52 @@
+# Workspace Feature Brief: {feature_title}
+
+> **ID:** WKSP-{XXXX}
+> **Version:** 1
+> **Status:** Draft
+> **Last Updated:** {date}
+> **Author:** Workspace Orchestrator
+
+## Feature Description
+<!-- sniper:managed:description:start -->
+{One-paragraph description of the cross-repo feature}
+<!-- sniper:managed:description:end -->
+
+## Affected Repositories
+<!-- sniper:managed:affected-repos:start -->
+| Repository | Role | Why Affected | Work Scope |
+|-----------|------|-------------|------------|
+| | | | |
+<!-- sniper:managed:affected-repos:end -->
+
+## New Interfaces
+<!-- sniper:managed:new-interfaces:start -->
+| Interface | Type | Between | Description |
+|-----------|------|---------|-------------|
+| | REST API / Shared Type / Event | repo-a ↔ repo-b | |
+<!-- sniper:managed:new-interfaces:end -->
+
+## Modified Interfaces
+<!-- sniper:managed:modified-interfaces:start -->
+| Contract | Current Version | Change Description | Breaking? |
+|----------|----------------|-------------------|-----------|
+| | | | |
+<!-- sniper:managed:modified-interfaces:end -->
+
+## Dependency Ordering
+<!-- sniper:managed:dependency-ordering:start -->
+Based on the workspace dependency graph:
+
+### Wave 1
+- **{repo}** — {what it produces that others need}
+
+### Wave 2
+- **{repo}** — {depends on Wave 1 outputs}
+
+### Wave 3
+- **{repo}** — {depends on Wave 2 outputs}
+<!-- sniper:managed:dependency-ordering:end -->
+
+## Risks & Considerations
+<!-- sniper:managed:risks:start -->
+- {risk or consideration}
+<!-- sniper:managed:risks:end -->

package/framework/templates/workspace-plan.md

@@ -0,0 +1,50 @@
+# Cross-Repo Implementation Plan: {feature_title}
+
+> **Feature:** WKSP-{XXXX}
+> **Version:** 1
+> **Status:** Draft
+> **Last Updated:** {date}
+> **Author:** Workspace Orchestrator
+> **Contracts:** {list of contract files}
+
+## Per-Repo Work Breakdown
+<!-- sniper:managed:repo-breakdown:start -->
+
+### {repo-name} (Wave {N})
+**Repo Feature ID:** SNPR-{XXXX}
+**Stories:**
+| Story | Description | Contract Refs |
+|-------|-------------|---------------|
+| | | |
+
+**Dependencies from other repos:** {what this repo needs from previous waves}
+**Produces for other repos:** {what this repo provides to subsequent waves}
+
+<!-- sniper:managed:repo-breakdown:end -->
+
+## Sprint Wave Ordering
+<!-- sniper:managed:wave-ordering:start -->
+| Wave | Repositories | Parallel? | Depends On |
+|------|-------------|-----------|------------|
+| 1 | | Yes | — |
+| 2 | | | Wave 1 |
+| 3 | | | Wave 2 |
+<!-- sniper:managed:wave-ordering:end -->
+
+## Integration Validation Criteria
+<!-- sniper:managed:validation-criteria:start -->
+### Between Wave 1 and Wave 2
+- [ ] {contract item to validate}
+
+### Between Wave 2 and Wave 3
+- [ ] {contract item to validate}
+
+### Final Integration
+- [ ] {end-to-end check}
+<!-- sniper:managed:validation-criteria:end -->
+
+## Rollback Plan
+<!-- sniper:managed:rollback:start -->
+If integration validation fails at any wave boundary:
+1. {step}
+<!-- sniper:managed:rollback:end -->