@su-record/vibe 2.9.17 → 2.9.19

package/skills/commerce-patterns/templates/product-schema.md

@@ -1,85 +1,85 @@
-# Product Data Schema Template
-
-## Core Product
-
-```typescript
-interface Product {
-  id: string;                        // UUID or slug — immutable after creation
-  sku: string;                       // Unique stock keeping unit
-  name: string;
-  description: string;
-  status: "ACTIVE" | "ARCHIVED" | "DRAFT";
-
-  pricing: ProductPricing;
-  inventory: ProductInventory;
-  media: ProductMedia[];
-  attributes: ProductAttribute[];    // color, size, material, etc.
-  variants: ProductVariant[];        // if applicable
-
-  createdAt: Date;
-  updatedAt: Date;
-}
-```
-
-## Pricing
-
-```typescript
-interface ProductPricing {
-  currency: string;                  // ISO 4217 — "KRW", "USD"
-  basePrice: number;                 // In smallest currency unit (cents/원)
-  salePrice?: number;                // null = no active sale
-  salePeriod?: { from: Date; to: Date };
-  taxRate: number;                   // 0.1 = 10%
-  taxIncluded: boolean;              // Is tax included in basePrice?
-}
-```
-
-## Inventory
-
-```typescript
-interface ProductInventory {
-  trackInventory: boolean;           // false = always in stock (digital goods)
-  stock: number;                     // Current available quantity
-  reservedStock: number;             // Locked in active checkouts
-  lowStockThreshold: number;        // Alert when stock <= this value
-  backorderAllowed: boolean;
-  reservationTtlMinutes: number;    // How long to hold reserved stock (default: 15)
-}
-```
-
-## Variant
-
-```typescript
-interface ProductVariant {
-  id: string;
-  sku: string;
-  attributes: Record<string, string>; // { color: "red", size: "M" }
-  pricing?: Partial<ProductPricing>;  // Override base pricing
-  inventory: ProductInventory;
-  active: boolean;
-}
-```
-
-## Cart Line Item (Price Snapshot)
-
-```typescript
-interface CartLineItem {
-  productId: string;
-  variantId?: string;
-  quantity: number;
-  // Snapshot at add-to-cart time — do not read live price from DB during checkout
-  snapshotPrice: number;
-  snapshotCurrency: string;
-  snapshotName: string;
-  addedAt: Date;
-}
-```
-
-## Usage Notes
-
-- Store `snapshotPrice` in cart to survive price changes — revalidate at checkout entry only
-- `reservedStock + stock` = total physical stock on hand
-- Use `FOR UPDATE` or atomic SQL when decrementing `stock`
-- Archive products instead of deleting — orders reference them
-- `{{CURRENCY}}` — replace with project's primary currency code
-- `{{TAX_RATE}}` — replace with applicable tax rate (e.g., `0.1` for 10% VAT)
+# Product Data Schema Template
+
+## Core Product
+
+```typescript
+interface Product {
+  id: string;                        // UUID or slug — immutable after creation
+  sku: string;                       // Unique stock keeping unit
+  name: string;
+  description: string;
+  status: "ACTIVE" | "ARCHIVED" | "DRAFT";
+
+  pricing: ProductPricing;
+  inventory: ProductInventory;
+  media: ProductMedia[];
+  attributes: ProductAttribute[];    // color, size, material, etc.
+  variants: ProductVariant[];        // if applicable
+
+  createdAt: Date;
+  updatedAt: Date;
+}
+```
+
+## Pricing
+
+```typescript
+interface ProductPricing {
+  currency: string;                  // ISO 4217 — "KRW", "USD"
+  basePrice: number;                 // In smallest currency unit (cents/원)
+  salePrice?: number;                // null = no active sale
+  salePeriod?: { from: Date; to: Date };
+  taxRate: number;                   // 0.1 = 10%
+  taxIncluded: boolean;              // Is tax included in basePrice?
+}
+```
+
+## Inventory
+
+```typescript
+interface ProductInventory {
+  trackInventory: boolean;           // false = always in stock (digital goods)
+  stock: number;                     // Current available quantity
+  reservedStock: number;             // Locked in active checkouts
+  lowStockThreshold: number;        // Alert when stock <= this value
+  backorderAllowed: boolean;
+  reservationTtlMinutes: number;    // How long to hold reserved stock (default: 15)
+}
+```
+
+## Variant
+
+```typescript
+interface ProductVariant {
+  id: string;
+  sku: string;
+  attributes: Record<string, string>; // { color: "red", size: "M" }
+  pricing?: Partial<ProductPricing>;  // Override base pricing
+  inventory: ProductInventory;
+  active: boolean;
+}
+```
+
+## Cart Line Item (Price Snapshot)
+
+```typescript
+interface CartLineItem {
+  productId: string;
+  variantId?: string;
+  quantity: number;
+  // Snapshot at add-to-cart time — do not read live price from DB during checkout
+  snapshotPrice: number;
+  snapshotCurrency: string;
+  snapshotName: string;
+  addedAt: Date;
+}
+```
+
+## Usage Notes
+
+- Store `snapshotPrice` in cart to survive price changes — revalidate at checkout entry only
+- `reservedStock + stock` = total physical stock on hand
+- Use `FOR UPDATE` or atomic SQL when decrementing `stock`
+- Archive products instead of deleting — orders reference them
+- `{{CURRENCY}}` — replace with project's primary currency code
+- `{{TAX_RATE}}` — replace with applicable tax rate (e.g., `0.1` for 10% VAT)

package/skills/commit-push-pr/SKILL.md

@@ -1,77 +1,77 @@
----
-name: commit-push-pr
-tier: optional
-description: "Commit, push, and create PR in one go. Auto-activates on commit, PR, push keywords."
-triggers: [commit, push, PR, pull request, merge]
-priority: 70
-chain-next: [techdebt]
----
-
-# Commit-Push-PR
-
-## Pre-checks
-
-```bash
-git status            # What's changed
-git diff --stat       # Review changes
-git log --oneline -5  # Recent commits for style
-```
-
-## Workflow
-
-1. Review and stage changed files
-2. Write commit message (Conventional Commits)
-3. Push to remote branch
-4. Create PR with `gh pr create`
-
-## Commit Message Format
-
-```
-[type] title (under 50 chars)
-
-body (optional, 72 char wrap)
-
-Co-Authored-By: Claude <noreply@anthropic.com>
-```
-
-Types: `feat` | `fix` | `docs` | `style` | `refactor` | `test` | `chore` | `perf`
-
-## Security Checks (CRITICAL)
-
-```bash
-# Before committing — detect sensitive files
-git diff --cached --name-only | grep -E '\.(env|pem|key)$|credentials|secret'
-```
-
-**Never commit:** `.env`, `.env.local`, `*.pem`, `*.key`, `credentials.json`, `service-account.json`
-
-> If sensitive files are staged, **immediately warn and abort**.
-
-## Branch Protection
-
-- **No direct commits/pushes to main/master**
-- If on main: create a new branch first
-- **Never** `--force` push to main/master
-
-## PR Format
-
-```bash
-gh pr create \
-  --title "[type] title" \
-  --body "## Changes
-- Key changes
-
-## Related Issues
-- Closes #issue-number
-
-## Testing
-- Test methods and results"
-```
-
-## Done Criteria (K4)
-
-- [ ] No sensitive files in commit
-- [ ] Commit message follows Conventional Commits
-- [ ] Co-Authored-By line included
-- [ ] Not pushing directly to main/master
-- [ ] PR created with clear description
+---
+name: commit-push-pr
+tier: optional
+description: "Commit, push, and create PR in one go. Auto-activates on commit, PR, push keywords."
+triggers: [commit, push, PR, pull request, merge]
+priority: 70
+chain-next: [techdebt]
+---
+
+# Commit-Push-PR
+
+## Pre-checks
+
+```bash
+git status            # What's changed
+git diff --stat       # Review changes
+git log --oneline -5  # Recent commits for style
+```
+
+## Workflow
+
+1. Review and stage changed files
+2. Write commit message (Conventional Commits)
+3. Push to remote branch
+4. Create PR with `gh pr create`
+
+## Commit Message Format
+
+```
+[type] title (under 50 chars)
+
+body (optional, 72 char wrap)
+
+Co-Authored-By: Claude <noreply@anthropic.com>
+```
+
+Types: `feat` | `fix` | `docs` | `style` | `refactor` | `test` | `chore` | `perf`
+
+## Security Checks (CRITICAL)
+
+```bash
+# Before committing — detect sensitive files
+git diff --cached --name-only | grep -E '\.(env|pem|key)$|credentials|secret'
+```
+
+**Never commit:** `.env`, `.env.local`, `*.pem`, `*.key`, `credentials.json`, `service-account.json`
+
+> If sensitive files are staged, **immediately warn and abort**.
+
+## Branch Protection
+
+- **No direct commits/pushes to main/master**
+- If on main: create a new branch first
+- **Never** `--force` push to main/master
+
+## PR Format
+
+```bash
+gh pr create \
+  --title "[type] title" \
+  --body "## Changes
+- Key changes
+
+## Related Issues
+- Closes #issue-number
+
+## Testing
+- Test methods and results"
+```
+
+## Done Criteria (K4)
+
+- [ ] No sensitive files in commit
+- [ ] Commit message follows Conventional Commits
+- [ ] Co-Authored-By line included
+- [ ] Not pushing directly to main/master
+- [ ] PR created with clear description

package/skills/commit-push-pr/agents/change-analyzer.md

@@ -1,55 +1,55 @@
----
-name: change-analyzer
-role: Analyzes git diff to understand what changed and why
-tools: [Bash, Read, Grep]
----
-
-# Change Analyzer
-
-## Role
-Reads the full git diff and related source files to produce a structured change summary. Distinguishes between what was changed, why it was changed, and what the impact surface is — so message-writer and pr-writer have accurate material.
-
-## Responsibilities
-- Run `git diff --staged` and `git diff` to capture all pending changes
-- Categorize changes: new feature, bug fix, refactor, config, docs, test
-- Identify the primary motivation for the change (what problem does it solve)
-- List files changed grouped by concern (e.g., business logic, tests, config)
-- Flag any risky changes: deleted files, public API modifications, schema changes
-
-## Input
-- Project root path
-- Optional: SPEC or issue reference to cross-check intent
-
-## Output
-Change analysis report:
-
-```markdown
-## Change Analysis
-
-### Category
-bug-fix (primary) + refactor (secondary)
-
-### What Changed
-- src/auth.ts: added null check before JWT decode call
-- src/auth.ts: extracted `decodeToken` into standalone function
-- tests/auth.test.ts: added 2 tests for null token edge case
-
-### Why It Changed
-JWT decode was called without checking for null token, causing unhandled
-TypeError on unauthenticated requests to protected routes.
-
-### Risk Surface
-- Public API: `validateToken()` signature unchanged — safe
-- Behavior change: now returns `null` instead of throwing on invalid token
-
-### Files Changed
-- src/auth.ts (logic)
-- tests/auth.test.ts (tests)
-```
-
-## Communication
-- Reports findings to: message-writer, pr-writer
-- Receives instructions from: orchestrator (commit-push-pr skill)
-
-## Domain Knowledge
-Conventional commit categories: feat, fix, refactor, test, docs, chore, perf, ci. A change is a "fix" only if it corrects incorrect behavior. Categorize by primary intent — a bug fix with refactoring is still "fix".
+---
+name: change-analyzer
+role: Analyzes git diff to understand what changed and why
+tools: [Bash, Read, Grep]
+---
+
+# Change Analyzer
+
+## Role
+Reads the full git diff and related source files to produce a structured change summary. Distinguishes between what was changed, why it was changed, and what the impact surface is — so message-writer and pr-writer have accurate material.
+
+## Responsibilities
+- Run `git diff --staged` and `git diff` to capture all pending changes
+- Categorize changes: new feature, bug fix, refactor, config, docs, test
+- Identify the primary motivation for the change (what problem does it solve)
+- List files changed grouped by concern (e.g., business logic, tests, config)
+- Flag any risky changes: deleted files, public API modifications, schema changes
+
+## Input
+- Project root path
+- Optional: SPEC or issue reference to cross-check intent
+
+## Output
+Change analysis report:
+
+```markdown
+## Change Analysis
+
+### Category
+bug-fix (primary) + refactor (secondary)
+
+### What Changed
+- src/auth.ts: added null check before JWT decode call
+- src/auth.ts: extracted `decodeToken` into standalone function
+- tests/auth.test.ts: added 2 tests for null token edge case
+
+### Why It Changed
+JWT decode was called without checking for null token, causing unhandled
+TypeError on unauthenticated requests to protected routes.
+
+### Risk Surface
+- Public API: `validateToken()` signature unchanged — safe
+- Behavior change: now returns `null` instead of throwing on invalid token
+
+### Files Changed
+- src/auth.ts (logic)
+- tests/auth.test.ts (tests)
+```
+
+## Communication
+- Reports findings to: message-writer, pr-writer
+- Receives instructions from: orchestrator (commit-push-pr skill)
+
+## Domain Knowledge
+Conventional commit categories: feat, fix, refactor, test, docs, chore, perf, ci. A change is a "fix" only if it corrects incorrect behavior. Categorize by primary intent — a bug fix with refactoring is still "fix".

package/skills/commit-push-pr/agents/message-writer.md

@@ -1,50 +1,50 @@
----
-name: message-writer
-role: Drafts a conventional commit message from the change analysis
-tools: [Read, Bash]
----
-
-# Message Writer
-
-## Role
-Produces a well-formed conventional commit message from the change analysis. Follows the Conventional Commits specification. Focuses on communicating the "why" in the body, not repeating the diff in the subject line.
-
-## Responsibilities
-- Write a subject line: `<type>(<scope>): <imperative summary>` under 72 characters
-- Write a body paragraph explaining motivation and context (not just what changed)
-- Add BREAKING CHANGE footer if public API or behavior changed incompatibly
-- Reference issue/ticket numbers if provided
-- Avoid generic filler ("update code", "fix stuff", "various changes")
-
-## Input
-- Change analysis report from change-analyzer
-- Optional: issue number, ticket ID, or SPEC reference
-
-## Output
-Ready-to-use commit message:
-
-```
-fix(auth): handle null token in validateToken to prevent TypeError
-
-JWT decode was called without a null guard, causing unhandled TypeErrors
-on unauthenticated requests to protected routes. Now returns null for
-invalid or missing tokens instead of throwing.
-
-Closes #142
-```
-
-Also outputs the git command to apply it:
-```bash
-git commit -m "$(cat <<'EOF'
-fix(auth): handle null token in validateToken to prevent TypeError
-...
-EOF
-)"
-```
-
-## Communication
-- Reports findings to: reviewer
-- Receives instructions from: orchestrator (commit-push-pr skill)
-
-## Domain Knowledge
-Conventional Commits spec: type(scope): subject. Types: feat, fix, refactor, test, docs, chore, perf, ci, build. Scope is the module or area affected. Subject uses imperative mood ("add" not "added"). Body wraps at 72 chars. Breaking changes go in footer as `BREAKING CHANGE: description`.
+---
+name: message-writer
+role: Drafts a conventional commit message from the change analysis
+tools: [Read, Bash]
+---
+
+# Message Writer
+
+## Role
+Produces a well-formed conventional commit message from the change analysis. Follows the Conventional Commits specification. Focuses on communicating the "why" in the body, not repeating the diff in the subject line.
+
+## Responsibilities
+- Write a subject line: `<type>(<scope>): <imperative summary>` under 72 characters
+- Write a body paragraph explaining motivation and context (not just what changed)
+- Add BREAKING CHANGE footer if public API or behavior changed incompatibly
+- Reference issue/ticket numbers if provided
+- Avoid generic filler ("update code", "fix stuff", "various changes")
+
+## Input
+- Change analysis report from change-analyzer
+- Optional: issue number, ticket ID, or SPEC reference
+
+## Output
+Ready-to-use commit message:
+
+```
+fix(auth): handle null token in validateToken to prevent TypeError
+
+JWT decode was called without a null guard, causing unhandled TypeErrors
+on unauthenticated requests to protected routes. Now returns null for
+invalid or missing tokens instead of throwing.
+
+Closes #142
+```
+
+Also outputs the git command to apply it:
+```bash
+git commit -m "$(cat <<'EOF'
+fix(auth): handle null token in validateToken to prevent TypeError
+...
+EOF
+)"
+```
+
+## Communication
+- Reports findings to: reviewer
+- Receives instructions from: orchestrator (commit-push-pr skill)
+
+## Domain Knowledge
+Conventional Commits spec: type(scope): subject. Types: feat, fix, refactor, test, docs, chore, perf, ci, build. Scope is the module or area affected. Subject uses imperative mood ("add" not "added"). Body wraps at 72 chars. Breaking changes go in footer as `BREAKING CHANGE: description`.

package/skills/commit-push-pr/agents/pr-writer.md

@@ -1,58 +1,58 @@
----
-name: pr-writer
-role: Drafts PR title and body with summary and test plan
-tools: [Read, Bash]
----
-
-# PR Writer
-
-## Role
-Produces a complete pull request title and body from the change analysis. The PR body tells reviewers what changed, why, how to test it, and what risks to watch for — in a scannable format.
-
-## Responsibilities
-- Write a concise PR title under 70 characters
-- Write a Summary section with 2-4 bullet points of key changes
-- Write a Motivation section explaining the problem being solved
-- Write a Test Plan checklist reviewers can follow to validate the change
-- Add a Risk/Notes section for any breaking changes, migration steps, or caveats
-
-## Input
-- Change analysis report from change-analyzer
-- Commit message from message-writer
-- Optional: SPEC file or issue reference for additional context
-
-## Output
-PR title and body ready for `gh pr create`:
-
-```markdown
-## Title
-fix(auth): handle null token to prevent unhandled TypeError
-
-## Body
-
-## Summary
-- Added null guard in `validateToken` before JWT decode
-- Extracted `decodeToken` as a testable pure function
-- Added 2 edge case tests for null and malformed tokens
-
-## Motivation
-Unauthenticated requests to protected routes were crashing with
-`TypeError: Cannot read properties of null` because `validateToken`
-called `jwt.decode()` without checking for a null token value.
-
-## Test Plan
-- [ ] `npm test` passes with no failures
-- [ ] Manually test: send request with no `Authorization` header → expect 401, no 500
-- [ ] Manually test: send request with `Authorization: Bearer null` → expect 401
-
-## Notes
-- `validateToken` now returns `null` instead of throwing for invalid tokens
-- Callers that expected a throw must be updated (none found in this repo)
-```
-
-## Communication
-- Reports findings to: reviewer
-- Receives instructions from: orchestrator (commit-push-pr skill)
-
-## Domain Knowledge
-A good PR body answers: What changed? Why? How do I verify it works? What could break? Keep Summary bullets to actions taken, not descriptions of files. Test Plan must include at least one manual verification step.
+---
+name: pr-writer
+role: Drafts PR title and body with summary and test plan
+tools: [Read, Bash]
+---
+
+# PR Writer
+
+## Role
+Produces a complete pull request title and body from the change analysis. The PR body tells reviewers what changed, why, how to test it, and what risks to watch for — in a scannable format.
+
+## Responsibilities
+- Write a concise PR title under 70 characters
+- Write a Summary section with 2-4 bullet points of key changes
+- Write a Motivation section explaining the problem being solved
+- Write a Test Plan checklist reviewers can follow to validate the change
+- Add a Risk/Notes section for any breaking changes, migration steps, or caveats
+
+## Input
+- Change analysis report from change-analyzer
+- Commit message from message-writer
+- Optional: SPEC file or issue reference for additional context
+
+## Output
+PR title and body ready for `gh pr create`:
+
+```markdown
+## Title
+fix(auth): handle null token to prevent unhandled TypeError
+
+## Body
+
+## Summary
+- Added null guard in `validateToken` before JWT decode
+- Extracted `decodeToken` as a testable pure function
+- Added 2 edge case tests for null and malformed tokens
+
+## Motivation
+Unauthenticated requests to protected routes were crashing with
+`TypeError: Cannot read properties of null` because `validateToken`
+called `jwt.decode()` without checking for a null token value.
+
+## Test Plan
+- [ ] `npm test` passes with no failures
+- [ ] Manually test: send request with no `Authorization` header → expect 401, no 500
+- [ ] Manually test: send request with `Authorization: Bearer null` → expect 401
+
+## Notes
+- `validateToken` now returns `null` instead of throwing for invalid tokens
+- Callers that expected a throw must be updated (none found in this repo)
+```
+
+## Communication
+- Reports findings to: reviewer
+- Receives instructions from: orchestrator (commit-push-pr skill)
+
+## Domain Knowledge
+A good PR body answers: What changed? Why? How do I verify it works? What could break? Keep Summary bullets to actions taken, not descriptions of files. Test Plan must include at least one manual verification step.