@torus-engineering/tas-kit 1.11.1 → 1.12.0

package/{.claude → .tas/_platform/claude-code}/settings.json

@@ -19,18 +19,6 @@
     ]
   },
   "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Write|Edit|MultiEdit",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node -e \"const d=JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')); const p=(d.tool_input||{}).file_path||''; const s=['.env','.prod.','.production.','appsettings.Production','secrets/','terraform/','.pem','.key','credentials'].find(x=>p.toLowerCase().includes(x.toLowerCase())); if(s) console.log('[TAS] WARNING: Sensitive file ('+s+'): '+p+' → Confirm this edit is intentional.');\"",
-            "description": "Warn before editing sensitive files"
-          }
-        ]
-      }
-    ],
     "PostToolUse": [
       {
         "matcher": "Write|Edit|MultiEdit",

package/{.claude → .tas/_platform}/hooks/code-quality.js

@@ -22,7 +22,7 @@ const { execSync } = require('child_process');
 // --- Read hook input ---
 let input;
 try {
-  const raw = fs.readFileSync('/dev/stdin', 'utf8');
+  const raw = fs.readFileSync(0, 'utf8');
   input = JSON.parse(raw);
 } catch {
   process.exit(0);

package/{.claude → .tas/_platform}/hooks/session-end.js

@@ -45,7 +45,7 @@ if (fs.existsSync(path.join(cwd, 'package.json'))) {
   } catch { /* ignore */ }
 
   if (hasTestScript) {
-    const result = run('npm test -- --passWithNoTests 2>&1', cwd);
+    const result = run('npm test', cwd);
     checks.push(result.ok
       ? '✓ Tests passed (npm test)'
       : '✗ Tests FAILED (npm test) — fix before committing'
@@ -56,11 +56,25 @@ if (fs.existsSync(path.join(cwd, 'package.json'))) {
 
 // .NET
 if (!testRan) {
-  const csprojFiles = (() => {
-    try {
-      return fs.readdirSync(cwd).filter(f => f.endsWith('.csproj') || f.endsWith('.sln'));
-    } catch { return []; }
-  })();
+  function findDotnetFiles(startDir, maxDepth = 3) {
+    const results = [];
+    function walk(dir, depth) {
+      if (depth > maxDepth) return;
+      try {
+        for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+          if (entry.isDirectory() && !entry.name.startsWith('.') && entry.name !== 'node_modules') {
+            walk(path.join(dir, entry.name), depth + 1);
+          } else if (entry.name.endsWith('.csproj') || entry.name.endsWith('.sln')) {
+            results.push(entry.name);
+          }
+        }
+      } catch { /* ignore */ }
+    }
+    walk(startDir, 0);
+    return results;
+  }
+
+  const csprojFiles = findDotnetFiles(cwd);
 
   if (csprojFiles.length > 0) {
     const result = run('dotnet test --no-build --logger "console;verbosity=minimal" 2>&1', cwd);
@@ -89,25 +103,6 @@ if (!testRan) {
   }
 }
 
-// ─── 2. Check project-status.yaml updated today ──────────────────────────────
-const statusFile = path.join(cwd, 'project-status.yaml');
-if (fs.existsSync(statusFile)) {
-  const today = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
-  try {
-    const content = fs.readFileSync(statusFile, 'utf8');
-    if (content.includes(today)) {
-      checks.push('✓ project-status.yaml updated today');
-    } else {
-      checks.push('⚠ project-status.yaml not updated today — run /tas-status to sync');
-    }
-  } catch {
-    checks.push('⚠ Could not read project-status.yaml');
-  }
-}
-
-// ─── 3. Remind about story status ────────────────────────────────────────────
-checks.push('→ Next: /tas-review-code before moving story to Deploy Test');
-
 // ─── Output ──────────────────────────────────────────────────────────────────
 if (checks.length > 0) {
   console.log('\n[TAS] Session end checks:');

package/{.claude → .tas}/commands/ado-create.md

@@ -15,13 +15,14 @@ Create new work item on Azure DevOps from local .md file.
 /ado-create bug 003 --parent-id 123
 
 ## Actions
-1. Read `tas.yaml`, check `ado.enabled`. If `false` or missing: report "ADO integration is disabled (`ado.enabled: false` in tas.yaml)." then stop.
-2. Run: python .tas/tools/tas-ado.py create-<type> <temp-id> [--parent-id <id>]
-3. Script will:
+1. Read `.tas/rules/ado-integration.md` for ADO operating rules (Always/Ask/Never, Red Flags).
+2. Read `tas.yaml`, check `ado.enabled`. If `false` or missing: report "ADO integration is disabled (`ado.enabled: false` in tas.yaml)." then stop.
+3. Run: python .tas/tools/tas-ado.py create-<type> <temp-id> [--parent-id <id>]
+4. Script will:
    - Find file by pattern {type}-{temp-id}-*.md
    - Extract title and description
    - Create work item on ADO
    - Rename file to {type}-{ado_id}-*.md
    - Add parent relation if --parent-id provided
    - Update frontmatter: ado_id, last_ado_sync
-4. Update root/project-status.yaml
+5. Update root/project-status.yaml

package/{.claude → .tas}/commands/ado-delete.md

@@ -12,10 +12,11 @@ Delete work item on Azure DevOps. Does NOT delete local file.
 /ado-delete bug 5678
 
 ## Actions
-1. Read `tas.yaml`, check `ado.enabled`. If `false` or missing: report "ADO integration is disabled (`ado.enabled: false` in tas.yaml)." then stop.
-2. MUST ask user confirmation before deleting: "Are you sure you want to delete <type> #<ado-id> on ADO?"
-3. After user confirms, run: python .tas/tools/tas-ado.py delete-<type> <ado-id>
-4. Script will:
+1. Read `.tas/rules/ado-integration.md` for ADO operating rules (Always/Ask/Never, Red Flags).
+2. Read `tas.yaml`, check `ado.enabled`. If `false` or missing: report "ADO integration is disabled (`ado.enabled: false` in tas.yaml)." then stop.
+3. MUST ask user confirmation before deleting: "Are you sure you want to delete <type> #<ado-id> on ADO?"
+4. After user confirms, run: python .tas/tools/tas-ado.py delete-<type> <ado-id>
+5. Script will:
    - Delete work item on ADO
    - NOT delete local file (keep for reference)
    - Update frontmatter: ado_state = Removed, last_ado_sync

package/{.claude → .tas}/commands/ado-update.md

@@ -16,11 +16,12 @@ Update work item on Azure DevOps from local .md file.
 /ado-update feature 456
 
 ## Actions
-1. Read `tas.yaml`, check `ado.enabled`. If `false` or missing: report "ADO integration is disabled (`ado.enabled: false` in tas.yaml)." then stop.
-2. Run: python .tas/tools/tas-ado.py update-<type> <ado-id> [--assign ...] [--status ...]
-3. Script will:
+1. Read `.tas/rules/ado-integration.md` for ADO operating rules (Always/Ask/Never, Red Flags).
+2. Read `tas.yaml`, check `ado.enabled`. If `false` or missing: report "ADO integration is disabled (`ado.enabled: false` in tas.yaml)." then stop.
+3. Run: python .tas/tools/tas-ado.py update-<type> <ado-id> [--assign ...] [--status ...]
+4. Script will:
    - Find local file by pattern *-<ado-id>-*.md
    - Read title and description from file
    - Update work item on ADO
    - Update frontmatter: ado_state, ado_assigned_to, last_ado_sync
-4. If no --assign and --status provided, push entire file content to ADO
+5. If no --assign and --status provided, push entire file content to ADO

package/{.claude → .tas}/commands/tas-adr.md

@@ -12,14 +12,14 @@ Create or update Architecture Decision Record.
 4. Determine next sequence number (ADR-001, ADR-002...)
 5. If docs/sad.md exists, need context from SAD to ensure ADR consistency
 6. Create file docs/adr/ADR-{NNN}-{slug}.md
-7. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — add entry to `adrs`.
+7. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — add entry to `adrs`.
 
 ### UPDATE mode ($ARGUMENTS is ADR ID, e.g., "ADR-001"):
 4. Need context from current ADR file
 5. Ask user what needs changing (update status, add consequences, supersede...)
 6. Update file, add changelog
 7. If supersede: update old ADR status to "Superseded by ADR-{NNN}"
-8. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — update `adrs.{ADR_ID}.status`.
+8. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — update `adrs.{ADR_ID}.status`.
 
 ## Principles
 - ADR must have: Context, Decision, Rationale, Consequences, Alternatives Considered
@@ -30,4 +30,4 @@ Create or update Architecture Decision Record.
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to working ADR file.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to working ADR file.

package/{.claude → .tas}/commands/tas-apitest-plan.md

@@ -11,7 +11,7 @@ Generate API Test Specification (Markdown) from API Spec (OpenAPI 3.0, Markdown,
 | **Always** | Organize test cases by API version — each version separate section |
 | **Always** | Append-only: don't modify sections in existing old version |
 | **Always** | Coverage matrix: each endpoint needs ≥1 happy path + ≥1 error path |
-| **Always** | Read `.claude/rules/csharp/api-testing.md` for conventions |
+| **Always** | Read `.tas/rules/csharp/api-testing.md` for conventions |
 | **Ask** | When spec unclear about expected response schema or business rule |
 | **Never** | Use version folder/syntax in test spec file (use section headers instead) |
 | **Never** | Skip error path — each endpoint needs cover validation errors |
@@ -170,4 +170,4 @@ Display:
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to test spec file.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to test spec file.

package/{.claude → .tas}/commands/tas-apitest.md

@@ -30,7 +30,7 @@ Enter path to API Test Spec file (e.g., docs/tests/API-Test-Spec-users.md)
 
 ### Step 2 — Parse API Test Spec
 
-Read `.claude/rules/csharp/api-testing.md` for conventions before generating.
+Read `.tas/rules/csharp/api-testing.md` for conventions before generating.
 
 From API Test Spec file, collect:
 - API version
@@ -56,7 +56,7 @@ Version folder: lowercase, no dot — `v1`, `v2` (not `v1.0`).
 
 ### Step 5 — Generate Infrastructure (only when creating new project)
 
-Read `.claude/rules/csharp/api-testing.md` section **Project Structure** and **Config Pattern** to generate:
+Read `.tas/rules/csharp/api-testing.md` section **Project Structure** and **Config Pattern** to generate:
 - `ApiTests.csproj` with standard packages
 - `appsettings.json` (base) + `appsettings.Test.json` + `appsettings.Staging.json` with values from spec
 - `Shared/TestBase.cs` — load config, HttpClient, helper methods
@@ -102,7 +102,7 @@ If spec has `test-data.{env}.json` references:
 ### Step 9 — Post-Generate Review
 
 Launch `csharp-reviewer` agent:
-> Review `tests/ApiTests/{version}/`. Read `.claude/rules/csharp/testing.md` + `.claude/rules/csharp/api-testing.md`.
+> Review `tests/ApiTests/{version}/`. Read `.tas/rules/csharp/testing.md` + `.tas/rules/csharp/api-testing.md`.
 > Focus: async/await, HttpClient disposal, assertion completeness, XML doc coverage.
 > Format: Critical / High / Medium / Low with file:line.
 
@@ -140,4 +140,4 @@ Display:
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to API Test Spec file.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to API Test Spec file.

package/{.claude → .tas}/commands/tas-bug.md

@@ -16,7 +16,7 @@ Bug status determines next step — no role declaration needed.
 | **Never** | Auto-commit or push — wait for user manual testing first |
 
 ## Stack Detection
-Read `.claude/rules/common/stack-detection.md`.
+Read `.tas/rules/common/stack-detection.md`.
 
 ## Actions
 
@@ -68,9 +68,9 @@ Find Bug file via glob `docs/bugs/*-Bug-{ID}-*.md`, read current status.
 If additional files needed → ask user confirmation first.
 
 Before fixing, read:
-- `.claude/rules/common/security.md` — fix must not create new security risks
-- `.claude/rules/common/testing.md` — regression test writing patterns
-- `.claude/rules/[lang_agent stack]/coding-style.md` — follow conventions
+- `.tas/rules/common/security.md` — fix must not create new security risks
+- `.tas/rules/common/testing.md` — regression test writing patterns
+- `.tas/rules/[lang_agent stack]/coding-style.md` — follow conventions
 
 **Fix workflow:**
 a. Run regression test case → confirm **FAIL** (reproduces bug)
@@ -81,7 +81,7 @@ d. Run full test suite → no new regressions
 
 **After fix — Post-Fix Review (Isolated Agent):**
 
-Follow `.claude/rules/common/post-review-agent.md`.
+Follow `.tas/rules/common/post-implementation-review.md`.
 Pass in: Bug file path, changed files list, stack (from CLAUDE.md), lang_agent.
 
 After review passes:
@@ -110,4 +110,4 @@ After review passes:
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to working Bug file.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to working Bug file.

package/{.claude → .tas}/commands/tas-design.md

@@ -19,13 +19,13 @@ Create or update Design Specification document (UI/UX flows, wireframe descripti
    - Navigation structure
    - Interaction patterns
    - Responsive behavior notes
-6. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — add `artifacts.design_spec`.
+6. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — add `artifacts.design_spec`.
 
 ### UPDATE mode (file exists):
 3. Need context from current docs/design-spec.md
 4. $ARGUMENTS is change description. If not provided, ask user which section to update.
 5. Update file, add changelog
-6. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — update `artifacts.design_spec`.
+6. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — update `artifacts.design_spec`.
 
 ## Principles
 - Focus on flows and behavior, not pixel-perfect design
@@ -34,4 +34,4 @@ Create or update Design Specification document (UI/UX flows, wireframe descripti
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to `docs/design-spec.md`.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to `docs/design-spec.md`.

package/{.claude → .tas}/commands/tas-dev.md

@@ -19,10 +19,10 @@ Implement a User Story per approved Technical Plan.
 - ONLY read Story file — Technical Plan has enough technical context.
 - Don't auto-read PRD, SAD, ADR, Design-Spec unless user confirms.
 - Don't list directories, don't scan project structure.
-- Don't read `.tas/checklists/story-done.md` at first step (only at final step).
+- Don't read `.tas/rules/common/story-done.md` at first step (only at final step).
 
 ## Stack Detection
-Read `.claude/rules/common/stack-detection.md`.
+Read `.tas/rules/common/stack-detection.md`.
 
 ## Actions
 
@@ -57,19 +57,16 @@ If no Technical Plan (quick mode) → analyze AC and implement directly per AC.
 
 ### Step 3 — Implement
 
-**If stack is Node.js/Express/Next.js** → invoke skill `js-backend-patterns` to reference
-repository pattern, service layer, N+1 prevention, caching, error handling before coding.
+**If stack is Node.js/Express/Next.js** → Read `.tas/rules/typescript/patterns.md` and `.tas/rules/typescript/security.md` for repository pattern, N+1 prevention, error handler, caching, JWT/RBAC before coding.
 
 #### If `use_tdd = true` in `tas.yaml`:
-a. **Red phase** — Write test cases FIRST per AC in Story. Run tests, confirm FAIL.
 
-   Platform-specific (from stack detection):
-   - **Mobile (React Native)**: Jest + React Testing Library — Components (`render`, `fireEvent`, `screen`), Hooks (`renderHook`), Services/API (Jest mocks + MSW), Utils, Zustand stores. File: `src/**/*.test.ts(x)`
-   - **Web (React + Node)**: Vitest/Jest + React Testing Library — Components, Hooks, Services (MSW/Nock), Backend services (Jest). File: `src/**/*.test.ts(x)`
-   - **Backend (.NET)**: xUnit — Unit (services, repositories), Integration (TestServer), API (WebApplicationFactory). File: `tests/Unit/`, `tests/Integration/`, `tests/Api/`
+Read `.tas/rules/common/tdd.md` for Red-Green-Refactor discipline + Test Naming Convention.
 
-b. **Green phase** — Write minimal code to pass tests.
-c. **Refactor** — Clean up, ensure tests still pass.
+Platform-specific test stacks (from stack detection):
+- **Mobile (React Native)**: Jest + React Testing Library — Components (`render`, `fireEvent`, `screen`), Hooks (`renderHook`), Services/API (Jest mocks + MSW), Utils, Zustand stores. File: `src/**/*.test.ts(x)`
+- **Web (React + Node)**: Vitest/Jest + React Testing Library — Components, Hooks, Services (MSW/Nock), Backend services (Jest). File: `src/**/*.test.ts(x)`
+- **Backend (.NET)**: xUnit — Unit (services, repositories), Integration (TestServer), API (WebApplicationFactory). File: `tests/Unit/`, `tests/Integration/`, `tests/Api/`
 
 #### If `use_tdd = false`:
 a. Implement code per AC + Tasks in Technical Plan
@@ -83,12 +80,12 @@ If discover plan needs significant changes → notify user before changing direc
 
 ### Step 4 — Post-Implementation Review (Isolated Agent)
 
-Follow `.claude/rules/common/post-review-agent.md`.
+Follow `.tas/rules/common/post-implementation-review.md`.
 Pass in: Story file path, changed files list, stack (from CLAUDE.md), lang_agent.
 
 ### Step 5 — Definition of Done
 
-Read `.tas/checklists/story-done.md`, verify each item, tick in Story:
+Read `.tas/rules/common/story-done.md`, verify each item, tick in Story:
 - `- [x] Technical plan completed` — if plan_status: completed (or quick mode confirmed)
 - `- [x] Code implemented` — if implementation done
 - `- [x] Unit tests pass` — if tests passed
@@ -125,4 +122,4 @@ If Yes:
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to working Story file.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to working Story file.

package/{.claude → .tas}/commands/tas-epic.md

@@ -16,14 +16,14 @@ Create or update Epic document.
 5. Read project.code from root/tas.yaml. Scan docs/epics/ to determine sequence number.
 6. Create directory docs/epics/{code}-Epic-{NNN}-{slug}/
 7. Create file docs/epics/{code}-Epic-{NNN}-{slug}/{code}-Epic-{NNN}-{slug}.md
-8. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — add entry to `epics`.
+8. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — add entry to `epics`.
 
 ### UPDATE mode ($ARGUMENTS is Epic ID, e.g., "Epic-001"):
 4. Find directory docs/epics/{code}-Epic-001-*/
 5. Need context from current Epic file
 6. Ask user what needs changing (update scope, add feature, change status...)
 7. Update file, add changelog
-8. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — update `epics.{EPIC_ID}.status`.
+8. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — update `epics.{EPIC_ID}.status`.
 
 ## Principles
 - Each Epic maps to one business capability in PRD
@@ -32,4 +32,4 @@ Create or update Epic document.
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to working Epic file.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to working Epic file.

package/{.claude → .tas}/commands/tas-feature.md

@@ -26,15 +26,15 @@ Create or update Feature document, including Integration Test and E2E/Acceptance
       - "What's the main user scenario to verify this feature on Staging?"
       - "Any scenarios needing real or near-real data testing?"
       - "Which acceptance criteria need manual PE verification?"
-      Write to E2E Test Cases section. This is the checklist PE uses in Phase 2 when running /tas-verify.
-9. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — add entry to `epics.{EPIC_ID}.features`.
+      Write to E2E Test Cases section. This is the checklist PE uses in Phase 2 when running /tas-functest + /tas-e2e.
+9. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — add entry to `epics.{EPIC_ID}.features`.
 
 ### UPDATE mode ($ARGUMENTS is Feature ID, e.g., "Feature-003"):
 4. Find Feature file in docs/epics/ tree (using glob)
 5. Need context from current Feature file
 6. Ask user what needs changing (add story, update AC, add test cases, change status...)
 7. Update file, add changelog
-8. Update `project-status.yaml` per `.claude/rules/common/project-status.md` — update `epics.{EPIC_ID}.features.{FEATURE_ID}.status`.
+8. Update `project-status.yaml` per `.tas/rules/common/project-status.md` — update `epics.{EPIC_ID}.features.{FEATURE_ID}.status`.
 
 ## Principles
 - Feature is a specific function that can be demoed
@@ -44,4 +44,4 @@ Create or update Feature document, including Integration Test and E2E/Acceptance
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to working Feature file.
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to working Feature file.

package/{.claude → .tas}/commands/tas-fix.md

@@ -6,7 +6,7 @@ Use when: solo dev, quick hotfix, bug found during development.
 Differs from /tas-bug: no Bug file created, no status tracking, no deploy flow.
 
 ## Stack Detection
-Read `.claude/rules/common/stack-detection.md`.
+Read `.tas/rules/common/stack-detection.md`.
 
 ## Actions
 
@@ -25,9 +25,9 @@ $ARGUMENTS is error description, error message, or file:line_number.
 ### 3. Fix with regression test
 
 Before fixing, read relevant rules:
-- `.claude/rules/common/security.md` — check if fix creates security risks
-- `.claude/rules/common/testing.md` — regression test writing patterns
-- `.claude/rules/[lang_rules]/coding-style.md` — current stack conventions (if identifiable)
+- `.tas/rules/common/security.md` — check if fix creates security risks
+- `.tas/rules/common/testing.md` — regression test writing patterns
+- `.tas/rules/[lang_rules]/coding-style.md` — current stack conventions (if identifiable)
 
 Then:
 a. Write 1 minimal test case reproducing bug (if project has test framework)
@@ -48,4 +48,4 @@ e. Quick run of test suite if available (to check regression)
 
 ## Final Step — Token Log
 
-Invoke skill `token-logger`: write AI Usage Log to related Story or Bug file (if any).
+Follow `.tas/rules/common/token-logging.md`: write AI Usage Log to related Story or Bug file (if any).

package/{.claude → .tas}/commands/tas-init.md

@@ -4,7 +4,7 @@ Initialize TAS kit for the current project.
 
 ## Actions
 1. Need context from root/tas.yaml. If not exists, copy from .tas/tas-example.yaml to root and ask user to fill required information.
-2. Create directory structure: .tas/templates/, .tas/checklists/, docs/, docs/adr/, docs/epics/, docs/bugs/
+2. Create directory structure: .tas/templates/, docs/, docs/adr/, docs/epics/, docs/bugs/
 3. Create root/project-status.yaml file with initial state (artifacts, epics, adrs all empty).
 4. Copy default templates to .tas/templates/ if not exist.
 5. If project type is brownfield and codebase_scan_on_init = true: