npm - @torus-engineering/tas-kit - Versions diffs - 1.5.1 → 1.6.0 - Mend

@torus-engineering/tas-kit 1.5.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/.claude/agents/README.md +83 -0
package/.claude/agents/architect.md +53 -0
package/.claude/agents/aws-reviewer.md +71 -0
package/.claude/agents/build-resolver.md +59 -0
package/.claude/agents/code-architect.md +62 -0
package/.claude/agents/code-explorer.md +63 -0
package/.claude/agents/code-simplifier.md +53 -0
package/.claude/agents/comment-analyzer.md +59 -0
package/.claude/agents/conversation-analyzer.md +57 -0
package/.claude/agents/csharp-reviewer.md +62 -0
package/.claude/agents/database-reviewer.md +73 -0
package/.claude/agents/doc-updater.md +66 -0
package/.claude/agents/docs-lookup.md +55 -0
package/.claude/agents/e2e-runner.md +61 -0
package/.claude/agents/harness-optimizer.md +62 -0
package/.claude/agents/loop-operator.md +56 -0
package/.claude/agents/performance-optimizer.md +78 -0
package/.claude/agents/planner.md +82 -0
package/.claude/agents/pr-test-analyzer.md +68 -0
package/.claude/agents/python-reviewer.md +67 -0
package/.claude/agents/pytorch-build-resolver.md +76 -0
package/.claude/agents/refactor-cleaner.md +70 -0
package/.claude/agents/security-reviewer.md +79 -0
package/.claude/agents/seo-specialist.md +75 -0
package/.claude/agents/silent-failure-hunter.md +69 -0
package/.claude/agents/tdd-guide.md +84 -0
package/.claude/agents/type-design-analyzer.md +75 -0
package/.claude/agents/typescript-reviewer.md +65 -0
package/.claude/commands/ado-create.md +2 -1
package/.claude/commands/ado-delete.md +3 -2
package/.claude/commands/ado-get.md +2 -1
package/.claude/commands/ado-status.md +2 -1
package/.claude/commands/ado-update.md +2 -1
package/.claude/commands/tas-adr.md +13 -12
package/.claude/commands/tas-bug.md +97 -50
package/.claude/commands/tas-design.md +3 -1
package/.claude/commands/tas-dev.md +115 -0
package/.claude/commands/tas-epic.md +4 -2
package/.claude/commands/tas-feature.md +5 -3
package/.claude/commands/tas-fix.md +47 -0
package/.claude/commands/tas-plan.md +184 -0
package/.claude/commands/tas-prd.md +3 -1
package/.claude/commands/tas-review.md +104 -0
package/.claude/commands/tas-sad.md +3 -1
package/.claude/commands/tas-security.md +80 -0
package/.claude/commands/tas-spec.md +50 -0
package/.claude/commands/tas-story.md +77 -40
package/.claude/commands/tas-verify.md +8 -0
package/.claude/hooks/code-quality.js +127 -0
package/.claude/hooks/session-end.js +116 -0
package/.claude/rules/.gitkeep +0 -0
package/.claude/rules/common/agents.md +65 -0
package/.claude/rules/common/code-review.md +124 -0
package/.claude/rules/common/coding-style.md +90 -0
package/.claude/rules/common/development-workflow.md +44 -0
package/.claude/rules/common/git-workflow.md +24 -0
package/.claude/rules/common/hooks.md +30 -0
package/.claude/rules/common/patterns.md +31 -0
package/.claude/rules/common/performance.md +55 -0
package/.claude/rules/common/post-review-agent.md +39 -0
package/.claude/rules/common/project-status.md +80 -0
package/.claude/rules/common/security.md +29 -0
package/.claude/rules/common/stack-detection.md +29 -0
package/.claude/rules/common/testing.md +57 -0
package/.claude/rules/csharp/coding-style.md +72 -0
package/.claude/rules/csharp/hooks.md +25 -0
package/.claude/rules/csharp/patterns.md +50 -0
package/.claude/rules/csharp/security.md +58 -0
package/.claude/rules/csharp/testing.md +46 -0
package/.claude/rules/python/coding-style.md +42 -0
package/.claude/rules/python/hooks.md +19 -0
package/.claude/rules/python/patterns.md +39 -0
package/.claude/rules/python/security.md +30 -0
package/.claude/rules/python/testing.md +38 -0
package/.claude/rules/typescript/coding-style.md +199 -0
package/.claude/rules/typescript/hooks.md +22 -0
package/.claude/rules/typescript/patterns.md +52 -0
package/.claude/rules/typescript/security.md +28 -0
package/.claude/rules/typescript/testing.md +18 -0
package/.claude/rules/web/coding-style.md +96 -0
package/.claude/rules/web/design-quality.md +63 -0
package/.claude/rules/web/hooks.md +120 -0
package/.claude/rules/web/patterns.md +79 -0
package/.claude/rules/web/performance.md +64 -0
package/.claude/rules/web/security.md +57 -0
package/.claude/rules/web/testing.md +55 -0
package/.claude/settings.json +37 -0
package/.claude/settings.local.json +38 -0
package/.claude/skills/ado-integration/SKILL.md +44 -1
package/.claude/skills/agent-harness-construction/SKILL.md +77 -0
package/.claude/skills/agent-introspection-debugging/SKILL.md +157 -0
package/.claude/skills/ai-regression-testing/SKILL.md +364 -0
package/.claude/skills/api-design/SKILL.md +528 -0
package/.claude/skills/architecture-decision-records/SKILL.md +184 -0
package/.claude/skills/backend-patterns/SKILL.md +602 -0
package/.claude/skills/benchmark/SKILL.md +98 -0
package/.claude/skills/browser-qa/SKILL.md +92 -0
package/.claude/skills/canary-watch/SKILL.md +104 -0
package/.claude/skills/tas-conventions/SKILL.md +51 -3
package/.claude/skills/tas-implementation-complete/SKILL.md +97 -0
package/.claude/skills/tas-tdd/SKILL.md +72 -16
package/.tas/README.md +29 -24
package/.tas/tas-example.yaml +2 -1
package/.tas/templates/Story.md +18 -18
package/CLAUDE-Example.md +1 -1
package/README.md +20 -5
package/package.json +1 -1
package/.claude/commands/tas-dev-story.md +0 -61
package/.claude/commands/tas-review-code.md +0 -42
package/.claude/commands/tas-security-check.md +0 -30

package/.claude/skills/backend-patterns/SKILL.md ADDED Viewed

@@ -0,0 +1,602 @@
+---
+name: backend-patterns
+description: |
+  Auto-invoke when implementing repository, service, or controller layers on Node.js/Express/Next.js,
+  fixing N+1 query problems, setting up Redis caching, adding auth middleware, or structuring
+  background job processing. NOT for API contract design (use api-design instead).
+origin: ECC
+allowed-tools: Read, Grep, Glob
+---
+# Backend Development Patterns
+Backend architecture patterns and best practices for scalable server-side applications.
+## When to Activate
+- Designing REST or GraphQL API endpoints
+- Implementing repository, service, or controller layers
+- Optimizing database queries (N+1, indexing, connection pooling)
+- Adding caching (Redis, in-memory, HTTP cache headers)
+- Setting up background jobs or async processing
+- Structuring error handling and validation for APIs
+- Building middleware (auth, logging, rate limiting)
+## API Design Patterns
+### RESTful API Structure
+```typescript
+// PASS: Resource-based URLs
+GET    /api/markets                 # List resources
+GET    /api/markets/:id             # Get single resource
+POST   /api/markets                 # Create resource
+PUT    /api/markets/:id             # Replace resource
+PATCH  /api/markets/:id             # Update resource
+DELETE /api/markets/:id             # Delete resource
+// PASS: Query parameters for filtering, sorting, pagination
+GET /api/markets?status=active&sort=volume&limit=20&offset=0
+```
+### Repository Pattern
+```typescript
+// Abstract data access logic
+interface MarketRepository {
+  findAll(filters?: MarketFilters): Promise<Market[]>
+  findById(id: string): Promise<Market | null>
+  create(data: CreateMarketDto): Promise<Market>
+  update(id: string, data: UpdateMarketDto): Promise<Market>
+  delete(id: string): Promise<void>
+}
+class SupabaseMarketRepository implements MarketRepository {
+  async findAll(filters?: MarketFilters): Promise<Market[]> {
+    let query = supabase.from('markets').select('*')
+    if (filters?.status) {
+      query = query.eq('status', filters.status)
+    }
+    if (filters?.limit) {
+      query = query.limit(filters.limit)
+    }
+    const { data, error } = await query
+    if (error) throw new Error(error.message)
+    return data
+  }
+  // Other methods...
+}
+```
+### Service Layer Pattern
+```typescript
+// Business logic separated from data access
+class MarketService {
+  constructor(private marketRepo: MarketRepository) {}
+  async searchMarkets(query: string, limit: number = 10): Promise<Market[]> {
+    // Business logic
+    const embedding = await generateEmbedding(query)
+    const results = await this.vectorSearch(embedding, limit)
+    // Fetch full data
+    const markets = await this.marketRepo.findByIds(results.map(r => r.id))
+    // Sort by similarity
+    return markets.sort((a, b) => {
+      const scoreA = results.find(r => r.id === a.id)?.score || 0
+      const scoreB = results.find(r => r.id === b.id)?.score || 0
+      return scoreA - scoreB
+    })
+  }
+  private async vectorSearch(embedding: number[], limit: number) {
+    // Vector search implementation
+  }
+}
+```
+### Middleware Pattern
+```typescript
+// Request/response processing pipeline
+export function withAuth(handler: NextApiHandler): NextApiHandler {
+  return async (req, res) => {
+    const token = req.headers.authorization?.replace('Bearer ', '')
+    if (!token) {
+      return res.status(401).json({ error: 'Unauthorized' })
+    }
+    try {
+      const user = await verifyToken(token)
+      req.user = user
+      return handler(req, res)
+    } catch (error) {
+      return res.status(401).json({ error: 'Invalid token' })
+    }
+  }
+}
+// Usage
+export default withAuth(async (req, res) => {
+  // Handler has access to req.user
+})
+```
+## Database Patterns
+### Query Optimization
+```typescript
+// PASS: GOOD: Select only needed columns
+const { data } = await supabase
+  .from('markets')
+  .select('id, name, status, volume')
+  .eq('status', 'active')
+  .order('volume', { ascending: false })
+  .limit(10)
+// FAIL: BAD: Select everything
+const { data } = await supabase
+  .from('markets')
+  .select('*')
+```
+### N+1 Query Prevention
+```typescript
+// FAIL: BAD: N+1 query problem
+const markets = await getMarkets()
+for (const market of markets) {
+  market.creator = await getUser(market.creator_id)  // N queries
+}
+// PASS: GOOD: Batch fetch
+const markets = await getMarkets()
+const creatorIds = markets.map(m => m.creator_id)
+const creators = await getUsers(creatorIds)  // 1 query
+const creatorMap = new Map(creators.map(c => [c.id, c]))
+markets.forEach(market => {
+  market.creator = creatorMap.get(market.creator_id)
+})
+```
+### Transaction Pattern
+```typescript
+async function createMarketWithPosition(
+  marketData: CreateMarketDto,
+  positionData: CreatePositionDto
+) {
+  // Use Supabase transaction
+  const { data, error } = await supabase.rpc('create_market_with_position', {
+    market_data: marketData,
+    position_data: positionData
+  })
+  if (error) throw new Error('Transaction failed')
+  return data
+}
+// SQL function in Supabase
+CREATE OR REPLACE FUNCTION create_market_with_position(
+  market_data jsonb,
+  position_data jsonb
+)
+RETURNS jsonb
+LANGUAGE plpgsql
+AS $$
+BEGIN
+  -- Start transaction automatically
+  INSERT INTO markets VALUES (market_data);
+  INSERT INTO positions VALUES (position_data);
+  RETURN jsonb_build_object('success', true);
+EXCEPTION
+  WHEN OTHERS THEN
+    -- Rollback happens automatically
+    RETURN jsonb_build_object('success', false, 'error', SQLERRM);
+END;
+$$;
+```
+## Caching Strategies
+### Redis Caching Layer
+```typescript
+class CachedMarketRepository implements MarketRepository {
+  constructor(
+    private baseRepo: MarketRepository,
+    private redis: RedisClient
+  ) {}
+  async findById(id: string): Promise<Market | null> {
+    // Check cache first
+    const cached = await this.redis.get(`market:${id}`)
+    if (cached) {
+      return JSON.parse(cached)
+    }
+    // Cache miss - fetch from database
+    const market = await this.baseRepo.findById(id)
+    if (market) {
+      // Cache for 5 minutes
+      await this.redis.setex(`market:${id}`, 300, JSON.stringify(market))
+    }
+    return market
+  }
+  async invalidateCache(id: string): Promise<void> {
+    await this.redis.del(`market:${id}`)
+  }
+}
+```
+### Cache-Aside Pattern
+```typescript
+async function getMarketWithCache(id: string): Promise<Market> {
+  const cacheKey = `market:${id}`
+  // Try cache
+  const cached = await redis.get(cacheKey)
+  if (cached) return JSON.parse(cached)
+  // Cache miss - fetch from DB
+  const market = await db.markets.findUnique({ where: { id } })
+  if (!market) throw new Error('Market not found')
+  // Update cache
+  await redis.setex(cacheKey, 300, JSON.stringify(market))
+  return market
+}
+```
+## Error Handling Patterns
+### Centralized Error Handler
+```typescript
+class ApiError extends Error {
+  constructor(
+    public statusCode: number,
+    public message: string,
+    public isOperational = true
+  ) {
+    super(message)
+    Object.setPrototypeOf(this, ApiError.prototype)
+  }
+}
+export function errorHandler(error: unknown, req: Request): Response {
+  if (error instanceof ApiError) {
+    return NextResponse.json({
+      success: false,
+      error: error.message
+    }, { status: error.statusCode })
+  }
+  if (error instanceof z.ZodError) {
+    return NextResponse.json({
+      success: false,
+      error: 'Validation failed',
+      details: error.errors
+    }, { status: 400 })
+  }
+  // Log unexpected errors
+  console.error('Unexpected error:', error)
+  return NextResponse.json({
+    success: false,
+    error: 'Internal server error'
+  }, { status: 500 })
+}
+// Usage
+export async function GET(request: Request) {
+  try {
+    const data = await fetchData()
+    return NextResponse.json({ success: true, data })
+  } catch (error) {
+    return errorHandler(error, request)
+  }
+}
+```
+### Retry with Exponential Backoff
+```typescript
+async function fetchWithRetry<T>(
+  fn: () => Promise<T>,
+  maxRetries = 3
+): Promise<T> {
+  let lastError: Error
+  for (let i = 0; i < maxRetries; i++) {
+    try {
+      return await fn()
+    } catch (error) {
+      lastError = error as Error
+      if (i < maxRetries - 1) {
+        // Exponential backoff: 1s, 2s, 4s
+        const delay = Math.pow(2, i) * 1000
+        await new Promise(resolve => setTimeout(resolve, delay))
+      }
+    }
+  }
+  throw lastError!
+}
+// Usage
+const data = await fetchWithRetry(() => fetchFromAPI())
+```
+## Authentication & Authorization
+### JWT Token Validation
+```typescript
+import jwt from 'jsonwebtoken'
+interface JWTPayload {
+  userId: string
+  email: string
+  role: 'admin' | 'user'
+}
+export function verifyToken(token: string): JWTPayload {
+  try {
+    const payload = jwt.verify(token, process.env.JWT_SECRET!) as JWTPayload
+    return payload
+  } catch (error) {
+    throw new ApiError(401, 'Invalid token')
+  }
+}
+export async function requireAuth(request: Request) {
+  const token = request.headers.get('authorization')?.replace('Bearer ', '')
+  if (!token) {
+    throw new ApiError(401, 'Missing authorization token')
+  }
+  return verifyToken(token)
+}
+// Usage in API route
+export async function GET(request: Request) {
+  const user = await requireAuth(request)
+  const data = await getDataForUser(user.userId)
+  return NextResponse.json({ success: true, data })
+}
+```
+### Role-Based Access Control
+```typescript
+type Permission = 'read' | 'write' | 'delete' | 'admin'
+interface User {
+  id: string
+  role: 'admin' | 'moderator' | 'user'
+}
+const rolePermissions: Record<User['role'], Permission[]> = {
+  admin: ['read', 'write', 'delete', 'admin'],
+  moderator: ['read', 'write', 'delete'],
+  user: ['read', 'write']
+}
+export function hasPermission(user: User, permission: Permission): boolean {
+  return rolePermissions[user.role].includes(permission)
+}
+export function requirePermission(permission: Permission) {
+  return (handler: (request: Request, user: User) => Promise<Response>) => {
+    return async (request: Request) => {
+      const user = await requireAuth(request)
+      if (!hasPermission(user, permission)) {
+        throw new ApiError(403, 'Insufficient permissions')
+      }
+      return handler(request, user)
+    }
+  }
+}
+// Usage - HOF wraps the handler
+export const DELETE = requirePermission('delete')(
+  async (request: Request, user: User) => {
+    // Handler receives authenticated user with verified permission
+    return new Response('Deleted', { status: 200 })
+  }
+)
+```
+## Rate Limiting
+### Simple In-Memory Rate Limiter
+```typescript
+class RateLimiter {
+  private requests = new Map<string, number[]>()
+  async checkLimit(
+    identifier: string,
+    maxRequests: number,
+    windowMs: number
+  ): Promise<boolean> {
+    const now = Date.now()
+    const requests = this.requests.get(identifier) || []
+    // Remove old requests outside window
+    const recentRequests = requests.filter(time => now - time < windowMs)
+    if (recentRequests.length >= maxRequests) {
+      return false  // Rate limit exceeded
+    }
+    // Add current request
+    recentRequests.push(now)
+    this.requests.set(identifier, recentRequests)
+    return true
+  }
+}
+const limiter = new RateLimiter()
+export async function GET(request: Request) {
+  const ip = request.headers.get('x-forwarded-for') || 'unknown'
+  const allowed = await limiter.checkLimit(ip, 100, 60000)  // 100 req/min
+  if (!allowed) {
+    return NextResponse.json({
+      error: 'Rate limit exceeded'
+    }, { status: 429 })
+  }
+  // Continue with request
+}
+```
+## Background Jobs & Queues
+### Simple Queue Pattern
+```typescript
+class JobQueue<T> {
+  private queue: T[] = []
+  private processing = false
+  async add(job: T): Promise<void> {
+    this.queue.push(job)
+    if (!this.processing) {
+      this.process()
+    }
+  }
+  private async process(): Promise<void> {
+    this.processing = true
+    while (this.queue.length > 0) {
+      const job = this.queue.shift()!
+      try {
+        await this.execute(job)
+      } catch (error) {
+        console.error('Job failed:', error)
+      }
+    }
+    this.processing = false
+  }
+  private async execute(job: T): Promise<void> {
+    // Job execution logic
+  }
+}
+// Usage for indexing markets
+interface IndexJob {
+  marketId: string
+}
+const indexQueue = new JobQueue<IndexJob>()
+export async function POST(request: Request) {
+  const { marketId } = await request.json()
+  // Add to queue instead of blocking
+  await indexQueue.add({ marketId })
+  return NextResponse.json({ success: true, message: 'Job queued' })
+}
+```
+## Logging & Monitoring
+### Structured Logging
+```typescript
+interface LogContext {
+  userId?: string
+  requestId?: string
+  method?: string
+  path?: string
+  [key: string]: unknown
+}
+class Logger {
+  log(level: 'info' | 'warn' | 'error', message: string, context?: LogContext) {
+    const entry = {
+      timestamp: new Date().toISOString(),
+      level,
+      message,
+      ...context
+    }
+    console.log(JSON.stringify(entry))
+  }
+  info(message: string, context?: LogContext) {
+    this.log('info', message, context)
+  }
+  warn(message: string, context?: LogContext) {
+    this.log('warn', message, context)
+  }
+  error(message: string, error: Error, context?: LogContext) {
+    this.log('error', message, {
+      ...context,
+      error: error.message,
+      stack: error.stack
+    })
+  }
+}
+const logger = new Logger()
+// Usage
+export async function GET(request: Request) {
+  const requestId = crypto.randomUUID()
+  logger.info('Fetching markets', {
+    requestId,
+    method: 'GET',
+    path: '/api/markets'
+  })
+  try {
+    const markets = await fetchMarkets()
+    return NextResponse.json({ success: true, data: markets })
+  } catch (error) {
+    logger.error('Failed to fetch markets', error as Error, { requestId })
+    return NextResponse.json({ error: 'Internal error' }, { status: 500 })
+  }
+}
+```
+**Remember**: Backend patterns enable scalable, maintainable server-side applications. Choose patterns that fit your complexity level.

package/.claude/skills/benchmark/SKILL.md ADDED Viewed

@@ -0,0 +1,98 @@
+---
+name: benchmark
+description: |
+  Auto-invoke when measuring performance impact of a PR, setting up performance baselines,
+  investigating "feels slow" or "it's getting slower" reports, comparing stack alternatives,
+  or validating Core Web Vitals before a launch. Requires browser MCP or direct API access
+  to target environment. SKIP if neither is available — note the gap to user.
+origin: ECC
+allowed-tools: Read, Bash
+---
+# Benchmark — Performance Baseline & Regression Detection
+## When to Use
+- Before and after a PR to measure performance impact
+- Setting up performance baselines for a project
+- When users report "it feels slow"
+- Before a launch — ensure you meet performance targets
+- Comparing your stack against alternatives
+## How It Works
+### Mode 1: Page Performance
+Measures real browser metrics via browser MCP:
+```
+1. Navigate to each target URL
+2. Measure Core Web Vitals:
+   - LCP (Largest Contentful Paint) — target < 2.5s
+   - CLS (Cumulative Layout Shift) — target < 0.1
+   - INP (Interaction to Next Paint) — target < 200ms
+   - FCP (First Contentful Paint) — target < 1.8s
+   - TTFB (Time to First Byte) — target < 800ms
+3. Measure resource sizes:
+   - Total page weight (target < 1MB)
+   - JS bundle size (target < 200KB gzipped)
+   - CSS size
+   - Image weight
+   - Third-party script weight
+4. Count network requests
+5. Check for render-blocking resources
+```
+### Mode 2: API Performance
+Benchmarks API endpoints:
+```
+1. Hit each endpoint 100 times
+2. Measure: p50, p95, p99 latency
+3. Track: response size, status codes
+4. Test under load: 10 concurrent requests
+5. Compare against SLA targets
+```
+### Mode 3: Build Performance
+Measures development feedback loop:
+```
+1. Cold build time
+2. Hot reload time (HMR)
+3. Test suite duration
+4. TypeScript check time
+5. Lint time
+6. Docker build time
+```
+### Mode 4: Before/After Comparison
+Run before and after a change to measure impact:
+```
+/benchmark baseline    # saves current metrics
+# ... make changes ...
+/benchmark compare     # compares against baseline
+```
+Output:
+```
+| Metric | Before | After | Delta | Verdict |
+|--------|--------|-------|-------|---------|
+| LCP | 1.2s | 1.4s | +200ms | WARNING: WARN |
+| Bundle | 180KB | 175KB | -5KB | ✓ BETTER |
+| Build | 12s | 14s | +2s | WARNING: WARN |
+```
+## Output
+Stores baselines in `docs/benchmarks/` as JSON. Git-tracked so the team shares baselines.
+## Integration
+- CI: run `/benchmark compare` on every PR
+- Pair with `/canary-watch` for post-deploy monitoring
+- Pair with `/browser-qa` for full pre-ship checklist