@torus-engineering/tas-kit 1.9.0 → 1.10.0

package/.tas/tas-example.yaml

@@ -1,109 +1,126 @@
-# .tas/tas-example.yaml - Reference template cho tas.yaml ở root
-# Copy file này ra root (tas.yaml) và điền thông tin dự án.
-# File này CHỈ chứa flow và logic của TAS.
-# Tech stack, coding conventions, build commands thuộc về CLAUDE.md.
-
-project:
-  name: "My Project"
-  code: "PROJ"              # Prefix for file naming: PROJ-Epic-001, PROJ-Feature-001, etc.
-  type: greenfield          # greenfield | brownfield
-  description: "Mô tả ngắn về dự án"
-
-# Azure DevOps integration
-ado:
-  enabled: true                 # false nếu project không dùng ADO
-  organization: "https://dev.azure.com/torus-bellesoft"
-  project_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
-
-team:
-  - name: "Nguyen Van A"
-    role: pe
-    ado_id: "nguyenvana@torus.vn"
-  - name: "Tran Van B"
-    role: se
-    ado_id: "tranvanb@torus.vn"
-  - name: "Le Van C"
-    role: dse
-    ado_id: "levanc@torus.vn"
-
-# Flow configuration
-workflow:
-  # Phase 0: Discovery & Design (Human-led, AI-powered)
-  discovery:
-    enabled: true
-    lead: pe
-    artifacts:
-      - prd
-      - design_spec
-      - sad
-      - adr
-      - epic
-      - feature
-      - story
-    gate: ready_for_development
-
-  # Phase 1: Develop (Orchestrated Agentic)
-  develop:
-    enabled: true
-    lead: se
-    environment: test
-    use_tdd: true
-    auto_review: true
-
-  # Phase 2: Verify (Agentic + PE Review)
-  verify:
-    enabled: true
-    lead: pe
-    environment: staging
-    auto_integration_test: true
-    gate: pe_approved
-
-  # Phase 3: Deploy with Feature Flag (Agentic)
-  deploy:
-    enabled: true
-    lead: dse
-    environment: production
-    feature_flag: true
-    gate: pe_approved_production
-
-  # Phase 4: Operate (Autonomous)
-  operate:
-    enabled: false
-    lead: dse
-    environment: production
-    security_check: true
-    performance_monitor: true
-
-# Brownfield-specific config
-brownfield:
-  existing_docs_path: "docs/"
-  codebase_scan_on_init: true
-
-# Template overrides (optional)
-templates:
-  sad: ".tas/templates/SAD.md"
-  adr: ".tas/templates/ADR.md"
-  prd: ".tas/templates/PRD.md"
-  epic: ".tas/templates/Epic.md"
-  feature: ".tas/templates/Feature.md"
-  story: ".tas/templates/Story.md"
-  bug: ".tas/templates/Bug.md"
-
-# Model mapping
-models:
-  default: sonnet
-  commands:
-    tas-prd: sonnet
-    tas-design: sonnet
-    tas-sad: opus
-    tas-adr: opus
-    tas-epic: sonnet
-    tas-feature: sonnet
-    tas-story: sonnet
-    tas-dev: sonnet
-    tas-review-code: opus
-    tas-brainstorm: opus
-    tas-bug: sonnet
-    tas-verify: haiku
-    tas-status: haiku
-    tas-security-check: opus
+# .tas/tas-example.yaml - Reference template cho tas.yaml ở root
+# Copy file này ra root (tas.yaml) và điền thông tin dự án.
+# File này CHỈ chứa flow và logic của TAS.
+# Tech stack, coding conventions, build commands thuộc về CLAUDE.md.
+
+project:
+  name: "My Project"
+  code: "PROJ"              # Prefix for file naming: PROJ-Epic-001, PROJ-Feature-001, etc.
+  type: greenfield          # greenfield | brownfield
+  description: "Mô tả ngắn về dự án"
+
+# Azure DevOps integration
+ado:
+  enabled: true                 # false nếu project không dùng ADO
+  organization: "https://dev.azure.com/torus-bellesoft"
+  project_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+
+team:
+  - name: "Nguyen Van A"
+    role: pe
+    ado_id: "nguyenvana@torus.vn"
+  - name: "Tran Van B"
+    role: se
+    ado_id: "tranvanb@torus.vn"
+  - name: "Le Van C"
+    role: dse
+    ado_id: "levanc@torus.vn"
+
+# Flow configuration
+workflow:
+  # Phase 0: Discovery & Design (Human-led, AI-powered)
+  discovery:
+    enabled: true
+    lead: pe
+    artifacts:
+      - prd
+      - design_spec
+      - sad
+      - adr
+      - epic
+      - feature
+      - story
+    gate: ready_for_development
+
+  # Phase 1: Develop (Orchestrated Agentic)
+  develop:
+    enabled: true
+    lead: se
+    environment: test
+    use_tdd: true
+    auto_review: true
+
+  # Phase 2: Verify (Agentic + PE Review)
+  verify:
+    enabled: true
+    lead: pe
+    environment: staging
+    auto_integration_test: true
+    gate: pe_approved
+
+  # Phase 3: Deploy with Feature Flag (Agentic)
+  deploy:
+    enabled: true
+    lead: dse
+    environment: production
+    feature_flag: true
+    gate: pe_approved_production
+
+  # Phase 4: Operate (Autonomous)
+  operate:
+    enabled: false
+    lead: dse
+    environment: production
+    security_check: true
+    performance_monitor: true
+
+# Brownfield-specific config
+brownfield:
+  existing_docs_path: "docs/"
+  codebase_scan_on_init: true
+
+# Pre-commit security hook (installed via tas-kit install --security-hook=husky|native)
+# See .tas/hooks/README.md for details
+#
+# 3-tier scan:
+#   Tier 1 (always): built-in regex scan for ~45 secret patterns — blocks
+#   Tier 2 (if on PATH): gitleaks / trufflehog — only runs if installed — blocks
+#   Tier 3 (opt-in, LOCAL ONLY): AI deep scan → writes docs/security-report.md;
+#                                does NOT block. Use a personal Claude Code
+#                                subscription (no API charges). Not for CI.
+security:
+  pre_commit_hook: true                    # master switch; false to disable without uninstalling
+  external_scanner: auto                   # auto | gitleaks | trufflehog | none — tier 2
+  tool: claude                             # claude | codex | gemini | none — tier 3 AI (report-only)
+  deep_scan_on_every_commit: false         # true = opt into tier 3 AI review each local commit
+  block_on: [critical, high]               # severities that block commit (tier 1 & 2 only)
+  allow_bypass: true                       # print hint about SKIP_SECURITY_SCAN / --no-verify
+
+# Template overrides (optional)
+templates:
+  sad: ".tas/templates/SAD.md"
+  adr: ".tas/templates/ADR.md"
+  prd: ".tas/templates/PRD.md"
+  epic: ".tas/templates/Epic.md"
+  feature: ".tas/templates/Feature.md"
+  story: ".tas/templates/Story.md"
+  bug: ".tas/templates/Bug.md"
+
+# Model mapping
+models:
+  default: sonnet
+  commands:
+    tas-prd: sonnet
+    tas-design: sonnet
+    tas-sad: opus
+    tas-adr: opus
+    tas-epic: sonnet
+    tas-feature: sonnet
+    tas-story: sonnet
+    tas-dev: sonnet
+    tas-review-code: opus
+    tas-brainstorm: opus
+    tas-bug: sonnet
+    tas-verify: haiku
+    tas-status: haiku
+    tas-security-check: opus

package/CLAUDE-Example.md

@@ -1,58 +1,61 @@
-# Project Context
-
-## Tech Stack
-- Backend: .NET 8, C#, Entity Framework Core
-- Frontend: ReactJS
-- Database: MySQL
-- Infrastructure: AWS
-- CI/CD: Azure DevOps Pipelines
-
-## Conventions
-- Branching: git-flow
-- Commit: conventional commits
-- Namespace: Torus.{ProjectName}.{Layer}
-- Naming: PascalCase for classes/methods, camelCase for variables
-- Test framework: xUnit
-
-## Legacy Patterns to Avoid (Brownfield)
-- Repository pattern without interface
-- Direct SQL queries in controllers
-
-## Mermaid Rules (AzureDevops Wiki)
-- Always wrap with :::mermaid and :::
-- NEVER use () in node labels, use [] instead
-- Example: A["Web App"] --> B["API Gateway"]
-
-## Build & Test
-- Build: dotnet build
-- Test: dotnet test
-- Lint: dotnet format --verify-no-changes
-
-## TAS Kit
-This project uses Torus-Agentic-SDLC (TAS) kit.
-- Flow config: root/tas.yaml
-- Templates: .tas/templates/
-- Generated docs: docs/
-
-## Key Rules
-- Architecture: see docs/sad.md
-- Decisions: see docs/adr/
-
-## Commands
-Type /tas-status to see current project state.
-Type /tas-[artifact] to create or update artifacts (prd, sad, adr, epic, feature, story, design).
-Type /tas-dev to implement a story.
-Type /tas-verify to verify a Feature on Staging (Phase 2).
-Type /tas-review-code, /tas-brainstorm, /tas-bug, /tas-security-check for dev workflows.
-
-## ADO Commands
-Type /ado-create <type> <temp-id> [--parent-id <id>] to create work item on ADO.
-Type /ado-get <ado-id> to pull work item from ADO.
-Type /ado-update <type> <ado-id> [--assign <n>] [--status <state>] to update on ADO.
-Type /ado-status <ado-id> --status <state> to quick update status on ADO.
-Type /ado-delete <type> <ado-id> to delete work item on ADO.
-
-## ADO Prerequisites
-- Azure CLI + azure-devops extension: az extension add --name azure-devops --upgrade
-- Python 3.8+ with pyyaml: pip install pyyaml
-- PAT configured in .env file: AzureDevops_Personal_AccessToken=your-pat-here
+# Project Context
+
+## Tech Stack
+- Backend: .NET 8, C#, Entity Framework Core
+- Frontend: ReactJS
+- Database: MySQL
+- Infrastructure: AWS
+- CI/CD: Azure DevOps Pipelines
+
+## Conventions
+- Branching: git-flow
+- Commit: conventional commits
+- Namespace: Torus.{ProjectName}.{Layer}
+- Naming: PascalCase for classes/methods, camelCase for variables
+- Test framework: xUnit
+
+## Legacy Patterns to Avoid (Brownfield)
+- Repository pattern without interface
+- Direct SQL queries in controllers
+
+## Mermaid Rules (AzureDevops Wiki)
+- Always wrap with :::mermaid and :::
+- NEVER use () in node labels, use [] instead
+- Example: A["Web App"] --> B["API Gateway"]
+
+## Build & Test
+- Build: dotnet build
+- Test: dotnet test
+- Lint: dotnet format --verify-no-changes
+
+## TAS Kit
+This project uses Torus-Agentic-SDLC (TAS) kit.
+- Flow config: root/tas.yaml
+- Templates: .tas/templates/
+- Generated docs: docs/
+- Pre-commit security hook: .tas/hooks/ (see README.md there)
+  - Config: `security:` section in tas.yaml
+  - Bypass: `SKIP_SECURITY_SCAN=1 git commit ...` or `git commit --no-verify`
+
+## Key Rules
+- Architecture: see docs/sad.md
+- Decisions: see docs/adr/
+
+## Commands
+Type /tas-status to see current project state.
+Type /tas-[artifact] to create or update artifacts (prd, sad, adr, epic, feature, story, design).
+Type /tas-dev to implement a story.
+Type /tas-verify to verify a Feature on Staging (Phase 2).
+Type /tas-review-code, /tas-brainstorm, /tas-bug, /tas-security-check for dev workflows.
+
+## ADO Commands
+Type /ado-create <type> <temp-id> [--parent-id <id>] to create work item on ADO.
+Type /ado-get <ado-id> to pull work item from ADO.
+Type /ado-update <type> <ado-id> [--assign <n>] [--status <state>] to update on ADO.
+Type /ado-status <ado-id> --status <state> to quick update status on ADO.
+Type /ado-delete <type> <ado-id> to delete work item on ADO.
+
+## ADO Prerequisites
+- Azure CLI + azure-devops extension: az extension add --name azure-devops --upgrade
+- Python 3.8+ with pyyaml: pip install pyyaml
+- PAT configured in .env file: AzureDevops_Personal_AccessToken=your-pat-here