ai-devx 1.0.0

package/templates/.agent/workflows/plan.md

@@ -0,0 +1,153 @@
+---
+command: /plan
+description: Create comprehensive task breakdown and implementation plan
+agent: project-planner
+skills:
+  - brainstorming
+  - plan-writing
+  - architecture
+  - estimation
+---
+
+# /plan Workflow
+
+## Purpose
+Break down complex requirements into actionable tasks with estimates, dependencies, and milestones.
+
+## Trigger
+User types: `/plan <description>`
+
+## Execution Steps
+
+### Step 1: Requirements Clarification
+Ask 3-5 strategic questions:
+1. What is the core problem you're solving?
+2. Who are the users and what do they need?
+3. What does success look like?
+4. What are the constraints (time, budget, tech)?
+5. Are there any dependencies or blockers?
+
+### Step 2: Analysis
+- Parse user request
+- Identify ambiguous requirements
+- Determine scope and complexity
+- Identify technical constraints
+
+### Step 3: Task Decomposition
+Break down into:
+- High-level objectives
+- Technical tasks
+- Dependencies between tasks
+- Risks and mitigations
+
+### Step 4: Estimation
+Categorize tasks:
+- **Quick wins**: < 2 hours
+- **Small**: 2-4 hours
+- **Medium**: 4-8 hours
+- **Large**: 1-2 days
+- **Epic**: 3-5 days (break down further)
+
+Apply uncertainty multipliers:
+- Well-understood: 1.0x
+- Some uncertainty: 1.5x
+- High uncertainty: 2.0x
+- Research needed: 3.0x
+
+### Step 5: Output Format
+
+Generate structured markdown plan:
+
+```markdown
+## Plan: [Feature Name]
+
+### Overview
+[High-level description of what will be built]
+
+### Goals
+- [Goal 1]
+- [Goal 2]
+- [Goal 3]
+
+### Technical Architecture
+[Architecture decisions and tech stack]
+
+### Tasks
+
+#### Phase 1: Foundation
+| ID | Task | Estimate | Dependencies | Priority |
+|----|------|----------|--------------|----------|
+| T1 | [Task description] | 2h | None | P0 |
+| T2 | [Task description] | 4h | T1 | P0 |
+
+#### Phase 2: Implementation
+| ID | Task | Estimate | Dependencies | Priority |
+|----|------|----------|--------------|----------|
+| T3 | [Task description] | 8h | T2 | P1 |
+
+### Milestones
+1. **Milestone 1** - [Date]: [Description]
+2. **Milestone 2** - [Date]: [Description]
+3. **Milestone 3** - [Date]: [Description]
+
+### Risks
+| Risk | Probability | Impact | Mitigation |
+|------|-------------|--------|------------|
+| [Risk 1] | High/Med/Low | High/Med/Low | [Strategy] |
+
+### Resources Needed
+- [Role 1]: [Number needed]
+- [Role 2]: [Number needed]
+
+### Definition of Done
+- [ ] All P0 tasks complete
+- [ ] Code reviewed
+- [ ] Tests passing
+- [ ] Documentation updated
+- [ ] Deployed to staging
+
+### Next Steps
+1. [Action item 1]
+2. [Action item 2]
+```
+
+## Example Usage
+
+**User**: `/plan Build a user authentication system with JWT`
+
+**Response**:
+```
+⚡ Executing /plan
+
+## Plan: User Authentication System with JWT
+
+### Overview
+Implement secure user authentication using JWT tokens with login, signup, and protected routes.
+
+### Tasks
+
+#### Phase 1: Backend (2 days)
+| ID | Task | Estimate | Dependencies |
+|----|------|----------|--------------|
+| T1 | Design user schema | 2h | None |
+| T2 | Implement password hashing | 2h | T1 |
+| T3 | Create signup endpoint | 4h | T2 |
+| T4 | Create login endpoint | 4h | T2 |
+| T5 | Implement JWT middleware | 4h | T4 |
+
+#### Phase 2: Frontend (1.5 days)
+| ID | Task | Estimate | Dependencies |
+|----|------|----------|--------------|
+| T6 | Create login form | 4h | None |
+| T7 | Create signup form | 4h | None |
+| T8 | Implement auth context | 4h | T6, T7 |
+
+Total: 3.5 days
+```
+
+## Success Criteria
+- Clear task breakdown with estimates
+- Identified dependencies
+- Risk assessment
+- Realistic timeline
+- Actionable next steps

package/templates/.agent/workflows/security.md

@@ -0,0 +1,181 @@
+---
+command: /security
+description: Security audit, vulnerability scanning, and security fixes
+agent: security-auditor
+skills:
+  - vulnerability-scanner
+  - security-best-practices
+  - authentication-patterns
+mode: strict
+---
+
+# /security Workflow
+
+## Purpose
+Perform security audits, scan for vulnerabilities, and implement security fixes.
+
+## Trigger
+User types: `/security` or `/security audit`
+
+## Execution Steps
+
+### Step 1: Code Scan
+Check for:
+- Hardcoded secrets
+- SQL injection vulnerabilities
+- XSS vulnerabilities
+- Insecure dependencies
+- Weak authentication
+- Missing authorization
+
+### Step 2: Dependency Scan
+Check for:
+- Known vulnerabilities in dependencies
+- Outdated packages
+- License compliance
+
+### Step 3: Configuration Review
+Check:
+- Environment variables
+- Security headers
+- CORS settings
+- SSL/TLS configuration
+- Authentication settings
+
+### Step 4: Vulnerability Assessment
+Classify findings:
+- **Critical**: Immediate action required
+- **High**: Fix within 24 hours
+- **Medium**: Fix within 1 week
+- **Low**: Fix when convenient
+- **Info**: Best practices
+
+### Step 5: Remediation
+Provide fixes for each vulnerability:
+- Code examples
+- Configuration changes
+- Dependency updates
+
+### Step 6: Validation
+Verify fixes:
+- Re-run security scans
+- Test application functionality
+- Check for regressions
+
+## Response Format
+
+```
+⚡ Executing /security
+
+🤖 Applying @security-auditor...
+
+## Security Audit Results
+
+### Summary
+🔴 Critical: 1
+🟠 High: 2
+🟡 Medium: 3
+🟢 Low: 5
+
+### Critical Issues
+
+#### 1. Hardcoded API Key
+**Location**: `src/config.ts:15`
+**Severity**: 🔴 Critical
+
+**Issue**:
+```typescript
+const API_KEY = "sk-1234567890abcdef";
+```
+
+**Fix**:
+```typescript
+const API_KEY = process.env.API_KEY;
+if (!API_KEY) {
+  throw new Error('API_KEY environment variable required');
+}
+```
+
+#### 2. SQL Injection Risk
+**Location**: `src/routes/users.ts:23`
+**Severity**: 🔴 Critical
+
+**Issue**:
+```typescript
+const query = `SELECT * FROM users WHERE id = ${userId}`;
+```
+
+**Fix**:
+```typescript
+const query = 'SELECT * FROM users WHERE id = $1';
+const result = await db.query(query, [userId]);
+```
+
+### Dependency Vulnerabilities
+
+| Package | Version | CVE | Severity | Fix |
+|---------|---------|-----|----------|-----|
+| lodash | 4.17.15 | CVE-2021-23337 | High | Upgrade to 4.17.21 |
+| express | 4.17.1 | CVE-2022-24999 | Medium | Upgrade to 4.18.2 |
+
+### Recommendations
+- Enable Dependabot
+- Set up security alerts
+- Regular dependency updates
+- Security training for team
+```
+
+## Security Checklist
+
+### Code Security
+- [ ] No hardcoded secrets
+- [ ] Input validation on all endpoints
+- [ ] Output encoding
+- [ ] Parameterized queries
+- [ ] CSRF protection
+- [ ] XSS prevention
+
+### Authentication
+- [ ] Strong password policy
+- [ ] Rate limiting on auth endpoints
+- [ ] Session timeout
+- [ ] Secure session storage
+- [ ] MFA available
+
+### Authorization
+- [ ] RBAC implemented
+- [ ] Resource-level checks
+- [ ] No privilege escalation
+
+### Infrastructure
+- [ ] HTTPS enforced
+- [ ] Security headers set
+- [ ] CORS configured
+- [ ] Secrets management
+- [ ] Logging enabled
+
+## Commands
+
+```bash
+# Scan dependencies
+npm audit
+
+# Fix vulnerabilities
+npm audit fix
+
+# Security headers check
+npx helmet
+
+# Secrets scanning
+git-secrets --scan
+
+# SAST scanning
+sonar-scanner
+```
+
+## Success Criteria
+- No critical vulnerabilities
+- No high vulnerabilities
+- All medium vulnerabilities planned
+- Dependencies up to date
+- Security headers configured

package/templates/.agent/workflows/test.md

@@ -0,0 +1,165 @@
+---
+command: /test
+description: Generate and run tests for code coverage and quality assurance
+agent: test-engineer
+skills:
+  - testing-patterns
+  - webapp-testing
+  - tdd-workflow
+mode: thorough
+---
+
+# /test Workflow
+
+## Purpose
+Generate comprehensive tests, run test suites, and improve code coverage.
+
+## Trigger
+User types: `/test <target>` or `/test all`
+
+## Execution Steps
+
+### Step 1: Test Discovery
+Identify what needs testing:
+- Untested files/functions
+- Critical business logic
+- API endpoints
+- UI components
+- Edge cases
+
+### Step 2: Test Generation
+
+**Unit Tests:**
+```typescript
+- Test happy paths
+- Test error cases
+- Test edge cases
+- Test boundary conditions
+- Mock external dependencies
+```
+
+**Integration Tests:**
+```typescript
+- Test API endpoints
+- Test database interactions
+- Test service integrations
+- Test authentication flows
+```
+
+**E2E Tests:**
+```typescript
+- Test critical user flows
+- Test form submissions
+- Test navigation
+- Test error handling
+```
+
+### Step 3: Test Implementation
+Follow AAA pattern:
+```typescript
+describe('functionName', () => {
+  it('should [expected behavior] when [condition]', () => {
+    // Arrange
+    const input = ...;
+    
+    // Act
+    const result = functionName(input);
+    
+    // Assert
+    expect(result).toBe(expected);
+  });
+});
+```
+
+### Step 4: Test Execution
+Run tests and report:
+- Total tests
+- Passed/Failed
+- Coverage percentage
+- Duration
+
+### Step 5: Coverage Analysis
+Check coverage gaps:
+- Branches not covered
+- Functions not tested
+- Lines not executed
+- Prioritize critical code
+
+### Step 6: Coverage Improvement
+Add tests for uncovered code:
+- Edge cases
+- Error paths
+- Complex logic
+
+## Response Format
+
+```
+⚡ Executing /test
+
+🤖 Applying @test-engineer...
+
+## Test Generation
+
+### Files to Test
+- [file1]: [reason]
+- [file2]: [reason]
+
+### Generated Tests
+
+#### Unit Tests
+```typescript
+[Code]
+```
+
+#### Integration Tests  
+```typescript
+[Code]
+```
+
+## Test Results
+
+### Summary
+- Total: 50 tests
+- Passed: 48 ✅
+- Failed: 2 ❌
+- Skipped: 0
+
+### Coverage
+| Metric | Before | After | Target |
+|--------|--------|-------|--------|
+| Statements | 60% | 85% | 80% ✅ |
+| Branches | 50% | 75% | 80% ⚠️ |
+| Functions | 70% | 90% | 80% ✅ |
+| Lines | 65% | 85% | 80% ✅ |
+
+### Failed Tests
+1. [Test name]: [Error]
+   - Fix: [Solution]
+
+## Recommendations
+- [Recommendation 1]
+- [Recommendation 2]
+```
+
+## Commands
+
+**Test specific file:**
+`/test UserService.ts`
+
+**Test all:**
+`/test all`
+
+**Test specific type:**
+`/test --unit`
+`/test --integration`
+`/test --e2e`
+
+**Coverage report:**
+`/test --coverage`
+
+## Success Criteria
+- New tests generated
+- Coverage improved
+- Critical paths tested
+- All tests passing
+- Edge cases covered