ai-nexus 1.0.0

package/config/agents/review-checklist.md

@@ -0,0 +1,70 @@
+---
+name: Review Checklist
+description: Code review checklist for quality, security, testing, and performance
+keywords: [리뷰, review, 검토, 레뷰, checklist, code quality, security, testing, performance, documentation]
+---
+
+# Review Checklist
+
+## Code Quality
+
+### Size Limits
+- [ ] File size ≤ 300 LOC
+- [ ] Function size ≤ 50 LOC
+- [ ] Parameters ≤ 5
+- [ ] Cyclomatic complexity ≤ 10
+- [ ] Split/refactor if limits exceeded
+
+### Clean Code
+- [ ] Intention-revealing names used
+- [ ] Each function does one thing
+- [ ] Side effects isolated to boundary layers
+- [ ] Guard clauses preferred
+- [ ] Constants symbolized (no hardcoding)
+- [ ] Code structured as Input → Processing → Return
+
+## Functionality Review
+
+- [ ] Correctly implements requirements
+- [ ] Edge cases handled
+- [ ] Error handling is appropriate
+- [ ] No unintended side effects
+
+## Security Review
+
+- [ ] No secrets in code
+- [ ] Inputs validated and sanitized
+- [ ] No SQL injection vulnerabilities
+- [ ] No XSS vulnerabilities
+- [ ] Authentication/authorization applied
+- [ ] See [security-rules.md](./security-rules.md) for full checklist
+
+## Testing Review
+
+- [ ] New code has tests
+- [ ] Bug fixes have regression tests
+- [ ] Tests are deterministic
+- [ ] E2E has success and failure paths
+- [ ] See [testing-rules.md](./testing-rules.md) for full checklist
+
+## Performance Review
+
+- [ ] No obvious performance issues
+- [ ] Database queries optimized
+- [ ] No N+1 query problems
+- [ ] Appropriate caching considered
+
+## Documentation Review
+
+- [ ] Complex logic is documented
+- [ ] API changes documented
+- [ ] README updated if needed
+- [ ] Breaking changes noted
+
+## Reviewer Actions
+
+1. **Read**: Understand the context and purpose
+2. **Verify**: Check against requirements
+3. **Test**: Run tests locally if needed
+4. **Comment**: Provide constructive feedback
+5. **Approve/Request Changes**: Make clear decision

package/config/agents/security-rules.md

@@ -0,0 +1,51 @@
+---
+name: Security Rules
+description: Secrets management, vulnerability prevention, authentication and authorization rules
+keywords: [보안, security, 시큐리티, vulnerability, secrets, API keys, SQL injection, XSS, CSRF, authentication, authorization]
+---
+
+# Security Rules
+
+## ABSOLUTE Rules (NEVER Violate)
+
+### NEVER
+
+- Leave secrets (passwords/API keys/tokens) in code/logs/tickets/environment variables/.env files.
+- Log sensitive data (PII/credit cards/SSN) in logs.
+- Leave SQL injection, XSS, CSRF vulnerabilities.
+- Commit secrets, API keys, tokens, or sensitive information.
+
+### ALWAYS
+
+- Validate, normalize, and encode all inputs; use parameterized queries.
+- Use HTTPS/TLS and apply principle of least privilege.
+- Apply authentication/authorization to all endpoints.
+- Set security headers (CSP, HSTS, X-Frame-Options).
+- Regularly scan and update dependency vulnerabilities.
+
+## Security Violation Protocol
+
+**Stop work immediately and request review upon security violations.**
+
+## Pre-commit Security Checklist
+
+- [ ] No secrets (passwords/API keys/tokens) in code
+- [ ] No sensitive data (PII/credit cards/SSN) in logs
+- [ ] No SQL injection vulnerabilities
+- [ ] No XSS vulnerabilities
+- [ ] No CSRF vulnerabilities
+- [ ] All inputs validated and sanitized
+- [ ] Parameterized queries used for database operations
+- [ ] Authentication/authorization applied to endpoints
+- [ ] Development debug code removed
+- [ ] Console logs cleaned up
+
+## Common Vulnerability Prevention
+
+| Vulnerability | Prevention |
+|--------------|------------|
+| SQL Injection | Use parameterized queries, ORMs |
+| XSS | Encode output, use CSP headers |
+| CSRF | Use CSRF tokens, SameSite cookies |
+| Auth Bypass | Validate on server, check permissions |
+| Data Exposure | Minimize data, encrypt at rest/transit |

package/config/codex/AGENTS.md

@@ -0,0 +1,69 @@
+# AI 에이전트 가이드
+
+이 파일은 OpenAI Codex CLI가 자동으로 읽습니다.
+
+## 필수 규칙
+
+### 1. 먼저 읽기
+변경하기 전에 관련 파일을 먼저 읽는다. 코드를 이해하지 않고 수정하지 않는다.
+
+### 2. 작게 유지
+- 작업, 커밋, PR의 범위를 최소화
+- 한 번에 하나의 문제만 해결
+- 300줄 이상의 변경은 분할
+
+### 3. 가정 기록
+- Issue, PR, 코드 주석에 가정 사항 명시
+- "왜" 이 결정을 했는지 기록
+
+### 4. 입력 검증
+- 모든 외부 입력을 검증
+- 출력을 적절히 인코딩/이스케이프
+
+### 5. 조기 추상화 금지
+- 필요할 때까지 추상화하지 않음
+- 3번 반복되기 전까지는 중복 허용
+
+### 6. 대안 비교
+- 최소 2개 이상의 접근 방식 검토
+- 가장 단순한 해결책 선택
+
+## 코드 임계값
+
+| 항목 | 제한 |
+|------|------|
+| 파일 크기 | ≤ 300 LOC |
+| 함수 길이 | ≤ 50 LOC |
+| 파라미터 수 | ≤ 5개 |
+| 순환 복잡도 | ≤ 10 |
+
+## 커밋 컨벤션
+
+형식: `<type>: [<ticket>] <subject>`
+
+타입:
+- feat: 새로운 기능
+- fix: 버그 수정
+- refactor: 코드 개선
+- style: 포맷팅
+- docs: 문서
+- test: 테스트
+- chore: 기타
+
+규칙:
+- 제목 50자 이내, 영어
+- 이모지 사용 금지
+- AI 표기 금지
+- 자동 커밋 금지
+
+## 보안 규칙
+
+### 절대 금지
+- 코드/로그에 비밀값 하드코딩
+- SQL Injection, XSS, CSRF 취약점
+
+### 항상 실행
+- 입력 검증
+- 파라미터화된 쿼리
+- 인증/인가 검사
+- HTTPS 사용

package/config/commands/commit.md

@@ -0,0 +1,34 @@
+---
+description: Git commit command - creates conventional commits
+---
+
+# /commit
+
+Create a git commit following conventional commit format.
+
+## Format
+
+```
+<type>(<scope>): <subject>
+
+<body>
+
+<footer>
+```
+
+## Types
+
+- `feat`: New feature
+- `fix`: Bug fix
+- `docs`: Documentation
+- `style`: Formatting
+- `refactor`: Code refactoring
+- `test`: Tests
+- `chore`: Maintenance
+
+## Rules
+
+1. Subject line ≤ 50 characters
+2. Body wrapped at 72 characters
+3. Use imperative mood ("add" not "added")
+4. Reference issues in footer

package/config/commands/review.md

@@ -0,0 +1,36 @@
+---
+description: Code review command - review diff, check security, performance, style, tests
+---
+
+# Code Review Command
+
+Review the code changes following these guidelines:
+
+1. **Read the diff carefully**
+2. **Check against review checklist**
+3. **Provide specific, actionable feedback**
+
+## Focus Areas
+
+- Security vulnerabilities
+- Performance issues
+- Code style consistency
+- Test coverage
+- Documentation
+
+## Output Format
+
+```markdown
+## Summary
+Brief overview of the changes
+
+## Issues Found
+- [ ] Issue 1: Description + suggestion
+- [ ] Issue 2: Description + suggestion
+
+## Good Patterns
+- Pattern 1: Why it's good
+
+## Suggestions
+- Optional improvements
+```

package/config/contexts/dev.md

@@ -0,0 +1,20 @@
+# Development Context
+
+Mode: Active development
+Focus: Implementation, coding, building features
+
+## Behavior
+- Write code first, explain after
+- Prefer working solutions over perfect solutions
+- Run tests after changes
+- Keep commits atomic
+
+## Priorities
+1. Get it working
+2. Get it right
+3. Get it clean
+
+## Tools to favor
+- Edit, Write for code changes
+- Bash for running tests/builds
+- Grep, Glob for finding code

package/config/hooks/README.md

@@ -0,0 +1,110 @@
+# Semantic Router Hook
+
+The semantic router hook analyzes keywords in prompts to **dynamically activate only the necessary rules**.
+
+## How It Works
+
+```
+1. User enters a prompt
+   "Write a commit message"
+         ↓
+2. UserPromptSubmit hook executes
+         ↓
+3. Keyword analysis ("commit" detected)
+         ↓
+4. Dynamic rule file swap
+   - .claude/rules/commit.md ← activated
+   - .claude/rules/security.md → rules-inactive/ (deactivated)
+         ↓
+5. Claude Code loads only necessary rules
+         ↓
+6. Token savings!
+```
+
+## Installation
+
+### 1. Auto-install with ai-rules
+
+```bash
+npx ai-rules init
+# or
+npx ai-rules install
+
+# → Select hooks option
+```
+
+### 2. Manual Installation
+
+```bash
+# Project installation
+mkdir -p .claude/hooks
+cp config/hooks/semantic-router.cjs .claude/hooks/
+
+# Or global installation
+mkdir -p ~/.claude/hooks
+cp config/hooks/semantic-router.cjs ~/.claude/hooks/
+```
+
+### 3. Register in Claude Code settings.json
+
+Add to `.claude/settings.json` or `~/.claude/settings.json`:
+
+```json
+{
+  "hooks": {
+    "UserPromptSubmit": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node .claude/hooks/semantic-router.cjs"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+## Directory Structure
+
+```
+~/.ai-rules/config/      ← Original rules (all)
+~/.claude/rules/         ← Active rules (only needed)
+~/.claude/rules-inactive/ ← Inactive rules
+```
+
+## Keyword Mapping
+
+| Keyword | Activated Rules |
+|---------|-----------------|
+| commit | rules/commit.md, commands/commit.md |
+| pr, pull request, merge | rules/pr.md |
+| security | rules/security.md, agents/security-rules.md |
+| review | commands/review.md, skills/review.md |
+| react, next, nextjs | skills/react.md |
+| code | agents/code-standards.md |
+
+## Always Active Rules
+
+- `rules/essential.md` - Always active (cannot be deactivated)
+
+## Environment Variables
+
+```bash
+# Enable semantic router (default: true)
+SEMANTIC_ROUTER_ENABLED=true
+
+# API keys for AI-based routing (optional)
+OPENAI_API_KEY=sk-xxx
+ANTHROPIC_API_KEY=sk-ant-xxx
+```
+
+## Token Savings
+
+| Method | Rules Loaded | Estimated Tokens |
+|--------|--------------|------------------|
+| Load all | All rules (15) | ~5000 tokens |
+| Semantic Router | Only needed (2-3) | ~800 tokens |
+| **Savings** | | **~84%** |

package/config/hooks/semantic-router.cjs

@@ -0,0 +1,236 @@
+const fs = require('fs');
+const path = require('path');
+const https = require('https');
+
+// Configuration - Use home directory's .claude
+const os = require('os');
+const RULES_DIR = path.join(os.homedir(), '.claude/rules');
+const INACTIVE_DIR = path.join(os.homedir(), '.claude/rules-inactive');
+const SEMANTIC_ROUTER_ENABLED = process.env.SEMANTIC_ROUTER_ENABLED !== 'false'; // Default to true unless explicitly disabled
+
+// Map file names to keywords for fallback and management identification
+const KEYWORD_MAP = {
+  'testing.md': ['test', 'spec', 'jest', 'vitest', 'unit', 'e2e'],
+  'typescript.md': ['ts', 'typescript', 'interface', 'type'],
+  'react.md': ['react', 'component', 'jsx', 'tsx', 'hook'],
+  'node.md': ['node', 'express', 'server', 'api'],
+  'git.md': ['git', 'commit', 'merge', 'branch', 'rebase'],
+  'security.md': ['security', 'auth', 'token', 'secret', 'password'],
+  'performance.md': ['perf', 'performance', 'optimize', 'speed', 'memory'],
+  'commit.md': ['commit', 'git', 'message', 'convention'],
+};
+
+const ALWAYS_ACTIVE = ['essential.md', 'security.md']; // Files that are always kept active
+
+// Helper: Ensure directories exist
+function ensureDirs() {
+  if (!fs.existsSync(RULES_DIR)) fs.mkdirSync(RULES_DIR, { recursive: true });
+  if (!fs.existsSync(INACTIVE_DIR)) fs.mkdirSync(INACTIVE_DIR, { recursive: true });
+}
+
+// Helper: Call Claude API for semantic analysis
+async function analyzeWithClaude(prompt, availableFiles) {
+  const apiKey = process.env.ANTHROPIC_API_KEY;
+  if (!apiKey) return null;
+
+  const systemPrompt = `
+You are a semantic router for a coding assistant. Your job is to select the most relevant rule files for a given user prompt.
+Available files: ${availableFiles.join(', ')}
+Return ONLY a JSON array of filenames that should be active. Do not include any explanation.
+Example: ["react.md", "typescript.md"]
+`;
+
+  const data = JSON.stringify({
+    model: 'claude-3-haiku-20240307',
+    max_tokens: 100,
+    system: systemPrompt,
+    messages: [{ role: 'user', content: prompt }]
+  });
+
+  const options = {
+    hostname: 'api.anthropic.com',
+    path: '/v1/messages',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'x-api-key': apiKey,
+      'anthropic-version': '2023-06-01'
+    }
+  };
+
+  return new Promise((resolve) => {
+    const req = https.request(options, (res) => {
+      let body = '';
+      res.on('data', (chunk) => body += chunk);
+      res.on('end', () => {
+        try {
+          const response = JSON.parse(body);
+          const content = response.content?.[0]?.text;
+          if (content) {
+            const files = JSON.parse(content);
+            resolve(files);
+          } else {
+            resolve(null);
+          }
+        } catch (e) {
+          resolve(null);
+        }
+      });
+    });
+    req.on('error', (e) => {
+      resolve(null);
+    });
+    req.write(data);
+    req.end();
+  });
+}
+
+// Helper: Call OpenAI API for semantic analysis
+async function analyzeWithOpenAI(prompt, availableFiles) {
+  const apiKey = process.env.OPENAI_API_KEY;
+  if (!apiKey) return null;
+
+  const systemPrompt = `
+You are a semantic router for a coding assistant. Your job is to select the most relevant rule files for a given user prompt.
+Available files: ${availableFiles.join(', ')}
+Return ONLY a JSON array of filenames that should be active. Do not include any explanation.
+Example: ["react.md", "typescript.md"]
+`;
+
+  const data = JSON.stringify({
+    model: 'gpt-4o-mini',
+    messages: [
+      { role: 'system', content: systemPrompt },
+      { role: 'user', content: prompt }
+    ],
+    temperature: 0,
+    response_format: { type: 'json_object' }
+  });
+
+  const options = {
+    hostname: 'api.openai.com',
+    path: '/v1/chat/completions',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': `Bearer ${apiKey}`
+    }
+  };
+
+  return new Promise((resolve) => {
+    const req = https.request(options, (res) => {
+      let body = '';
+      res.on('data', (chunk) => body += chunk);
+      res.on('end', () => {
+        try {
+          const response = JSON.parse(body);
+          const content = response.choices?.[0]?.message?.content;
+          if (content) {
+            // OpenAI JSON mode might return { "files": [...] } or just [...]
+            const parsed = JSON.parse(content);
+            const files = Array.isArray(parsed) ? parsed : (parsed.files || []);
+            resolve(files);
+          } else {
+            resolve(null);
+          }
+        } catch (e) {
+          resolve(null);
+        }
+      });
+    });
+    req.on('error', (e) => {
+      resolve(null);
+    });
+    req.write(data);
+    req.end();
+  });
+}
+
+// Helper: Keyword fallback
+function selectByKeywords(prompt) {
+  const selected = [];
+  const lowerPrompt = prompt.toLowerCase();
+  for (const [file, keywords] of Object.entries(KEYWORD_MAP)) {
+    if (keywords.some(k => lowerPrompt.includes(k))) {
+      selected.push(file);
+    }
+  }
+  return selected;
+}
+
+// Main Router Logic
+async function route(userPrompt) {
+  try {
+    ensureDirs();
+
+    // 1. Identify all managed files (active + inactive)
+    let activeFiles = [];
+    try { activeFiles = fs.readdirSync(RULES_DIR).filter(f => f.endsWith('.md')); } catch(e) {}
+    let inactiveFiles = [];
+    try { inactiveFiles = fs.readdirSync(INACTIVE_DIR).filter(f => f.endsWith('.md')); } catch(e) {}
+
+    // Managed files are those in KEYWORD_MAP
+    const allManagedFiles = Object.keys(KEYWORD_MAP);
+
+    // 2. Determine desired active files
+    let desiredFiles = [...ALWAYS_ACTIVE];
+
+    // Try AI routing if enabled
+    const available = [...new Set([...activeFiles, ...inactiveFiles, ...allManagedFiles])];
+
+    let aiSelected = null;
+    if (SEMANTIC_ROUTER_ENABLED) {
+        // Try OpenAI first
+        aiSelected = await analyzeWithOpenAI(userPrompt, available);
+
+        // If OpenAI fails or key is missing, try Claude
+        if (!aiSelected) {
+            aiSelected = await analyzeWithClaude(userPrompt, available);
+        }
+    }
+
+    if (aiSelected) {
+        desiredFiles.push(...aiSelected);
+    } else {
+        // Fallback to keywords
+        desiredFiles.push(...selectByKeywords(userPrompt));
+    }
+
+    // Deduplicate
+    desiredFiles = [...new Set(desiredFiles)];
+
+    // 3. Execution: Swap files
+    // Move unwanted managed files to inactive
+    for (const file of activeFiles) {
+        if (KEYWORD_MAP[file] && !desiredFiles.includes(file) && !ALWAYS_ACTIVE.includes(file)) {
+            const src = path.join(RULES_DIR, file);
+            const dest = path.join(INACTIVE_DIR, file);
+            if (fs.existsSync(src)) {
+                fs.renameSync(src, dest);
+                console.log(`[Router] Deactivated: ${file}`);
+            }
+        }
+    }
+
+    // Move wanted files to active
+    for (const file of desiredFiles) {
+        if (allManagedFiles.includes(file)) {
+             const inactivePath = path.join(INACTIVE_DIR, file);
+             const activePath = path.join(RULES_DIR, file);
+             if (fs.existsSync(inactivePath)) {
+                 fs.renameSync(inactivePath, activePath);
+                 console.log(`[Router] Activated: ${file}`);
+             }
+        }
+    }
+
+  } catch (error) {
+    console.error('[Semantic Router] Error:', error);
+  }
+}
+
+// Hook Entry Point
+const userPrompt = process.argv[2];
+if (userPrompt) {
+  route(userPrompt);
+}

package/config/rules/code-thresholds.md

@@ -0,0 +1,12 @@
+---
+description: Code size limits - file 300 LOC, function 50 LOC, parameters 5, complexity 10
+---
+
+# Code Thresholds
+
+## Threshold Limits
+
+* **File Length:** ≤ 300 LOC
+* **Function Length:** ≤ 50 LOC
+* **Parameters:** ≤ 5
+* **Cyclomatic Complexity:** ≤ 10

package/config/rules/commit.md

@@ -0,0 +1,49 @@
+---
+description: Git commit message format, types, and security checks for commits
+---
+
+# Commit Convention
+
+## Format
+
+```
+<type>: [<ticket>] <subject>
+
+<body>
+- Specific changes
+- Key logic explanation
+```
+
+## Types
+
+- feat: New feature
+- fix: Bug fix
+- refactor: Code improvement (no functionality change)
+- style: Formatting (no logic change)
+- docs: Documentation
+- test: Tests
+- chore: Build scripts, package manager, etc.
+
+## Rules
+
+- Title under 50 chars, in English
+- Body explains changes and reasons
+- NO emojis
+- NO AI attribution markers (Co-Authored-By, Generated with, etc.)
+- NO auto-commit without user request
+
+## Security Check
+
+- NEVER: Commit secrets (passwords/API keys/tokens)
+- NEVER: Commit sensitive data (PII/credit cards)
+- Stop immediately if secrets found
+
+## Example
+
+```
+feat: [PP-1234] Add user authentication
+
+- Implement JWT token validation
+- Add login/logout endpoints
+- Add refresh token rotation
+```