ai-sprint-kit 1.3.1 → 2.0.1

package/templates/.claude/commands/ai-sprint-test.md

@@ -1,352 +0,0 @@
----
-description: Generate and run automated tests with coverage analysis
-argument-hint: [optional: specific file or feature to test]
----
-
-## Command: /ai-sprint-test
-
-Generate comprehensive test suites and run them with coverage analysis. Ensures >80% code coverage with focus on critical paths.
-
-## Usage
-
-```
-/ai-sprint-test
-/ai-sprint-test src/auth/
-/ai-sprint-test "payment processing"
-```
-
-## Workflow
-
-### 1. Analyze Codebase
-- Identify untested code
-- Find critical paths (auth, payments, data mutations)
-- Check existing test patterns
-
-### 2. Generate Tests
-- **Unit tests** (70% of suite)
-- **Integration tests** (20%)
-- **E2E tests** (10%)
-
-### 3. Run Test Suite
-- Execute all tests
-- Generate coverage report
-- Identify gaps
-
-### 4. Security Tests
-- SQL injection prevention
-- XSS prevention
-- Auth bypass attempts
-- CSRF protection
-- Rate limiting
-
-## Test Generation
-
-### Unit Tests
-```typescript
-// Generated for: calculateDiscount function
-describe('calculateDiscount', () => {
-  it('calculates 10% discount correctly', () => {
-    expect(calculateDiscount(100, 10)).toBe(90);
-  });
-
-  it('handles zero discount', () => {
-    expect(calculateDiscount(100, 0)).toBe(100);
-  });
-
-  it('throws on invalid percentage', () => {
-    expect(() => calculateDiscount(100, 150)).toThrow();
-  });
-
-  it('handles decimal prices', () => {
-    expect(calculateDiscount(99.99, 20)).toBeCloseTo(79.99, 2);
-  });
-});
-```
-
-### Integration Tests
-```typescript
-// Generated for: POST /api/users endpoint
-describe('POST /api/users', () => {
-  it('creates user with valid data', async () => {
-    const response = await request(app)
-      .post('/api/users')
-      .send({
-        email: 'test@example.com',
-        password: 'SecurePass123!'
-      });
-
-    expect(response.status).toBe(201);
-    expect(response.body).toHaveProperty('id');
-    expect(response.body.email).toBe('test@example.com');
-  });
-
-  it('rejects invalid email', async () => {
-    const response = await request(app)
-      .post('/api/users')
-      .send({
-        email: 'invalid-email',
-        password: 'SecurePass123!'
-      });
-
-    expect(response.status).toBe(400);
-    expect(response.body.error).toContain('email');
-  });
-
-  it('requires strong password', async () => {
-    const response = await request(app)
-      .post('/api/users')
-      .send({
-        email: 'test@example.com',
-        password: '123'
-      });
-
-    expect(response.status).toBe(400);
-  });
-});
-```
-
-### Security Tests
-```typescript
-describe('Security: SQL Injection', () => {
-  it('prevents SQL injection in search', async () => {
-    const malicious = "'; DROP TABLE users; --";
-
-    const response = await request(app)
-      .get(`/api/search?q=${encodeURIComponent(malicious)}`);
-
-    expect(response.status).toBe(200);
-
-    // Verify database still intact
-    const users = await db.users.count();
-    expect(users).toBeGreaterThan(0);
-  });
-});
-
-describe('Security: XSS Prevention', () => {
-  it('sanitizes HTML input', async () => {
-    const xss = '<script>alert("xss")</script>';
-
-    const response = await request(app)
-      .post('/api/comments')
-      .send({ text: xss });
-
-    const comment = await db.comments.findUnique({
-      where: { id: response.body.id }
-    });
-
-    expect(comment.text).not.toContain('<script>');
-  });
-});
-
-describe('Security: Authentication', () => {
-  it('rejects unauthenticated requests', async () => {
-    const response = await request(app)
-      .get('/api/private-data');
-
-    expect(response.status).toBe(401);
-  });
-
-  it('rejects expired tokens', async () => {
-    const expiredToken = generateExpiredToken();
-
-    const response = await request(app)
-      .get('/api/private-data')
-      .set('Authorization', `Bearer ${expiredToken}`);
-
-    expect(response.status).toBe(401);
-  });
-});
-```
-
-### E2E Tests
-```typescript
-// Generated with Playwright
-test('complete checkout flow', async ({ page }) => {
-  // Login
-  await page.goto('/login');
-  await page.fill('[name="email"]', 'test@example.com');
-  await page.fill('[name="password"]', 'password');
-  await page.click('button[type="submit"]');
-
-  // Add to cart
-  await page.goto('/products');
-  await page.click('[data-testid="add-to-cart-1"]');
-
-  // Checkout
-  await page.goto('/checkout');
-  await page.fill('[name="cardNumber"]', '4242424242424242');
-  await page.fill('[name="expiry"]', '12/25');
-  await page.fill('[name="cvc"]', '123');
-  await page.click('button[type="submit"]');
-
-  // Verify success
-  await expect(page).toHaveURL('/order-confirmation');
-  await expect(page.locator('h1')).toContainText('Order Confirmed');
-});
-```
-
-## Running Tests
-
-### Commands
-```bash
-# Run all tests
-npm test
-
-# Run with coverage
-npm test -- --coverage
-
-# Run specific file
-npm test -- users.test.ts
-
-# Watch mode
-npm test -- --watch
-
-# Run E2E
-npm run test:e2e
-```
-
-## Coverage Report
-
-```
-## Test Coverage Report
-
-**Overall Coverage: 87.3%** ✅
-
-### By Category
-- Statements: 88.1%
-- Branches: 82.4%
-- Functions: 91.2%
-- Lines: 87.3%
-
-### Critical Paths (100% Required)
-✅ Authentication: 100%
-✅ Payment Processing: 100%
-✅ Data Mutations: 98.5%
-
-### Areas Needing Attention
-⚠️  utils/legacy.ts: 45% (below threshold)
-⚠️  api/webhooks.ts: 67% (below threshold)
-
-### Security Tests
-✅ SQL Injection: 15 tests passing
-✅ XSS Prevention: 12 tests passing
-✅ Auth Bypass: 8 tests passing
-✅ CSRF Protection: 6 tests passing
-
-### Test Execution
-- Total tests: 1,247
-- Passed: 1,245
-- Failed: 2
-- Duration: 12.3s
-
-### Failed Tests
-❌ api/users.test.ts:45 - should handle concurrent requests
-❌ e2e/checkout.test.ts:89 - should process payment
-
-### Recommendations
-1. Fix failing tests immediately
-2. Increase coverage in utils/legacy.ts
-3. Add integration tests for webhooks
-4. Consider performance benchmarks
-```
-
-## Success Criteria
-
-Tests are successful when:
-- ✅ Overall coverage ≥80%
-- ✅ Critical paths 100% covered
-- ✅ All tests pass
-- ✅ No flaky tests
-- ✅ Security tests included
-- ✅ Fast execution (<30s)
-
-## Integration with Other Commands
-
-**/ai-sprint-code** → **/ai-sprint-test**
-- After generating code, run /ai-sprint-test to create test suite
-
-**/ai-sprint-test** → **/ai-sprint-review**
-- After tests pass, run /ai-sprint-review for quality check
-
-**/ai-sprint-test** → **/ai-sprint-secure**
-- Security tests complement security scanning
-
-## Test Quality
-
-### Good Tests
-- ✅ Fast (<100ms for unit tests)
-- ✅ Isolated (no dependencies)
-- ✅ Repeatable (same result every time)
-- ✅ Clear (obvious what's being tested)
-- ✅ Focused (one thing per test)
-
-### Bad Tests
-- ❌ Slow (wait for timeouts)
-- ❌ Flaky (random failures)
-- ❌ Testing implementation details
-- ❌ Multiple assertions unrelated
-- ❌ No clear failure message
-
-## Common Test Patterns
-
-### API Testing
-```typescript
-describe('GET /api/products', () => {
-  it('returns paginated products', async () => {
-    const response = await request(app)
-      .get('/api/products?page=1&limit=10');
-
-    expect(response.status).toBe(200);
-    expect(response.body.products).toHaveLength(10);
-    expect(response.body).toHaveProperty('total');
-    expect(response.body).toHaveProperty('page');
-  });
-});
-```
-
-### Database Testing
-```typescript
-beforeEach(async () => {
-  await db.migrate.latest();
-  await db.seed.run();
-});
-
-afterEach(async () => {
-  await db.migrate.rollback();
-});
-
-test('creates user in database', async () => {
-  const user = await createUser({
-    email: 'test@example.com',
-    password: 'password'
-  });
-
-  const found = await db.users.findUnique({
-    where: { id: user.id }
-  });
-
-  expect(found.email).toBe('test@example.com');
-});
-```
-
-### Async Testing
-```typescript
-test('async operation succeeds', async () => {
-  const result = await fetchData();
-  expect(result).toBeDefined();
-});
-
-test('async operation fails', async () => {
-  await expect(fetchInvalidData()).rejects.toThrow('Not found');
-});
-```
-
-## Remember
-
-**Testing is mandatory:**
-- Production code requires tests
-- >80% coverage enforced
-- Security tests critical
-- Regression tests prevent bugs
-
-**Test early, test often.**

package/templates/.claude/commands/ai-sprint-validate.md

@@ -1,253 +0,0 @@
----
-description: Run comprehensive validation (tests + review + security + coverage)
-argument-hint: [optional: path or scope]
----
-
-## Command: /ai-sprint-validate
-
-Run all validation checks in one command: tests, code review, security scan, and coverage analysis.
-
-## Usage
-
-```
-/ai-sprint-validate
-/ai-sprint-validate src/
-/ai-sprint-validate --strict
-```
-
-## Workflow
-
-### 0. Initialize Context
-```bash
-# Get real-world timestamp
-date "+%y%m%d-%H%M"
-```
-
-Check `ai_context/memory/learning.md` for known validation issues.
-
-### 1. Run Tests
-- Execute test suite
-- Check coverage >= 80%
-- Identify failing tests
-
-### 2. Code Quality Review
-- Run linter
-- Check type safety
-- Analyze complexity
-- Identify code smells
-
-### 2.5. Design Principles Check (Warning)
-Run size checker:
-```bash
-python3 .claude/skills/quality-assurance/scripts/check-size.py
-```
-Flag as warnings (non-blocking):
-- Files >500 lines
-- Functions >50 lines
-
-### 3. Security Scan
-- SAST scanning
-- Secret detection
-- Dependency vulnerabilities
-- OWASP Top 10 compliance
-
-### 4. Generate Report
-Save to: `ai_context/reports/ai-sprint-validate-{timestamp}.md`
-
-## Validation Checks
-
-### Testing (Tester Agent)
-- [ ] All tests pass
-- [ ] Coverage >= 80%
-- [ ] No flaky tests
-- [ ] Critical paths tested
-- [ ] Security tests included
-
-### Code Quality (Reviewer Agent)
-- [ ] No linting errors
-- [ ] Types complete
-- [ ] No code smells
-- [ ] Documentation present
-
-### Design Principles (Warning only)
-- [ ] Files < 500 lines
-- [ ] Functions < 50 lines
-- [ ] No YAGNI violations
-- [ ] No SRP violations
-
-### Security (Security Agent)
-- [ ] No hardcoded secrets
-- [ ] Input validation present
-- [ ] SQL injection prevented
-- [ ] XSS prevented
-- [ ] Dependencies secure
-- [ ] OWASP Top 10 compliant
-
-## Report Format
-
-```markdown
-# Validation Report
-
-**Date:** {use bash: date "+%Y-%m-%d"}
-**Scope:** {files validated}
-**Status:** Pass / Fail
-
-## Summary
-
-| Category | Status | Issues |
-|----------|--------|--------|
-| Tests    | ✅/❌   | X      |
-| Coverage | ✅/❌   | X%     |
-| Quality  | ✅/❌   | X      |
-| Design   | ⚠️/✅   | X      |
-| Security | ✅/❌   | X      |
-
-## Test Results
-
-- Total: X tests
-- Passed: X
-- Failed: X
-- Coverage: X%
-
-## Code Quality
-
-### Issues Found
-- [severity] [file:line] - [description]
-
-### Recommendations
-- [specific improvements]
-
-## Security Scan
-
-### Vulnerabilities
-- [Critical] X issues
-- [High] X issues
-- [Medium] X issues
-- [Low] X issues
-
-### Secrets Detected
-- None / [file:line] - [type]
-
-### Dependency Vulnerabilities
-- [package] - [CVE] - [severity]
-
-## Quality Gates
-
-- [ ] Tests: All passing
-- [ ] Coverage: >= 80%
-- [ ] Quality: No critical issues
-- [ ] Security: No critical vulnerabilities
-- [ ] Secrets: None detected
-
-## Verdict
-
-**PASS** - Ready for deployment
-or
-**FAIL** - Issues must be fixed
-
-## Next Steps
-
-1. [Required actions]
-2. [Recommended improvements]
-```
-
-## Exit Codes
-
-- `0` - All validations pass
-- `1` - Test failures
-- `2` - Quality issues (critical)
-- `3` - Security vulnerabilities (critical)
-- `4` - Coverage below threshold
-
-## Options
-
-### --strict
-Fail on any warning-level issue:
-```
-/ai-sprint-validate --strict
-```
-
-### --fix
-Auto-fix fixable issues:
-```
-/ai-sprint-validate --fix
-```
-
-### --coverage N
-Set custom coverage threshold:
-```
-/ai-sprint-validate --coverage 90
-```
-
-## Agent Delegation
-
-`/ai-sprint-validate` orchestrates multiple agents:
-
-1. **Tester Agent** - Run tests, check coverage
-2. **Reviewer Agent** - Code quality analysis
-3. **Security Agent** - Security scanning
-
-Results are aggregated into single report.
-
-## Integration
-
-### Pre-Commit
-```bash
-# Run before each commit
-/ai-sprint-validate || exit 1
-```
-
-### CI/CD Pipeline
-```yaml
-- name: Validate
-  run: |
-    /ai-sprint-validate --strict
-    if [ $? -ne 0 ]; then
-      echo "Validation failed"
-      exit 1
-    fi
-```
-
-## Memory Integration
-
-Before validation:
-- Check `ai_context/memory/learning.md` for recurring issues
-
-After validation:
-- Update `ai_context/memory/learning.md` with new patterns
-- Save report to `ai_context/reports/ai-sprint-validate-{timestamp}.md`
-
-## Common Issues
-
-### Low Coverage
-- Identify untested code
-- Generate missing tests with `/ai-sprint-test`
-
-### Security Vulnerabilities
-- Fix immediately with `/ai-sprint-code`
-- Re-run `/ai-sprint-secure` to verify
-
-### Code Quality
-- Refactor with `/ai-sprint-code`
-- Re-run `/ai-sprint-review` to verify
-
-## Success Criteria
-
-Validation passes when:
-- ✅ All tests pass
-- ✅ Coverage >= 80%
-- ✅ No critical quality issues
-- ✅ No critical security vulnerabilities
-- ✅ No secrets detected
-- ✅ Dependencies secure
-
-## Remember
-
-**Validation is the last gate before deployment.**
-
-Run `/ai-sprint-validate` before:
-- Committing code
-- Creating pull requests
-- Deploying to any environment
-
-A passing validation means code is production-ready.

package/templates/.claude/settings.json

@@ -1,27 +0,0 @@
-{
-  "version": "1.0.0",
-  "framework": "ai-sprint",
-  "statusLine": {
-    "type": "command",
-    "command": ".claude/statusline.sh",
-    "padding": 0
-  },
-  "security": {
-    "enableSAST": true,
-    "enableSecretDetection": true,
-    "enableDependencyCheck": true
-  },
-  "agents": {
-    "defaultModel": "sonnet",
-    "plannerModel": "opus"
-  },
-  "approvalGates": {
-    "deployment": true,
-    "infrastructureChanges": true,
-    "securityFixes": false
-  },
-  "testing": {
-    "minimumCoverage": 80,
-    "autoRunTests": true
-  }
-}

package/templates/.claude/skills/codebase-context/SKILL.md

@@ -1,68 +0,0 @@
----
-name: codebase-context
-description: Efficient codebase understanding using scanned context. Activate when starting work on existing projects or after major code changes. Reads ai_context/ai-sprint-codebase/ documents for project structure and compressed code overview.
-license: MIT
----
-
-# Codebase Context
-
-Understand existing codebases efficiently using ai_context/ai-sprint-codebase/ documents.
-
-## When to Use
-
-**Starting work on existing project:**
-1. Check if `ai_context/ai-sprint-codebase/` exists
-2. Read structure.md for project layout
-3. Read overview.md for compressed codebase
-
-**After major changes:**
-- Run `/ai-sprint-scan` to refresh context
-
-## Context Files
-
-Located in `ai_context/ai-sprint-codebase/`:
-
-| File | Purpose | When to Read |
-|------|---------|--------------|
-| `structure.md` | Directory tree | First - understand layout |
-| `overview.md` | Compressed code | Second - understand patterns |
-| `repomix-output.xml` | Token-efficient format | For detailed AI queries |
-| `scan-metadata.json` | Scan statistics | Check freshness |
-
-## Reading Strategy
-
-Load: `references/reading-context.md`
-
-## Refresh Triggers
-
-Load: `references/refresh-triggers.md`
-
-## Quick Start
-
-```bash
-# Check if context exists
-ls ai_context/ai-sprint-codebase/
-
-# Read structure first (fast overview)
-cat ai_context/ai-sprint-codebase/structure.md
-
-# Then read overview (comprehensive)
-cat ai_context/ai-sprint-codebase/overview.md
-```
-
-## Token Efficiency
-
-| Task | Best Source |
-|------|-------------|
-| Project structure | structure.md |
-| How feature works | overview.md |
-| Find all API routes | repomix-output.xml |
-| Check specific file | Read file directly |
-
-## Integration
-
-Before planning or implementing:
-1. Check if codebase context exists
-2. Read structure for project layout
-3. Reference patterns from overview
-4. Refresh with `/ai-sprint-scan` if stale (>1 day)