aios-core 2.1.5 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (392) hide show
  1. package/.aios-core/core/README.md +229 -229
  2. package/.aios-core/core/data/agent-config-requirements.yaml +368 -368
  3. package/.aios-core/core/data/aios-kb.md +923 -923
  4. package/.aios-core/core/data/workflow-patterns.yaml +267 -267
  5. package/.aios-core/core/docs/SHARD-TRANSLATION-GUIDE.md +335 -335
  6. package/.aios-core/core/docs/component-creation-guide.md +457 -457
  7. package/.aios-core/core/docs/session-update-pattern.md +307 -307
  8. package/.aios-core/core/docs/template-syntax.md +266 -266
  9. package/.aios-core/core/docs/troubleshooting-guide.md +624 -624
  10. package/.aios-core/core/elicitation/elicitation-engine.js +1 -1
  11. package/.aios-core/core/index.esm.js +42 -42
  12. package/.aios-core/core/index.js +1 -1
  13. package/.aios-core/core/migration/migration-config.yaml +83 -83
  14. package/.aios-core/core/migration/module-mapping.yaml +89 -89
  15. package/.aios-core/core/quality-gates/layer2-pr-automation.js +1 -1
  16. package/.aios-core/core/quality-gates/quality-gate-config.yaml +86 -86
  17. package/.aios-core/core/registry/README.md +179 -179
  18. package/.aios-core/core/utils/security-utils.js +1 -1
  19. package/.aios-core/core-config.yaml +391 -382
  20. package/.aios-core/data/agent-config-requirements.yaml +368 -368
  21. package/.aios-core/data/aios-kb.md +923 -923
  22. package/.aios-core/data/technical-preferences.md +3 -3
  23. package/.aios-core/data/workflow-patterns.yaml +267 -267
  24. package/.aios-core/development/README.md +142 -142
  25. package/.aios-core/development/agent-teams/team-all.yaml +15 -15
  26. package/.aios-core/development/agent-teams/team-fullstack.yaml +18 -18
  27. package/.aios-core/development/agent-teams/team-ide-minimal.yaml +10 -10
  28. package/.aios-core/development/agent-teams/team-no-ui.yaml +13 -13
  29. package/.aios-core/development/agent-teams/team-qa-focused.yaml +155 -155
  30. package/.aios-core/development/agents/aios-master.md +339 -339
  31. package/.aios-core/development/agents/analyst.md +195 -195
  32. package/.aios-core/development/agents/architect.md +359 -359
  33. package/.aios-core/development/agents/data-engineer.md +468 -468
  34. package/.aios-core/development/agents/dev.md +390 -390
  35. package/.aios-core/development/agents/devops.md +398 -398
  36. package/.aios-core/development/agents/pm.md +198 -198
  37. package/.aios-core/development/agents/po.md +256 -256
  38. package/.aios-core/development/agents/qa.md +312 -312
  39. package/.aios-core/development/agents/sm.md +220 -220
  40. package/.aios-core/development/agents/ux-design-expert.md +451 -451
  41. package/.aios-core/development/scripts/greeting-config-cli.js +85 -85
  42. package/.aios-core/development/tasks/add-mcp.md +319 -319
  43. package/.aios-core/development/tasks/advanced-elicitation.md +318 -318
  44. package/.aios-core/development/tasks/analyst-facilitate-brainstorming.md +341 -341
  45. package/.aios-core/development/tasks/analyze-brownfield.md +456 -0
  46. package/.aios-core/development/tasks/analyze-framework.md +696 -696
  47. package/.aios-core/development/tasks/analyze-performance.md +637 -637
  48. package/.aios-core/development/tasks/apply-qa-fixes.md +340 -340
  49. package/.aios-core/development/tasks/architect-analyze-impact.md +826 -826
  50. package/.aios-core/development/tasks/audit-codebase.md +429 -429
  51. package/.aios-core/development/tasks/audit-tailwind-config.md +270 -270
  52. package/.aios-core/development/tasks/audit-utilities.md +358 -358
  53. package/.aios-core/development/tasks/bootstrap-shadcn-library.md +286 -286
  54. package/.aios-core/development/tasks/brownfield-create-epic.md +485 -485
  55. package/.aios-core/development/tasks/brownfield-create-story.md +356 -356
  56. package/.aios-core/development/tasks/build-component.md +478 -478
  57. package/.aios-core/development/tasks/calculate-roi.md +455 -455
  58. package/.aios-core/development/tasks/ci-cd-configuration.md +764 -764
  59. package/.aios-core/development/tasks/cleanup-utilities.md +670 -670
  60. package/.aios-core/development/tasks/collaborative-edit.md +1108 -1108
  61. package/.aios-core/development/tasks/compose-molecule.md +284 -284
  62. package/.aios-core/development/tasks/consolidate-patterns.md +414 -414
  63. package/.aios-core/development/tasks/correct-course.md +279 -279
  64. package/.aios-core/development/tasks/create-agent.md +321 -321
  65. package/.aios-core/development/tasks/create-brownfield-story.md +726 -726
  66. package/.aios-core/development/tasks/create-deep-research-prompt.md +498 -498
  67. package/.aios-core/development/tasks/create-doc.md +316 -316
  68. package/.aios-core/development/tasks/create-next-story.md +774 -774
  69. package/.aios-core/development/tasks/create-suite.md +283 -283
  70. package/.aios-core/development/tasks/create-task.md +371 -371
  71. package/.aios-core/development/tasks/create-workflow.md +370 -370
  72. package/.aios-core/development/tasks/db-analyze-hotpaths.md +572 -572
  73. package/.aios-core/development/tasks/db-apply-migration.md +381 -381
  74. package/.aios-core/development/tasks/db-bootstrap.md +642 -642
  75. package/.aios-core/development/tasks/db-domain-modeling.md +693 -693
  76. package/.aios-core/development/tasks/db-dry-run.md +293 -293
  77. package/.aios-core/development/tasks/db-env-check.md +260 -260
  78. package/.aios-core/development/tasks/db-expansion-pack-integration.md +663 -663
  79. package/.aios-core/development/tasks/db-explain.md +631 -631
  80. package/.aios-core/development/tasks/db-impersonate.md +495 -495
  81. package/.aios-core/development/tasks/db-load-csv.md +593 -593
  82. package/.aios-core/development/tasks/db-policy-apply.md +653 -653
  83. package/.aios-core/development/tasks/db-rls-audit.md +411 -411
  84. package/.aios-core/development/tasks/db-rollback.md +739 -739
  85. package/.aios-core/development/tasks/db-run-sql.md +613 -613
  86. package/.aios-core/development/tasks/db-schema-audit.md +1011 -1011
  87. package/.aios-core/development/tasks/db-seed.md +390 -390
  88. package/.aios-core/development/tasks/db-smoke-test.md +351 -351
  89. package/.aios-core/development/tasks/db-snapshot.md +569 -569
  90. package/.aios-core/development/tasks/db-supabase-setup.md +712 -712
  91. package/.aios-core/development/tasks/db-verify-order.md +515 -515
  92. package/.aios-core/development/tasks/deprecate-component.md +956 -956
  93. package/.aios-core/development/tasks/dev-apply-qa-fixes.md +318 -318
  94. package/.aios-core/development/tasks/dev-backlog-debt.md +469 -469
  95. package/.aios-core/development/tasks/dev-develop-story.md +846 -846
  96. package/.aios-core/development/tasks/dev-improve-code-quality.md +872 -872
  97. package/.aios-core/development/tasks/dev-optimize-performance.md +1033 -1033
  98. package/.aios-core/development/tasks/dev-suggest-refactoring.md +870 -870
  99. package/.aios-core/development/tasks/dev-validate-next-story.md +348 -348
  100. package/.aios-core/development/tasks/document-project.md +552 -552
  101. package/.aios-core/development/tasks/environment-bootstrap.md +1311 -1311
  102. package/.aios-core/development/tasks/execute-checklist.md +301 -301
  103. package/.aios-core/development/tasks/export-design-tokens-dtcg.md +274 -274
  104. package/.aios-core/development/tasks/extend-pattern.md +269 -269
  105. package/.aios-core/development/tasks/extract-tokens.md +467 -467
  106. package/.aios-core/development/tasks/facilitate-brainstorming-session.md +518 -518
  107. package/.aios-core/development/tasks/generate-ai-frontend-prompt.md +260 -260
  108. package/.aios-core/development/tasks/generate-documentation.md +284 -284
  109. package/.aios-core/development/tasks/generate-migration-strategy.md +522 -522
  110. package/.aios-core/development/tasks/generate-shock-report.md +501 -501
  111. package/.aios-core/development/tasks/github-devops-github-pr-automation.md +427 -427
  112. package/.aios-core/development/tasks/github-devops-pre-push-quality-gate.md +733 -733
  113. package/.aios-core/development/tasks/github-devops-repository-cleanup.md +374 -374
  114. package/.aios-core/development/tasks/github-devops-version-management.md +483 -483
  115. package/.aios-core/development/tasks/improve-self.md +822 -822
  116. package/.aios-core/development/tasks/index-docs.md +387 -387
  117. package/.aios-core/development/tasks/init-project-status.md +506 -506
  118. package/.aios-core/development/tasks/integrate-expansion-pack.md +314 -314
  119. package/.aios-core/development/tasks/kb-mode-interaction.md +283 -283
  120. package/.aios-core/development/tasks/learn-patterns.md +900 -900
  121. package/.aios-core/development/tasks/mcp-workflow.md +437 -437
  122. package/.aios-core/development/tasks/modify-agent.md +381 -381
  123. package/.aios-core/development/tasks/modify-task.md +424 -424
  124. package/.aios-core/development/tasks/modify-workflow.md +465 -465
  125. package/.aios-core/development/tasks/po-backlog-add.md +370 -370
  126. package/.aios-core/development/tasks/po-manage-story-backlog.md +523 -523
  127. package/.aios-core/development/tasks/po-pull-story-from-clickup.md +540 -540
  128. package/.aios-core/development/tasks/po-pull-story.md +316 -316
  129. package/.aios-core/development/tasks/po-stories-index.md +351 -351
  130. package/.aios-core/development/tasks/po-sync-story-to-clickup.md +457 -457
  131. package/.aios-core/development/tasks/po-sync-story.md +303 -303
  132. package/.aios-core/development/tasks/pr-automation.md +701 -701
  133. package/.aios-core/development/tasks/propose-modification.md +842 -842
  134. package/.aios-core/development/tasks/qa-backlog-add-followup.md +425 -425
  135. package/.aios-core/development/tasks/qa-gate.md +373 -373
  136. package/.aios-core/development/tasks/qa-generate-tests.md +1174 -1174
  137. package/.aios-core/development/tasks/qa-nfr-assess.md +557 -557
  138. package/.aios-core/development/tasks/qa-review-proposal.md +1157 -1157
  139. package/.aios-core/development/tasks/qa-review-story.md +682 -682
  140. package/.aios-core/development/tasks/qa-risk-profile.md +566 -566
  141. package/.aios-core/development/tasks/qa-run-tests.md +277 -277
  142. package/.aios-core/development/tasks/qa-test-design.md +387 -387
  143. package/.aios-core/development/tasks/qa-trace-requirements.md +476 -476
  144. package/.aios-core/development/tasks/release-management.md +723 -723
  145. package/.aios-core/development/tasks/security-audit.md +554 -554
  146. package/.aios-core/development/tasks/security-scan.md +790 -790
  147. package/.aios-core/development/tasks/setup-database.md +741 -741
  148. package/.aios-core/development/tasks/setup-design-system.md +462 -462
  149. package/.aios-core/development/tasks/setup-github.md +874 -874
  150. package/.aios-core/development/tasks/setup-llm-routing.md +1 -1
  151. package/.aios-core/development/tasks/setup-mcp-docker.md +584 -584
  152. package/.aios-core/development/tasks/setup-project-docs.md +440 -0
  153. package/.aios-core/development/tasks/shard-doc.md +537 -537
  154. package/.aios-core/development/tasks/sm-create-next-story.md +480 -480
  155. package/.aios-core/development/tasks/sync-documentation.md +864 -864
  156. package/.aios-core/development/tasks/tailwind-upgrade.md +294 -294
  157. package/.aios-core/development/tasks/test-as-user.md +621 -621
  158. package/.aios-core/development/tasks/test-validation-task.md +171 -171
  159. package/.aios-core/development/tasks/undo-last.md +346 -346
  160. package/.aios-core/development/tasks/update-manifest.md +409 -409
  161. package/.aios-core/development/tasks/ux-create-wireframe.md +617 -617
  162. package/.aios-core/development/tasks/ux-ds-scan-artifact.md +672 -672
  163. package/.aios-core/development/tasks/ux-user-research.md +559 -559
  164. package/.aios-core/development/tasks/validate-next-story.md +422 -422
  165. package/.aios-core/development/workflows/README.md +83 -83
  166. package/.aios-core/development/workflows/brownfield-fullstack.yaml +297 -297
  167. package/.aios-core/development/workflows/brownfield-service.yaml +187 -187
  168. package/.aios-core/development/workflows/brownfield-ui.yaml +197 -197
  169. package/.aios-core/development/workflows/greenfield-fullstack.yaml +333 -333
  170. package/.aios-core/development/workflows/greenfield-service.yaml +206 -206
  171. package/.aios-core/development/workflows/greenfield-ui.yaml +235 -235
  172. package/.aios-core/docs/SHARD-TRANSLATION-GUIDE.md +335 -335
  173. package/.aios-core/docs/component-creation-guide.md +457 -457
  174. package/.aios-core/docs/session-update-pattern.md +307 -307
  175. package/.aios-core/docs/standards/AGENT-PERSONALIZATION-STANDARD-V1.md +572 -572
  176. package/.aios-core/docs/standards/AIOS-COLOR-PALETTE-QUICK-REFERENCE.md +185 -185
  177. package/.aios-core/docs/standards/AIOS-COLOR-PALETTE-V2.1.md +354 -354
  178. package/.aios-core/docs/standards/AIOS-FRAMEWORK-MASTER.md +1963 -1963
  179. package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.1-COMPLETE.md +821 -821
  180. package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.1-SUMMARY.md +1190 -1190
  181. package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.1.md +439 -439
  182. package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO-V2.2-SUMMARY.md +1339 -1339
  183. package/.aios-core/docs/standards/AIOS-LIVRO-DE-OURO.md +5398 -5398
  184. package/.aios-core/docs/standards/EXECUTOR-DECISION-TREE.md +697 -697
  185. package/.aios-core/docs/standards/OPEN-SOURCE-VS-SERVICE-DIFFERENCES.md +511 -511
  186. package/.aios-core/docs/standards/QUALITY-GATES-SPECIFICATION.md +556 -556
  187. package/.aios-core/docs/standards/STANDARDS-INDEX.md +210 -210
  188. package/.aios-core/docs/standards/STORY-TEMPLATE-V2-SPECIFICATION.md +550 -550
  189. package/.aios-core/docs/standards/TASK-FORMAT-SPECIFICATION-V1.md +1414 -1414
  190. package/.aios-core/docs/standards/V3-ARCHITECTURAL-DECISIONS.md +523 -523
  191. package/.aios-core/docs/template-syntax.md +266 -266
  192. package/.aios-core/docs/troubleshooting-guide.md +624 -624
  193. package/.aios-core/index.esm.js +15 -15
  194. package/.aios-core/index.js +1 -1
  195. package/.aios-core/infrastructure/README.md +126 -126
  196. package/.aios-core/infrastructure/integrations/pm-adapters/README.md +59 -59
  197. package/.aios-core/infrastructure/scripts/approval-workflow.js +1 -1
  198. package/.aios-core/infrastructure/scripts/batch-creator.js +1 -1
  199. package/.aios-core/infrastructure/scripts/component-generator.js +3 -3
  200. package/.aios-core/infrastructure/scripts/component-metadata.js +1 -1
  201. package/.aios-core/infrastructure/scripts/component-search.js +1 -1
  202. package/.aios-core/infrastructure/scripts/coverage-analyzer.js +1 -1
  203. package/.aios-core/infrastructure/scripts/dependency-analyzer.js +1 -1
  204. package/.aios-core/infrastructure/scripts/dependency-impact-analyzer.js +1 -1
  205. package/.aios-core/infrastructure/scripts/documentation-integrity/brownfield-analyzer.js +501 -0
  206. package/.aios-core/infrastructure/scripts/documentation-integrity/config-generator.js +368 -0
  207. package/.aios-core/infrastructure/scripts/documentation-integrity/deployment-config-loader.js +308 -0
  208. package/.aios-core/infrastructure/scripts/documentation-integrity/doc-generator.js +331 -0
  209. package/.aios-core/infrastructure/scripts/documentation-integrity/gitignore-generator.js +312 -0
  210. package/.aios-core/infrastructure/scripts/documentation-integrity/index.js +74 -0
  211. package/.aios-core/infrastructure/scripts/documentation-integrity/mode-detector.js +389 -0
  212. package/.aios-core/infrastructure/scripts/framework-analyzer.js +1 -1
  213. package/.aios-core/infrastructure/scripts/improvement-engine.js +1 -1
  214. package/.aios-core/infrastructure/scripts/llm-routing/install-llm-routing.js +26 -13
  215. package/.aios-core/infrastructure/scripts/llm-routing/templates/claude-free-tracked.cmd +127 -0
  216. package/.aios-core/infrastructure/scripts/llm-routing/templates/claude-free-tracked.sh +108 -0
  217. package/.aios-core/infrastructure/scripts/llm-routing/templates/deepseek-proxy.cmd +71 -0
  218. package/.aios-core/infrastructure/scripts/llm-routing/templates/deepseek-proxy.sh +65 -0
  219. package/.aios-core/infrastructure/scripts/llm-routing/templates/deepseek-usage.cmd +51 -0
  220. package/.aios-core/infrastructure/scripts/llm-routing/templates/deepseek-usage.sh +16 -0
  221. package/.aios-core/infrastructure/scripts/llm-routing/usage-tracker/index.js +549 -0
  222. package/.aios-core/infrastructure/scripts/modification-risk-assessment.js +1 -1
  223. package/.aios-core/infrastructure/scripts/performance-analyzer.js +1 -1
  224. package/.aios-core/infrastructure/scripts/pm-adapter.js +134 -134
  225. package/.aios-core/infrastructure/scripts/repository-detector.js +3 -3
  226. package/.aios-core/infrastructure/scripts/template-engine.js +1 -1
  227. package/.aios-core/infrastructure/scripts/template-validator.js +1 -1
  228. package/.aios-core/infrastructure/scripts/test-generator.js +1 -1
  229. package/.aios-core/infrastructure/scripts/test-quality-assessment.js +1 -1
  230. package/.aios-core/infrastructure/scripts/transaction-manager.js +1 -1
  231. package/.aios-core/infrastructure/scripts/usage-analytics.js +1 -1
  232. package/.aios-core/infrastructure/scripts/visual-impact-generator.js +2 -2
  233. package/.aios-core/infrastructure/templates/core-config/core-config-brownfield.tmpl.yaml +176 -0
  234. package/.aios-core/infrastructure/templates/core-config/core-config-greenfield.tmpl.yaml +127 -0
  235. package/.aios-core/infrastructure/templates/github-workflows/README.md +109 -109
  236. package/.aios-core/infrastructure/templates/gitignore/gitignore-aios-base.tmpl +63 -0
  237. package/.aios-core/infrastructure/templates/gitignore/gitignore-brownfield-merge.tmpl +18 -0
  238. package/.aios-core/infrastructure/templates/gitignore/gitignore-node.tmpl +85 -0
  239. package/.aios-core/infrastructure/templates/gitignore/gitignore-python.tmpl +145 -0
  240. package/.aios-core/infrastructure/templates/project-docs/coding-standards-tmpl.md +346 -0
  241. package/.aios-core/infrastructure/templates/project-docs/source-tree-tmpl.md +177 -0
  242. package/.aios-core/infrastructure/templates/project-docs/tech-stack-tmpl.md +267 -0
  243. package/.aios-core/infrastructure/tests/regression-suite-v2.md +621 -621
  244. package/.aios-core/infrastructure/tools/README.md +222 -222
  245. package/.aios-core/infrastructure/tools/cli/github-cli.yaml +200 -200
  246. package/.aios-core/infrastructure/tools/cli/railway-cli.yaml +260 -260
  247. package/.aios-core/infrastructure/tools/cli/supabase-cli.yaml +224 -224
  248. package/.aios-core/infrastructure/tools/local/ffmpeg.yaml +261 -261
  249. package/.aios-core/infrastructure/tools/mcp/21st-dev-magic.yaml +127 -127
  250. package/.aios-core/infrastructure/tools/mcp/browser.yaml +103 -103
  251. package/.aios-core/infrastructure/tools/mcp/clickup.yaml +534 -534
  252. package/.aios-core/infrastructure/tools/mcp/context7.yaml +78 -78
  253. package/.aios-core/infrastructure/tools/mcp/desktop-commander.yaml +180 -180
  254. package/.aios-core/infrastructure/tools/mcp/exa.yaml +103 -103
  255. package/.aios-core/infrastructure/tools/mcp/google-workspace.yaml +930 -930
  256. package/.aios-core/infrastructure/tools/mcp/n8n.yaml +551 -551
  257. package/.aios-core/infrastructure/tools/mcp/supabase.yaml +808 -808
  258. package/.aios-core/install-manifest.yaml +347 -347
  259. package/.aios-core/product/README.md +56 -56
  260. package/.aios-core/product/checklists/accessibility-wcag-checklist.md +80 -0
  261. package/.aios-core/product/checklists/architect-checklist.md +443 -443
  262. package/.aios-core/product/checklists/change-checklist.md +182 -182
  263. package/.aios-core/product/checklists/component-quality-checklist.md +74 -0
  264. package/.aios-core/product/checklists/database-design-checklist.md +119 -119
  265. package/.aios-core/product/checklists/dba-predeploy-checklist.md +97 -97
  266. package/.aios-core/product/checklists/dba-rollback-checklist.md +99 -99
  267. package/.aios-core/product/checklists/migration-readiness-checklist.md +75 -0
  268. package/.aios-core/product/checklists/pattern-audit-checklist.md +88 -0
  269. package/.aios-core/product/checklists/pm-checklist.md +375 -375
  270. package/.aios-core/product/checklists/po-master-checklist.md +441 -441
  271. package/.aios-core/product/checklists/pre-push-checklist.md +108 -108
  272. package/.aios-core/product/checklists/release-checklist.md +122 -122
  273. package/.aios-core/product/checklists/story-dod-checklist.md +101 -101
  274. package/.aios-core/product/checklists/story-draft-checklist.md +215 -215
  275. package/.aios-core/product/data/atomic-design-principles.md +108 -0
  276. package/.aios-core/product/data/brainstorming-techniques.md +36 -36
  277. package/.aios-core/product/data/consolidation-algorithms.md +142 -0
  278. package/.aios-core/product/data/database-best-practices.md +182 -0
  279. package/.aios-core/product/data/design-token-best-practices.md +107 -0
  280. package/.aios-core/product/data/elicitation-methods.md +134 -134
  281. package/.aios-core/product/data/integration-patterns.md +207 -0
  282. package/.aios-core/product/data/migration-safety-guide.md +329 -0
  283. package/.aios-core/product/data/mode-selection-best-practices.md +471 -471
  284. package/.aios-core/product/data/postgres-tuning-guide.md +300 -0
  285. package/.aios-core/product/data/rls-security-patterns.md +333 -0
  286. package/.aios-core/product/data/roi-calculation-guide.md +142 -0
  287. package/.aios-core/product/data/supabase-patterns.md +330 -0
  288. package/.aios-core/product/data/test-levels-framework.md +148 -148
  289. package/.aios-core/product/data/test-priorities-matrix.md +174 -174
  290. package/.aios-core/product/data/wcag-compliance-guide.md +267 -0
  291. package/.aios-core/product/templates/1mcp-config.yaml +225 -225
  292. package/.aios-core/product/templates/activation-instructions-inline-greeting.yaml +63 -63
  293. package/.aios-core/product/templates/activation-instructions-template.md +258 -258
  294. package/.aios-core/product/templates/agent-template.yaml +120 -120
  295. package/.aios-core/product/templates/architecture-tmpl.yaml +650 -650
  296. package/.aios-core/product/templates/brainstorming-output-tmpl.yaml +155 -155
  297. package/.aios-core/product/templates/brownfield-architecture-tmpl.yaml +475 -475
  298. package/.aios-core/product/templates/brownfield-prd-tmpl.yaml +279 -279
  299. package/.aios-core/product/templates/changelog-template.md +134 -134
  300. package/.aios-core/product/templates/command-rationalization-matrix.md +152 -152
  301. package/.aios-core/product/templates/competitor-analysis-tmpl.yaml +292 -292
  302. package/.aios-core/product/templates/design-story-tmpl.yaml +587 -587
  303. package/.aios-core/product/templates/ds-artifact-analysis.md +70 -70
  304. package/.aios-core/product/templates/front-end-architecture-tmpl.yaml +205 -205
  305. package/.aios-core/product/templates/front-end-spec-tmpl.yaml +348 -348
  306. package/.aios-core/product/templates/fullstack-architecture-tmpl.yaml +804 -804
  307. package/.aios-core/product/templates/github-pr-template.md +67 -67
  308. package/.aios-core/product/templates/gordon-mcp.yaml +140 -140
  309. package/.aios-core/product/templates/ide-rules/antigravity-rules.md +115 -115
  310. package/.aios-core/product/templates/ide-rules/claude-rules.md +221 -221
  311. package/.aios-core/product/templates/ide-rules/cline-rules.md +84 -84
  312. package/.aios-core/product/templates/ide-rules/copilot-rules.md +92 -92
  313. package/.aios-core/product/templates/ide-rules/cursor-rules.md +115 -115
  314. package/.aios-core/product/templates/ide-rules/gemini-rules.md +85 -85
  315. package/.aios-core/product/templates/ide-rules/roo-rules.md +86 -86
  316. package/.aios-core/product/templates/ide-rules/trae-rules.md +104 -104
  317. package/.aios-core/product/templates/ide-rules/windsurf-rules.md +80 -80
  318. package/.aios-core/product/templates/index-strategy-tmpl.yaml +53 -53
  319. package/.aios-core/product/templates/market-research-tmpl.yaml +251 -251
  320. package/.aios-core/product/templates/mcp-workflow.js +271 -271
  321. package/.aios-core/product/templates/migration-plan-tmpl.yaml +1022 -1022
  322. package/.aios-core/product/templates/migration-strategy-tmpl.md +524 -524
  323. package/.aios-core/product/templates/personalized-agent-template.md +258 -258
  324. package/.aios-core/product/templates/personalized-checklist-template.md +340 -340
  325. package/.aios-core/product/templates/personalized-task-template-v2.md +905 -905
  326. package/.aios-core/product/templates/personalized-task-template.md +344 -344
  327. package/.aios-core/product/templates/personalized-template-file.yaml +322 -322
  328. package/.aios-core/product/templates/personalized-workflow-template.yaml +460 -460
  329. package/.aios-core/product/templates/prd-tmpl.yaml +201 -201
  330. package/.aios-core/product/templates/project-brief-tmpl.yaml +220 -220
  331. package/.aios-core/product/templates/qa-gate-tmpl.yaml +240 -240
  332. package/.aios-core/product/templates/rls-policies-tmpl.yaml +1203 -1203
  333. package/.aios-core/product/templates/schema-design-tmpl.yaml +428 -428
  334. package/.aios-core/product/templates/state-persistence-tmpl.yaml +219 -219
  335. package/.aios-core/product/templates/story-tmpl.yaml +331 -331
  336. package/.aios-core/product/templates/task-execution-report.md +495 -495
  337. package/.aios-core/product/templates/task-template.md +122 -122
  338. package/.aios-core/product/templates/token-exports-tailwind-tmpl.js +395 -395
  339. package/.aios-core/product/templates/tokens-schema-tmpl.yaml +305 -305
  340. package/.aios-core/product/templates/workflow-template.yaml +133 -133
  341. package/.aios-core/scripts/README.md +354 -354
  342. package/.aios-core/scripts/aios-doc-template.md +325 -325
  343. package/.aios-core/scripts/elicitation-engine.js +1 -1
  344. package/.aios-core/scripts/test-template-system.js +1 -1
  345. package/.aios-core/scripts/workflow-management.md +69 -69
  346. package/.aios-core/user-guide.md +1413 -1413
  347. package/.aios-core/working-in-the-brownfield.md +361 -361
  348. package/LICENSE +1 -1
  349. package/README.md +702 -703
  350. package/bin/aios-init-old.js +3 -3
  351. package/bin/aios-init-v4.js +1 -1
  352. package/bin/aios-init.backup-v1.1.4.js +1 -1
  353. package/bin/aios-init.js +3 -3
  354. package/bin/aios.js +279 -279
  355. package/bin/utils/install-errors.js +339 -339
  356. package/bin/utils/install-transaction.js +445 -445
  357. package/index.d.ts +18 -18
  358. package/index.esm.js +20 -20
  359. package/index.js +6 -6
  360. package/package.json +8 -10
  361. package/packages/installer/src/config/templates/env-template.js +27 -4
  362. package/packages/installer/src/detection/detect-project-type.js +81 -81
  363. package/packages/installer/src/wizard/wizard.js +185 -34
  364. package/packages/installer/tests/integration/environment-configuration.test.js +2 -1
  365. package/packages/installer/tests/integration/wizard-detection.test.js +8 -6
  366. package/packages/installer/tests/unit/env-template.test.js +11 -10
  367. package/src/config/ide-configs.js +1 -1
  368. package/src/wizard/feedback.js +2 -2
  369. package/src/wizard/index.js +1 -1
  370. package/src/wizard/validation/report-generator.js +1 -1
  371. package/src/wizard/validation/troubleshooting-system.js +13 -13
  372. package/.aios-core/development/tasks/validate-structure.md +0 -243
  373. package/.aios-core/infrastructure/scripts/_archived/final-todo-count.js +0 -122
  374. package/.aios-core/infrastructure/scripts/_archived/fix-yaml-formatting.js +0 -89
  375. package/.aios-core/infrastructure/scripts/_archived/migration-generator.js +0 -780
  376. package/.aios-core/infrastructure/scripts/_archived/migration-path-generator.js +0 -950
  377. package/.aios-core/infrastructure/scripts/_archived/phase2-entrada-saida-errors.js +0 -425
  378. package/.aios-core/infrastructure/scripts/_archived/phase2-spot-check.js +0 -132
  379. package/.aios-core/infrastructure/scripts/_archived/phase3-tools-scripts-validation.js +0 -381
  380. package/.aios-core/infrastructure/scripts/_archived/phase4-metadata-performance.js +0 -203
  381. package/.aios-core/infrastructure/scripts/_archived/test-yaml-parsing.js +0 -24
  382. package/.aios-core/infrastructure/scripts/_archived/verify-yaml-fix.js +0 -51
  383. package/.aios-core/infrastructure/scripts/source-tree-guardian/index.js +0 -375
  384. package/.aios-core/infrastructure/scripts/source-tree-guardian/manifest-generator.js +0 -410
  385. package/.aios-core/infrastructure/scripts/source-tree-guardian/rules/naming-rules.yaml +0 -285
  386. package/.aios-core/infrastructure/scripts/source-tree-guardian/rules/placement-rules.yaml +0 -262
  387. package/.aios-core/infrastructure/scripts/source-tree-guardian/validator.js +0 -468
  388. package/.aios-core/tasks/find-component.md.legacy +0 -391
  389. package/.aios-core/tasks/generate-commit-message.md.legacy +0 -426
  390. package/.aios-core/tasks/generate-migration.md.legacy +0 -382
  391. package/.aios-core/tasks/rollback-modification.md.legacy +0 -307
  392. package/.aios-core/tasks/update-tests.md.legacy +0 -283
package/.aios-core/development/tasks/qa-risk-profile.md CHANGED
@@ -1,567 +1,567 @@
1
- <!--
2
- ## Execution Modes
3
-
4
- **Choose your execution mode:**
5
-
6
- ### 1. YOLO Mode - Fast, Autonomous (0-1 prompts)
7
- - Autonomous decision making with logging
8
- - Minimal user interaction
9
- - **Best for:** Simple, deterministic tasks
10
-
11
- ### 2. Interactive Mode - Balanced, Educational (5-10 prompts) **[DEFAULT]**
12
- - Explicit decision checkpoints
13
- - Educational explanations
14
- - **Best for:** Learning, complex decisions
15
-
16
- ### 3. Pre-Flight Planning - Comprehensive Upfront Planning
17
- - Task analysis phase (identify all ambiguities)
18
- - Zero ambiguity execution
19
- - **Best for:** Ambiguous requirements, critical work
20
-
21
- **Parameter:** `mode` (optional, default: `interactive`)
22
-
23
- ---
24
-
25
- ## Task Definition (AIOS Task Format V1.0)
26
-
27
- ```yaml
28
- task: qaRiskProfile()
29
- responsável: Quinn (Guardian)
30
- responsavel_type: Agente
31
- atomic_layer: Strategy
32
-
33
- **Entrada:**
34
- - campo: target
35
- tipo: string
36
- origem: User Input
37
- obrigatório: true
38
- validação: Must exist
39
-
40
- - campo: criteria
41
- tipo: array
42
- origem: config
43
- obrigatório: true
44
- validação: Non-empty validation criteria
45
-
46
- - campo: strict
47
- tipo: boolean
48
- origem: User Input
49
- obrigatório: false
50
- validação: Default: true
51
-
52
- **Saída:**
53
- - campo: validation_result
54
- tipo: boolean
55
- destino: Return value
56
- persistido: false
57
-
58
- - campo: errors
59
- tipo: array
60
- destino: Memory
61
- persistido: false
62
-
63
- - campo: report
64
- tipo: object
65
- destino: File (.ai/*.json)
66
- persistido: true
67
- ```
68
-
69
- ---
70
-
71
- ## Pre-Conditions
72
-
73
- **Purpose:** Validate prerequisites BEFORE task execution (blocking)
74
-
75
- **Checklist:**
76
-
77
- ```yaml
78
- pre-conditions:
79
- - [ ] Validation rules loaded; target available for validation
80
- tipo: pre-condition
81
- blocker: true
82
- validação: |
83
- Check validation rules loaded; target available for validation
84
- error_message: "Pre-condition failed: Validation rules loaded; target available for validation"
85
- ```
86
-
87
- ---
88
-
89
- ## Post-Conditions
90
-
91
- **Purpose:** Validate execution success AFTER task completes
92
-
93
- **Checklist:**
94
-
95
- ```yaml
96
- post-conditions:
97
- - [ ] Validation executed; results accurate; report generated
98
- tipo: post-condition
99
- blocker: true
100
- validação: |
101
- Verify validation executed; results accurate; report generated
102
- error_message: "Post-condition failed: Validation executed; results accurate; report generated"
103
- ```
104
-
105
- ---
106
-
107
- ## Acceptance Criteria
108
-
109
- **Purpose:** Definitive pass/fail criteria for task completion
110
-
111
- **Checklist:**
112
-
113
- ```yaml
114
- acceptance-criteria:
115
- - [ ] Validation rules applied; pass/fail accurate; actionable feedback
116
- tipo: acceptance-criterion
117
- blocker: true
118
- validação: |
119
- Assert validation rules applied; pass/fail accurate; actionable feedback
120
- error_message: "Acceptance criterion not met: Validation rules applied; pass/fail accurate; actionable feedback"
121
- ```
122
-
123
- ---
124
-
125
- ## Tools
126
-
127
- **External/shared resources used by this task:**
128
-
129
- - **Tool:** validation-engine
130
- - **Purpose:** Rule-based validation and reporting
131
- - **Source:** .aios-core/utils/validation-engine.js
132
-
133
- - **Tool:** schema-validator
134
- - **Purpose:** JSON/YAML schema validation
135
- - **Source:** ajv or similar
136
-
137
- ---
138
-
139
- ## Scripts
140
-
141
- **Agent-specific code for this task:**
142
-
143
- - **Script:** run-validation.js
144
- - **Purpose:** Execute validation rules and generate report
145
- - **Language:** JavaScript
146
- - **Location:** .aios-core/scripts/run-validation.js
147
-
148
- ---
149
-
150
- ## Error Handling
151
-
152
- **Strategy:** retry
153
-
154
- **Common Errors:**
155
-
156
- 1. **Error:** Validation Criteria Missing
157
- - **Cause:** Required validation rules not defined
158
- - **Resolution:** Ensure validation criteria loaded from config
159
- - **Recovery:** Use default validation rules, log warning
160
-
161
- 2. **Error:** Invalid Schema
162
- - **Cause:** Target does not match expected schema
163
- - **Resolution:** Update schema or fix target structure
164
- - **Recovery:** Detailed validation error report
165
-
166
- 3. **Error:** Dependency Missing
167
- - **Cause:** Required dependency for validation not found
168
- - **Resolution:** Install missing dependencies
169
- - **Recovery:** Abort with clear dependency list
170
-
171
- ---
172
-
173
- ## Performance
174
-
175
- **Expected Metrics:**
176
-
177
- ```yaml
178
- duration_expected: 5-20 min (estimated)
179
- cost_estimated: $0.003-0.015
180
- token_usage: ~2,000-8,000 tokens
181
- ```
182
-
183
- **Optimization Notes:**
184
- - Iterative analysis with depth limits; cache intermediate results; batch similar operations
185
-
186
- ---
187
-
188
- ## Metadata
189
-
190
- ```yaml
191
- story: N/A
192
- version: 1.0.0
193
- dependencies:
194
- - N/A
195
- tags:
196
- - quality-assurance
197
- - testing
198
- updated_at: 2025-11-17
199
- ```
200
-
201
- ---
202
-
203
- Powered by AIOS™ Core -->
204
-
205
- ---
206
- tools:
207
- - github-cli # Code analysis and historical risk patterns
208
- - context7 # Research security vulnerabilities and patterns
209
- - exa # Research similar implementation risks
210
- checklists:
211
- - architect-master-checklist.md
212
- ---
213
-
214
- # risk-profile
215
-
216
- Generate a comprehensive risk assessment matrix for a story implementation using probability × impact analysis.
217
-
218
- ## Inputs
219
-
220
- ```yaml
221
- required:
222
- - story_id: '{epic}.{story}' # e.g., "1.3"
223
- - story_path: 'docs/stories/{epic}.{story}.*.md'
224
- - story_title: '{title}' # If missing, derive from story file H1
225
- - story_slug: '{slug}' # If missing, derive from title (lowercase, hyphenated)
226
- ```
227
-
228
- ## Purpose
229
-
230
- Identify, assess, and prioritize risks in the story implementation. Provide risk mitigation strategies and testing focus areas based on risk levels.
231
-
232
- ## Risk Assessment Framework
233
-
234
- ### Risk Categories
235
-
236
- **Category Prefixes:**
237
-
238
- - `TECH`: Technical Risks
239
- - `SEC`: Security Risks
240
- - `PERF`: Performance Risks
241
- - `DATA`: Data Risks
242
- - `BUS`: Business Risks
243
- - `OPS`: Operational Risks
244
-
245
- 1. **Technical Risks (TECH)**
246
- - Architecture complexity
247
- - Integration challenges
248
- - Technical debt
249
- - Scalability concerns
250
- - System dependencies
251
-
252
- 2. **Security Risks (SEC)**
253
- - Authentication/authorization flaws
254
- - Data exposure vulnerabilities
255
- - Injection attacks
256
- - Session management issues
257
- - Cryptographic weaknesses
258
-
259
- 3. **Performance Risks (PERF)**
260
- - Response time degradation
261
- - Throughput bottlenecks
262
- - Resource exhaustion
263
- - Database query optimization
264
- - Caching failures
265
-
266
- 4. **Data Risks (DATA)**
267
- - Data loss potential
268
- - Data corruption
269
- - Privacy violations
270
- - Compliance issues
271
- - Backup/recovery gaps
272
-
273
- 5. **Business Risks (BUS)**
274
- - Feature doesn't meet user needs
275
- - Revenue impact
276
- - Reputation damage
277
- - Regulatory non-compliance
278
- - Market timing
279
-
280
- 6. **Operational Risks (OPS)**
281
- - Deployment failures
282
- - Monitoring gaps
283
- - Incident response readiness
284
- - Documentation inadequacy
285
- - Knowledge transfer issues
286
-
287
- ## Risk Analysis Process
288
-
289
- ### 1. Risk Identification
290
-
291
- For each category, identify specific risks:
292
-
293
- ```yaml
294
- risk:
295
- id: 'SEC-001' # Use prefixes: SEC, PERF, DATA, BUS, OPS, TECH
296
- category: security
297
- title: 'Insufficient input validation on user forms'
298
- description: 'Form inputs not properly sanitized could lead to XSS attacks'
299
- affected_components:
300
- - 'UserRegistrationForm'
301
- - 'ProfileUpdateForm'
302
- detection_method: 'Code review revealed missing validation'
303
- ```
304
-
305
- ### 2. Risk Assessment
306
-
307
- Evaluate each risk using probability × impact:
308
-
309
- **Probability Levels:**
310
-
311
- - `High (3)`: Likely to occur (>70% chance)
312
- - `Medium (2)`: Possible occurrence (30-70% chance)
313
- - `Low (1)`: Unlikely to occur (<30% chance)
314
-
315
- **Impact Levels:**
316
-
317
- - `High (3)`: Severe consequences (data breach, system down, major financial loss)
318
- - `Medium (2)`: Moderate consequences (degraded performance, minor data issues)
319
- - `Low (1)`: Minor consequences (cosmetic issues, slight inconvenience)
320
-
321
- ### Risk Score = Probability × Impact
322
-
323
- - 9: Critical Risk (Red)
324
- - 6: High Risk (Orange)
325
- - 4: Medium Risk (Yellow)
326
- - 2-3: Low Risk (Green)
327
- - 1: Minimal Risk (Blue)
328
-
329
- ### 3. Risk Prioritization
330
-
331
- Create risk matrix:
332
-
333
- ```markdown
334
- ## Risk Matrix
335
-
336
- | Risk ID | Description | Probability | Impact | Score | Priority |
337
- | -------- | ----------------------- | ----------- | ---------- | ----- | -------- |
338
- | SEC-001 | XSS vulnerability | High (3) | High (3) | 9 | Critical |
339
- | PERF-001 | Slow query on dashboard | Medium (2) | Medium (2) | 4 | Medium |
340
- | DATA-001 | Backup failure | Low (1) | High (3) | 3 | Low |
341
- ```
342
-
343
- ### 4. Risk Mitigation Strategies
344
-
345
- For each identified risk, provide mitigation:
346
-
347
- ```yaml
348
- mitigation:
349
- risk_id: 'SEC-001'
350
- strategy: 'preventive' # preventive|detective|corrective
351
- actions:
352
- - 'Implement input validation library (e.g., validator.js)'
353
- - 'Add CSP headers to prevent XSS execution'
354
- - 'Sanitize all user inputs before storage'
355
- - 'Escape all outputs in templates'
356
- testing_requirements:
357
- - 'Security testing with OWASP ZAP'
358
- - 'Manual penetration testing of forms'
359
- - 'Unit tests for validation functions'
360
- residual_risk: 'Low - Some zero-day vulnerabilities may remain'
361
- owner: 'dev'
362
- timeline: 'Before deployment'
363
- ```
364
-
365
- ## Outputs
366
-
367
- ### Output 1: Gate YAML Block
368
-
369
- Generate for pasting into gate file under `risk_summary`:
370
-
371
- **Output rules:**
372
-
373
- - Only include assessed risks; do not emit placeholders
374
- - Sort risks by score (desc) when emitting highest and any tabular lists
375
- - If no risks: totals all zeros, omit highest, keep recommendations arrays empty
376
-
377
- ```yaml
378
- # risk_summary (paste into gate file):
379
- risk_summary:
380
- totals:
381
- critical: X # score 9
382
- high: Y # score 6
383
- medium: Z # score 4
384
- low: W # score 2-3
385
- highest:
386
- id: SEC-001
387
- score: 9
388
- title: 'XSS on profile form'
389
- recommendations:
390
- must_fix:
391
- - 'Add input sanitization & CSP'
392
- monitor:
393
- - 'Add security alerts for auth endpoints'
394
- ```
395
-
396
- ### Output 2: Markdown Report
397
-
398
- **Save to:** `qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md`
399
-
400
- ```markdown
401
- # Risk Profile: Story {epic}.{story}
402
-
403
- Date: {date}
404
- Reviewer: Quinn (Test Architect)
405
-
406
- ## Executive Summary
407
-
408
- - Total Risks Identified: X
409
- - Critical Risks: Y
410
- - High Risks: Z
411
- - Risk Score: XX/100 (calculated)
412
-
413
- ## Critical Risks Requiring Immediate Attention
414
-
415
- ### 1. [ID]: Risk Title
416
-
417
- **Score: 9 (Critical)**
418
- **Probability**: High - Detailed reasoning
419
- **Impact**: High - Potential consequences
420
- **Mitigation**:
421
-
422
- - Immediate action required
423
- - Specific steps to take
424
- **Testing Focus**: Specific test scenarios needed
425
-
426
- ## Risk Distribution
427
-
428
- ### By Category
429
-
430
- - Security: X risks (Y critical)
431
- - Performance: X risks (Y critical)
432
- - Data: X risks (Y critical)
433
- - Business: X risks (Y critical)
434
- - Operational: X risks (Y critical)
435
-
436
- ### By Component
437
-
438
- - Frontend: X risks
439
- - Backend: X risks
440
- - Database: X risks
441
- - Infrastructure: X risks
442
-
443
- ## Detailed Risk Register
444
-
445
- [Full table of all risks with scores and mitigations]
446
-
447
- ## Risk-Based Testing Strategy
448
-
449
- ### Priority 1: Critical Risk Tests
450
-
451
- - Test scenarios for critical risks
452
- - Required test types (security, load, chaos)
453
- - Test data requirements
454
-
455
- ### Priority 2: High Risk Tests
456
-
457
- - Integration test scenarios
458
- - Edge case coverage
459
-
460
- ### Priority 3: Medium/Low Risk Tests
461
-
462
- - Standard functional tests
463
- - Regression test suite
464
-
465
- ## Risk Acceptance Criteria
466
-
467
- ### Must Fix Before Production
468
-
469
- - All critical risks (score 9)
470
- - High risks affecting security/data
471
-
472
- ### Can Deploy with Mitigation
473
-
474
- - Medium risks with compensating controls
475
- - Low risks with monitoring in place
476
-
477
- ### Accepted Risks
478
-
479
- - Document any risks team accepts
480
- - Include sign-off from appropriate authority
481
-
482
- ## Monitoring Requirements
483
-
484
- Post-deployment monitoring for:
485
-
486
- - Performance metrics for PERF risks
487
- - Security alerts for SEC risks
488
- - Error rates for operational risks
489
- - Business KPIs for business risks
490
-
491
- ## Risk Review Triggers
492
-
493
- Review and update risk profile when:
494
-
495
- - Architecture changes significantly
496
- - New integrations added
497
- - Security vulnerabilities discovered
498
- - Performance issues reported
499
- - Regulatory requirements change
500
- ```
501
-
502
- ## Risk Scoring Algorithm
503
-
504
- Calculate overall story risk score:
505
-
506
- ```text
507
- Base Score = 100
508
- For each risk:
509
- - Critical (9): Deduct 20 points
510
- - High (6): Deduct 10 points
511
- - Medium (4): Deduct 5 points
512
- - Low (2-3): Deduct 2 points
513
-
514
- Minimum score = 0 (extremely risky)
515
- Maximum score = 100 (minimal risk)
516
- ```
517
-
518
- ## Risk-Based Recommendations
519
-
520
- Based on risk profile, recommend:
521
-
522
- 1. **Testing Priority**
523
- - Which tests to run first
524
- - Additional test types needed
525
- - Test environment requirements
526
-
527
- 2. **Development Focus**
528
- - Code review emphasis areas
529
- - Additional validation needed
530
- - Security controls to implement
531
-
532
- 3. **Deployment Strategy**
533
- - Phased rollout for high-risk changes
534
- - Feature flags for risky features
535
- - Rollback procedures
536
-
537
- 4. **Monitoring Setup**
538
- - Metrics to track
539
- - Alerts to configure
540
- - Dashboard requirements
541
-
542
- ## Integration with Quality Gates
543
-
544
- **Deterministic gate mapping:**
545
-
546
- - Any risk with score ≥ 9 → Gate = FAIL (unless waived)
547
- - Else if any score ≥ 6 → Gate = CONCERNS
548
- - Else → Gate = PASS
549
- - Unmitigated risks → Document in gate
550
-
551
- ### Output 3: Story Hook Line
552
-
553
- **Print this line for review task to quote:**
554
-
555
- ```text
556
- Risk profile: qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md
557
- ```
558
-
559
- ## Key Principles
560
-
561
- - Identify risks early and systematically
562
- - Use consistent probability × impact scoring
563
- - Provide actionable mitigation strategies
564
- - Link risks to specific test requirements
565
- - Track residual risk after mitigation
566
- - Update risk profile as story evolves
1
+ <!--
2
+ ## Execution Modes
3
+
4
+ **Choose your execution mode:**
5
+
6
+ ### 1. YOLO Mode - Fast, Autonomous (0-1 prompts)
7
+ - Autonomous decision making with logging
8
+ - Minimal user interaction
9
+ - **Best for:** Simple, deterministic tasks
10
+
11
+ ### 2. Interactive Mode - Balanced, Educational (5-10 prompts) **[DEFAULT]**
12
+ - Explicit decision checkpoints
13
+ - Educational explanations
14
+ - **Best for:** Learning, complex decisions
15
+
16
+ ### 3. Pre-Flight Planning - Comprehensive Upfront Planning
17
+ - Task analysis phase (identify all ambiguities)
18
+ - Zero ambiguity execution
19
+ - **Best for:** Ambiguous requirements, critical work
20
+
21
+ **Parameter:** `mode` (optional, default: `interactive`)
22
+
23
+ ---
24
+
25
+ ## Task Definition (AIOS Task Format V1.0)
26
+
27
+ ```yaml
28
+ task: qaRiskProfile()
29
+ responsável: Quinn (Guardian)
30
+ responsavel_type: Agente
31
+ atomic_layer: Strategy
32
+
33
+ **Entrada:**
34
+ - campo: target
35
+ tipo: string
36
+ origem: User Input
37
+ obrigatório: true
38
+ validação: Must exist
39
+
40
+ - campo: criteria
41
+ tipo: array
42
+ origem: config
43
+ obrigatório: true
44
+ validação: Non-empty validation criteria
45
+
46
+ - campo: strict
47
+ tipo: boolean
48
+ origem: User Input
49
+ obrigatório: false
50
+ validação: Default: true
51
+
52
+ **Saída:**
53
+ - campo: validation_result
54
+ tipo: boolean
55
+ destino: Return value
56
+ persistido: false
57
+
58
+ - campo: errors
59
+ tipo: array
60
+ destino: Memory
61
+ persistido: false
62
+
63
+ - campo: report
64
+ tipo: object
65
+ destino: File (.ai/*.json)
66
+ persistido: true
67
+ ```
68
+
69
+ ---
70
+
71
+ ## Pre-Conditions
72
+
73
+ **Purpose:** Validate prerequisites BEFORE task execution (blocking)
74
+
75
+ **Checklist:**
76
+
77
+ ```yaml
78
+ pre-conditions:
79
+ - [ ] Validation rules loaded; target available for validation
80
+ tipo: pre-condition
81
+ blocker: true
82
+ validação: |
83
+ Check validation rules loaded; target available for validation
84
+ error_message: "Pre-condition failed: Validation rules loaded; target available for validation"
85
+ ```
86
+
87
+ ---
88
+
89
+ ## Post-Conditions
90
+
91
+ **Purpose:** Validate execution success AFTER task completes
92
+
93
+ **Checklist:**
94
+
95
+ ```yaml
96
+ post-conditions:
97
+ - [ ] Validation executed; results accurate; report generated
98
+ tipo: post-condition
99
+ blocker: true
100
+ validação: |
101
+ Verify validation executed; results accurate; report generated
102
+ error_message: "Post-condition failed: Validation executed; results accurate; report generated"
103
+ ```
104
+
105
+ ---
106
+
107
+ ## Acceptance Criteria
108
+
109
+ **Purpose:** Definitive pass/fail criteria for task completion
110
+
111
+ **Checklist:**
112
+
113
+ ```yaml
114
+ acceptance-criteria:
115
+ - [ ] Validation rules applied; pass/fail accurate; actionable feedback
116
+ tipo: acceptance-criterion
117
+ blocker: true
118
+ validação: |
119
+ Assert validation rules applied; pass/fail accurate; actionable feedback
120
+ error_message: "Acceptance criterion not met: Validation rules applied; pass/fail accurate; actionable feedback"
121
+ ```
122
+
123
+ ---
124
+
125
+ ## Tools
126
+
127
+ **External/shared resources used by this task:**
128
+
129
+ - **Tool:** validation-engine
130
+ - **Purpose:** Rule-based validation and reporting
131
+ - **Source:** .aios-core/utils/validation-engine.js
132
+
133
+ - **Tool:** schema-validator
134
+ - **Purpose:** JSON/YAML schema validation
135
+ - **Source:** ajv or similar
136
+
137
+ ---
138
+
139
+ ## Scripts
140
+
141
+ **Agent-specific code for this task:**
142
+
143
+ - **Script:** run-validation.js
144
+ - **Purpose:** Execute validation rules and generate report
145
+ - **Language:** JavaScript
146
+ - **Location:** .aios-core/scripts/run-validation.js
147
+
148
+ ---
149
+
150
+ ## Error Handling
151
+
152
+ **Strategy:** retry
153
+
154
+ **Common Errors:**
155
+
156
+ 1. **Error:** Validation Criteria Missing
157
+ - **Cause:** Required validation rules not defined
158
+ - **Resolution:** Ensure validation criteria loaded from config
159
+ - **Recovery:** Use default validation rules, log warning
160
+
161
+ 2. **Error:** Invalid Schema
162
+ - **Cause:** Target does not match expected schema
163
+ - **Resolution:** Update schema or fix target structure
164
+ - **Recovery:** Detailed validation error report
165
+
166
+ 3. **Error:** Dependency Missing
167
+ - **Cause:** Required dependency for validation not found
168
+ - **Resolution:** Install missing dependencies
169
+ - **Recovery:** Abort with clear dependency list
170
+
171
+ ---
172
+
173
+ ## Performance
174
+
175
+ **Expected Metrics:**
176
+
177
+ ```yaml
178
+ duration_expected: 5-20 min (estimated)
179
+ cost_estimated: $0.003-0.015
180
+ token_usage: ~2,000-8,000 tokens
181
+ ```
182
+
183
+ **Optimization Notes:**
184
+ - Iterative analysis with depth limits; cache intermediate results; batch similar operations
185
+
186
+ ---
187
+
188
+ ## Metadata
189
+
190
+ ```yaml
191
+ story: N/A
192
+ version: 1.0.0
193
+ dependencies:
194
+ - N/A
195
+ tags:
196
+ - quality-assurance
197
+ - testing
198
+ updated_at: 2025-11-17
199
+ ```
200
+
201
+ ---
202
+
203
+ Powered by AIOS™ Core -->
204
+
205
+ ---
206
+ tools:
207
+ - github-cli # Code analysis and historical risk patterns
208
+ - context7 # Research security vulnerabilities and patterns
209
+ - exa # Research similar implementation risks
210
+ checklists:
211
+ - architect-master-checklist.md
212
+ ---
213
+
214
+ # risk-profile
215
+
216
+ Generate a comprehensive risk assessment matrix for a story implementation using probability × impact analysis.
217
+
218
+ ## Inputs
219
+
220
+ ```yaml
221
+ required:
222
+ - story_id: '{epic}.{story}' # e.g., "1.3"
223
+ - story_path: 'docs/stories/{epic}.{story}.*.md'
224
+ - story_title: '{title}' # If missing, derive from story file H1
225
+ - story_slug: '{slug}' # If missing, derive from title (lowercase, hyphenated)
226
+ ```
227
+
228
+ ## Purpose
229
+
230
+ Identify, assess, and prioritize risks in the story implementation. Provide risk mitigation strategies and testing focus areas based on risk levels.
231
+
232
+ ## Risk Assessment Framework
233
+
234
+ ### Risk Categories
235
+
236
+ **Category Prefixes:**
237
+
238
+ - `TECH`: Technical Risks
239
+ - `SEC`: Security Risks
240
+ - `PERF`: Performance Risks
241
+ - `DATA`: Data Risks
242
+ - `BUS`: Business Risks
243
+ - `OPS`: Operational Risks
244
+
245
+ 1. **Technical Risks (TECH)**
246
+ - Architecture complexity
247
+ - Integration challenges
248
+ - Technical debt
249
+ - Scalability concerns
250
+ - System dependencies
251
+
252
+ 2. **Security Risks (SEC)**
253
+ - Authentication/authorization flaws
254
+ - Data exposure vulnerabilities
255
+ - Injection attacks
256
+ - Session management issues
257
+ - Cryptographic weaknesses
258
+
259
+ 3. **Performance Risks (PERF)**
260
+ - Response time degradation
261
+ - Throughput bottlenecks
262
+ - Resource exhaustion
263
+ - Database query optimization
264
+ - Caching failures
265
+
266
+ 4. **Data Risks (DATA)**
267
+ - Data loss potential
268
+ - Data corruption
269
+ - Privacy violations
270
+ - Compliance issues
271
+ - Backup/recovery gaps
272
+
273
+ 5. **Business Risks (BUS)**
274
+ - Feature doesn't meet user needs
275
+ - Revenue impact
276
+ - Reputation damage
277
+ - Regulatory non-compliance
278
+ - Market timing
279
+
280
+ 6. **Operational Risks (OPS)**
281
+ - Deployment failures
282
+ - Monitoring gaps
283
+ - Incident response readiness
284
+ - Documentation inadequacy
285
+ - Knowledge transfer issues
286
+
287
+ ## Risk Analysis Process
288
+
289
+ ### 1. Risk Identification
290
+
291
+ For each category, identify specific risks:
292
+
293
+ ```yaml
294
+ risk:
295
+ id: 'SEC-001' # Use prefixes: SEC, PERF, DATA, BUS, OPS, TECH
296
+ category: security
297
+ title: 'Insufficient input validation on user forms'
298
+ description: 'Form inputs not properly sanitized could lead to XSS attacks'
299
+ affected_components:
300
+ - 'UserRegistrationForm'
301
+ - 'ProfileUpdateForm'
302
+ detection_method: 'Code review revealed missing validation'
303
+ ```
304
+
305
+ ### 2. Risk Assessment
306
+
307
+ Evaluate each risk using probability × impact:
308
+
309
+ **Probability Levels:**
310
+
311
+ - `High (3)`: Likely to occur (>70% chance)
312
+ - `Medium (2)`: Possible occurrence (30-70% chance)
313
+ - `Low (1)`: Unlikely to occur (<30% chance)
314
+
315
+ **Impact Levels:**
316
+
317
+ - `High (3)`: Severe consequences (data breach, system down, major financial loss)
318
+ - `Medium (2)`: Moderate consequences (degraded performance, minor data issues)
319
+ - `Low (1)`: Minor consequences (cosmetic issues, slight inconvenience)
320
+
321
+ ### Risk Score = Probability × Impact
322
+
323
+ - 9: Critical Risk (Red)
324
+ - 6: High Risk (Orange)
325
+ - 4: Medium Risk (Yellow)
326
+ - 2-3: Low Risk (Green)
327
+ - 1: Minimal Risk (Blue)
328
+
329
+ ### 3. Risk Prioritization
330
+
331
+ Create risk matrix:
332
+
333
+ ```markdown
334
+ ## Risk Matrix
335
+
336
+ | Risk ID | Description | Probability | Impact | Score | Priority |
337
+ | -------- | ----------------------- | ----------- | ---------- | ----- | -------- |
338
+ | SEC-001 | XSS vulnerability | High (3) | High (3) | 9 | Critical |
339
+ | PERF-001 | Slow query on dashboard | Medium (2) | Medium (2) | 4 | Medium |
340
+ | DATA-001 | Backup failure | Low (1) | High (3) | 3 | Low |
341
+ ```
342
+
343
+ ### 4. Risk Mitigation Strategies
344
+
345
+ For each identified risk, provide mitigation:
346
+
347
+ ```yaml
348
+ mitigation:
349
+ risk_id: 'SEC-001'
350
+ strategy: 'preventive' # preventive|detective|corrective
351
+ actions:
352
+ - 'Implement input validation library (e.g., validator.js)'
353
+ - 'Add CSP headers to prevent XSS execution'
354
+ - 'Sanitize all user inputs before storage'
355
+ - 'Escape all outputs in templates'
356
+ testing_requirements:
357
+ - 'Security testing with OWASP ZAP'
358
+ - 'Manual penetration testing of forms'
359
+ - 'Unit tests for validation functions'
360
+ residual_risk: 'Low - Some zero-day vulnerabilities may remain'
361
+ owner: 'dev'
362
+ timeline: 'Before deployment'
363
+ ```
364
+
365
+ ## Outputs
366
+
367
+ ### Output 1: Gate YAML Block
368
+
369
+ Generate for pasting into gate file under `risk_summary`:
370
+
371
+ **Output rules:**
372
+
373
+ - Only include assessed risks; do not emit placeholders
374
+ - Sort risks by score (desc) when emitting highest and any tabular lists
375
+ - If no risks: totals all zeros, omit highest, keep recommendations arrays empty
376
+
377
+ ```yaml
378
+ # risk_summary (paste into gate file):
379
+ risk_summary:
380
+ totals:
381
+ critical: X # score 9
382
+ high: Y # score 6
383
+ medium: Z # score 4
384
+ low: W # score 2-3
385
+ highest:
386
+ id: SEC-001
387
+ score: 9
388
+ title: 'XSS on profile form'
389
+ recommendations:
390
+ must_fix:
391
+ - 'Add input sanitization & CSP'
392
+ monitor:
393
+ - 'Add security alerts for auth endpoints'
394
+ ```
395
+
396
+ ### Output 2: Markdown Report
397
+
398
+ **Save to:** `qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md`
399
+
400
+ ```markdown
401
+ # Risk Profile: Story {epic}.{story}
402
+
403
+ Date: {date}
404
+ Reviewer: Quinn (Test Architect)
405
+
406
+ ## Executive Summary
407
+
408
+ - Total Risks Identified: X
409
+ - Critical Risks: Y
410
+ - High Risks: Z
411
+ - Risk Score: XX/100 (calculated)
412
+
413
+ ## Critical Risks Requiring Immediate Attention
414
+
415
+ ### 1. [ID]: Risk Title
416
+
417
+ **Score: 9 (Critical)**
418
+ **Probability**: High - Detailed reasoning
419
+ **Impact**: High - Potential consequences
420
+ **Mitigation**:
421
+
422
+ - Immediate action required
423
+ - Specific steps to take
424
+ **Testing Focus**: Specific test scenarios needed
425
+
426
+ ## Risk Distribution
427
+
428
+ ### By Category
429
+
430
+ - Security: X risks (Y critical)
431
+ - Performance: X risks (Y critical)
432
+ - Data: X risks (Y critical)
433
+ - Business: X risks (Y critical)
434
+ - Operational: X risks (Y critical)
435
+
436
+ ### By Component
437
+
438
+ - Frontend: X risks
439
+ - Backend: X risks
440
+ - Database: X risks
441
+ - Infrastructure: X risks
442
+
443
+ ## Detailed Risk Register
444
+
445
+ [Full table of all risks with scores and mitigations]
446
+
447
+ ## Risk-Based Testing Strategy
448
+
449
+ ### Priority 1: Critical Risk Tests
450
+
451
+ - Test scenarios for critical risks
452
+ - Required test types (security, load, chaos)
453
+ - Test data requirements
454
+
455
+ ### Priority 2: High Risk Tests
456
+
457
+ - Integration test scenarios
458
+ - Edge case coverage
459
+
460
+ ### Priority 3: Medium/Low Risk Tests
461
+
462
+ - Standard functional tests
463
+ - Regression test suite
464
+
465
+ ## Risk Acceptance Criteria
466
+
467
+ ### Must Fix Before Production
468
+
469
+ - All critical risks (score 9)
470
+ - High risks affecting security/data
471
+
472
+ ### Can Deploy with Mitigation
473
+
474
+ - Medium risks with compensating controls
475
+ - Low risks with monitoring in place
476
+
477
+ ### Accepted Risks
478
+
479
+ - Document any risks team accepts
480
+ - Include sign-off from appropriate authority
481
+
482
+ ## Monitoring Requirements
483
+
484
+ Post-deployment monitoring for:
485
+
486
+ - Performance metrics for PERF risks
487
+ - Security alerts for SEC risks
488
+ - Error rates for operational risks
489
+ - Business KPIs for business risks
490
+
491
+ ## Risk Review Triggers
492
+
493
+ Review and update risk profile when:
494
+
495
+ - Architecture changes significantly
496
+ - New integrations added
497
+ - Security vulnerabilities discovered
498
+ - Performance issues reported
499
+ - Regulatory requirements change
500
+ ```
501
+
502
+ ## Risk Scoring Algorithm
503
+
504
+ Calculate overall story risk score:
505
+
506
+ ```text
507
+ Base Score = 100
508
+ For each risk:
509
+ - Critical (9): Deduct 20 points
510
+ - High (6): Deduct 10 points
511
+ - Medium (4): Deduct 5 points
512
+ - Low (2-3): Deduct 2 points
513
+
514
+ Minimum score = 0 (extremely risky)
515
+ Maximum score = 100 (minimal risk)
516
+ ```
517
+
518
+ ## Risk-Based Recommendations
519
+
520
+ Based on risk profile, recommend:
521
+
522
+ 1. **Testing Priority**
523
+ - Which tests to run first
524
+ - Additional test types needed
525
+ - Test environment requirements
526
+
527
+ 2. **Development Focus**
528
+ - Code review emphasis areas
529
+ - Additional validation needed
530
+ - Security controls to implement
531
+
532
+ 3. **Deployment Strategy**
533
+ - Phased rollout for high-risk changes
534
+ - Feature flags for risky features
535
+ - Rollback procedures
536
+
537
+ 4. **Monitoring Setup**
538
+ - Metrics to track
539
+ - Alerts to configure
540
+ - Dashboard requirements
541
+
542
+ ## Integration with Quality Gates
543
+
544
+ **Deterministic gate mapping:**
545
+
546
+ - Any risk with score ≥ 9 → Gate = FAIL (unless waived)
547
+ - Else if any score ≥ 6 → Gate = CONCERNS
548
+ - Else → Gate = PASS
549
+ - Unmitigated risks → Document in gate
550
+
551
+ ### Output 3: Story Hook Line
552
+
553
+ **Print this line for review task to quote:**
554
+
555
+ ```text
556
+ Risk profile: qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md
557
+ ```
558
+
559
+ ## Key Principles
560
+
561
+ - Identify risks early and systematically
562
+ - Use consistent probability × impact scoring
563
+ - Provide actionable mitigation strategies
564
+ - Link risks to specific test requirements
565
+ - Track residual risk after mitigation
566
+ - Update risk profile as story evolves
567
567