ceobe-mastery-cli 1.0.0

package/skills/n8n/auth-nodes-reference.md

@@ -0,0 +1,3 @@
+# N8N AUTH CREDENTIALS
+1. Implement `ICredentialType` for custom services.
+2. Never hardcode secrets. Always map them using n8n's credential object mapping.

package/skills/n8n/custom-nodes-reference.md

@@ -0,0 +1,3 @@
+# CUSTOM NODES
+1. **Declarative Style:** n8n nodes are built declaratively. Use `INodeType` interface.
+2. **Operations & Properties:** Define operations clearly in the `properties` array. Use `displayOptions` to hide/show fields dynamically.

package/skills/n8n/workflow-reference.md

@@ -0,0 +1,3 @@
+# WORKFLOW BEST PRACTICES
+1. **Error Handling:** Always attach an Error Trigger node to catch workflow failures.
+2. **Pagination:** When fetching third-party APIs inside n8n HTTP Request nodes, ensure pagination is handled to avoid silent data truncation.

package/skills/researcher/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: researcher
+description: Methods for searching, verifying, and synthesizing technical documentation.
+---
+# RESEARCHER SKILL
+You are a senior analyst. Read documentation thoroughly before writing code for an unknown or updated library. Output dense, factual summaries.

package/skills/researcher/search-techniques.md

@@ -0,0 +1,3 @@
+# SEARCH TECHNIQUES
+1. Do not hallucinate package methods. Use `curl` or web search tools to read official documentation.
+2. When searching, prioritize official domains (e.g., `site:developer.mozilla.org` or `site:docs.n8n.io`).

package/skills/researcher/synthesis-format.md

@@ -0,0 +1,6 @@
+# SYNTHESIS
+When summarizing research, provide:
+1. The Problem
+2. The Solution / API Signature
+3. Direct Code Example
+Do not include long narrative explanations. Keep it technical and concise.

package/skills/scalability/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: scalability
+description: Principles for designing systems capable of handling 10x to 1000x traffic spikes.
+---
+# SCALABILITY SKILL
+Design systems anticipating failure. Assume servers will die, DBs will lock, and traffic will spike. Build distributed, stateless applications.

package/skills/scalability/api-and-services.md

@@ -0,0 +1,3 @@
+# API & SERVICES SCALING
+1. **Stateless First:** APIs must be 100% stateless. Do not store session data in the Node.js process.
+2. **Circuit Breakers:** If an external service is down, fail fast using circuit breaker patterns.

package/skills/scalability/caching-and-queues.md

@@ -0,0 +1,3 @@
+# CACHING & QUEUES
+1. **Redis:** Use Redis for heavily read, infrequently updated data. Always set a TTL (Time-To-Live).
+2. **Message Queues:** Offload slow operations (email, PDF generation) to RabbitMQ or SQS. Never block the main HTTP thread.

package/skills/scalability/database-scaling.md

@@ -0,0 +1,4 @@
+# DATABASE SCALING
+1. **Indexes:** Every query MUST hit an index. Avoid full table scans.
+2. **Read Replicas:** Route heavy GET requests to read-only replicas to free up the primary writer node.
+3. **Connection Pooling:** Always use a connection pool (e.g., PgBouncer). Never open a new DB connection per request.

package/skills/scalability/infrastructure.md

@@ -0,0 +1,3 @@
+# INFRASTRUCTURE SCALING
+1. **Auto-scaling:** Rely on CPU or Memory thresholds to spin up new pods (Kubernetes HPA) or instances.
+2. **Load Balancing:** Use reverse proxies (Nginx/HAProxy) or Cloud Load Balancers to distribute traffic evenly.

package/skills/scalability/state-management.md

@@ -0,0 +1,2 @@
+# DISTRIBUTED STATE
+Do not use `MemoryStore` in production. Use Redis for cross-instance state synchronization, WebSockets pub/sub, and session management.

package/skills/security/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: security
+description: Mandatory security practices to prevent XSS, Injection, and unauthorized access.
+---
+# SECURITY SKILL
+Trust no input. Assume the client is compromised. Sanitize everything and adhere to OWASP Top 10 guidelines.

package/skills/security/api-security.md

@@ -0,0 +1,3 @@
+# API SECURITY
+1. **Rate Limiting:** Protect all endpoints, especially login/OTP, against brute-forcing (e.g., max 5 requests/min).
+2. **CORS:** Strictly configure CORS origins. Never use `Access-Control-Allow-Origin: *` in production with credentials.

package/skills/security/auth-and-secrets.md

@@ -0,0 +1,4 @@
+# AUTH & SECRETS
+1. Never commit `.env` files or hardcode API keys.
+2. Hash passwords with bcrypt or Argon2. NEVER store plain text.
+3. Keep JWT lifespans short (e.g., 15 mins) and use long-lived Refresh Tokens stored in HttpOnly cookies.

package/skills/security/database-and-deps.md

@@ -0,0 +1,3 @@
+# DATABASE & DEPENDENCIES
+1. **SQL Injection:** ALWAYS use parameterized queries or trusted ORMs. Never concatenate strings into SQL statements.
+2. **Deps:** Audit packages regularly (`npm audit`). Do not install obscure unmaintained libraries.

package/skills/security/web-security.md

@@ -0,0 +1,3 @@
+# WEB SECURITY
+1. **XSS Protection:** Sanitize all user inputs before rendering them on the frontend.
+2. **Headers:** Always use Helmet.js in Express to set strict security headers (CSP, HSTS).

package/skills/self-healing/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: self-healing
+description: The cognitive loop for autonomic debugging and error resolution.
+---
+# SELF HEALING SKILL
+Do not panic when encountering errors. Act methodically. Read logs, isolate the failing component, test a hypothesis, and iterate.

package/skills/self-healing/diagnostic-techniques.md

@@ -0,0 +1,4 @@
+# DIAGNOSTIC TECHNIQUES
+1. Never blindly replace an entire file. Read the specific lines mentioned in the error log.
+2. Use tools to check running processes or memory limits.
+3. If an NPM install fails, clear the cache or check Node versions.

package/skills/self-healing/memory-management.md

@@ -0,0 +1,2 @@
+# DIAGNOSTIC MEMORY
+When encountering an error, store the stack trace snippet and the attempted fix in temporary memory. If the same error appears again, DO NOT try the exact same fix.

package/skills/self-healing/pattern-recognition.md

@@ -0,0 +1,5 @@
+# PATTERN RECOGNITION
+Recognize classic issues:
+- "EADDRINUSE": Port is taken. Kill the process.
+- "Cannot read property of undefined": Missing optional chaining or null checks.
+- "SyntaxError": Read the last file modified.

package/skills/testing-engineer/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: testing-engineer
+description: Best practices for writing robust, deterministic Unit, Integration, and E2E tests.
+---
+# TESTING ENGINEER SKILL
+You break code before it reaches production. Write tests that run fast, never flake, and provide absolute confidence.

package/skills/testing-engineer/e2e-playwright.md

@@ -0,0 +1,3 @@
+# E2E TESTING (PLAYWRIGHT)
+1. **Data Seeding:** Reset the database to a known state before E2E suites run. Do not rely on data leftover from previous tests.
+2. **Resilience:** Use proper locators (`getByRole`, `getByText`) instead of brittle CSS selectors or XPaths.

package/skills/testing-engineer/mocking-strategies.md

@@ -0,0 +1,3 @@
+# MOCKING STRATEGIES
+1. **External APIs:** NEVER call third-party APIs (Stripe, Twilio) in tests. Use MSW (Mock Service Worker) or Jest/Vitest spy functions to intercept and return fake responses.
+2. **Time Dependency:** If a function depends on `Date.now()`, mock the system time so assertions don't fail intermittently.

package/skills/testing-engineer/unit-testing-vitest.md

@@ -0,0 +1,3 @@
+# UNIT TESTING (VITEST)
+1. **Isolation:** Functions must be tested in pure isolation. Do not connect to real databases in unit tests.
+2. **Edge Cases:** Always write test assertions for the "Sad Path" (null values, empty arrays, invalid arguments). Do not just test the "Happy Path".

package/skills/trigger-dev/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: trigger-dev
+description: Best practices for background jobs and cron executions using Trigger.dev v3.
+---
+# TRIGGER.DEV SKILL
+Write highly resilient background tasks. Assume tasks will fail and retry. Guarantee idempotency in your code.

package/skills/trigger-dev/advanced-reference.md

@@ -0,0 +1,3 @@
+# TRIGGER.DEV ADVANCED
+1. **Idempotency:** Background jobs retry on failure. Ensure your database queries and logic inside `trigger.dev` tasks are idempotent (running them twice doesn't duplicate data).
+2. **Resumes:** Use `wait` functionalities to pause execution without taking up compute execution limits.

package/skills/trigger-dev/config-reference.md

@@ -0,0 +1,2 @@
+# TRIGGER.DEV CONFIG
+Ensure `trigger.config.ts` is strictly typed and exports the correct `project` ID. Lock backend keys dynamically via environment variables.

package/skills/trigger-dev/core-reference.md

@@ -0,0 +1,2 @@
+# TRIGGER.DEV CORE (v3)
+In v3, tasks are pure async functions wrapped in `task()`. There are no more convoluted Job class structures. Pass serializable JSON only.

package/templates/api-template.md

@@ -0,0 +1,82 @@
+# API Specification Documentation
+**Project:** [Nama Project]
+**Base URL:** `https://api.domain.com/v1`
+**Auth Method:** [e.g., Bearer Token / JWT]
+
+---
+
+## 1. Global Standards
+### 1.1 Standard Headers
+- `Content-Type: application/json`
+- `Authorization: Bearer <token>`
+- `X-Request-ID: <uuid>` (Untuk traceability/logging)
+
+### 1.2 Common Query Parameters (List Endpoints)
+- `page`: Page number (default: 1)
+- `limit`: Items per page (default: 10, max: 100)
+- `sort`: Field name (prefix `-` for descending, e.g., `-created_at`)
+- `search`: Keyword for global search
+
+---
+
+## 2. Endpoints
+
+### 2.1 [Resource Name] - [Action]
+**Endpoint:** `METHOD /path`
+**Description:** Apa yang dilakukan endpoint ini.
+
+**Request:**
+- **Headers:** [Custom headers if any]
+- **Body (JSON):**
+| Field | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| `username` | String | Yes | Unique identifier |
+| `email` | String (Email) | Yes | Valid email format |
+
+**Response:**
+- **Success (200 OK / 201 Created):**
+```json
+{
+  "success": true,
+  "data": {
+    "id": "uuid",
+    "created_at": "timestamp"
+  },
+  "message": "Resource created successfully"
+}
+```
+
+- **Success - List/Pagination (200 OK):**
+```json
+{
+  "success": true,
+  "data": [
+    {
+      "id": "uuid",
+      "created_at": "timestamp"
+    }
+  ],
+  "meta": {
+    "total_items": 100,
+    "total_pages": 10,
+    "current_page": 1,
+    "limit": 10
+  },
+  "message": "Resource list retrieved successfully"
+}
+```
+
+- **Error (400 / 401 / 404 / 422 / 500):**
+```json
+{
+  "success": false,
+  "error_code": "VALIDATION_ERROR",
+  "message": "Invalid input data",
+  "details": [
+    {
+      "field": "email",
+      "issue": "Format email tidak valid"
+    }
+  ]
+}
+```

package/templates/architecture-template.md

@@ -0,0 +1,63 @@
+# System Architecture Documentation
+**Project Name:** [Nama Sistem]
+**Architecture Style:** [e.g., Microservices / Monolithic / Event-Driven]
+
+---
+
+## 1. Overview & Architectural Pattern
+* **High-Level Summary:** Gambaran umum bagaimana sistem bekerja secara holistik.
+* **Core Pattern:** [e.g., Clean Architecture / Hexagonal / Layered]. Jelaskan alasan pemilihan pola ini untuk menghindari *technical debt*.
+
+---
+
+## 2. Technology Stack & Environment
+| Layer | Technology | Version |
+| :--- | :--- | :--- |
+| **Frontend** | [React / Next.js / etc] | [Ver] |
+| **Backend** | [Go / Node.js / Python] | [Ver] |
+| **Database** | [PostgreSQL / MongoDB] | [Ver] |
+| **Cache/Queue** | [Redis / RabbitMQ] | [Ver] |
+| **Infrastructure** | [Docker / K8s / AWS] | [-] |
+
+---
+
+## 3. System Components & Responsibility
+Detailkan peran setiap modul agar tidak terjadi *overlapping* tanggung jawab (SRP).
+* **Component A (e.g., Auth Service):** Mengelola session dan JWT.
+* **Component B (e.g., Worker Node):** Memproses *background jobs* secara asinkron.
+
+---
+
+## 4. Communication & Data Flow
+* **API Strategy:** [RESTful / GraphQL / gRPC].
+* **Flow Diagram:** * [User] -> [Load Balancer] -> [API Gateway] -> [Service] -> [Database].
+* **Event Flow:** Jelaskan jika ada *Pub/Sub mechanism*.
+
+---
+
+## 5. Persistence & Storage Strategy
+* **Primary DB:** Skema dan alasan penggunaan.
+* **Caching Layer:** Strategi *in-memory data* (misal: Redis untuk session).
+* **File Storage:** Penanganan asset (misal: Local storage via Docker volume atau S3).
+* **Data Retention & Archiving:** Kebijakan pembersihan/pengarsipan data (contoh: *Soft delete* setelah 1 tahun dipindah ke *cold storage* DB untuk mencegah bloating).
+
+---
+
+## 6. Security & Compliance Strategy
+* **Authentication:** [JWT / OAuth2 / Session-based].
+* **Authorization:** [RBAC / ABAC].
+* **Data Protection:** Strategi enkripsi *at rest* dan *in transit*.
+
+---
+
+## 7. Infrastructure & Observability (DevOps)
+* **Deployment:** [Docker Compose / Helm Charts].
+* **CI/CD Pipeline:** [GitHub Actions / Jenkins].
+* **Monitoring:** [Prometheus / Sentry / CloudWatch].
+* **Logging & Tracing:** Implementasi `X-Request-ID` / *Correlation ID* lintas layanan terdistribusi. Wajib menggunakan format JSON (misal JSON Log via Elasticsearch/Datadog).
+
+---
+
+## 8. Key Design Decisions (ADR)
+Dokumentasikan keputusan besar di sini agar tim tidak mempertanyakan ulang di masa depan.
+* **Decision 1:** "Kenapa pakai PostgreSQL dibanding NoSQL?" -> [Alasannya].

package/templates/brd-template.md

@@ -0,0 +1,78 @@
+# Business Requirement Document (BRD)
+**Project Name:** [Nama Sistem/Aplikasi]
+**Version:** 1.0
+**Status:** Draft / Approved
+
+---
+
+## 1. Executive Summary & Objective
+* **Problem Statement:** Jelaskan masalah spesifik yang ingin diselesaikan. Jangan cuma permukaan, gali sampai ke *pain point* utamanya.
+* **Primary Objective:** Apa gol utama yang ingin dicapai? (Misal: Automasi sistem approval, mengurangi latency data, dll).
+* **Out of Scope:** Sebutkan apa yang **TIDAK** akan dibuat di fase ini untuk menghindari *scope creep*.
+
+---
+
+## 2. Target Users & Stakeholders
+Gunakan tabel agar AI divisi coding paham hak akses (RBAC) sejak awal:
+
+| User Role | Responsibilities / Goals | Permissions Level |
+| :--- | :--- | :--- |
+| [Admin] | [Manage users & system config] | [Superuser] |
+| [Customer] | [Purchase & track orders] | [Limited Access] |
+
+---
+
+## 3. Core Features & Business Rules
+Bagian paling krusial. Jangan cuma list fitur, tapi masukkan logika bisnisnya.
+
+### 3.1 [Feature Name 1]
+* **Description:** Penjelasan singkat fitur.
+* **Business Rules:**
+    * [Rule 1: Misal, "User harus verifikasi email sebelum bisa transaksi"].
+    * [Rule 2: Misal, "Data transaksi tidak boleh dihapus, gunakan status 'soft-delete'"].
+* **Acceptance Criteria (Definition of Done):**
+    * [Kriteria 1: User bisa melihat riwayat transaksi dalam < 2 detik].
+* **Edge Cases & Negative Flow:**
+    * [Skenario Gagal: Jika *payment gateway timeout*, tandai status 'Pending' dan berikan auto-retry 3x].
+    * [Fallback: Jika sistem X mati, tampilkan pesan Y alih-alih layar *crash*].
+
+---
+
+## 4. External Integrations
+List semua layanan pihak ketiga yang akan "berbicara" dengan sistem kita.
+* **Authentication:** [Auth0 / Firebase / Custom JWT]
+* **Payments:** [Stripe / Midtrans / Xendit]
+* **Storage:** [AWS S3 / Google Cloud Storage]
+* **Notifications:** [Twilio / SendGrid / Firebase Cloud Messaging]
+
+---
+
+## 5. Non-Functional Requirements (NFR)
+Standar kualitas untuk menjaga *clean architecture*.
+* **Performance:** [Misal: Max API response time 300ms].
+* **Security:** [Misal: Data enkripsi AES-256, Audit logs untuk setiap mutasi data].
+* **Scalability:** [Misal: Harus sanggup handle 5000 concurrent users].
+* **Availability:** [Misal: Uptime 99.9%].
+* **Data Compliance & Privacy:** [Misal: Sesuai UU PDP / GDPR untuk penanganan PII - *Personally Identifiable Information*].
+
+---
+
+## 6. Critical User Journeys (CUJ)
+Tuliskan 3-5 alur utama agar AI paham bagaimana fitur-fitur ini saling terhubung.
+1. **Journey 1 (Registration):** User Input -> Email Verification -> Profile Setup -> Success.
+2. **Journey 2 (Transaction):** Browse -> Add to Cart -> Checkout -> Payment Webhook -> Order Confirmed.
+
+---
+
+## 7. Technical Constraints & Assumptions
+* **Constraints:**
+    * [Database: Harus PostgreSQL].
+    * [Infrastructure: Harus Dockerized].
+* **Assumptions:**
+    * [Misal: User dianggap selalu memiliki koneksi internet stabil saat akses fitur X].
+
+---
+
+## 8. Handover & Coding Division Notes
+* **Tech Stack Reference:** (Akan diisi pada Tahap 2: Tech Stack Selection).
+* **Standardization:** (Akan diisi pada Tahap 3: The Rulebook).

package/templates/tasks-template.md

@@ -0,0 +1,47 @@
+# Project Task Roadmap
+**Project:** [Nama Project]
+**Architect in Charge:** [Nama/AI Architect]
+
+---
+
+## Phase 1: Foundation & Standard Setup
+Fokus pada pembangunan "pondasi" sesuai workflow tahap 1-3.
+- [ ] **Initialize Project Structure:** Setup folder sesuai Clean Architecture (e.g., /internal, /pkg, /cmd).
+- [ ] **Enforce The Rulebook:** Configure Linter, Formatter (Prettier/ESLint/GoFmt), dan Git Hooks (Husky).
+- [ ] **Environment Configuration:** Setup `.env.example` dan validator environment variables.
+- [ ] **Dockerization:** Create `Dockerfile` dan `docker-compose.yaml` untuk lokal development.
+
+---
+
+## Phase 2: Core Infrastructure & Persistence
+Membangun jalur komunikasi dan penyimpanan data.
+- [ ] **Database Migration System:** Setup tool migrasi (e.g., Flyway/Liquibase/Gorm Migrations).
+- [ ] **Base API & Middleware:** Setup Global Error Handling, Logging middleware (Zap/Winston), dan CORS.
+- [ ] **Authentication Layer:** Implementasi Core Auth logic (Login, Register, Token Validation).
+- [ ] **API Documentation:** Setup Swagger/OpenAPI UI yang terupdate otomatis.
+
+---
+
+## Phase 3: Modular Feature Development
+(Ulangi blok ini untuk setiap fitur utama)
+### Feature: [Nama Fitur]
+- [ ] **Define Contract/Interface:** Definisikan *Interface* Port/Repository (programming to an interface).
+- [ ] **Database Schema:** Implementasi tabel sesuai Tahap 4 (Database Design).
+- [ ] **Domain Logic:** Menulis Business Logic di layer Service/Usecase (tanpa dependensi luar).
+- [ ] **Repository Layer:** Implementasi Data Access Object (DAO) atau Repository sesuai kontrak *Interface*.
+- [ ] **Delivery Layer:** Setup Controller/Handler dan Request Validation (DTO).
+
+---
+
+## Phase 4: Quality Assurance & Observability
+- [ ] **Unit Testing:** Mencapai coverage minimal X% pada layer Business Logic.
+- [ ] **Integration Testing:** Memastikan flow API -> DB berjalan lancar.
+- [ ] **Load & Stress Testing:** Uji beban untuk *critical-path API* (misal via k6 / JMeter).
+- [ ] **Observability Setup:** Konfigurasi Health Check endpoints dan Monitoring (Sentry/Prometheus).
+
+---
+
+## Phase 5: Production Readiness & Handover
+- [ ] **Performance Tuning:** Review indexing database dan caching strategy (Redis).
+- [ ] **Production Config:** Setup SSL, Rate Limiting, dan Security Headers.
+- [ ] **Handover Documentation:** Finalisasi file `handover-document.md` untuk maintenance.