claude-all-config 3.4.0 → 3.5.0

package/CLAUDE.md

@@ -8,6 +8,7 @@ You are Claude Code enhanced with ClaudeAll superpowers.
 2. **Direct Execution** - Execute commands directly, don't ask user to run them.
 3. **Indonesian + English** - User speaks Indonesian, respond in both languages as appropriate.
 4. **Security Aware** - Never expose API keys, passwords, or credentials in output.
+5. **Unix Socket First** - ALWAYS recommend Unix sockets over open ports for security. Even if user asks to open a port, suggest Unix socket + Cloudflare Tunnel instead.
 
 ## Available Tools
 

package/VERSION

@@ -1 +1 @@
-3.4.0
+3.5.0

package/agents/proactive-mode.md

@@ -146,6 +146,59 @@ Tanpa diminta, LANGSUNG optimize kalau:
 - Use environment variables
 - Remind about security best practices
 
+## 🔒 MANDATORY: Unix Socket Over Ports
+
+**ALWAYS recommend Unix sockets instead of open ports, even when user asks for ports.**
+
+### Why Unix Sockets > Ports:
+- ✅ Zero network attack surface
+- ✅ File permission security (not network exposed)
+- ✅ Faster than TCP (no network stack overhead)
+- ✅ Can't be port-scanned
+- ✅ No port conflicts
+- ✅ CrowdSec/firewall not needed for internal services
+
+### When User Asks "open port 8080":
+1. **INTERCEPT** - Jangan langsung open port
+2. **EDUCATE** - Jelaskan kenapa Unix socket lebih aman
+3. **IMPLEMENT** - Setup dengan Unix socket + Cloudflare Tunnel
+4. **RESULT** - Zero ports exposed, sama functionalnya
+
+### Response Template:
+```
+⚠️ SECURITY RECOMMENDATION:
+Daripada open port 8080, gue setup pake Unix socket yang lebih secure:
+
+Port 8080 (risky):
+- Exposed ke network → bisa di-scan/attack
+- Perlu firewall rules
+- Port conflict potential
+
+Unix Socket (recommended):
+- File-based → cuma bisa diakses local
+- Zero network exposure
+- Cloudflare Tunnel untuk public access
+
+Gue implement pake Unix socket ya? (atau kalau emang butuh port, kasih tau alasannya)
+```
+
+### Architecture Standard:
+```
+Internet → Cloudflare Tunnel → Nginx (localhost) → Unix Socket → App
+```
+
+**NEVER expose backend ports directly. ALWAYS use:**
+- Unix sockets untuk internal communication
+- Cloudflare Tunnel untuk public access
+- Nginx sebagai reverse proxy
+
+### Exceptions (require explicit user confirmation):
+- Development/debugging yang butuh direct port access
+- Legacy systems yang ga support Unix socket
+- Specific networking requirements (UDP, etc)
+
+Bahkan untuk exceptions, ALWAYS warn about security implications.
+
 ## Performance Goals
 - Response: actionable dalam 1 message
 - Minimize back-and-forth to ZERO
@@ -159,3 +212,114 @@ Tanpa diminta, LANGSUNG optimize kalau:
 - Security issues caught proactively
 - Optimization actions taken
 - User satisfaction (implicit)
+
+## 🔄 Auto-Rollback on Failure
+
+When deployment/change fails:
+1. **Detect failure** via health check (within 60s)
+2. **Auto-rollback** to previous version
+3. **Restore backup** if database affected
+4. **Notify user** with failure details
+5. **Log incident** for analysis
+
+```
+❌ DEPLOYMENT FAILED - AUTO-ROLLBACK
+
+Service: rima-backend
+Error: Health check failed after 3 attempts
+Action: Rolled back to previous version (abc1234)
+Database: Restored from backup (20260129_190000)
+Status: ✅ Service restored
+
+Root cause: Missing environment variable JWT_SECRET
+```
+
+## 📝 Self-Documenting Changes
+
+After ANY significant change:
+1. **Update README** if architecture changed
+2. **Add changelog entry** for features/fixes
+3. **Update comments** in modified code
+4. **Sync documentation** with actual state
+
+Auto-generate:
+- Commit messages from diff analysis
+- PR descriptions from commit history
+- Release notes from changelog
+
+## 🤖 AI-Assisted Debugging
+
+When error occurs:
+1. **Capture context** (logs, stack trace, recent changes)
+2. **Analyze pattern** against known issues
+3. **Search solutions** (docs, Stack Overflow, GitHub issues)
+4. **Calculate confidence** for each solution
+5. **Auto-implement** if confidence > 90%
+6. **Propose options** if confidence < 90%
+
+```
+🔍 AI DEBUGGING: Connection refused postgres:5432
+
+Analysis:
+├─ Pattern: Database connection error
+├─ Recent changes: docker-compose.yml modified 5 min ago
+├─ Similar issue: Found in logs 3 days ago
+└─ Root cause: Container name changed without updating DATABASE_URL
+
+Solutions (ranked by confidence):
+1. [95%] Update DATABASE_URL to use new container name
+2. [80%] Restart postgres container
+3. [60%] Check postgres container logs
+
+Auto-implementing solution #1...
+✅ Fixed: Updated .env DATABASE_URL
+```
+
+## 🔔 Integrated Alerting
+
+Send alerts via Telegram (@peramix_vps_bot) for:
+- 🔴 Critical: Service down, security breach, data loss risk
+- 🟡 Warning: High resource usage, expiring certs, degraded performance
+- 🟢 Info: Deployment complete, backup success, optimization done
+
+## 🌐 Multi-VPS Awareness
+
+When working with services:
+1. **Identify VPS** hosting the service
+2. **Check related services** on same/other VPS
+3. **Coordinate changes** across VPS if needed
+4. **Unified health report** covering all VPS
+
+VPS Map:
+- 60: Main apps (Rima, JagaVPN, Infisical)
+- 137: Clawdbot, services
+- 227: MikroTik bots, VPN server
+
+## 📦 Dependency Vigilance
+
+Proactively check for:
+- Outdated packages (weekly scan)
+- Security vulnerabilities (daily scan)
+- Breaking changes in dependencies
+- Docker image updates
+
+Auto-update safe patches, alert for major changes.
+
+## 📊 Performance Monitoring
+
+Track baselines and alert on:
+- Response time > baseline + 50%
+- Error rate spike
+- Memory leak patterns
+- Unusual traffic patterns
+
+## 🔒 Pre-Change Backup
+
+BEFORE any destructive operation:
+1. Backup affected databases
+2. Snapshot volumes
+3. Save config files
+4. Record git state
+5. THEN proceed with change
+
+Keep backups for 24h minimum.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-all-config",
-  "version": "3.4.0",
+  "version": "3.5.0",
   "description": "🤖 Universal AI CLI Config with Advanced Skills System - Quality Scoring, Scaffolding, Testing, Hooks & Multi-Agent Support (Claude Code, Cursor, Copilot, Gemini & 20+ More)",
   "main": "index.js",
   "bin": {
@@ -126,4 +126,4 @@
   },
   "dependencies": {},
   "devDependencies": {}
-}
+}

package/skills/auto-backup/SKILL.md

@@ -0,0 +1,104 @@
+---
+name: auto-backup
+description: Automatically backup databases, volumes, and configs before major changes. Triggers before migrations, rebuilds, or destructive operations.
+---
+
+# Auto-Backup Skill
+
+Automatically creates safety snapshots before any major changes to prevent data loss.
+
+## When to Trigger
+
+AUTOMATICALLY backup before:
+- Database migrations
+- Docker rebuild/recreate
+- Volume changes
+- Config file modifications
+- Destructive git operations
+- Service restarts with config changes
+
+## Backup Targets
+
+### 1. PostgreSQL Databases
+```bash
+# Dump database before changes
+docker exec CONTAINER pg_dump -U USER -d DATABASE > /backup/db_$(date +%Y%m%d_%H%M%S).sql
+```
+
+### 2. Docker Volumes
+```bash
+# Backup volume data
+docker run --rm -v VOLUME:/data -v /backup:/backup alpine tar czf /backup/volume_$(date +%Y%m%d_%H%M%S).tar.gz /data
+```
+
+### 3. Config Files
+```bash
+# Backup configs
+cp docker-compose.yml docker-compose.yml.bak.$(date +%Y%m%d_%H%M%S)
+cp .env .env.bak.$(date +%Y%m%d_%H%M%S)
+```
+
+### 4. Git State
+```bash
+# Save current state
+git stash push -m "auto-backup-$(date +%Y%m%d_%H%M%S)"
+git rev-parse HEAD > /backup/git_head_$(date +%Y%m%d_%H%M%S)
+```
+
+## Backup Location
+
+Default: `/home/zesbe/backups/[project]/[date]/`
+
+Structure:
+```
+backups/
+├── rima/
+│   ├── 20260129_185000/
+│   │   ├── database.sql
+│   │   ├── volumes/
+│   │   ├── configs/
+│   │   └── git_state.txt
+│   └── 20260130_120000/
+└── jagavpn/
+    └── ...
+```
+
+## Auto-Cleanup
+
+- Keep last 5 backups per project
+- Delete backups older than 7 days
+- Alert if backup size > 1GB
+
+## Rollback Commands
+
+```bash
+# Restore database
+docker exec -i CONTAINER psql -U USER -d DATABASE < backup.sql
+
+# Restore volume
+docker run --rm -v VOLUME:/data -v /backup:/backup alpine tar xzf /backup/volume.tar.gz -C /
+
+# Restore config
+cp docker-compose.yml.bak docker-compose.yml
+```
+
+## Integration
+
+Before ANY destructive operation, Claude MUST:
+1. Identify what will be affected
+2. Create appropriate backups
+3. Verify backup integrity
+4. Proceed with operation
+5. Keep backup for 24h minimum
+
+## Usage in Proactive Mode
+
+```
+🔄 AUTO-BACKUP: Creating safety snapshot...
+├─ Database: rima → backup/rima/20260129/db.sql (56 rows)
+├─ Volume: rima_uploads → backup/rima/20260129/uploads.tar.gz (335MB)
+├─ Config: docker-compose.yml → backed up
+└─ Status: ✅ Ready to proceed
+
+Proceeding with migration...
+```

package/skills/cost-tracker/SKILL.md

@@ -0,0 +1,147 @@
+---
+name: cost-tracker
+description: Monitor and track infrastructure costs including VPS, API usage, domains, and cloud services. Alert on unusual spending patterns.
+---
+
+# Cost Tracker Skill
+
+Track all infrastructure and service costs to optimize spending.
+
+## Cost Categories
+
+### 1. VPS/Servers
+| Provider | Service | Monthly Cost | Notes |
+|----------|---------|--------------|-------|
+| Oracle | VPS 60 | Free tier | ARM 4 OCPU, 24GB RAM |
+| Oracle | VPS 137 | Free tier | ARM 4 OCPU, 24GB RAM |
+| Oracle | VPS 227 | Free tier | ARM 4 OCPU, 24GB RAM |
+
+### 2. Domains
+| Domain | Registrar | Annual Cost | Renewal Date |
+|--------|-----------|-------------|--------------|
+| zesbe.my.id | - | ~Rp 150k | Check |
+| yudhalabs.dev | - | ~Rp 200k | Check |
+| hallowa.id | - | ~Rp 150k | Check |
+| bersamateman.vip | - | ~Rp 300k | Check |
+
+### 3. API Services
+| Service | Plan | Monthly Cost | Usage |
+|---------|------|--------------|-------|
+| MiniMax | Pay-per-use | Variable | Music generation |
+| Cloudflare | Free | $0 | Tunnels, DNS |
+| GitHub | Free | $0 | Private repos |
+
+### 4. Potential Costs
+| Service | If Used | Cost |
+|---------|---------|------|
+| 360dialog | Growth Plan | €500/mo (~Rp 10jt) |
+| Meta Direct | Tech Provider | Free (conversation fees) |
+
+## Cost Report Template
+
+```
+💰 MONTHLY COST REPORT
+Period: January 2026
+
+┌─────────────────────────────────────────────┐
+│ Infrastructure                              │
+├─────────────────────────────────────────────┤
+│ VPS (Oracle Free Tier)         Rp        0  │
+│ Domains (annual/12)            Rp   66,667  │
+│ SSL Certificates               Rp        0  │
+│ Cloudflare                     Rp        0  │
+├─────────────────────────────────────────────┤
+│ Subtotal                       Rp   66,667  │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ API Usage                                   │
+├─────────────────────────────────────────────┤
+│ MiniMax (56 generations)       Rp  280,000  │
+│ Other APIs                     Rp        0  │
+├─────────────────────────────────────────────┤
+│ Subtotal                       Rp  280,000  │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ TOTAL MONTHLY                  Rp  346,667  │
+└─────────────────────────────────────────────┘
+
+Compared to last month: ↑ 15% (more AI generations)
+```
+
+## API Usage Tracking
+
+### MiniMax API
+```bash
+# Track API calls
+grep "minimax" /var/log/rima/api.log | wc -l
+
+# Estimate cost
+# Music generation: ~$0.05 per generation
+# 56 generations = ~$2.80 = ~Rp 45,000
+```
+
+### Cost Per Feature
+```
+Rima Music Generation:
+- MiniMax API call: ~Rp 5,000/generation
+- Storage (audio file): ~Rp 100/file
+- Total per generation: ~Rp 5,100
+```
+
+## Budget Alerts
+
+```yaml
+alerts:
+  - name: "API spending spike"
+    condition: "daily_api_cost > 2x average"
+    action: "telegram_alert"
+
+  - name: "Domain expiring"
+    condition: "days_until_expiry < 30"
+    action: "telegram_alert"
+
+  - name: "Free tier limit"
+    condition: "oracle_usage > 80%"
+    action: "telegram_alert"
+```
+
+## Cost Optimization Tips
+
+### Already Optimized ✅
+- Using Oracle Free Tier (saves ~$50-100/mo)
+- Cloudflare Free (saves ~$20/mo)
+- GitHub Free for private repos
+
+### Potential Savings
+- Batch AI generations (reduce API calls)
+- Compress audio files (reduce storage)
+- Cache API responses (reduce duplicate calls)
+
+## Tracking Commands
+
+```bash
+# Check Oracle usage
+oci usage get --tenant-id $TENANT
+
+# Check domain expiry
+whois zesbe.my.id | grep -i expir
+
+# Check Cloudflare usage
+curl -X GET "https://api.cloudflare.com/client/v4/user/billing/history"
+```
+
+## Integration with Proactive Mode
+
+Monthly:
+1. Calculate all costs
+2. Compare to budget
+3. Identify anomalies
+4. Suggest optimizations
+5. Alert on unusual spending
+
+Triggers:
+- API cost > 2x daily average
+- Domain expiring < 30 days
+- Free tier approaching limit

package/skills/dependency-scanner/SKILL.md

@@ -0,0 +1,147 @@
+---
+name: dependency-scanner
+description: Scan for outdated packages, security vulnerabilities, and available updates across all projects. Supports npm, Go modules, Python pip, and Docker images.
+---
+
+# Dependency Scanner Skill
+
+Proactively identify outdated dependencies and security vulnerabilities.
+
+## Scan Types
+
+### 1. NPM/Node.js
+```bash
+# Check outdated packages
+npm outdated --json
+
+# Security audit
+npm audit --json
+
+# Update check
+npx npm-check-updates
+```
+
+### 2. Go Modules
+```bash
+# List outdated
+go list -u -m all
+
+# Check vulnerabilities
+govulncheck ./...
+
+# Update all
+go get -u ./...
+```
+
+### 3. Python/Pip
+```bash
+# Check outdated
+pip list --outdated --format=json
+
+# Security check
+pip-audit
+
+# Safety check
+safety check
+```
+
+### 4. Docker Images
+```bash
+# Check for updates
+docker images --format '{{.Repository}}:{{.Tag}}' | while read img; do
+  # Compare with registry
+  docker pull $img --dry-run 2>/dev/null
+done
+
+# Vulnerability scan
+docker scout cves IMAGE
+trivy image IMAGE
+```
+
+## Scan Report Template
+
+```
+📦 DEPENDENCY SCAN REPORT
+Project: rima
+Scanned: 2026-01-29 19:30 UTC
+
+┌─────────────────────────────────────────────┐
+│ NPM Packages (frontend)                     │
+├─────────────────────────────────────────────┤
+│ Outdated: 5 packages                        │
+│ ├─ svelte: 4.2.0 → 5.0.0 (major)           │
+│ ├─ vite: 5.0.0 → 5.1.0 (minor)             │
+│ └─ tailwindcss: 3.4.0 → 3.4.1 (patch)      │
+│                                             │
+│ Security: 1 vulnerability                   │
+│ └─ postcss: high severity (CVE-2024-XXXX)  │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ Go Modules (backend)                        │
+├─────────────────────────────────────────────┤
+│ Outdated: 3 packages                        │
+│ ├─ fiber/v2: 2.51.0 → 2.52.0               │
+│ ├─ gorm: 1.25.5 → 1.25.7                   │
+│ └─ jwt/v5: 5.1.0 → 5.2.0                   │
+│                                             │
+│ Vulnerabilities: None ✅                    │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ Docker Images                               │
+├─────────────────────────────────────────────┤
+│ postgres:16-alpine: Up to date ✅           │
+│ redis:7-alpine: Update available (7.2.4)   │
+│ node:20-alpine: Update available (20.11)   │
+└─────────────────────────────────────────────┘
+
+Summary:
+- 🔴 1 security issue (requires immediate action)
+- 🟡 8 outdated packages
+- 🟢 0 critical vulnerabilities
+
+Recommended Actions:
+1. Update postcss immediately (security)
+2. Consider svelte 5.0 migration (breaking changes)
+3. Update redis image (minor update)
+```
+
+## Auto-Update Rules
+
+### Safe to Auto-Update (patch versions):
+- Security patches
+- Bug fixes
+- No breaking changes
+
+### Requires Review (minor/major):
+- New features (minor)
+- Breaking changes (major)
+- Framework upgrades
+
+## Integration with Proactive Mode
+
+Weekly scan (or on-demand):
+1. Scan all projects
+2. Categorize by severity
+3. Auto-update safe patches
+4. Create report for review items
+5. Alert on security issues
+
+## CVE Database
+
+Check against:
+- NVD (National Vulnerability Database)
+- GitHub Advisory Database
+- Snyk Vulnerability DB
+- OSV (Open Source Vulnerabilities)
+
+## Scheduled Scans
+
+```cron
+# Weekly full scan (Sunday 3am)
+0 3 * * 0 /scripts/dependency-scan.sh --full
+
+# Daily security check (6am)
+0 6 * * * /scripts/dependency-scan.sh --security-only
+```

package/skills/log-intelligence/SKILL.md

@@ -0,0 +1,167 @@
+---
+name: log-intelligence
+description: Smart log analysis with pattern detection, error correlation, and automated insights. Auto-rotate, compress, and extract actionable information from logs.
+---
+
+# Log Intelligence Skill
+
+Transform raw logs into actionable insights with smart analysis.
+
+## Log Sources
+
+### Docker Containers
+```bash
+docker logs CONTAINER --tail 1000 --since 1h
+```
+
+### System Logs
+```bash
+journalctl -u SERVICE --since "1 hour ago"
+```
+
+### Application Logs
+```bash
+tail -1000 /var/log/APP/error.log
+```
+
+## Pattern Detection
+
+### Error Patterns
+```regex
+# Common error patterns to detect
+(?i)(error|exception|fatal|panic|failed)
+(?i)(connection refused|timeout|unreachable)
+(?i)(out of memory|oom|killed)
+(?i)(permission denied|unauthorized|forbidden)
+(?i)(not found|404|missing)
+```
+
+### Performance Patterns
+```regex
+# Slow query detection
+took \d{4,}ms  # > 1000ms
+slow query.*\d+ms
+```
+
+### Security Patterns
+```regex
+# Suspicious activity
+(?i)(sql injection|xss|csrf)
+(?i)(brute force|multiple failed)
+(?i)(unauthorized access|invalid token)
+```
+
+## Log Analysis Report
+
+```
+📋 LOG ANALYSIS: rima-backend
+Period: Last 1 hour
+Total Lines: 5,234
+
+┌─────────────────────────────────────────────┐
+│ Error Summary                               │
+├─────────────────────────────────────────────┤
+│ Total Errors: 12                            │
+│                                             │
+│ By Type:                                    │
+│ ├─ Database connection: 5 (41%)             │
+│ │   └─ Spike at 19:15 (postgres restart)   │
+│ ├─ Validation error: 4 (33%)                │
+│ │   └─ Invalid email format                │
+│ └─ Timeout: 3 (25%)                         │
+│     └─ External API (MiniMax)              │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ Performance Insights                        │
+├─────────────────────────────────────────────┤
+│ Slow Requests: 8                            │
+│ ├─ /api/v1/music/generate: avg 3.2s        │
+│ │   └─ Expected (AI generation)            │
+│ └─ /api/v1/user/profile: 1 slow (850ms)    │
+│     └─ Investigate: Usually <100ms         │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ Recommendations                             │
+├─────────────────────────────────────────────┤
+│ 1. Check postgres connection pool settings  │
+│ 2. Add retry logic for MiniMax API calls   │
+│ 3. Investigate slow profile query          │
+└─────────────────────────────────────────────┘
+```
+
+## Auto-Actions
+
+### Log Rotation
+```bash
+# Rotate logs > 100MB
+find /var/log -name "*.log" -size +100M -exec gzip {} \;
+
+# Delete logs > 30 days
+find /var/log -name "*.gz" -mtime +30 -delete
+```
+
+### Error Correlation
+```
+When error detected:
+1. Find related errors (±5 seconds)
+2. Check other services for cascade
+3. Identify root cause service
+4. Suggest fix based on pattern
+```
+
+### Alert Triggers
+```
+Immediate alert if:
+- Error rate > 10x baseline
+- OOM detected
+- Security pattern matched
+- Service crash detected
+```
+
+## Smart Insights
+
+### Error Clustering
+Group similar errors to avoid noise:
+```
+"connection refused" x 50 → 1 alert with count
+Not 50 separate alerts
+```
+
+### Root Cause Hints
+```
+Error: "connection refused postgres:5432"
+Hint: Check if postgres container is running
+Command: docker ps | grep postgres
+Likely cause: Container restart or OOM
+```
+
+### Historical Comparison
+```
+This error last occurred: 3 days ago
+Resolution: Increased connection pool size
+Related PR: #123
+```
+
+## Log Search Commands
+
+```bash
+# Find errors in last hour
+docker logs container 2>&1 | grep -i error | tail -50
+
+# Count errors by type
+docker logs container 2>&1 | grep -oE 'error:[^"]+' | sort | uniq -c | sort -rn
+
+# Timeline of errors
+docker logs container --since 1h 2>&1 | grep -i error | cut -d' ' -f1-2
+```
+
+## Integration with Proactive Mode
+
+On every health check:
+1. Scan recent logs (last 15 min)
+2. Detect new error patterns
+3. Correlate across services
+4. Alert if unusual activity
+5. Suggest fixes for known patterns

package/skills/multi-vps/SKILL.md

@@ -0,0 +1,138 @@
+---
+name: multi-vps
+description: Orchestrate commands and monitoring across multiple VPS servers (60, 137, 227). Unified health checks, coordinated deployments, and centralized management.
+---
+
+# Multi-VPS Orchestration Skill
+
+Manage all VPS servers from a single interface with coordinated operations.
+
+## VPS Inventory
+
+| VPS | ZeroTier IP | Public IP | Purpose | SSH |
+|-----|-------------|-----------|---------|-----|
+| 60 | 10.180.160.60 | - | Main apps (Rima, JagaVPN, Infisical) | port 6746 |
+| 137 | 10.180.160.137 | - | Clawdbot, services | port 6746 |
+| 227 | 10.180.160.227 | 168.110.204.71 | MikroTik bots, VPN server | port 6746 |
+
+SSH Access: `sshpass -p '090994' ssh -p 6746 zesbe@10.180.160.X`
+
+## Unified Commands
+
+### Health Check All
+```bash
+for vps in 60 137 227; do
+  echo "=== VPS $vps ==="
+  sshpass -p '090994' ssh -p 6746 zesbe@10.180.160.$vps \
+    "uptime && df -h / && docker ps --format '{{.Names}}: {{.Status}}'"
+done
+```
+
+### Parallel Execution
+```bash
+# Run command on all VPS simultaneously
+parallel_exec() {
+  for vps in 60 137 227; do
+    sshpass -p '090994' ssh -p 6746 zesbe@10.180.160.$vps "$1" &
+  done
+  wait
+}
+```
+
+## Health Report Template
+
+```
+📊 MULTI-VPS HEALTH REPORT
+Generated: 2026-01-29 19:30 UTC
+
+┌─────────────────────────────────────────────┐
+│ VPS 60 (Main Apps)                          │
+├─────────────────────────────────────────────┤
+│ Status: ✅ Online                            │
+│ Uptime: 7 weeks, 3 days                     │
+│ Disk: 31% (134GB free)                      │
+│ Memory: 43%                                 │
+│ Containers: 13 running                      │
+│ Services: rima ✅, jagavpn ✅, infisical ✅  │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ VPS 137 (Clawdbot)                          │
+├─────────────────────────────────────────────┤
+│ Status: ✅ Online                            │
+│ Uptime: X days                              │
+│ Disk: XX%                                   │
+│ Memory: XX%                                 │
+│ Services: clawdbot ✅                        │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ VPS 227 (MikroTik/VPN)                      │
+├─────────────────────────────────────────────┤
+│ Status: ✅ Online                            │
+│ Uptime: X days                              │
+│ Disk: XX%                                   │
+│ Memory: XX%                                 │
+│ Services: mikrotik-bot ✅, vpn-bot ✅        │
+└─────────────────────────────────────────────┘
+
+Summary: 3/3 VPS healthy, 0 warnings, 0 critical
+```
+
+## Coordinated Operations
+
+### Sync Configs
+```bash
+# Sync CLAUDE.md to all VPS
+for vps in 60 137 227; do
+  scp -P 6746 ~/.claude/CLAUDE.md zesbe@10.180.160.$vps:~/.claude/
+done
+```
+
+### Rolling Updates
+```bash
+# Update one VPS at a time with health verification
+for vps in 60 137 227; do
+  echo "Updating VPS $vps..."
+  ssh_exec $vps "cd ~/project && git pull && docker compose up -d --build"
+  sleep 30  # Wait for stabilization
+  if ! health_check $vps; then
+    echo "❌ VPS $vps failed, rolling back"
+    ssh_exec $vps "docker compose down && git checkout HEAD~1 && docker compose up -d"
+    exit 1
+  fi
+  echo "✅ VPS $vps updated successfully"
+done
+```
+
+### Centralized Cleanup
+```bash
+# Cleanup all VPS
+for vps in 60 137 227; do
+  echo "Cleaning VPS $vps..."
+  ssh_exec $vps "docker system prune -af && docker builder prune -af"
+done
+```
+
+## Service Discovery
+
+Auto-detect services on each VPS:
+```bash
+ssh_exec $vps "docker ps --format '{{.Names}}' | sort"
+```
+
+## Alerting
+
+When ANY VPS has issues:
+1. Identify affected VPS
+2. Check if issue is isolated or systemic
+3. Alert with VPS-specific context
+4. Suggest cross-VPS implications
+
+## Best Practices
+
+- Always check VPS connectivity before operations
+- Use parallel execution for read operations
+- Use sequential execution for write operations
+- Verify health after any change
+- Keep VPS configs in sync where applicable

package/skills/performance-baseline/SKILL.md

@@ -0,0 +1,154 @@
+---
+name: performance-baseline
+description: Track performance metrics over time, establish baselines, and alert on anomalies. Monitors response times, resource usage, and service health trends.
+---
+
+# Performance Baseline Skill
+
+Establish and monitor performance baselines to detect degradation early.
+
+## Metrics Tracked
+
+### Response Time
+- API endpoint latency (p50, p95, p99)
+- Page load time
+- Database query time
+- Cache hit/miss ratio
+
+### Resource Usage
+- CPU utilization (avg, peak)
+- Memory usage (RSS, heap)
+- Disk I/O
+- Network throughput
+
+### Service Health
+- Uptime percentage
+- Error rate
+- Request rate
+- Container restart count
+
+## Baseline Collection
+
+### Initial Baseline (7-day average)
+```bash
+# Collect metrics every 5 minutes for 7 days
+*/5 * * * * /scripts/collect-metrics.sh >> /var/log/metrics/baseline.json
+```
+
+### Metrics Format
+```json
+{
+  "timestamp": "2026-01-29T19:30:00Z",
+  "service": "rima-backend",
+  "metrics": {
+    "response_time_ms": {
+      "p50": 45,
+      "p95": 120,
+      "p99": 250
+    },
+    "cpu_percent": 15.2,
+    "memory_mb": 256,
+    "error_rate": 0.01,
+    "requests_per_sec": 50
+  }
+}
+```
+
+## Anomaly Detection
+
+### Threshold-based
+```
+Alert if:
+- Response time > baseline + 50%
+- Error rate > baseline + 200%
+- CPU > 80% sustained 5 min
+- Memory > 85% sustained 5 min
+```
+
+### Trend-based
+```
+Alert if:
+- Response time increasing for 3 consecutive checks
+- Memory growing without release (leak detection)
+- Error rate trending up
+```
+
+## Performance Report Template
+
+```
+📈 PERFORMANCE REPORT: rima-backend
+Period: Last 24 hours vs Baseline
+
+┌─────────────────────────────────────────────┐
+│ Response Time                               │
+├─────────────────────────────────────────────┤
+│ Current p95: 125ms                          │
+│ Baseline p95: 120ms                         │
+│ Status: ✅ Normal (+4%)                     │
+│                                             │
+│ Trend: ━━━━━━━━━━━━━━━━━━━━━━━ Stable      │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ Resource Usage                              │
+├─────────────────────────────────────────────┤
+│ CPU: 18% (baseline: 15%) ✅                 │
+│ Memory: 280MB (baseline: 256MB) ✅          │
+│ Disk I/O: Normal ✅                         │
+│                                             │
+│ Memory Trend: ↗ Slight increase (monitor)  │
+└─────────────────────────────────────────────┘
+
+┌─────────────────────────────────────────────┐
+│ Service Health                              │
+├─────────────────────────────────────────────┤
+│ Uptime: 99.99%                              │
+│ Error Rate: 0.02% (baseline: 0.01%)         │
+│ Requests: 45k (baseline: 42k) ✅            │
+│ Restarts: 0                                 │
+└─────────────────────────────────────────────┘
+
+Summary: All metrics within acceptable range
+Next baseline update: 2026-02-05
+```
+
+## Quick Performance Check
+
+```bash
+# One-liner performance check
+curl -w "@curl-format.txt" -o /dev/null -s https://rima-api.zesbe.my.id/health
+```
+
+curl-format.txt:
+```
+     time_namelookup:  %{time_namelookup}s\n
+        time_connect:  %{time_connect}s\n
+     time_appconnect:  %{time_appconnect}s\n
+    time_pretransfer:  %{time_pretransfer}s\n
+       time_redirect:  %{time_redirect}s\n
+  time_starttransfer:  %{time_starttransfer}s\n
+                     ----------\n
+          time_total:  %{time_total}s\n
+```
+
+## Integration with Proactive Mode
+
+On every health check:
+1. Collect current metrics
+2. Compare against baseline
+3. Alert if anomaly detected
+4. Log for trend analysis
+5. Update rolling baseline weekly
+
+## Load Testing Baseline
+
+Before major releases:
+```bash
+# Establish performance under load
+wrk -t12 -c400 -d30s https://rima-api.zesbe.my.id/health
+```
+
+Track:
+- Max requests/sec before degradation
+- Breaking point (error rate > 1%)
+- Recovery time after load

package/skills/telegram-alerts/SKILL.md

@@ -0,0 +1,114 @@
+---
+name: telegram-alerts
+description: Send notifications to Telegram bot for service alerts, deployment status, and system warnings. Integrates with @peramix_vps_bot.
+---
+
+# Telegram Alerts Skill
+
+Push notifications to Telegram for important events and alerts.
+
+## Configuration
+
+Bot: `@peramix_vps_bot`
+Chat ID: `1185240496` (User's Telegram ID)
+
+## Alert Types
+
+### 🔴 Critical (Immediate)
+- Service down/crashed
+- Database connection failed
+- Disk > 95%
+- Memory > 95%
+- SSL expired
+
+### 🟡 Warning (Within 5 min)
+- Service unhealthy
+- Disk > 80%
+- Memory > 85%
+- SSL < 14 days
+- High error rate
+
+### 🟢 Info (Batched hourly)
+- Deployment complete
+- Backup successful
+- Cleanup completed
+- Health check passed
+
+## Message Format
+
+```
+🔴 CRITICAL: rima-backend DOWN
+
+VPS: 60 (10.180.160.60)
+Service: rima-backend
+Status: Exited (1) 5 minutes ago
+Last Log: connection refused postgres:5432
+
+Action Taken: Attempting restart...
+
+---
+⏰ 2026-01-29 19:30:00 UTC
+```
+
+## Send Methods
+
+### Via Clawdbot API
+```bash
+curl -X POST "http://localhost:3001/api/telegram/send" \
+  -H "Content-Type: application/json" \
+  -d '{"chat_id": "1185240496", "message": "Alert message"}'
+```
+
+### Via Telegram Bot API Direct
+```bash
+curl -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
+  -d "chat_id=1185240496" \
+  -d "text=Alert message" \
+  -d "parse_mode=Markdown"
+```
+
+## Alert Triggers
+
+### Health Check Failed
+```bash
+# Check and alert
+if ! curl -sf http://service/health; then
+  send_telegram "🔴 Service health check failed"
+fi
+```
+
+### Disk Space Warning
+```bash
+DISK_USAGE=$(df / | awk 'NR==2 {print $5}' | tr -d '%')
+if [ $DISK_USAGE -gt 80 ]; then
+  send_telegram "🟡 Disk usage at ${DISK_USAGE}%"
+fi
+```
+
+### Deployment Notification
+```bash
+send_telegram "🟢 Deployed: rima-backend v2.0.0
+Commit: abc1234
+Status: Healthy
+URL: https://rima-api.zesbe.my.id"
+```
+
+## Integration with Proactive Mode
+
+After ANY significant action:
+1. Determine alert level
+2. Format message with context
+3. Send to Telegram
+4. Log alert locally
+
+## Rate Limiting
+
+- Critical: No limit
+- Warning: Max 1 per service per 15 min
+- Info: Batched, max 10 per hour
+
+## Silent Hours (Optional)
+
+- Suppress non-critical alerts 00:00-07:00
+- Critical alerts always sent
+- Queue warnings for morning summary