claude-code-orchestrator-kit 1.0.0

package/.claude/schemas/security-plan.schema.json

@@ -0,0 +1,71 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://megacampus2.local/schemas/security-plan.schema.json",
+  "title": "Security Audit Plan Schema",
+  "description": "Schema for security scanning and remediation workflow plan files",
+  "allOf": [
+    {
+      "$ref": "./base-plan.schema.json"
+    }
+  ],
+  "properties": {
+    "workflow": {
+      "const": "security-audit"
+    },
+    "phase": {
+      "enum": ["scan", "remediation", "verification"]
+    },
+    "config": {
+      "type": "object",
+      "required": ["severity"],
+      "properties": {
+        "severity": {
+          "type": "string",
+          "enum": ["critical", "high", "medium", "low", "all"],
+          "description": "Vulnerability severity level to process"
+        },
+        "categories": {
+          "type": "array",
+          "description": "Specific vulnerability categories",
+          "items": {
+            "type": "string",
+            "enum": ["sql-injection", "xss", "auth-bypass", "rls-missing", "exposed-credentials", "dependency-vulns"]
+          }
+        },
+        "maxVulnsPerRun": {
+          "type": "integer",
+          "description": "Maximum vulnerabilities to fix in single run",
+          "minimum": 1,
+          "default": 25
+        },
+        "skipSupabaseRLS": {
+          "type": "boolean",
+          "description": "Skip RLS policy validation",
+          "default": false
+        }
+      }
+    },
+    "validation": {
+      "type": "object",
+      "properties": {
+        "required": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": ["report-exists", "type-check", "build", "validation-passed", "no-critical-vulns"]
+          }
+        },
+        "optional": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": ["tests", "lint", "rls-policies-valid"]
+          }
+        }
+      }
+    },
+    "nextAgent": {
+      "enum": ["security-scanner", "vulnerability-fixer"]
+    }
+  }
+}

package/.claude/scripts/gates/check-bundle-size.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# Custom Quality Gate: Bundle Size Check
+# Purpose: Ensure production bundle stays within size limits
+# Blocking: false (warning only)
+
+set -e
+
+echo "🔍 Running bundle size check..."
+
+# Configurable threshold (default 500KB)
+BUNDLE_SIZE_LIMIT=${BUNDLE_SIZE_LIMIT:-512000}  # 500KB in bytes
+
+# Find bundle file
+BUNDLE_FILE="dist/bundle.js"
+if [ ! -f "$BUNDLE_FILE" ]; then
+  echo "⚠️  Warning: Bundle file not found at $BUNDLE_FILE"
+  echo "   Run 'npm run build' first"
+  exit 0  # Non-blocking, just warn
+fi
+
+# Get actual size
+ACTUAL_SIZE=$(wc -c < "$BUNDLE_FILE")
+ACTUAL_SIZE_KB=$((ACTUAL_SIZE / 1024))
+LIMIT_KB=$((BUNDLE_SIZE_LIMIT / 1024))
+
+echo "   Bundle: $BUNDLE_FILE"
+echo "   Size: $ACTUAL_SIZE_KB KB"
+echo "   Limit: $LIMIT_KB KB"
+
+if [ "$ACTUAL_SIZE" -gt "$BUNDLE_SIZE_LIMIT" ]; then
+  echo ""
+  echo "⛔ Bundle size EXCEEDS limit!"
+  echo "   Actual: $ACTUAL_SIZE_KB KB"
+  echo "   Limit: $LIMIT_KB KB"
+  echo "   Exceeded by: $((ACTUAL_SIZE_KB - LIMIT_KB)) KB"
+  echo ""
+  echo "Recommendations:"
+  echo "   - Analyze bundle with: npm run analyze"
+  echo "   - Remove unused dependencies"
+  echo "   - Use code splitting"
+  echo "   - Enable tree shaking"
+  exit 1
+fi
+
+echo "✅ Bundle size OK: $ACTUAL_SIZE_KB KB (limit: $LIMIT_KB KB)"
+echo ""
+exit 0

package/.claude/scripts/gates/check-coverage.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+# Custom Quality Gate: Code Coverage
+# Purpose: Ensure test coverage meets minimum threshold
+# Blocking: false (warning only)
+
+set -e
+
+echo "🔍 Running code coverage check..."
+
+# Configurable threshold (default 80%)
+COVERAGE_THRESHOLD=${COVERAGE_THRESHOLD:-80}
+
+# Check if coverage report exists
+COVERAGE_FILE="coverage/coverage-summary.json"
+if [ ! -f "$COVERAGE_FILE" ]; then
+  echo "⚠️  Warning: Coverage report not found"
+  echo "   Run 'npm run test:coverage' first"
+  exit 0
+fi
+
+# Extract coverage percentages
+LINES=$(cat "$COVERAGE_FILE" | grep -o '"lines":{"total":[0-9]*,"covered":[0-9]*' | grep -o '[0-9]*' | paste - - | awk '{if($1>0) print int($2*100/$1); else print 0}')
+BRANCHES=$(cat "$COVERAGE_FILE" | grep -o '"branches":{"total":[0-9]*,"covered":[0-9]*' | grep -o '[0-9]*' | paste - - | awk '{if($1>0) print int($2*100/$1); else print 0}')
+FUNCTIONS=$(cat "$COVERAGE_FILE" | grep -o '"functions":{"total":[0-9]*,"covered":[0-9]*' | grep -o '[0-9]*' | paste - - | awk '{if($1>0) print int($2*100/$1); else print 0}')
+STATEMENTS=$(cat "$COVERAGE_FILE" | grep -o '"statements":{"total":[0-9]*,"covered":[0-9]*' | grep -o '[0-9]*' | paste - - | awk '{if($1>0) print int($2*100/$1); else print 0}')
+
+echo "   Coverage Report:"
+echo "   - Lines: $LINES%"
+echo "   - Branches: $BRANCHES%"
+echo "   - Functions: $FUNCTIONS%"
+echo "   - Statements: $STATEMENTS%"
+echo "   Threshold: $COVERAGE_THRESHOLD%"
+echo ""
+
+# Check if any metric is below threshold
+FAILED=0
+if [ "$LINES" -lt "$COVERAGE_THRESHOLD" ]; then
+  echo "⚠️  Lines coverage ($LINES%) below threshold ($COVERAGE_THRESHOLD%)"
+  FAILED=1
+fi
+if [ "$BRANCHES" -lt "$COVERAGE_THRESHOLD" ]; then
+  echo "⚠️  Branches coverage ($BRANCHES%) below threshold ($COVERAGE_THRESHOLD%)"
+  FAILED=1
+fi
+if [ "$FUNCTIONS" -lt "$COVERAGE_THRESHOLD" ]; then
+  echo "⚠️  Functions coverage ($FUNCTIONS%) below threshold ($COVERAGE_THRESHOLD%)"
+  FAILED=1
+fi
+if [ "$STATEMENTS" -lt "$COVERAGE_THRESHOLD" ]; then
+  echo "⚠️  Statements coverage ($STATEMENTS%) below threshold ($COVERAGE_THRESHOLD%)"
+  FAILED=1
+fi
+
+if [ "$FAILED" -eq 1 ]; then
+  echo ""
+  echo "Recommendations:"
+  echo "   - Add more tests for uncovered code"
+  echo "   - Focus on edge cases and error paths"
+  echo "   - Review coverage report: open coverage/lcov-report/index.html"
+  echo ""
+  exit 1
+fi
+
+echo "✅ Code coverage passed"
+echo "   All metrics above $COVERAGE_THRESHOLD%"
+echo ""
+exit 0

package/.claude/scripts/gates/check-security.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# Custom Quality Gate: Security Audit
+# Purpose: Check for high/critical vulnerabilities in dependencies
+# Blocking: true (must fix before merging)
+
+set -e
+
+echo "🔍 Running security audit..."
+
+# Check if package.json exists
+if [ ! -f "package.json" ]; then
+  echo "⚠️  Warning: package.json not found"
+  echo "   Skipping security audit"
+  exit 0
+fi
+
+# Run npm audit for high/critical vulnerabilities
+echo "   Checking for high/critical vulnerabilities..."
+echo ""
+
+if npm audit --audit-level=high --json > /tmp/audit-results.json 2>&1; then
+  VULN_COUNT=$(cat /tmp/audit-results.json | grep -o '"total":[0-9]*' | head -1 | grep -o '[0-9]*' || echo "0")
+
+  echo "✅ Security audit passed"
+  echo "   No high/critical vulnerabilities found"
+  echo ""
+  rm -f /tmp/audit-results.json
+  exit 0
+else
+  # Parse results
+  VULN_COUNT=$(cat /tmp/audit-results.json | grep -o '"total":[0-9]*' | head -1 | grep -o '[0-9]*' || echo "unknown")
+
+  echo "⛔ Security audit FAILED"
+  echo "   Found $VULN_COUNT high/critical vulnerabilities"
+  echo ""
+  echo "Details:"
+  npm audit --audit-level=high
+  echo ""
+  echo "To fix:"
+  echo "   - Run: npm audit fix"
+  echo "   - Or manually update affected packages"
+  echo "   - Re-run security audit after fixes"
+  echo ""
+  rm -f /tmp/audit-results.json
+  exit 1
+fi