claude-dashboard 0.1.0

package/src/lib/agents/prompts.ts

@@ -0,0 +1,341 @@
+import { type AgentRole, AGENT_CONFIG, PIPELINE_STAGES, getStageForRole } from '../workflow/types.ts';
+import { readFileSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+// ---------------------------------------------------------------------------
+// Prompt template loading
+// ---------------------------------------------------------------------------
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const PROMPTS_DIR = join(__dirname, '..', '..', '..', 'prompts');
+
+/**
+ * Load a markdown prompt template from the prompts/ directory.
+ * Falls back to the built-in default if the file cannot be read.
+ */
+function loadPromptTemplate(role: AgentRole): string {
+  try {
+    const filePath = join(PROMPTS_DIR, `${role}-system.md`);
+    return readFileSync(filePath, 'utf-8');
+  } catch {
+    return DEFAULT_SYSTEM_PROMPTS[role];
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Built-in default system prompts (used as fallback)
+// ---------------------------------------------------------------------------
+
+const DEFAULT_SYSTEM_PROMPTS: Record<AgentRole, string> = {
+  pm: `# PM Agent
+
+You are the PM (Product Manager) Agent. Your job is to analyze requirements and produce a structured specification.
+
+## Access: Read-only
+
+## Output the following sections:
+- Summary
+- User Stories (with acceptance criteria for each)
+- Acceptance Criteria (consolidated)
+- Technical Requirements
+- Out of Scope`,
+
+  rd: `# RD Agent
+
+You are the RD (Backend Development) Agent. Your job is to design the backend architecture and implement server-side code.
+
+## Access: Full (Read, Edit, Bash)
+
+## Output the following sections, then implement:
+- Architecture Overview
+- API Endpoints
+- Database Schema
+- Implementation Plan
+
+Then create/modify the actual code files.`,
+
+  ui: `# UI Agent
+
+You are the UI (Frontend) Agent. Your job is to design and implement **pure frontend** components, pages, and styling.
+
+## Access: Frontend files ONLY (Read all, Edit/Create frontend only, Bash)
+
+## Scope: You may ONLY modify React components, pages, layouts, stylesheets, hooks, UI stores, and static assets. Do NOT modify backend code, API routes, or src/lib/**. If there is no frontend work, state "No frontend changes required." and finish.
+
+## Output the following sections, then implement (if applicable):
+- Component Structure
+- UI/UX Plan
+
+Then create/modify the actual frontend code files, or state that no changes are needed.`,
+
+  test: `# TEST Agent
+
+You are the TEST (Quality Assurance) Agent. Your job is to write and execute tests.
+
+## Access: Full (Read, Edit, Bash)
+
+## Output the following sections:
+- Test Plan
+- Test Files Created
+- Test Results
+- Coverage Notes
+- Bugs Found
+
+Write test files and run them.`,
+
+  sec: `# SEC Agent
+
+You are the SEC (Security) Agent. Your job is to perform a security assessment.
+
+## Access: Read + Bash
+
+## Output the following sections:
+- Security Assessment
+- Vulnerabilities Found
+- OWASP Top 10 Assessment
+- Dependency Audit
+- Recommendations
+- Risk Rating
+
+You must NOT modify any source code.`,
+};
+
+// ---------------------------------------------------------------------------
+// Tool permission descriptions per role
+// ---------------------------------------------------------------------------
+
+const TOOL_DESCRIPTIONS: Record<AgentRole, string> = {
+  pm: [
+    'You have READ-ONLY access to the project.',
+    'You may read any file to understand the codebase.',
+    'You must NOT create, modify, or delete any files.',
+    'You must NOT execute any shell commands.',
+  ].join('\n'),
+
+  rd: [
+    'You have FULL access to the project.',
+    'You may read, create, and modify files.',
+    'You may execute bash commands to install dependencies, compile, and validate your work.',
+    'Do NOT implement frontend code (that is the UI agent\'s job).',
+    'Do NOT write tests (that is the TEST agent\'s job).',
+    'NOTE: The UI agent is running IN PARALLEL with you. You own backend/server files; the UI agent owns frontend files. Avoid touching frontend code to prevent conflicts.',
+  ].join('\n'),
+
+  ui: [
+    'You have access to read, create, and modify **frontend/UI files ONLY**.',
+    'You may execute bash commands to install frontend dependencies and validate your work.',
+    '',
+    '## File Scope (STRICTLY ENFORCED)',
+    'You may ONLY create or modify files in these categories:',
+    '- React components, pages, layouts (e.g. src/components/**, src/app/**/page.tsx, src/app/**/layout.tsx)',
+    '- Stylesheets and CSS (e.g. *.css, *.scss, tailwind config)',
+    '- Frontend hooks for UI state/interaction (e.g. src/hooks/**)',
+    '- Frontend stores for UI state (e.g. src/stores/**)',
+    '- TypeScript type definitions for UI props/state (e.g. src/types/**)',
+    '- Static assets (e.g. public/**)',
+    '',
+    'You must NOT create or modify:',
+    '- API routes with business logic (e.g. src/app/api/**/route.ts)',
+    '- Backend/server modules (e.g. src/lib/**)',
+    '- Database schemas, migrations, or queries',
+    '- Server-side utilities, workflow logic, or agent code',
+    '- Configuration files for backend services',
+    '',
+    'If the task has NO frontend work to do, output your design documentation and state "No frontend changes required." — do NOT force unnecessary modifications.',
+  ].join('\n'),
+
+  test: [
+    'You have FULL access to the project.',
+    'You may read, create, and modify files.',
+    'You may execute bash commands to run tests and install test dependencies.',
+    'Focus on testing new/modified code from the RD and UI agents.',
+  ].join('\n'),
+
+  sec: [
+    'You have READ + BASH access.',
+    'You may read all files and execute bash commands for security analysis.',
+    'You must NOT modify any source code.',
+    'You may run security scanning tools (npm audit, etc.).',
+  ].join('\n'),
+};
+
+// ---------------------------------------------------------------------------
+// Expected output structure per role
+// ---------------------------------------------------------------------------
+
+const OUTPUT_STRUCTURE: Record<AgentRole, string> = {
+  pm: [
+    'Structure your output with these exact markdown sections:',
+    '',
+    '## Summary',
+    'A concise 2-3 sentence overview of the request.',
+    '',
+    '## User Stories',
+    'Numbered user stories in the format: As a [role], I want [feature] so that [benefit].',
+    'Each with specific acceptance criteria.',
+    '',
+    '## Acceptance Criteria',
+    'A consolidated, numbered list of all criteria that define "done".',
+    '',
+    '## Technical Requirements',
+    'Tech stack, dependencies, constraints, and file structure expectations.',
+    '',
+    '## Out of Scope',
+    'Items explicitly not included in this work.',
+  ].join('\n'),
+
+  rd: [
+    'Structure your output in two parts:',
+    '',
+    '### Part 1: Design Documentation',
+    '',
+    '## Architecture Overview',
+    'Architectural approach, patterns, and how it fits the existing codebase.',
+    '',
+    '## API Endpoints',
+    'Table with Method, Path, Description, Request Body, Response.',
+    '',
+    '## Database Schema',
+    'Table definitions with columns, types, and indexes.',
+    '',
+    '## Implementation Plan',
+    'Ordered list of files to create/modify with rationale.',
+    '',
+    '### Part 2: Implementation',
+    'After documenting the design, create and modify the actual code files.',
+  ].join('\n'),
+
+  ui: [
+    'Structure your output in two parts:',
+    '',
+    '### Part 1: Design',
+    '',
+    '## Component Structure',
+    'Component hierarchy showing parent-child relationships.',
+    '',
+    '## UI/UX Plan',
+    'Layout, state management, data flow, interactions, and styling approach.',
+    '',
+    '### Part 2: Implementation',
+    'After documenting the design, create and modify the actual frontend files.',
+  ].join('\n'),
+
+  test: [
+    'Structure your output with these sections:',
+    '',
+    '## Test Plan',
+    'Overview of testing strategy: unit tests, integration tests, edge cases.',
+    '',
+    '## Test Files Created',
+    'List of test files written and what each tests.',
+    '',
+    '## Test Results',
+    'Execution summary: total, passed, failed, skipped.',
+    '',
+    '## Coverage Notes',
+    'Areas well-covered and areas with gaps.',
+    '',
+    '## Bugs Found',
+    'Any bugs discovered during testing with description, location, and severity.',
+  ].join('\n'),
+
+  sec: [
+    'Structure your output with these sections:',
+    '',
+    '## Security Assessment',
+    'Overview of what was reviewed and the overall security posture.',
+    '',
+    '## Vulnerabilities Found',
+    'Each vulnerability with: Severity, OWASP Category, Location, Description, Impact, Recommendation.',
+    '',
+    '## OWASP Top 10 Assessment',
+    'Table assessing each of the OWASP Top 10 (2021) categories: PASS/WARN/FAIL with notes.',
+    '',
+    '## Dependency Audit',
+    'Results of npm audit or equivalent.',
+    '',
+    '## Recommendations',
+    'Prioritized list of security improvements.',
+    '',
+    '## Risk Rating',
+    'Overall risk rating (LOW/MEDIUM/HIGH/CRITICAL) with justification.',
+  ].join('\n'),
+};
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Get the full system prompt for a given agent role.
+ *
+ * This loads the markdown template from prompts/{role}-system.md and augments
+ * it with tool permissions, output structure expectations, and project context.
+ *
+ * @param role    - The agent role (pm, rd, ui, test, sec)
+ * @param projectPath - Absolute path to the project being worked on
+ * @returns The complete system prompt string
+ */
+export function getSystemPrompt(role: AgentRole, projectPath: string): string {
+  const template = loadPromptTemplate(role);
+  const config = AGENT_CONFIG[role];
+  const currentStage = getStageForRole(role);
+
+  const pipelinePosition = currentStage.index === 0
+    ? 'You are in Stage 1 of 3 (first stage). There is no prior context.'
+    : `You are in Stage ${currentStage.index + 1} of ${PIPELINE_STAGES.length}.`;
+
+  const peers = currentStage.roles
+    .filter((r) => r !== role)
+    .map((r) => AGENT_CONFIG[r].label);
+
+  const upstreamAgents = PIPELINE_STAGES
+    .filter((s) => s.index < currentStage.index)
+    .flatMap((s) => s.roles.map((r) => AGENT_CONFIG[r].label));
+
+  const downstreamAgents = PIPELINE_STAGES
+    .filter((s) => s.index > currentStage.index)
+    .flatMap((s) => s.roles.map((r) => AGENT_CONFIG[r].label));
+
+  const sections: string[] = [
+    template,
+    '',
+    '---',
+    '',
+    '# Operational Context',
+    '',
+    `## Project Path`,
+    projectPath,
+    '',
+    `## Pipeline Position`,
+    pipelinePosition,
+    ...(peers.length > 0
+      ? [`Running IN PARALLEL with: ${peers.join(', ')}`]
+      : []),
+    ...(upstreamAgents.length > 0
+      ? [`Agents that ran before you (prior stages): ${upstreamAgents.join(', ')}`]
+      : []),
+    ...(downstreamAgents.length > 0
+      ? [`Agents that will run after this stage: ${downstreamAgents.join(', ')}`]
+      : ['You are in the FINAL stage of the pipeline.']),
+    '',
+    '## Tool Permissions',
+    TOOL_DESCRIPTIONS[role],
+    '',
+    `## Available Tools`,
+    `You have access to: ${config.tools.join(', ')}`,
+    '',
+    `## Timeout`,
+    `You have ${config.timeoutMs / 1000} seconds to complete your work.`,
+    '',
+    '## Expected Output Structure',
+    OUTPUT_STRUCTURE[role],
+    '',
+    '## Output Language',
+    'IMPORTANT: You MUST respond in the same language as the text under "# User Request" in your prompt. The structural template around it (headers, labels, instructions) is always in English — ignore the template language. Focus ONLY on the language the user actually wrote in. If the user wrote in Traditional Chinese, you MUST respond entirely in Traditional Chinese. If in English, respond in English. Technical terms and code identifiers should remain in their original form.',
+  ];
+
+  return sections.join('\n');
+}
+

package/src/lib/db/connection.ts

@@ -0,0 +1,263 @@
+import initSqlJs, { type Database as SqlJsDatabase } from 'sql.js';
+import path from 'path';
+import fs from 'fs';
+import { fileURLToPath } from 'url';
+import { SCHEMA } from './schema.ts';
+
+// ---------------------------------------------------------------------------
+// Module-level state
+// ---------------------------------------------------------------------------
+
+let wrapper: SqlJsWrapper | null = null;
+let inTransaction = false;
+
+// ---------------------------------------------------------------------------
+// PreparedStatement — mimics better-sqlite3's Statement API
+// ---------------------------------------------------------------------------
+
+class PreparedStatement {
+  db: SqlJsDatabase;
+  sql: string;
+  owner: SqlJsWrapper;
+
+  constructor(db: SqlJsDatabase, sql: string, owner: SqlJsWrapper) {
+    this.db = db;
+    this.sql = sql;
+    this.owner = owner;
+  }
+
+  /**
+   * Convert better-sqlite3 style named params `{ id, title }` to sql.js
+   * style `{ "@id": ..., "@title": ... }`.  Positional args are passed as
+   * arrays.
+   */
+  normalizeParams(args: unknown[]): unknown[] | Record<string, unknown> {
+    if (args.length === 0) return [];
+
+    // Single object arg → named parameters
+    if (
+      args.length === 1 &&
+      args[0] !== null &&
+      typeof args[0] === 'object' &&
+      !Array.isArray(args[0])
+    ) {
+      const obj = args[0] as Record<string, unknown>;
+      const mapped: Record<string, unknown> = {};
+      for (const [key, value] of Object.entries(obj)) {
+        mapped[`@${key}`] = value;
+      }
+      return mapped;
+    }
+
+    // Positional args
+    return args;
+  }
+
+  /**
+   * Execute a write statement (INSERT / UPDATE / DELETE).
+   */
+  run(...args: unknown[]): { changes: number; lastInsertRowid: number } {
+    const params = this.normalizeParams(args);
+    this.db.run(this.sql, params as any);
+    const changes = this.db.getRowsModified();
+
+    // Persist after every write unless we're inside a transaction
+    if (!inTransaction) {
+      this.owner.persist();
+    }
+
+    return { changes, lastInsertRowid: 0 };
+  }
+
+  /**
+   * Fetch a single row (like better-sqlite3's `.get()`).
+   */
+  get(...args: unknown[]): any {
+    const params = this.normalizeParams(args);
+    const stmt = this.db.prepare(this.sql);
+    try {
+      if (Array.isArray(params)) {
+        stmt.bind(params.length > 0 ? params : undefined);
+      } else {
+        stmt.bind(params as any);
+      }
+      if (stmt.step()) {
+        return stmt.getAsObject() as Record<string, unknown>;
+      }
+      return undefined;
+    } finally {
+      stmt.free();
+    }
+  }
+
+  /**
+   * Fetch all matching rows (like better-sqlite3's `.all()`).
+   */
+  all(...args: unknown[]): any[] {
+    const params = this.normalizeParams(args);
+    const rows: any[] = [];
+    const stmt = this.db.prepare(this.sql);
+    try {
+      if (Array.isArray(params)) {
+        stmt.bind(params.length > 0 ? params : undefined);
+      } else {
+        stmt.bind(params as any);
+      }
+      while (stmt.step()) {
+        rows.push(stmt.getAsObject() as Record<string, unknown>);
+      }
+      return rows;
+    } finally {
+      stmt.free();
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// SqlJsWrapper — drop-in replacement for the better-sqlite3 Database object
+// ---------------------------------------------------------------------------
+
+class SqlJsWrapper {
+  db: SqlJsDatabase;
+  dbPath: string;
+
+  constructor(db: SqlJsDatabase, dbPath: string) {
+    this.db = db;
+    this.dbPath = dbPath;
+  }
+
+  prepare(sql: string): PreparedStatement {
+    return new PreparedStatement(this.db, sql, this);
+  }
+
+  exec(sql: string): void {
+    this.db.exec(sql);
+  }
+
+  pragma(pragmaStr: string): unknown {
+    // WAL mode is meaningless for sql.js (in-memory) — silently skip
+    if (/journal_mode\s*=\s*wal/i.test(pragmaStr)) {
+      return undefined;
+    }
+    const result = this.db.exec(`PRAGMA ${pragmaStr}`);
+    if (result.length > 0 && result[0].values.length > 0) {
+      return result[0].values[0][0];
+    }
+    return undefined;
+  }
+
+  /**
+   * Return a function that, when called, executes `fn` inside a transaction.
+   */
+  transaction<T>(fn: () => T): () => T {
+    return () => {
+      this.db.run('BEGIN');
+      inTransaction = true;
+      try {
+        const result = fn();
+        this.db.run('COMMIT');
+        inTransaction = false;
+        this.persist();
+        return result;
+      } catch (err) {
+        inTransaction = false;
+        this.db.run('ROLLBACK');
+        throw err;
+      }
+    };
+  }
+
+  /**
+   * Persist the in-memory database to disk using atomic write-to-tmp +
+   * rename.
+   */
+  persist(): void {
+    const data = this.db.export();
+    const buffer = Buffer.from(data);
+    const tmpPath = `${this.dbPath}.tmp`;
+    fs.writeFileSync(tmpPath, buffer);
+    fs.renameSync(tmpPath, this.dbPath);
+  }
+
+  close(): void {
+    try {
+      this.persist();
+    } catch {
+      // best-effort on close
+    }
+    this.db.close();
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Asynchronously initialise the sql.js database.
+ *
+ * Loads the WASM binary, reads an existing DB file from disk (if present),
+ * applies the schema, and enables foreign keys.
+ */
+export async function initDb(): Promise<SqlJsWrapper> {
+  if (wrapper) return wrapper;
+
+  const dataDir = path.join(process.cwd(), 'data');
+  if (!fs.existsSync(dataDir)) {
+    fs.mkdirSync(dataDir, { recursive: true });
+  }
+  const dbPath = path.join(dataDir, 'dashboard.db');
+
+  // Locate the sql.js WASM file
+  const currentDir = path.dirname(fileURLToPath(import.meta.url));
+  const projectRoot = path.resolve(currentDir, '..', '..', '..');
+  const wasmPath = path.join(
+    projectRoot,
+    'node_modules',
+    'sql.js',
+    'dist',
+    'sql-wasm.wasm',
+  );
+
+  const SQL = await initSqlJs({
+    locateFile: () => wasmPath,
+  });
+
+  // Load existing DB file if available
+  let db: SqlJsDatabase;
+  if (fs.existsSync(dbPath)) {
+    const fileBuffer = fs.readFileSync(dbPath);
+    db = new SQL.Database(fileBuffer);
+  } else {
+    db = new SQL.Database();
+  }
+
+  wrapper = new SqlJsWrapper(db, dbPath);
+  wrapper.pragma('foreign_keys = ON');
+  wrapper.exec(SCHEMA);
+
+  return wrapper;
+}
+
+/**
+ * Return the initialised wrapper (synchronous).
+ * Throws if `initDb()` has not been called yet.
+ */
+export function getDb(): SqlJsWrapper {
+  if (!wrapper) {
+    throw new Error(
+      'Database not initialised. Call initDb() before getDb().',
+    );
+  }
+  return wrapper;
+}
+
+/**
+ * Persist and close the database, resetting the singleton.
+ */
+export function closeDb(): void {
+  if (wrapper) {
+    wrapper.close();
+    wrapper = null;
+  }
+}