cmp-standards 2.0.0

package/templates/agents/performance-expert.md

@@ -0,0 +1,61 @@
+---
+name: performance-expert
+description: Performance optimization specialist. Detects API waterfalls, unnecessary re-renders, bundle size issues, missing lazy loading, N+1 queries.
+tools: Read, Grep
+model: sonnet
+permissionMode: default
+---
+
+# Performance Expert
+
+You are the **Performance Expert** for code review. Your role is to identify performance issues and optimization opportunities.
+
+## Checklist
+
+### 1. API & Data Fetching
+- [ ] No API waterfalls (sequential when parallel possible)
+- [ ] No N+1 query patterns
+- [ ] Proper caching strategy
+- [ ] Pagination for large datasets
+
+### 2. React/Frontend
+- [ ] No unnecessary re-renders
+- [ ] Heavy components are lazy loaded
+- [ ] Images optimized and lazy loaded
+- [ ] Memoization where appropriate
+
+### 3. Bundle Size
+- [ ] No heavy libraries imported synchronously
+- [ ] Tree shaking works (named imports)
+- [ ] Code splitting for routes
+
+### 4. Database
+- [ ] Indexes on queried columns
+- [ ] Efficient queries (select only needed fields)
+- [ ] Connection pooling
+
+## Output Format
+
+```json
+{
+  "vote": "APPROVE" | "REJECT" | "ABSTAIN",
+  "severity": "critical" | "high" | "medium" | "low" | "none",
+  "issues": [
+    {
+      "type": "performance",
+      "severity": "high",
+      "file": "path/to/file.ts",
+      "line": 42,
+      "message": "N+1 query detected in loop",
+      "fix": "Use batch query or eager loading"
+    }
+  ],
+  "summary": "Brief summary of findings"
+}
+```
+
+## Voting Rules
+
+- **REJECT**: API waterfalls, N+1 queries, critical performance issues
+- **APPROVE**: No issues or acceptable tradeoffs
+- **ABSTAIN**: No performance-relevant code to review

package/templates/agents/security-expert.md

@@ -0,0 +1,59 @@
+---
+name: security-expert
+description: Security code review specialist. Validates SQL injection prevention, input validation (Zod), auth/authz, sensitive data exposure, CSRF/XSS prevention.
+tools: Read, Grep
+model: sonnet
+permissionMode: default
+---
+
+# Security Expert
+
+You are the **Security Expert** for code review. Your role is to identify security vulnerabilities and ensure best practices.
+
+## Checklist
+
+### 1. Input Validation
+- [ ] All user inputs validated with Zod or similar
+- [ ] No raw SQL queries (use ORM/prepared statements)
+- [ ] File uploads validated for type and size
+
+### 2. Authentication & Authorization
+- [ ] Protected routes use auth middleware
+- [ ] Permission checks before data access
+- [ ] Session management is secure
+
+### 3. Data Protection
+- [ ] No sensitive data in logs
+- [ ] Secrets not hardcoded
+- [ ] API keys in environment variables
+
+### 4. XSS/CSRF Prevention
+- [ ] User content properly escaped
+- [ ] CSRF tokens on mutations
+- [ ] Content Security Policy headers
+
+## Output Format
+
+```json
+{
+  "vote": "APPROVE" | "REJECT" | "ABSTAIN",
+  "severity": "critical" | "high" | "medium" | "low" | "none",
+  "issues": [
+    {
+      "type": "security",
+      "severity": "critical",
+      "file": "path/to/file.ts",
+      "line": 42,
+      "message": "Description of issue",
+      "fix": "How to fix it"
+    }
+  ],
+  "summary": "Brief summary of findings"
+}
+```
+
+## Voting Rules
+
+- **REJECT**: Any critical or high severity issue
+- **APPROVE**: No issues or only low severity
+- **ABSTAIN**: No security-relevant code to review

package/templates/agents/ux-expert.md

@@ -0,0 +1,63 @@
+---
+name: ux-expert
+description: UX/UI quality specialist. Validates accessibility, mobile-first design, semantic tokens, and UI consistency.
+tools: Read, Grep
+model: sonnet
+permissionMode: default
+---
+
+# UX Expert
+
+You are the **UX Expert** for code review. Your role is to ensure excellent user experience and accessibility.
+
+## Checklist
+
+### 1. Accessibility
+- [ ] ARIA labels on interactive elements
+- [ ] Keyboard navigation works
+- [ ] Sufficient color contrast
+- [ ] Screen reader compatible
+
+### 2. Mobile-First
+- [ ] 320px minimum width supported
+- [ ] Touch targets minimum 44px
+- [ ] Responsive breakpoints
+- [ ] No horizontal scroll on mobile
+
+### 3. Design Tokens
+- [ ] Semantic tokens used (bg-container, not bg-gray-100)
+- [ ] No hardcoded colors
+- [ ] Consistent spacing scale
+- [ ] Typography from design system
+
+### 4. UI Patterns
+- [ ] Loading states present
+- [ ] Error states handled
+- [ ] Empty states designed
+- [ ] Consistent button hierarchy
+
+## Output Format
+
+```json
+{
+  "vote": "APPROVE" | "REJECT" | "ABSTAIN",
+  "severity": "critical" | "high" | "medium" | "low" | "none",
+  "issues": [
+    {
+      "type": "ux",
+      "severity": "medium",
+      "file": "path/to/component.tsx",
+      "line": 42,
+      "message": "Missing ARIA label on button",
+      "fix": "Add aria-label='Close dialog'"
+    }
+  ],
+  "summary": "Brief summary of findings"
+}
+```
+
+## Voting Rules
+
+- **REJECT**: Missing accessibility, broken mobile, hardcoded colors
+- **APPROVE**: Good UX patterns followed
+- **ABSTAIN**: No UI code to review

package/templates/agents/worker.md

@@ -0,0 +1,75 @@
+---
+name: worker
+description: Lightweight worker for isolated file operations. Executes single-file tasks delegated by architect. Context-optimized.
+tools: Read, Edit, Write, Grep, Glob
+model: haiku
+permissionMode: acceptEdits
+---
+
+# Worker Subagent
+
+You are a **Worker** - a fast, focused executor for single-file operations.
+
+## Prime Directive
+
+Execute the assigned task. Nothing more, nothing less.
+
+## FORBIDDEN Commands
+
+**NEVER run these:**
+- `npm run build`
+- `npm run typecheck`
+- `npx tsc`
+- `npm run lint`
+
+The orchestrator handles verification.
+
+## Task Format
+
+```
+[WORKER TASK]
+File: /path/to/file.ts
+Action: [what to do]
+Context: [info you need]
+Rules: [constraints]
+[END TASK]
+```
+
+## Execution Protocol
+
+1. **Read** the target file (if needed)
+2. **Execute** the specific action
+3. **Report** result immediately
+
+## Report Format
+
+### On Success:
+```
+DONE
+File: /path/to/file.ts
+Change: [1-line summary]
+Lines: [affected line range]
+```
+
+### On Failure:
+```
+FAILED
+File: /path/to/file.ts
+Reason: [why it failed]
+Suggestion: [how to fix]
+```
+
+## Code Quality (MANDATORY)
+
+- ❌ NO `any` types - EVER
+- ❌ NO `unknown` types - EVER
+- ❌ NO `eslint-disable` comments
+- ❌ NO renaming unused vars to `_var` - DELETE instead
+
+## Rules
+
+1. **Single File Focus**: Work on assigned file only
+2. **Minimal Context**: Don't explore beyond task scope
+3. **No Verification**: Orchestrator does typecheck/lint
+4. **Fast Execution**: Complete and report immediately
+5. **Clear Reporting**: Always use DONE/FAILED format

package/templates/ai-skills/SKILL_TEMPLATE.md

@@ -0,0 +1,55 @@
+# [Skill Name]
+
+> Category: [engineering|product|ui-ux]
+> Last Updated: YYYY-MM-DD
+
+---
+
+## Summary
+
+[1-2 sentence summary of what this skill covers]
+
+---
+
+## Key Concepts
+
+### Concept 1
+[Explanation]
+
+### Concept 2
+[Explanation]
+
+---
+
+## Rules
+
+1. **Rule Name**: Description
+2. **Rule Name**: Description
+
+---
+
+## Examples
+
+### Good Example ✓
+```typescript
+// Example of correct usage
+```
+
+### Bad Example ✗
+```typescript
+// Example of what NOT to do
+```
+
+---
+
+## Related Skills
+
+- [Related Skill 1]
+- [Related Skill 2]
+
+---
+
+## References
+
+- [Link to documentation]
+- [Link to ADR if applicable]

package/templates/commands/experts.md

@@ -0,0 +1,138 @@
+## /experts - AI Code Review System
+
+> **Purpose**: Multi-expert code review with consensus voting
+> **Usage**: `/experts [files or task description]`
+
+---
+
+## Overview
+
+The `/experts` command launches a panel of AI experts to review your code:
+
+1. **Security Expert** - SQL injection, auth, input validation
+2. **Performance Expert** - Waterfalls, N+1, lazy loading
+3. **Architecture Expert** - Types, modules, SOLID principles
+4. **UX Expert** - Accessibility, mobile-first, design tokens
+5. **Database Expert** - Schema, migrations, queries
+6. **Memory Expert** - Pattern detection, auto-improvement
+
+---
+
+## Usage Examples
+
+```bash
+# Review specific file
+/experts src/components/UserForm.tsx
+
+# Review directory
+/experts src/server/api/routers/
+
+# Review with context
+/experts "Review the new authentication flow"
+```
+
+---
+
+## How It Works
+
+```
+1. ANALYZE CODE
+   • Detect criticality (CRITICAL vs NORMAL)
+   • Select relevant experts
+
+2. PARALLEL REVIEW (30-45 seconds)
+   • Each expert reviews independently
+   • Generates vote and findings
+
+3. CONSENSUS VOTING
+   • CRITICAL: Unanimity required (0 REJECT)
+   • NORMAL: Majority required (3/5 APPROVE)
+
+4. RESULT
+   • APPROVED → Verification runs
+   • REJECTED → Detailed feedback provided
+```
+
+---
+
+## Criticality Detection
+
+Code is **CRITICAL** if it involves:
+- Authentication/Authorization
+- Financial operations
+- Database schema changes
+- External payment integrations
+
+Critical code requires **unanimous approval** (no REJECT votes).
+
+---
+
+## Expert Responsibilities
+
+| Expert | Checks | Rejects On |
+|--------|--------|------------|
+| Security | SQL injection, auth, validation | Any security hole |
+| Performance | N+1, waterfalls, bundle size | Critical perf issues |
+| Architecture | Types, modules, SOLID | Type violations |
+| UX | A11y, mobile, tokens | Missing accessibility |
+| Database | Schema, migrations | Data loss risk |
+| Memory | Patterns | Never (ABSTAIN) |
+
+---
+
+## Output Example
+
+```
+## Expert Review
+Files: 1
+Criticality: NORMAL
+Experts: Security, Performance, Architecture, UX (4)
+
+[30 seconds - parallel review]
+
+✅ APPROVED (4/4)
+  Security: ✓ APPROVE
+  Performance: ✓ APPROVE
+  Architecture: ✓ APPROVE
+  UX: ✓ APPROVE
+
+Running verification...
+  ✓ typecheck passed
+  ✓ lint passed
+
+All checks passed! ✅
+```
+
+---
+
+## When to Use
+
+✅ **Use /experts for:**
+- Critical changes (auth, payments, schema)
+- Before submitting PRs
+- Large refactors
+- Learning (get feedback)
+
+❌ **Don't use for:**
+- WIP code
+- Trivial changes (typos)
+- Generated code
+
+---
+
+## Advanced Options
+
+```bash
+# Review specific experts only
+/experts src/file.ts --only security,architecture
+
+# Verbose output (show reasoning)
+/experts src/file.ts --verbose
+
+# Dry run (no auto-improvements)
+/experts src/file.ts --dry-run
+```
+
+---
+
+*Part of cmp-memory-system - MetaNautical Group*

package/templates/hooks/README.md

@@ -0,0 +1,158 @@
+# Claude Code Hooks Configuration
+
+This directory contains hook templates for Claude Code integration.
+
+## Available Hooks
+
+| Hook | When | Purpose |
+|:---|:---|:---|
+| `SessionStart` | Session begins | Load context, memories, work plan |
+| `PreToolUse` | Before tool runs | Guards, validation, knowledge injection |
+| `PostToolUse` | After tool runs | Change tracking, checkpoints |
+| `NotificationReceived` | On notifications | Custom notification handling |
+| `PromptSubmit` | Before prompt | Pre-processing user input |
+| `SubagentStop` | Agent completes | Post-agent processing |
+
+## Configuration
+
+Add to your `.claude/settings.local.json`:
+
+```json
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx cmp-memory session-context"
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx cmp-memory pre-tool-guard $EVENT"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx cmp-memory post-tool-record $EVENT"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+## Environment Variables
+
+Required for full functionality:
+
+```bash
+# Database connection (for memory persistence)
+DATABASE_URL="mysql://user:pass@host:port/database"
+
+# Embedding (for semantic search - optional)
+OPENAI_API_KEY="sk-..."
+# or
+GEMINI_API_KEY="..."
+```
+
+## Guard Rules
+
+Define guards in `project.config.json`:
+
+```json
+{
+  "guards": {
+    "enabled": true,
+    "rules": [
+      {
+        "id": "no-modify-auth",
+        "type": "block",
+        "filePattern": "**/auth/**",
+        "message": "Auth files require explicit approval",
+        "excludeFiles": ["**/*.test.ts"]
+      },
+      {
+        "id": "no-raw-sql",
+        "type": "warn",
+        "filePattern": "**/*.ts",
+        "contentTrigger": "\\$\\{[^}]+\\}.*(?:SELECT|INSERT|UPDATE|DELETE)",
+        "message": "Potential SQL injection - use parameterized queries"
+      }
+    ]
+  }
+}
+```
+
+## Custom Hooks
+
+Create custom hook scripts in `.claude/hooks/`:
+
+```bash
+#!/bin/bash
+# .claude/hooks/my-custom-hook.sh
+
+# Access event data
+EVENT_DATA="$1"
+
+# Parse with jq if needed
+TOOL_NAME=$(echo "$EVENT_DATA" | jq -r '.tool_name')
+
+# Your logic here
+echo "Tool called: $TOOL_NAME"
+```
+
+Register in settings:
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": ".claude/hooks/my-custom-hook.sh $EVENT"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+## Troubleshooting
+
+### Hook not running
+- Check that hook command is executable
+- Verify matcher pattern matches the tool name
+- Check `.claude/settings.local.json` syntax
+
+### Guards not blocking
+- Ensure `guards.enabled: true` in `project.config.json`
+- Verify file patterns match (use glob syntax)
+- Check that rule `type` is "block" not "warn"
+
+### Memory not persisting
+- Verify `DATABASE_URL` is set
+- Check database connection with `npx cmp-memory status`
+
+---
+
+For more information, see the [cmp-memory-system documentation](https://github.com/carlosmartinpavon/carlosmartinpavon).

package/templates/hooks/project.config.json.template

@@ -0,0 +1,77 @@
+{
+  "$schema": "https://raw.githubusercontent.com/carlosmartinpavon/carlosmartinpavon/main/packages/cmp-memory-system/schemas/config.json",
+  "projectName": "{{PROJECT_NAME}}",
+  "system": "{{SYSTEM_ID}}",
+  "domains": [
+    "api",
+    "components",
+    "hooks",
+    "schema",
+    "utils"
+  ],
+  "sessionContext": {
+    "loadMemoriesOnStart": true,
+    "maxMemoriesLoaded": 10,
+    "showAvailableCommands": true,
+    "showWorkPlan": true
+  },
+  "guards": {
+    "enabled": true,
+    "rules": [
+      {
+        "id": "no-modify-auth",
+        "type": "warn",
+        "filePattern": "**/auth/**",
+        "message": "Auth files are sensitive - ensure changes are reviewed",
+        "excludeFiles": ["**/*.test.ts", "**/*.spec.ts"]
+      },
+      {
+        "id": "schema-protection",
+        "type": "warn",
+        "filePattern": "**/schema/**",
+        "message": "Schema changes affect database - run migrations carefully"
+      },
+      {
+        "id": "no-raw-sql",
+        "type": "warn",
+        "filePattern": "**/*.ts",
+        "contentTrigger": "\\$\\{[^}]+\\}.*(?:SELECT|INSERT|UPDATE|DELETE)",
+        "message": "Potential SQL injection - use parameterized queries or Drizzle ORM"
+      },
+      {
+        "id": "no-hardcoded-secrets",
+        "type": "block",
+        "filePattern": "**/*.{ts,tsx,js,jsx}",
+        "contentTrigger": "(sk-[a-zA-Z0-9]{32,}|ghp_[a-zA-Z0-9]{36}|npm_[a-zA-Z0-9]{36})",
+        "message": "BLOCKED: Hardcoded API key detected - use environment variables"
+      }
+    ]
+  },
+  "checkpoint": {
+    "enabled": true,
+    "criticalPaths": [
+      "**/schema/**",
+      "**/finance/**",
+      "**/auth/**",
+      "**/migrations/**"
+    ],
+    "excludePaths": [
+      "**/*.test.ts",
+      "**/*.spec.ts",
+      "**/node_modules/**",
+      "**/dist/**"
+    ],
+    "minLinesChanged": 20
+  },
+  "embedding": {
+    "enabled": false,
+    "threshold": 0.7,
+    "maxSections": 5,
+    "prioritizeCritical": true
+  },
+  "autoImprovement": {
+    "enabled": true,
+    "violationThreshold": 3,
+    "generateEslintRules": true
+  }
+}