code-ai-installer 1.1.4 → 1.1.6

package/locales/en/.agents/pm_prd/SKILL.md

@@ -0,0 +1,56 @@
+---
+name: pm_prd
+description: Create a PRD: Vision, MVP, out-of-scope, user stories, acceptance criteria, NFR, risks and open questions. The result must be verifiable.
+---
+
+# Skill: PRD (Product Requirements Document)
+
+## Goal
+Create a PRD from which the UX/UI, architect, developer, reviewer and tester can work without “guesswork”.
+
+## Exit
+PRD in the following structure (inserted into the response or as a file in the repo):
+
+### 1) Vision & Goals
+- The problem we are solving
+- Target audience
+- Value/uniqueness
+- Success metrics
+
+### 2) Scope
+- MVP (In)
+- Out of scope
+- Assumptions and limitations
+
+### 3) Roles & Permissions (if applicable)
+- User roles
+- What someone can/cannot
+
+### 4) User Stories / Scenarios
+- List of main scenarios (vertical “flows”)
+
+### 5) Acceptance Criteria (mandatory verifiable)
+For each scenario:
+- Given / When / Then (or checklist)
+- Positive + negative cases
+- Errors/validation/empty states
+
+### 6) Non-Functional Requirements
+- Security
+- Performance
+- Reliability
+- Observability
+- Accessibility (minimum)
+- Localization (if needed)
+
+### 7) Risks & Open Questions
+- Risks (technical, product, legal)
+- Open questions and to whom they are addressed
+
+## Quality PRD (checklist)
+- MVP can be implemented in 1–3 iterations
+- Each script has acceptance criteria
+- There is an out-of-scope (so it doesn’t spread out)
+- NFR is not forgotten
+- Questions and assumptions are clearly marked
+- PRD is understandable without verbal explanation (you can give it to the UX/architect/developer and they will understand what to do)

package/locales/en/.agents/qa_api_contract_tests/SKILL.md

@@ -0,0 +1,16 @@
+---
+name: qa_api_contract_tests
+description: Check the API for compliance with contracts: schemes, codes, errors, validation, pagination; smoke via Postman/curl/scripts.
+---
+
+# Skill: QA API Contract Tests
+
+## Check
+- Endpoints match method/path
+- Status codes (200/201/204/400/401/403/404/409/422/500) under contract
+- Unified error format (error_code/message)
+- Validation (422/400) on incorrect data
+- Pagination/filters/sorting (if in UX/contract)
+
+## Exit
+- Check table: endpoint → PASS/FAIL → notes

package/locales/en/.agents/qa_manual_run/SKILL.md

@@ -0,0 +1,16 @@
+---
+name: qa_manual_run
+description: Manual running of critical scenarios and regression: happy/edge/error paths according to UX Spec; fixing bugs with steps and evidence.
+---
+
+# Skill: QA Manual Run
+
+## What to check
+- Critical flows (login/main CRUD/purchase/search, etc. if available)
+- UI states: loading/empty/error/success
+- Roles/permissions (403/hiding functions + server-side bans)
+- Regression on previously closed bugs
+
+## Exit
+- PASS/FAIL/BLOCKED list
+- Bug reports

package/locales/en/.agents/qa_security_smoke_tests/SKILL.md

@@ -0,0 +1,14 @@
+---
+name: qa_security_smoke_tests
+description: Basic security smoke tests: auth/authz, validation, leaks in errors/logs, rate limiting (if enabled), SSRF/XSS where relevant.
+---
+
+# Skill: QA Security Smoke Tests
+
+## Check minimum
+- 401 without token/session
+- 403 for insufficient rights
+- 422/400 for invalid input
+- Errors do not contain stack/SQL/secrets
+- Logs do not contain PII/secrets (check sample if possible)
+- 429 when the limit is exceeded (if rate limit is enabled)

package/locales/en/.agents/qa_test_plan/SKILL.md

@@ -0,0 +1,20 @@
+---
+name: qa_test_plan
+description: Create a test plan and coverage matrix for PRD/UX: roles, critical user flows, UI states, negative cases, acceptance criteria.
+---
+
+# Skill: QA Test Plan
+
+## Exit
+- Test Plan (scopes + assumptions)
+- Coverage Matrix: Flow → test cases
+- Priorities: P0/P1/P2
+- Test data needs
+- Blockers/risks
+
+## Matrix template
+- Flow ID/Screen
+-Preconditions
+-Steps
+- Expected
+- Priority (P0/P1/P2)

package/locales/en/.agents/qa_ui_a11y_smoke/SKILL.md

@@ -0,0 +1,12 @@
+---
+name: qa_ui_a11y_smoke
+description: UI/a11y smoke: keyboard/focus, labels/aria, basic contrast, states of forms and lists, compliance with UX Spec.
+---
+
+#Skill: QA UI & A11y Smoke
+
+## Check
+- Keyboard navigation (Tab/Shift+Tab/Enter/Esc)
+- Visible focus
+- Forms: label, error messages, aria
+- Loading/empty/error states on key screens

package/locales/en/.agents/react_15_3_wix_iframe/SKILL.md

@@ -0,0 +1,20 @@
+---
+name: react_15_3_wix_iframe
+description: Legacy mode for Wix iFrame applications: React 15.3 (component classes), lifecycle, PropTypes/defaultProps, restrictions without hooks; work via Wix iFrame SDK.
+---
+
+# Skill: React 15.3 + Wix iFrame
+
+## When to activate
+- Explicitly stated: Wix iFrame app / Wix iFrame SDK
+- Project/codebase uses React 15.3
+
+## React 15.3 rules
+- Use class components and lifecycle methods
+- setState via correct patterns (including functional updates where necessary)
+- PropTypes + defaultProps
+- Avoid “new” React APIs (hooks, suspense, etc.)
+
+## Wix iFrame
+- Interaction with the environment via Wix iFrame SDK
+- Observe platform restrictions and dimensions/positioning

package/locales/en/.agents/react_beast_practices/SKILL.md

@@ -0,0 +1,29 @@
+---
+name: react_beast_practices
+description: React best practices: composition, container/presenter, hooks, context, performance (memo/useMemo/useCallback), code splitting, error boundaries, a11y.
+---
+
+#Skill: React Beast Practices
+
+## Component patterns
+- Composition over inheritance
+- Compound components (where appropriate)
+- Container/Presenter (separation of data and display)
+- Custom hooks for reusable stateful logic
+
+## Performance
+- useMemo/useCallback to the point
+- React.memo for pure components
+- Code splitting/lazy for heavy parts
+- Virtualization of long lists (via TanStack Virtual)
+
+## Reliability
+- Error boundary to prevent the entire UI from crashing
+- Focus controls, keyboard navigation, aria attributes (a11y baseline)
+
+## Forms
+- controlled components + validation
+- errors and form states - explicit and testable
+
+## See also
+- Examples: `$dev_reference_snippets`

package/locales/en/.agents/release_gate/SKILL.md

@@ -0,0 +1,77 @@
+---
+name: release_gate
+description: Final release gate: collect Reviewer+Tester+CI reports, check DoD, classify risks, make a GO/NO-GO decision and form a closure plan.
+---
+
+#Skill: Release Gate
+
+## Goal
+Make a release decision (GO/NO-GO) based on DoD, review/testing reports and CI/CD status.
+
+## Required condition
+Before starting the release gate, the conductor must generate a checklist via: $release_gate_checklist_template
+
+## Inputs
+- Reviewer report (P0/P1/P2 + suggested fixes)
+- Tester report (PASS/FAIL/BLOCKED + bugs P0/P1/P2 + evidence)
+- CI results (unit/integration, lint/format, security/dependency checks if available)
+- Release notes / list of changes (what is being released)
+- General DoD
+- Release Gate Checklist (RG-01…RG-xx) with statuses
+
+## Release Criteria (strict)
+### NO-GO (release prohibited)
+- There is **P0** from Reviewer or Tester
+- Unit or Integration tests DO NOT pass
+- There is a risk of leaking secrets/PII in code/logs
+- No runbook instructions for changes
+- Critical UX flow is broken or blocked (BLOCKED without bypass)
+- API non-compliance with contracts, breaking the client (P0)
+
+### GO with conditions (only allowed if agreed upon in advance)
+- There are P1/P2, but:
+  - there are workaround/mitigation measures,
+  - there are established tasks with priority and owner,
+  - the risk is described and accepted.
+
+## DoD Checklist (required)
+- [ ] Unit tests pass
+- [ ] Integration tests pass
+- [ ] Secrets are not included in the code/logs
+- [ ] There are run/check instructions (local/CI)
+- [ ] Basic security: input validation, authorization, dependency hygiene
+
+## Process (steps)
+1) Make sure that the RG checklist ($release_gate_checklist_template) has been created and the statuses have been entered.
+2) Collect input artifacts: Reviewer report, Tester report, CI status.
+3) Combine Findings into a single list: P0/P1/P2, owner, task link, status.
+4) Run the DoD checklist and mark PASS/MISSING.
+5) Make a GO/NO-GO decision (or GO-with-conditions if used).
+6) Generate a Release Report and update RG-22 (Decision).
+
+## Output: Release Report (template)
+###Release Decision
+- Decision: GO / NO-GO / GO-with-conditions
+- Version/Tag: <if available>
+- Scope: <briefly what we are releasing>
+
+### Evidence
+- CI: PASS/FAIL (link/commit)
+- Reviewer: PASS/MISSING + P0/P1/P2 count
+- Tester: PASS/FAIL/BLOCKED + bugs P0/P1/P2 count
+
+###DoD Status
+- Checklist: PASS/MISSING (with missing list)
+
+### Blocking Issues (if NO-GO)
+- [ ] ID / Description / Owner / How to reproduce / Fix plan
+
+### Accepted Risks (if GO-with-conditions)
+- Risk → impact → mitigation → owner → deadline
+
+###Next Actions
+- RG-01...
+- RG-02...
+
+## See also
+- Checklist template: $release_gate_checklist_template

package/locales/en/.agents/release_gate_checklist_template/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: release_gate_checklist_template
+description: Generates a visible checklist RG-01...RG-xx (Evidence/DoD/Security/Ops/Post-deploy/Rollback) and status rules before release.
+---
+
+# Skill: Release Gate Checklist Template (RG-01…RG-xx)
+
+## Goal
+Before each release, create an **identical** release checklist so that the conductor can:
+- collect evidence (reports/CI),
+- check DoD,
+- record risks,
+- perform post-deploy smoke,
+- provide a rollback plan.
+
+## When to use
+- Every time before the final decision on release (Release Gate).
+
+## Inputs
+- Release scope (what is releaseable)
+- Version/tag/commit (if any)
+- Links to environments (staging/prod) if available
+
+## Exit
+- Visible checklist **RG-01…RG-xx** with statuses:
+  - TODO / IN-PROGRESS / BLOCKED / DONE
+- Brief Evidence section (links/commits)
+- Mini-summary “What else needs to be closed before GO”
+
+## Template (create as is)
+### Release Gate Checklist
+- [ ] RG-01 (Evidence) Specify the release scope + version/tag/commit
+- [ ] RG-02 (Evidence) CI green: unit tests PASS
+- [ ] RG-03 (Evidence) CI green: integration tests PASS
+- [ ] RG-04 (Evidence) Lint/format PASS (if available in CI)
+- [ ] RG-05 (Evidence) Dependency/SCA audit PASS or risks are recorded
+- [ ] RG-06 (Evidence) Reviewer report received (P0=0) + link to the report
+- [ ] RG-07 (Evidence) Tester report received (P0=0) + PASS/FAIL/BLOCKED + link
+
+- [ ] RG-08 (DoD) Secrets were not included in the code/logs (checks/scan/manual verification)
+- [ ] RG-09 (DoD) There are startup/check instructions (runbook) that are up to date
+- [ ] RG-10 (DoD) Basic safety confirmed: input validation + authz + hygiene
+
+- [ ] RG-11 (Contracts) API conforms to contracts (error codes/formats/validation)
+- [ ] RG-12 (Data) Data migrations/changes: application plan + reversibility (if any)
+- [ ] RG-13 (Ops) Observability: request_id/trace_id and secure logs (no PII/secrets)
+- [ ] RG-14 (Ops) Rate limiting / WAF / security headers (if applicable and provided)
+
+- [ ] RG-15 (Release) Release notes/changes prepared
+- [ ] RG-16 (Release) Feature flags/rollout strategy (if used) defined
+- [ ] RG-17 (Rollback) Rollback plan is described and understandable
+- [ ] RG-18 (Rollback) Backup/restore requirements are met (if there is a database/critical data)
+
+- [ ] RG-19 (Post-deploy) Smoke test scenarios defined (minimum P0 flows)
+- [ ] RG-20 (Post-deploy) Smoke test performed on the target environment (PASS)
+- [ ] RG-21 (Post-deploy) Monitoring/alerts checked (errors/latency)
+
+- [ ] RG-22 (Decision) Final decision: GO / NO-GO (+ reasons and conditions)
+
+## Status rules
+- If any point RG-02/03/06/07/08/09/10 fails → set BLOCKED and release = NO-GO.
+- P0 from Reviewer or Tester → BLOCKED and release = NO-GO.
+- P1 are allowed only with an explicit “Accepted Risks” with owner+deadline.
+
+## Response format
+### Release Gate Checklist (RG-xx) - with statuses
+### Evidence Links
+### What's Missing to Go