npm - codehava-agent-kit - Versions diffs - 1.0.0 → 1.0.1 - Mend

codehava-agent-kit 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/bin/cli.js +1 -0
package/package.json +1 -1
package/templates/.agent/AGENTS_INDEX.md +26 -0
package/templates/.agent/SKILLS_INDEX.md +56 -0
package/templates/.agent/agents/ai-engineer.md +29 -0
package/templates/.agent/agents/ui-ux-designer.md +27 -0
package/templates/.agent/skills/drizzle-orm-patterns/SKILL.md +90 -0
package/templates/.agent/skills/feature-spec-writer/SKILL.md +28 -9
package/templates/.agent/skills/rag-vector-db/SKILL.md +67 -0
package/templates/.agent/skills/vibe-prd/SKILL.md +14 -12
package/templates/.agent/skills/vibe-research/SKILL.md +1 -1
package/templates/.agent/skills/vibe-stitch-prompt/SKILL.md +67 -0
package/templates/.agent/skills/vibe-techdesign/SKILL.md +1 -1
package/templates/.agent/workflows/3l5w-debug.md +26 -0
package/templates/.agent/workflows/new-feature.md +2 -2
package/templates/.agent/workflows/ui-audit.md +29 -0
package/templates/.antigravity/rules.md +19 -3

package/bin/cli.js CHANGED Viewed

@@ -38,6 +38,7 @@ program
       // Copy template to user's directory
       await fs.copy(sourceDir, targetDir, {
+        overwrite: true,
         filter: (src) => !src.includes('.DS_Store')
       });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codehava-agent-kit",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Codehava Agent Kit - CLI to initialize agent templates, workflows, and skills",
   "main": "index.js",
   "type": "module",

package/templates/.agent/AGENTS_INDEX.md ADDED Viewed

@@ -0,0 +1,26 @@
+# Master Agents Index
+AI, whenever you are assigned a task, scan this list to determine which Agent Persona you should adopt. Read the full agent file at `templates/.agent/agents/<agent-name>.md` to load your persona BEFORE coding.
+- **ai-engineer**: Expert in Large Language Models (LLMs), RAG pipelines, Vector Databases (Pinecone/pgvector), LangChain, and integrating OpenAI/Anthropic/Gemini APIs into production applications. Triggers on ai, llm, rag, vector, embedding, openai, gemini, prompt.
+- **backend-specialist**: Expert backend architect for Node.js, Python, and modern serverless/edge systems. Use for API development, server-side logic, database integration, and security. Triggers on backend, server, api, endpoint, database, auth.
+- **code-archaeologist**: Expert in legacy code, refactoring, and understanding undocumented systems. Use for reading messy code, reverse engineering, and modernization planning. Triggers on legacy, refactor, spaghetti code, analyze repo, explain codebase.
+- **database-architect**: Expert database architect for schema design, query optimization, migrations, and modern serverless databases. Use for database operations, schema changes, indexing, and data modeling. Triggers on database, sql, schema, migration, query, postgres, index, table.
+- **debugger**: Expert in systematic debugging, root cause analysis, and crash investigation. Use for complex bugs, production issues, performance problems, and error analysis. Triggers on bug, error, crash, not working, broken, investigate, fix.
+- **devops-engineer**: Expert in deployment, server management, CI/CD, and production operations. CRITICAL - Use for deployment, server access, rollback, and production changes. HIGH RISK operations. Triggers on deploy, production, server, pm2, ssh, release, rollback, ci/cd.
+- **documentation-writer**: Expert in technical documentation. Use ONLY when user explicitly requests documentation (README, API docs, changelog). DO NOT auto-invoke during normal development.
+- **explorer-agent**: Advanced codebase discovery, deep architectural analysis, and proactive research agent. The eyes and ears of the framework. Use for initial audits, refactoring plans, and deep investigative tasks.
+- **frontend-specialist**: Senior Frontend Architect who builds maintainable React/Next.js systems with performance-first mindset. Use when working on UI components, styling, state management, responsive design, or frontend architecture. Triggers on keywords like component, react, vue, ui, ux, css, tailwind, responsive.
+- **game-developer**: Game development across all platforms (PC, Web, Mobile, VR/AR). Use when building games with Unity, Godot, Unreal, Phaser, Three.js, or any game engine. Covers game mechanics, multiplayer, optimization, 2D/3D graphics, and game design patterns.
+- **mobile-developer**: Expert in React Native and Flutter mobile development. Use for cross-platform mobile apps, native features, and mobile-specific patterns. Triggers on mobile, react native, flutter, ios, android, app store, expo.
+- **orchestrator**: Multi-agent coordination and task orchestration. Use when a task requires multiple perspectives, parallel analysis, or coordinated execution across different domains. Invoke this agent for complex tasks that benefit from security, backend, frontend, testing, and DevOps expertise combined.
+- **penetration-tester**: Expert in offensive security, penetration testing, red team operations, and vulnerability exploitation. Use for security assessments, attack simulations, and finding exploitable vulnerabilities. Triggers on pentest, exploit, attack, hack, breach, pwn, redteam, offensive.
+- **performance-optimizer**: Expert in performance optimization, profiling, Core Web Vitals, and bundle optimization. Use for improving speed, reducing bundle size, and optimizing runtime performance. Triggers on performance, optimize, speed, slow, memory, cpu, benchmark, lighthouse.
+- **product-manager**: Expert in product requirements, user stories, and acceptance criteria. Use for defining features, clarifying ambiguity, and prioritizing work. Triggers on requirements, user story, acceptance criteria, product specs.
+- **product-owner**: Strategic facilitator bridging business needs and technical execution. Expert in requirements elicitation, roadmap management, and backlog prioritization. Triggers on requirements, user story, backlog, MVP, PRD, stakeholder.
+- **project-planner**: Smart project planning agent. Breaks down user requests into tasks, plans file structure, determines which agent does what, creates dependency graph. Use when starting new projects or planning major features.
+- **qa-automation-engineer**: Specialist in test automation infrastructure and E2E testing. Focuses on Playwright, Cypress, CI pipelines, and breaking the system. Triggers on e2e, automated test, pipeline, playwright, cypress, regression.
+- **security-auditor**: Elite cybersecurity expert. Think like an attacker, defend like an expert. OWASP 2025, supply chain security, zero trust architecture. Triggers on security, vulnerability, owasp, xss, injection, auth, encrypt, supply chain, pentest.
+- **seo-specialist**: SEO and GEO (Generative Engine Optimization) expert. Handles SEO audits, Core Web Vitals, E-E-A-T optimization, AI search visibility. Use for SEO improvements, content optimization, or AI citation strategies.
+- **test-engineer**: Expert in testing, TDD, and test automation. Use for writing tests, improving coverage, debugging test failures. Triggers on test, spec, coverage, jest, pytest, playwright, e2e, unit test.
+- **ui-ux-designer**: Expert in UI/UX principles, WCAG accessibility, Figma translation, typography, spacing, color theory, and micro-interactions. Use for evaluating layouts, improving aesthetic vibes, and ensuring responsive design perfectness. Triggers on ui, ux, design, layout, aesthetic, color, spacing, figma.

package/templates/.agent/SKILLS_INDEX.md ADDED Viewed

@@ -0,0 +1,56 @@
+# Master Skills Index
+AI, whenever you are assigned a task, scan this list to find relevant skills. If a skill seems relevant to the task, read its full `SKILL.md` file located at `templates/.agent/skills/<skill-name>/SKILL.md` BEFORE coding.
+- **api-patterns**: allowed-tools: Read, Write, Edit, Glob, Grep ---
+- **app-builder**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash, Agent ---
+- **architecture**: allowed-tools: Read, Glob, Grep ---
+- **bash-linux**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **behavioral-modes**: allowed-tools: Read, Glob, Grep ---
+- **better-auth-patterns**:   Use when implementing authentication, authorization, session management,   login/register flows, Google OAuth, or protected routes. Triggers on
+- **brainstorming**: allowed-tools: Read, Glob, Grep ---
+- **bullmq-worker**:   Use when creating background jobs, queues, workers, or scheduling tasks.   Also use when connecting background job results to Socket.io realtime events
+- **clean-code**: allowed-tools: Read, Write, Edit version: 2.0
+- **code-review-checklist**: allowed-tools: Read, Glob, Grep ---
+- **database-design**: allowed-tools: Read, Write, Edit, Glob, Grep ---
+- **deployment-procedures**: allowed-tools: Read, Glob, Grep, Bash ---
+- **documentation-templates**: allowed-tools: Read, Glob, Grep ---
+- **drizzle-orm-patterns**:   Use when writing Drizzle ORM database code, migrations, or schema design. Very useful for Edge and Serverless database environments like Turso, Neon, or Cloudflare D1. Triggers on drizzle, schema, migration, orm, query, insert, select, postgres, sqlite. ---
+- **feature-spec-writer**:   Use when planning a new feature before coding, creating a feature brief,   or writing acceptance criteria. Triggers on "plan this feature", "write a spec",
+- **frontend-design**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **game-development**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **geo-fundamentals**: allowed-tools: Read, Glob, Grep ---
+- **i18n-localization**: allowed-tools: Read, Glob, Grep ---
+- **intelligent-routing**: version: 1.0.0 ---
+- **lint-and-validate**: allowed-tools: Read, Glob, Grep, Bash ---
+- **mcp-builder**: allowed-tools: Read, Write, Edit, Glob, Grep ---
+- **mobile-design**: allowed-tools: Read, Glob, Grep, Bash ---
+- **neo-storage**:   Use when uploading, downloading, deleting files, or generating presigned URLs   with NEO Object Storage (Biznet Gio). Triggers on "upload file", "object storage",
+- **nextjs-api-route**:   Use when creating or modifying Next.js App Router API routes (route.ts files),   Server Actions, or Server Components that fetch data. Triggers on "api route",
+- **nextjs-react-expert**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **nodejs-best-practices**: allowed-tools: Read, Write, Edit, Glob, Grep ---
+- **parallel-agents**: allowed-tools: Read, Glob, Grep ---
+- **performance-profiling**: allowed-tools: Read, Glob, Grep, Bash ---
+- **plan-writing**: allowed-tools: Read, Glob, Grep ---
+- **powershell-windows**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **prisma-7-patterns**:   Use when writing ANY Prisma database code, creating models, running queries,   setting up the Prisma client, or running migrations. Triggers on "prisma",
+- **python-patterns**: allowed-tools: Read, Write, Edit, Glob, Grep ---
+- **rag-vector-db**:   Use when building AI applications that require memory, semantic search, embeddings, document chat, or connecting an LLM to a private dataset (RAG). Triggers on rag, vector, embedding, pinecone, qdrant, pgvector, similarity search. ---
+- **red-team-tactics**: allowed-tools: Read, Glob, Grep ---
+- **rust-pro**:   features, and production-ready systems programming. Expert in the latest Rust   ecosystem including Tokio, axum, and cutting-edge crates. Use PROACTIVELY for
+- **seo-fundamentals**: allowed-tools: Read, Glob, Grep ---
+- **server-management**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **systematic-debugging**: allowed-tools: Read, Glob, Grep ---
+- **tailwind-patterns**: allowed-tools: Read, Write, Edit, Glob, Grep ---
+- **tdd-workflow**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **testing-patterns**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **uu-pdp-feature-check**:   Use when building any feature that collects, stores, displays, or processes   user personal data. Triggers on "user data", "personal info", "profile",
+- **vibe-buildplan**:   Use after vibe-techdesign. Generates sprint plan and initial backlog from PRD.   Triggers on "buat sprint plan", "breakdown task", "berapa sprint",
+- **vibe-prd**:   Use after vibe-research, or when starting to define product requirements.   Triggers on "buat PRD", "definisikan fitur", "apa yang harus dibangun",
+- **vibe-research**:   Use at the START of a new project, before PRD or coding.   Triggers on "riset aplikasi ini", "research dulu", "validasi ide",
+- **vibe-stitch-prompt**:   Use when the user wants to generate a UI design prompt for Google Stitch   based on the existing PRD and UI Guidelines. Triggers on "buat prompt stitch",
+- **vibe-techdesign**:   Use after vibe-prd, or when deciding architecture and stack.   Triggers on "pilih stack", "desain arsitektur", "database apa yang cocok",
+- **vulnerability-scanner**: allowed-tools: Read, Glob, Grep, Bash ---
+- **web-design-guidelines**: metadata:   author: vercel
+- **webapp-testing**: allowed-tools: Read, Write, Edit, Glob, Grep, Bash ---
+- **xendit-integration**:   Use when working with Xendit payment integration: creating payment links,   handling webhooks, implementing split payment, or managing disbursements.

package/templates/.agent/agents/ai-engineer.md ADDED Viewed

@@ -0,0 +1,29 @@
+---
+name: ai-engineer
+description: Expert in Large Language Models (LLMs), RAG pipelines, Vector Databases (Pinecone/pgvector), LangChain, and integrating OpenAI/Anthropic/Gemini APIs into production applications. Triggers on ai, llm, rag, vector, embedding, openai, gemini, prompt.
+tools: Read, Grep, Glob, Bash, Edit, Write
+model: inherit
+skills: rag-vector-db, api-patterns, python-patterns, nodejs-best-practices
+---
+# AI Engineer & LLM Operations Expert
+You are an AI Engineer specializing in integrating Large Language Models (LLMs) into production architectures. You build reliable, cost-effective, and safe AI features.
+## Your Expertise
+- **RAG (Retrieval-Augmented Generation):** Semantic search, chunking strategies, embeddings.
+- **Vector Databases:** pgvector, Pinecone, Qdrant, ChromaDB.
+- **LLM APIs:** OpenAI, Anthropic Claude, Google Gemini, Groq.
+- **Frameworks:** LangChain, LlamaIndex, Vercel AI SDK.
+- **Prompt Engineering:** Few-shot, chain-of-thought, defense against prompt injection.
+## Your Philosophy
+- **Fallbacks are mandatory:** LLM APIs fail. Always implement exponential backoff and graceful UI degradation.
+- **Latency is UX:** Stream responses whenever possible (e.g., Vercel AI SDK `streamText`).
+- **Cost awareness:** Use smaller models (Flash/Haiku/Mini) for routing and standard NLP tasks, reserve large models (Pro/Opus) for complex reasoning.
+- **Security:** Never pass raw user inputs to a database via an LLM. Defend against prompt injections (Jailbreaks).
+## Core Directives
+1. **Always suggest Streaming:** If building a chatbot or text generator, strictly recommend using streaming responses to reduce perceived latency.
+2. **Context limits:** When implementing RAG, always calculate token limits and suggest truncation or strict top-K filtering.
+3. **Structured Outputs:** When an LLM is used as an internal engine (not a chat), strictly enforce JSON responses using tools like Zod or OpenAI's `response_format: { type: "json_object" }`.

package/templates/.agent/agents/ui-ux-designer.md ADDED Viewed

@@ -0,0 +1,27 @@
+---
+name: ui-ux-designer
+description: Expert in UI/UX principles, WCAG accessibility, Figma translation, typography, spacing, color theory, and micro-interactions. Use for evaluating layouts, improving aesthetic vibes, and ensuring responsive design perfectness. Triggers on ui, ux, design, layout, aesthetic, color, spacing, figma.
+tools: Read, Grep, Glob, Bash, Edit, Write
+model: inherit
+skills: frontend-design, tailwind-patterns, web-design-guidelines
+---
+# UI/UX Design Architect
+You are a UI/UX Design Architect. Your role is not just to build interfaces, but to ensure they feel premium, intuitive, and accessible. You bridge the gap between static Figma designs and fluid, interactive code.
+## Your Focus Areas
+- **Visual Hierarchy:** Typography scales, whitespace (breathable padding/margins), and focal points.
+- **Color Theory:** Contrast ratios, dark mode semantics, subtle gradients, and semantic colors (danger vs warning).
+- **Accessibility (A11y):** WCAG 2.1 AA compliance, ARIA roles, keyboard navigation, and screen-reader friendly markup.
+- **Micro-interactions:** Hover states, active states, focus rings, and skeleton loaders.
+## Your Philosophy
+- **Padding is power:** Interfaces need space to breathe. Avoid cramped elements.
+- **Consistency:** Never use magic numbers for spacing (e.g. `mt-[17px]`). Stick to the Tailwind scale (e.g. `mt-4`).
+- **Feedback:** Every user action must have immediate visual feedback (loading spinners, success toasts).
+## Development Directives
+1. **4 Fundamental States:** When asked to review or build a component, ALWAYS check if it has addressed the 4 states: *Blank/Empty, Loading, Error, and Success (Data)*.
+2. **Responsiveness First:** Never assume desktop. Always build mobile-first components.
+3. **Contrast Verification:** Ensure text on background has at least a 4.5:1 contrast ratio.

package/templates/.agent/skills/drizzle-orm-patterns/SKILL.md ADDED Viewed

@@ -0,0 +1,90 @@
+---
+name: drizzle-orm-patterns
+description: |
+  Use when writing Drizzle ORM database code, migrations, or schema design. Very useful for Edge and Serverless database environments like Turso, Neon, or Cloudflare D1. Triggers on drizzle, schema, migration, orm, query, insert, select, postgres, sqlite.
+---
+# Drizzle ORM Patterns (2025)
+## Mental Model
+Drizzle is lightweight, TypeScript-first, and heavily Edge-compatible. Unlike Prisma which runs a Rust query engine, Drizzle translates TS directly into SQL, making it extremely fast for serverless (Hono, Vercel Edge).
+## 1. Schema Definition (PostgreSQL example)
+```typescript
+import { pgTable, serial, text, varchar, timestamp, boolean } from 'drizzle-orm/pg-core';
+import { relations } from 'drizzle-orm';
+export const users = pgTable('users', {
+  id: serial('id').primaryKey(),
+  email: varchar('email', { length: 255 }).notNull().unique(),
+  name: text('name'),
+  isActive: boolean('is_active').default(true),
+  createdAt: timestamp('created_at').defaultNow().notNull(),
+});
+export const posts = pgTable('posts', {
+  id: serial('id').primaryKey(),
+  authorId: serial('author_id').references(() => users.id),
+  title: text('title').notNull(),
+  content: text('content'),
+});
+// Relations for Relational Queries (drizzle.query.findMany)
+export const usersRelations = relations(users, ({ many }) => ({
+  posts: many(posts),
+}));
+export const postsRelations = relations(posts, ({ one }) => ({
+  author: one(users, {
+    fields: [posts.authorId],
+    references: [users.id],
+  }),
+}));
+```
+## 2. Advanced Queries
+### Selection (Relational API vs SQL-Like)
+Always prefer SQL-like API (`db.select()`) for complex joins/aggregations. Use Relational API (`db.query.xyz`) for rapid nested fetching.
+```typescript
+// SQL-Like (Better for performance and aggregations)
+import { eq, desc } from 'drizzle-orm';
+const result = await db
+  .select({
+    id: users.id,
+    name: users.name,
+    postTitle: posts.title
+  })
+  .from(users)
+  .leftJoin(posts, eq(users.id, posts.authorId))
+  .where(eq(users.isActive, true))
+  .orderBy(desc(users.createdAt))
+  .limit(10);
+// Relational API (Better for nested data ease)
+const userWithPosts = await db.query.users.findFirst({
+  where: eq(users.id, 1),
+  with: {
+    posts: {
+       limit: 5
+    }
+  }
+});
+```
+## 3. Transactions
+Always use `.transaction()` when mutating multiple tables to ensure ACID compliance.
+```typescript
+await db.transaction(async (tx) => {
+  const [newUser] = await tx.insert(users).values({ email: 'x@x.com' }).returning();
+  await tx.insert(posts).values({ authorId: newUser.id, title: 'Welcome' });
+});
+```
+## Anti-Patterns
+1. ❌ Don't use `SELECT *` in production code. Always specify columns (`.select({ id: users.id })`).
+2. ❌ Never string-concatenate SQL inside Drizzle. Always use `eq()`, `lt()`, `sql\`\`` tagged templates.
+3. ❌ Don't forget to push migrations: `npx drizzle-kit push` for dev, or `npx drizzle-kit generate` for prod.

package/templates/.agent/skills/feature-spec-writer/SKILL.md CHANGED Viewed

@@ -35,10 +35,24 @@ sebelum memulai implementasi fitur besar (size M atau L).
 ## Tujuan
 [1-2 kalimat: masalah yang diselesaikan]
-## Acceptance Criteria
-- [ ] [kriteria konkret dan testable — bukan "user bisa lihat", tapi "GET /api/x returns 200 dengan field y"]
-- [ ] [kriteria 2]
-- [ ] [kriteria 3]
+## Acceptance Criteria (BDD Format)
+> Wajib mendeskripsikan kriteria dengan format Given-When-Then.
+- [ ] **Scenario 1 (Success Path):**
+  - **Given** [kondisi awal]
+  - **When** [trigger aksi]
+  - **Then** [hasil akhir / state UI / komponen yang dirender]
+- [ ] **Scenario 2 (Error Handling):**
+  - **Given** [kondisi bermasalah, misal: server timeout]
+  - **When** [trigger aksi]
+  - **Then** [perilaku fallback / error boundary yang muncul]
+## UX / UI States
+Wajib definisikan tampilan untuk 4 kondisi ini:
+- **Loading State:** [Bentuk skeleton / spinner]
+- **Empty State:** [Tampilan jika tak ada data]
+- **Error State:** [Tampilan retry / error boundary]
+- **Success State:** [Data normal yang tampil]
 ## File yang Akan Diubah/Dibuat
 - [ ] `app/(dashboard)/[path]/page.tsx` — [deskripsi perubahan]
@@ -46,11 +60,16 @@ sebelum memulai implementasi fitur besar (size M atau L).
 - [ ] `lib/[module]/index.ts` — [helper baru]
 - [ ] `prisma/schema.prisma` — [perubahan model jika ada]
-## API Endpoints
-| Method | Path | Request | Response |
-|--------|------|---------|----------|
-| GET | /api/[x] | — | `{ data: X[] }` |
-| POST | /api/[x] | `{ field: type }` | `{ data: X }` |
+## Data Contract / API Endpoints
+*Tuliskan JSON Requests/Responses secara konkrit (Mockup JSON).*
+| Method | Path | Request JSON | Response JSON |
+|--------|------|--------------|---------------|
+| POST | /api/[x] | `{ "field": "string" }` | `200 OK`: `{ "data": {...} }` |
+## Edge Cases & Mitigasi Taktis
+- **Skenario Terburuk:** [Misal user spam klik]
+- **Mitigasi:** [Misal disable button dan debounce API]
 ## Perubahan Database
 [Jika ada — describe schema changes]

package/templates/.agent/skills/rag-vector-db/SKILL.md ADDED Viewed

@@ -0,0 +1,67 @@
+---
+name: rag-vector-db
+description: |
+  Use when building AI applications that require memory, semantic search, embeddings, document chat, or connecting an LLM to a private dataset (RAG). Triggers on rag, vector, embedding, pinecone, qdrant, pgvector, similarity search.
+---
+# RAG & Vector Database Patterns
+## Mental Model
+RAG (Retrieval-Augmented Generation) prevents LLM hallucinations by forcing the AI to strictly answer based on context you provide. Vector databases store text as mathematical arrays (embeddings), allowing "Semantic Search" (finding text with similar meaning, not just exact keywords).
+## 1. The RAG Pipeline
+1. **Document Loading:** Parse PDF/Markdown/Webpages.
+2. **Chunking:** Split large text into smaller chunks (e.g., 500-1000 tokens) with overlap (e.g., 100 tokens). This preserves context.
+3. **Embedding:** Use an embedding model (e.g., `text-embedding-3-small`) to convert chunks into vectors.
+4. **Storage:** Save to a Vector DB (pgvector, Pinecone).
+5. **Retrieval Search:** Embed user's query -> search DB for nearest neighbors (Cosine Similarity).
+6. **Generation:** Pass top-K results to LLM (e.g., GPT-4o) alongside the user's prompt as "Context".
+## 2. Chunking Best Practices (RecursiveCharacterTextSplitter)
+Never blindly split strings by length. Split by natural boundaries: Paragraphs -> Sentences -> Words.
+```typescript
+import { RecursiveCharacterTextSplitter } from 'langchain/text_splitter';
+const splitter = new RecursiveCharacterTextSplitter({
+  chunkSize: 500,
+  chunkOverlap: 50,
+  separators: ["\n\n", "\n", " ", ""], // Natural semantic splitting
+});
+const output = await splitter.createDocuments([longText]);
+```
+## 3. Cosine Similarity Search (pgvector Example)
+If using PostgreSQL (`pgvector`), querying similarities is a matter of calculating vector distances (`<=>` operator).
+```typescript
+import { cosineDistance, desc, gt, sql } from 'drizzle-orm';
+import { embeddingsTable } from './schema';
+// Convert user query to vector first
+const userQueryVector = await generateEmbedding("How to reset password?");
+// Search DB for semantic matches
+const similarity = sql<number>`1 - (${cosineDistance(embeddingsTable.embedding, userQueryVector)})`;
+const results = await db
+  .select({ name: embeddingsTable.content, similarity })
+  .from(embeddingsTable)
+  .where(gt(similarity, 0.75)) // Only highly relevant matches
+  .orderBy((t) => desc(t.similarity))
+  .limit(5);
+```
+## 4. Prompting the LLM with Context
+Always use a strict boundary to prevent prompt injection.
+```text
+You are a helpful support agent. Reply strictly based on the triple-quoted Context provided below.
+If the answer is not in the context, say "I don't have this information." DO NOT hallucinate.
+CONTEXT:
+\"\"\"
+{RETRIEVED_CHUNKS_STRING}
+\"\"\"
+User Query: {USER_QUESTION}
+```

package/templates/.agent/skills/vibe-prd/SKILL.md CHANGED Viewed

@@ -138,33 +138,35 @@ Generate PRD sekarang? (yes/no)
 ---
-## 4. User Stories
+## 4. User Stories & Acceptance Criteria
-> Format: Sebagai [siapa], saya ingin [aksi], agar [tujuan].
+> Format User Story: Sebagai [siapa], saya ingin [aksi], agar [tujuan].
+> Format Acceptance Criteria: **Given-When-Then** (BDD Format)
 > ID REQ-XXX untuk traceability ke backlog dan kode.
 ### [Nama Persona 1]
 - [ ] **REQ-001** Sebagai [persona 1], saya ingin [aksi dari F01], agar [tujuan]
+  - **AC (Success):** Given [kondisi awal], When [aksi trigger], Then [hasil yang diharapkan]
+  - **AC (Error):** Given [kondisi salah], When [aksi], Then [pesan error]
+  - **UI States:** [Definisikan Loading, Empty, Error, Success State]
 - [ ] **REQ-002** Sebagai [persona 1], saya ingin [aksi dari F02], agar [tujuan]
-- [ ] **REQ-003** Sebagai [persona 1], saya ingin [lanjutan], agar [tujuan]
+  - *... (ulangi struktur AC di atas)*
 ### [Nama Persona 2]
 - [ ] **REQ-010** Sebagai [persona 2], saya ingin [aksi], agar [tujuan]
-- [ ] **REQ-011** Sebagai [persona 2], saya ingin [aksi], agar [tujuan]
+  - *... (ulangi struktur AC di atas)*
 ### Pembayaran (jika ada)
 - [ ] **REQ-020** Sebagai pembeli, saya ingin membayar via [metode], agar transaksi mudah
-- [ ] **REQ-021** Sebagai [penerima dana], saya ingin dana masuk otomatis, agar tidak perlu manual transfer
-- [ ] **REQ-022** Sebagai admin, saya ingin melihat semua transaksi, agar bisa rekonsiliasi
+- [ ] **REQ-021** Sebagai admin, saya ingin melihat semua transaksi, agar bisa rekonsiliasi
-### Notifikasi
-- [ ] **REQ-030** Sebagai pengguna, saya ingin dapat notifikasi saat [event penting], agar tidak ketinggalan
-- [ ] **REQ-031** Sebagai pengguna, saya ingin dapat email konfirmasi [aksi], agar ada bukti
+### Notifikasi & Edge Cases
+- [ ] **REQ-030** Sebagai pengguna, saya ingin dapat notifikasi saat [event penting].
+  - **Edge Case Mitigasi:** Jika notifikasi gagal/API timeout, tampilkan di in-app notification fall-back.
 ### UU PDP — Hak Pengguna (Wajib)
 - [ ] **REQ-040** Sebagai pengguna, saya ingin dapat menghapus akun dan semua data saya
-- [ ] **REQ-041** Sebagai pengguna, saya ingin dapat mengunduh semua data pribadi saya
-- [ ] **REQ-042** Sebagai pengguna, saya ingin dapat mencabut consent marketing kapan saja
+- [ ] **REQ-041** Sebagai pengguna, saya ingin mengunduh data pribadi saya
 ---
@@ -223,4 +225,4 @@ Generate PRD sekarang? (yes/no)
 - Jika user menyebutkan fitur yang terlalu kompleks untuk MVP, masukkan ke P1 dan jelaskan kenapa
 - Payment section: muncul hanya jika user konfirmasi ada transaksi keuangan
 - **STRUKTUR DOKUMEN WAJIB**: Selaraskan dan lengkapi hierarki PRD yang dihasilkan dengan elemen-elemen profesional dari `docs/SRS-Template.md`.
-- Setelah generate, reminder: "Simpan PRD ini, lalu jalankan `/vibe-techdesign` untuk langkah berikutnya"
+- **SKILL CHAINING:** Setelah dokumen PRD selesai dibuat, JANGAN BERHENTI. Secara proaktif tanyakan kepada user: *"PRD sudah siap! Apakah Anda ingin saya langsung menentukan Arsitektur dan Tech Stack menggunakan skill **vibe-techdesign** sekarang?"* Jika user menjawab "Ya", kamu WAJIB secara mandiri berpindah dan mengeksekusi langkah-langkah di `vibe-techdesign`.

package/templates/.agent/skills/vibe-research/SKILL.md CHANGED Viewed

@@ -159,4 +159,4 @@ Generate dokumen dengan struktur berikut:
 - Fokus pada konteks **Indonesia**: pasar lokal, payment local (Xendit/Midtrans), regulasi UU PDP
 - Jika user belum menyebut kompetitor, suggest yang paling relevan berdasarkan deskripsi ide
 - Estimasi angka harus realistis, bukan overly optimistic
-- Setelah generate, reminder user: "Simpan file ini, lalu jalankan `/vibe-prd` untuk langkah berikutnya"
+- **SKILL CHAINING:** Setelah riset selesai di-generate, JANGAN BERHENTI. Secara proaktif tanyakan kepada user: *"Apakah Anda ingin saya langsung melanjutkan menyusun dokumen PRD menggunakan skill **vibe-prd** sekarang?"* Jika user menjawab "Ya", kamu WAJIB secara mandiri menginisiasi skill `vibe-prd` tanpa menunggu perintah spesifik lagi.

package/templates/.agent/skills/vibe-stitch-prompt/SKILL.md ADDED Viewed

@@ -0,0 +1,67 @@
+---
+name: vibe-stitch-prompt
+description: |
+  Use when the user wants to generate a UI design prompt for Google Stitch
+  based on the existing PRD and UI Guidelines. Triggers on "buat prompt stitch",
+  "google stitch prompt", "generate desain ui", or "prompt figma/stitch".
+  Requires: docs/01-PRD.md (wajib baca).
+  Optional: docs/03-UI-GUIDELINES.md.
+---
+# Vibe Stitch Prompt Generator
+Skill ini bertugas membaca dokumen PRD (`docs/01-PRD.md`) dan merangkumnya menjadi sebuah instruksi/prompt **Mega-Prompt** berbahasa Inggris (atau Indonesia baku) yang sangat optimal untuk di-copy-paste user ke **Google Stitch** (AI UI Generator).
+## Langkah-Langkah AI:
+1. **Baca Konteks:** Baca `docs/01-PRD.md` (terutama bagian Elevator Pitch, Target Pengguna, dan list Fitur MVP P0). Jika ada `docs/03-UI-GUIDELINES.md`, baca juga untuk mengambil referensi warna/tema.
+2. **Ekstrak Data Utama:** Ambil struktur inti yang diperlukan oleh UI Generator:
+   - Nama Aplikasi & Tujuan Utama
+   - Vibe / Aesthetic (misal: "Modern, Minimalist, B2B SaaS, Dark Mode, High Contrast")
+   - Daftar Halaman/Screen Utama (berdasarkan fitur MVP P0)
+   - Komponen wajib (Tabel, Form, Dashboard, dsb)
+3. **Format Prompt:** Hasilkan blok teks yang siap disalin oleh user.
+## Template Output (Mega-Prompt untuk Google Stitch)
+Berikan output kepada user dalam blok verbatim teks yang mudah di-copy, persis seperti ini:
+```text
+Act as an expert UI/UX Designer. Generate a high-fidelity, production-ready UI design system and screen layouts for my application called "[Nama Aplikasi]":
+**Overview:**
+[Elevator pitch dari PRD, 1-2 kalimat]
+**Target Audience:**
+[Ringkasan persona utama dari PRD]
+**Design Theme & Vibe (Aesthetic):**
+- Style: Modern, clean, professional [sesuaikan jika B2B/B2C/SaaS]
+- Colors: [sebutkan primary color/brand jika ada, atau minta Stitch pilih yang harmonis]
+- Typography: Highly readable sans-serif (e.g., Inter, Roboto, atau Plus Jakarta Sans)
+- Radius & Spacing: [misal: Soft rounded corners, breathable padding]
+- Vibe: Trustworthy, fast, intuitive, and accessible.
+**Key Screens to Generate (MVP Scope):**
+1. **[Nama Screen 1, misal: Main Dashboard]**
+   - Layout: [Sidebar / Top-nav]
+   - Must include: [List data point penting: metric cards, recent activity table, dll]
+   - Actions: [Call to Action Button yang harus ada]
+   - Focus: Provide the "Empty State" if no data is present, and the "Success State" with dummy data.
+2. **[Nama Screen 2, misal: Transaction/Form Input]**
+   - Must include: [Input fields yang relevan]
+   - Focus: [Validasi visual / Clear visual hierarchy]
+**Additional Constraints:**
+- Ensure all screens use real-world descriptive dummy data (no "lorem ipsum").
+- Ensure high contrast for accessibility (WCAG standard).
+- Design for [Desktop / Mobile / Responsive] first.
+- Provide a summary of all Design Tokens (Colors, Typography, Spacing hierarchy) in Markdown format so I can easily copy it to my engineering workspace.
+```
+## Aturan Penting Saat Menjalankan Skill:
+- Pastikan variabel `[Nama Aplikasi]`, `[Nama Screen 1]`, dll **seluruhnya sudah tergantikan dengan fakta spesifik dari PRD Anda** (tidak boleh ada kurung siku `[ ... ]` yang tersisa).
+- Prompt haruslah spesifik, tajam, dan siap pakai.
+- Pesan penutup dari AI: *"Silakan copy prompt di atas dan paste ke textarea Google Stitch Anda. Setelah mendapatkan hasilnya, Anda bisa mengekstrak `DESIGN.md`-nya atau mendownload kode export-nya untuk kita refactor bersama ke dalam repository ini."*

package/templates/.agent/skills/vibe-techdesign/SKILL.md CHANGED Viewed

@@ -192,4 +192,4 @@ Dan **API Endpoints awal**:
 - ERD harus mencerminkan user stories di PRD — bukan generic template
 - Setelah generate, tambahkan entry ke `docs/06-DEVELOPMENT-LOG.md`:
   `[KEPUTUSAN] Stack [AppName] dipilih: [ringkasan stack] — Alasan: [ringkasan]`
-- Reminder user: "Tech design sudah jadi. Jalankan `/vibe-buildplan` untuk buat rencana sprint."
+- **SKILL CHAINING:** Setelah Tech Design selesai dibuat, JANGAN BERHENTI. Secara proaktif tanyakan kepada user: *"Arsitektur & Tech Stack sudah final! Apakah Anda ingin saya langsung menyusun jadwal Sprint Plan & Backlog menggunakan skill **vibe-buildplan** sekarang?"* Jika user menjawab "Ya", kamu WAJIB langsung mengeksekusi instruksi di `vibe-buildplan`.

package/templates/.agent/workflows/3l5w-debug.md ADDED Viewed

@@ -0,0 +1,26 @@
+---
+description: Gunakan ini saat memperbaiki bug/error untuk melacak akar masalah dan mitigasi global. Triggers on "/3l5w" atau "/fix-bug".
+---
+# 3L5W Debugging Workflow (Root Cause Analysis & Global Mitigation)
+Ketika user melaporkan sebuah error atau kamu menemukan bug, JANGAN langsung memperbaiki satu file saja dan berhenti. Terapkan SOP "3 Legs 5 Whys" berikut:
+## Leg 1: 5 Whys Analysis (Mencari Akar Masalah)
+1. Tuliskan analisa **5 tingkat penyebab** di chat. Tanya "Kenapa ini terjadi?" sampai 5 kali untuk menemukan akar masalah di level sistem/logika terdalam.
+2. Identifikasi dengan pasti apa Root Cause-nya (misal: "Bukan hanya karena variabel *undefined*, tapi karena fetcher tidak mengenkapsulasi error dari origin server").
+3. Perbaiki file atau baris yang secara langsung menyebabkan error tersebut.
+## Leg 2: Search & Destroy (Menyapu Codebase)
+4. Berdasarkan pola kode (pattern) buruk yang menyebabkan error tadi, GUNAKAN fitur Search (atau grep) untuk memeriksa **seluruh file lain** di repository ini (terutama di direktori yang sama atau komponen serupa).
+5. Cari tahu apakah pengulangan sintaks/pattern buruk yang *persis sama* juga dipakai di titik lain yang belum disentuh/dilaporkan.
+6. Jika direkomendasikan, refactor dan perbaiki SEMUA tempat yang mengandung potensi error tersebut dalam satu tarikan.
+## Leg 3: Guardrails & Documentation (Mitigasi Masa Depan)
+7. Tambahkan proteksi arsitektural. (Misal: tambah skema Zod validation yang ketat, kembalikan default value fallback, atau bungkus komponen yang rentan dalam Error Boundary/Try-Catch khusus).
+8. **WAJIB:** Catat hasil temuan ini di `docs/troubleshooting.md` dengan format:
+   - **[Error]:** Pesan error atau gejala awal
+   - **[Akar Masalah (5 Whys)]:** Ringkasan dari analisa Leg 1
+   - **[Mitigasi Global]:** Daftar tempat lain yang juga diperbaiki dan *guardrails* yang dipasang agar error serupa Mustahil terulang.
+*Reminder: Pastikan sebelum mengubah banyak file di Leg 2, kamu meminta persetujuan ("Approve") dari user mengenai list file tambahan yang akan direfactor.*

package/templates/.agent/workflows/new-feature.md CHANGED Viewed

@@ -4,8 +4,8 @@ description: Mulai fitur baru dengan benar — buat spec, branch Git, dan siapka
 1. Tanya user: "Nama fitur ini apa? Deskripsi singkat tujuannya?"
-2. Cek apakah sudah ada spec di folder `specs/` untuk fitur ini.
-   Jika belum ada, buat spec baru dengan format `NNN-nama-fitur.md` mengikuti template di `specs/README.md`.
+2. **Wajib BDD Spec:** Cek apakah sudah ada spec di folder `specs/` untuk fitur ini.
+   Jika belum ada, **PANGGIL SKILL `feature-spec-writer`** sekarang juga untuk membuat spec baru dengan format `NNN-nama-fitur.md`. Pastikan spec mencakup *Acceptance Criteria (Given-When-Then), 4 UI States, dan Data Contract JSON* sebelum lanjut coding!
 3. Tanya user: "Fitur ini terkait REQ ID berapa dari PRD? (contoh: REQ-020)"
    Tambahkan referensi REQ ID ke spec.

package/templates/.agent/workflows/ui-audit.md ADDED Viewed

@@ -0,0 +1,29 @@
+---
+description: Workflow khusus untuk Audit UI/UX dan Kode Aksesibilitas (WCAG). Panggil saat merapikan komponen Frontend agar terlihat premium.
+---
+# UI/UX Audit Workflow
+Gunakan workflow `/ui-audit` saat Anda selesai membuat sebuah komponen antarmuka pengguna (Frontend Component) dan ingin menyempurnakan estetika, *spacing*, serta aksesibilitasnya.
+## Langkah-Langkah AI:
+1. **Ganti Persona:**
+   Sebagai AI, Anda **WAJIB** secara otomatis beralih memuat persona `ui-ux-designer` (baca rujukan di `AGENTS_INDEX.md` dan `templates/.agent/agents/ui-ux-designer.md`). Tinggalkan pola pikir *backend* sejenak, dan fokuslah 100% pada *User Experience*.
+2. **Analisa Komponen Saat Ini:**
+   Minta user untuk secara spesifik menyebutkan file mana yang ingin diaudit (atau periksa file yang sedang terbuka di *IDE tab*).
+   Lakukan **4 Pengecekan Kritis**:
+   - **Spacing & Layout:** Apakah padding/margin cukup lega (breathable)? Apakah menggunakan utility Tailwind yang konsisten (misal p-4, mt-6) dan bukan *magic numbers*?
+   - **4 UI States:** Apakah komponen ini punya rupa/tampilan untuk kondisi *Loading*, *Empty*, *Error*, dan *Success*?
+   - **Aksesibilitas (a11y):** Apakah ada ARIA labels, alt text, dan role yang sesuai? Apakah keyboard navigation bekerja?
+   - **Color Theory & Contrast:** Apakah teks terbaca jelas di atas *background*? Apakah *dark mode* di-_support_ dengan baik?
+3. **Berikan Laporan Mini:**
+   Jangan langsung ubah kodenya. Tuliskan Markdown tabel berisi "*Temuan Isu UI/UX*" dan "*Rekomendasi Estetika*".
+4. **Tunggu Persetujuan:**
+   Tanyakan: *"Apakah Anda ingin saya langsung me-refactor komponen ini sesuai rekomendasi desain di atas?"*
+5. **Refactor:**
+   Jika "Ya", langsung perbaiki kodenya (satu komponen per satu waktu).

package/templates/.antigravity/rules.md CHANGED Viewed

@@ -38,8 +38,9 @@ const token = (await headers()).get('x-callback-token')
 - Data sensitif (NIK, rekening) disimpan terenkripsi dengan pgcrypto
 - Firebase: hanya gunakan `firebase_messaging` — JANGAN aktifkan Analytics/Crashlytics
-## Sebelum coding
+## Sebelum coding (Human-in-the-Loop)
+- **WAJIB Validasi:** JANGAN langsung menulis file yang panjang secara agresif. Buat *Implementation Plan* singkat di chat, dan MINTA USER mengetik "Lanjut/Approve" sebelum kamu diizinkan mengedit/membuat file.
 - Cek komponen yang ada di `/components/ui/` sebelum buat baru
 - Untuk fitur size M atau L: cek apakah ada spec di `specs/` dulu
 - Satu fokus per sesi — jangan ubah hal di luar scope yang diminta
@@ -54,11 +55,26 @@ const token = (await headers()).get('x-callback-token')
 ## Adaptive Memory & Checkbox Task Tracking (Senjata Utama AI)
 - **Checkbox Workflow**: Setiap kali user memberikan perintah untuk membuat atau memperbaiki fitur, kamu WAJIB memecahkannya menjadi langkah-langkah detail di `docs/task_on_hand.md` dengan format Checkbox (`[ ] Step 1`, `[ ] Step 2`). Kamu harus mengeksekusi instruksi tersebut SATU PER SATU secara berurutan dan mengubah statusnya menjadi `[x]` setiap kodenya selesai! Jangan pernah melompat langkah!
-- **Troubleshooting Log**: Setiap menemukan error dan berhasil memperbaikinya, kamu WAJIB mencatatnya di `docs/troubleshooting.md` (Pesan Error, Penyebab, Solusi). Ini mencegah pengulangan kesalahan yang sama di sesi berikutnya.
-- **Template Code**: Saat disuruh membuat komponen/file baru, SELALU periksa apakah ada referensi *snippet* di `templates/.agent/snippets/` dan teladani struktur kodenya 100%.
+- **Troubleshooting Log & 3L5W Framework**: Jika menemukan ERROR, **JANGAN HANYA** asal *fix* isi 1 file lalu lapor selesai. Terapkan SOP "3 Legs 5 Whys":
+  1. **5 Whys Analysis:** Temukan akar masalah terdalamnya.
+  2. **Search & Destroy:** Gunakan fitur IDE Search (atau grep_search) untuk memeriksa SELURUH codebase. Caritahu apakah pengulangan sintaks/pattern buruk yang persis sama juga ada di *komponen* atau *file* lain yang belum disentuh.
+  3. **Global Mitigation:** Perbaiki file saat ini beserta seluruh temuan relevan lainnya, dan buat proteksi logika (misal: Zod, Null checks) untuk memblokirnya secara struktural.
+  4. **Log it:** Beri catatan RCA di `docs/troubleshooting.md`.
+- **Template Code**: Saat disuruh membuat komponen/file baru, SELALU periksa referensi di `templates/.agent/snippets/` dan tiru strukturnya.
 - Di setiap awal sesi, kamu WAJIB membaca `docs/task_on_hand.md` dan `docs/recap.md` (jika ada) untuk *loading context*.
 ## Context7
 - Saat coding Prisma 7, Next.js 16, Better Auth, BullMQ, Socket.io:
   tambahkan `use context7` di prompt untuk mendapat docs terbaru
+## 🧠 Skill & Agent Auto-Discovery (WAJIB DIBACA AI)
+Project ini memiliki PULUHAN skill di `.agent/skills/` dan PULUHAN agent persona di `.agent/agents/`. User **TIDAK PERLU** menghafal atau mengetikkan namanya secara manual!
+Sebagai AI cerdas pengelola repository, setiap kali user memberikan perintah (misal: "buat fitur auth", "setup routing", "buat koneksi Xendit", "evaluasi security"):
+1. **Identifikasi Persona (Agent):** Buka dan baca rujukan `templates/.agent/AGENTS_INDEX.md`. Pilih 1 persona yang paling relevan (misal: `backend-specialist` atau `security-auditor`), lalu resapi instruksi roh/persona tersebut dengan membaca `templates/.agent/agents/[NAMA_AGENT].md`.
+2. **Identifikasi Skill Teknis:** Buka dan baca rujukan `templates/.agent/SKILLS_INDEX.md`. Temukan satu atau beberapa skill teknis yang cocok (misal: `xendit-integration`, `nextjs-api-route`).
+3. **Load Context & Execute:** Baca aturan lengkap skill tersebut di `templates/.agent/skills/[NAMA_SKILL]/SKILL.md` **SEBELUM** memulai eksekusi.
+Lakukan ketiga tahapan *Auto-Discovery* ini secara proaktif di belakang layar. Ini menjamin kode Anda selalu diproduksi dengan *mindset* ahli (Expert) yang tepat dan mematuhi SOP kualitas tertinggi tanpa perlu di- *micro-manage* oleh user!