create-vasvibe 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/package.json +1 -1
  2. package/src/index.mjs +53 -9
  3. package/src/prompts.mjs +26 -0
  4. package/src/scaffold.mjs +10 -2
  5. package/src/upgrade.mjs +121 -0
  6. package/template/.agents/agents/backend/agent.json +44 -0
  7. package/template/.agents/agents/data-architect/agent.json +43 -0
  8. package/template/.agents/agents/discovery/agent.json +43 -0
  9. package/template/.agents/agents/frontend/agent.json +44 -0
  10. package/template/.agents/agents/reliability/agent.json +44 -0
  11. package/template/.agents/agents/security/agent.json +44 -0
  12. package/template/.agents/agents/ux-designer/agent.json +43 -0
  13. package/template/.agents/workflows/build-feature.md +21 -0
  14. package/template/.agents/workflows/daily-standup.md +16 -0
  15. package/template/.agents/workflows/deliver-feature.md +16 -0
  16. package/template/.agents/workflows/harden-release.md +21 -0
  17. package/template/.agents/workflows/plan-project.md +25 -0
  18. package/template/.agents/workflows/release.md +18 -0
  19. package/template/.agents/workflows/security-audit.md +19 -0
  20. package/template/.agents/workflows/start-fix.md +17 -0
  21. package/template/.agents/workflows/test-feature.md +17 -0
  22. package/template/.claude/agents/analyst.md +22 -2
  23. package/template/.claude/agents/backend.md +66 -0
  24. package/template/.claude/agents/data-architect.md +48 -0
  25. package/template/.claude/agents/developer.md +19 -2
  26. package/template/.claude/agents/devops.md +22 -3
  27. package/template/.claude/agents/discovery.md +56 -0
  28. package/template/.claude/agents/document.md +17 -0
  29. package/template/.claude/agents/fixer.md +18 -1
  30. package/template/.claude/agents/frontend.md +63 -0
  31. package/template/.claude/agents/initiator.md +29 -7
  32. package/template/.claude/agents/orchestrator.md +100 -27
  33. package/template/.claude/agents/pm.md +17 -2
  34. package/template/.claude/agents/qa.md +19 -2
  35. package/template/.claude/agents/reliability.md +52 -0
  36. package/template/.claude/agents/security.md +111 -0
  37. package/template/.claude/agents/sysarch.md +45 -93
  38. package/template/.claude/agents/tester.md +19 -2
  39. package/template/.claude/agents/ux-designer.md +50 -0
  40. package/template/.claude/commands/build-feature.md +22 -0
  41. package/template/.claude/commands/daily-standup.md +16 -0
  42. package/template/.claude/commands/deliver-feature.md +17 -0
  43. package/template/.claude/commands/harden-release.md +22 -0
  44. package/template/.claude/commands/plan-project.md +26 -0
  45. package/template/.claude/commands/release.md +19 -0
  46. package/template/.claude/commands/security-audit.md +20 -0
  47. package/template/.claude/commands/start-fix.md +18 -0
  48. package/template/.claude/commands/test-feature.md +18 -0
  49. package/template/.claude/settings.local.json +26 -0
  50. package/template/.github/prompts/backend.prompt.md +44 -0
  51. package/template/.github/prompts/data-architect.prompt.md +38 -0
  52. package/template/.github/prompts/devops.prompt.md +32 -0
  53. package/template/.github/prompts/discovery.prompt.md +39 -0
  54. package/template/.github/prompts/frontend.prompt.md +43 -0
  55. package/template/.github/prompts/initiator.prompt.md +8 -7
  56. package/template/.github/prompts/orchestrator.prompt.md +75 -0
  57. package/template/.github/prompts/qa.prompt.md +57 -0
  58. package/template/.github/prompts/reliability.prompt.md +44 -0
  59. package/template/.github/prompts/security.prompt.md +41 -0
  60. package/template/.github/prompts/ux-designer.prompt.md +41 -0
  61. package/template/.opencode/agents/analyst.md +21 -2
  62. package/template/.opencode/agents/backend.md +65 -0
  63. package/template/.opencode/agents/data-architect.md +47 -0
  64. package/template/.opencode/agents/developer.md +18 -2
  65. package/template/.opencode/agents/devops.md +16 -0
  66. package/template/.opencode/agents/discovery.md +55 -0
  67. package/template/.opencode/agents/document.md +16 -0
  68. package/template/.opencode/agents/fixer.md +17 -1
  69. package/template/.opencode/agents/frontend.md +62 -0
  70. package/template/.opencode/agents/initiator.md +28 -7
  71. package/template/.opencode/agents/orchestrator.md +99 -27
  72. package/template/.opencode/agents/pm.md +16 -2
  73. package/template/.opencode/agents/qa.md +18 -2
  74. package/template/.opencode/agents/reliability.md +50 -0
  75. package/template/.opencode/agents/security.md +109 -0
  76. package/template/.opencode/agents/sysarch.md +44 -93
  77. package/template/.opencode/agents/tester.md +18 -2
  78. package/template/.opencode/agents/ux-designer.md +49 -0
  79. package/template/.opencode/commands/build-feature.md +21 -0
  80. package/template/.opencode/commands/daily-standup.md +16 -0
  81. package/template/.opencode/commands/deliver-feature.md +16 -0
  82. package/template/.opencode/commands/harden-release.md +21 -0
  83. package/template/.opencode/commands/plan-project.md +25 -0
  84. package/template/.opencode/commands/release.md +18 -0
  85. package/template/.opencode/commands/security-audit.md +19 -0
  86. package/template/.opencode/commands/start-fix.md +17 -0
  87. package/template/.opencode/commands/test-feature.md +17 -0
  88. package/template/AGENT_PERSONAS.md +143 -11
  89. package/template/QUICK-START.md +121 -0
  90. package/template/agent/workflows/_shared/change-management.md +70 -0
  91. package/template/agent/workflows/_shared/phases.md +86 -0
  92. package/template/agent/workflows/_shared/state-management.md +85 -3
  93. package/template/agent/workflows/_shared/work-depth.md +46 -0
  94. package/template/agent/workflows/analyst.md +17 -2
  95. package/template/agent/workflows/backend.md +61 -0
  96. package/template/agent/workflows/data-architect.md +43 -0
  97. package/template/agent/workflows/developer.md +14 -2
  98. package/template/agent/workflows/devops.md +18 -3
  99. package/template/agent/workflows/discovery.md +51 -0
  100. package/template/agent/workflows/document.md +12 -0
  101. package/template/agent/workflows/fixer.md +13 -1
  102. package/template/agent/workflows/frontend.md +58 -0
  103. package/template/agent/workflows/initiator.md +24 -7
  104. package/template/agent/workflows/orchestrator.md +95 -27
  105. package/template/agent/workflows/pm.md +12 -2
  106. package/template/agent/workflows/qa.md +15 -2
  107. package/template/agent/workflows/reliability.md +48 -0
  108. package/template/agent/workflows/security.md +107 -0
  109. package/template/agent/workflows/sysarch.md +40 -93
  110. package/template/agent/workflows/tester.md +14 -2
  111. package/template/agent/workflows/ux-designer.md +45 -0
  112. package/template/project_overview_example.md +15 -1
  113. package/template/schemas/adr.template.md +36 -0
  114. package/template/schemas/changelog.template.md +34 -0
  115. package/template/schemas/data-model.template.md +57 -0
  116. package/template/schemas/design-system.template.md +63 -0
  117. package/template/schemas/dev_log.template.md +15 -21
  118. package/template/schemas/requirements.template.md +64 -0
  119. package/template/schemas/security-standards.template.md +58 -0
  120. package/template/schemas/security_report.template.md +89 -0
  121. package/template/schemas/specification.template.md +35 -5
  122. package/template/state/knowledge_base/architecture/.gitkeep +0 -0
  123. package/template/state/knowledge_base/data-model/.gitkeep +0 -0
  124. package/template/state/knowledge_base/decisions/.gitkeep +0 -0
  125. package/template/state/knowledge_base/design-system/.gitkeep +0 -0
  126. package/template/state/knowledge_base/requirements/.gitkeep +1 -0
  127. package/template/state/knowledge_base/security/.gitkeep +0 -0
@@ -0,0 +1,58 @@
1
+ # SECURITY STANDARDS — [Project Name]
2
+
3
+ **Owner Agent:** Security Expert (Mode Standards)
4
+ **Date:** [YYYY-MM-DD HH:MM]
5
+ **Phase:** Planning
6
+ **Status:** `Draft` / `Approved`
7
+
8
+ > Acuan standar keamanan proyek yang ditetapkan di awal. Semua engineer WAJIB mengikuti. Diverifikasi ulang oleh Security di fase Hardening. Perubahan lewat `_shared/change-management.md`.
9
+
10
+ ---
11
+
12
+ ## 1. Authentication & Authorization
13
+
14
+ - **Auth mechanism:** [JWT / session / OAuth2 — pilih dan jelaskan]
15
+ - **Password policy:** [hashing algo (bcrypt/argon2), min length, complexity]
16
+ - **Token expiry:** [access token TTL, refresh token strategy]
17
+ - **Authorization model:** [RBAC / ABAC — daftar role dan permission]
18
+
19
+ ## 2. Data Protection
20
+
21
+ - **Encryption in transit:** TLS 1.2+ wajib
22
+ - **Encryption at rest:** [field/tabel yang dienkripsi]
23
+ - **PII handling:** [masking, minimization]
24
+ - **Secrets management:** semua via env var, JANGAN hardcode; daftarkan di `.env.example`
25
+
26
+ ## 3. Input Validation & Output Encoding
27
+
28
+ - Validasi semua input di server-side
29
+ - Parameterized queries (anti SQL injection)
30
+ - Output encoding (anti XSS)
31
+
32
+ ## 4. Security Headers & Config
33
+
34
+ - CSP, HSTS, X-Frame-Options, X-Content-Type-Options
35
+ - CORS policy: [origin yang diizinkan]
36
+ - Rate limiting: [batas per endpoint sensitif]
37
+
38
+ ## 5. Compliance Requirements
39
+
40
+ - [GDPR / UU PDP / PCI-DSS — jika relevan]
41
+
42
+ ## 6. Threat Model Summary
43
+
44
+ [Threat utama yang diantisipasi sejak desain — referensi ke STRIDE jika sudah ada threat model.]
45
+
46
+ ## 7. Security Acceptance Criteria
47
+
48
+ Checklist yang harus lulus sebelum release (diverifikasi Security di Hardening):
49
+ - [ ] Tidak ada hardcoded secret
50
+ - [ ] Semua endpoint ter-proteksi authz
51
+ - [ ] Dependency bebas CVE critical/high
52
+ - [ ] OWASP Top 10 ter-review
53
+
54
+ ## Revision History
55
+
56
+ | Timestamp | Agen | Perubahan |
57
+ |-----------|------|-----------|
58
+ | [YYYY-MM-DD HH:MM] | Security | Initial security standards |
@@ -0,0 +1,89 @@
1
+ # SECURITY REPORT - [TASK-ID / SCOPE]
2
+
3
+ **Date:** [YYYY-MM-DD HH:MM]
4
+ **Agent:** Security Expert Agent
5
+ **Scope:** [Deskripsi scope yang diaudit — misal: "Fitur Login & Auth", "Seluruh codebase", "v1.2.0 release"]
6
+ **Mode:** [A: Threat Model / B: Vulnerability Scan / C: Security Fix / D: Pre-release Audit]
7
+
8
+ ---
9
+
10
+ ## Executive Summary
11
+
12
+ [Ringkasan singkat — apa yang diaudit, berapa temuan, dan rekomendasi utama.]
13
+
14
+ **Overall Risk Level:** `CRITICAL` / `HIGH` / `MEDIUM` / `LOW` / `CLEAR`
15
+
16
+ ---
17
+
18
+ ## Findings
19
+
20
+ ### CRITICAL
21
+ | # | Vulnerability | Location | Description | Recommendation |
22
+ |---|---------------|----------|-------------|----------------|
23
+ | 1 | | | | |
24
+
25
+ ### HIGH
26
+ | # | Vulnerability | Location | Description | Recommendation |
27
+ |---|---------------|----------|-------------|----------------|
28
+ | 1 | | | | |
29
+
30
+ ### MEDIUM
31
+ | # | Vulnerability | Location | Description | Recommendation |
32
+ |---|---------------|----------|-------------|----------------|
33
+ | 1 | | | | |
34
+
35
+ ### LOW / INFO
36
+ | # | Vulnerability | Location | Description | Recommendation |
37
+ |---|---------------|----------|-------------|----------------|
38
+ | 1 | | | | |
39
+
40
+ ---
41
+
42
+ ## OWASP Top 10 Checklist
43
+
44
+ - [ ] A01: Broken Access Control
45
+ - [ ] A02: Cryptographic Failures
46
+ - [ ] A03: Injection (SQL, XSS, Command)
47
+ - [ ] A04: Insecure Design
48
+ - [ ] A05: Security Misconfiguration
49
+ - [ ] A06: Vulnerable & Outdated Components
50
+ - [ ] A07: Authentication & Session Failures
51
+ - [ ] A08: Software & Data Integrity Failures
52
+ - [ ] A09: Security Logging & Monitoring Failures
53
+ - [ ] A10: Server-Side Request Forgery (SSRF)
54
+
55
+ ---
56
+
57
+ ## Dependency Scan Results
58
+
59
+ ```
60
+ [Output dari npm audit / pip audit / bundle audit]
61
+ ```
62
+
63
+ **Vulnerable packages found:** [X critical, Y high, Z moderate]
64
+
65
+ ---
66
+
67
+ ## Secrets Scan Results
68
+
69
+ - [ ] No hardcoded credentials found
70
+ - [ ] No API keys in source code
71
+ - [ ] `.env.example` does not contain real values
72
+ - [ ] `.gitignore` covers all `.env` variants
73
+
74
+ ---
75
+
76
+ ## Fixes Applied
77
+
78
+ | # | Vulnerability | Fix Description | Files Changed | Timestamp |
79
+ |---|---------------|-----------------|---------------|-----------|
80
+ | 1 | | | | |
81
+
82
+ ---
83
+
84
+ ## Sign-off
85
+
86
+ - **Status:** `Pending Fix` / `All Clear` / `Conditional Approval`
87
+ - **Remaining Issues:** [Daftar temuan yang belum di-fix dan alasannya — misal: "MEDIUM-1: accepted risk, ditangani di sprint berikutnya"]
88
+ - **Next Action:** [Fix CRITICAL-1 sebelum deploy / Ready for release / dll]
89
+ - **Reviewed By:** [Security Agent + Human approval jika sudah di-review]
@@ -9,19 +9,49 @@
9
9
  ## User Story
10
10
  Sebagai [role], saya ingin [action], sehingga [benefit].
11
11
 
12
+ ## Technical Flow
13
+ 1. [Langkah 1 — contoh: User submit form login]
14
+ 2. [Langkah 2 — contoh: Backend validasi credentials]
15
+ 3. [Langkah 3 — contoh: Return JWT token]
16
+
12
17
  ## Acceptance Criteria
13
18
  - [ ] ...
19
+ - [ ] ...
14
20
 
15
21
  ## API Contract
16
22
  ### [METHOD] /api/endpoint
17
- **Request:** ...
18
- **Response:** ...
23
+ **Request:**
24
+ ```json
25
+ {}
26
+ ```
27
+ **Response (200):**
28
+ ```json
29
+ {}
30
+ ```
31
+ **Response (Error):**
32
+ ```json
33
+ {}
34
+ ```
19
35
 
20
36
  ## Database Changes
21
- ...
37
+ (Tabel baru, kolom baru, atau index yang dibutuhkan — atau tulis "None")
22
38
 
23
39
  ## UI/UX
24
- ...
40
+ (Screenshot mockup, deskripsi komponen, atau link ke desain — atau tulis "None")
25
41
 
26
42
  ## Edge Cases & Validation
27
- ...
43
+ - [ ] ...
44
+
45
+ ---
46
+
47
+ ## Human Approval
48
+
49
+ **Human Approval Status:** pending | approved | revision_requested
50
+
51
+ **Human Feedback:**
52
+ > (Kosongkan jika belum ada feedback. Analyst Agent akan mengisi berdasarkan masukan reviewer.)
53
+
54
+ ## Revision History
55
+ | Date | Author | Changes |
56
+ |------|--------|---------|
57
+ | [YYYY-MM-DD] | Analyst Agent | Initial draft |
@@ -0,0 +1 @@
1
+ # Keep this folder tracked by git