create-vasvibe 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/package.json +1 -1
  2. package/src/index.mjs +53 -9
  3. package/src/prompts.mjs +26 -0
  4. package/src/scaffold.mjs +10 -2
  5. package/src/upgrade.mjs +121 -0
  6. package/template/.agents/agents/backend/agent.json +44 -0
  7. package/template/.agents/agents/data-architect/agent.json +43 -0
  8. package/template/.agents/agents/discovery/agent.json +43 -0
  9. package/template/.agents/agents/frontend/agent.json +44 -0
  10. package/template/.agents/agents/reliability/agent.json +44 -0
  11. package/template/.agents/agents/security/agent.json +44 -0
  12. package/template/.agents/agents/ux-designer/agent.json +43 -0
  13. package/template/.agents/workflows/build-feature.md +21 -0
  14. package/template/.agents/workflows/daily-standup.md +16 -0
  15. package/template/.agents/workflows/deliver-feature.md +16 -0
  16. package/template/.agents/workflows/harden-release.md +21 -0
  17. package/template/.agents/workflows/plan-project.md +25 -0
  18. package/template/.agents/workflows/release.md +18 -0
  19. package/template/.agents/workflows/security-audit.md +19 -0
  20. package/template/.agents/workflows/start-fix.md +17 -0
  21. package/template/.agents/workflows/test-feature.md +17 -0
  22. package/template/.claude/agents/analyst.md +22 -2
  23. package/template/.claude/agents/backend.md +66 -0
  24. package/template/.claude/agents/data-architect.md +48 -0
  25. package/template/.claude/agents/developer.md +19 -2
  26. package/template/.claude/agents/devops.md +22 -3
  27. package/template/.claude/agents/discovery.md +56 -0
  28. package/template/.claude/agents/document.md +17 -0
  29. package/template/.claude/agents/fixer.md +18 -1
  30. package/template/.claude/agents/frontend.md +63 -0
  31. package/template/.claude/agents/initiator.md +29 -7
  32. package/template/.claude/agents/orchestrator.md +100 -27
  33. package/template/.claude/agents/pm.md +17 -2
  34. package/template/.claude/agents/qa.md +19 -2
  35. package/template/.claude/agents/reliability.md +52 -0
  36. package/template/.claude/agents/security.md +111 -0
  37. package/template/.claude/agents/sysarch.md +45 -93
  38. package/template/.claude/agents/tester.md +19 -2
  39. package/template/.claude/agents/ux-designer.md +50 -0
  40. package/template/.claude/commands/build-feature.md +22 -0
  41. package/template/.claude/commands/daily-standup.md +16 -0
  42. package/template/.claude/commands/deliver-feature.md +17 -0
  43. package/template/.claude/commands/harden-release.md +22 -0
  44. package/template/.claude/commands/plan-project.md +26 -0
  45. package/template/.claude/commands/release.md +19 -0
  46. package/template/.claude/commands/security-audit.md +20 -0
  47. package/template/.claude/commands/start-fix.md +18 -0
  48. package/template/.claude/commands/test-feature.md +18 -0
  49. package/template/.claude/settings.local.json +26 -0
  50. package/template/.github/prompts/backend.prompt.md +44 -0
  51. package/template/.github/prompts/data-architect.prompt.md +38 -0
  52. package/template/.github/prompts/devops.prompt.md +32 -0
  53. package/template/.github/prompts/discovery.prompt.md +39 -0
  54. package/template/.github/prompts/frontend.prompt.md +43 -0
  55. package/template/.github/prompts/initiator.prompt.md +8 -7
  56. package/template/.github/prompts/orchestrator.prompt.md +75 -0
  57. package/template/.github/prompts/qa.prompt.md +57 -0
  58. package/template/.github/prompts/reliability.prompt.md +44 -0
  59. package/template/.github/prompts/security.prompt.md +41 -0
  60. package/template/.github/prompts/ux-designer.prompt.md +41 -0
  61. package/template/.opencode/agents/analyst.md +21 -2
  62. package/template/.opencode/agents/backend.md +65 -0
  63. package/template/.opencode/agents/data-architect.md +47 -0
  64. package/template/.opencode/agents/developer.md +18 -2
  65. package/template/.opencode/agents/devops.md +16 -0
  66. package/template/.opencode/agents/discovery.md +55 -0
  67. package/template/.opencode/agents/document.md +16 -0
  68. package/template/.opencode/agents/fixer.md +17 -1
  69. package/template/.opencode/agents/frontend.md +62 -0
  70. package/template/.opencode/agents/initiator.md +28 -7
  71. package/template/.opencode/agents/orchestrator.md +99 -27
  72. package/template/.opencode/agents/pm.md +16 -2
  73. package/template/.opencode/agents/qa.md +18 -2
  74. package/template/.opencode/agents/reliability.md +50 -0
  75. package/template/.opencode/agents/security.md +109 -0
  76. package/template/.opencode/agents/sysarch.md +44 -93
  77. package/template/.opencode/agents/tester.md +18 -2
  78. package/template/.opencode/agents/ux-designer.md +49 -0
  79. package/template/.opencode/commands/build-feature.md +21 -0
  80. package/template/.opencode/commands/daily-standup.md +16 -0
  81. package/template/.opencode/commands/deliver-feature.md +16 -0
  82. package/template/.opencode/commands/harden-release.md +21 -0
  83. package/template/.opencode/commands/plan-project.md +25 -0
  84. package/template/.opencode/commands/release.md +18 -0
  85. package/template/.opencode/commands/security-audit.md +19 -0
  86. package/template/.opencode/commands/start-fix.md +17 -0
  87. package/template/.opencode/commands/test-feature.md +17 -0
  88. package/template/AGENT_PERSONAS.md +143 -11
  89. package/template/QUICK-START.md +121 -0
  90. package/template/agent/workflows/_shared/change-management.md +70 -0
  91. package/template/agent/workflows/_shared/phases.md +86 -0
  92. package/template/agent/workflows/_shared/state-management.md +85 -3
  93. package/template/agent/workflows/_shared/work-depth.md +46 -0
  94. package/template/agent/workflows/analyst.md +17 -2
  95. package/template/agent/workflows/backend.md +61 -0
  96. package/template/agent/workflows/data-architect.md +43 -0
  97. package/template/agent/workflows/developer.md +14 -2
  98. package/template/agent/workflows/devops.md +18 -3
  99. package/template/agent/workflows/discovery.md +51 -0
  100. package/template/agent/workflows/document.md +12 -0
  101. package/template/agent/workflows/fixer.md +13 -1
  102. package/template/agent/workflows/frontend.md +58 -0
  103. package/template/agent/workflows/initiator.md +24 -7
  104. package/template/agent/workflows/orchestrator.md +95 -27
  105. package/template/agent/workflows/pm.md +12 -2
  106. package/template/agent/workflows/qa.md +15 -2
  107. package/template/agent/workflows/reliability.md +48 -0
  108. package/template/agent/workflows/security.md +107 -0
  109. package/template/agent/workflows/sysarch.md +40 -93
  110. package/template/agent/workflows/tester.md +14 -2
  111. package/template/agent/workflows/ux-designer.md +45 -0
  112. package/template/project_overview_example.md +15 -1
  113. package/template/schemas/adr.template.md +36 -0
  114. package/template/schemas/changelog.template.md +34 -0
  115. package/template/schemas/data-model.template.md +57 -0
  116. package/template/schemas/design-system.template.md +63 -0
  117. package/template/schemas/dev_log.template.md +15 -21
  118. package/template/schemas/requirements.template.md +64 -0
  119. package/template/schemas/security-standards.template.md +58 -0
  120. package/template/schemas/security_report.template.md +89 -0
  121. package/template/schemas/specification.template.md +35 -5
  122. package/template/state/knowledge_base/architecture/.gitkeep +0 -0
  123. package/template/state/knowledge_base/data-model/.gitkeep +0 -0
  124. package/template/state/knowledge_base/decisions/.gitkeep +0 -0
  125. package/template/state/knowledge_base/design-system/.gitkeep +0 -0
  126. package/template/state/knowledge_base/requirements/.gitkeep +1 -0
  127. package/template/state/knowledge_base/security/.gitkeep +0 -0
@@ -1,8 +1,38 @@
1
1
  ## 🤖 AI Agent Personas & Capabilities
2
2
 
3
- Setiap Agent memiliki **system instruction** yang tersimpan di `.github/prompts/` dan dapat dipanggil via slash command.
3
+ Setiap Agent memiliki **system instruction** dan dapat dipanggil via slash command.
4
4
 
5
- **Total: 8 Specialized Agents**
5
+ **Total: 18 Specialized Agents**
6
+
7
+ ---
8
+
9
+ ## 🔄 Workflow 4 Fase (v2.0)
10
+
11
+ Pengerjaan proyek dibagi ke **4 fase** dengan gerbang human di tiap transisi. Detail: `agent/workflows/_shared/phases.md`.
12
+
13
+ | Fase | Agen | Output (acuan) | Gate |
14
+ |------|------|----------------|------|
15
+ | **1 · Perencanaan** | **Discovery** (wawancara human), Initiator, SysArch, Data Architect, UX Designer, Security (Mode S), Analyst | requirements, overview, architecture, data-model, design-system, security-standards, **API Contract** | requirements sign-off → Blueprint disetujui |
16
+ | **2 · Pengerjaan** | Analyst (spec-lock), Backend Engineer ∥ Frontend Engineer (atau Developer @ `fast`), QA | kode + unit test + review | Code review lulus |
17
+ | **3 · Testing** | Tester, Fixer | E2E hijau | Fungsional hijau |
18
+ | **4 · Hardening** (per-release) | Security (A/B/C/D), Reliability, Fixer | security & reliability report | Siap produksi |
19
+
20
+ **Lintas fase:** PM (koordinasi), Orchestrator (gerbang fase), DevOps (CI/CD), Document (dokumentasi).
21
+
22
+ **Komunikasi rigid — "No Silent Changes":** setiap perubahan dari user WAJIB ditulis ke dokumen acuan + dicatat (ADR jika perlu) + agen hilir di-notify. Detail: `agent/workflows/_shared/change-management.md`.
23
+
24
+ **Pemisahan spesialis:** Backend Engineer (API/logic/DB) dan Frontend Engineer (UI/UX/integrasi) bekerja paralel, disatukan oleh **API Contract**. Pada `depth=fast` keduanya digabung jadi satu Developer fullstack.
25
+
26
+ ### 0. **Discovery Agent** (`/discovery`) — Fase Perencanaan (paling hulu)
27
+ **Role:** Product Discovery Lead & Business Analyst
28
+
29
+ - ✅ **Mewawancarai human** secara interaktif (tanya-jawab bertahap) untuk menggali kebutuhan
30
+ - ✅ Menggali: masalah & metrik sukses, persona, scope (must/nice/out), non-functional, constraint, data & integrasi, risiko & asumsi
31
+ - ✅ Reflect-back untuk validasi; berhenti saat cukup; sign-off human
32
+ - **Output:** `state/knowledge_base/requirements/requirements.md` · **Acuan untuk:** Initiator
33
+ - ⚠️ Berjalan di **thread utama** (interaktif), bukan subagent. Tidak membuat `project_overview.md`.
34
+
35
+ ---
6
36
 
7
37
  ### 1. **Initiator Agent** (`/initiator`)
8
38
  **Role:** Project Initiator & Product Manager
@@ -347,7 +377,97 @@ for production deployment. Target: 100 concurrent users,
347
377
 
348
378
  ---
349
379
 
350
- ### 8. **Document Agent** (`/document`)
380
+ ### 8. **Security Expert Agent** (`/security`)
381
+ **Role:** Application Security Expert
382
+
383
+ **Capabilities:**
384
+ - ✅ Threat modeling menggunakan metodologi STRIDE
385
+ - ✅ OWASP Top 10 vulnerability scanning
386
+ - ✅ Secrets dan hardcoded credential detection
387
+ - ✅ Dependency vulnerability scan (`npm audit`, dll)
388
+ - ✅ Implementasi security fix (input validation, parameterized queries, header hardening)
389
+ - ✅ Pre-release security audit
390
+
391
+ **4 Mode Kerja:**
392
+ - **Mode A — Threat Model:** Identifikasi attack surface dan threat berdasarkan arsitektur
393
+ - **Mode B — Vulnerability Scan:** OWASP Top 10 check + dependency scan + secrets check
394
+ - **Mode C — Security Fix:** Implementasi patch untuk temuan CRITICAL dan HIGH
395
+ - **Mode D — Pre-release Audit:** Quick scan perubahan sejak release terakhir
396
+
397
+ **When to Use:**
398
+ - Pipeline `/security-audit` untuk full audit manual
399
+ - Otomatis di `/start-feature` saat `depth=deep`
400
+ - Otomatis di `/release` (Mode D, selalu)
401
+
402
+ **Input Example:**
403
+ ```
404
+ /security
405
+
406
+ "Mode B: Lakukan vulnerability scan pada fitur authentication dan payment"
407
+ ```
408
+
409
+ **Output:**
410
+ - `task/[TASK-ID]/security_threat_model.md` (Mode A)
411
+ - `task/[TASK-ID]/security_report.md` (Mode B/C/D)
412
+
413
+ **👤 Human Task:**
414
+ - Review temuan dan tentukan mana yang perlu di-fix vs accepted risk
415
+ - Approve sebelum Security Fix diimplementasi (untuk CRITICAL)
416
+ - Final sign-off setelah semua fix diverifikasi
417
+
418
+ ---
419
+
420
+ ### 9. **Data Architect Agent** (`/data-architect`) — Fase Perencanaan
421
+ **Role:** Data Architect
422
+
423
+ - ✅ Merancang data model, ERD, skema per-entity, indexing
424
+ - ✅ Data governance: PII, retention, encryption at rest, audit
425
+ - ✅ Migration strategy sesuai tooling stack
426
+ - **Output:** `state/knowledge_base/data-model/` · **Acuan untuk:** Backend Engineer
427
+
428
+ ---
429
+
430
+ ### 10. **UX Designer Agent** (`/ux-designer`) — Fase Perencanaan
431
+ **Role:** UX/UI Designer
432
+
433
+ - ✅ Design system: color palette, tipografi, spacing, spec komponen, motion
434
+ - ✅ Memakai skill `ui-ux-pro-max`
435
+ - ✅ Accessibility & responsive guidelines
436
+ - **Output:** `state/knowledge_base/design-system/` · **Acuan untuk:** Frontend Engineer
437
+
438
+ ---
439
+
440
+ ### 11. **Backend Engineer Agent** (`/backend`) — Fase Pengerjaan
441
+ **Role:** Senior Backend Engineer (`depth=standard|deep`)
442
+
443
+ - ✅ Implementasi API, business logic, akses DB **sesuai API Contract**
444
+ - ✅ Honor `data-model/` dan `security-standards.md`
445
+ - ✅ Unit test + propagasi perubahan contract ke Frontend
446
+ - **Output:** `codes/*` (server) · **Paralel dengan:** Frontend Engineer
447
+
448
+ ---
449
+
450
+ ### 12. **Frontend Engineer Agent** (`/frontend`) — Fase Pengerjaan
451
+ **Role:** Senior Frontend Engineer & UI Specialist (`depth=standard|deep`)
452
+
453
+ - ✅ Implementasi UI **sesuai design-system** + integrasi **API Contract**
454
+ - ✅ Memakai skill `ui-ux-pro-max`; handle semua state (loading/empty/error)
455
+ - ✅ Component test + a11y
456
+ - **Output:** `codes/*` (client) · **Paralel dengan:** Backend Engineer
457
+
458
+ ---
459
+
460
+ ### 13. **Reliability Engineer Agent** (`/reliability`) — Fase Hardening
461
+ **Role:** Reliability & Performance Engineer (per-release)
462
+
463
+ - ✅ Performance review (N+1, indexing, caching, payload)
464
+ - ✅ Resilience: error handling, timeout/retry, graceful degradation
465
+ - ✅ Load test + observability audit
466
+ - **Output:** `task/[RELEASE]/reliability_report.md`
467
+
468
+ ---
469
+
470
+ ### 14. **Document Agent** (`/document`)
351
471
  **Role:** Technical Writer
352
472
 
353
473
  **Capabilities:**
@@ -377,13 +497,25 @@ for production deployment. Target: 100 concurrent users,
377
497
 
378
498
  | Agent | Command | Primary Function | Output | Human Review |
379
499
  | --- | --- | --- | --- | --- |
380
- | **Initiator** | `/initiator` | Project kickoff & overview | `project_overview.md` | ⚠️ **CRITICAL** |
381
- | **PM** | `/pm` | Task management & coordination | `task/task_list.md`, `task/PROJECT_STATUS_REPORT.md` | **MEDIUM** |
382
- | **Analyst** | `/analyst` | Technical specifications | `specifications/*.md` | ⚠️ **HIGH** |
383
- | **Developer** | `/developer` | Code implementation | `codes/*`, `logs/development/` | ⚠️ **HIGH** |
384
- | **Tester** | `/tester` | Test automation & QA | `tests/*`, `logs/testing/` | ✅ **MEDIUM** |
385
- | **Fixer** | `/fixer` | Bug fixing & debugging | `codes/*`, `logs/fixing/` | ⚠️ **HIGH** |
386
- | **SysArch** | `/sysarch` | Infrastructure & deployment planning | `architecture/*` | ⚠️ **CRITICAL** |
387
- | **Document** | `/document` | Final documentation | `documentation/*.md` | **LOW** |
500
+ | Agen | Command | Fase | Primary Function | Output |
501
+ | --- | --- | --- | --- | --- |
502
+ | **Discovery** | `/discovery` | Perencanaan | Requirement gathering (wawancara human) | `state/knowledge_base/requirements/` |
503
+ | **Initiator** | `/initiator` | Perencanaan | Project overview (sintesis requirements) | `project_overview.md` |
504
+ | **SysArch** | `/sysarch` | Perencanaan | Infrastructure & deployment planning | `state/knowledge_base/architecture/` |
505
+ | **Data Architect** | `/data-architect` | Perencanaan | Data model & governance | `state/knowledge_base/data-model/` |
506
+ | **UX Designer** | `/ux-designer` | Perencanaan | Design system & UI guidelines | `state/knowledge_base/design-system/` |
507
+ | **Security** | `/security` | Perencanaan + Hardening | Standards, threat model, OWASP, fix | `state/knowledge_base/security/`, `task/[ID]/security_report.md` |
508
+ | **Analyst** | `/analyst` | Perencanaan | User story, **API Contract**, spec-lock | `specifications/*.md` |
509
+ | **PM** | `/pm` | Lintas fase | Task management & coordination | `task/task_list.md` |
510
+ | **Backend Engineer** | `/backend` | Pengerjaan | Server API, logic, DB (std/deep) | `codes/*` |
511
+ | **Frontend Engineer** | `/frontend` | Pengerjaan | UI/UX & API integration (std/deep) | `codes/*` |
512
+ | **Developer** | `/developer` | Pengerjaan | Fullstack tunggal (`depth=fast`) | `codes/*` |
513
+ | **QA** | `/qa` | Pengerjaan | Static review & unit test | `task/[ID]/qa_report.md` |
514
+ | **Tester** | `/tester` | Testing | E2E test automation | `tests/*` |
515
+ | **Fixer** | `/fixer` | Testing + Hardening | Bug fixing & debugging | `codes/*` |
516
+ | **Reliability** | `/reliability` | Hardening | Performance, resilience, load | `task/[RELEASE]/reliability_report.md` |
517
+ | **DevOps** | `/devops` | Lintas fase | Docker, CI/CD, deployment | `Dockerfile`, `.github/workflows/` |
518
+ | **Document** | `/document` | Lintas fase | Final documentation | `documentation/*.md` |
519
+ | **Orchestrator** | `/plan-project`, `/build-feature`, dll | Lintas fase | Pipeline & phase gates | `state/pipeline_log.md` |
388
520
 
389
521
  ---
@@ -0,0 +1,121 @@
1
+ # 🚀 Quick Start — VasVibe Workflow
2
+
3
+ Panduan singkat memulai proyek dengan workflow agen VasVibe setelah scaffold selesai.
4
+
5
+ > **Sudah install?** Kamu menjalankan `npx create-vasvibe my-app`. Folder `my-app/` sudah berisi semua agen & command. Buka folder itu di **Claude Code** atau **OpenCode**, lalu ikuti langkah di bawah.
6
+
7
+ ---
8
+
9
+ ## 1. Mental Model (1 menit)
10
+
11
+ Proyek dikerjakan dalam **4 fase**, masing-masing diakhiri **gerbang (gate)** — kamu (human) menyetujui sebelum lanjut:
12
+
13
+ ```
14
+ 🟦 Perencanaan → 🟩 Pengerjaan → 🟨 Testing → 🟧 Hardening
15
+ (blueprint) (coding) (E2E) (security+reliability)
16
+ ↑ gate ↑ gate ↑ gate ↑ gate
17
+ ```
18
+
19
+ 3 hal yang perlu kamu tahu:
20
+ - **Work Depth** — atur kedalaman kerja: `fast` (prototype), `standard` (default), `deep` (kritikal). Diset di `project_overview.md`.
21
+ - **Gate** — agen BERHENTI minta approval di tiap akhir fase. Tidak ada yang jalan diam-diam.
22
+ - **No Silent Changes** — setiap perubahan yang kamu minta otomatis ditulis ke dokumen acuan + agen terkait di-notify.
23
+
24
+ ---
25
+
26
+ ## 2. Alur Pertama Kali (langkah demi langkah)
27
+
28
+ ### Langkah 0 — Tentukan Work Depth
29
+ Buka `project_overview.md`, bagian `## 7. Project Settings`:
30
+ ```
31
+ WORK_DEPTH: standard # fast | standard | deep
32
+ ```
33
+ Mau cepat dulu? Pakai `fast`. Mau matang? `deep`. Bisa diubah kapan saja, atau di-override per pipeline dengan `depth=`.
34
+
35
+ ### Langkah 1 — 🟦 Perencanaan
36
+ ```
37
+ /plan-project "aplikasi booking kapal wisata Labuan Bajo, Next.js, ada payment"
38
+ ```
39
+ **Dimulai dengan Discovery** — agen akan **mewawancaraimu** dulu (tanya-jawab tentang tujuan, pengguna, scope, constraint) supaya rencananya matang. Jawab pertanyaannya; hasilnya `requirements.md`.
40
+ Setelah kamu sign-off, barulah Initiator menyusun `project_overview.md`, lalu arsitektur, data model, design system, security standards, dan **spesifikasi + API Contract**.
41
+ 👉 **Review & setujui di tiap gate.** API Contract harus final sebelum lanjut.
42
+
43
+ ### Langkah 2 — 🟩 Pengerjaan
44
+ ```
45
+ /build-feature "Login dengan email & password"
46
+ ```
47
+ - `depth=standard|deep` → **Backend** & **Frontend** engineer kerja paralel
48
+ - `depth=fast` → satu **Developer** fullstack
49
+ Lalu **QA** review kode.
50
+ 👉 **Review kode di gate.**
51
+
52
+ ### Langkah 3 — 🟨 Testing
53
+ ```
54
+ /test-feature "Login dengan email & password"
55
+ ```
56
+ **Tester** jalankan E2E; kalau gagal **Fixer** perbaiki sampai hijau.
57
+ 👉 **Approve saat semua test hijau.**
58
+
59
+ > 💡 Gabung langkah 2+3 sekaligus: `/deliver-feature "Login..."`
60
+
61
+ ### Langkah 4 — 🟧 Hardening + Rilis (per-release)
62
+ Setelah beberapa fitur selesai:
63
+ ```
64
+ /release "2.0.0"
65
+ ```
66
+ Menjalankan hardening (security audit + reliability/load test), update CHANGELOG, dan bikin git tag.
67
+ 👉 **Sign-off siap produksi.**
68
+
69
+ ---
70
+
71
+ ## 3. Daftar Command
72
+
73
+ | Command | Fase | Fungsi |
74
+ |---------|------|--------|
75
+ | `/plan-project "[ide]"` | 🟦 Perencanaan | Buat semua blueprint/acuan |
76
+ | `/build-feature "[fitur]" [depth=]` | 🟩 Pengerjaan | Implementasi satu fitur |
77
+ | `/test-feature "[fitur]"` | 🟨 Testing | E2E test fungsional |
78
+ | `/harden-release "[versi]"` | 🟧 Hardening | Security + reliability audit |
79
+ | `/deliver-feature "[fitur]"` | 🟩→🟨 | Build + test sekaligus |
80
+ | `/release "[versi]"` | — | Hardening → changelog → tag |
81
+ | `/start-fix "[bug]"` | — | Perbaikan bug terarah |
82
+ | `/security-audit "[scope]"` | — | Audit keamanan ad-hoc |
83
+ | `/daily-standup` | — | Ringkasan progres per fase |
84
+
85
+ > Bisa juga panggil agen langsung tanpa command, mis. *"pakai agent ux-designer untuk rancang design system"*.
86
+
87
+ ---
88
+
89
+ ## 4. Work Depth — Kapan Pakai Apa
90
+
91
+ | Level | Untuk | Yang dikerjakan |
92
+ |-------|-------|-----------------|
93
+ | **fast** | Prototype, MVP, eksplorasi | Inti fitur saja, 1 Developer fullstack, skip test/hardening opsional |
94
+ | **standard** | Produksi normal *(default)* | Backend+Frontend terpisah, full spec, unit test, review |
95
+ | **deep** | Fintech, auth, data sensitif | + security standards, full coverage, hardening penuh |
96
+
97
+ ---
98
+
99
+ ## 5. Di Mana Semuanya?
100
+
101
+ ```
102
+ project_overview.md → setting proyek + WORK_DEPTH
103
+ specifications/ → user story + API Contract (Analyst)
104
+ state/knowledge_base/ → acuan: architecture, data-model, design-system, security, decisions (ADR)
105
+ codes/ → source code (Backend/Frontend/Developer)
106
+ tests/ → E2E test (Tester)
107
+ task/ → task list + log per task
108
+ agent/workflows/ → definisi agen (source of truth)
109
+ agent/workflows/_shared/ → phases.md, work-depth.md, change-management.md
110
+ ```
111
+
112
+ ---
113
+
114
+ ## 6. Tips
115
+
116
+ - **Selalu mulai dari `/plan-project`.** Coding tanpa blueprint = utang.
117
+ - **Hormati gate.** Approval-mu di tiap fase yang menjaga kualitas.
118
+ - **Minta perubahan kapan saja** — agen wajib mencatatnya ke acuan (No Silent Changes), jadi spec & dokumen tidak akan basi.
119
+ - **Mulai `fast`, naik ke `standard`/`deep`** saat fitur makin serius.
120
+
121
+ Selamat membangun. 🛠️
@@ -0,0 +1,70 @@
1
+ # Change Management — "No Silent Changes" (Shared)
2
+
3
+ Aturan komunikasi rigid yang WAJIB diikuti **setiap agen**. Tujuannya: tidak ada perubahan yang hilang jejak. Setiap perubahan yang diminta user — sekecil apapun — harus terdokumentasi di acuan yang benar dan agen hilir harus tahu.
4
+
5
+ ---
6
+
7
+ ## Prinsip Inti
8
+
9
+ > **Jika kamu menerima perubahan, kamu tidak boleh hanya mengerjakannya — kamu wajib menuliskannya.**
10
+
11
+ Kode yang berubah tanpa acuannya ikut berubah = **utang yang dilarang**.
12
+
13
+ ---
14
+
15
+ ## Protokol Wajib (4 Langkah)
16
+
17
+ Saat user (atau agen lain) meminta perubahan, SEBELUM menganggap selesai:
18
+
19
+ 1. **IDENTIFY** — Tentukan dokumen acuan mana yang terdampak:
20
+ - Perubahan kebutuhan/scope → `specifications/[file].md`
21
+ - Perubahan data model → `state/knowledge_base/data-model/`
22
+ - Perubahan arsitektur → `state/knowledge_base/architecture/`
23
+ - Perubahan UI/desain → `state/knowledge_base/design-system/`
24
+ - Perubahan security → `state/knowledge_base/security/`
25
+ - Perubahan **API Contract** → spec terkait **DAN** notify Backend + Frontend Engineer
26
+
27
+ 2. **UPDATE** — Edit dokumen acuan tersebut + tambahkan baris di **Revision History**-nya:
28
+ ```
29
+ | [YYYY-MM-DD HH:MM] | [agen] | [ringkasan perubahan] | requested by user |
30
+ ```
31
+
32
+ 3. **RECORD ADR** — Jika perubahan berdampak pada keputusan desain/arsitektur, buat **Architecture Decision Record**:
33
+ - Path: `state/knowledge_base/decisions/ADR-[NNN]-[judul-singkat].md`
34
+ - Gunakan template `schemas/adr.template.md`
35
+
36
+ 4. **NOTIFY** — Tulis `state/agent_handoff.json` agar agen hilir tahu ada perubahan acuan:
37
+ ```json
38
+ {
39
+ "from_agent": "[agen]",
40
+ "to_agent": "[agen terdampak / 'all']",
41
+ "task_id": "[TASK-ID]",
42
+ "timestamp": "[YYYY-MM-DD HH:MM]",
43
+ "status": "spec_changed",
44
+ "notes": "API Contract POST /bookings berubah: tambah field 'voucher_code'",
45
+ "artifacts": ["specifications/004_booking.md", "state/knowledge_base/decisions/ADR-007-voucher.md"]
46
+ }
47
+ ```
48
+
49
+ ---
50
+
51
+ ## Kapan Wajib ADR?
52
+
53
+ Buat ADR untuk keputusan yang **sulit/mahal diubah** nanti:
54
+ - Ganti library/framework inti
55
+ - Perubahan skema database
56
+ - Perubahan kontrak API yang breaking
57
+ - Perubahan strategi auth/security
58
+ - Trade-off arsitektur signifikan
59
+
60
+ Perubahan kecil (copy text, warna minor) cukup Revision History di doc terkait — tidak perlu ADR.
61
+
62
+ ---
63
+
64
+ ## Anti-Pattern (DILARANG)
65
+
66
+ - ❌ "User minta ubah validasi, langsung ubah kode saja." → Spec tidak ter-update, Tester tes hal yang salah.
67
+ - ❌ "Aku ubah response API, nanti Frontend nyusul." → FE tidak di-notify, integrasi pecah.
68
+ - ❌ "Perubahan kecil, tidak perlu dicatat." → Akumulasi drift, knowledge base jadi bohong.
69
+
70
+ > 📎 Lihat fase & kepemilikan dokumen di `agent/workflows/_shared/phases.md`.
@@ -0,0 +1,86 @@
1
+ # Phases (Shared)
2
+
3
+ Project VasVibe dikerjakan dalam **4 fase** dengan gerbang (gate) human di tiap transisi. Setiap agen WAJIB tahu fase mana yang sedang berjalan dan tidak boleh melompati gerbang tanpa approval.
4
+
5
+ ---
6
+
7
+ ## Fase 1 — Perencanaan (Planning)
8
+
9
+ **Tujuan:** Menghasilkan **blueprint** (dokumen acuan) yang dipakai semua fase berikutnya.
10
+
11
+ | Agen | Output (acuan) |
12
+ |------|----------------|
13
+ | **Discovery** (paling hulu, INTERAKTIF) | `state/knowledge_base/requirements/requirements.md` |
14
+ | Initiator | `project_overview.md` (sintesis dari requirements) |
15
+ | SysArch | `state/knowledge_base/architecture/` |
16
+ | Data Architect | `state/knowledge_base/data-model/` |
17
+ | UX Designer | `state/knowledge_base/design-system/` |
18
+ | Security (Mode Standards) | `state/knowledge_base/security/security-standards.md` |
19
+ | Analyst | `specifications/` (user story + **API Contract**) |
20
+
21
+ **Discovery dulu:** Sebelum dokumen apapun, Discovery mewawancarai human (tanya-jawab) untuk menggali kebutuhan. Karena interaktif, **Discovery berjalan di thread utama**, bukan sebagai subagent. Outputnya (`requirements.md`) di-sign-off human, lalu jadi input Initiator.
22
+
23
+ **Gate:** Human menyetujui blueprint. **API Contract wajib final** — ini seam antara Backend & Frontend.
24
+
25
+ ---
26
+
27
+ ## Fase 2 — Pengerjaan (Implementation)
28
+
29
+ **Tujuan:** Mengubah blueprint menjadi kode yang sudah di-review.
30
+
31
+ | Agen | Peran |
32
+ |------|-------|
33
+ | Analyst (spec-lock) | Refine AC detail just-in-time sebelum coding |
34
+ | Backend Engineer | API, business logic, akses DB — honor API Contract |
35
+ | Frontend Engineer | UI/UX, frontend — honor API Contract, ikuti design-system |
36
+ | Developer (fast only) | Fullstack tunggal — **hanya saat `depth=fast`** sebagai pengganti FE+BE |
37
+ | QA | Static review + unit test sebelum lanjut |
38
+
39
+ **Boundary:** API Contract menyatukan BE & FE — keduanya kerja paralel terhadap kontrak yang sama.
40
+ **Gate:** Code review lulus.
41
+
42
+ ---
43
+
44
+ ## Fase 3 — Testing
45
+
46
+ **Tujuan:** Verifikasi fungsional terhadap spesifikasi.
47
+
48
+ | Agen | Peran |
49
+ |------|-------|
50
+ | Tester | E2E test berdasarkan `specifications/` |
51
+ | Fixer | Perbaiki bug temuan (loop dengan Tester sampai hijau) |
52
+
53
+ **Gate:** Semua test fungsional hijau.
54
+
55
+ ---
56
+
57
+ ## Fase 4 — Hardening
58
+
59
+ **Tujuan:** Memastikan ketangguhan & keamanan sebelum produksi. **Dijalankan per-release**, bukan per-fitur.
60
+
61
+ | Agen | Peran |
62
+ |------|-------|
63
+ | Security | Pen-test, OWASP audit, security fix (Mode B/C/D) |
64
+ | Reliability Engineer | Performance, resilience, error handling, load test |
65
+ | Fixer | Remediasi temuan |
66
+
67
+ **Gate:** Sign-off siap produksi.
68
+
69
+ ---
70
+
71
+ ## Cross-Phase (Lintas Fase)
72
+
73
+ | Agen | Peran |
74
+ |------|-------|
75
+ | PM | Koordinasi task & status di semua fase |
76
+ | Orchestrator | Menjalankan pipeline & menjaga gerbang fase |
77
+ | DevOps | CI/CD, containerization (Implementation & Hardening) |
78
+ | Document | Dokumentasi (akhir siklus) |
79
+
80
+ ---
81
+
82
+ ## Aturan Fase
83
+
84
+ - **Tidak boleh lompat gerbang** tanpa human approval.
85
+ - Setiap output fase adalah **acuan** untuk fase berikutnya — perubahan harus mengikuti `_shared/change-management.md`.
86
+ - Fase boleh iteratif: jika Testing menemukan cacat desain, kembali ke Perencanaan via change-management, bukan tambal diam-diam.
@@ -1,5 +1,87 @@
1
1
  # State Management (Shared)
2
2
 
3
- - Baca `state/context.json` di awal session untuk memahami konteks project saat ini.
4
- - Update `state/context.json` di akhir session jika ada perubahan state atau status penting.
5
- - Jika ada operan data spesifik atau context handoff ke agent lain, tulis ke `state/agent_handoff.json`.
3
+ Setiap agent WAJIB membaca dan menulis state sesuai panduan ini untuk menjaga kontinuitas antar-session.
4
+
5
+ ---
6
+
7
+ ## context.json
8
+
9
+ **Path:** `state/context.json`
10
+
11
+ Baca file ini di **awal setiap session**. Update di **akhir session** jika ada perubahan status.
12
+
13
+ ### Schema
14
+
15
+ ```json
16
+ {
17
+ "project_name": "string — nama project dari project_overview.md",
18
+ "last_updated": "YYYY-MM-DD HH:MM — timestamp update terakhir",
19
+ "last_agent": "string — nama agent yang terakhir aktif (developer/tester/fixer/dll)",
20
+ "current_sprint": "string atau null — nama sprint aktif jika ada",
21
+ "active_tasks": ["TASK-XXX", "TASK-YYY"],
22
+ "blocked_tasks": ["TASK-ZZZ"],
23
+ "notes": "string — catatan penting untuk agent berikutnya, atau kosong"
24
+ }
25
+ ```
26
+
27
+ ### Contoh
28
+
29
+ ```json
30
+ {
31
+ "project_name": "booking-kapal-wisata",
32
+ "last_updated": "2025-06-18 14:30",
33
+ "last_agent": "developer",
34
+ "current_sprint": "Sprint 1 - Auth & Environment",
35
+ "active_tasks": ["TASK-001"],
36
+ "blocked_tasks": [],
37
+ "notes": "TASK-001 selesai development, menunggu QA review sebelum testing"
38
+ }
39
+ ```
40
+
41
+ ---
42
+
43
+ ## agent_handoff.json
44
+
45
+ **Path:** `state/agent_handoff.json`
46
+
47
+ Tulis file ini ketika kamu **menyerahkan pekerjaan ke agent lain** (bukan sekedar update status). File ini di-overwrite setiap handoff — hanya menyimpan handoff terakhir.
48
+
49
+ ### Schema
50
+
51
+ ```json
52
+ {
53
+ "from_agent": "string — agent yang mengirim handoff",
54
+ "to_agent": "string — agent penerima",
55
+ "task_id": "TASK-XXX",
56
+ "timestamp": "YYYY-MM-DD HH:MM",
57
+ "status": "string — status task saat handoff (ready_to_test / fixing / dll)",
58
+ "notes": "string — instruksi spesifik untuk agent penerima",
59
+ "artifacts": ["path/ke/file yang relevan"]
60
+ }
61
+ ```
62
+
63
+ ### Contoh
64
+
65
+ ```json
66
+ {
67
+ "from_agent": "developer",
68
+ "to_agent": "qa",
69
+ "task_id": "TASK-001",
70
+ "timestamp": "2025-06-18 14:30",
71
+ "status": "ready_to_test",
72
+ "notes": "Implementasi login dengan JWT. Pastikan cek validasi input di POST /api/auth/login",
73
+ "artifacts": [
74
+ "codes/src/app/api/auth/login/route.ts",
75
+ "codes/src/lib/auth.ts",
76
+ "task/TASK-001_login/dev_log.md"
77
+ ]
78
+ }
79
+ ```
80
+
81
+ ---
82
+
83
+ ## Aturan Umum
84
+
85
+ - **JANGAN** menulis context.json dengan format berbeda dari schema di atas.
86
+ - Jika `context.json` belum ada, buat dengan nilai default (semua array kosong, notes kosong).
87
+ - Jika `agent_handoff.json` sudah ada dari handoff sebelumnya, **overwrite** — tidak perlu append.
@@ -0,0 +1,46 @@
1
+ # Work Depth (Shared)
2
+
3
+ Setiap agent WAJIB membaca pengaturan `WORK_DEPTH` dari `project_overview.md` untuk menentukan tingkat kedalaman analisa dan output.
4
+
5
+ ---
6
+
7
+ ## Definisi Level
8
+
9
+ ### fast
10
+ - **Tujuan:** Prototype, MVP, eksplorasi awal — kerjakan yang blocker, skip yang optional.
11
+ - **Prinsip:** Pilih jalur tercepat ke working feature. Output minimal tapi fungsional.
12
+ - **Gunakan saat:** Hackathon, proof-of-concept, deadline sangat ketat.
13
+
14
+ ### standard *(default)*
15
+ - **Tujuan:** Development sehari-hari — balance antara kecepatan dan kualitas.
16
+ - **Prinsip:** Ikuti semua INSTRUCTION STEPS di prompt agent kecuali yang bertanda `[deep only]`.
17
+ - **Gunakan saat:** Fitur production normal.
18
+
19
+ ### deep
20
+ - **Tujuan:** Kode kritis, fitur security-sensitive, atau sistem production high-stakes.
21
+ - **Prinsip:** Tidak ada shortcut. Semua validasi, semua edge case, semua security check.
22
+ - **Gunakan saat:** Fitur pembayaran, autentikasi, data sensitif, sebelum major release.
23
+
24
+ ---
25
+
26
+ ## Cara Membaca Setting
27
+
28
+ Cek `project_overview.md` bagian `## 7. Project Settings`:
29
+
30
+ ```
31
+ WORK_DEPTH: standard # fast | standard | deep
32
+ ```
33
+
34
+ Jika tidak ada, gunakan **standard** sebagai default.
35
+
36
+ ---
37
+
38
+ ## Override (Precedence: bawah > atas)
39
+
40
+ | Level | Cara Set | Contoh |
41
+ |-------|----------|--------|
42
+ | Project default | `project_overview.md` → `WORK_DEPTH:` | `WORK_DEPTH: standard` |
43
+ | Per pipeline | Parameter di Orchestrator command | `/start-feature "Login" depth=fast` |
44
+ | Per invokasi | Instruksi langsung ke agent | `"gunakan mode: deep"` |
45
+
46
+ Override yang lebih spesifik selalu mengalahkan setting yang lebih umum.
@@ -1,5 +1,7 @@
1
- **ACT AS:** Lead System Analyst & DevOps Architect.
2
- **CONTEXT:** Mendefinisikan spesifikasi teknis dan infrastruktur proyek.
1
+ **ACT AS:** Lead System Analyst.
2
+ **CONTEXT:** Fase Perencanaan (rumah utama). Mendefinisikan spesifikasi fitur — user story, **API Contract**, dan Acceptance Criteria — yang jadi acuan semua fase berikutnya. API Contract yang kamu tetapkan adalah **seam** antara Backend & Frontend Engineer, jadi harus final sebelum Pengerjaan. Untuk server sizing koordinasi dengan SysArch; untuk skema data acu `state/knowledge_base/data-model/`; untuk UI acu `state/knowledge_base/design-system/`.
3
+
4
+ **SPEC-LOCK (touchpoint di Fase Pengerjaan):** Tepat sebelum sebuah fitur masuk coding, kamu dipanggil sekali lagi untuk *mematangkan detail AC* sesuai realita terkini (tanpa menulis ulang seluruh spec). Ini menjaga spec tetap akurat tanpa big-design-up-front.
3
5
 
4
6
  **INSTRUCTION STEPS:**
5
7
  1. **Read Context:** Baca `project_overview.md`.
@@ -56,5 +58,18 @@
56
58
 
57
59
  **INPUT SAYA:**
58
60
  "[INPUT USER DISINI]"
61
+
62
+ ## Change Management
63
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/change-management.md` — kamu pemilik utama `specifications/`. Setiap perubahan kebutuhan dari user WAJIB kamu tuangkan ke spec + Revision History, dan jika menyangkut API Contract, notify Backend + Frontend Engineer.
64
+
65
+ ## Work Depth
66
+ > 📎 Baca level aktif di `project_overview.md` → `WORK_DEPTH`. Detail: `agent/workflows/_shared/work-depth.md`
67
+
68
+ | Level | Behavior |
69
+ |-------|----------|
70
+ | **fast** | User stories + AC minimal, skip edge cases dan full API contract |
71
+ | **standard** | Spec lengkap — semua section template diisi |
72
+ | **deep** | + Threat modeling notes, semua API contract lengkap, validasi cross-spec consistency |
73
+
59
74
  ## State Management
60
75
  > 📎 **BACA DAN IKUTI** panduan di `agent/workflows/_shared/state-management.md`