create-vasvibe 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/package.json +1 -1
  2. package/src/index.mjs +53 -9
  3. package/src/prompts.mjs +26 -0
  4. package/src/scaffold.mjs +10 -2
  5. package/src/upgrade.mjs +121 -0
  6. package/template/.agents/agents/backend/agent.json +44 -0
  7. package/template/.agents/agents/data-architect/agent.json +43 -0
  8. package/template/.agents/agents/discovery/agent.json +43 -0
  9. package/template/.agents/agents/frontend/agent.json +44 -0
  10. package/template/.agents/agents/reliability/agent.json +44 -0
  11. package/template/.agents/agents/security/agent.json +44 -0
  12. package/template/.agents/agents/ux-designer/agent.json +43 -0
  13. package/template/.agents/workflows/build-feature.md +21 -0
  14. package/template/.agents/workflows/daily-standup.md +16 -0
  15. package/template/.agents/workflows/deliver-feature.md +16 -0
  16. package/template/.agents/workflows/harden-release.md +21 -0
  17. package/template/.agents/workflows/plan-project.md +25 -0
  18. package/template/.agents/workflows/release.md +18 -0
  19. package/template/.agents/workflows/security-audit.md +19 -0
  20. package/template/.agents/workflows/start-fix.md +17 -0
  21. package/template/.agents/workflows/test-feature.md +17 -0
  22. package/template/.claude/agents/analyst.md +22 -2
  23. package/template/.claude/agents/backend.md +66 -0
  24. package/template/.claude/agents/data-architect.md +48 -0
  25. package/template/.claude/agents/developer.md +19 -2
  26. package/template/.claude/agents/devops.md +22 -3
  27. package/template/.claude/agents/discovery.md +56 -0
  28. package/template/.claude/agents/document.md +17 -0
  29. package/template/.claude/agents/fixer.md +18 -1
  30. package/template/.claude/agents/frontend.md +63 -0
  31. package/template/.claude/agents/initiator.md +29 -7
  32. package/template/.claude/agents/orchestrator.md +100 -27
  33. package/template/.claude/agents/pm.md +17 -2
  34. package/template/.claude/agents/qa.md +19 -2
  35. package/template/.claude/agents/reliability.md +52 -0
  36. package/template/.claude/agents/security.md +111 -0
  37. package/template/.claude/agents/sysarch.md +45 -93
  38. package/template/.claude/agents/tester.md +19 -2
  39. package/template/.claude/agents/ux-designer.md +50 -0
  40. package/template/.claude/commands/build-feature.md +22 -0
  41. package/template/.claude/commands/daily-standup.md +16 -0
  42. package/template/.claude/commands/deliver-feature.md +17 -0
  43. package/template/.claude/commands/harden-release.md +22 -0
  44. package/template/.claude/commands/plan-project.md +26 -0
  45. package/template/.claude/commands/release.md +19 -0
  46. package/template/.claude/commands/security-audit.md +20 -0
  47. package/template/.claude/commands/start-fix.md +18 -0
  48. package/template/.claude/commands/test-feature.md +18 -0
  49. package/template/.claude/settings.local.json +26 -0
  50. package/template/.github/prompts/backend.prompt.md +44 -0
  51. package/template/.github/prompts/data-architect.prompt.md +38 -0
  52. package/template/.github/prompts/devops.prompt.md +32 -0
  53. package/template/.github/prompts/discovery.prompt.md +39 -0
  54. package/template/.github/prompts/frontend.prompt.md +43 -0
  55. package/template/.github/prompts/initiator.prompt.md +8 -7
  56. package/template/.github/prompts/orchestrator.prompt.md +75 -0
  57. package/template/.github/prompts/qa.prompt.md +57 -0
  58. package/template/.github/prompts/reliability.prompt.md +44 -0
  59. package/template/.github/prompts/security.prompt.md +41 -0
  60. package/template/.github/prompts/ux-designer.prompt.md +41 -0
  61. package/template/.opencode/agents/analyst.md +21 -2
  62. package/template/.opencode/agents/backend.md +65 -0
  63. package/template/.opencode/agents/data-architect.md +47 -0
  64. package/template/.opencode/agents/developer.md +18 -2
  65. package/template/.opencode/agents/devops.md +16 -0
  66. package/template/.opencode/agents/discovery.md +55 -0
  67. package/template/.opencode/agents/document.md +16 -0
  68. package/template/.opencode/agents/fixer.md +17 -1
  69. package/template/.opencode/agents/frontend.md +62 -0
  70. package/template/.opencode/agents/initiator.md +28 -7
  71. package/template/.opencode/agents/orchestrator.md +99 -27
  72. package/template/.opencode/agents/pm.md +16 -2
  73. package/template/.opencode/agents/qa.md +18 -2
  74. package/template/.opencode/agents/reliability.md +50 -0
  75. package/template/.opencode/agents/security.md +109 -0
  76. package/template/.opencode/agents/sysarch.md +44 -93
  77. package/template/.opencode/agents/tester.md +18 -2
  78. package/template/.opencode/agents/ux-designer.md +49 -0
  79. package/template/.opencode/commands/build-feature.md +21 -0
  80. package/template/.opencode/commands/daily-standup.md +16 -0
  81. package/template/.opencode/commands/deliver-feature.md +16 -0
  82. package/template/.opencode/commands/harden-release.md +21 -0
  83. package/template/.opencode/commands/plan-project.md +25 -0
  84. package/template/.opencode/commands/release.md +18 -0
  85. package/template/.opencode/commands/security-audit.md +19 -0
  86. package/template/.opencode/commands/start-fix.md +17 -0
  87. package/template/.opencode/commands/test-feature.md +17 -0
  88. package/template/AGENT_PERSONAS.md +143 -11
  89. package/template/QUICK-START.md +121 -0
  90. package/template/agent/workflows/_shared/change-management.md +70 -0
  91. package/template/agent/workflows/_shared/phases.md +86 -0
  92. package/template/agent/workflows/_shared/state-management.md +85 -3
  93. package/template/agent/workflows/_shared/work-depth.md +46 -0
  94. package/template/agent/workflows/analyst.md +17 -2
  95. package/template/agent/workflows/backend.md +61 -0
  96. package/template/agent/workflows/data-architect.md +43 -0
  97. package/template/agent/workflows/developer.md +14 -2
  98. package/template/agent/workflows/devops.md +18 -3
  99. package/template/agent/workflows/discovery.md +51 -0
  100. package/template/agent/workflows/document.md +12 -0
  101. package/template/agent/workflows/fixer.md +13 -1
  102. package/template/agent/workflows/frontend.md +58 -0
  103. package/template/agent/workflows/initiator.md +24 -7
  104. package/template/agent/workflows/orchestrator.md +95 -27
  105. package/template/agent/workflows/pm.md +12 -2
  106. package/template/agent/workflows/qa.md +15 -2
  107. package/template/agent/workflows/reliability.md +48 -0
  108. package/template/agent/workflows/security.md +107 -0
  109. package/template/agent/workflows/sysarch.md +40 -93
  110. package/template/agent/workflows/tester.md +14 -2
  111. package/template/agent/workflows/ux-designer.md +45 -0
  112. package/template/project_overview_example.md +15 -1
  113. package/template/schemas/adr.template.md +36 -0
  114. package/template/schemas/changelog.template.md +34 -0
  115. package/template/schemas/data-model.template.md +57 -0
  116. package/template/schemas/design-system.template.md +63 -0
  117. package/template/schemas/dev_log.template.md +15 -21
  118. package/template/schemas/requirements.template.md +64 -0
  119. package/template/schemas/security-standards.template.md +58 -0
  120. package/template/schemas/security_report.template.md +89 -0
  121. package/template/schemas/specification.template.md +35 -5
  122. package/template/state/knowledge_base/architecture/.gitkeep +0 -0
  123. package/template/state/knowledge_base/data-model/.gitkeep +0 -0
  124. package/template/state/knowledge_base/decisions/.gitkeep +0 -0
  125. package/template/state/knowledge_base/design-system/.gitkeep +0 -0
  126. package/template/state/knowledge_base/requirements/.gitkeep +1 -0
  127. package/template/state/knowledge_base/security/.gitkeep +0 -0
@@ -0,0 +1,107 @@
1
+ **ACT AS:** Application Security Expert.
2
+ **CONTEXT:** Bekerja di **dua fase**: (1) Fase **Perencanaan** lewat **Mode S** untuk menetapkan standar keamanan sebagai acuan; (2) Fase **Hardening** (per-release) lewat **Mode A/B/C/D** untuk audit & fix. Berbeda dari QA Agent (static code quality review) — agent ini fokus pada attack surface, eksploitabilitas, dan OWASP Top 10. Gunakan skill `penetration-testing` untuk panduan metodologi.
3
+
4
+ **INSTRUCTION STEPS:**
5
+
6
+ Pilih mode sesuai instruksi:
7
+
8
+ ---
9
+
10
+ ### Mode S: Security Standards (Fase Perencanaan)
11
+ 1. **Load Context:** Baca `project_overview.md` (terutama Constraints & Compliance) dan domain proyek.
12
+ 2. **Define Standards:** Gunakan template `schemas/security-standards.template.md`. Tetapkan:
13
+ - Auth & authorization model (mechanism, password policy, token TTL, RBAC)
14
+ - Data protection (encryption in transit/at rest, PII, secrets management)
15
+ - Input validation & output encoding standards
16
+ - Security headers, CORS, rate limiting
17
+ - Compliance requirements (GDPR/UU PDP/PCI-DSS jika relevan)
18
+ - **Security Acceptance Criteria** — checklist yang harus lulus sebelum release
19
+ 3. **Output:** Tulis `state/knowledge_base/security/security-standards.md`.
20
+ 4. **Handoff:** Beri tahu Orchestrator standar siap — semua engineer wajib mengikutinya, dan kamu akan memverifikasinya di Hardening.
21
+
22
+ ---
23
+
24
+ ### Mode A: Threat Modeling
25
+ 1. **Load Context:** Baca `project_overview.md` dan spesifikasi yang relevan di `specifications/`.
26
+ 2. **Architecture Review:** Identifikasi entry points, data flows, dan trust boundaries dari codebase.
27
+ 3. **Threat Identification (STRIDE):**
28
+ - **S**poofing — identity palsu (auth bypass, token forgery)
29
+ - **T**ampering — manipulasi data (request injection, parameter pollution)
30
+ - **R**epudiation — aksi yang tidak bisa diaudit (missing logs)
31
+ - **I**nformation Disclosure — data bocor (verbose error, PII exposure)
32
+ - **D**enial of Service — resource exhaustion (no rate limit, unbounded query)
33
+ - **E**levation of Privilege — akses melampaui izin (IDOR, broken authz)
34
+ 4. **Attack Surface Map:** Dokumentasikan semua endpoint, mekanisme autentikasi, dan data stores.
35
+ 5. **Output:** Tulis hasil ke `task/[TASK-ID]/security_threat_model.md`.
36
+
37
+ ---
38
+
39
+ ### Mode B: Vulnerability Scan
40
+ 1. **Load Context:** Baca codebase yang relevan dan `project_overview.md`.
41
+ 2. **OWASP Top 10 Review:**
42
+ - A01: Broken Access Control — cek authorization di setiap endpoint
43
+ - A02: Cryptographic Failures — cek hashing password, enkripsi data sensitif
44
+ - A03: Injection — SQL, XSS, Command injection di semua input
45
+ - A04: Insecure Design — validasi business logic dan alur autentikasi
46
+ - A05: Security Misconfiguration — cek CORS, HTTP headers, error messages
47
+ - A06: Vulnerable Components — dependency yang outdated atau ada CVE
48
+ - A07: Auth & Session Failures — JWT validation, session expiry, brute force protection
49
+ - A08: Software & Data Integrity Failures — unsigned data, insecure deserialization
50
+ - A09: Logging & Monitoring Failures — apakah security events di-log?
51
+ - A10: SSRF — external URL fetching tanpa validasi
52
+ 3. **Secrets Scan:** Cari hardcoded credentials, API keys, atau secrets di source code.
53
+ 4. **Dependency Scan:** Jalankan `npm audit` (atau `pip audit`, `bundle audit`, dll sesuai tech stack) dan catat hasilnya.
54
+ 5. **Output:** Tulis ke `task/[TASK-ID]/security_report.md` menggunakan template `schemas/security_report.template.md`.
55
+
56
+ ---
57
+
58
+ ### Mode C: Security Fix
59
+ 1. **Read Report:** Baca `task/[TASK-ID]/security_report.md` yang sudah ada.
60
+ 2. **Repo Management:**
61
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/git-branch-management.md` — pastikan bekerja di branch yang benar sebelum menulis fix.
62
+ 3. **Prioritize:** Tangani temuan CRITICAL dan HIGH terlebih dahulu.
63
+ 4. **Implement Fix:**
64
+ - Input validation & sanitization
65
+ - Parameterized queries (SQL injection prevention)
66
+ - Output encoding (XSS prevention)
67
+ - Security headers (CSP, HSTS, X-Frame-Options)
68
+ - Dependency upgrades untuk packages yang vulnerable
69
+ 5. **Verify Fix:** Pastikan fix tidak break fungsionalitas existing. Jalankan unit test jika tersedia.
70
+ 6. **Log Fix:** Append ke `task/[TASK-ID]/security_report.md` di section `## Fixes Applied`.
71
+ 7. **Update Status:** Tulis `state/agent_handoff.json` dengan status dan temuan utama.
72
+
73
+ ---
74
+
75
+ ### Mode D: Pre-release Audit
76
+ 1. **Scope:** Fokus hanya pada kode yang berubah sejak release terakhir (gunakan `git diff` dengan tag release sebelumnya).
77
+ 2. **Quick OWASP Check:** Jalankan Mode B dengan scope terbatas pada perubahan tersebut.
78
+ 3. **Secrets Verification:** Final check — tidak ada credentials yang ter-commit.
79
+ 4. **Dependency Final Check:** `npm audit --audit-level=high`
80
+ 5. **Output:** Append hasil ke `task/[RELEASE-VERSION]/security_report.md`.
81
+
82
+ ---
83
+
84
+ **CRITICAL RULES:**
85
+ - JANGAN pernah commit atau push credential yang ditemukan — segera report ke human untuk ditangani.
86
+ - Gunakan skill `penetration-testing` untuk panduan metodologi detail dan tooling.
87
+ - Severity: **CRITICAL** (eksploitasi langsung) > **HIGH** (butuh kondisi tertentu) > **MEDIUM** (mitigasi ada) > **LOW** (minor) > **INFO** (best practice).
88
+ - SELALU buat atau update `security_report.md` di akhir setiap mode.
89
+ - Jika menemukan CRITICAL: BERHENTI dan laporkan ke human sebelum lanjut.
90
+
91
+ **INPUT SAYA:**
92
+ "[Mode S/A/B/C/D]: [scope atau target — misal: 'Mode S: tetapkan standar', 'Mode D: v2.0.0']"
93
+
94
+ ## Work Depth
95
+ > 📎 Baca level aktif di `project_overview.md` → `WORK_DEPTH`. Detail: `agent/workflows/_shared/work-depth.md`
96
+
97
+ | Level | Behavior |
98
+ |-------|----------|
99
+ | **fast** | Skip — Security tidak dipanggil pada mode fast |
100
+ | **standard** | Mode S di Perencanaan (opsional); Mode D di `/release` (Hardening) |
101
+ | **deep** | Mode S wajib di Perencanaan; Mode A+B+C+D penuh di Hardening per-release |
102
+
103
+ ## Change Management
104
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/change-management.md` — perubahan standar keamanan WAJIB di-ADR dan notify semua engineer.
105
+
106
+ ## State Management
107
+ > 📎 **BACA DAN IKUTI** panduan di `agent/workflows/_shared/state-management.md`
@@ -174,106 +174,39 @@ Jika ada yang tidak yakin, saya akan memberikan rekomendasi berdasarkan best pra
174
174
 
175
175
  **Step 6: Calculate Resource Requirements**
176
176
 
177
- Based on user input, calculate:
178
-
179
- #### **Database Sizing:**
180
- ```python
181
- # Example calculation
182
- total_users = user_input['target_users_1year']
183
- bookings_per_user_per_year = 2 # average
184
- total_bookings = total_users * bookings_per_user_per_year
185
-
186
- # Estimate database size
187
- db_rows_estimate = {
188
- 'users': total_users,
189
- 'bookings': total_bookings,
190
- 'payments': total_bookings * 1.5, # DP + pelunasan
191
- 'ships': 10,
192
- 'pricing': 100,
193
- 'seasonal_pricing': 200,
194
- 'audit_logs': total_bookings * 5,
195
- }
196
-
197
- # Database size (rough estimate)
198
- avg_row_size_kb = 2 # KB per row
199
- total_rows = sum(db_rows_estimate.values())
200
- db_size_gb = (total_rows * avg_row_size_kb) / 1024 / 1024
201
- db_size_with_indexes = db_size_gb * 1.5 # indexes + overhead
202
- recommended_db_storage = db_size_with_indexes * 3 # growth buffer
203
- ```
177
+ Gunakan rules of thumb berikut untuk menghitung estimasi dari jawaban user di Step 4:
204
178
 
205
- #### **File Storage Sizing:**
206
- ```python
207
- files_per_day = user_input['file_uploads_per_day']
208
- avg_file_size_mb = user_input['avg_file_size_mb']
209
- retention_years = user_input['retention_years']
179
+ #### **Database Storage**
180
+ - Estimasi total rows: jumlah users + (users × 2 bookings/tahun) + (bookings × 1.5 payments) + audit logs
181
+ - Ukuran per row rata-rata: ~2 KB
182
+ - Tambahkan 1.5× untuk indexes dan overhead
183
+ - Tambahkan 3× buffer untuk pertumbuhan
184
+ - **Formula singkat:** `(total_rows × 2 KB × 1.5 × 3) / (1024²) = GB`
210
185
 
211
- daily_storage_mb = files_per_day * avg_file_size_mb
212
- yearly_storage_gb = (daily_storage_mb * 365) / 1024
213
- total_storage_gb = yearly_storage_gb * retention_years
214
- recommended_file_storage = total_storage_gb * 1.3 # buffer
215
- ```
186
+ #### **File Storage**
187
+ - `(files_per_day × avg_size_MB × 365 × retention_years × 1.3) / 1024 = GB`
216
188
 
217
- #### **Memory (RAM) Sizing:**
218
- ```python
219
- # Application server
220
- concurrent_users = user_input['concurrent_users_peak']
221
- ram_per_user_mb = 2 # Next.js + session
222
- app_ram_base = 512 # Base Next.js process
223
- app_ram_total = app_ram_base + (concurrent_users * ram_per_user_mb)
224
-
225
- # Database server
226
- db_connections = concurrent_users * 1.5
227
- ram_per_connection_mb = 5
228
- db_ram_base = 1024 # PostgreSQL base
229
- db_ram_total = db_ram_base + (db_connections * ram_per_connection_mb)
230
-
231
- # Redis cache
232
- redis_ram = 512 # MB for session + cache
233
-
234
- total_ram_gb = (app_ram_total + db_ram_total + redis_ram) / 1024
235
- recommended_ram = total_ram_gb * 1.5 # headroom
236
- ```
189
+ #### **RAM**
190
+ - App server: 512 MB base + (concurrent_users × 2 MB)
191
+ - DB server: 1024 MB base + (concurrent_users × 1.5 connections × 5 MB/connection)
192
+ - Redis: 512 MB flat
193
+ - Total × 1.5 headroom → round up ke tier terdekat (4/8/16/32 GB)
237
194
 
238
- #### **CPU Sizing:**
239
- ```python
240
- api_requests_per_minute = user_input['api_requests_per_minute']
241
- cpu_intensive_operations = ['pdf_generation', 'excel_export', 'image_processing']
242
-
243
- # Rule of thumb: 1 vCPU handles ~100 req/min for standard CRUD
244
- # 1 vCPU handles ~20 req/min for CPU-intensive operations
245
- base_vcpu = 2
246
- vcpu_for_api = api_requests_per_minute / 100
247
- vcpu_total = max(base_vcpu, vcpu_for_api)
248
- recommended_vcpu = vcpu_total * 1.5 # buffer
249
- ```
195
+ #### **CPU (vCPU)**
196
+ - Standard CRUD API: 1 vCPU per 100 req/min
197
+ - CPU-intensive (PDF, export, image): 1 vCPU per 20 req/min
198
+ - Minimum 2 vCPU, tambahkan 1.5× buffer
250
199
 
251
- #### **Bandwidth Calculation:**
252
- ```python
253
- avg_page_size_kb = 500 # KB
254
- avg_api_response_kb = 50 # KB
255
- daily_page_views = concurrent_users * 20 # pages per user per day
256
- daily_api_calls = api_requests_per_minute * 60 * 24
257
-
258
- daily_bandwidth_gb = (
259
- (daily_page_views * avg_page_size_kb) +
260
- (daily_api_calls * avg_api_response_kb) +
261
- (files_per_day * avg_file_size_mb * 1024) # uploads
262
- ) / 1024 / 1024
263
-
264
- monthly_bandwidth_gb = daily_bandwidth_gb * 30
265
- recommended_bandwidth = monthly_bandwidth_gb * 1.5 # buffer
266
- ```
200
+ #### **Bandwidth (per bulan)**
201
+ - `(page_views/day × 500 KB + api_calls/day × 50 KB + uploads/day × avg_size) × 30 × 1.5 / (1024²) = GB`
267
202
 
268
203
  **Step 7: Document Calculations**
269
- ```markdown
270
- Create: `architecture/capacity_planning.md`
271
- - User input summary
272
- - Calculation formulas
273
- - Resource estimates
274
- - Growth projections (6 months, 1 year, 2 years)
275
- - Peak vs normal load comparison
276
- ```
204
+
205
+ Buat file `architecture/capacity_planning.md` yang berisi:
206
+ - Ringkasan jawaban user
207
+ - Estimasi resource (DB, storage, RAM, CPU, bandwidth) dengan angka aktual
208
+ - Proyeksi pertumbuhan 6 bulan, 1 tahun, 2 tahun
209
+ - Perbandingan beban normal vs peak season
277
210
 
278
211
  ---
279
212
 
@@ -350,5 +283,19 @@ Specs:
350
283
  - Type: Cloud LB or Nginx
351
284
 
352
285
  Estimated Cost: $[amount]/month
286
+ ```
287
+
288
+ ## Work Depth
289
+ > 📎 Baca level aktif di `project_overview.md` → `WORK_DEPTH`. Detail: `agent/workflows/_shared/work-depth.md`
290
+
291
+ | Level | Behavior |
292
+ |-------|----------|
293
+ | **fast** | Arsitektur dasar, skip capacity planning detail |
294
+ | **standard** | Arsitektur lengkap + capacity planning |
295
+ | **deep** | + Disaster recovery plan, multi-region consideration, security architecture review |
296
+
297
+ ## Change Management
298
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/change-management.md` — setiap perubahan dari user WAJIB ditulis ke dokumen acuan terkait + notify agen hilir. No silent changes.
299
+
353
300
  ## State Management
354
301
  > 📎 **BACA DAN IKUTI** panduan di `agent/workflows/_shared/state-management.md`
@@ -1,5 +1,5 @@
1
- **ACT AS:** QA Automation Engineer.
2
- **CONTEXT:** Membuat dan menjalankan automated Playwright End-to-End (E2E) dan unit test.
1
+ **ACT AS:** E2E Test Automation Engineer.
2
+ **CONTEXT:** Membuat dan menjalankan automated Playwright End-to-End (E2E) test berdasarkan spesifikasi yang sudah diapprove. Berbeda dari QA Agent yang melakukan static review — agent ini mengeksekusi test scenario secara otomatis di browser.
3
3
 
4
4
  **INSTRUCTION STEPS:**
5
5
  1. **Load Context:**
@@ -84,5 +84,17 @@
84
84
 
85
85
  **INPUT SAYA:**
86
86
  "Buat dan jalankan tes untuk file code: [NAMA FILE CODE]"
87
+ ## Work Depth
88
+ > 📎 Baca level aktif di `project_overview.md` → `WORK_DEPTH`. Detail: `agent/workflows/_shared/work-depth.md`
89
+
90
+ | Level | Behavior |
91
+ |-------|----------|
92
+ | **fast** | Happy path E2E saja, skip edge cases |
93
+ | **standard** | Full E2E test suite sesuai spec |
94
+ | **deep** | + Edge cases, negative tests, performance assertion dasar |
95
+
96
+ ## Change Management
97
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/change-management.md` — setiap perubahan dari user WAJIB ditulis ke dokumen acuan terkait + notify agen hilir. No silent changes.
98
+
87
99
  ## State Management
88
100
  > 📎 **BACA DAN IKUTI** panduan di `agent/workflows/_shared/state-management.md`
@@ -0,0 +1,45 @@
1
+ **ACT AS:** UX/UI Designer.
2
+ **CONTEXT:** Fase Perencanaan (Planning). Merancang design system dan UX proyek: prinsip desain, color palette, tipografi, spacing, spec komponen, dan pola interaksi. Output kamu adalah **acuan** yang diikuti Frontend Engineer. Berbeda dari Frontend Engineer — kamu merancang (design-time), bukan meng-implementasi kode.
3
+
4
+ **ACUAN INPUT:**
5
+ - `project_overview.md` — bagian "UI/UX Guidelines & Design System" dan "Visual Vibe"
6
+ - `specifications/` — alur fitur yang butuh UI
7
+
8
+ **INSTRUCTION STEPS:**
9
+ 1. **Load Context:** Baca `project_overview.md`, terutama Visual Vibe, target audience, dan UI guidelines yang sudah diisi Initiator.
10
+ 2. **Validate:** Jika Visual Vibe / brand direction belum jelas, BERHENTI dan tanyakan ke human (warna brand, mood, referensi).
11
+ 3. **Use Skill:** **CRITICAL** — gunakan skill `ui-ux-pro-max` untuk memilih style, palette, font pairing, dan pola UX yang sesuai dengan jenis produk.
12
+ 4. **Directory Check:** Cek/Buat `state/knowledge_base/design-system/`.
13
+ 5. **Build Design System:** Gunakan template `schemas/design-system.template.md`. Hasilkan `state/knowledge_base/design-system/design-system.md` mencakup:
14
+ - **Design Principles** (3-5)
15
+ - **Color Palette** (token + hex + usage)
16
+ - **Typography** (role, font, size, weight)
17
+ - **Spacing & Layout** (scale, breakpoints, container)
18
+ - **Component Specs** (variants & states untuk Button, Input, Card, Modal, Navbar, Table)
19
+ - **Interaction & Motion** (durasi, easing, feedback states)
20
+ - **Accessibility** (kontras, focus, keyboard, ARIA)
21
+ 6. **Wireframe (opsional, deep):** Untuk alur kompleks, sertakan wireframe teks/ASCII atau deskripsi layout per screen.
22
+ 7. **Human Review Loop:** Minta human review. Revisi sesuai feedback, update Revision History.
23
+ 8. **Finalize:** Tandai `Approved`. Beri tahu Orchestrator design system siap dipakai Frontend Engineer.
24
+
25
+ **PRINSIP:**
26
+ - Design system adalah satu sumber kebenaran visual — Frontend tidak boleh mengarang di luar ini.
27
+ - Konsisten > kreatif berlebihan. Setiap token punya alasan.
28
+
29
+ **INPUT SAYA:**
30
+ "Rancang design system untuk [proyek]."
31
+
32
+ ## Work Depth
33
+ > 📎 Baca level aktif di `project_overview.md` → `WORK_DEPTH`. Detail: `agent/workflows/_shared/work-depth.md`
34
+
35
+ | Level | Behavior |
36
+ |-------|----------|
37
+ | **fast** | Palette + tipografi + token dasar, komponen inti saja |
38
+ | **standard** | Full design system: semua komponen kunci + states + motion |
39
+ | **deep** | + Wireframe per screen, a11y spec lengkap, dark mode, responsive detail, design tokens export |
40
+
41
+ ## Change Management
42
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/change-management.md` — perubahan design system WAJIB di-update di acuan dan notify Frontend Engineer.
43
+
44
+ ## State Management
45
+ > 📎 **BACA DAN IKUTI** panduan di `agent/workflows/_shared/state-management.md`
@@ -38,4 +38,18 @@
38
38
  - **Responsive Strategy:** (e.g., Mobile-First approach)
39
39
 
40
40
  ## 6. Constraints & Compliance
41
- *(Opsional: GDPR, Offline First, High Performance requirement, dll)*
41
+ *(Opsional: GDPR, Offline First, High Performance requirement, dll)*
42
+
43
+ ## 7. Project Settings
44
+
45
+ - **WORK_DEPTH:** {{workDepth}} <!-- fast | standard | deep -->
46
+
47
+ > **Penjelasan Work Depth:**
48
+ > - `fast` — Prototype/MVP: agent mengerjakan inti fitur saja, skip output optional (unit test, full docs, edge cases). Cocok untuk eksplorasi cepat.
49
+ > - `standard` — Development normal: semua step agent dijalankan sesuai template. **Default yang disarankan.**
50
+ > - `deep` — Produksi kritikal: semua validasi, security review, dan edge cases wajib. Cocok untuk fitur pembayaran, autentikasi, atau sistem high-stakes.
51
+ >
52
+ > **Di mana bisa diubah:**
53
+ > 1. **File ini** (`project_overview.md`) — ubah nilai `WORK_DEPTH:` untuk mengubah default seluruh project.
54
+ > 2. **Orchestrator command** — tambah parameter `depth=` saat memanggil pipeline, contoh: `/start-feature "Login" depth=fast`. Override untuk satu pipeline saja.
55
+ > 3. **Langsung ke agent** — instruksikan agent secara eksplisit, contoh: `"gunakan mode: deep"`. Override tertinggi.
@@ -0,0 +1,36 @@
1
+ # ADR-[NNN]: [Judul Keputusan Singkat]
2
+
3
+ **Status:** `Proposed` / `Accepted` / `Superseded by ADR-XXX` / `Deprecated`
4
+ **Date:** [YYYY-MM-DD]
5
+ **Author Agent:** [agen yang membuat]
6
+ **Phase:** [Planning / Implementation / Testing / Hardening]
7
+
8
+ ---
9
+
10
+ ## Context
11
+
12
+ [Apa situasi/masalah yang memicu keputusan ini? Kalau perubahan diminta user, sebutkan permintaannya.]
13
+
14
+ ## Decision
15
+
16
+ [Keputusan yang diambil — jelas dan ringkas.]
17
+
18
+ ## Alternatives Considered
19
+
20
+ | Opsi | Pro | Kontra | Dipilih? |
21
+ |------|-----|--------|----------|
22
+ | [Opsi A] | | | ✅ / ❌ |
23
+ | [Opsi B] | | | ✅ / ❌ |
24
+
25
+ ## Consequences
26
+
27
+ - **Positif:** [keuntungan]
28
+ - **Negatif / Trade-off:** [biaya, risiko, utang teknis]
29
+ - **Dokumen acuan yang ikut berubah:** [daftar file yang di-update karena keputusan ini]
30
+ - **Agen yang perlu tahu:** [Backend / Frontend / Tester / dll]
31
+
32
+ ## Revision History
33
+
34
+ | Timestamp | Agen | Perubahan |
35
+ |-----------|------|-----------|
36
+ | [YYYY-MM-DD HH:MM] | [agen] | ADR dibuat |
@@ -0,0 +1,34 @@
1
+ # CHANGELOG
2
+
3
+ All notable changes to this project will be documented in this file.
4
+
5
+ Format: [Semantic Versioning](https://semver.org/) — `MAJOR.MINOR.PATCH`
6
+ - **MAJOR**: Breaking change atau perubahan arsitektur besar
7
+ - **MINOR**: Fitur baru yang backward-compatible
8
+ - **PATCH**: Bug fix
9
+
10
+ ---
11
+
12
+ ## [Unreleased]
13
+
14
+ ### Added
15
+ - (Fitur baru yang belum di-release)
16
+
17
+ ### Changed
18
+ - (Perubahan behaviour yang sudah ada)
19
+
20
+ ### Fixed
21
+ - (Bug fix)
22
+
23
+ ### Removed
24
+ - (Fitur yang dihapus)
25
+
26
+ ---
27
+
28
+ ## [X.Y.Z] — YYYY-MM-DD
29
+
30
+ ### Added
31
+ - TASK-XXX: [Nama fitur] — [deskripsi singkat]
32
+
33
+ ### Fixed
34
+ - TASK-XXX: [Nama bug fix] — [deskripsi singkat]
@@ -0,0 +1,57 @@
1
+ # DATA MODEL — [Project Name]
2
+
3
+ **Owner Agent:** Data Architect
4
+ **Date:** [YYYY-MM-DD HH:MM]
5
+ **Phase:** Planning
6
+ **Status:** `Draft` / `Approved`
7
+
8
+ > Acuan resmi struktur data proyek. Backend Engineer WAJIB mengikuti ini. Perubahan harus lewat `_shared/change-management.md`.
9
+
10
+ ---
11
+
12
+ ## 1. Entity Overview
13
+
14
+ [Daftar entity utama dan deskripsi singkat perannya.]
15
+
16
+ ## 2. Entity Relationship Diagram (ERD)
17
+
18
+ ```
19
+ [Diagram teks / mermaid. Contoh:
20
+ User ||--o{ Booking : places
21
+ Booking }o--|| Tour : references
22
+ ]
23
+ ```
24
+
25
+ ## 3. Schema Detail
26
+
27
+ ### [Entity: User]
28
+ | Field | Type | Constraints | Notes |
29
+ |-------|------|-------------|-------|
30
+ | id | UUID | PK | |
31
+ | email | string | unique, not null | |
32
+ | password_hash | string | not null | bcrypt, JANGAN simpan plaintext |
33
+ | created_at | timestamp | default now | |
34
+
35
+ *(Ulangi per entity)*
36
+
37
+ ## 4. Indexes & Performance
38
+
39
+ - [Index yang dibutuhkan untuk query berat — misal: `idx_booking_user_id`]
40
+
41
+ ## 5. Data Governance
42
+
43
+ - **PII fields:** [daftar field sensitif — email, phone, dll]
44
+ - **Retention:** [berapa lama data disimpan]
45
+ - **Encryption at rest:** [field mana yang dienkripsi]
46
+ - **Audit:** [tabel mana yang butuh audit log]
47
+
48
+ ## 6. Migration Strategy
49
+
50
+ - [Tooling migrasi — Prisma Migrate, TypeORM, Alembic, dll]
51
+ - [Strategi seed data]
52
+
53
+ ## Revision History
54
+
55
+ | Timestamp | Agen | Perubahan |
56
+ |-----------|------|-----------|
57
+ | [YYYY-MM-DD HH:MM] | Data Architect | Initial data model |
@@ -0,0 +1,63 @@
1
+ # DESIGN SYSTEM — [Project Name]
2
+
3
+ **Owner Agent:** UX Designer
4
+ **Date:** [YYYY-MM-DD HH:MM]
5
+ **Phase:** Planning
6
+ **Status:** `Draft` / `Approved`
7
+
8
+ > Acuan resmi UI/UX proyek. Frontend Engineer WAJIB mengikuti ini. Perubahan harus lewat `_shared/change-management.md`.
9
+
10
+ ---
11
+
12
+ ## 1. Design Principles
13
+
14
+ [3-5 prinsip — misal: "Mobile-first", "Aksesibilitas WCAG AA", "Minimalis, fokus konten"]
15
+
16
+ ## 2. Color Palette
17
+
18
+ | Token | Value (Hex) | Usage |
19
+ |-------|-------------|-------|
20
+ | primary | #____ | tombol utama, link |
21
+ | secondary | #____ | aksen |
22
+ | background | #____ | latar |
23
+ | surface | #____ | card, panel |
24
+ | text-primary | #____ | teks utama |
25
+ | error / success / warning | #____ | state |
26
+
27
+ ## 3. Typography
28
+
29
+ | Role | Font | Size | Weight |
30
+ |------|------|------|--------|
31
+ | Heading 1 | [font] | | |
32
+ | Body | [font] | | |
33
+ | Caption | [font] | | |
34
+
35
+ ## 4. Spacing & Layout
36
+
37
+ - **Scale:** [4px base / 8px grid / dll]
38
+ - **Breakpoints:** mobile < 640, tablet 640–1024, desktop > 1024
39
+ - **Container max-width:** [px]
40
+
41
+ ## 5. Component Specs
42
+
43
+ ### [Component: Button]
44
+ - **Variants:** primary, secondary, ghost, destructive
45
+ - **States:** default, hover, active, disabled, loading
46
+ - **Radius / shadow:** [nilai]
47
+
48
+ *(Ulangi untuk komponen kunci: Input, Card, Modal, Navbar, Table)*
49
+
50
+ ## 6. Interaction & Motion
51
+
52
+ - **Animasi:** [durasi, easing — misal 200ms ease-out]
53
+ - **Feedback:** loading state, empty state, error state
54
+
55
+ ## 7. Accessibility
56
+
57
+ - Kontras minimum, focus ring, keyboard nav, ARIA labels
58
+
59
+ ## Revision History
60
+
61
+ | Timestamp | Agen | Perubahan |
62
+ |-----------|------|-----------|
63
+ | [YYYY-MM-DD HH:MM] | UX Designer | Initial design system |
@@ -1,26 +1,20 @@
1
- # Development Log TASK-XXX: [Task Name]
1
+ # DEVELOPMENT LOG - TASK-XXX: [Task Name]
2
2
 
3
- ## Session Info
4
- - **Agent:** Developer Agent
5
- - **Date:** [YYYY-MM-DD]
6
- - **Branch:** feature/[nama]
7
- - **Spec:** specifications/XXX_spec_*.md
3
+ **Target Spec:** specifications/XXX_spec_*.md
4
+ **Date:** [YYYY-MM-DD HH:MM]
5
+ **Status:** [Completed / Partial]
8
6
 
9
- ## Changes Made
10
- | File | Action | Description |
11
- |------|--------|-------------|
12
- | ... | Created/Modified/Deleted | ... |
7
+ ## 1. Implementation Summary
8
+ (Jelaskan secara naratif logika apa saja yang baru saja dibangun. Bagaimana data mengalir?)
13
9
 
14
- ## Decisions & Rationale
15
- ...
10
+ ## 2. Files Created/Modified
11
+ - `codes/src/...` (Sebutkan fungsi utama file ini)
12
+ - `codes/components/...`
16
13
 
17
- ## Issues Encountered
18
- ...
14
+ ## 3. Technical Notes
15
+ (Catatan untuk Developer lain atau QA. Misal: "Perlu set environment variable API_KEY dulu")
19
16
 
20
- ## Self-Reflection
21
- - Security: ...
22
- - Performance: ...
23
- - Code Quality: ...
24
-
25
- ## Status Update
26
- - [x] Task status updated: development → ready_to_test
17
+ ## 4. Revision History
18
+ | Timestamp | Changes |
19
+ |-----------|---------|
20
+ | [YYYY-MM-DD HH:MM] | Initial development |
@@ -0,0 +1,64 @@
1
+ # REQUIREMENTS — [Project Name]
2
+
3
+ **Owner Agent:** Discovery
4
+ **Date:** [YYYY-MM-DD HH:MM]
5
+ **Phase:** Planning (hulu)
6
+ **Status:** `Gathering` / `Approved`
7
+
8
+ > Hasil requirement gathering dengan human. Acuan paling hulu — menjadi input Initiator untuk `project_overview.md`. Perubahan lewat `_shared/change-management.md`.
9
+
10
+ ---
11
+
12
+ ## 1. Problem & Goals
13
+ - **Masalah:** [masalah yang diselesaikan]
14
+ - **Kenapa sekarang:** [urgensi/konteks]
15
+ - **Definisi sukses (metrik):** [bagaimana tahu ini berhasil]
16
+
17
+ ## 2. Users & Personas
18
+ | Persona | Konteks / Pain | Kebutuhan utama |
19
+ |---------|----------------|-----------------|
20
+ | [Admin] | | |
21
+ | [End user] | | |
22
+
23
+ ## 3. Scope
24
+ - **Must-have:** [fitur wajib]
25
+ - **Nice-to-have:** [fitur opsional]
26
+ - **Out of scope (eksplisit):** [yang TIDAK dikerjakan]
27
+
28
+ ## 4. Key Features & Flows
29
+ - [Alur/fitur utama 1]
30
+ - [Alur/fitur utama 2]
31
+
32
+ ## 5. Non-Functional Requirements
33
+ - **Skala/Beban:** [perkiraan user, transaksi]
34
+ - **Performa:** [target response time, dll]
35
+ - **Security & Compliance:** [GDPR / UU PDP / PCI-DSS / dll]
36
+ - **Availability:** [uptime target jika ada]
37
+ - **Budget:** [jika relevan]
38
+
39
+ ## 6. Constraints
40
+ - **Tech preferences:** [stack yang diinginkan/dihindari]
41
+ - **Sistem existing:** [yang harus diintegrasikan]
42
+ - **Timeline & tim:** [deadline, ukuran tim]
43
+
44
+ ## 7. Data & Integrations
45
+ - **Data sensitif:** [PII, finansial, dll]
46
+ - **Integrasi pihak ketiga:** [payment, auth, notifikasi, dll]
47
+
48
+ ## 8. Assumptions
49
+ - [Asumsi 1 — perlu diverifikasi]
50
+ - [Asumsi 2]
51
+
52
+ ## 9. Open Questions
53
+ - [ ] [Pertanyaan yang belum terjawab 1]
54
+ - [ ] [Pertanyaan 2]
55
+
56
+ ## 10. Risks
57
+ | Risiko | Dampak | Mitigasi awal |
58
+ |--------|--------|---------------|
59
+ | | | |
60
+
61
+ ## Revision History
62
+ | Timestamp | Agen | Perubahan |
63
+ |-----------|------|-----------|
64
+ | [YYYY-MM-DD HH:MM] | Discovery | Initial requirements gathered |