create-vasvibe 1.2.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (121) hide show
  1. package/package.json +1 -1
  2. package/template/.agents/agents/backend/agent.json +44 -0
  3. package/template/.agents/agents/data-architect/agent.json +43 -0
  4. package/template/.agents/agents/discovery/agent.json +43 -0
  5. package/template/.agents/agents/frontend/agent.json +44 -0
  6. package/template/.agents/agents/{developer → fullstack}/agent.json +3 -3
  7. package/template/.agents/agents/reliability/agent.json +44 -0
  8. package/template/.agents/agents/security/agent.json +44 -0
  9. package/template/.agents/agents/ux-designer/agent.json +43 -0
  10. package/template/.agents/skills/{developer → fullstack}/SKILL.md +1 -1
  11. package/template/.agents/workflows/build-feature.md +21 -0
  12. package/template/.agents/workflows/daily-standup.md +16 -0
  13. package/template/.agents/workflows/deliver-feature.md +16 -0
  14. package/template/.agents/workflows/harden-release.md +21 -0
  15. package/template/.agents/workflows/plan-project.md +25 -0
  16. package/template/.agents/workflows/release.md +18 -0
  17. package/template/.agents/workflows/security-audit.md +19 -0
  18. package/template/.agents/workflows/start-fix.md +17 -0
  19. package/template/.agents/workflows/test-feature.md +17 -0
  20. package/template/.claude/agents/analyst.md +7 -1
  21. package/template/.claude/agents/backend.md +66 -0
  22. package/template/.claude/agents/data-architect.md +48 -0
  23. package/template/.claude/agents/devops.md +9 -4
  24. package/template/.claude/agents/discovery.md +56 -0
  25. package/template/.claude/agents/document.md +3 -0
  26. package/template/.claude/agents/fixer.md +3 -0
  27. package/template/.claude/agents/frontend.md +63 -0
  28. package/template/{agent/workflows/developer.md → .claude/agents/fullstack.md} +13 -6
  29. package/template/.claude/agents/initiator.md +14 -8
  30. package/template/.claude/agents/orchestrator.md +85 -50
  31. package/template/.claude/agents/pm.md +3 -0
  32. package/template/.claude/agents/qa.md +7 -4
  33. package/template/.claude/agents/reliability.md +52 -0
  34. package/template/.claude/agents/security.md +111 -0
  35. package/template/.claude/agents/sysarch.md +3 -0
  36. package/template/.claude/agents/tester.md +3 -0
  37. package/template/.claude/agents/ux-designer.md +50 -0
  38. package/template/.claude/commands/build-feature.md +22 -0
  39. package/template/.claude/commands/daily-standup.md +16 -0
  40. package/template/.claude/commands/deliver-feature.md +17 -0
  41. package/template/.claude/commands/harden-release.md +22 -0
  42. package/template/.claude/commands/plan-project.md +26 -0
  43. package/template/.claude/commands/release.md +19 -0
  44. package/template/.claude/commands/security-audit.md +20 -0
  45. package/template/.claude/commands/start-fix.md +18 -0
  46. package/template/.claude/commands/test-feature.md +18 -0
  47. package/template/.claude/settings.local.json +8 -1
  48. package/template/.github/prompts/backend.prompt.md +44 -0
  49. package/template/.github/prompts/data-architect.prompt.md +38 -0
  50. package/template/.github/prompts/devops.prompt.md +32 -0
  51. package/template/.github/prompts/discovery.prompt.md +39 -0
  52. package/template/.github/prompts/frontend.prompt.md +43 -0
  53. package/template/.github/prompts/{developer.prompt.md → fullstack.prompt.md} +3 -10
  54. package/template/.github/prompts/initiator.prompt.md +8 -7
  55. package/template/.github/prompts/orchestrator.prompt.md +75 -0
  56. package/template/.github/prompts/qa.prompt.md +57 -0
  57. package/template/.github/prompts/reliability.prompt.md +44 -0
  58. package/template/.github/prompts/security.prompt.md +41 -0
  59. package/template/.github/prompts/ux-designer.prompt.md +41 -0
  60. package/template/.opencode/agents/analyst.md +7 -1
  61. package/template/.opencode/agents/backend.md +65 -0
  62. package/template/.opencode/agents/data-architect.md +47 -0
  63. package/template/.opencode/agents/devops.md +3 -0
  64. package/template/.opencode/agents/discovery.md +55 -0
  65. package/template/.opencode/agents/document.md +3 -0
  66. package/template/.opencode/agents/fixer.md +3 -0
  67. package/template/.opencode/agents/frontend.md +62 -0
  68. package/template/.opencode/agents/{developer.md → fullstack.md} +9 -7
  69. package/template/.opencode/agents/initiator.md +13 -7
  70. package/template/.opencode/agents/orchestrator.md +85 -50
  71. package/template/.opencode/agents/pm.md +3 -0
  72. package/template/.opencode/agents/qa.md +7 -4
  73. package/template/.opencode/agents/reliability.md +50 -0
  74. package/template/.opencode/agents/security.md +109 -0
  75. package/template/.opencode/agents/sysarch.md +4 -1
  76. package/template/.opencode/agents/tester.md +3 -0
  77. package/template/.opencode/agents/ux-designer.md +49 -0
  78. package/template/.opencode/commands/build-feature.md +21 -0
  79. package/template/.opencode/commands/daily-standup.md +16 -0
  80. package/template/.opencode/commands/deliver-feature.md +16 -0
  81. package/template/.opencode/commands/harden-release.md +21 -0
  82. package/template/.opencode/commands/plan-project.md +25 -0
  83. package/template/.opencode/commands/release.md +18 -0
  84. package/template/.opencode/commands/security-audit.md +19 -0
  85. package/template/.opencode/commands/start-fix.md +17 -0
  86. package/template/.opencode/commands/test-feature.md +17 -0
  87. package/template/AGENT_PERSONAS.md +143 -11
  88. package/template/QUICK-START.md +121 -0
  89. package/template/agent/workflows/_shared/change-management.md +70 -0
  90. package/template/agent/workflows/_shared/phases.md +86 -0
  91. package/template/agent/workflows/_shared/state-management.md +3 -3
  92. package/template/agent/workflows/analyst.md +7 -1
  93. package/template/agent/workflows/backend.md +61 -0
  94. package/template/agent/workflows/data-architect.md +43 -0
  95. package/template/agent/workflows/devops.md +9 -3
  96. package/template/agent/workflows/discovery.md +51 -0
  97. package/template/agent/workflows/document.md +3 -0
  98. package/template/agent/workflows/fixer.md +3 -0
  99. package/template/agent/workflows/frontend.md +58 -0
  100. package/template/{.claude/agents/developer.md → agent/workflows/fullstack.md} +9 -11
  101. package/template/agent/workflows/initiator.md +13 -7
  102. package/template/agent/workflows/orchestrator.md +84 -48
  103. package/template/agent/workflows/pm.md +3 -0
  104. package/template/agent/workflows/qa.md +7 -3
  105. package/template/agent/workflows/reliability.md +48 -0
  106. package/template/agent/workflows/security.md +107 -0
  107. package/template/agent/workflows/sysarch.md +3 -0
  108. package/template/agent/workflows/tester.md +3 -0
  109. package/template/agent/workflows/ux-designer.md +45 -0
  110. package/template/schemas/adr.template.md +36 -0
  111. package/template/schemas/data-model.template.md +57 -0
  112. package/template/schemas/design-system.template.md +63 -0
  113. package/template/schemas/requirements.template.md +64 -0
  114. package/template/schemas/security-standards.template.md +58 -0
  115. package/template/schemas/security_report.template.md +89 -0
  116. package/template/state/knowledge_base/architecture/.gitkeep +0 -0
  117. package/template/state/knowledge_base/data-model/.gitkeep +0 -0
  118. package/template/state/knowledge_base/decisions/.gitkeep +0 -0
  119. package/template/state/knowledge_base/design-system/.gitkeep +0 -0
  120. package/template/state/knowledge_base/requirements/.gitkeep +1 -0
  121. package/template/state/knowledge_base/security/.gitkeep +0 -0
@@ -0,0 +1,19 @@
1
+ ---
2
+ description: Audit keamanan ad-hoc di luar siklus release.
3
+ ---
4
+
5
+ Jalankan security audit untuk scope: **$ARGUMENTS**
6
+
7
+ 1. **Security (Mode A)** → Threat Modeling
8
+ 2. **Security (Mode B)** → Vulnerability Scan
9
+ 3. **CHECKPOINT:** Human review findings (approve fix plan / accepted risk)
10
+ 4. **Security (Mode C)** → fix CRITICAL & HIGH
11
+ 5. **Tester** → regression test
12
+ 6. **CHECKPOINT:** Human sign-off.
13
+
14
+ **Aturan orkestrasi (WAJIB):**
15
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
16
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
17
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
18
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
19
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -0,0 +1,17 @@
1
+ ---
2
+ description: Perbaikan bug terarah: fix → review → regression.
3
+ ---
4
+
5
+ Tangani bug: **$ARGUMENTS**
6
+
7
+ 1. **Fixer** → analyze root cause & fix
8
+ 2. **QA** → quick review pada kode yang diubah
9
+ 3. **Tester** → regression test
10
+ 4. **CHECKPOINT:** Human validation.
11
+
12
+ **Aturan orkestrasi (WAJIB):**
13
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
14
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
15
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
16
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
17
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -0,0 +1,17 @@
1
+ ---
2
+ description: Jalankan Fase 3 (Testing) — E2E test fungsional terhadap spesifikasi.
3
+ ---
4
+
5
+ Jalankan **Fase 3 — Testing** untuk fitur: **$ARGUMENTS**
6
+
7
+ Langkah:
8
+ 1. **Tester** → buat & jalankan E2E test berdasarkan spec
9
+ 2. Jika FAIL → **Fixer** → loop balik ke langkah 1
10
+ 3. **GATE — Fungsional hijau:** semua test pass.
11
+
12
+ **Aturan orkestrasi (WAJIB):**
13
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
14
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
15
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
16
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
17
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -1,8 +1,38 @@
1
1
  ## 🤖 AI Agent Personas & Capabilities
2
2
 
3
- Setiap Agent memiliki **system instruction** yang tersimpan di `.github/prompts/` dan dapat dipanggil via slash command.
3
+ Setiap Agent memiliki **system instruction** dan dapat dipanggil via slash command.
4
4
 
5
- **Total: 8 Specialized Agents**
5
+ **Total: 18 Specialized Agents**
6
+
7
+ ---
8
+
9
+ ## 🔄 Workflow 4 Fase (v2.0)
10
+
11
+ Pengerjaan proyek dibagi ke **4 fase** dengan gerbang human di tiap transisi. Detail: `agent/workflows/_shared/phases.md`.
12
+
13
+ | Fase | Agen | Output (acuan) | Gate |
14
+ |------|------|----------------|------|
15
+ | **1 · Perencanaan** | **Discovery** (wawancara human), Initiator, SysArch, Data Architect, UX Designer, Security (Mode S), Analyst | requirements, overview, architecture, data-model, design-system, security-standards, **API Contract** | requirements sign-off → Blueprint disetujui |
16
+ | **2 · Pengerjaan** | Analyst (spec-lock), Backend Engineer ∥ Frontend Engineer (atau Developer @ `fast`), QA | kode + unit test + review | Code review lulus |
17
+ | **3 · Testing** | Tester, Fixer | E2E hijau | Fungsional hijau |
18
+ | **4 · Hardening** (per-release) | Security (A/B/C/D), Reliability, Fixer | security & reliability report | Siap produksi |
19
+
20
+ **Lintas fase:** PM (koordinasi), Orchestrator (gerbang fase), DevOps (CI/CD), Document (dokumentasi).
21
+
22
+ **Komunikasi rigid — "No Silent Changes":** setiap perubahan dari user WAJIB ditulis ke dokumen acuan + dicatat (ADR jika perlu) + agen hilir di-notify. Detail: `agent/workflows/_shared/change-management.md`.
23
+
24
+ **Pemisahan spesialis:** Backend Engineer (API/logic/DB) dan Frontend Engineer (UI/UX/integrasi) bekerja paralel, disatukan oleh **API Contract**. Pada `depth=fast` keduanya digabung jadi satu Developer fullstack.
25
+
26
+ ### 0. **Discovery Agent** (`/discovery`) — Fase Perencanaan (paling hulu)
27
+ **Role:** Product Discovery Lead & Business Analyst
28
+
29
+ - ✅ **Mewawancarai human** secara interaktif (tanya-jawab bertahap) untuk menggali kebutuhan
30
+ - ✅ Menggali: masalah & metrik sukses, persona, scope (must/nice/out), non-functional, constraint, data & integrasi, risiko & asumsi
31
+ - ✅ Reflect-back untuk validasi; berhenti saat cukup; sign-off human
32
+ - **Output:** `state/knowledge_base/requirements/requirements.md` · **Acuan untuk:** Initiator
33
+ - ⚠️ Berjalan di **thread utama** (interaktif), bukan subagent. Tidak membuat `project_overview.md`.
34
+
35
+ ---
6
36
 
7
37
  ### 1. **Initiator Agent** (`/initiator`)
8
38
  **Role:** Project Initiator & Product Manager
@@ -347,7 +377,97 @@ for production deployment. Target: 100 concurrent users,
347
377
 
348
378
  ---
349
379
 
350
- ### 8. **Document Agent** (`/document`)
380
+ ### 8. **Security Expert Agent** (`/security`)
381
+ **Role:** Application Security Expert
382
+
383
+ **Capabilities:**
384
+ - ✅ Threat modeling menggunakan metodologi STRIDE
385
+ - ✅ OWASP Top 10 vulnerability scanning
386
+ - ✅ Secrets dan hardcoded credential detection
387
+ - ✅ Dependency vulnerability scan (`npm audit`, dll)
388
+ - ✅ Implementasi security fix (input validation, parameterized queries, header hardening)
389
+ - ✅ Pre-release security audit
390
+
391
+ **4 Mode Kerja:**
392
+ - **Mode A — Threat Model:** Identifikasi attack surface dan threat berdasarkan arsitektur
393
+ - **Mode B — Vulnerability Scan:** OWASP Top 10 check + dependency scan + secrets check
394
+ - **Mode C — Security Fix:** Implementasi patch untuk temuan CRITICAL dan HIGH
395
+ - **Mode D — Pre-release Audit:** Quick scan perubahan sejak release terakhir
396
+
397
+ **When to Use:**
398
+ - Pipeline `/security-audit` untuk full audit manual
399
+ - Otomatis di `/start-feature` saat `depth=deep`
400
+ - Otomatis di `/release` (Mode D, selalu)
401
+
402
+ **Input Example:**
403
+ ```
404
+ /security
405
+
406
+ "Mode B: Lakukan vulnerability scan pada fitur authentication dan payment"
407
+ ```
408
+
409
+ **Output:**
410
+ - `task/[TASK-ID]/security_threat_model.md` (Mode A)
411
+ - `task/[TASK-ID]/security_report.md` (Mode B/C/D)
412
+
413
+ **👤 Human Task:**
414
+ - Review temuan dan tentukan mana yang perlu di-fix vs accepted risk
415
+ - Approve sebelum Security Fix diimplementasi (untuk CRITICAL)
416
+ - Final sign-off setelah semua fix diverifikasi
417
+
418
+ ---
419
+
420
+ ### 9. **Data Architect Agent** (`/data-architect`) — Fase Perencanaan
421
+ **Role:** Data Architect
422
+
423
+ - ✅ Merancang data model, ERD, skema per-entity, indexing
424
+ - ✅ Data governance: PII, retention, encryption at rest, audit
425
+ - ✅ Migration strategy sesuai tooling stack
426
+ - **Output:** `state/knowledge_base/data-model/` · **Acuan untuk:** Backend Engineer
427
+
428
+ ---
429
+
430
+ ### 10. **UX Designer Agent** (`/ux-designer`) — Fase Perencanaan
431
+ **Role:** UX/UI Designer
432
+
433
+ - ✅ Design system: color palette, tipografi, spacing, spec komponen, motion
434
+ - ✅ Memakai skill `ui-ux-pro-max`
435
+ - ✅ Accessibility & responsive guidelines
436
+ - **Output:** `state/knowledge_base/design-system/` · **Acuan untuk:** Frontend Engineer
437
+
438
+ ---
439
+
440
+ ### 11. **Backend Engineer Agent** (`/backend`) — Fase Pengerjaan
441
+ **Role:** Senior Backend Engineer (`depth=standard|deep`)
442
+
443
+ - ✅ Implementasi API, business logic, akses DB **sesuai API Contract**
444
+ - ✅ Honor `data-model/` dan `security-standards.md`
445
+ - ✅ Unit test + propagasi perubahan contract ke Frontend
446
+ - **Output:** `codes/*` (server) · **Paralel dengan:** Frontend Engineer
447
+
448
+ ---
449
+
450
+ ### 12. **Frontend Engineer Agent** (`/frontend`) — Fase Pengerjaan
451
+ **Role:** Senior Frontend Engineer & UI Specialist (`depth=standard|deep`)
452
+
453
+ - ✅ Implementasi UI **sesuai design-system** + integrasi **API Contract**
454
+ - ✅ Memakai skill `ui-ux-pro-max`; handle semua state (loading/empty/error)
455
+ - ✅ Component test + a11y
456
+ - **Output:** `codes/*` (client) · **Paralel dengan:** Backend Engineer
457
+
458
+ ---
459
+
460
+ ### 13. **Reliability Engineer Agent** (`/reliability`) — Fase Hardening
461
+ **Role:** Reliability & Performance Engineer (per-release)
462
+
463
+ - ✅ Performance review (N+1, indexing, caching, payload)
464
+ - ✅ Resilience: error handling, timeout/retry, graceful degradation
465
+ - ✅ Load test + observability audit
466
+ - **Output:** `task/[RELEASE]/reliability_report.md`
467
+
468
+ ---
469
+
470
+ ### 14. **Document Agent** (`/document`)
351
471
  **Role:** Technical Writer
352
472
 
353
473
  **Capabilities:**
@@ -377,13 +497,25 @@ for production deployment. Target: 100 concurrent users,
377
497
 
378
498
  | Agent | Command | Primary Function | Output | Human Review |
379
499
  | --- | --- | --- | --- | --- |
380
- | **Initiator** | `/initiator` | Project kickoff & overview | `project_overview.md` | ⚠️ **CRITICAL** |
381
- | **PM** | `/pm` | Task management & coordination | `task/task_list.md`, `task/PROJECT_STATUS_REPORT.md` | **MEDIUM** |
382
- | **Analyst** | `/analyst` | Technical specifications | `specifications/*.md` | ⚠️ **HIGH** |
383
- | **Developer** | `/developer` | Code implementation | `codes/*`, `logs/development/` | ⚠️ **HIGH** |
384
- | **Tester** | `/tester` | Test automation & QA | `tests/*`, `logs/testing/` | ✅ **MEDIUM** |
385
- | **Fixer** | `/fixer` | Bug fixing & debugging | `codes/*`, `logs/fixing/` | ⚠️ **HIGH** |
386
- | **SysArch** | `/sysarch` | Infrastructure & deployment planning | `architecture/*` | ⚠️ **CRITICAL** |
387
- | **Document** | `/document` | Final documentation | `documentation/*.md` | **LOW** |
500
+ | Agen | Command | Fase | Primary Function | Output |
501
+ | --- | --- | --- | --- | --- |
502
+ | **Discovery** | `/discovery` | Perencanaan | Requirement gathering (wawancara human) | `state/knowledge_base/requirements/` |
503
+ | **Initiator** | `/initiator` | Perencanaan | Project overview (sintesis requirements) | `project_overview.md` |
504
+ | **SysArch** | `/sysarch` | Perencanaan | Infrastructure & deployment planning | `state/knowledge_base/architecture/` |
505
+ | **Data Architect** | `/data-architect` | Perencanaan | Data model & governance | `state/knowledge_base/data-model/` |
506
+ | **UX Designer** | `/ux-designer` | Perencanaan | Design system & UI guidelines | `state/knowledge_base/design-system/` |
507
+ | **Security** | `/security` | Perencanaan + Hardening | Standards, threat model, OWASP, fix | `state/knowledge_base/security/`, `task/[ID]/security_report.md` |
508
+ | **Analyst** | `/analyst` | Perencanaan | User story, **API Contract**, spec-lock | `specifications/*.md` |
509
+ | **PM** | `/pm` | Lintas fase | Task management & coordination | `task/task_list.md` |
510
+ | **Backend Engineer** | `/backend` | Pengerjaan | Server API, logic, DB (std/deep) | `codes/*` |
511
+ | **Frontend Engineer** | `/frontend` | Pengerjaan | UI/UX & API integration (std/deep) | `codes/*` |
512
+ | **Developer** | `/developer` | Pengerjaan | Fullstack tunggal (`depth=fast`) | `codes/*` |
513
+ | **QA** | `/qa` | Pengerjaan | Static review & unit test | `task/[ID]/qa_report.md` |
514
+ | **Tester** | `/tester` | Testing | E2E test automation | `tests/*` |
515
+ | **Fixer** | `/fixer` | Testing + Hardening | Bug fixing & debugging | `codes/*` |
516
+ | **Reliability** | `/reliability` | Hardening | Performance, resilience, load | `task/[RELEASE]/reliability_report.md` |
517
+ | **DevOps** | `/devops` | Lintas fase | Docker, CI/CD, deployment | `Dockerfile`, `.github/workflows/` |
518
+ | **Document** | `/document` | Lintas fase | Final documentation | `documentation/*.md` |
519
+ | **Orchestrator** | `/plan-project`, `/build-feature`, dll | Lintas fase | Pipeline & phase gates | `state/pipeline_log.md` |
388
520
 
389
521
  ---
@@ -0,0 +1,121 @@
1
+ # 🚀 Quick Start — VasVibe Workflow
2
+
3
+ Panduan singkat memulai proyek dengan workflow agen VasVibe setelah scaffold selesai.
4
+
5
+ > **Sudah install?** Kamu menjalankan `npx create-vasvibe my-app`. Folder `my-app/` sudah berisi semua agen & command. Buka folder itu di **Claude Code** atau **OpenCode**, lalu ikuti langkah di bawah.
6
+
7
+ ---
8
+
9
+ ## 1. Mental Model (1 menit)
10
+
11
+ Proyek dikerjakan dalam **4 fase**, masing-masing diakhiri **gerbang (gate)** — kamu (human) menyetujui sebelum lanjut:
12
+
13
+ ```
14
+ 🟦 Perencanaan → 🟩 Pengerjaan → 🟨 Testing → 🟧 Hardening
15
+ (blueprint) (coding) (E2E) (security+reliability)
16
+ ↑ gate ↑ gate ↑ gate ↑ gate
17
+ ```
18
+
19
+ 3 hal yang perlu kamu tahu:
20
+ - **Work Depth** — atur kedalaman kerja: `fast` (prototype), `standard` (default), `deep` (kritikal). Diset di `project_overview.md`.
21
+ - **Gate** — agen BERHENTI minta approval di tiap akhir fase. Tidak ada yang jalan diam-diam.
22
+ - **No Silent Changes** — setiap perubahan yang kamu minta otomatis ditulis ke dokumen acuan + agen terkait di-notify.
23
+
24
+ ---
25
+
26
+ ## 2. Alur Pertama Kali (langkah demi langkah)
27
+
28
+ ### Langkah 0 — Tentukan Work Depth
29
+ Buka `project_overview.md`, bagian `## 7. Project Settings`:
30
+ ```
31
+ WORK_DEPTH: standard # fast | standard | deep
32
+ ```
33
+ Mau cepat dulu? Pakai `fast`. Mau matang? `deep`. Bisa diubah kapan saja, atau di-override per pipeline dengan `depth=`.
34
+
35
+ ### Langkah 1 — 🟦 Perencanaan
36
+ ```
37
+ /plan-project "aplikasi booking kapal wisata Labuan Bajo, Next.js, ada payment"
38
+ ```
39
+ **Dimulai dengan Discovery** — agen akan **mewawancaraimu** dulu (tanya-jawab tentang tujuan, pengguna, scope, constraint) supaya rencananya matang. Jawab pertanyaannya; hasilnya `requirements.md`.
40
+ Setelah kamu sign-off, barulah Initiator menyusun `project_overview.md`, lalu arsitektur, data model, design system, security standards, dan **spesifikasi + API Contract**.
41
+ 👉 **Review & setujui di tiap gate.** API Contract harus final sebelum lanjut.
42
+
43
+ ### Langkah 2 — 🟩 Pengerjaan
44
+ ```
45
+ /build-feature "Login dengan email & password"
46
+ ```
47
+ - `depth=standard|deep` → **Backend** & **Frontend** engineer kerja paralel
48
+ - `depth=fast` → satu **Fullstack**
49
+ Lalu **QA** review kode.
50
+ 👉 **Review kode di gate.**
51
+
52
+ ### Langkah 3 — 🟨 Testing
53
+ ```
54
+ /test-feature "Login dengan email & password"
55
+ ```
56
+ **Tester** jalankan E2E; kalau gagal **Fixer** perbaiki sampai hijau.
57
+ 👉 **Approve saat semua test hijau.**
58
+
59
+ > 💡 Gabung langkah 2+3 sekaligus: `/deliver-feature "Login..."`
60
+
61
+ ### Langkah 4 — 🟧 Hardening + Rilis (per-release)
62
+ Setelah beberapa fitur selesai:
63
+ ```
64
+ /release "2.0.0"
65
+ ```
66
+ Menjalankan hardening (security audit + reliability/load test), update CHANGELOG, dan bikin git tag.
67
+ 👉 **Sign-off siap produksi.**
68
+
69
+ ---
70
+
71
+ ## 3. Daftar Command
72
+
73
+ | Command | Fase | Fungsi |
74
+ |---------|------|--------|
75
+ | `/plan-project "[ide]"` | 🟦 Perencanaan | Buat semua blueprint/acuan |
76
+ | `/build-feature "[fitur]" [depth=]` | 🟩 Pengerjaan | Implementasi satu fitur |
77
+ | `/test-feature "[fitur]"` | 🟨 Testing | E2E test fungsional |
78
+ | `/harden-release "[versi]"` | 🟧 Hardening | Security + reliability audit |
79
+ | `/deliver-feature "[fitur]"` | 🟩→🟨 | Build + test sekaligus |
80
+ | `/release "[versi]"` | — | Hardening → changelog → tag |
81
+ | `/start-fix "[bug]"` | — | Perbaikan bug terarah |
82
+ | `/security-audit "[scope]"` | — | Audit keamanan ad-hoc |
83
+ | `/daily-standup` | — | Ringkasan progres per fase |
84
+
85
+ > Bisa juga panggil agen langsung tanpa command, mis. *"pakai agent ux-designer untuk rancang design system"*.
86
+
87
+ ---
88
+
89
+ ## 4. Work Depth — Kapan Pakai Apa
90
+
91
+ | Level | Untuk | Yang dikerjakan |
92
+ |-------|-------|-----------------|
93
+ | **fast** | Prototype, MVP, eksplorasi | Inti fitur saja, 1 Fullstack, skip test/hardening opsional |
94
+ | **standard** | Produksi normal *(default)* | Backend+Frontend terpisah, full spec, unit test, review |
95
+ | **deep** | Fintech, auth, data sensitif | + security standards, full coverage, hardening penuh |
96
+
97
+ ---
98
+
99
+ ## 5. Di Mana Semuanya?
100
+
101
+ ```
102
+ project_overview.md → setting proyek + WORK_DEPTH
103
+ specifications/ → user story + API Contract (Analyst)
104
+ state/knowledge_base/ → acuan: architecture, data-model, design-system, security, decisions (ADR)
105
+ codes/ → source code (Backend/Frontend/Fullstack)
106
+ tests/ → E2E test (Tester)
107
+ task/ → task list + log per task
108
+ agent/workflows/ → definisi agen (source of truth)
109
+ agent/workflows/_shared/ → phases.md, work-depth.md, change-management.md
110
+ ```
111
+
112
+ ---
113
+
114
+ ## 6. Tips
115
+
116
+ - **Selalu mulai dari `/plan-project`.** Coding tanpa blueprint = utang.
117
+ - **Hormati gate.** Approval-mu di tiap fase yang menjaga kualitas.
118
+ - **Minta perubahan kapan saja** — agen wajib mencatatnya ke acuan (No Silent Changes), jadi spec & dokumen tidak akan basi.
119
+ - **Mulai `fast`, naik ke `standard`/`deep`** saat fitur makin serius.
120
+
121
+ Selamat membangun. 🛠️
@@ -0,0 +1,70 @@
1
+ # Change Management — "No Silent Changes" (Shared)
2
+
3
+ Aturan komunikasi rigid yang WAJIB diikuti **setiap agen**. Tujuannya: tidak ada perubahan yang hilang jejak. Setiap perubahan yang diminta user — sekecil apapun — harus terdokumentasi di acuan yang benar dan agen hilir harus tahu.
4
+
5
+ ---
6
+
7
+ ## Prinsip Inti
8
+
9
+ > **Jika kamu menerima perubahan, kamu tidak boleh hanya mengerjakannya — kamu wajib menuliskannya.**
10
+
11
+ Kode yang berubah tanpa acuannya ikut berubah = **utang yang dilarang**.
12
+
13
+ ---
14
+
15
+ ## Protokol Wajib (4 Langkah)
16
+
17
+ Saat user (atau agen lain) meminta perubahan, SEBELUM menganggap selesai:
18
+
19
+ 1. **IDENTIFY** — Tentukan dokumen acuan mana yang terdampak:
20
+ - Perubahan kebutuhan/scope → `specifications/[file].md`
21
+ - Perubahan data model → `state/knowledge_base/data-model/`
22
+ - Perubahan arsitektur → `state/knowledge_base/architecture/`
23
+ - Perubahan UI/desain → `state/knowledge_base/design-system/`
24
+ - Perubahan security → `state/knowledge_base/security/`
25
+ - Perubahan **API Contract** → spec terkait **DAN** notify Backend + Frontend Engineer
26
+
27
+ 2. **UPDATE** — Edit dokumen acuan tersebut + tambahkan baris di **Revision History**-nya:
28
+ ```
29
+ | [YYYY-MM-DD HH:MM] | [agen] | [ringkasan perubahan] | requested by user |
30
+ ```
31
+
32
+ 3. **RECORD ADR** — Jika perubahan berdampak pada keputusan desain/arsitektur, buat **Architecture Decision Record**:
33
+ - Path: `state/knowledge_base/decisions/ADR-[NNN]-[judul-singkat].md`
34
+ - Gunakan template `schemas/adr.template.md`
35
+
36
+ 4. **NOTIFY** — Tulis `state/agent_handoff.json` agar agen hilir tahu ada perubahan acuan:
37
+ ```json
38
+ {
39
+ "from_agent": "[agen]",
40
+ "to_agent": "[agen terdampak / 'all']",
41
+ "task_id": "[TASK-ID]",
42
+ "timestamp": "[YYYY-MM-DD HH:MM]",
43
+ "status": "spec_changed",
44
+ "notes": "API Contract POST /bookings berubah: tambah field 'voucher_code'",
45
+ "artifacts": ["specifications/004_booking.md", "state/knowledge_base/decisions/ADR-007-voucher.md"]
46
+ }
47
+ ```
48
+
49
+ ---
50
+
51
+ ## Kapan Wajib ADR?
52
+
53
+ Buat ADR untuk keputusan yang **sulit/mahal diubah** nanti:
54
+ - Ganti library/framework inti
55
+ - Perubahan skema database
56
+ - Perubahan kontrak API yang breaking
57
+ - Perubahan strategi auth/security
58
+ - Trade-off arsitektur signifikan
59
+
60
+ Perubahan kecil (copy text, warna minor) cukup Revision History di doc terkait — tidak perlu ADR.
61
+
62
+ ---
63
+
64
+ ## Anti-Pattern (DILARANG)
65
+
66
+ - ❌ "User minta ubah validasi, langsung ubah kode saja." → Spec tidak ter-update, Tester tes hal yang salah.
67
+ - ❌ "Aku ubah response API, nanti Frontend nyusul." → FE tidak di-notify, integrasi pecah.
68
+ - ❌ "Perubahan kecil, tidak perlu dicatat." → Akumulasi drift, knowledge base jadi bohong.
69
+
70
+ > 📎 Lihat fase & kepemilikan dokumen di `agent/workflows/_shared/phases.md`.
@@ -0,0 +1,86 @@
1
+ # Phases (Shared)
2
+
3
+ Project VasVibe dikerjakan dalam **4 fase** dengan gerbang (gate) human di tiap transisi. Setiap agen WAJIB tahu fase mana yang sedang berjalan dan tidak boleh melompati gerbang tanpa approval.
4
+
5
+ ---
6
+
7
+ ## Fase 1 — Perencanaan (Planning)
8
+
9
+ **Tujuan:** Menghasilkan **blueprint** (dokumen acuan) yang dipakai semua fase berikutnya.
10
+
11
+ | Agen | Output (acuan) |
12
+ |------|----------------|
13
+ | **Discovery** (paling hulu, INTERAKTIF) | `state/knowledge_base/requirements/requirements.md` |
14
+ | Initiator | `project_overview.md` (sintesis dari requirements) |
15
+ | SysArch | `state/knowledge_base/architecture/` |
16
+ | Data Architect | `state/knowledge_base/data-model/` |
17
+ | UX Designer | `state/knowledge_base/design-system/` |
18
+ | Security (Mode Standards) | `state/knowledge_base/security/security-standards.md` |
19
+ | Analyst | `specifications/` (user story + **API Contract**) |
20
+
21
+ **Discovery dulu:** Sebelum dokumen apapun, Discovery mewawancarai human (tanya-jawab) untuk menggali kebutuhan. Karena interaktif, **Discovery berjalan di thread utama**, bukan sebagai subagent. Outputnya (`requirements.md`) di-sign-off human, lalu jadi input Initiator.
22
+
23
+ **Gate:** Human menyetujui blueprint. **API Contract wajib final** — ini seam antara Backend & Frontend.
24
+
25
+ ---
26
+
27
+ ## Fase 2 — Pengerjaan (Implementation)
28
+
29
+ **Tujuan:** Mengubah blueprint menjadi kode yang sudah di-review.
30
+
31
+ | Agen | Peran |
32
+ |------|-------|
33
+ | Analyst (spec-lock) | Refine AC detail just-in-time sebelum coding |
34
+ | Backend Engineer | API, business logic, akses DB — honor API Contract |
35
+ | Frontend Engineer | UI/UX, frontend — honor API Contract, ikuti design-system |
36
+ | Fullstack (fast only) | Fullstack tunggal — **hanya saat `depth=fast`** sebagai pengganti FE+BE |
37
+ | QA | Static review + unit test sebelum lanjut |
38
+
39
+ **Boundary:** API Contract menyatukan BE & FE — keduanya kerja paralel terhadap kontrak yang sama.
40
+ **Gate:** Code review lulus.
41
+
42
+ ---
43
+
44
+ ## Fase 3 — Testing
45
+
46
+ **Tujuan:** Verifikasi fungsional terhadap spesifikasi.
47
+
48
+ | Agen | Peran |
49
+ |------|-------|
50
+ | Tester | E2E test berdasarkan `specifications/` |
51
+ | Fixer | Perbaiki bug temuan (loop dengan Tester sampai hijau) |
52
+
53
+ **Gate:** Semua test fungsional hijau.
54
+
55
+ ---
56
+
57
+ ## Fase 4 — Hardening
58
+
59
+ **Tujuan:** Memastikan ketangguhan & keamanan sebelum produksi. **Dijalankan per-release**, bukan per-fitur.
60
+
61
+ | Agen | Peran |
62
+ |------|-------|
63
+ | Security | Pen-test, OWASP audit, security fix (Mode B/C/D) |
64
+ | Reliability Engineer | Performance, resilience, error handling, load test |
65
+ | Fixer | Remediasi temuan |
66
+
67
+ **Gate:** Sign-off siap produksi.
68
+
69
+ ---
70
+
71
+ ## Cross-Phase (Lintas Fase)
72
+
73
+ | Agen | Peran |
74
+ |------|-------|
75
+ | PM | Koordinasi task & status di semua fase |
76
+ | Orchestrator | Menjalankan pipeline & menjaga gerbang fase |
77
+ | DevOps | CI/CD, containerization (Implementation & Hardening) |
78
+ | Document | Dokumentasi (akhir siklus) |
79
+
80
+ ---
81
+
82
+ ## Aturan Fase
83
+
84
+ - **Tidak boleh lompat gerbang** tanpa human approval.
85
+ - Setiap output fase adalah **acuan** untuk fase berikutnya — perubahan harus mengikuti `_shared/change-management.md`.
86
+ - Fase boleh iteratif: jika Testing menemukan cacat desain, kembali ke Perencanaan via change-management, bukan tambal diam-diam.
@@ -16,7 +16,7 @@ Baca file ini di **awal setiap session**. Update di **akhir session** jika ada p
16
16
  {
17
17
  "project_name": "string — nama project dari project_overview.md",
18
18
  "last_updated": "YYYY-MM-DD HH:MM — timestamp update terakhir",
19
- "last_agent": "string — nama agent yang terakhir aktif (developer/tester/fixer/dll)",
19
+ "last_agent": "string — nama agent yang terakhir aktif (fullstack/tester/fixer/dll)",
20
20
  "current_sprint": "string atau null — nama sprint aktif jika ada",
21
21
  "active_tasks": ["TASK-XXX", "TASK-YYY"],
22
22
  "blocked_tasks": ["TASK-ZZZ"],
@@ -30,7 +30,7 @@ Baca file ini di **awal setiap session**. Update di **akhir session** jika ada p
30
30
  {
31
31
  "project_name": "booking-kapal-wisata",
32
32
  "last_updated": "2025-06-18 14:30",
33
- "last_agent": "developer",
33
+ "last_agent": "fullstack",
34
34
  "current_sprint": "Sprint 1 - Auth & Environment",
35
35
  "active_tasks": ["TASK-001"],
36
36
  "blocked_tasks": [],
@@ -64,7 +64,7 @@ Tulis file ini ketika kamu **menyerahkan pekerjaan ke agent lain** (bukan sekeda
64
64
 
65
65
  ```json
66
66
  {
67
- "from_agent": "developer",
67
+ "from_agent": "fullstack",
68
68
  "to_agent": "qa",
69
69
  "task_id": "TASK-001",
70
70
  "timestamp": "2025-06-18 14:30",
@@ -1,5 +1,7 @@
1
1
  **ACT AS:** Lead System Analyst.
2
- **CONTEXT:** Mendefinisikan spesifikasi teknis fitur dan infrastruktur proyek. Untuk kebutuhan server sizing dan deployment architecture, koordinasikan dengan SysArch Agent.
2
+ **CONTEXT:** Fase Perencanaan (rumah utama). Mendefinisikan spesifikasi fitur — user story, **API Contract**, dan Acceptance Criteria — yang jadi acuan semua fase berikutnya. API Contract yang kamu tetapkan adalah **seam** antara Backend & Frontend Engineer, jadi harus final sebelum Pengerjaan. Untuk server sizing koordinasi dengan SysArch; untuk skema data acu `state/knowledge_base/data-model/`; untuk UI acu `state/knowledge_base/design-system/`.
3
+
4
+ **SPEC-LOCK (touchpoint di Fase Pengerjaan):** Tepat sebelum sebuah fitur masuk coding, kamu dipanggil sekali lagi untuk *mematangkan detail AC* sesuai realita terkini (tanpa menulis ulang seluruh spec). Ini menjaga spec tetap akurat tanpa big-design-up-front.
3
5
 
4
6
  **INSTRUCTION STEPS:**
5
7
  1. **Read Context:** Baca `project_overview.md`.
@@ -56,6 +58,10 @@
56
58
 
57
59
  **INPUT SAYA:**
58
60
  "[INPUT USER DISINI]"
61
+
62
+ ## Change Management
63
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/change-management.md` — kamu pemilik utama `specifications/`. Setiap perubahan kebutuhan dari user WAJIB kamu tuangkan ke spec + Revision History, dan jika menyangkut API Contract, notify Backend + Frontend Engineer.
64
+
59
65
  ## Work Depth
60
66
  > 📎 Baca level aktif di `project_overview.md` → `WORK_DEPTH`. Detail: `agent/workflows/_shared/work-depth.md`
61
67
 
@@ -0,0 +1,61 @@
1
+ **ACT AS:** Senior Backend Engineer.
2
+ **CONTEXT:** Fase Pengerjaan (Implementation). Mengimplementasi sisi server: API, business logic, dan akses database. Bekerja **paralel** dengan Frontend Engineer, disatukan oleh **API Contract** di spesifikasi. Berbeda dari Frontend Engineer — kamu TIDAK menyentuh UI/komponen visual.
3
+
4
+ **ACUAN WAJIB (baca sebelum coding):**
5
+ - `specifications/[file].md` — terutama **API Contract** dan Acceptance Criteria
6
+ - `state/knowledge_base/data-model/` — skema database (dari Data Architect)
7
+ - `state/knowledge_base/architecture/` — arsitektur sistem (dari SysArch)
8
+ - `state/knowledge_base/security/security-standards.md` — standar keamanan wajib
9
+
10
+ **INSTRUCTION STEPS:**
11
+ 1. **Load Context:**
12
+ - Baca `task/task_list.md`, temukan task & file detailnya.
13
+ - Baca spec target — pahami **API Contract** sebagai kontrak yang TIDAK boleh dilanggar.
14
+ - Pastikan spec sudah `approved` oleh human Analyst. Jika belum, BERHENTI dan minta klarifikasi.
15
+
16
+ 2. **Update Task Status - START:**
17
+ - Di `task/task_list.md` tambah log: `- Backend Dev: [YYYY-MM-DD HH:MM] (Backend Engineer)`. Update Current Status.
18
+ - Di file detail task, APPEND: `| [YYYY-MM-DD HH:MM] | backend | development started | - |`
19
+
20
+ 2b. **Repo Management:**
21
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/git-branch-management.md`.
22
+
23
+ 3. **Directory Check:** Pastikan folder `codes/` ada.
24
+
25
+ 4. **Action (Backend Coding):**
26
+ - Implementasi endpoint **persis** sesuai API Contract (method, path, request/response shape, status codes).
27
+ - Akses database mengikuti `state/knowledge_base/data-model/` — jangan bikin skema sendiri; jika butuh perubahan skema, koordinasi dengan Data Architect via change-management.
28
+ - Terapkan `security-standards.md`: input validation server-side, parameterized queries, authz di setiap endpoint, secrets via env var (`.env.example`).
29
+ - Business logic, error handling, dan logging yang jelas.
30
+ - Buat unit test untuk logic & endpoint (jest/vitest/pytest sesuai stack).
31
+
32
+ 5. **API Contract Drift (CRITICAL):**
33
+ - Jika saat implementasi kamu HARUS mengubah API Contract, JANGAN ubah diam-diam.
34
+ - Ikuti `agent/workflows/_shared/change-management.md`: update spec + Revision History, buat ADR jika breaking, dan **notify Frontend Engineer** via `state/agent_handoff.json`.
35
+
36
+ 6. **Dev Log:**
37
+ - Tulis `task/[TASK-ID]_[nama-task]/dev_log.md` (gunakan `schemas/dev_log.template.md`). Tandai bagian Backend.
38
+ - Jika sudah ada, APPEND ke Revision History.
39
+
40
+ 7. **Update Task Status - COMPLETE:**
41
+ - `task/task_list.md`: `- Backend Ready: [YYYY-MM-DD HH:MM] (Backend Engineer)`.
42
+ - File detail: `| [YYYY-MM-DD HH:MM] | backend | ready for QA/integration | [catatan] |`
43
+ - Jika Frontend juga sudah selesai, beri tahu Orchestrator task siap QA.
44
+
45
+ **INPUT SAYA:**
46
+ "Implementasikan sisi backend dari spesifikasi: [NAMA FILE SPEC]"
47
+
48
+ ## Work Depth
49
+ > 📎 Baca level aktif di `project_overview.md` → `WORK_DEPTH`. Detail: `agent/workflows/_shared/work-depth.md`
50
+
51
+ | Level | Behavior |
52
+ |-------|----------|
53
+ | **fast** | Tidak dipakai — `depth=fast` memakai Developer fullstack, bukan BE/FE terpisah |
54
+ | **standard** | Endpoint sesuai contract + unit test + validasi dasar |
55
+ | **deep** | + Full test coverage, strict validation, rate limiting, audit logging, error taxonomy |
56
+
57
+ ## Change Management
58
+ > 📎 **BACA DAN IKUTI** `agent/workflows/_shared/change-management.md` — perubahan API Contract WAJIB di-propagate ke spec & notify Frontend.
59
+
60
+ ## State Management
61
+ > 📎 **BACA DAN IKUTI** panduan di `agent/workflows/_shared/state-management.md`