create-vasvibe 2.3.1 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (273) hide show
  1. package/README.md +170 -167
  2. package/bin/cli.mjs +9 -9
  3. package/package.json +44 -44
  4. package/src/git.mjs +47 -47
  5. package/src/index.mjs +228 -228
  6. package/src/prompts.mjs +113 -113
  7. package/src/scaffold.mjs +74 -74
  8. package/src/upgrade.mjs +121 -121
  9. package/src/utils.mjs +91 -91
  10. package/template/.agents/agents/analyst/agent.json +43 -43
  11. package/template/.agents/agents/backend/agent.json +44 -44
  12. package/template/.agents/agents/data-architect/agent.json +43 -43
  13. package/template/.agents/agents/devops/agent.json +44 -44
  14. package/template/.agents/agents/discovery/agent.json +43 -43
  15. package/template/.agents/agents/document/agent.json +43 -43
  16. package/template/.agents/agents/fixer/agent.json +44 -44
  17. package/template/.agents/agents/frontend/agent.json +44 -44
  18. package/template/.agents/agents/fullstack/agent.json +44 -44
  19. package/template/.agents/agents/initiator/agent.json +41 -41
  20. package/template/.agents/agents/manual-tester/agent.json +44 -0
  21. package/template/.agents/agents/orchestrator/agent.json +44 -44
  22. package/template/.agents/agents/pm/agent.json +42 -42
  23. package/template/.agents/agents/qa/agent.json +44 -44
  24. package/template/.agents/agents/reliability/agent.json +44 -44
  25. package/template/.agents/agents/security/agent.json +44 -44
  26. package/template/.agents/agents/sysarch/agent.json +44 -44
  27. package/template/.agents/agents/tester/agent.json +44 -44
  28. package/template/.agents/agents/toolsmith/agent.json +44 -44
  29. package/template/.agents/agents/ux-designer/agent.json +43 -43
  30. package/template/.agents/skills/find-skills/SKILL.md +142 -142
  31. package/template/.agents/skills/fullstack/SKILL.md +89 -89
  32. package/template/.agents/skills/penetration-testing/SKILL.md +94 -94
  33. package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
  34. package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
  35. package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -30
  36. package/template/.agents/skills/pm/SKILL.md +170 -170
  37. package/template/.agents/skills/ui-ux-pro-max/SKILL.md +658 -658
  38. package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
  39. package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
  40. package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1775 -1775
  41. package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
  42. package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +105 -105
  43. package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -162
  44. package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
  45. package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
  46. package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
  47. package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
  48. package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
  49. package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
  50. package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
  51. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
  52. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
  53. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
  54. package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
  55. package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
  56. package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
  57. package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
  58. package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
  59. package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
  60. package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -74
  61. package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -262
  62. package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
  63. package/template/.agents/workflows/build-feature.md +21 -21
  64. package/template/.agents/workflows/daily-standup.md +16 -16
  65. package/template/.agents/workflows/deliver-feature.md +16 -16
  66. package/template/.agents/workflows/harden-release.md +21 -21
  67. package/template/.agents/workflows/plan-project.md +25 -25
  68. package/template/.agents/workflows/release.md +18 -18
  69. package/template/.agents/workflows/security-audit.md +19 -19
  70. package/template/.agents/workflows/setup-workspace.md +21 -21
  71. package/template/.agents/workflows/start-fix.md +17 -17
  72. package/template/.agents/workflows/test-feature.md +17 -17
  73. package/template/.claude/agents/analyst.md +75 -75
  74. package/template/.claude/agents/backend.md +61 -61
  75. package/template/.claude/agents/data-architect.md +43 -43
  76. package/template/.claude/agents/devops.md +44 -43
  77. package/template/.claude/agents/discovery.md +51 -51
  78. package/template/.claude/agents/document.md +51 -51
  79. package/template/.claude/agents/fixer.md +83 -82
  80. package/template/.claude/agents/frontend.md +58 -58
  81. package/template/.claude/agents/fullstack.md +84 -83
  82. package/template/.claude/agents/initiator.md +74 -74
  83. package/template/.claude/agents/manual-tester.md +108 -0
  84. package/template/.claude/agents/orchestrator.md +114 -113
  85. package/template/.claude/agents/pm.md +199 -199
  86. package/template/.claude/agents/qa.md +66 -65
  87. package/template/.claude/agents/reliability.md +48 -47
  88. package/template/.claude/agents/security.md +107 -106
  89. package/template/.claude/agents/sysarch.md +301 -301
  90. package/template/.claude/agents/tester.md +100 -100
  91. package/template/.claude/agents/toolsmith.md +77 -76
  92. package/template/.claude/agents/ux-designer.md +45 -45
  93. package/template/.claude/commands/build-feature.md +22 -22
  94. package/template/.claude/commands/daily-standup.md +16 -16
  95. package/template/.claude/commands/deliver-feature.md +17 -17
  96. package/template/.claude/commands/harden-release.md +22 -22
  97. package/template/.claude/commands/manual-test.md +19 -0
  98. package/template/.claude/commands/plan-project.md +26 -26
  99. package/template/.claude/commands/release.md +19 -19
  100. package/template/.claude/commands/security-audit.md +20 -20
  101. package/template/.claude/commands/setup-workspace.md +22 -22
  102. package/template/.claude/commands/start-fix.md +18 -18
  103. package/template/.claude/commands/test-feature.md +18 -18
  104. package/template/.claude/skills/find-skills +1 -0
  105. package/template/.claude/skills/penetration-testing/SKILL.md +94 -94
  106. package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
  107. package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
  108. package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -30
  109. package/template/.claude/skills/ui-ux-pro-max/SKILL.md +658 -658
  110. package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
  111. package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
  112. package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1775 -1775
  113. package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
  114. package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +105 -105
  115. package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -162
  116. package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
  117. package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
  118. package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
  119. package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
  120. package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
  121. package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
  122. package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
  123. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
  124. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
  125. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
  126. package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
  127. package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
  128. package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
  129. package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
  130. package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
  131. package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
  132. package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -74
  133. package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -262
  134. package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
  135. package/template/.github/prompts/analyst.prompt.md +57 -57
  136. package/template/.github/prompts/backend.prompt.md +44 -44
  137. package/template/.github/prompts/data-architect.prompt.md +38 -38
  138. package/template/.github/prompts/devops.prompt.md +32 -32
  139. package/template/.github/prompts/discovery.prompt.md +39 -39
  140. package/template/.github/prompts/document.prompt.md +14 -14
  141. package/template/.github/prompts/fixer.prompt.md +90 -89
  142. package/template/.github/prompts/frontend.prompt.md +43 -43
  143. package/template/.github/prompts/fullstack.prompt.md +91 -91
  144. package/template/.github/prompts/initiator.prompt.md +55 -55
  145. package/template/.github/prompts/manual-tester.prompt.md +103 -0
  146. package/template/.github/prompts/orchestrator.prompt.md +75 -75
  147. package/template/.github/prompts/pm.prompt.md +186 -186
  148. package/template/.github/prompts/qa.prompt.md +57 -57
  149. package/template/.github/prompts/reliability.prompt.md +44 -44
  150. package/template/.github/prompts/security.prompt.md +41 -41
  151. package/template/.github/prompts/sysarch.prompt.md +351 -351
  152. package/template/.github/prompts/tester.prompt.md +107 -107
  153. package/template/.github/prompts/toolsmith.prompt.md +46 -46
  154. package/template/.github/prompts/ux-designer.prompt.md +41 -41
  155. package/template/.opencode/agents/analyst.md +75 -75
  156. package/template/.opencode/agents/backend.md +61 -61
  157. package/template/.opencode/agents/data-architect.md +43 -43
  158. package/template/.opencode/agents/devops.md +44 -41
  159. package/template/.opencode/agents/discovery.md +51 -51
  160. package/template/.opencode/agents/document.md +51 -51
  161. package/template/.opencode/agents/fixer.md +83 -82
  162. package/template/.opencode/agents/frontend.md +58 -58
  163. package/template/.opencode/agents/fullstack.md +84 -83
  164. package/template/.opencode/agents/initiator.md +74 -74
  165. package/template/.opencode/agents/manual-tester.md +107 -0
  166. package/template/.opencode/agents/orchestrator.md +116 -119
  167. package/template/.opencode/agents/pm.md +199 -199
  168. package/template/.opencode/agents/qa.md +66 -65
  169. package/template/.opencode/agents/reliability.md +48 -46
  170. package/template/.opencode/agents/security.md +107 -105
  171. package/template/.opencode/agents/sysarch.md +301 -301
  172. package/template/.opencode/agents/tester.md +100 -100
  173. package/template/.opencode/agents/toolsmith.md +77 -77
  174. package/template/.opencode/agents/ux-designer.md +45 -45
  175. package/template/.opencode/commands/build-feature.md +21 -21
  176. package/template/.opencode/commands/daily-standup.md +16 -16
  177. package/template/.opencode/commands/deliver-feature.md +16 -16
  178. package/template/.opencode/commands/harden-release.md +21 -21
  179. package/template/.opencode/commands/manual-test.md +18 -0
  180. package/template/.opencode/commands/plan-project.md +25 -25
  181. package/template/.opencode/commands/release.md +18 -18
  182. package/template/.opencode/commands/security-audit.md +19 -19
  183. package/template/.opencode/commands/setup-workspace.md +21 -21
  184. package/template/.opencode/commands/start-fix.md +17 -17
  185. package/template/.opencode/commands/test-feature.md +17 -17
  186. package/template/.opencode/skills/penetration-testing/SKILL.md +94 -94
  187. package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
  188. package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
  189. package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -30
  190. package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +658 -658
  191. package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
  192. package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
  193. package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1775 -1775
  194. package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
  195. package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +105 -105
  196. package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -162
  197. package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
  198. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
  199. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
  200. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
  201. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
  202. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
  203. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
  204. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
  205. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
  206. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
  207. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
  208. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
  209. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
  210. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
  211. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
  212. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
  213. package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -74
  214. package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -262
  215. package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
  216. package/template/AGENT_PERSONAS.md +595 -551
  217. package/template/GIT_STRUCTURE_GUIDE.md +270 -270
  218. package/template/PROJECT_README.example.md +81 -81
  219. package/template/QUICK-START.md +134 -131
  220. package/template/README.md +1942 -1919
  221. package/template/_gitignore +141 -141
  222. package/template/agent/workflows/_shared/change-management.md +70 -70
  223. package/template/agent/workflows/_shared/git-branch-management.md +25 -25
  224. package/template/agent/workflows/_shared/phases.md +88 -88
  225. package/template/agent/workflows/_shared/state-management.md +87 -87
  226. package/template/agent/workflows/_shared/work-depth.md +46 -46
  227. package/template/agent/workflows/analyst.md +75 -75
  228. package/template/agent/workflows/backend.md +61 -61
  229. package/template/agent/workflows/data-architect.md +43 -43
  230. package/template/agent/workflows/devops.md +44 -44
  231. package/template/agent/workflows/discovery.md +51 -51
  232. package/template/agent/workflows/document.md +51 -51
  233. package/template/agent/workflows/fixer.md +83 -82
  234. package/template/agent/workflows/frontend.md +58 -58
  235. package/template/agent/workflows/fullstack.md +84 -84
  236. package/template/agent/workflows/initiator.md +74 -74
  237. package/template/agent/workflows/manual-tester.md +103 -0
  238. package/template/agent/workflows/orchestrator.md +114 -114
  239. package/template/agent/workflows/pm.md +199 -199
  240. package/template/agent/workflows/qa.md +66 -66
  241. package/template/agent/workflows/reliability.md +48 -48
  242. package/template/agent/workflows/security.md +107 -107
  243. package/template/agent/workflows/sysarch.md +301 -301
  244. package/template/agent/workflows/tester.md +100 -100
  245. package/template/agent/workflows/toolsmith.md +77 -77
  246. package/template/agent/workflows/ux-designer.md +45 -45
  247. package/template/codes/.gitkeep +1 -1
  248. package/template/project_overview_example.md +54 -54
  249. package/template/schemas/adr.template.md +36 -36
  250. package/template/schemas/changelog.template.md +34 -34
  251. package/template/schemas/data-model.template.md +57 -57
  252. package/template/schemas/design-system.template.md +63 -63
  253. package/template/schemas/dev_log.template.md +20 -20
  254. package/template/schemas/product-ci.template.yml +50 -50
  255. package/template/schemas/requirements.template.md +64 -64
  256. package/template/schemas/security-standards.template.md +58 -58
  257. package/template/schemas/security_report.template.md +89 -89
  258. package/template/schemas/specification.template.md +57 -57
  259. package/template/schemas/style_guide.template.md +29 -29
  260. package/template/schemas/task_list.template.md +28 -28
  261. package/template/schemas/workspace-manifest.template.json +24 -24
  262. package/template/schemas/workspace-registry.json +94 -94
  263. package/template/skills-lock.json +11 -11
  264. package/template/specifications/.gitkeep +1 -1
  265. package/template/state/knowledge_base/.gitkeep +1 -1
  266. package/template/state/knowledge_base/requirements/.gitkeep +1 -1
  267. package/template/tests/.gitkeep +1 -1
  268. package/template/.agents/workflows/explorer.md +0 -78
  269. package/template/.agents/workflows/logger.md +0 -117
  270. package/template/.claude/settings.local.json +0 -35
  271. package/template/.claude/skills/find-skills/SKILL.md +0 -142
  272. package/template/.opencode/agents/explorer.md +0 -138
  273. package/template/.opencode/agents/logger.md +0 -143
@@ -0,0 +1,18 @@
1
+ ---
2
+ description: Manual/headful UAT testing dengan Playwright — scenario matrix, screenshot evidence, dan defect triage (Major/Minor). Opsional, berdampingan dengan /test-feature.
3
+ ---
4
+
5
+ Jalankan **Manual/Headful UAT Testing** untuk fitur: **$ARGUMENTS**
6
+
7
+ Langkah:
8
+ 1. **Manual Tester** → generate scenario matrix (Normal + Abnormal case) per fitur/fungsi, lalu eksekusi headful Playwright dengan screenshot tiap skenario, update Pass/Fail + Severity (Major/Minor) di `task/[TASK-ID]_[nama-task]/manual_test_report.md`.
9
+ 2. Jika ada temuan **Major** → rekomendasikan **Fixer** untuk memperbaiki, lalu jalankan ulang `/manual-test` untuk retest (iterasi bertambah otomatis, histori iterasi sebelumnya tetap tersimpan).
10
+ 3. **GATE — UAT hijau:** semua skenario Pass, atau temuan Minor yang tersisa sudah didokumentasikan dan diterima human.
11
+
12
+ **Catatan integrasi (PENTING):**
13
+ - Command ini **independen/opsional** dari `/test-feature` (scripted E2E oleh Tester Agent) — bisa dijalankan berdampingan kapan saja, **tidak mengubah** gate Fase 3 atau alur `/deliver-feature` yang sudah ada.
14
+ - Manual Tester **tidak pernah mengubah** `Current Status` di `task/task_list.md` — hanya menambah baris di `Status Logs:`. Ini menjaga state machine Tester/Fixer tetap konsisten walau `/manual-test` dipanggil terpisah.
15
+ - Definisi lengkap agent: `agent/workflows/manual-tester.md`.
16
+ - Screenshot tersimpan di `tests/screenshots/[TASK-ID]/iteration-[N]/`, laporan (scenario matrix + summary) di `task/[TASK-ID]_[nama-task]/manual_test_report.md`.
17
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
18
+ - Jika muncul perubahan scope di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -1,25 +1,25 @@
1
- ---
2
- description: Jalankan Fase 1 (Perencanaan) — hasilkan semua blueprint/acuan dengan human gate.
3
- ---
4
-
5
- Jalankan **Fase 1 — Perencanaan** untuk: **$ARGUMENTS**
6
-
7
- Langkah:
8
- 0. **Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama wawancara human (tanya-jawab bertahap), hasilkan `state/knowledge_base/requirements/requirements.md`. Ikuti metodologi di `agent/workflows/discovery.md`.
9
- 1. **GATE:** Human sign-off `requirements.md`
10
- 2. **Initiator** (delegasi) → `project_overview.md` (sintesis dari requirements, termasuk `WORK_DEPTH`)
11
- 3. **CHECKPOINT:** Human review tech stack, UI vibe, work depth
12
- 4. **SysArch** → `state/knowledge_base/architecture/` (jika ada infra requirement)
13
- 5. **Data Architect** → `state/knowledge_base/data-model/`
14
- 6. **UX Designer** → `state/knowledge_base/design-system/`
15
- 7. **Security (Mode S)** → `state/knowledge_base/security/security-standards.md`
16
- 8. **Analyst** → `specifications/000_spec_environment_setup.md` + backlog user story (termasuk **API Contract**)
17
- 9. **DevOps** → environment setup (jika dibutuhkan)
18
- 10. **GATE — Blueprint disetujui:** API Contract wajib final.
19
-
20
- **Aturan orkestrasi (WAJIB):**
21
- - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
22
- - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
23
- - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
24
- - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
25
- - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
1
+ ---
2
+ description: Jalankan Fase 1 (Perencanaan) — hasilkan semua blueprint/acuan dengan human gate.
3
+ ---
4
+
5
+ Jalankan **Fase 1 — Perencanaan** untuk: **$ARGUMENTS**
6
+
7
+ Langkah:
8
+ 0. **Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama wawancara human (tanya-jawab bertahap), hasilkan `state/knowledge_base/requirements/requirements.md`. Ikuti metodologi di `agent/workflows/discovery.md`.
9
+ 1. **GATE:** Human sign-off `requirements.md`
10
+ 2. **Initiator** (delegasi) → `project_overview.md` (sintesis dari requirements, termasuk `WORK_DEPTH`)
11
+ 3. **CHECKPOINT:** Human review tech stack, UI vibe, work depth
12
+ 4. **SysArch** → `state/knowledge_base/architecture/` (jika ada infra requirement)
13
+ 5. **Data Architect** → `state/knowledge_base/data-model/`
14
+ 6. **UX Designer** → `state/knowledge_base/design-system/`
15
+ 7. **Security (Mode S)** → `state/knowledge_base/security/security-standards.md`
16
+ 8. **Analyst** → `specifications/000_spec_environment_setup.md` + backlog user story (termasuk **API Contract**)
17
+ 9. **DevOps** → environment setup (jika dibutuhkan)
18
+ 10. **GATE — Blueprint disetujui:** API Contract wajib final.
19
+
20
+ **Aturan orkestrasi (WAJIB):**
21
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
22
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
23
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
24
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
25
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -1,18 +1,18 @@
1
- ---
2
- description: Rangkaian akhir ke produksi: hardening → changelog → version tag.
3
- ---
4
-
5
- Jalankan rangkaian rilis untuk versi: **$ARGUMENTS**
6
-
7
- 1. **PM** → summarize semua task `done` sejak release terakhir
8
- 2. Jalankan **/harden-release "$ARGUMENTS"** (Fase 4) — berhenti di gate-nya
9
- 3. **Document** → update `CHANGELOG.md`
10
- 4. **DevOps** → bump version, buat git tag `v$ARGUMENTS`
11
- 5. **CHECKPOINT:** Human review CHANGELOG & approve release tag.
12
-
13
- **Aturan orkestrasi (WAJIB):**
14
- - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
15
- - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
16
- - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
17
- - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
18
- - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
1
+ ---
2
+ description: Rangkaian akhir ke produksi: hardening → changelog → version tag.
3
+ ---
4
+
5
+ Jalankan rangkaian rilis untuk versi: **$ARGUMENTS**
6
+
7
+ 1. **PM** → summarize semua task `done` sejak release terakhir
8
+ 2. Jalankan **/harden-release "$ARGUMENTS"** (Fase 4) — berhenti di gate-nya
9
+ 3. **Document** → update `CHANGELOG.md`
10
+ 4. **DevOps** → bump version, buat git tag `v$ARGUMENTS`
11
+ 5. **CHECKPOINT:** Human review CHANGELOG & approve release tag.
12
+
13
+ **Aturan orkestrasi (WAJIB):**
14
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
15
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
16
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
17
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
18
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -1,19 +1,19 @@
1
- ---
2
- description: Audit keamanan ad-hoc di luar siklus release.
3
- ---
4
-
5
- Jalankan security audit untuk scope: **$ARGUMENTS**
6
-
7
- 1. **Security (Mode A)** → Threat Modeling
8
- 2. **Security (Mode B)** → Vulnerability Scan
9
- 3. **CHECKPOINT:** Human review findings (approve fix plan / accepted risk)
10
- 4. **Security (Mode C)** → fix CRITICAL & HIGH
11
- 5. **Tester** → regression test
12
- 6. **CHECKPOINT:** Human sign-off.
13
-
14
- **Aturan orkestrasi (WAJIB):**
15
- - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
16
- - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
17
- - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
18
- - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
19
- - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
1
+ ---
2
+ description: Audit keamanan ad-hoc di luar siklus release.
3
+ ---
4
+
5
+ Jalankan security audit untuk scope: **$ARGUMENTS**
6
+
7
+ 1. **Security (Mode A)** → Threat Modeling
8
+ 2. **Security (Mode B)** → Vulnerability Scan
9
+ 3. **CHECKPOINT:** Human review findings (approve fix plan / accepted risk)
10
+ 4. **Security (Mode C)** → fix CRITICAL & HIGH
11
+ 5. **Tester** → regression test
12
+ 6. **CHECKPOINT:** Human sign-off.
13
+
14
+ **Aturan orkestrasi (WAJIB):**
15
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
16
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
17
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
18
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
19
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -1,21 +1,21 @@
1
- ---
2
- description: Setup/optimasi workspace agentik — install skills & konfigurasi MCP untuk tool AI yang dipakai. Re-callable saat pindah tool.
3
- ---
4
-
5
- Jalankan **Toolsmith** (Agentic Workspace Provisioner) untuk: **$ARGUMENTS**
6
-
7
- Tujuan: menyiapkan perkakas si AI agent (skills + MCP) agar bekerja optimal — **bukan** infra produk (itu DevOps).
8
-
9
- Langkah:
10
- 1. **Deteksi mode** dari argumen (`init` default jika `state/workspace-manifest.json` belum ada; `switch` saat pindah tool; `sync` untuk perbaiki drift).
11
- 2. **Deteksi tool aktif** dari penanda (`.claude/`, `.opencode/`, `.agents/`, `.github/prompts/`/`.vscode/`). Ambigu → tanya human.
12
- 3. **Mode `init`:** tentukan kebutuhan (hybrid: `schemas/workspace-registry.json` `stackMappings` dari tech stack di `project_overview.md`/`requirements.md` + baseline + augmentasi `find-skills`) → tulis `state/workspace-manifest.json` → **tunjukkan ringkasan, minta approve human**.
13
- 4. **Mode `switch`/`sync`:** baca manifest yang ada (jangan hitung ulang), apply ke tool target.
14
- 5. **Apply declarative:** tulis MCP ke file config tool (`.mcp.json` / `opencode.json` / `.vscode/mcp.json` / `.agents/mcp.json`) sesuai `platformTargets`; install skills ke `skillsDir` via `npx skills add`. **Merge, jangan timpa. Secrets → placeholder `${VAR}`.**
15
- 6. **Update `appliedTo[tool]`** = timestamp; laporkan langkah manual tersisa.
16
-
17
- **Aturan:**
18
- - Definisi kanonik agen: `agent/workflows/toolsmith.md`. Registry: `schemas/workspace-registry.json`.
19
- - **JANGAN hardcode kredensial** — gunakan placeholder env var dan instruksikan human mengisi `.env`.
20
- - Perubahan daftar skill/MCP dicatat di manifest `revisionHistory` (No Silent Changes).
21
- - Bisa dipanggil kapan saja — termasuk di tengah fase saat developer pindah tool AI.
1
+ ---
2
+ description: Setup/optimasi workspace agentik — install skills & konfigurasi MCP untuk tool AI yang dipakai. Re-callable saat pindah tool.
3
+ ---
4
+
5
+ Jalankan **Toolsmith** (Agentic Workspace Provisioner) untuk: **$ARGUMENTS**
6
+
7
+ Tujuan: menyiapkan perkakas si AI agent (skills + MCP) agar bekerja optimal — **bukan** infra produk (itu DevOps).
8
+
9
+ Langkah:
10
+ 1. **Deteksi mode** dari argumen (`init` default jika `state/workspace-manifest.json` belum ada; `switch` saat pindah tool; `sync` untuk perbaiki drift).
11
+ 2. **Deteksi tool aktif** dari penanda (`.claude/`, `.opencode/`, `.agents/`, `.github/prompts/`/`.vscode/`). Ambigu → tanya human.
12
+ 3. **Mode `init`:** tentukan kebutuhan (hybrid: `schemas/workspace-registry.json` `stackMappings` dari tech stack di `project_overview.md`/`requirements.md` + baseline + augmentasi `find-skills`) → tulis `state/workspace-manifest.json` → **tunjukkan ringkasan, minta approve human**.
13
+ 4. **Mode `switch`/`sync`:** baca manifest yang ada (jangan hitung ulang), apply ke tool target.
14
+ 5. **Apply declarative:** tulis MCP ke file config tool (`.mcp.json` / `opencode.json` / `.vscode/mcp.json` / `.agents/mcp.json`) sesuai `platformTargets`; install skills ke `skillsDir` via `npx skills add`. **Merge, jangan timpa. Secrets → placeholder `${VAR}`.**
15
+ 6. **Update `appliedTo[tool]`** = timestamp; laporkan langkah manual tersisa.
16
+
17
+ **Aturan:**
18
+ - Definisi kanonik agen: `agent/workflows/toolsmith.md`. Registry: `schemas/workspace-registry.json`.
19
+ - **JANGAN hardcode kredensial** — gunakan placeholder env var dan instruksikan human mengisi `.env`.
20
+ - Perubahan daftar skill/MCP dicatat di manifest `revisionHistory` (No Silent Changes).
21
+ - Bisa dipanggil kapan saja — termasuk di tengah fase saat developer pindah tool AI.
@@ -1,17 +1,17 @@
1
- ---
2
- description: Perbaikan bug terarah: fix → review → regression.
3
- ---
4
-
5
- Tangani bug: **$ARGUMENTS**
6
-
7
- 1. **Fixer** → analyze root cause & fix
8
- 2. **QA** → quick review pada kode yang diubah
9
- 3. **Tester** → regression test
10
- 4. **CHECKPOINT:** Human validation.
11
-
12
- **Aturan orkestrasi (WAJIB):**
13
- - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
14
- - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
15
- - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
16
- - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
17
- - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
1
+ ---
2
+ description: Perbaikan bug terarah: fix → review → regression.
3
+ ---
4
+
5
+ Tangani bug: **$ARGUMENTS**
6
+
7
+ 1. **Fixer** → analyze root cause & fix
8
+ 2. **QA** → quick review pada kode yang diubah
9
+ 3. **Tester** → regression test
10
+ 4. **CHECKPOINT:** Human validation.
11
+
12
+ **Aturan orkestrasi (WAJIB):**
13
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
14
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
15
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
16
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
17
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -1,17 +1,17 @@
1
- ---
2
- description: Jalankan Fase 3 (Testing) — E2E test fungsional terhadap spesifikasi.
3
- ---
4
-
5
- Jalankan **Fase 3 — Testing** untuk fitur: **$ARGUMENTS**
6
-
7
- Langkah:
8
- 1. **Tester** → buat & jalankan E2E test berdasarkan spec
9
- 2. Jika FAIL → **Fixer** → loop balik ke langkah 1
10
- 3. **GATE — Fungsional hijau:** semua test pass.
11
-
12
- **Aturan orkestrasi (WAJIB):**
13
- - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
14
- - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
15
- - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
16
- - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
17
- - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
1
+ ---
2
+ description: Jalankan Fase 3 (Testing) — E2E test fungsional terhadap spesifikasi.
3
+ ---
4
+
5
+ Jalankan **Fase 3 — Testing** untuk fitur: **$ARGUMENTS**
6
+
7
+ Langkah:
8
+ 1. **Tester** → buat & jalankan E2E test berdasarkan spec
9
+ 2. Jika FAIL → **Fixer** → loop balik ke langkah 1
10
+ 3. **GATE — Fungsional hijau:** semua test pass.
11
+
12
+ **Aturan orkestrasi (WAJIB):**
13
+ - Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
14
+ - **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
15
+ - Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
16
+ - Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
17
+ - Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
@@ -1,94 +1,94 @@
1
- ---
2
- name: penetration-testing
3
- description: >
4
- Ethical hacking and security testing methodologies using penetration testing
5
- tools, exploit frameworks, and manual security validation. Use when assessing
6
- application security posture and identifying exploitable vulnerabilities.
7
- ---
8
-
9
- # Penetration Testing
10
-
11
- ## Table of Contents
12
-
13
- - [Overview](#overview)
14
- - [When to Use](#when-to-use)
15
- - [Quick Start](#quick-start)
16
- - [Reference Guides](#reference-guides)
17
- - [Best Practices](#best-practices)
18
-
19
- ## Overview
20
-
21
- Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
22
-
23
- ## When to Use
24
-
25
- - Pre-production security validation
26
- - Annual security assessments
27
- - Compliance requirements (PCI-DSS, ISO 27001)
28
- - Post-incident security review
29
- - Third-party security audits
30
- - Red team exercises
31
-
32
- ## Quick Start
33
-
34
- Minimal working example:
35
-
36
- ```python
37
- # pentest_framework.py
38
- import requests
39
- import socket
40
- import subprocess
41
- import json
42
- from typing import List, Dict
43
- from dataclasses import dataclass, asdict
44
- from datetime import datetime
45
-
46
- @dataclass
47
- class Finding:
48
- severity: str
49
- category: str
50
- target: str
51
- vulnerability: str
52
- evidence: str
53
- remediation: str
54
- cvss_score: float
55
-
56
- class PenetrationTester:
57
- def __init__(self, target: str):
58
- self.target = target
59
- self.findings: List[Finding] = []
60
-
61
- def test_sql_injection(self, url: str) -> None:
62
- // ... (see reference guides for full implementation)
63
- ```
64
-
65
- ## Reference Guides
66
-
67
- Detailed implementations in the `references/` directory:
68
-
69
- | Guide | Contents |
70
- |---|---|
71
- | [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
72
- | [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
73
-
74
- ## Best Practices
75
-
76
- ### ✅ DO
77
-
78
- - Get written authorization
79
- - Define clear scope
80
- - Use controlled environments
81
- - Document all findings
82
- - Follow responsible disclosure
83
- - Provide remediation guidance
84
- - Verify fixes after patching
85
- - Maintain chain of custody
86
-
87
- ### ❌ DON'T
88
-
89
- - Test production without approval
90
- - Cause service disruption
91
- - Exfiltrate sensitive data
92
- - Share findings publicly
93
- - Exceed authorized scope
94
- - Use destructive payloads
1
+ ---
2
+ name: penetration-testing
3
+ description: >
4
+ Ethical hacking and security testing methodologies using penetration testing
5
+ tools, exploit frameworks, and manual security validation. Use when assessing
6
+ application security posture and identifying exploitable vulnerabilities.
7
+ ---
8
+
9
+ # Penetration Testing
10
+
11
+ ## Table of Contents
12
+
13
+ - [Overview](#overview)
14
+ - [When to Use](#when-to-use)
15
+ - [Quick Start](#quick-start)
16
+ - [Reference Guides](#reference-guides)
17
+ - [Best Practices](#best-practices)
18
+
19
+ ## Overview
20
+
21
+ Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
22
+
23
+ ## When to Use
24
+
25
+ - Pre-production security validation
26
+ - Annual security assessments
27
+ - Compliance requirements (PCI-DSS, ISO 27001)
28
+ - Post-incident security review
29
+ - Third-party security audits
30
+ - Red team exercises
31
+
32
+ ## Quick Start
33
+
34
+ Minimal working example:
35
+
36
+ ```python
37
+ # pentest_framework.py
38
+ import requests
39
+ import socket
40
+ import subprocess
41
+ import json
42
+ from typing import List, Dict
43
+ from dataclasses import dataclass, asdict
44
+ from datetime import datetime
45
+
46
+ @dataclass
47
+ class Finding:
48
+ severity: str
49
+ category: str
50
+ target: str
51
+ vulnerability: str
52
+ evidence: str
53
+ remediation: str
54
+ cvss_score: float
55
+
56
+ class PenetrationTester:
57
+ def __init__(self, target: str):
58
+ self.target = target
59
+ self.findings: List[Finding] = []
60
+
61
+ def test_sql_injection(self, url: str) -> None:
62
+ // ... (see reference guides for full implementation)
63
+ ```
64
+
65
+ ## Reference Guides
66
+
67
+ Detailed implementations in the `references/` directory:
68
+
69
+ | Guide | Contents |
70
+ |---|---|
71
+ | [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
72
+ | [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
73
+
74
+ ## Best Practices
75
+
76
+ ### ✅ DO
77
+
78
+ - Get written authorization
79
+ - Define clear scope
80
+ - Use controlled environments
81
+ - Document all findings
82
+ - Follow responsible disclosure
83
+ - Provide remediation guidance
84
+ - Verify fixes after patching
85
+ - Maintain chain of custody
86
+
87
+ ### ❌ DON'T
88
+
89
+ - Test production without approval
90
+ - Cause service disruption
91
+ - Exfiltrate sensitive data
92
+ - Share findings publicly
93
+ - Exceed authorized scope
94
+ - Use destructive payloads