create-vasvibe 2.4.0 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +170 -167
- package/bin/cli.mjs +9 -9
- package/package.json +45 -45
- package/src/git.mjs +47 -47
- package/src/index.mjs +228 -228
- package/src/prompts.mjs +113 -113
- package/src/scaffold.mjs +74 -74
- package/src/upgrade.mjs +121 -121
- package/src/utils.mjs +91 -91
- package/template/.agents/agents/analyst/agent.json +43 -43
- package/template/.agents/agents/backend/agent.json +44 -44
- package/template/.agents/agents/data-architect/agent.json +43 -43
- package/template/.agents/agents/devops/agent.json +44 -44
- package/template/.agents/agents/discovery/agent.json +43 -43
- package/template/.agents/agents/document/agent.json +43 -43
- package/template/.agents/agents/fixer/agent.json +44 -44
- package/template/.agents/agents/frontend/agent.json +44 -44
- package/template/.agents/agents/fullstack/agent.json +44 -44
- package/template/.agents/agents/initiator/agent.json +41 -41
- package/template/.agents/agents/{explorer → manual-tester}/agent.json +4 -3
- package/template/.agents/agents/orchestrator/agent.json +44 -44
- package/template/.agents/agents/pm/agent.json +42 -42
- package/template/.agents/agents/qa/agent.json +44 -44
- package/template/.agents/agents/reliability/agent.json +44 -44
- package/template/.agents/agents/security/agent.json +44 -44
- package/template/.agents/agents/sysarch/agent.json +44 -44
- package/template/.agents/agents/tester/agent.json +44 -44
- package/template/.agents/agents/toolsmith/agent.json +44 -44
- package/template/.agents/agents/ux-designer/agent.json +43 -43
- package/template/.agents/skills/find-skills/SKILL.md +142 -142
- package/template/.agents/skills/fullstack/SKILL.md +89 -89
- package/template/.agents/skills/penetration-testing/SKILL.md +94 -94
- package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.agents/skills/pm/SKILL.md +170 -170
- package/template/.agents/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.agents/workflows/build-feature.md +21 -21
- package/template/.agents/workflows/daily-standup.md +16 -16
- package/template/.agents/workflows/deliver-feature.md +16 -16
- package/template/.agents/workflows/harden-release.md +21 -21
- package/template/.agents/workflows/plan-project.md +25 -25
- package/template/.agents/workflows/release.md +18 -18
- package/template/.agents/workflows/security-audit.md +19 -19
- package/template/.agents/workflows/setup-workspace.md +21 -21
- package/template/.agents/workflows/start-fix.md +17 -18
- package/template/.agents/workflows/test-feature.md +17 -17
- package/template/.claude/agents/analyst.md +75 -104
- package/template/.claude/agents/backend.md +61 -61
- package/template/.claude/agents/data-architect.md +43 -43
- package/template/.claude/agents/devops.md +44 -43
- package/template/.claude/agents/discovery.md +51 -51
- package/template/.claude/agents/document.md +51 -51
- package/template/.claude/agents/fixer.md +83 -81
- package/template/.claude/agents/frontend.md +58 -60
- package/template/.claude/agents/fullstack.md +84 -85
- package/template/.claude/agents/initiator.md +74 -74
- package/template/.claude/agents/manual-tester.md +108 -0
- package/template/.claude/agents/orchestrator.md +115 -133
- package/template/.claude/agents/pm.md +199 -199
- package/template/.claude/agents/qa.md +66 -65
- package/template/.claude/agents/reliability.md +48 -47
- package/template/.claude/agents/security.md +107 -106
- package/template/.claude/agents/sysarch.md +301 -301
- package/template/.claude/agents/tester.md +100 -100
- package/template/.claude/agents/toolsmith.md +77 -76
- package/template/.claude/agents/ux-designer.md +45 -45
- package/template/.claude/commands/build-feature.md +22 -22
- package/template/.claude/commands/daily-standup.md +16 -16
- package/template/.claude/commands/deliver-feature.md +17 -17
- package/template/.claude/commands/harden-release.md +22 -22
- package/template/.claude/commands/manual-test.md +19 -0
- package/template/.claude/commands/plan-project.md +26 -26
- package/template/.claude/commands/release.md +19 -19
- package/template/.claude/commands/security-audit.md +20 -20
- package/template/.claude/commands/setup-workspace.md +22 -22
- package/template/.claude/commands/start-fix.md +18 -19
- package/template/.claude/commands/test-feature.md +18 -18
- package/template/.claude/skills/find-skills +1 -0
- package/template/.claude/skills/penetration-testing/SKILL.md +94 -94
- package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.claude/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.github/prompts/analyst.prompt.md +58 -104
- package/template/.github/prompts/backend.prompt.md +44 -44
- package/template/.github/prompts/data-architect.prompt.md +38 -38
- package/template/.github/prompts/devops.prompt.md +32 -32
- package/template/.github/prompts/discovery.prompt.md +39 -39
- package/template/.github/prompts/document.prompt.md +14 -14
- package/template/.github/prompts/fixer.prompt.md +91 -81
- package/template/.github/prompts/frontend.prompt.md +43 -60
- package/template/.github/prompts/fullstack.prompt.md +92 -86
- package/template/.github/prompts/initiator.prompt.md +55 -55
- package/template/.github/prompts/manual-tester.prompt.md +103 -0
- package/template/.github/prompts/orchestrator.prompt.md +75 -133
- package/template/.github/prompts/pm.prompt.md +186 -186
- package/template/.github/prompts/qa.prompt.md +57 -57
- package/template/.github/prompts/reliability.prompt.md +44 -44
- package/template/.github/prompts/security.prompt.md +41 -41
- package/template/.github/prompts/sysarch.prompt.md +351 -351
- package/template/.github/prompts/tester.prompt.md +107 -107
- package/template/.github/prompts/toolsmith.prompt.md +46 -46
- package/template/.github/prompts/ux-designer.prompt.md +41 -41
- package/template/.opencode/agents/analyst.md +75 -104
- package/template/.opencode/agents/backend.md +61 -61
- package/template/.opencode/agents/data-architect.md +43 -43
- package/template/.opencode/agents/devops.md +44 -44
- package/template/.opencode/agents/discovery.md +51 -51
- package/template/.opencode/agents/document.md +51 -51
- package/template/.opencode/agents/fixer.md +83 -81
- package/template/.opencode/agents/frontend.md +59 -61
- package/template/.opencode/agents/fullstack.md +84 -85
- package/template/.opencode/agents/initiator.md +74 -74
- package/template/.opencode/agents/manual-tester.md +107 -0
- package/template/.opencode/agents/orchestrator.md +116 -131
- package/template/.opencode/agents/pm.md +199 -199
- package/template/.opencode/agents/qa.md +66 -65
- package/template/.opencode/agents/reliability.md +48 -48
- package/template/.opencode/agents/security.md +107 -107
- package/template/.opencode/agents/sysarch.md +301 -301
- package/template/.opencode/agents/tester.md +100 -100
- package/template/.opencode/agents/toolsmith.md +77 -77
- package/template/.opencode/agents/ux-designer.md +45 -45
- package/template/.opencode/commands/build-feature.md +21 -21
- package/template/.opencode/commands/daily-standup.md +16 -16
- package/template/.opencode/commands/deliver-feature.md +16 -16
- package/template/.opencode/commands/harden-release.md +21 -21
- package/template/.opencode/commands/manual-test.md +18 -0
- package/template/.opencode/commands/plan-project.md +25 -25
- package/template/.opencode/commands/release.md +18 -18
- package/template/.opencode/commands/security-audit.md +19 -19
- package/template/.opencode/commands/setup-workspace.md +21 -21
- package/template/.opencode/commands/start-fix.md +17 -18
- package/template/.opencode/commands/test-feature.md +17 -17
- package/template/.opencode/skills/penetration-testing/SKILL.md +94 -94
- package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/AGENT_PERSONAS.md +595 -551
- package/template/GIT_STRUCTURE_GUIDE.md +270 -270
- package/template/PROJECT_README.example.md +81 -81
- package/template/QUICK-START.md +134 -131
- package/template/README.md +1942 -1919
- package/template/_gitignore +141 -138
- package/template/agent/workflows/_shared/change-management.md +70 -70
- package/template/agent/workflows/_shared/git-branch-management.md +25 -25
- package/template/agent/workflows/_shared/phases.md +88 -88
- package/template/agent/workflows/_shared/state-management.md +87 -87
- package/template/agent/workflows/_shared/work-depth.md +46 -46
- package/template/agent/workflows/analyst.md +75 -104
- package/template/agent/workflows/backend.md +61 -61
- package/template/agent/workflows/data-architect.md +43 -43
- package/template/agent/workflows/devops.md +44 -44
- package/template/agent/workflows/discovery.md +51 -51
- package/template/agent/workflows/document.md +51 -51
- package/template/agent/workflows/fixer.md +83 -81
- package/template/agent/workflows/frontend.md +58 -60
- package/template/agent/workflows/fullstack.md +84 -86
- package/template/agent/workflows/initiator.md +74 -74
- package/template/agent/workflows/manual-tester.md +103 -0
- package/template/agent/workflows/orchestrator.md +114 -133
- package/template/agent/workflows/pm.md +199 -199
- package/template/agent/workflows/qa.md +66 -66
- package/template/agent/workflows/reliability.md +48 -48
- package/template/agent/workflows/security.md +107 -107
- package/template/agent/workflows/sysarch.md +301 -301
- package/template/agent/workflows/tester.md +100 -100
- package/template/agent/workflows/toolsmith.md +77 -77
- package/template/agent/workflows/ux-designer.md +45 -45
- package/template/codes/.gitkeep +1 -1
- package/template/project_overview_example.md +54 -54
- package/template/schemas/adr.template.md +36 -36
- package/template/schemas/changelog.template.md +34 -34
- package/template/schemas/data-model.template.md +57 -57
- package/template/schemas/design-system.template.md +63 -63
- package/template/schemas/dev_log.template.md +20 -20
- package/template/schemas/product-ci.template.yml +50 -50
- package/template/schemas/requirements.template.md +64 -64
- package/template/schemas/security-standards.template.md +58 -58
- package/template/schemas/security_report.template.md +89 -89
- package/template/schemas/specification.template.md +57 -71
- package/template/schemas/style_guide.template.md +29 -29
- package/template/schemas/task_list.template.md +28 -28
- package/template/schemas/workspace-manifest.template.json +24 -24
- package/template/schemas/workspace-registry.json +94 -95
- package/template/skills-lock.json +11 -11
- package/template/specifications/.gitkeep +1 -3
- package/template/state/knowledge_base/.gitkeep +1 -1
- package/template/state/knowledge_base/requirements/.gitkeep +1 -1
- package/template/tests/.gitkeep +1 -1
- package/template/.agents/agents/logger/agent.json +0 -43
- package/template/.agents/workflows/build-prototype.md +0 -32
- package/template/.agents/workflows/explorer.md +0 -78
- package/template/.agents/workflows/logger.md +0 -117
- package/template/.agents/workflows/plan-feature.md +0 -30
- package/template/.claude/agents/explorer.md +0 -138
- package/template/.claude/agents/logger.md +0 -143
- package/template/.claude/commands/build-prototype.md +0 -33
- package/template/.claude/commands/plan-feature.md +0 -31
- package/template/.claude/settings.local.json +0 -44
- package/template/.claude/skills/find-skills/SKILL.md +0 -142
- package/template/.github/prompts/explorer.prompt.md +0 -133
- package/template/.github/prompts/logger.prompt.md +0 -138
- package/template/.opencode/agents/explorer.md +0 -137
- package/template/.opencode/agents/logger.md +0 -142
- package/template/.opencode/commands/build-prototype.md +0 -32
- package/template/.opencode/commands/plan-feature.md +0 -30
- package/template/agent/workflows/explorer.md +0 -133
- package/template/agent/workflows/logger.md +0 -138
|
@@ -1,58 +1,58 @@
|
|
|
1
|
-
# SECURITY STANDARDS — [Project Name]
|
|
2
|
-
|
|
3
|
-
**Owner Agent:** Security Expert (Mode Standards)
|
|
4
|
-
**Date:** [YYYY-MM-DD HH:MM]
|
|
5
|
-
**Phase:** Planning
|
|
6
|
-
**Status:** `Draft` / `Approved`
|
|
7
|
-
|
|
8
|
-
> Acuan standar keamanan proyek yang ditetapkan di awal. Semua engineer WAJIB mengikuti. Diverifikasi ulang oleh Security di fase Hardening. Perubahan lewat `_shared/change-management.md`.
|
|
9
|
-
|
|
10
|
-
---
|
|
11
|
-
|
|
12
|
-
## 1. Authentication & Authorization
|
|
13
|
-
|
|
14
|
-
- **Auth mechanism:** [JWT / session / OAuth2 — pilih dan jelaskan]
|
|
15
|
-
- **Password policy:** [hashing algo (bcrypt/argon2), min length, complexity]
|
|
16
|
-
- **Token expiry:** [access token TTL, refresh token strategy]
|
|
17
|
-
- **Authorization model:** [RBAC / ABAC — daftar role dan permission]
|
|
18
|
-
|
|
19
|
-
## 2. Data Protection
|
|
20
|
-
|
|
21
|
-
- **Encryption in transit:** TLS 1.2+ wajib
|
|
22
|
-
- **Encryption at rest:** [field/tabel yang dienkripsi]
|
|
23
|
-
- **PII handling:** [masking, minimization]
|
|
24
|
-
- **Secrets management:** semua via env var, JANGAN hardcode; daftarkan di `.env.example`
|
|
25
|
-
|
|
26
|
-
## 3. Input Validation & Output Encoding
|
|
27
|
-
|
|
28
|
-
- Validasi semua input di server-side
|
|
29
|
-
- Parameterized queries (anti SQL injection)
|
|
30
|
-
- Output encoding (anti XSS)
|
|
31
|
-
|
|
32
|
-
## 4. Security Headers & Config
|
|
33
|
-
|
|
34
|
-
- CSP, HSTS, X-Frame-Options, X-Content-Type-Options
|
|
35
|
-
- CORS policy: [origin yang diizinkan]
|
|
36
|
-
- Rate limiting: [batas per endpoint sensitif]
|
|
37
|
-
|
|
38
|
-
## 5. Compliance Requirements
|
|
39
|
-
|
|
40
|
-
- [GDPR / UU PDP / PCI-DSS — jika relevan]
|
|
41
|
-
|
|
42
|
-
## 6. Threat Model Summary
|
|
43
|
-
|
|
44
|
-
[Threat utama yang diantisipasi sejak desain — referensi ke STRIDE jika sudah ada threat model.]
|
|
45
|
-
|
|
46
|
-
## 7. Security Acceptance Criteria
|
|
47
|
-
|
|
48
|
-
Checklist yang harus lulus sebelum release (diverifikasi Security di Hardening):
|
|
49
|
-
- [ ] Tidak ada hardcoded secret
|
|
50
|
-
- [ ] Semua endpoint ter-proteksi authz
|
|
51
|
-
- [ ] Dependency bebas CVE critical/high
|
|
52
|
-
- [ ] OWASP Top 10 ter-review
|
|
53
|
-
|
|
54
|
-
## Revision History
|
|
55
|
-
|
|
56
|
-
| Timestamp | Agen | Perubahan |
|
|
57
|
-
|-----------|------|-----------|
|
|
58
|
-
| [YYYY-MM-DD HH:MM] | Security | Initial security standards |
|
|
1
|
+
# SECURITY STANDARDS — [Project Name]
|
|
2
|
+
|
|
3
|
+
**Owner Agent:** Security Expert (Mode Standards)
|
|
4
|
+
**Date:** [YYYY-MM-DD HH:MM]
|
|
5
|
+
**Phase:** Planning
|
|
6
|
+
**Status:** `Draft` / `Approved`
|
|
7
|
+
|
|
8
|
+
> Acuan standar keamanan proyek yang ditetapkan di awal. Semua engineer WAJIB mengikuti. Diverifikasi ulang oleh Security di fase Hardening. Perubahan lewat `_shared/change-management.md`.
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## 1. Authentication & Authorization
|
|
13
|
+
|
|
14
|
+
- **Auth mechanism:** [JWT / session / OAuth2 — pilih dan jelaskan]
|
|
15
|
+
- **Password policy:** [hashing algo (bcrypt/argon2), min length, complexity]
|
|
16
|
+
- **Token expiry:** [access token TTL, refresh token strategy]
|
|
17
|
+
- **Authorization model:** [RBAC / ABAC — daftar role dan permission]
|
|
18
|
+
|
|
19
|
+
## 2. Data Protection
|
|
20
|
+
|
|
21
|
+
- **Encryption in transit:** TLS 1.2+ wajib
|
|
22
|
+
- **Encryption at rest:** [field/tabel yang dienkripsi]
|
|
23
|
+
- **PII handling:** [masking, minimization]
|
|
24
|
+
- **Secrets management:** semua via env var, JANGAN hardcode; daftarkan di `.env.example`
|
|
25
|
+
|
|
26
|
+
## 3. Input Validation & Output Encoding
|
|
27
|
+
|
|
28
|
+
- Validasi semua input di server-side
|
|
29
|
+
- Parameterized queries (anti SQL injection)
|
|
30
|
+
- Output encoding (anti XSS)
|
|
31
|
+
|
|
32
|
+
## 4. Security Headers & Config
|
|
33
|
+
|
|
34
|
+
- CSP, HSTS, X-Frame-Options, X-Content-Type-Options
|
|
35
|
+
- CORS policy: [origin yang diizinkan]
|
|
36
|
+
- Rate limiting: [batas per endpoint sensitif]
|
|
37
|
+
|
|
38
|
+
## 5. Compliance Requirements
|
|
39
|
+
|
|
40
|
+
- [GDPR / UU PDP / PCI-DSS — jika relevan]
|
|
41
|
+
|
|
42
|
+
## 6. Threat Model Summary
|
|
43
|
+
|
|
44
|
+
[Threat utama yang diantisipasi sejak desain — referensi ke STRIDE jika sudah ada threat model.]
|
|
45
|
+
|
|
46
|
+
## 7. Security Acceptance Criteria
|
|
47
|
+
|
|
48
|
+
Checklist yang harus lulus sebelum release (diverifikasi Security di Hardening):
|
|
49
|
+
- [ ] Tidak ada hardcoded secret
|
|
50
|
+
- [ ] Semua endpoint ter-proteksi authz
|
|
51
|
+
- [ ] Dependency bebas CVE critical/high
|
|
52
|
+
- [ ] OWASP Top 10 ter-review
|
|
53
|
+
|
|
54
|
+
## Revision History
|
|
55
|
+
|
|
56
|
+
| Timestamp | Agen | Perubahan |
|
|
57
|
+
|-----------|------|-----------|
|
|
58
|
+
| [YYYY-MM-DD HH:MM] | Security | Initial security standards |
|
|
@@ -1,89 +1,89 @@
|
|
|
1
|
-
# SECURITY REPORT - [TASK-ID / SCOPE]
|
|
2
|
-
|
|
3
|
-
**Date:** [YYYY-MM-DD HH:MM]
|
|
4
|
-
**Agent:** Security Expert Agent
|
|
5
|
-
**Scope:** [Deskripsi scope yang diaudit — misal: "Fitur Login & Auth", "Seluruh codebase", "v1.2.0 release"]
|
|
6
|
-
**Mode:** [A: Threat Model / B: Vulnerability Scan / C: Security Fix / D: Pre-release Audit]
|
|
7
|
-
|
|
8
|
-
---
|
|
9
|
-
|
|
10
|
-
## Executive Summary
|
|
11
|
-
|
|
12
|
-
[Ringkasan singkat — apa yang diaudit, berapa temuan, dan rekomendasi utama.]
|
|
13
|
-
|
|
14
|
-
**Overall Risk Level:** `CRITICAL` / `HIGH` / `MEDIUM` / `LOW` / `CLEAR`
|
|
15
|
-
|
|
16
|
-
---
|
|
17
|
-
|
|
18
|
-
## Findings
|
|
19
|
-
|
|
20
|
-
### CRITICAL
|
|
21
|
-
| # | Vulnerability | Location | Description | Recommendation |
|
|
22
|
-
|---|---------------|----------|-------------|----------------|
|
|
23
|
-
| 1 | | | | |
|
|
24
|
-
|
|
25
|
-
### HIGH
|
|
26
|
-
| # | Vulnerability | Location | Description | Recommendation |
|
|
27
|
-
|---|---------------|----------|-------------|----------------|
|
|
28
|
-
| 1 | | | | |
|
|
29
|
-
|
|
30
|
-
### MEDIUM
|
|
31
|
-
| # | Vulnerability | Location | Description | Recommendation |
|
|
32
|
-
|---|---------------|----------|-------------|----------------|
|
|
33
|
-
| 1 | | | | |
|
|
34
|
-
|
|
35
|
-
### LOW / INFO
|
|
36
|
-
| # | Vulnerability | Location | Description | Recommendation |
|
|
37
|
-
|---|---------------|----------|-------------|----------------|
|
|
38
|
-
| 1 | | | | |
|
|
39
|
-
|
|
40
|
-
---
|
|
41
|
-
|
|
42
|
-
## OWASP Top 10 Checklist
|
|
43
|
-
|
|
44
|
-
- [ ] A01: Broken Access Control
|
|
45
|
-
- [ ] A02: Cryptographic Failures
|
|
46
|
-
- [ ] A03: Injection (SQL, XSS, Command)
|
|
47
|
-
- [ ] A04: Insecure Design
|
|
48
|
-
- [ ] A05: Security Misconfiguration
|
|
49
|
-
- [ ] A06: Vulnerable & Outdated Components
|
|
50
|
-
- [ ] A07: Authentication & Session Failures
|
|
51
|
-
- [ ] A08: Software & Data Integrity Failures
|
|
52
|
-
- [ ] A09: Security Logging & Monitoring Failures
|
|
53
|
-
- [ ] A10: Server-Side Request Forgery (SSRF)
|
|
54
|
-
|
|
55
|
-
---
|
|
56
|
-
|
|
57
|
-
## Dependency Scan Results
|
|
58
|
-
|
|
59
|
-
```
|
|
60
|
-
[Output dari npm audit / pip audit / bundle audit]
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
**Vulnerable packages found:** [X critical, Y high, Z moderate]
|
|
64
|
-
|
|
65
|
-
---
|
|
66
|
-
|
|
67
|
-
## Secrets Scan Results
|
|
68
|
-
|
|
69
|
-
- [ ] No hardcoded credentials found
|
|
70
|
-
- [ ] No API keys in source code
|
|
71
|
-
- [ ] `.env.example` does not contain real values
|
|
72
|
-
- [ ] `.gitignore` covers all `.env` variants
|
|
73
|
-
|
|
74
|
-
---
|
|
75
|
-
|
|
76
|
-
## Fixes Applied
|
|
77
|
-
|
|
78
|
-
| # | Vulnerability | Fix Description | Files Changed | Timestamp |
|
|
79
|
-
|---|---------------|-----------------|---------------|-----------|
|
|
80
|
-
| 1 | | | | |
|
|
81
|
-
|
|
82
|
-
---
|
|
83
|
-
|
|
84
|
-
## Sign-off
|
|
85
|
-
|
|
86
|
-
- **Status:** `Pending Fix` / `All Clear` / `Conditional Approval`
|
|
87
|
-
- **Remaining Issues:** [Daftar temuan yang belum di-fix dan alasannya — misal: "MEDIUM-1: accepted risk, ditangani di sprint berikutnya"]
|
|
88
|
-
- **Next Action:** [Fix CRITICAL-1 sebelum deploy / Ready for release / dll]
|
|
89
|
-
- **Reviewed By:** [Security Agent + Human approval jika sudah di-review]
|
|
1
|
+
# SECURITY REPORT - [TASK-ID / SCOPE]
|
|
2
|
+
|
|
3
|
+
**Date:** [YYYY-MM-DD HH:MM]
|
|
4
|
+
**Agent:** Security Expert Agent
|
|
5
|
+
**Scope:** [Deskripsi scope yang diaudit — misal: "Fitur Login & Auth", "Seluruh codebase", "v1.2.0 release"]
|
|
6
|
+
**Mode:** [A: Threat Model / B: Vulnerability Scan / C: Security Fix / D: Pre-release Audit]
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
## Executive Summary
|
|
11
|
+
|
|
12
|
+
[Ringkasan singkat — apa yang diaudit, berapa temuan, dan rekomendasi utama.]
|
|
13
|
+
|
|
14
|
+
**Overall Risk Level:** `CRITICAL` / `HIGH` / `MEDIUM` / `LOW` / `CLEAR`
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Findings
|
|
19
|
+
|
|
20
|
+
### CRITICAL
|
|
21
|
+
| # | Vulnerability | Location | Description | Recommendation |
|
|
22
|
+
|---|---------------|----------|-------------|----------------|
|
|
23
|
+
| 1 | | | | |
|
|
24
|
+
|
|
25
|
+
### HIGH
|
|
26
|
+
| # | Vulnerability | Location | Description | Recommendation |
|
|
27
|
+
|---|---------------|----------|-------------|----------------|
|
|
28
|
+
| 1 | | | | |
|
|
29
|
+
|
|
30
|
+
### MEDIUM
|
|
31
|
+
| # | Vulnerability | Location | Description | Recommendation |
|
|
32
|
+
|---|---------------|----------|-------------|----------------|
|
|
33
|
+
| 1 | | | | |
|
|
34
|
+
|
|
35
|
+
### LOW / INFO
|
|
36
|
+
| # | Vulnerability | Location | Description | Recommendation |
|
|
37
|
+
|---|---------------|----------|-------------|----------------|
|
|
38
|
+
| 1 | | | | |
|
|
39
|
+
|
|
40
|
+
---
|
|
41
|
+
|
|
42
|
+
## OWASP Top 10 Checklist
|
|
43
|
+
|
|
44
|
+
- [ ] A01: Broken Access Control
|
|
45
|
+
- [ ] A02: Cryptographic Failures
|
|
46
|
+
- [ ] A03: Injection (SQL, XSS, Command)
|
|
47
|
+
- [ ] A04: Insecure Design
|
|
48
|
+
- [ ] A05: Security Misconfiguration
|
|
49
|
+
- [ ] A06: Vulnerable & Outdated Components
|
|
50
|
+
- [ ] A07: Authentication & Session Failures
|
|
51
|
+
- [ ] A08: Software & Data Integrity Failures
|
|
52
|
+
- [ ] A09: Security Logging & Monitoring Failures
|
|
53
|
+
- [ ] A10: Server-Side Request Forgery (SSRF)
|
|
54
|
+
|
|
55
|
+
---
|
|
56
|
+
|
|
57
|
+
## Dependency Scan Results
|
|
58
|
+
|
|
59
|
+
```
|
|
60
|
+
[Output dari npm audit / pip audit / bundle audit]
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
**Vulnerable packages found:** [X critical, Y high, Z moderate]
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
|
|
67
|
+
## Secrets Scan Results
|
|
68
|
+
|
|
69
|
+
- [ ] No hardcoded credentials found
|
|
70
|
+
- [ ] No API keys in source code
|
|
71
|
+
- [ ] `.env.example` does not contain real values
|
|
72
|
+
- [ ] `.gitignore` covers all `.env` variants
|
|
73
|
+
|
|
74
|
+
---
|
|
75
|
+
|
|
76
|
+
## Fixes Applied
|
|
77
|
+
|
|
78
|
+
| # | Vulnerability | Fix Description | Files Changed | Timestamp |
|
|
79
|
+
|---|---------------|-----------------|---------------|-----------|
|
|
80
|
+
| 1 | | | | |
|
|
81
|
+
|
|
82
|
+
---
|
|
83
|
+
|
|
84
|
+
## Sign-off
|
|
85
|
+
|
|
86
|
+
- **Status:** `Pending Fix` / `All Clear` / `Conditional Approval`
|
|
87
|
+
- **Remaining Issues:** [Daftar temuan yang belum di-fix dan alasannya — misal: "MEDIUM-1: accepted risk, ditangani di sprint berikutnya"]
|
|
88
|
+
- **Next Action:** [Fix CRITICAL-1 sebelum deploy / Ready for release / dll]
|
|
89
|
+
- **Reviewed By:** [Security Agent + Human approval jika sudah di-review]
|
|
@@ -1,71 +1,57 @@
|
|
|
1
|
-
# SPEC-XXX: [Feature Name]
|
|
2
|
-
|
|
3
|
-
## Metadata
|
|
4
|
-
- **Author:** Analyst Agent
|
|
5
|
-
- **Created:** [YYYY-MM-DD]
|
|
6
|
-
- **Status:** draft | review | approved
|
|
7
|
-
- **Depends on:** SPEC-YYY
|
|
8
|
-
|
|
9
|
-
## User Story
|
|
10
|
-
Sebagai [role
|
|
11
|
-
|
|
12
|
-
##
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
##
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
**
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
---
|
|
60
|
-
|
|
61
|
-
## Human Approval
|
|
62
|
-
|
|
63
|
-
**Human Approval Status:** pending | approved | revision_requested
|
|
64
|
-
|
|
65
|
-
**Human Feedback:**
|
|
66
|
-
> (Kosongkan jika belum ada feedback. Analyst Agent akan mengisi berdasarkan masukan reviewer.)
|
|
67
|
-
|
|
68
|
-
## Revision History
|
|
69
|
-
| Date | Author | Changes |
|
|
70
|
-
|------|--------|---------|
|
|
71
|
-
| [YYYY-MM-DD] | Analyst Agent | Initial draft |
|
|
1
|
+
# SPEC-XXX: [Feature Name]
|
|
2
|
+
|
|
3
|
+
## Metadata
|
|
4
|
+
- **Author:** Analyst Agent
|
|
5
|
+
- **Created:** [YYYY-MM-DD]
|
|
6
|
+
- **Status:** draft | review | approved
|
|
7
|
+
- **Depends on:** SPEC-YYY
|
|
8
|
+
|
|
9
|
+
## User Story
|
|
10
|
+
Sebagai [role], saya ingin [action], sehingga [benefit].
|
|
11
|
+
|
|
12
|
+
## Technical Flow
|
|
13
|
+
1. [Langkah 1 — contoh: User submit form login]
|
|
14
|
+
2. [Langkah 2 — contoh: Backend validasi credentials]
|
|
15
|
+
3. [Langkah 3 — contoh: Return JWT token]
|
|
16
|
+
|
|
17
|
+
## Acceptance Criteria
|
|
18
|
+
- [ ] ...
|
|
19
|
+
- [ ] ...
|
|
20
|
+
|
|
21
|
+
## API Contract
|
|
22
|
+
### [METHOD] /api/endpoint
|
|
23
|
+
**Request:**
|
|
24
|
+
```json
|
|
25
|
+
{}
|
|
26
|
+
```
|
|
27
|
+
**Response (200):**
|
|
28
|
+
```json
|
|
29
|
+
{}
|
|
30
|
+
```
|
|
31
|
+
**Response (Error):**
|
|
32
|
+
```json
|
|
33
|
+
{}
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
## Database Changes
|
|
37
|
+
(Tabel baru, kolom baru, atau index yang dibutuhkan — atau tulis "None")
|
|
38
|
+
|
|
39
|
+
## UI/UX
|
|
40
|
+
(Screenshot mockup, deskripsi komponen, atau link ke desain — atau tulis "None")
|
|
41
|
+
|
|
42
|
+
## Edge Cases & Validation
|
|
43
|
+
- [ ] ...
|
|
44
|
+
|
|
45
|
+
---
|
|
46
|
+
|
|
47
|
+
## Human Approval
|
|
48
|
+
|
|
49
|
+
**Human Approval Status:** pending | approved | revision_requested
|
|
50
|
+
|
|
51
|
+
**Human Feedback:**
|
|
52
|
+
> (Kosongkan jika belum ada feedback. Analyst Agent akan mengisi berdasarkan masukan reviewer.)
|
|
53
|
+
|
|
54
|
+
## Revision History
|
|
55
|
+
| Date | Author | Changes |
|
|
56
|
+
|------|--------|---------|
|
|
57
|
+
| [YYYY-MM-DD] | Analyst Agent | Initial draft |
|
|
@@ -1,29 +1,29 @@
|
|
|
1
|
-
# Project Style Guide & Architecture Constraints
|
|
2
|
-
|
|
3
|
-
## 1. Naming Conventions
|
|
4
|
-
- **Files/Folders:** `kebab-case` (misal: `user-profile.tsx`, `auth-service.ts`)
|
|
5
|
-
- **Variables/Functions:** `camelCase` (misal: `getUserProfile()`)
|
|
6
|
-
- **Classes/Interfaces:** `PascalCase` (misal: `class UserProfile`, `interface AuthConfig`)
|
|
7
|
-
- **Constants/Enums:** `UPPER_SNAKE_CASE` (misal: `MAX_RETRY_COUNT = 3`)
|
|
8
|
-
|
|
9
|
-
## 2. Directory Structure (`codes/`)
|
|
10
|
-
- `src/components/` → UI Components (Dumb/Presentational)
|
|
11
|
-
- `src/pages/` atau `app/` → Route-level components
|
|
12
|
-
- `src/services/` → API calls, logic database, atau external services
|
|
13
|
-
- `src/utils/` → Helper functions murni
|
|
14
|
-
- `src/types/` → Type definitions (TypeScript)
|
|
15
|
-
|
|
16
|
-
## 3. Security Guidelines
|
|
17
|
-
- **TIDAK BOLEH** hardcode API Keys, secrets, tokens, atau password ke dalam source code.
|
|
18
|
-
- Selalu gunakan `process.env.VARIABLE_NAME` (Node/Next) atau setara, dan catat keys yang dibutuhkan di `.env.example`.
|
|
19
|
-
- Selalu validasi input user baik di client maupun di server (defense in depth).
|
|
20
|
-
|
|
21
|
-
## 4. Code Quality & Formatting
|
|
22
|
-
- **Linter:** Wajib lulus ESLint / Prettier.
|
|
23
|
-
- **Max File Length:** Usahakan di bawah 300 baris. Jika lebih, pecah menjadi modul kecil.
|
|
24
|
-
- **DRY (Don't Repeat Yourself):** Jika ada logika yang digunakan 3 kali atau lebih, ekstraksi menjadi function/util/hook.
|
|
25
|
-
|
|
26
|
-
## 5. Error Handling
|
|
27
|
-
- Hindari `console.log` di production code. Gunakan logger library.
|
|
28
|
-
- Jangan gunakan `try-catch` kosong. Selalu handle atau re-throw error.
|
|
29
|
-
- Tampilkan error message yang ramah ke user (UI), tapi log error aslinya (Technical).
|
|
1
|
+
# Project Style Guide & Architecture Constraints
|
|
2
|
+
|
|
3
|
+
## 1. Naming Conventions
|
|
4
|
+
- **Files/Folders:** `kebab-case` (misal: `user-profile.tsx`, `auth-service.ts`)
|
|
5
|
+
- **Variables/Functions:** `camelCase` (misal: `getUserProfile()`)
|
|
6
|
+
- **Classes/Interfaces:** `PascalCase` (misal: `class UserProfile`, `interface AuthConfig`)
|
|
7
|
+
- **Constants/Enums:** `UPPER_SNAKE_CASE` (misal: `MAX_RETRY_COUNT = 3`)
|
|
8
|
+
|
|
9
|
+
## 2. Directory Structure (`codes/`)
|
|
10
|
+
- `src/components/` → UI Components (Dumb/Presentational)
|
|
11
|
+
- `src/pages/` atau `app/` → Route-level components
|
|
12
|
+
- `src/services/` → API calls, logic database, atau external services
|
|
13
|
+
- `src/utils/` → Helper functions murni
|
|
14
|
+
- `src/types/` → Type definitions (TypeScript)
|
|
15
|
+
|
|
16
|
+
## 3. Security Guidelines
|
|
17
|
+
- **TIDAK BOLEH** hardcode API Keys, secrets, tokens, atau password ke dalam source code.
|
|
18
|
+
- Selalu gunakan `process.env.VARIABLE_NAME` (Node/Next) atau setara, dan catat keys yang dibutuhkan di `.env.example`.
|
|
19
|
+
- Selalu validasi input user baik di client maupun di server (defense in depth).
|
|
20
|
+
|
|
21
|
+
## 4. Code Quality & Formatting
|
|
22
|
+
- **Linter:** Wajib lulus ESLint / Prettier.
|
|
23
|
+
- **Max File Length:** Usahakan di bawah 300 baris. Jika lebih, pecah menjadi modul kecil.
|
|
24
|
+
- **DRY (Don't Repeat Yourself):** Jika ada logika yang digunakan 3 kali atau lebih, ekstraksi menjadi function/util/hook.
|
|
25
|
+
|
|
26
|
+
## 5. Error Handling
|
|
27
|
+
- Hindari `console.log` di production code. Gunakan logger library.
|
|
28
|
+
- Jangan gunakan `try-catch` kosong. Selalu handle atau re-throw error.
|
|
29
|
+
- Tampilkan error message yang ramah ke user (UI), tapi log error aslinya (Technical).
|
|
@@ -1,28 +1,28 @@
|
|
|
1
|
-
# Task List — [Project Name]
|
|
2
|
-
|
|
3
|
-
## Summary
|
|
4
|
-
| Metric | Count |
|
|
5
|
-
|--------|-------|
|
|
6
|
-
| Total Tasks | 0 |
|
|
7
|
-
| Completed | 0 |
|
|
8
|
-
| In Progress | 0 |
|
|
9
|
-
| Blocked | 0 |
|
|
10
|
-
|
|
11
|
-
## Status Legend
|
|
12
|
-
| Status | Meaning |
|
|
13
|
-
|--------|---------|
|
|
14
|
-
| `not_started` | Belum dikerjakan |
|
|
15
|
-
| `development` | Sedang dikembangkan oleh Developer |
|
|
16
|
-
| `ready_to_test` | Development selesai, siap test |
|
|
17
|
-
| `testing` | Sedang ditest oleh Tester |
|
|
18
|
-
| `fixing` | Ada bug, sedang diperbaiki Fixer |
|
|
19
|
-
| `done` | Passed testing |
|
|
20
|
-
| `human_validated` | Divalidasi oleh human |
|
|
21
|
-
|
|
22
|
-
## Tasks
|
|
23
|
-
|
|
24
|
-
- Task XXX: [Task Name]
|
|
25
|
-
- Spesifikasi: [spec] ../specifications/XXX_spec_*.md
|
|
26
|
-
- Current Status: not_started
|
|
27
|
-
- Status Logs:
|
|
28
|
-
- Task Created: [YYYY-MM-DD HH:MM] (PM Agent)
|
|
1
|
+
# Task List — [Project Name]
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
| Metric | Count |
|
|
5
|
+
|--------|-------|
|
|
6
|
+
| Total Tasks | 0 |
|
|
7
|
+
| Completed | 0 |
|
|
8
|
+
| In Progress | 0 |
|
|
9
|
+
| Blocked | 0 |
|
|
10
|
+
|
|
11
|
+
## Status Legend
|
|
12
|
+
| Status | Meaning |
|
|
13
|
+
|--------|---------|
|
|
14
|
+
| `not_started` | Belum dikerjakan |
|
|
15
|
+
| `development` | Sedang dikembangkan oleh Developer |
|
|
16
|
+
| `ready_to_test` | Development selesai, siap test |
|
|
17
|
+
| `testing` | Sedang ditest oleh Tester |
|
|
18
|
+
| `fixing` | Ada bug, sedang diperbaiki Fixer |
|
|
19
|
+
| `done` | Passed testing |
|
|
20
|
+
| `human_validated` | Divalidasi oleh human |
|
|
21
|
+
|
|
22
|
+
## Tasks
|
|
23
|
+
|
|
24
|
+
- Task XXX: [Task Name]
|
|
25
|
+
- Spesifikasi: [spec] ../specifications/XXX_spec_*.md
|
|
26
|
+
- Current Status: not_started
|
|
27
|
+
- Status Logs:
|
|
28
|
+
- Task Created: [YYYY-MM-DD HH:MM] (PM Agent)
|
|
@@ -1,24 +1,24 @@
|
|
|
1
|
-
{
|
|
2
|
-
"_comment": "DESIRED-STATE manifest written by the Toolsmith agent to state/workspace-manifest.json. Platform-agnostic: lists WHAT skills + MCP the project wants. Re-applying to a new tool (tool-switch) reads this same file and realizes it in the new tool's config format. This is the source of truth; per-tool config files are derived artifacts.",
|
|
3
|
-
"version": 1,
|
|
4
|
-
"project": "<project name>",
|
|
5
|
-
"decidedFrom": ["project_overview.md tech stack", "requirements.md", "find-skills"],
|
|
6
|
-
"skills": [
|
|
7
|
-
{ "id": "find-skills", "reason": "discover further skills on demand" },
|
|
8
|
-
{ "id": "ui-ux-pro-max", "reason": "UI-heavy frontend (example)" }
|
|
9
|
-
],
|
|
10
|
-
"mcp": [
|
|
11
|
-
{ "id": "filesystem", "reason": "ground agent in workspace" },
|
|
12
|
-
{ "id": "git", "reason": "code-aware context" }
|
|
13
|
-
],
|
|
14
|
-
"appliedTo": {
|
|
15
|
-
"_comment": "ISO timestamp of last successful apply per platform, or null if never applied. Toolsmith updates this after each apply.",
|
|
16
|
-
"claude-code": null,
|
|
17
|
-
"opencode": null,
|
|
18
|
-
"antigravity": null,
|
|
19
|
-
"github-copilot": null
|
|
20
|
-
},
|
|
21
|
-
"revisionHistory": [
|
|
22
|
-
{ "timestamp": "<YYYY-MM-DD HH:MM>", "agent": "toolsmith", "change": "initial provisioning" }
|
|
23
|
-
]
|
|
24
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"_comment": "DESIRED-STATE manifest written by the Toolsmith agent to state/workspace-manifest.json. Platform-agnostic: lists WHAT skills + MCP the project wants. Re-applying to a new tool (tool-switch) reads this same file and realizes it in the new tool's config format. This is the source of truth; per-tool config files are derived artifacts.",
|
|
3
|
+
"version": 1,
|
|
4
|
+
"project": "<project name>",
|
|
5
|
+
"decidedFrom": ["project_overview.md tech stack", "requirements.md", "find-skills"],
|
|
6
|
+
"skills": [
|
|
7
|
+
{ "id": "find-skills", "reason": "discover further skills on demand" },
|
|
8
|
+
{ "id": "ui-ux-pro-max", "reason": "UI-heavy frontend (example)" }
|
|
9
|
+
],
|
|
10
|
+
"mcp": [
|
|
11
|
+
{ "id": "filesystem", "reason": "ground agent in workspace" },
|
|
12
|
+
{ "id": "git", "reason": "code-aware context" }
|
|
13
|
+
],
|
|
14
|
+
"appliedTo": {
|
|
15
|
+
"_comment": "ISO timestamp of last successful apply per platform, or null if never applied. Toolsmith updates this after each apply.",
|
|
16
|
+
"claude-code": null,
|
|
17
|
+
"opencode": null,
|
|
18
|
+
"antigravity": null,
|
|
19
|
+
"github-copilot": null
|
|
20
|
+
},
|
|
21
|
+
"revisionHistory": [
|
|
22
|
+
{ "timestamp": "<YYYY-MM-DD HH:MM>", "agent": "toolsmith", "change": "initial provisioning" }
|
|
23
|
+
]
|
|
24
|
+
}
|