create-vasvibe 2.4.0 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +170 -167
- package/bin/cli.mjs +9 -9
- package/package.json +45 -45
- package/src/git.mjs +47 -47
- package/src/index.mjs +228 -228
- package/src/prompts.mjs +113 -113
- package/src/scaffold.mjs +74 -74
- package/src/upgrade.mjs +121 -121
- package/src/utils.mjs +91 -91
- package/template/.agents/agents/analyst/agent.json +43 -43
- package/template/.agents/agents/backend/agent.json +44 -44
- package/template/.agents/agents/data-architect/agent.json +43 -43
- package/template/.agents/agents/devops/agent.json +44 -44
- package/template/.agents/agents/discovery/agent.json +43 -43
- package/template/.agents/agents/document/agent.json +43 -43
- package/template/.agents/agents/explorer/agent.json +43 -43
- package/template/.agents/agents/fixer/agent.json +44 -44
- package/template/.agents/agents/frontend/agent.json +44 -44
- package/template/.agents/agents/fullstack/agent.json +44 -44
- package/template/.agents/agents/initiator/agent.json +41 -41
- package/template/.agents/agents/logger/agent.json +43 -43
- package/template/.agents/agents/manual-tester/agent.json +44 -0
- package/template/.agents/agents/orchestrator/agent.json +44 -44
- package/template/.agents/agents/pm/agent.json +42 -42
- package/template/.agents/agents/qa/agent.json +44 -44
- package/template/.agents/agents/reliability/agent.json +44 -44
- package/template/.agents/agents/security/agent.json +44 -44
- package/template/.agents/agents/sysarch/agent.json +44 -44
- package/template/.agents/agents/tester/agent.json +44 -44
- package/template/.agents/agents/toolsmith/agent.json +44 -44
- package/template/.agents/agents/ux-designer/agent.json +43 -43
- package/template/.agents/skills/find-skills/SKILL.md +142 -142
- package/template/.agents/skills/fullstack/SKILL.md +89 -89
- package/template/.agents/skills/penetration-testing/SKILL.md +94 -94
- package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.agents/skills/pm/SKILL.md +170 -170
- package/template/.agents/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.agents/workflows/build-feature.md +21 -21
- package/template/.agents/workflows/build-prototype.md +32 -32
- package/template/.agents/workflows/daily-standup.md +16 -16
- package/template/.agents/workflows/deliver-feature.md +16 -16
- package/template/.agents/workflows/explorer.md +78 -78
- package/template/.agents/workflows/harden-release.md +21 -21
- package/template/.agents/workflows/logger.md +117 -117
- package/template/.agents/workflows/plan-feature.md +30 -30
- package/template/.agents/workflows/plan-project.md +25 -25
- package/template/.agents/workflows/release.md +18 -18
- package/template/.agents/workflows/security-audit.md +19 -19
- package/template/.agents/workflows/setup-workspace.md +21 -21
- package/template/.agents/workflows/start-fix.md +18 -18
- package/template/.agents/workflows/test-feature.md +17 -17
- package/template/.claude/agents/analyst.md +109 -109
- package/template/.claude/agents/backend.md +61 -61
- package/template/.claude/agents/data-architect.md +43 -43
- package/template/.claude/agents/devops.md +44 -43
- package/template/.claude/agents/discovery.md +51 -51
- package/template/.claude/agents/document.md +51 -51
- package/template/.claude/agents/explorer.md +138 -138
- package/template/.claude/agents/fixer.md +87 -86
- package/template/.claude/agents/frontend.md +65 -65
- package/template/.claude/agents/fullstack.md +91 -90
- package/template/.claude/agents/initiator.md +74 -74
- package/template/.claude/agents/logger.md +143 -143
- package/template/.claude/agents/manual-tester.md +108 -0
- package/template/.claude/agents/orchestrator.md +138 -137
- package/template/.claude/agents/pm.md +199 -199
- package/template/.claude/agents/qa.md +66 -65
- package/template/.claude/agents/reliability.md +48 -47
- package/template/.claude/agents/security.md +107 -106
- package/template/.claude/agents/sysarch.md +301 -301
- package/template/.claude/agents/tester.md +100 -100
- package/template/.claude/agents/toolsmith.md +77 -76
- package/template/.claude/agents/ux-designer.md +45 -45
- package/template/.claude/commands/build-feature.md +22 -22
- package/template/.claude/commands/build-prototype.md +33 -33
- package/template/.claude/commands/daily-standup.md +16 -16
- package/template/.claude/commands/deliver-feature.md +17 -17
- package/template/.claude/commands/harden-release.md +22 -22
- package/template/.claude/commands/manual-test.md +19 -0
- package/template/.claude/commands/plan-feature.md +31 -31
- package/template/.claude/commands/plan-project.md +26 -26
- package/template/.claude/commands/release.md +19 -19
- package/template/.claude/commands/security-audit.md +20 -20
- package/template/.claude/commands/setup-workspace.md +22 -22
- package/template/.claude/commands/start-fix.md +19 -19
- package/template/.claude/commands/test-feature.md +18 -18
- package/template/.claude/skills/find-skills/SKILL.md +142 -142
- package/template/.claude/skills/penetration-testing/SKILL.md +94 -94
- package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.claude/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.github/prompts/analyst.prompt.md +104 -104
- package/template/.github/prompts/backend.prompt.md +44 -44
- package/template/.github/prompts/data-architect.prompt.md +38 -38
- package/template/.github/prompts/devops.prompt.md +32 -32
- package/template/.github/prompts/discovery.prompt.md +39 -39
- package/template/.github/prompts/document.prompt.md +14 -14
- package/template/.github/prompts/explorer.prompt.md +133 -133
- package/template/.github/prompts/fixer.prompt.md +82 -81
- package/template/.github/prompts/frontend.prompt.md +60 -60
- package/template/.github/prompts/fullstack.prompt.md +86 -86
- package/template/.github/prompts/initiator.prompt.md +55 -55
- package/template/.github/prompts/logger.prompt.md +138 -138
- package/template/.github/prompts/manual-tester.prompt.md +103 -0
- package/template/.github/prompts/orchestrator.prompt.md +133 -133
- package/template/.github/prompts/pm.prompt.md +186 -186
- package/template/.github/prompts/qa.prompt.md +57 -57
- package/template/.github/prompts/reliability.prompt.md +44 -44
- package/template/.github/prompts/security.prompt.md +41 -41
- package/template/.github/prompts/sysarch.prompt.md +351 -351
- package/template/.github/prompts/tester.prompt.md +107 -107
- package/template/.github/prompts/toolsmith.prompt.md +46 -46
- package/template/.github/prompts/ux-designer.prompt.md +41 -41
- package/template/.opencode/agents/analyst.md +108 -108
- package/template/.opencode/agents/backend.md +61 -61
- package/template/.opencode/agents/data-architect.md +43 -43
- package/template/.opencode/agents/devops.md +44 -44
- package/template/.opencode/agents/discovery.md +51 -51
- package/template/.opencode/agents/document.md +51 -51
- package/template/.opencode/agents/explorer.md +137 -137
- package/template/.opencode/agents/fixer.md +86 -85
- package/template/.opencode/agents/frontend.md +64 -64
- package/template/.opencode/agents/fullstack.md +90 -89
- package/template/.opencode/agents/initiator.md +74 -74
- package/template/.opencode/agents/logger.md +142 -142
- package/template/.opencode/agents/manual-tester.md +107 -0
- package/template/.opencode/agents/orchestrator.md +137 -133
- package/template/.opencode/agents/pm.md +199 -199
- package/template/.opencode/agents/qa.md +66 -65
- package/template/.opencode/agents/reliability.md +48 -48
- package/template/.opencode/agents/security.md +107 -107
- package/template/.opencode/agents/sysarch.md +301 -301
- package/template/.opencode/agents/tester.md +100 -100
- package/template/.opencode/agents/toolsmith.md +77 -77
- package/template/.opencode/agents/ux-designer.md +45 -45
- package/template/.opencode/commands/build-feature.md +21 -21
- package/template/.opencode/commands/build-prototype.md +32 -32
- package/template/.opencode/commands/daily-standup.md +16 -16
- package/template/.opencode/commands/deliver-feature.md +16 -16
- package/template/.opencode/commands/harden-release.md +21 -21
- package/template/.opencode/commands/manual-test.md +18 -0
- package/template/.opencode/commands/plan-feature.md +30 -30
- package/template/.opencode/commands/plan-project.md +25 -25
- package/template/.opencode/commands/release.md +18 -18
- package/template/.opencode/commands/security-audit.md +19 -19
- package/template/.opencode/commands/setup-workspace.md +21 -21
- package/template/.opencode/commands/start-fix.md +18 -18
- package/template/.opencode/commands/test-feature.md +17 -17
- package/template/.opencode/skills/penetration-testing/SKILL.md +94 -94
- package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/AGENT_PERSONAS.md +595 -551
- package/template/GIT_STRUCTURE_GUIDE.md +270 -270
- package/template/PROJECT_README.example.md +81 -81
- package/template/QUICK-START.md +134 -131
- package/template/README.md +1942 -1919
- package/template/_gitignore +138 -138
- package/template/agent/workflows/_shared/change-management.md +70 -70
- package/template/agent/workflows/_shared/git-branch-management.md +25 -25
- package/template/agent/workflows/_shared/phases.md +88 -88
- package/template/agent/workflows/_shared/state-management.md +87 -87
- package/template/agent/workflows/_shared/work-depth.md +46 -46
- package/template/agent/workflows/analyst.md +104 -104
- package/template/agent/workflows/backend.md +61 -61
- package/template/agent/workflows/data-architect.md +43 -43
- package/template/agent/workflows/devops.md +44 -44
- package/template/agent/workflows/discovery.md +51 -51
- package/template/agent/workflows/document.md +51 -51
- package/template/agent/workflows/explorer.md +133 -133
- package/template/agent/workflows/fixer.md +82 -81
- package/template/agent/workflows/frontend.md +60 -60
- package/template/agent/workflows/fullstack.md +86 -86
- package/template/agent/workflows/initiator.md +74 -74
- package/template/agent/workflows/logger.md +138 -138
- package/template/agent/workflows/manual-tester.md +103 -0
- package/template/agent/workflows/orchestrator.md +133 -133
- package/template/agent/workflows/pm.md +199 -199
- package/template/agent/workflows/qa.md +66 -66
- package/template/agent/workflows/reliability.md +48 -48
- package/template/agent/workflows/security.md +107 -107
- package/template/agent/workflows/sysarch.md +301 -301
- package/template/agent/workflows/tester.md +100 -100
- package/template/agent/workflows/toolsmith.md +77 -77
- package/template/agent/workflows/ux-designer.md +45 -45
- package/template/codes/.gitkeep +1 -1
- package/template/project_overview_example.md +54 -54
- package/template/schemas/adr.template.md +36 -36
- package/template/schemas/changelog.template.md +34 -34
- package/template/schemas/data-model.template.md +57 -57
- package/template/schemas/design-system.template.md +63 -63
- package/template/schemas/dev_log.template.md +20 -20
- package/template/schemas/product-ci.template.yml +50 -50
- package/template/schemas/requirements.template.md +64 -64
- package/template/schemas/security-standards.template.md +58 -58
- package/template/schemas/security_report.template.md +89 -89
- package/template/schemas/specification.template.md +71 -71
- package/template/schemas/style_guide.template.md +29 -29
- package/template/schemas/task_list.template.md +28 -28
- package/template/schemas/workspace-manifest.template.json +24 -24
- package/template/schemas/workspace-registry.json +95 -95
- package/template/skills-lock.json +11 -11
- package/template/specifications/.gitkeep +3 -3
- package/template/state/knowledge_base/.gitkeep +1 -1
- package/template/state/knowledge_base/requirements/.gitkeep +1 -1
- package/template/tests/.gitkeep +1 -1
- package/template/.claude/settings.local.json +0 -44
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Meta: jalankan Fase 2 lalu Fase 3 untuk satu fitur (build + test) dengan gate.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Kerjakan satu fitur penuh dari build sampai test: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
1. Jalankan pipeline **/build-feature** (Fase 2) — berhenti di gate-nya.
|
|
8
|
-
2. Setelah gate lulus, jalankan **/test-feature** (Fase 3) — berhenti di gate-nya.
|
|
9
|
-
Jangan gabungkan gate; tiap fase tetap minta approval human terpisah.
|
|
10
|
-
|
|
11
|
-
**Aturan orkestrasi (WAJIB):**
|
|
12
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
13
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
14
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
15
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
16
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Meta: jalankan Fase 2 lalu Fase 3 untuk satu fitur (build + test) dengan gate.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Kerjakan satu fitur penuh dari build sampai test: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
1. Jalankan pipeline **/build-feature** (Fase 2) — berhenti di gate-nya.
|
|
8
|
+
2. Setelah gate lulus, jalankan **/test-feature** (Fase 3) — berhenti di gate-nya.
|
|
9
|
+
Jangan gabungkan gate; tiap fase tetap minta approval human terpisah.
|
|
10
|
+
|
|
11
|
+
**Aturan orkestrasi (WAJIB):**
|
|
12
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
13
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
14
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
15
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
16
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Jalankan Fase 4 (Hardening) — security + reliability sebelum produksi. Per-release.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Fase 4 — Hardening** (per-release) untuk versi: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
Langkah:
|
|
8
|
-
1. **Security (Mode A)** → Threat Modeling
|
|
9
|
-
2. **Security (Mode B)** → Vulnerability Scan + verifikasi `security-standards.md`
|
|
10
|
-
3. **Reliability** → performance, resilience, load test
|
|
11
|
-
4. **CHECKPOINT:** Human review temuan Security + Reliability
|
|
12
|
-
5. **Security (Mode C)** + **Fixer** → remediasi CRITICAL & HIGH
|
|
13
|
-
6. **Tester** → regression test
|
|
14
|
-
7. **GATE — Siap produksi:** Human sign-off.
|
|
15
|
-
|
|
16
|
-
**Aturan orkestrasi (WAJIB):**
|
|
17
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
18
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
19
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
20
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
21
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Jalankan Fase 4 (Hardening) — security + reliability sebelum produksi. Per-release.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Fase 4 — Hardening** (per-release) untuk versi: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Langkah:
|
|
8
|
+
1. **Security (Mode A)** → Threat Modeling
|
|
9
|
+
2. **Security (Mode B)** → Vulnerability Scan + verifikasi `security-standards.md`
|
|
10
|
+
3. **Reliability** → performance, resilience, load test
|
|
11
|
+
4. **CHECKPOINT:** Human review temuan Security + Reliability
|
|
12
|
+
5. **Security (Mode C)** + **Fixer** → remediasi CRITICAL & HIGH
|
|
13
|
+
6. **Tester** → regression test
|
|
14
|
+
7. **GATE — Siap produksi:** Human sign-off.
|
|
15
|
+
|
|
16
|
+
**Aturan orkestrasi (WAJIB):**
|
|
17
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
18
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
19
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
20
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
21
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Manual/headful UAT testing dengan Playwright — scenario matrix, screenshot evidence, dan defect triage (Major/Minor). Opsional, berdampingan dengan /test-feature.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Manual/Headful UAT Testing** untuk fitur: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Langkah:
|
|
8
|
+
1. **Manual Tester** → generate scenario matrix (Normal + Abnormal case) per fitur/fungsi, lalu eksekusi headful Playwright dengan screenshot tiap skenario, update Pass/Fail + Severity (Major/Minor) di `task/[TASK-ID]_[nama-task]/manual_test_report.md`.
|
|
9
|
+
2. Jika ada temuan **Major** → rekomendasikan **Fixer** untuk memperbaiki, lalu jalankan ulang `/manual-test` untuk retest (iterasi bertambah otomatis, histori iterasi sebelumnya tetap tersimpan).
|
|
10
|
+
3. **GATE — UAT hijau:** semua skenario Pass, atau temuan Minor yang tersisa sudah didokumentasikan dan diterima human.
|
|
11
|
+
|
|
12
|
+
**Catatan integrasi (PENTING):**
|
|
13
|
+
- Command ini **independen/opsional** dari `/test-feature` (scripted E2E oleh Tester Agent) — bisa dijalankan berdampingan kapan saja, **tidak mengubah** gate Fase 3 atau alur `/deliver-feature` yang sudah ada.
|
|
14
|
+
- Manual Tester **tidak pernah mengubah** `Current Status` di `task/task_list.md` — hanya menambah baris di `Status Logs:`. Ini menjaga state machine Tester/Fixer tetap konsisten walau `/manual-test` dipanggil terpisah.
|
|
15
|
+
- Definisi lengkap agent: `agent/workflows/manual-tester.md`.
|
|
16
|
+
- Screenshot tersimpan di `tests/screenshots/[TASK-ID]/iteration-[N]/`, laporan (scenario matrix + summary) di `task/[TASK-ID]_[nama-task]/manual_test_report.md`.
|
|
17
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
+
- Jika muncul perubahan scope di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,30 +1,30 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Perencanaan terfokus untuk SATU fitur — hasilkan spesifikasi lengkap (low-entropy) tanpa merencanakan ulang seluruh proyek.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Perencanaan Fitur** (sub-set Fase 1, ruang lingkup satu fitur) untuk: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
> Berbeda dengan `/plan-project` yang menghasilkan SELURUH blueprint proyek, `/plan-feature` mengasumsikan blueprint proyek sudah ada dan hanya menghasilkan **spesifikasi satu fitur** yang siap dikerjakan. Output akhirnya identik dengan yang diproduksi Analyst: file spec lengkap di `specifications/` sesuai `schemas/specification.template.md`.
|
|
8
|
-
|
|
9
|
-
**PRECONDITION CHECK (langkah 0):**
|
|
10
|
-
- Pastikan `project_overview.md` ada dan "Tech Stack" + "UI Guidelines" terisi.
|
|
11
|
-
- Pastikan `specifications/000_spec_environment_setup.md` sudah ada.
|
|
12
|
-
- **Jika salah satu belum ada:** proyek belum direncanakan. **BERHENTI** dan arahkan human menjalankan `/plan-project` dulu. Jangan menambal blueprint proyek di sini.
|
|
13
|
-
|
|
14
|
-
Langkah:
|
|
15
|
-
1. **Feature Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama mewawancarai human, khusus untuk fitur ini: tujuan & nilai, aktor/role, ruang lingkup, **apa yang di luar ruang lingkup (Non-Goals)**, aturan bisnis, dan kriteria sukses. Ringkas, fokus fitur — bukan wawancara proyek penuh. Ikuti gaya tanya-jawab `agent/workflows/discovery.md` namun terbatas pada fitur.
|
|
16
|
-
2. **GATE:** Human sign-off ruang lingkup & Non-Goals fitur.
|
|
17
|
-
3. **Delta acuan (KONDISIONAL — hanya jika fitur menuntutnya):**
|
|
18
|
-
- Jika fitur butuh entitas/kolom data BARU → delegasikan ke **Data Architect** untuk menambah delta di `state/knowledge_base/data-model/` (bukan redesign).
|
|
19
|
-
- Jika fitur butuh komponen/pola UI BARU → delegasikan ke **UX Designer** untuk menambah delta di `state/knowledge_base/design-system/`.
|
|
20
|
-
- Jika `depth=deep` dan fitur menyentuh data sensitif → koordinasi **Security (Mode S)** untuk aturan yang relevan.
|
|
21
|
-
- Jika tidak ada kebutuhan baru, lewati langkah ini.
|
|
22
|
-
4. **Analyst** → tulis spesifikasi fitur lengkap di `specifications/NNN_...md` (nomor urut berikutnya), mengikuti `schemas/specification.template.md` dan **Low-Entropy Gate** di `agent/workflows/analyst.md`. Terapkan atomicity (1 file = 1 user story; pecah bila perlu). **API Contract wajib final & deterministik.**
|
|
23
|
-
5. **GATE — Spec disetujui:** Human set `Human Approval Status: approved`. API Contract final sebelum fitur boleh masuk `/build-feature`.
|
|
24
|
-
|
|
25
|
-
**Aturan orkestrasi (WAJIB):**
|
|
26
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
27
|
-
- **BERHENTI di setiap GATE** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
28
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
29
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
30
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Perencanaan terfokus untuk SATU fitur — hasilkan spesifikasi lengkap (low-entropy) tanpa merencanakan ulang seluruh proyek.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Perencanaan Fitur** (sub-set Fase 1, ruang lingkup satu fitur) untuk: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
> Berbeda dengan `/plan-project` yang menghasilkan SELURUH blueprint proyek, `/plan-feature` mengasumsikan blueprint proyek sudah ada dan hanya menghasilkan **spesifikasi satu fitur** yang siap dikerjakan. Output akhirnya identik dengan yang diproduksi Analyst: file spec lengkap di `specifications/` sesuai `schemas/specification.template.md`.
|
|
8
|
+
|
|
9
|
+
**PRECONDITION CHECK (langkah 0):**
|
|
10
|
+
- Pastikan `project_overview.md` ada dan "Tech Stack" + "UI Guidelines" terisi.
|
|
11
|
+
- Pastikan `specifications/000_spec_environment_setup.md` sudah ada.
|
|
12
|
+
- **Jika salah satu belum ada:** proyek belum direncanakan. **BERHENTI** dan arahkan human menjalankan `/plan-project` dulu. Jangan menambal blueprint proyek di sini.
|
|
13
|
+
|
|
14
|
+
Langkah:
|
|
15
|
+
1. **Feature Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama mewawancarai human, khusus untuk fitur ini: tujuan & nilai, aktor/role, ruang lingkup, **apa yang di luar ruang lingkup (Non-Goals)**, aturan bisnis, dan kriteria sukses. Ringkas, fokus fitur — bukan wawancara proyek penuh. Ikuti gaya tanya-jawab `agent/workflows/discovery.md` namun terbatas pada fitur.
|
|
16
|
+
2. **GATE:** Human sign-off ruang lingkup & Non-Goals fitur.
|
|
17
|
+
3. **Delta acuan (KONDISIONAL — hanya jika fitur menuntutnya):**
|
|
18
|
+
- Jika fitur butuh entitas/kolom data BARU → delegasikan ke **Data Architect** untuk menambah delta di `state/knowledge_base/data-model/` (bukan redesign).
|
|
19
|
+
- Jika fitur butuh komponen/pola UI BARU → delegasikan ke **UX Designer** untuk menambah delta di `state/knowledge_base/design-system/`.
|
|
20
|
+
- Jika `depth=deep` dan fitur menyentuh data sensitif → koordinasi **Security (Mode S)** untuk aturan yang relevan.
|
|
21
|
+
- Jika tidak ada kebutuhan baru, lewati langkah ini.
|
|
22
|
+
4. **Analyst** → tulis spesifikasi fitur lengkap di `specifications/NNN_...md` (nomor urut berikutnya), mengikuti `schemas/specification.template.md` dan **Low-Entropy Gate** di `agent/workflows/analyst.md`. Terapkan atomicity (1 file = 1 user story; pecah bila perlu). **API Contract wajib final & deterministik.**
|
|
23
|
+
5. **GATE — Spec disetujui:** Human set `Human Approval Status: approved`. API Contract final sebelum fitur boleh masuk `/build-feature`.
|
|
24
|
+
|
|
25
|
+
**Aturan orkestrasi (WAJIB):**
|
|
26
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
27
|
+
- **BERHENTI di setiap GATE** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
28
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
29
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
30
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,25 +1,25 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Jalankan Fase 1 (Perencanaan) — hasilkan semua blueprint/acuan dengan human gate.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Fase 1 — Perencanaan** untuk: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
Langkah:
|
|
8
|
-
0. **Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama wawancara human (tanya-jawab bertahap), hasilkan `state/knowledge_base/requirements/requirements.md`. Ikuti metodologi di `agent/workflows/discovery.md`.
|
|
9
|
-
1. **GATE:** Human sign-off `requirements.md`
|
|
10
|
-
2. **Initiator** (delegasi) → `project_overview.md` (sintesis dari requirements, termasuk `WORK_DEPTH`)
|
|
11
|
-
3. **CHECKPOINT:** Human review tech stack, UI vibe, work depth
|
|
12
|
-
4. **SysArch** → `state/knowledge_base/architecture/` (jika ada infra requirement)
|
|
13
|
-
5. **Data Architect** → `state/knowledge_base/data-model/`
|
|
14
|
-
6. **UX Designer** → `state/knowledge_base/design-system/`
|
|
15
|
-
7. **Security (Mode S)** → `state/knowledge_base/security/security-standards.md`
|
|
16
|
-
8. **Analyst** → `specifications/000_spec_environment_setup.md` + backlog user story (termasuk **API Contract**)
|
|
17
|
-
9. **DevOps** → environment setup (jika dibutuhkan)
|
|
18
|
-
10. **GATE — Blueprint disetujui:** API Contract wajib final.
|
|
19
|
-
|
|
20
|
-
**Aturan orkestrasi (WAJIB):**
|
|
21
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
22
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
23
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
24
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
25
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Jalankan Fase 1 (Perencanaan) — hasilkan semua blueprint/acuan dengan human gate.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Fase 1 — Perencanaan** untuk: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Langkah:
|
|
8
|
+
0. **Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama wawancara human (tanya-jawab bertahap), hasilkan `state/knowledge_base/requirements/requirements.md`. Ikuti metodologi di `agent/workflows/discovery.md`.
|
|
9
|
+
1. **GATE:** Human sign-off `requirements.md`
|
|
10
|
+
2. **Initiator** (delegasi) → `project_overview.md` (sintesis dari requirements, termasuk `WORK_DEPTH`)
|
|
11
|
+
3. **CHECKPOINT:** Human review tech stack, UI vibe, work depth
|
|
12
|
+
4. **SysArch** → `state/knowledge_base/architecture/` (jika ada infra requirement)
|
|
13
|
+
5. **Data Architect** → `state/knowledge_base/data-model/`
|
|
14
|
+
6. **UX Designer** → `state/knowledge_base/design-system/`
|
|
15
|
+
7. **Security (Mode S)** → `state/knowledge_base/security/security-standards.md`
|
|
16
|
+
8. **Analyst** → `specifications/000_spec_environment_setup.md` + backlog user story (termasuk **API Contract**)
|
|
17
|
+
9. **DevOps** → environment setup (jika dibutuhkan)
|
|
18
|
+
10. **GATE — Blueprint disetujui:** API Contract wajib final.
|
|
19
|
+
|
|
20
|
+
**Aturan orkestrasi (WAJIB):**
|
|
21
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
22
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
23
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
24
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
25
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Rangkaian akhir ke produksi: hardening → changelog → version tag.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan rangkaian rilis untuk versi: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
1. **PM** → summarize semua task `done` sejak release terakhir
|
|
8
|
-
2. Jalankan **/harden-release "$ARGUMENTS"** (Fase 4) — berhenti di gate-nya
|
|
9
|
-
3. **Document** → update `CHANGELOG.md`
|
|
10
|
-
4. **DevOps** → bump version, buat git tag `v$ARGUMENTS`
|
|
11
|
-
5. **CHECKPOINT:** Human review CHANGELOG & approve release tag.
|
|
12
|
-
|
|
13
|
-
**Aturan orkestrasi (WAJIB):**
|
|
14
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
15
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
16
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
17
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Rangkaian akhir ke produksi: hardening → changelog → version tag.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan rangkaian rilis untuk versi: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
1. **PM** → summarize semua task `done` sejak release terakhir
|
|
8
|
+
2. Jalankan **/harden-release "$ARGUMENTS"** (Fase 4) — berhenti di gate-nya
|
|
9
|
+
3. **Document** → update `CHANGELOG.md`
|
|
10
|
+
4. **DevOps** → bump version, buat git tag `v$ARGUMENTS`
|
|
11
|
+
5. **CHECKPOINT:** Human review CHANGELOG & approve release tag.
|
|
12
|
+
|
|
13
|
+
**Aturan orkestrasi (WAJIB):**
|
|
14
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
15
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
16
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
17
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,19 +1,19 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Audit keamanan ad-hoc di luar siklus release.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan security audit untuk scope: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
1. **Security (Mode A)** → Threat Modeling
|
|
8
|
-
2. **Security (Mode B)** → Vulnerability Scan
|
|
9
|
-
3. **CHECKPOINT:** Human review findings (approve fix plan / accepted risk)
|
|
10
|
-
4. **Security (Mode C)** → fix CRITICAL & HIGH
|
|
11
|
-
5. **Tester** → regression test
|
|
12
|
-
6. **CHECKPOINT:** Human sign-off.
|
|
13
|
-
|
|
14
|
-
**Aturan orkestrasi (WAJIB):**
|
|
15
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
16
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
17
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
18
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
19
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Audit keamanan ad-hoc di luar siklus release.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan security audit untuk scope: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
1. **Security (Mode A)** → Threat Modeling
|
|
8
|
+
2. **Security (Mode B)** → Vulnerability Scan
|
|
9
|
+
3. **CHECKPOINT:** Human review findings (approve fix plan / accepted risk)
|
|
10
|
+
4. **Security (Mode C)** → fix CRITICAL & HIGH
|
|
11
|
+
5. **Tester** → regression test
|
|
12
|
+
6. **CHECKPOINT:** Human sign-off.
|
|
13
|
+
|
|
14
|
+
**Aturan orkestrasi (WAJIB):**
|
|
15
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
16
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
17
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
18
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
19
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Setup/optimasi workspace agentik — install skills & konfigurasi MCP untuk tool AI yang dipakai. Re-callable saat pindah tool.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Toolsmith** (Agentic Workspace Provisioner) untuk: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
Tujuan: menyiapkan perkakas si AI agent (skills + MCP) agar bekerja optimal — **bukan** infra produk (itu DevOps).
|
|
8
|
-
|
|
9
|
-
Langkah:
|
|
10
|
-
1. **Deteksi mode** dari argumen (`init` default jika `state/workspace-manifest.json` belum ada; `switch` saat pindah tool; `sync` untuk perbaiki drift).
|
|
11
|
-
2. **Deteksi tool aktif** dari penanda (`.claude/`, `.opencode/`, `.agents/`, `.github/prompts/`/`.vscode/`). Ambigu → tanya human.
|
|
12
|
-
3. **Mode `init`:** tentukan kebutuhan (hybrid: `schemas/workspace-registry.json` `stackMappings` dari tech stack di `project_overview.md`/`requirements.md` + baseline + augmentasi `find-skills`) → tulis `state/workspace-manifest.json` → **tunjukkan ringkasan, minta approve human**.
|
|
13
|
-
4. **Mode `switch`/`sync`:** baca manifest yang ada (jangan hitung ulang), apply ke tool target.
|
|
14
|
-
5. **Apply declarative:** tulis MCP ke file config tool (`.mcp.json` / `opencode.json` / `.vscode/mcp.json` / `.agents/mcp.json`) sesuai `platformTargets`; install skills ke `skillsDir` via `npx skills add`. **Merge, jangan timpa. Secrets → placeholder `${VAR}`.**
|
|
15
|
-
6. **Update `appliedTo[tool]`** = timestamp; laporkan langkah manual tersisa.
|
|
16
|
-
|
|
17
|
-
**Aturan:**
|
|
18
|
-
- Definisi kanonik agen: `agent/workflows/toolsmith.md`. Registry: `schemas/workspace-registry.json`.
|
|
19
|
-
- **JANGAN hardcode kredensial** — gunakan placeholder env var dan instruksikan human mengisi `.env`.
|
|
20
|
-
- Perubahan daftar skill/MCP dicatat di manifest `revisionHistory` (No Silent Changes).
|
|
21
|
-
- Bisa dipanggil kapan saja — termasuk di tengah fase saat developer pindah tool AI.
|
|
1
|
+
---
|
|
2
|
+
description: Setup/optimasi workspace agentik — install skills & konfigurasi MCP untuk tool AI yang dipakai. Re-callable saat pindah tool.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Toolsmith** (Agentic Workspace Provisioner) untuk: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Tujuan: menyiapkan perkakas si AI agent (skills + MCP) agar bekerja optimal — **bukan** infra produk (itu DevOps).
|
|
8
|
+
|
|
9
|
+
Langkah:
|
|
10
|
+
1. **Deteksi mode** dari argumen (`init` default jika `state/workspace-manifest.json` belum ada; `switch` saat pindah tool; `sync` untuk perbaiki drift).
|
|
11
|
+
2. **Deteksi tool aktif** dari penanda (`.claude/`, `.opencode/`, `.agents/`, `.github/prompts/`/`.vscode/`). Ambigu → tanya human.
|
|
12
|
+
3. **Mode `init`:** tentukan kebutuhan (hybrid: `schemas/workspace-registry.json` `stackMappings` dari tech stack di `project_overview.md`/`requirements.md` + baseline + augmentasi `find-skills`) → tulis `state/workspace-manifest.json` → **tunjukkan ringkasan, minta approve human**.
|
|
13
|
+
4. **Mode `switch`/`sync`:** baca manifest yang ada (jangan hitung ulang), apply ke tool target.
|
|
14
|
+
5. **Apply declarative:** tulis MCP ke file config tool (`.mcp.json` / `opencode.json` / `.vscode/mcp.json` / `.agents/mcp.json`) sesuai `platformTargets`; install skills ke `skillsDir` via `npx skills add`. **Merge, jangan timpa. Secrets → placeholder `${VAR}`.**
|
|
15
|
+
6. **Update `appliedTo[tool]`** = timestamp; laporkan langkah manual tersisa.
|
|
16
|
+
|
|
17
|
+
**Aturan:**
|
|
18
|
+
- Definisi kanonik agen: `agent/workflows/toolsmith.md`. Registry: `schemas/workspace-registry.json`.
|
|
19
|
+
- **JANGAN hardcode kredensial** — gunakan placeholder env var dan instruksikan human mengisi `.env`.
|
|
20
|
+
- Perubahan daftar skill/MCP dicatat di manifest `revisionHistory` (No Silent Changes).
|
|
21
|
+
- Bisa dipanggil kapan saja — termasuk di tengah fase saat developer pindah tool AI.
|
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Perbaikan bug terarah: fix → review → regression.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Tangani bug: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
**Langkah Pipeline:**
|
|
8
|
-
1. **Fixer** → analisis root cause & fix. Sampaikan deskripsi bug ini: "$ARGUMENTS". Instruksikan Fixer untuk membaca `task/task_list.md` guna menemukan Task ID relevan; jika tidak ditemukan atau `task_list.md` belum ada, lanjutkan langsung ke diagnosa source code di `codes/`.
|
|
9
|
-
2. **QA** → quick static review pada file yang diubah oleh Fixer.
|
|
10
|
-
3. **Tester** → regression test untuk memastikan fix tidak break fitur lain.
|
|
11
|
-
4. **CHECKPOINT:** Tampilkan ringkasan: bug yang diperbaiki, root cause, file yang diubah. Minta validasi human secara eksplisit.
|
|
12
|
-
|
|
13
|
-
**Aturan orkestrasi (WAJIB):**
|
|
14
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
15
|
-
- **BERHENTI di CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum menutup pipeline.
|
|
16
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
17
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Perbaikan bug terarah: fix → review → regression.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Tangani bug: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
**Langkah Pipeline:**
|
|
8
|
+
1. **Fixer** → analisis root cause & fix. Sampaikan deskripsi bug ini: "$ARGUMENTS". Instruksikan Fixer untuk membaca `task/task_list.md` guna menemukan Task ID relevan; jika tidak ditemukan atau `task_list.md` belum ada, lanjutkan langsung ke diagnosa source code di `codes/`.
|
|
9
|
+
2. **QA** → quick static review pada file yang diubah oleh Fixer.
|
|
10
|
+
3. **Tester** → regression test untuk memastikan fix tidak break fitur lain.
|
|
11
|
+
4. **CHECKPOINT:** Tampilkan ringkasan: bug yang diperbaiki, root cause, file yang diubah. Minta validasi human secara eksplisit.
|
|
12
|
+
|
|
13
|
+
**Aturan orkestrasi (WAJIB):**
|
|
14
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
15
|
+
- **BERHENTI di CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum menutup pipeline.
|
|
16
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
17
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,17 +1,17 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Jalankan Fase 3 (Testing) — E2E test fungsional terhadap spesifikasi.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Fase 3 — Testing** untuk fitur: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
Langkah:
|
|
8
|
-
1. **Tester** → buat & jalankan E2E test berdasarkan spec
|
|
9
|
-
2. Jika FAIL → **Fixer** → loop balik ke langkah 1
|
|
10
|
-
3. **GATE — Fungsional hijau:** semua test pass.
|
|
11
|
-
|
|
12
|
-
**Aturan orkestrasi (WAJIB):**
|
|
13
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
14
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
15
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
16
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
17
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Jalankan Fase 3 (Testing) — E2E test fungsional terhadap spesifikasi.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Fase 3 — Testing** untuk fitur: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Langkah:
|
|
8
|
+
1. **Tester** → buat & jalankan E2E test berdasarkan spec
|
|
9
|
+
2. Jika FAIL → **Fixer** → loop balik ke langkah 1
|
|
10
|
+
3. **GATE — Fungsional hijau:** semua test pass.
|
|
11
|
+
|
|
12
|
+
**Aturan orkestrasi (WAJIB):**
|
|
13
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
14
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
15
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
16
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
17
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,94 +1,94 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: penetration-testing
|
|
3
|
-
description: >
|
|
4
|
-
Ethical hacking and security testing methodologies using penetration testing
|
|
5
|
-
tools, exploit frameworks, and manual security validation. Use when assessing
|
|
6
|
-
application security posture and identifying exploitable vulnerabilities.
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# Penetration Testing
|
|
10
|
-
|
|
11
|
-
## Table of Contents
|
|
12
|
-
|
|
13
|
-
- [Overview](#overview)
|
|
14
|
-
- [When to Use](#when-to-use)
|
|
15
|
-
- [Quick Start](#quick-start)
|
|
16
|
-
- [Reference Guides](#reference-guides)
|
|
17
|
-
- [Best Practices](#best-practices)
|
|
18
|
-
|
|
19
|
-
## Overview
|
|
20
|
-
|
|
21
|
-
Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
|
|
22
|
-
|
|
23
|
-
## When to Use
|
|
24
|
-
|
|
25
|
-
- Pre-production security validation
|
|
26
|
-
- Annual security assessments
|
|
27
|
-
- Compliance requirements (PCI-DSS, ISO 27001)
|
|
28
|
-
- Post-incident security review
|
|
29
|
-
- Third-party security audits
|
|
30
|
-
- Red team exercises
|
|
31
|
-
|
|
32
|
-
## Quick Start
|
|
33
|
-
|
|
34
|
-
Minimal working example:
|
|
35
|
-
|
|
36
|
-
```python
|
|
37
|
-
# pentest_framework.py
|
|
38
|
-
import requests
|
|
39
|
-
import socket
|
|
40
|
-
import subprocess
|
|
41
|
-
import json
|
|
42
|
-
from typing import List, Dict
|
|
43
|
-
from dataclasses import dataclass, asdict
|
|
44
|
-
from datetime import datetime
|
|
45
|
-
|
|
46
|
-
@dataclass
|
|
47
|
-
class Finding:
|
|
48
|
-
severity: str
|
|
49
|
-
category: str
|
|
50
|
-
target: str
|
|
51
|
-
vulnerability: str
|
|
52
|
-
evidence: str
|
|
53
|
-
remediation: str
|
|
54
|
-
cvss_score: float
|
|
55
|
-
|
|
56
|
-
class PenetrationTester:
|
|
57
|
-
def __init__(self, target: str):
|
|
58
|
-
self.target = target
|
|
59
|
-
self.findings: List[Finding] = []
|
|
60
|
-
|
|
61
|
-
def test_sql_injection(self, url: str) -> None:
|
|
62
|
-
// ... (see reference guides for full implementation)
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
## Reference Guides
|
|
66
|
-
|
|
67
|
-
Detailed implementations in the `references/` directory:
|
|
68
|
-
|
|
69
|
-
| Guide | Contents |
|
|
70
|
-
|---|---|
|
|
71
|
-
| [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
|
|
72
|
-
| [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
|
|
73
|
-
|
|
74
|
-
## Best Practices
|
|
75
|
-
|
|
76
|
-
### ✅ DO
|
|
77
|
-
|
|
78
|
-
- Get written authorization
|
|
79
|
-
- Define clear scope
|
|
80
|
-
- Use controlled environments
|
|
81
|
-
- Document all findings
|
|
82
|
-
- Follow responsible disclosure
|
|
83
|
-
- Provide remediation guidance
|
|
84
|
-
- Verify fixes after patching
|
|
85
|
-
- Maintain chain of custody
|
|
86
|
-
|
|
87
|
-
### ❌ DON'T
|
|
88
|
-
|
|
89
|
-
- Test production without approval
|
|
90
|
-
- Cause service disruption
|
|
91
|
-
- Exfiltrate sensitive data
|
|
92
|
-
- Share findings publicly
|
|
93
|
-
- Exceed authorized scope
|
|
94
|
-
- Use destructive payloads
|
|
1
|
+
---
|
|
2
|
+
name: penetration-testing
|
|
3
|
+
description: >
|
|
4
|
+
Ethical hacking and security testing methodologies using penetration testing
|
|
5
|
+
tools, exploit frameworks, and manual security validation. Use when assessing
|
|
6
|
+
application security posture and identifying exploitable vulnerabilities.
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Penetration Testing
|
|
10
|
+
|
|
11
|
+
## Table of Contents
|
|
12
|
+
|
|
13
|
+
- [Overview](#overview)
|
|
14
|
+
- [When to Use](#when-to-use)
|
|
15
|
+
- [Quick Start](#quick-start)
|
|
16
|
+
- [Reference Guides](#reference-guides)
|
|
17
|
+
- [Best Practices](#best-practices)
|
|
18
|
+
|
|
19
|
+
## Overview
|
|
20
|
+
|
|
21
|
+
Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
|
|
22
|
+
|
|
23
|
+
## When to Use
|
|
24
|
+
|
|
25
|
+
- Pre-production security validation
|
|
26
|
+
- Annual security assessments
|
|
27
|
+
- Compliance requirements (PCI-DSS, ISO 27001)
|
|
28
|
+
- Post-incident security review
|
|
29
|
+
- Third-party security audits
|
|
30
|
+
- Red team exercises
|
|
31
|
+
|
|
32
|
+
## Quick Start
|
|
33
|
+
|
|
34
|
+
Minimal working example:
|
|
35
|
+
|
|
36
|
+
```python
|
|
37
|
+
# pentest_framework.py
|
|
38
|
+
import requests
|
|
39
|
+
import socket
|
|
40
|
+
import subprocess
|
|
41
|
+
import json
|
|
42
|
+
from typing import List, Dict
|
|
43
|
+
from dataclasses import dataclass, asdict
|
|
44
|
+
from datetime import datetime
|
|
45
|
+
|
|
46
|
+
@dataclass
|
|
47
|
+
class Finding:
|
|
48
|
+
severity: str
|
|
49
|
+
category: str
|
|
50
|
+
target: str
|
|
51
|
+
vulnerability: str
|
|
52
|
+
evidence: str
|
|
53
|
+
remediation: str
|
|
54
|
+
cvss_score: float
|
|
55
|
+
|
|
56
|
+
class PenetrationTester:
|
|
57
|
+
def __init__(self, target: str):
|
|
58
|
+
self.target = target
|
|
59
|
+
self.findings: List[Finding] = []
|
|
60
|
+
|
|
61
|
+
def test_sql_injection(self, url: str) -> None:
|
|
62
|
+
// ... (see reference guides for full implementation)
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
## Reference Guides
|
|
66
|
+
|
|
67
|
+
Detailed implementations in the `references/` directory:
|
|
68
|
+
|
|
69
|
+
| Guide | Contents |
|
|
70
|
+
|---|---|
|
|
71
|
+
| [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
|
|
72
|
+
| [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
|
|
73
|
+
|
|
74
|
+
## Best Practices
|
|
75
|
+
|
|
76
|
+
### ✅ DO
|
|
77
|
+
|
|
78
|
+
- Get written authorization
|
|
79
|
+
- Define clear scope
|
|
80
|
+
- Use controlled environments
|
|
81
|
+
- Document all findings
|
|
82
|
+
- Follow responsible disclosure
|
|
83
|
+
- Provide remediation guidance
|
|
84
|
+
- Verify fixes after patching
|
|
85
|
+
- Maintain chain of custody
|
|
86
|
+
|
|
87
|
+
### ❌ DON'T
|
|
88
|
+
|
|
89
|
+
- Test production without approval
|
|
90
|
+
- Cause service disruption
|
|
91
|
+
- Exfiltrate sensitive data
|
|
92
|
+
- Share findings publicly
|
|
93
|
+
- Exceed authorized scope
|
|
94
|
+
- Use destructive payloads
|