flyee 0.1.0

package/core/scripts/verify_all.py

@@ -0,0 +1,327 @@
+#!/usr/bin/env python3
+"""
+Full Verification Suite - Antigravity Kit
+==========================================
+
+Runs COMPLETE validation including all checks + performance + E2E.
+Use this before deployment or major releases.
+
+Usage:
+    python scripts/verify_all.py . --url <URL>
+
+Includes ALL checks:
+    ✅ Security Scan (OWASP, secrets, dependencies)
+    ✅ Lint & Type Coverage
+    ✅ Schema Validation
+    ✅ Test Suite (unit + integration)
+    ✅ UX Audit (psychology, accessibility)
+    ✅ SEO Check
+    ✅ Lighthouse (Core Web Vitals)
+    ✅ Playwright E2E
+    ✅ Bundle Analysis (if applicable)
+    ✅ Mobile Audit (if applicable)
+"""
+
+import sys
+import subprocess
+import argparse
+from pathlib import Path
+from typing import List, Dict, Optional
+from datetime import datetime
+
+# ANSI colors
+class Colors:
+    HEADER = '\033[95m'
+    BLUE = '\033[94m'
+    CYAN = '\033[96m'
+    GREEN = '\033[92m'
+    YELLOW = '\033[93m'
+    RED = '\033[91m'
+    ENDC = '\033[0m'
+    BOLD = '\033[1m'
+
+def print_header(text: str):
+    print(f"\n{Colors.BOLD}{Colors.CYAN}{'='*70}{Colors.ENDC}")
+    print(f"{Colors.BOLD}{Colors.CYAN}{text.center(70)}{Colors.ENDC}")
+    print(f"{Colors.BOLD}{Colors.CYAN}{'='*70}{Colors.ENDC}\n")
+
+def print_step(text: str):
+    print(f"{Colors.BOLD}{Colors.BLUE}🔄 {text}{Colors.ENDC}")
+
+def print_success(text: str):
+    print(f"{Colors.GREEN}✅ {text}{Colors.ENDC}")
+
+def print_warning(text: str):
+    print(f"{Colors.YELLOW}⚠️  {text}{Colors.ENDC}")
+
+def print_error(text: str):
+    print(f"{Colors.RED}❌ {text}{Colors.ENDC}")
+
+# Complete verification suite
+VERIFICATION_SUITE = [
+    # P0: Security (CRITICAL)
+    {
+        "category": "Security",
+        "checks": [
+            ("Security Scan", ".agent/skills/vulnerability-scanner/scripts/security_scan.py", True),
+            ("Dependency Analysis", ".agent/skills/vulnerability-scanner/scripts/dependency_analyzer.py", False),
+        ]
+    },
+    
+    # P1: Code Quality (CRITICAL)
+    {
+        "category": "Code Quality",
+        "checks": [
+            ("Lint Check", ".agent/skills/lint-and-validate/scripts/lint_runner.py", True),
+            ("Type Coverage", ".agent/skills/lint-and-validate/scripts/type_coverage.py", False),
+        ]
+    },
+    
+    # P2: Data Layer
+    {
+        "category": "Data Layer",
+        "checks": [
+            ("Schema Validation", ".agent/skills/database-design/scripts/schema_validator.py", False),
+        ]
+    },
+    
+    # P3: Testing
+    {
+        "category": "Testing",
+        "checks": [
+            ("Test Suite", ".agent/skills/testing-patterns/scripts/test_runner.py", False),
+        ]
+    },
+    
+    # P4: UX & Accessibility
+    {
+        "category": "UX & Accessibility",
+        "checks": [
+            ("UX Audit", ".agent/skills/frontend-design/scripts/ux_audit.py", False),
+            ("Accessibility Check", ".agent/skills/frontend-design/scripts/accessibility_checker.py", False),
+        ]
+    },
+    
+    # P5: SEO & Content
+    {
+        "category": "SEO & Content",
+        "checks": [
+            ("SEO Check", ".agent/skills/seo-fundamentals/scripts/seo_checker.py", False),
+            ("GEO Check", ".agent/skills/geo-fundamentals/scripts/geo_checker.py", False),
+        ]
+    },
+    
+    # P6: Performance (requires URL)
+    {
+        "category": "Performance",
+        "requires_url": True,
+        "checks": [
+            ("Lighthouse Audit", ".agent/skills/performance-profiling/scripts/lighthouse_audit.py", True),
+            ("Bundle Analysis", ".agent/skills/performance-profiling/scripts/bundle_analyzer.py", False),
+        ]
+    },
+    
+    # P7: E2E Testing (requires URL)
+    {
+        "category": "E2E Testing",
+        "requires_url": True,
+        "checks": [
+            ("Playwright E2E", ".agent/skills/webapp-testing/scripts/playwright_runner.py", False),
+        ]
+    },
+    
+    # P8: Mobile (if applicable)
+    {
+        "category": "Mobile",
+        "checks": [
+            ("Mobile Audit", ".agent/skills/mobile-design/scripts/mobile_audit.py", False),
+        ]
+    },
+    
+    # P9: Internationalization
+    {
+        "category": "Internationalization",
+        "checks": [
+            ("i18n Check", ".agent/skills/i18n-localization/scripts/i18n_checker.py", False),
+        ]
+    },
+]
+
+def run_script(name: str, script_path: Path, project_path: str, url: Optional[str] = None) -> dict:
+    """Run validation script"""
+    if not script_path.exists():
+        print_warning(f"{name}: Script not found, skipping")
+        return {"name": name, "passed": True, "skipped": True, "duration": 0}
+    
+    print_step(f"Running: {name}")
+    start_time = datetime.now()
+    
+    # Build command
+    cmd = ["python", str(script_path), project_path]
+    if url and ("lighthouse" in script_path.name.lower() or "playwright" in script_path.name.lower()):
+        cmd.append(url)
+    
+    # Run
+    try:
+        result = subprocess.run(
+            cmd,
+            capture_output=True,
+            text=True,
+            timeout=600  # 10 minute timeout for slow checks
+        )
+        
+        duration = (datetime.now() - start_time).total_seconds()
+        passed = result.returncode == 0
+        
+        if passed:
+            print_success(f"{name}: PASSED ({duration:.1f}s)")
+        else:
+            print_error(f"{name}: FAILED ({duration:.1f}s)")
+            if result.stderr:
+                print(f"  {result.stderr[:300]}")
+        
+        return {
+            "name": name,
+            "passed": passed,
+            "output": result.stdout,
+            "error": result.stderr,
+            "skipped": False,
+            "duration": duration
+        }
+    
+    except subprocess.TimeoutExpired:
+        duration = (datetime.now() - start_time).total_seconds()
+        print_error(f"{name}: TIMEOUT (>{duration:.0f}s)")
+        return {"name": name, "passed": False, "skipped": False, "duration": duration, "error": "Timeout"}
+    
+    except Exception as e:
+        duration = (datetime.now() - start_time).total_seconds()
+        print_error(f"{name}: ERROR - {str(e)}")
+        return {"name": name, "passed": False, "skipped": False, "duration": duration, "error": str(e)}
+
+def print_final_report(results: List[dict], start_time: datetime):
+    """Print comprehensive final report"""
+    total_duration = (datetime.now() - start_time).total_seconds()
+    
+    print_header("📊 FULL VERIFICATION REPORT")
+    
+    # Statistics
+    total = len(results)
+    passed = sum(1 for r in results if r["passed"] and not r.get("skipped"))
+    failed = sum(1 for r in results if not r["passed"] and not r.get("skipped"))
+    skipped = sum(1 for r in results if r.get("skipped"))
+    
+    print(f"Total Duration: {total_duration:.1f}s")
+    print(f"Total Checks: {total}")
+    print(f"{Colors.GREEN}✅ Passed: {passed}{Colors.ENDC}")
+    print(f"{Colors.RED}❌ Failed: {failed}{Colors.ENDC}")
+    print(f"{Colors.YELLOW}⏭️  Skipped: {skipped}{Colors.ENDC}")
+    print()
+    
+    # Category breakdown
+    print(f"{Colors.BOLD}Results by Category:{Colors.ENDC}")
+    current_category = None
+    for r in results:
+        # Print category header if changed
+        if r.get("category") and r["category"] != current_category:
+            current_category = r["category"]
+            print(f"\n{Colors.BOLD}{Colors.CYAN}{current_category}:{Colors.ENDC}")
+        
+        # Print result
+        if r.get("skipped"):
+            status = f"{Colors.YELLOW}⏭️ {Colors.ENDC}"
+        elif r["passed"]:
+            status = f"{Colors.GREEN}✅{Colors.ENDC}"
+        else:
+            status = f"{Colors.RED}❌{Colors.ENDC}"
+        
+        duration_str = f"({r.get('duration', 0):.1f}s)" if not r.get("skipped") else ""
+        print(f"  {status} {r['name']} {duration_str}")
+    
+    print()
+    
+    # Failed checks detail
+    if failed > 0:
+        print(f"{Colors.BOLD}{Colors.RED}❌ FAILED CHECKS:{Colors.ENDC}")
+        for r in results:
+            if not r["passed"] and not r.get("skipped"):
+                print(f"\n{Colors.RED}✗ {r['name']}{Colors.ENDC}")
+                if r.get("error"):
+                    error_preview = r["error"][:200]
+                    print(f"  Error: {error_preview}")
+        print()
+    
+    # Final verdict
+    if failed > 0:
+        print_error(f"VERIFICATION FAILED - {failed} check(s) need attention")
+        print(f"\n{Colors.YELLOW}💡 Tip: Fix critical (security, lint) issues first{Colors.ENDC}")
+        return False
+    else:
+        print_success("✨ ALL CHECKS PASSED - Ready for deployment! ✨")
+        return True
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Run complete Antigravity Kit verification suite",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog="""
+Examples:
+  python scripts/verify_all.py . --url http://localhost:3000
+  python scripts/verify_all.py . --url https://staging.example.com --no-e2e
+        """
+    )
+    parser.add_argument("project", help="Project path to validate")
+    parser.add_argument("--url", required=True, help="URL for performance & E2E checks")
+    parser.add_argument("--no-e2e", action="store_true", help="Skip E2E tests")
+    parser.add_argument("--stop-on-fail", action="store_true", help="Stop on first failure")
+    
+    args = parser.parse_args()
+    
+    project_path = Path(args.project).resolve()
+    
+    if not project_path.exists():
+        print_error(f"Project path does not exist: {project_path}")
+        sys.exit(1)
+    
+    print_header("🚀 ANTIGRAVITY KIT - FULL VERIFICATION SUITE")
+    print(f"Project: {project_path}")
+    print(f"URL: {args.url}")
+    print(f"Started: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
+    
+    start_time = datetime.now()
+    results = []
+    
+    # Run all verification categories
+    for suite in VERIFICATION_SUITE:
+        category = suite["category"]
+        requires_url = suite.get("requires_url", False)
+        
+        # Skip if requires URL and not provided
+        if requires_url and not args.url:
+            continue
+        
+        # Skip E2E if flag set
+        if args.no_e2e and category == "E2E Testing":
+            continue
+        
+        print_header(f"📋 {category.upper()}")
+        
+        for name, script_path, required in suite["checks"]:
+            script = project_path / script_path
+            result = run_script(name, script, str(project_path), args.url)
+            result["category"] = category
+            results.append(result)
+            
+            # Stop on critical failure if flag set
+            if args.stop_on_fail and required and not result["passed"] and not result.get("skipped"):
+                print_error(f"CRITICAL: {name} failed. Stopping verification.")
+                print_final_report(results, start_time)
+                sys.exit(1)
+    
+    # Print final report
+    all_passed = print_final_report(results, start_time)
+    
+    sys.exit(0 if all_passed else 1)
+
+if __name__ == "__main__":
+    main()

package/core/skills/analytics-strategy/SKILL.md

@@ -0,0 +1,128 @@
+---
+name: analytics-strategy
+description: Analytics planning and measurement strategy. Stack selection, event mapping, funnels, feature flags, and A/B testing. Used during design phases before implementation.
+---
+
+# Analytics Strategy
+
+> Define WHAT to measure, WHERE to measure, and HOW to measure before implementing.
+
+---
+
+## 🎯 When to Use
+
+| Workflow | Phase | Trigger |
+|----------|-------|---------|
+| `/new-project` | Phase 2.9 | After PAGE-SPECs approved |
+| `/legacy-project` | Analytics audit | After reverse engineering |
+| `/new-task` | New feature analytics | When feature needs metrics |
+
+> [!NOTE]
+> **Skip if:** Project is an internal POC without metrics needs.
+> **Mandatory for:** Any product that needs to measure conversion, engagement, or retention.
+
+**Output:** `## 📊 Analytics` section in each PAGE-SPEC + config in TDD.
+
+---
+
+## 📋 Process (5 Steps)
+
+### Step 1: Define Analytics Stack
+
+| Tool | Purpose | Phase |
+|------|---------|-------|
+| **PostHog** | Product Analytics, Session Replay, Feature Flags, Funnels | MVP |
+| **Google Search Console** | SEO: indexing, keywords, CTR | MVP |
+| **UTM Tracking** | Campaign attribution (captured by PostHog) | MVP |
+| **Google Tag Manager** | Centralized tag management | Growth |
+| **Meta Pixel** | Facebook/Instagram Ads, Remarketing | When advertising |
+| **Google Ads Tag** | Google Ads conversions | When advertising |
+
+---
+
+### Step 2: Map Events per Page
+
+For **EACH** PAGE-SPEC, add section:
+
+```markdown
+## 📊 Analytics (PostHog)
+
+### Custom Events
+| Event | Trigger | Properties |
+|-------|---------|------------|
+| `page_name_viewed` | Pageview | `referrer`, `utm_*` |
+| `cta_clicked` | Click CTA | `cta_type`, `section` |
+| ... | ... | ... |
+
+### Funnels to Measure
+- Funnel 1: ...
+- Funnel 2: ...
+
+### Feature Flags (A/B)
+- `flag_name`: Test description
+```
+
+---
+
+### Step 3: Ask the User (MANDATORY)
+
+```markdown
+## 📊 Analytics Strategy
+
+To define tracking for this project, I need to know:
+
+### 1. Success Metrics
+What are the **3 main metrics** you want to track?
+- [ ] Visitor → signup conversion
+- [ ] Free → paid conversion
+- [ ] Engagement (time on platform)
+- [ ] Retention (return in 7 days)
+- [ ] Feature adoption
+- [ ] Other: ___
+
+### 2. Paid Acquisition
+Do you plan to run **paid ads** (Meta, Google)?
+- [ ] Yes, soon → Configure pixels
+- [ ] Not now → Skip pixels
+- [ ] Not sure yet → Prepare but don't activate
+
+### 3. A/B Testing
+Which elements do you want to test?
+- [ ] CTAs (text, color)
+- [ ] Pricing page (plan order)
+- [ ] Onboarding flow
+- [ ] None for now
+```
+
+---
+
+### Step 4: Update TDD
+
+Add/update section `## 📈 Analytics & Tracking Strategy` in TDD with:
+- Stack tools
+- Events per page
+- Required environment variables (e.g. `NEXT_PUBLIC_POSTHOG_KEY`)
+
+---
+
+### Step 5: Update PAGE-SPECs
+
+For each prioritized PAGE-SPEC, add `## 📊 Analytics (PostHog)` section with:
+- Custom events
+- Funnels to measure
+- Feature flags for A/B
+
+---
+
+## 🔴 Exit Gate
+
+```markdown
+[ ] Analytics stack defined in TDD
+[ ] Events mapped for each PAGE-SPEC
+[ ] Environment variables listed in TDD
+[ ] User confirmed success metrics
+[ ] PAGE-SPECs updated with Analytics section
+```
+
+> [!CAUTION]
+> **BLOCKER:** Do not proceed to Breakdown without Analytics Strategy defined.

package/core/skills/api-patterns/SKILL.md

@@ -0,0 +1,81 @@
+---
+name: api-patterns
+description: API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
+allowed-tools: Read, Write, Edit, Glob, Grep
+---
+
+# API Patterns
+
+> API design principles and decision-making for 2025.
+> **Learn to THINK, not copy fixed patterns.**
+
+## 🎯 Selective Reading Rule
+
+**Read ONLY files relevant to the request!** Check the content map, find what you need.
+
+---
+
+## 📑 Content Map
+
+| File | Description | When to Read |
+|------|-------------|--------------|
+| `api-style.md` | REST vs GraphQL vs tRPC decision tree | Choosing API type |
+| `rest.md` | Resource naming, HTTP methods, status codes | Designing REST API |
+| `response.md` | Envelope pattern, error format, pagination | Response structure |
+| `graphql.md` | Schema design, when to use, security | Considering GraphQL |
+| `trpc.md` | TypeScript monorepo, type safety | TS fullstack projects |
+| `versioning.md` | URI/Header/Query versioning | API evolution planning |
+| `auth.md` | JWT, OAuth, Passkey, API Keys | Auth pattern selection |
+| `rate-limiting.md` | Token bucket, sliding window | API protection |
+| `documentation.md` | OpenAPI/Swagger best practices | Documentation |
+| `security-testing.md` | OWASP API Top 10, auth/authz testing | Security audits |
+
+---
+
+## 🔗 Related Skills
+
+| Need | Skill |
+|------|-------|
+| API implementation | `@[skills/backend-development]` |
+| Data structure | `@[skills/database-design]` |
+| Security details | `@[skills/security-hardening]` |
+
+---
+
+## ✅ Decision Checklist
+
+Before designing an API:
+
+- [ ] **Asked user about API consumers?**
+- [ ] **Chosen API style for THIS context?** (REST/GraphQL/tRPC)
+- [ ] **Defined consistent response format?**
+- [ ] **Planned versioning strategy?**
+- [ ] **Considered authentication needs?**
+- [ ] **Planned rate limiting?**
+- [ ] **Documentation approach defined?**
+
+---
+
+## ❌ Anti-Patterns
+
+**DON'T:**
+- Default to REST for everything
+- Use verbs in REST endpoints (/getUsers)
+- Return inconsistent response formats
+- Expose internal errors to clients
+- Skip rate limiting
+
+**DO:**
+- Choose API style based on context
+- Ask about client requirements
+- Document thoroughly
+- Use appropriate status codes
+
+---
+
+## Script
+
+| Script | Purpose | Command |
+|--------|---------|---------|
+| `scripts/api_validator.py` | API endpoint validation | `python scripts/api_validator.py <project_path>` |
+

package/core/skills/api-patterns/api-style.md

@@ -0,0 +1,42 @@
+# API Style Selection (2025)
+
+> REST vs GraphQL vs tRPC - Hangi durumda hangisi?
+
+## Decision Tree
+
+```
+Who are the API consumers?
+│
+├── Public API / Multiple platforms
+│   └── REST + OpenAPI (widest compatibility)
+│
+├── Complex data needs / Multiple frontends
+│   └── GraphQL (flexible queries)
+│
+├── TypeScript frontend + backend (monorepo)
+│   └── tRPC (end-to-end type safety)
+│
+├── Real-time / Event-driven
+│   └── WebSocket + AsyncAPI
+│
+└── Internal microservices
+    └── gRPC (performance) or REST (simplicity)
+```
+
+## Comparison
+
+| Factor | REST | GraphQL | tRPC |
+|--------|------|---------|------|
+| **Best for** | Public APIs | Complex apps | TS monorepos |
+| **Learning curve** | Low | Medium | Low (if TS) |
+| **Over/under fetching** | Common | Solved | Solved |
+| **Type safety** | Manual (OpenAPI) | Schema-based | Automatic |
+| **Caching** | HTTP native | Complex | Client-based |
+
+## Selection Questions
+
+1. Who are the API consumers?
+2. Is the frontend TypeScript?
+3. How complex are the data relationships?
+4. Is caching critical?
+5. Public or internal API?

package/core/skills/api-patterns/auth.md

@@ -0,0 +1,24 @@
+# Authentication Patterns
+
+> Choose auth pattern based on use case.
+
+## Selection Guide
+
+| Pattern | Best For |
+|---------|----------|
+| **JWT** | Stateless, microservices |
+| **Session** | Traditional web, simple |
+| **OAuth 2.0** | Third-party integration |
+| **API Keys** | Server-to-server, public APIs |
+| **Passkey** | Modern passwordless (2025+) |
+
+## JWT Principles
+
+```
+Important:
+├── Always verify signature
+├── Check expiration
+├── Include minimal claims
+├── Use short expiry + refresh tokens
+└── Never store sensitive data in JWT
+```

package/core/skills/api-patterns/documentation.md

@@ -0,0 +1,26 @@
+# API Documentation Principles
+
+> Good docs = happy developers = API adoption.
+
+## OpenAPI/Swagger Essentials
+
+```
+Include:
+├── All endpoints with examples
+├── Request/response schemas
+├── Authentication requirements
+├── Error response formats
+└── Rate limiting info
+```
+
+## Good Documentation Has
+
+```
+Essentials:
+├── Quick start / Getting started
+├── Authentication guide
+├── Complete API reference
+├── Error handling guide
+├── Code examples (multiple languages)
+└── Changelog
+```

package/core/skills/api-patterns/graphql.md

@@ -0,0 +1,41 @@
+# GraphQL Principles
+
+> Flexible queries for complex, interconnected data.
+
+## When to Use
+
+```
+✅ Good fit:
+├── Complex, interconnected data
+├── Multiple frontend platforms
+├── Clients need flexible queries
+├── Evolving data requirements
+└── Reducing over-fetching matters
+
+❌ Poor fit:
+├── Simple CRUD operations
+├── File upload heavy
+├── HTTP caching important
+└── Team unfamiliar with GraphQL
+```
+
+## Schema Design Principles
+
+```
+Principles:
+├── Think in graphs, not endpoints
+├── Design for evolvability (no versions)
+├── Use connections for pagination
+├── Be specific with types (not generic "data")
+└── Handle nullability thoughtfully
+```
+
+## Security Considerations
+
+```
+Protect against:
+├── Query depth attacks → Set max depth
+├── Query complexity → Calculate cost
+├── Batching abuse → Limit batch size
+├── Introspection → Disable in production
+```

package/core/skills/api-patterns/rate-limiting.md

@@ -0,0 +1,31 @@
+# Rate Limiting Principles
+
+> Protect your API from abuse and overload.
+
+## Why Rate Limit
+
+```
+Protect against:
+├── Brute force attacks
+├── Resource exhaustion
+├── Cost overruns (if pay-per-use)
+└── Unfair usage
+```
+
+## Strategy Selection
+
+| Type | How | When |
+|------|-----|------|
+| **Token bucket** | Burst allowed, refills over time | Most APIs |
+| **Sliding window** | Smooth distribution | Strict limits |
+| **Fixed window** | Simple counters per window | Basic needs |
+
+## Response Headers
+
+```
+Include in headers:
+├── X-RateLimit-Limit (max requests)
+├── X-RateLimit-Remaining (requests left)
+├── X-RateLimit-Reset (when limit resets)
+└── Return 429 when exceeded
+```