ginskill-init 2.7.0

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "ginskill-init",
+  "version": "2.7.0",
+  "description": "Install GinStudio skills and agents for Claude Code",
+  "homepage": "https://skills.ginstudio.asia",
+  "repository": {
+    "type": "git",
+    "url": "git+https://gitlab.com/ginstudio/skills.git"
+  },
+  "keywords": [
+    "claude-code",
+    "claude",
+    "skills",
+    "agents",
+    "ai"
+  ],
+  "license": "MIT",
+  "type": "module",
+  "scripts": {
+    "gen-readme": "node scripts/gen-readme.mjs",
+    "check-upstream": "node scripts/check-upstream.mjs",
+    "deploy": "npx wrangler pages deploy landing --project-name ginskill --branch main",
+    "prepublishOnly": "node scripts/check-upstream.mjs && node scripts/gen-readme.mjs"
+  },
+  "bin": {
+    "ginskill-init": "bin/cli.js"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "ora": "^8.1.1",
+    "prompts": "^2.4.2"
+  }
+}

package/skills/active-life-dev/SKILL.md

@@ -0,0 +1,157 @@
+---
+name: active-life-dev
+description: |
+  **Active Life Backend Dev Guide**: Comprehensive development guide for the Active Life Global Store NestJS backend (be-store-active-life-global). Covers architecture, modules, Prisma schema, DTOs, auth, patterns, integrations, and coding conventions.
+  - MANDATORY TRIGGERS: active life, backend, be-store, nestjs, prisma, module, controller, service, dto, guard, interceptor, order, product, inventory, voucher, cart, client, auth, etelecom, category, brand, report, seed, role, user, customer source, customer status, interaction, unit, api endpoint, database schema, migration
+  - Use this skill when the user asks about backend architecture, wants to create/modify modules, needs to understand the database schema, wants to follow project conventions, or is working on any feature in the be-store-active-life-global project.
+argument-hint: "[module | schema | auth | patterns | integrations | setup | orders | products | inventory | vouchers | customers | all]"
+user-invocable: true
+disable-model-invocation: false
+allowed-tools: Read, Grep, Glob, Bash, Edit, Write
+---
+
+# Active Life Backend Development Guide
+
+You are an expert NestJS developer working on the **Active Life Global Store** backend.
+
+## Quick Context Loading
+
+Load the relevant documentation based on what you need:
+
+!`bash skills/skills/active-life-dev/scripts/load-docs.sh $ARGUMENTS`
+
+---
+
+## Project Location
+
+```
+/Users/nhiensoft/Workspace/ginstudio/active-life/be-store-active-life-global/
+```
+
+## Tech Stack
+
+| Layer | Technology |
+|-------|-----------|
+| Framework | NestJS 10.x (Express) |
+| Language | TypeScript (ES2022, CommonJS) |
+| Database | PostgreSQL (Supabase) |
+| ORM | Prisma 7.x with @prisma/adapter-pg |
+| Auth | Passport + JWT (dual: User staff + Client customer) |
+| Validation | class-validator + class-transformer |
+| API Docs | Swagger / OpenAPI |
+| Cache | Redis (ioredis) |
+| Email | Nodemailer (@nestjs-modules/mailer) |
+| Notifications | Firebase Admin SDK |
+| Phone | eTelecom SIP integration |
+| Rate Limit | @nestjs/throttler (10 req/60s) |
+| API Versioning | URI-based (v1, v2) |
+
+## Architecture Overview
+
+```
+src/
+├── app.module.ts              # Root module - imports all feature modules
+├── main.ts                    # Bootstrap: guards, pipes, interceptors, CORS, Swagger
+├── core/                      # Global interceptors & guards
+│   ├── transform.interceptor.ts   # { statusCode, message, data } response wrapper
+│   ├── logging.interceptor.ts     # Request/response logging with timing
+│   ├── roles.guard.ts             # Role-based access control
+│   └── query.guard.ts
+├── decorators/                # @Public, @ResponseMessage, @User, @Client, @Roles
+├── interface/                 # IUser, IClient, PaginateInfo
+├── generated/prisma/          # Auto-generated Prisma types
+└── [feature-modules]/         # 23 feature modules (see docs/modules.md)
+```
+
+## Key Patterns (MUST follow)
+
+### 1. Module Structure
+Every module follows: `module.ts` + `controller.ts` + `service.ts` + `dto/` folder.
+
+### 2. Response Format
+All responses are wrapped by TransformInterceptor:
+```typescript
+{ statusCode: number, message?: string, data: any }
+```
+
+### 3. Auth - Dual JWT System
+- **User (staff)**: `JwtAuthGuard` (default on all routes) → `@User()` decorator
+- **Client (customer)**: `jwt-client` strategy → `@Client()` decorator
+- **Public routes**: `@Public()` decorator skips auth
+
+### 4. DTO Validation
+```typescript
+import { IsString, IsNotEmpty, IsOptional } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+
+export class CreateXxxDto {
+  @ApiProperty()
+  @IsString()
+  @IsNotEmpty()
+  name: string;
+
+  @ApiProperty({ required: false })
+  @IsOptional()
+  @IsString()
+  description?: string;
+}
+```
+
+### 5. Service Pattern
+```typescript
+@Injectable()
+export class XxxService {
+  constructor(private prismaService: PrismaService) {}
+
+  async create(dto: CreateXxxDto) {
+    return this.prismaService.xxx.create({ data: dto });
+  }
+}
+```
+
+### 6. Error Handling
+Use NestJS exceptions: `BadRequestException`, `NotFoundException`, `ForbiddenException`.
+
+### 7. Database Commands
+```bash
+yarn db:push        # Sync schema (keep data)
+yarn db:migrate     # Create & run migrations
+yarn db:seed        # Seed database
+yarn db:studio      # Prisma Studio GUI
+yarn dev            # Dev with hot-reload
+```
+
+---
+
+## Documentation Files
+
+Load specific docs when you need deeper detail:
+
+| Doc | Content | When to Read |
+|-----|---------|-------------|
+| `docs/modules.md` | All 23 modules with controllers, services, DTOs | Creating/modifying any module |
+| `docs/schema.md` | Complete Prisma schema (36 models, 7 enums) | Database changes, relations, queries |
+| `docs/auth.md` | JWT strategies, guards, decorators, roles | Auth changes, protected endpoints |
+| `docs/patterns.md` | Coding conventions, service patterns, error handling | Writing new code |
+| `docs/integrations.md` | eTelecom, Firebase, Redis, Email, Mongoose | External service work |
+| `docs/setup.md` | Environment vars, Supabase config, scripts | Setup, deployment, config |
+| `docs/orders.md` | Order lifecycle, statuses, refunds, returns | Order feature work |
+| `docs/products.md` | Products, combos, categories, brands, inventory | Product/catalog work |
+| `docs/inventory.md` | Inventory sessions, transactions, lot tracking | Inventory/warehouse work |
+| `docs/vouchers.md` | Vouchers, rewards, spins, redemptions | Promotion feature work |
+| `docs/customers.md` | Client management, sources, statuses, interactions | CRM feature work |
+
+---
+
+## Creating a New Module Checklist
+
+1. Create folder: `src/<module-name>/`
+2. Create files: `<name>.module.ts`, `<name>.controller.ts`, `<name>.service.ts`
+3. Create DTOs in `dto/` subfolder with class-validator decorators
+4. Add Prisma model to `prisma/schema.prisma` if new table needed
+5. Run `yarn db:push` or `yarn db:migrate` to sync schema
+6. Import module in `app.module.ts`
+7. Add `@ApiTags('module-name')` to controller
+8. Add `@ApiBearerAuth()` to protected endpoints
+9. Use `@Public()` for public endpoints
+10. Follow existing service patterns (PrismaService injection, async/await)

package/skills/active-life-dev/docs/auth.md

@@ -0,0 +1,187 @@
+# Active Life Backend - Authentication & Authorization
+
+## Dual JWT System
+
+The app has two separate authentication flows:
+1. **User (Staff)** — Internal employees (Admin, TeleSales, LiveChat, Agency)
+2. **Client (Customer)** — End-users / shoppers
+
+Both use JWT Bearer tokens but different strategies and payloads.
+
+## JWT Strategies
+
+### JwtStrategy (Staff - Default)
+**File**: `src/auth/passport/jwt.strategy.ts`
+
+```typescript
+// Extracts from: Authorization: Bearer <token>
+// Secret: JWT_CLIENT_ACCESS_TOKEN_SECRET
+// Payload shape:
+interface IJwtPayload {
+  id: string;
+  phone: string;
+  name: string;
+  role: { id: string; name: string };
+  etelecom?: { extensionNumber: string; extensionPassword: string; tenantId: string; tenantDomain: string };
+}
+// Returns: IUser
+```
+
+### JwtClientStrategy (Customer)
+**File**: `src/auth/passport/jwt-client.strategy.ts`
+
+```typescript
+// Named strategy: 'jwt-client'
+// Extracts from: Authorization: Bearer <token>
+// Secret: JWT_CLIENT_ACCESS_TOKEN_SECRET (same secret)
+// Payload shape:
+interface IJwtClientPayload {
+  id: string;
+  phone: string;
+  name: string;
+  point: number;
+}
+// Returns: IClient with type='client'
+```
+
+## Guards
+
+### JwtAuthGuard (Global)
+**File**: `src/auth/jwt-auth.guard.ts`
+- Applied globally in `main.ts`
+- Checks `@Public()` metadata — if present, skips auth
+- After validation, checks `user.isBan` — returns 403 if banned
+- Default: all routes require authentication
+
+### RolesGuard
+**File**: `src/core/roles.guard.ts`
+- Works with `@Roles()` decorator
+- Checks if authenticated user's role matches required roles
+- Applied per-route, not globally
+
+## Custom Decorators
+
+**File**: `src/decorators/customize.ts`
+
+```typescript
+// Skip authentication for a route
+@Public()
+
+// Set custom response message (used by TransformInterceptor)
+@ResponseMessage('Custom message here')
+
+// Get current authenticated user (staff)
+@User() user: IUser
+
+// Get current authenticated client (customer)
+@Client() client: IClient
+```
+
+**File**: `src/decorators/roles.decorator.ts`
+
+```typescript
+// Require specific roles
+@Roles('Admin', 'TeleSales')
+```
+
+## Interfaces
+
+**File**: `src/interface/users.interface.ts`
+```typescript
+interface IUser {
+  id: string;
+  phone: string;
+  name: string;
+  email?: string;
+  roleName: string;
+  role: { id: string; name: string };
+  etelecom?: { ... };
+}
+```
+
+**File**: `src/interface/client.interface.ts`
+```typescript
+interface IClient {
+  id: string;
+  phone: string;
+  name: string;
+  point: number;
+  type: 'client';
+}
+```
+
+## Auth Controller Endpoints
+
+```
+POST /api/v1/auth/login          — Staff login (phone + password)
+POST /api/v1/auth/register       — Staff register (admin only)
+POST /api/v1/auth/client-login   — Client login (phone + password)
+POST /api/v1/auth/client-register — Client register
+POST /api/v1/auth/client-zalo    — Client Zalo OAuth login
+GET  /api/v1/auth/profile        — Get current user profile
+GET  /api/v1/auth/client-profile — Get current client profile
+```
+
+## Role-Based Access Patterns
+
+```typescript
+// Admin only
+@Roles('Admin')
+@UseGuards(RolesGuard)
+
+// Multiple roles
+@Roles('Admin', 'TeleSales', 'LiveChat')
+@UseGuards(RolesGuard)
+
+// Public endpoint (no auth)
+@Public()
+
+// Client endpoint (use jwt-client guard)
+@UseGuards(AuthGuard('jwt-client'))
+
+// Staff endpoint (default - no extra decorator needed)
+```
+
+## Password Handling
+- Hashing: `bcryptjs` with salt rounds
+- Stored as hashed string in User.password and Client.password
+- Client.password is optional (Zalo login doesn't require it)
+
+## Token Configuration
+- Secret: `JWT_CLIENT_ACCESS_TOKEN_SECRET` env var
+- Expiry: `JWT_CLIENT_ACCESS_EXPIRE` env var (default: "15d")
+- Algorithm: Default HS256
+
+## Common Auth Patterns
+
+### Protecting a staff-only endpoint
+```typescript
+@Controller('admin')
+@ApiTags('admin')
+@ApiBearerAuth()
+export class AdminController {
+  @Get('dashboard')
+  @Roles('Admin')
+  @UseGuards(RolesGuard)
+  getDashboard(@User() user: IUser) {
+    // user is guaranteed to be authenticated staff with Admin role
+  }
+}
+```
+
+### Creating a public + client endpoint
+```typescript
+@Controller('shop')
+@ApiTags('shop')
+export class ShopController {
+  @Get('products')
+  @Public()  // Anyone can browse
+  getProducts() { }
+
+  @Post('checkout')
+  @UseGuards(AuthGuard('jwt-client'))
+  checkout(@Client() client: IClient) {
+    // client is guaranteed to be authenticated customer
+  }
+}
+```

package/skills/active-life-dev/docs/customers.md

@@ -0,0 +1,216 @@
+# Active Life Backend - Customer Management (CRM)
+
+## Overview
+
+The CRM system tracks customers through their lifecycle with:
+- Source tracking (where they came from)
+- Status management (lifecycle stage)
+- Staff assignment (who manages them)
+- Interaction tracking (calls, chats, visits)
+- Bank information (for refunds)
+
+## Client Model (Customer)
+
+```prisma
+model Client {
+  id                    String    @id @default(uuid())
+  phone                 String    @unique
+  email                 String?
+  name                  String
+  password              String?   // Optional (Zalo login doesn't need it)
+  avatar                String?
+  dob                   DateTime?
+  gender                String?
+
+  // Address
+  address               String?
+  province              String?
+  district              String?
+  ward                  String?
+
+  // Loyalty
+  point                 Int       @default(0)
+
+  // Status
+  isBan                 Boolean   @default(false)
+  note                  String?
+  tags                  String[]
+
+  // CRM Assignment
+  customerSourceId      String?   // Where they came from
+  customerStatusId      String?   // Lifecycle status
+  customerDetailStatusId String?  // Detailed status
+  livechatStaffId       String?   // Assigned LiveChat staff
+  telesalesStaffId      String?   // Assigned TeleSales staff
+  agencyStaffId         String?   // Assigned Agency staff
+
+  // Lifecycle Dates
+  firstCallAt           DateTime? // First phone call
+  lastOrderAt           DateTime? // Most recent order
+
+  // Relations
+  orders                Order[]
+  cart                  Cart?
+  vouchers              ClientVoucher[]
+  bank                  ClientBank?
+  spinTransactions      SpinTransaction[]
+  redeemTransactions    RedeemTransaction[]
+}
+```
+
+## CRM Lookup Tables
+
+### Customer Source
+Where the customer came from:
+```
+Examples: Facebook, Zalo, Website, Walk-in, Referral, Google Ads, TikTok
+```
+
+### Customer Status
+Lifecycle stage:
+```
+Examples: New, Contacted, Active, Inactive, Lost, VIP
+```
+
+### Customer Detail Status
+Granular status within lifecycle:
+```
+Examples: Interested, Following Up, Purchased, Repeat Customer, Churned
+```
+
+### Interaction Status
+Call/chat connection status:
+```
+Examples: Connected, No Answer, Busy, Voicemail, Line Disconnected
+```
+
+### Interaction Result
+Outcome of interaction:
+```
+Examples: Interested, Not Interested, Callback Requested, Order Placed, Info Sent
+```
+
+### Interaction Type
+How the interaction happened:
+```
+Examples: Phone Call, Zalo Message, In-Store Visit, Email, Facebook Message
+```
+
+All lookup tables follow the same pattern:
+```prisma
+model CustomerSource {
+  id          String   @id @default(uuid())
+  name        String   @unique
+  description String?
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+}
+```
+
+## Staff Assignment
+
+Customers can be assigned to three types of staff:
+- **LiveChat Staff** — Handles online chat support
+- **TeleSales Staff** — Handles phone sales
+- **Agency Staff** — Handles agency/partner relationships
+
+Each is a reference to User (staff) by ID.
+
+## Bank Information
+
+For refund processing:
+```prisma
+model ClientBank {
+  id            String @id @default(uuid())
+  clientId      String @unique  // 1-to-1
+  bankName      String
+  accountNumber String
+  accountHolder String
+}
+```
+
+## Key API Endpoints
+
+### Client Management
+```
+GET    /api/v1/client              — List clients (staff, paginated, filterable)
+GET    /api/v1/client/:id          — Get client detail (staff)
+POST   /api/v1/client              — Create client (staff)
+PATCH  /api/v1/client/:id          — Update client (staff)
+DELETE /api/v1/client/:id          — Delete client (staff)
+```
+
+### Client Self-Service
+```
+GET    /api/v1/client/profile      — Get own profile (client auth)
+PATCH  /api/v1/client/self-update  — Update own profile (client auth)
+PATCH  /api/v1/client/bank-info    — Update bank info (client auth)
+```
+
+### Lookup Tables (all follow same pattern)
+```
+GET    /api/v1/customer-source     — List sources
+POST   /api/v1/customer-source     — Create source (staff)
+PATCH  /api/v1/customer-source/:id — Update source (staff)
+DELETE /api/v1/customer-source/:id — Delete source (staff)
+
+# Same pattern for:
+# /api/v1/customer-status
+# /api/v1/customer-detail-status
+# /api/v1/interaction-status
+# /api/v1/interaction-result
+# /api/v1/interaction-type
+```
+
+## Client Filtering (Staff View)
+
+Staff can filter clients by:
+- `customerSourceId` — Filter by source
+- `customerStatusId` — Filter by lifecycle status
+- `customerDetailStatusId` — Filter by detail status
+- `livechatStaffId` — Filter by assigned LiveChat staff
+- `telesalesStaffId` — Filter by assigned TeleSales staff
+- `agencyStaffId` — Filter by assigned agency
+- `search` — Search by name or phone
+- `tags` — Filter by tags
+- `isBan` — Filter banned/active
+
+## Ads Source
+
+Tracking advertising campaign sources:
+```prisma
+model AdsSource {
+  id          String   @id @default(uuid())
+  name        String   @unique
+  description String?
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+}
+```
+
+## Customer Lifecycle Flow
+
+```
+New Customer Registration
+    │
+    ▼
+Source Assigned (Facebook, Zalo, etc.)
+    │
+    ▼
+Status: "New" → Staff Assigned (TeleSales/LiveChat)
+    │
+    ▼
+First Contact (firstCallAt recorded)
+    │
+    ▼
+Interactions Tracked (calls, chats)
+    │
+    ▼
+Status Updates (Interested → Following Up → Active)
+    │
+    ▼
+First Order (lastOrderAt recorded)
+    │
+    ▼
+Repeat Customer → VIP
+```