mdan-cli 2.2.0

package/skills/find-skills/skill.md

@@ -0,0 +1,133 @@
+---
+name: find-skills
+description: Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
+---
+
+# Find Skills
+
+This skill helps you discover and install skills from the open agent skills ecosystem.
+
+## When to Use This Skill
+
+Use this skill when the user:
+
+- Asks "how do I do X" where X might be a common task with an existing skill
+- Says "find a skill for X" or "is there a skill for X"
+- Asks "can you do X" where X is a specialized capability
+- Expresses interest in extending agent capabilities
+- Wants to search for tools, templates, or workflows
+- Mentions they wish they had help with a specific domain (design, testing, deployment, etc.)
+
+## What is the Skills CLI?
+
+The Skills CLI (`npx skills`) is the package manager for the open agent skills ecosystem. Skills are modular packages that extend agent capabilities with specialized knowledge, workflows, and tools.
+
+**Key commands:**
+
+- `npx skills find [query]` - Search for skills interactively or by keyword
+- `npx skills add <package>` - Install a skill from GitHub or other sources
+- `npx skills check` - Check for skill updates
+- `npx skills update` - Update all installed skills
+
+**Browse skills at:** https://skills.sh/
+
+## How to Help Users Find Skills
+
+### Step 1: Understand What They Need
+
+When a user asks for help with something, identify:
+
+1. The domain (e.g., React, testing, design, deployment)
+2. The specific task (e.g., writing tests, creating animations, reviewing PRs)
+3. Whether this is a common enough task that a skill likely exists
+
+### Step 2: Search for Skills
+
+Run the find command with a relevant query:
+
+```bash
+npx skills find [query]
+```
+
+For example:
+
+- User asks "how do I make my React app faster?" → `npx skills find react performance`
+- User asks "can you help me with PR reviews?" → `npx skills find pr review`
+- User asks "I need to create a changelog" → `npx skills find changelog`
+
+The command will return results like:
+
+```
+Install with npx skills add <owner/repo@skill>
+
+vercel-labs/agent-skills@vercel-react-best-practices
+└ https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices
+```
+
+### Step 3: Present Options to the User
+
+When you find relevant skills, present them to the user with:
+
+1. The skill name and what it does
+2. The install command they can run
+3. A link to learn more at skills.sh
+
+Example response:
+
+```
+I found a skill that might help! The "vercel-react-best-practices" skill provides
+React and Next.js performance optimization guidelines from Vercel Engineering.
+
+To install it:
+npx skills add vercel-labs/agent-skills@vercel-react-best-practices
+
+Learn more: https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices
+```
+
+### Step 4: Offer to Install
+
+If the user wants to proceed, you can install the skill for them:
+
+```bash
+npx skills add <owner/repo@skill> -g -y
+```
+
+The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
+
+## Common Skill Categories
+
+When searching, consider these common categories:
+
+| Category        | Example Queries                          |
+| --------------- | ---------------------------------------- |
+| Web Development | react, nextjs, typescript, css, tailwind |
+| Testing         | testing, jest, playwright, e2e           |
+| DevOps          | deploy, docker, kubernetes, ci-cd        |
+| Documentation   | docs, readme, changelog, api-docs        |
+| Code Quality    | review, lint, refactor, best-practices   |
+| Design          | ui, ux, design-system, accessibility     |
+| Productivity    | workflow, automation, git                |
+
+## Tips for Effective Searches
+
+1. **Use specific keywords**: "react testing" is better than just "testing"
+2. **Try alternative terms**: If "deploy" doesn't work, try "deployment" or "ci-cd"
+3. **Check popular sources**: Many skills come from `vercel-labs/agent-skills` or `ComposioHQ/awesome-claude-skills`
+
+## When No Skills Are Found
+
+If no relevant skills exist:
+
+1. Acknowledge that no existing skill was found
+2. Offer to help with the task directly using your general capabilities
+3. Suggest the user could create their own skill with `npx skills init`
+
+Example:
+
+```
+I searched for skills related to "xyz" but didn't find any matches.
+I can still help you with this task directly! Would you like me to proceed?
+
+If this is something you do often, you could create your own skill:
+npx skills init my-xyz-skill
+```

package/templates/ARCHITECTURE.md

@@ -0,0 +1,186 @@
+# MDAN Template — Architecture Document
+
+---
+**Artifact:** Architecture Document  
+**Phase:** DESIGN  
+**Agent:** Architect Agent  
+**Version:** [X.Y]  
+**Status:** Draft | Review | Validated  
+**Date:** [YYYY-MM-DD]  
+**Project:** [Project Name]  
+---
+
+## 1. Architecture Overview
+
+**Pattern chosen:** [Monolith / Microservices / Serverless / Event-driven / Hybrid]  
+**Justification:** [Why this pattern for this project]
+
+## 2. System Diagram
+
+```mermaid
+graph TD
+    Client[Client - Web/Mobile] --> API[API Gateway]
+    API --> Auth[Auth Service]
+    API --> App[Application Service]
+    App --> DB[(Database)]
+    App --> Cache[(Cache)]
+    App --> Queue[Message Queue]
+    Queue --> Worker[Background Worker]
+```
+
+## 3. Technology Stack
+
+| Layer | Technology | Version | Justification |
+|-------|-----------|---------|---------------|
+| Frontend | [e.g., React] | [18.x] | [Reason] |
+| Backend | [e.g., Node.js] | [20.x] | [Reason] |
+| Database | [e.g., PostgreSQL] | [16.x] | [Reason] |
+| Cache | [e.g., Redis] | [7.x] | [Reason] |
+| Auth | [e.g., Auth0] | Latest | [Reason] |
+| Search | [e.g., N/A] | — | — |
+| Queue | [e.g., N/A] | — | — |
+| Storage | [e.g., S3] | — | [Reason] |
+| Hosting | [e.g., Railway] | — | [Reason] |
+| CDN | [e.g., Cloudflare] | — | [Reason] |
+
+## 4. Data Models
+
+```
+Entity: User
+Fields:
+  - id: UUID (PK, auto-generated)
+  - email: VARCHAR(255) (UNIQUE, NOT NULL)
+  - password_hash: VARCHAR(255) (NOT NULL)
+  - display_name: VARCHAR(100) (NOT NULL)
+  - role: ENUM('user', 'admin') (DEFAULT 'user')
+  - created_at: TIMESTAMP (DEFAULT NOW())
+  - updated_at: TIMESTAMP (DEFAULT NOW())
+  - deleted_at: TIMESTAMP (NULL, soft delete)
+
+Entity: [Name]
+Fields:
+  - [field]: [type] ([constraints])
+```
+
+**Relationships:**
+- User has many [Entity] (1:N)
+- [Entity] belongs to User (N:1)
+
+## 5. API Design
+
+**Base URL:** `/api/v1`  
+**Auth:** Bearer JWT token in `Authorization` header  
+**Format:** JSON request/response  
+**Versioning:** URL path versioning (`/v1`, `/v2`)
+
+### Endpoints
+
+| Method | Path | Description | Auth Required |
+|--------|------|-------------|---------------|
+| POST | `/auth/register` | Register new user | No |
+| POST | `/auth/login` | Login | No |
+| POST | `/auth/refresh` | Refresh token | Yes |
+| GET | `/users/me` | Get current user | Yes |
+| GET | `/[resource]` | List resources | Yes |
+| POST | `/[resource]` | Create resource | Yes |
+| GET | `/[resource]/:id` | Get resource | Yes |
+| PUT | `/[resource]/:id` | Update resource | Yes |
+| DELETE | `/[resource]/:id` | Delete resource | Yes |
+
+### Error Response Format
+```json
+{
+  "error": {
+    "code": "VALIDATION_ERROR",
+    "message": "Human-readable message",
+    "details": [
+      { "field": "email", "message": "Invalid email format" }
+    ]
+  }
+}
+```
+
+## 6. Authentication & Authorization
+
+**Authentication:** JWT (access token 15min, refresh token 7 days)  
+**Authorization:** Role-Based Access Control (RBAC)
+
+Roles:
+- `user` — Standard access to own resources
+- `admin` — Full access to all resources
+
+**Token storage:** HttpOnly cookies (not localStorage)
+
+## 7. Security Architecture
+
+| Concern | Solution |
+|---------|----------|
+| Password storage | Argon2id, min cost 3 |
+| API rate limiting | 100 req/min per IP, 1000 req/min per user |
+| CORS | Whitelist: [domains] |
+| HTTPS | Enforced, HSTS header |
+| Secret management | Environment variables only |
+| SQL injection | ORM with parameterized queries |
+| XSS | Output encoding, CSP headers |
+
+## 8. Non-Functional Requirements
+
+| Requirement | Target | Strategy |
+|-------------|--------|----------|
+| Response time | p95 < 200ms | Caching, DB indexing |
+| Availability | 99.9% | Health checks, auto-restart |
+| Data retention | [X months] | Soft deletes, archiving |
+| Backup | Daily | Automated DB backup |
+
+## 9. Project Structure
+
+```
+[project-name]/
+├── src/
+│   ├── config/          # Environment and app configuration
+│   ├── middleware/       # Express/framework middleware
+│   ├── modules/
+│   │   └── [feature]/
+│   │       ├── [feature].controller.ts
+│   │       ├── [feature].service.ts
+│   │       ├── [feature].repository.ts
+│   │       ├── [feature].dto.ts
+│   │       └── [feature].test.ts
+│   ├── shared/           # Shared utilities, types, constants
+│   └── index.ts          # App entry point
+├── tests/
+│   ├── integration/
+│   └── e2e/
+├── mdan_output/
+├── .env.example
+├── Dockerfile
+├── docker-compose.yml
+└── README.md
+```
+
+## 10. Coding Conventions
+
+- **Language:** [TypeScript 5.x]
+- **Style guide:** [Airbnb / Standard / PEP8]
+- **Linting:** [ESLint + Prettier / Ruff]
+- **Naming:**
+  - Variables/functions: camelCase
+  - Classes: PascalCase
+  - Constants: UPPER_SNAKE_CASE
+  - Files: kebab-case
+- **Git branches:** `main` → `develop` → `feature/[name]`
+- **Commit format:** `type(scope): description` (Conventional Commits)
+
+## 11. Architecture Decision Records
+
+### ADR-001: [Decision Title]
+- **Status:** Accepted
+- **Date:** [YYYY-MM-DD]
+- **Context:** [Why this decision was needed]
+- **Decision:** [What was decided]
+- **Consequences:** [Trade-offs, positive and negative]
+
+---
+
+*Architecture validated by:* ________________  
+*Date:* ________________

package/templates/CHANGELOG.md

@@ -0,0 +1,41 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)  
+Versioning: [Semantic Versioning](https://semver.org/spec/v2.0.0.html)
+
+---
+
+## [Unreleased]
+
+### Added
+- 
+
+### Changed
+- 
+
+### Deprecated
+- 
+
+### Removed
+- 
+
+### Fixed
+- 
+
+### Security
+- 
+
+---
+
+## [1.0.0] — YYYY-MM-DD
+
+### Added
+- Initial release
+- [Feature 1]
+- [Feature 2]
+
+---
+
+*Generated by MDAN Doc Agent*

package/templates/MDAN-KNOWLEDGE.md

@@ -0,0 +1,73 @@
+# MDAN-KNOWLEDGE.md
+
+> Fichier de connaissance du projet, généré et maintenu par le Learn Agent.  
+> Ce fichier est la source de vérité pour toute la connaissance ingérée.  
+> Ne pas modifier manuellement — utiliser `mdan learn` ou activer Learn Agent.
+
+---
+
+## Métadonnées
+
+```
+Projet        : {{PROJECT_NAME}}
+Généré le     : {{DATE}}
+Dernière MAJ  : {{DATE}}
+Learn Agent   : v1.0.0
+```
+
+---
+
+## Skills actifs
+
+*(Vide — aucun skill appris pour l'instant)*
+
+---
+
+## MCP Servers actifs
+
+*(Vide — aucun MCP configuré pour l'instant)*
+
+---
+
+## Règles actives
+
+*(Vide — aucune règle ingérée pour l'instant)*
+
+---
+
+## Capsules par agent
+
+### Dev Agent
+*(Aucune capsule)*
+
+### Architect Agent
+*(Aucune capsule)*
+
+### Security Agent
+*(Aucune capsule)*
+
+### Test Agent
+*(Aucune capsule)*
+
+### DevOps Agent
+*(Aucune capsule)*
+
+### Doc Agent
+*(Aucune capsule)*
+
+### Product Agent
+*(Aucune capsule)*
+
+---
+
+## Conflits détectés
+
+*(Aucun conflit)*
+
+---
+
+## Historique d'apprentissage
+
+| ID | Source | Type | Date | Agents ciblés | Statut |
+|----|--------|------|------|---------------|--------|
+| — | — | — | — | — | — |

package/templates/PRD.md

@@ -0,0 +1,120 @@
+# MDAN Template — Product Requirements Document (PRD)
+
+---
+**Artifact:** Product Requirements Document  
+**Phase:** DISCOVER  
+**Agent:** Product Agent  
+**Version:** [X.Y]  
+**Status:** Draft | Review | Validated  
+**Date:** [YYYY-MM-DD]  
+**Project:** [Project Name]  
+---
+
+## 1. Executive Summary
+
+[2-3 sentences. What this product does. Who it's for. Why it exists now.]
+
+## 2. Problem Statement
+
+**The problem:** [Specific, concrete description of the problem]  
+**Who has this problem:** [Target users]  
+**Current pain:** [What users do today and why it's insufficient]  
+**Cost of inaction:** [What happens if this problem isn't solved]
+
+## 3. Target Users
+
+### Primary Persona: [Persona Name]
+| Attribute | Detail |
+|-----------|--------|
+| Role | [Job title or life role] |
+| Age range | [Optional] |
+| Goals | [What they want to achieve] |
+| Pain points | [What frustrates them today] |
+| Technical level | Beginner / Intermediate / Expert |
+| Usage context | [Where/when they use the product] |
+
+### Secondary Persona: [Persona Name] *(if applicable)*
+[Same structure]
+
+## 4. Solution Overview
+
+[High-level description of the proposed solution. NOT a technical spec. What it does for the user.]
+
+## 5. User Stories
+
+### Epic 1: [Epic Name]
+*[Brief description of what this epic covers]*
+
+- [ ] **US-001:** As a [persona], I want to [action] so that [benefit]  
+  **Priority:** Must Have  
+  **Acceptance Criteria:**
+  - Given [context], When [action], Then [outcome]
+  - Given [context], When [edge case], Then [outcome]
+
+- [ ] **US-002:** As a [persona], I want to [action] so that [benefit]  
+  **Priority:** Must Have  
+  **Acceptance Criteria:**
+  - Given [context], When [action], Then [outcome]
+
+### Epic 2: [Epic Name]
+
+- [ ] **US-003:** ...
+
+## 6. Feature Prioritization (MoSCoW)
+
+### 🔴 Must Have — MVP (without these, the product cannot launch)
+- **[Feature Name]:** [One sentence description]
+- **[Feature Name]:** [One sentence description]
+
+### 🟡 Should Have — Version 1.1 (important but not blocking)
+- **[Feature Name]:** [One sentence description]
+
+### 🟢 Could Have — Backlog (nice to have)
+- **[Feature Name]:** [One sentence description]
+
+### ⚪ Won't Have — Explicitly excluded
+- **[Feature Name]:** [Reason for exclusion]
+
+## 7. Success Metrics
+
+| Metric | Type | Current Baseline | Target | Timeframe |
+|--------|------|-----------------|--------|-----------|
+| [e.g., Daily Active Users] | KPI | [Now or N/A] | [Goal] | [3 months] |
+| [e.g., Task completion time] | KPI | [Now] | [Goal] | [Launch] |
+| [e.g., Error rate] | Technical | [Now] | [< X%] | [Launch] |
+
+## 8. Constraints & Assumptions
+
+### Constraints (hard limits)
+- **Timeline:** [Deadline if any]
+- **Budget:** [Budget if any]
+- **Team:** [Size and skills]
+- **Technology:** [Existing tech that must be kept]
+- **Regulatory:** [Compliance requirements]
+
+### Assumptions (things believed to be true, unverified)
+- [Assumption 1]
+- [Assumption 2]
+
+## 9. Risks
+
+| Risk | Probability | Impact | Mitigation Plan |
+|------|-------------|--------|-----------------|
+| [Risk description] | High / Med / Low | High / Med / Low | [Mitigation] |
+
+## 10. Explicitly Out of Scope
+
+The following will NOT be built in this version:
+- [Item 1] — [Reason]
+- [Item 2] — [Reason]
+
+## 11. Open Questions
+
+| Question | Owner | Due Date | Status |
+|----------|-------|----------|--------|
+| [Question] | [Person/Agent] | [Date] | Open |
+
+---
+
+*PRD validated by:* ________________  
+*Date:* ________________

package/templates/SECURITY-REVIEW.md

@@ -0,0 +1,99 @@
+# MDAN Template — Security Review
+
+---
+**Artifact:** Security Review
+**Phase:** VERIFY
+**Agent:** Security Agent v1.0.0
+**Version:** [X.Y]
+**Status:** Draft | Review | Signed Off
+**Date:** [YYYY-MM-DD]
+**Project:** [Project Name]
+---
+
+## 1. Threat Model (STRIDE)
+
+### Assets à protéger
+| Asset | Sensibilité | Localisation |
+|-------|-------------|--------------|
+| Credentials utilisateurs | Critique | DB (hashés) |
+| Données personnelles | Élevée | DB |
+| Clés API | Critique | Variables d'environnement |
+
+### Surface d'attaque
+| Point d'entrée | Description | Niveau de risque |
+|---------------|-------------|-----------------|
+| API REST | Endpoints HTTP publics | Élevé |
+| Interface admin | Dashboard interne | Moyen |
+
+### Analyse STRIDE
+| Menace | Composant | Mitigation |
+|--------|-----------|-----------|
+| Spoofing | Auth | JWT + refresh tokens |
+| Tampering | API inputs | Validation stricte |
+| Repudiation | Actions user | Audit logging |
+| Info Disclosure | API responses | Filtrage des réponses |
+| DoS | Endpoints publics | Rate limiting |
+| Elevation of Privilege | RBAC | Vérification sur chaque endpoint |
+
+## 2. Findings
+
+### 🔴 CRITICAL — Bloquer la release
+
+#### VULN-001: [Nom]
+- **Type :** [Catégorie OWASP]
+- **Localisation :** [Fichier/Endpoint]
+- **Description :** [Ce que c'est]
+- **Impact :** [Ce qu'un attaquant peut faire]
+- **Reproduction :** [Comment reproduire]
+- **Remédiation :** [Fix exact avec code si applicable]
+- **Statut :** ⏳ Open | ✅ Fixed | ⚠️ Accepted
+
+### 🟠 HIGH — Corriger avant release
+
+### 🟡 MEDIUM — Corriger dans le prochain sprint
+
+### 🔵 LOW — Tracker et corriger éventuellement
+
+## 3. Security Checklist
+
+### Authentification
+- [ ] Mots de passe hashés avec bcrypt/argon2 (cost factor ≥ 12)
+- [ ] Tokens JWT avec expiration + refresh
+- [ ] Protection brute force (rate limiting sur /auth)
+- [ ] Invalidation de session au logout
+
+### Autorisation
+- [ ] Vérification auth sur CHAQUE endpoint protégé
+- [ ] Contrôle d'accès horizontal (user A ne peut pas accéder aux données de user B)
+- [ ] RBAC implémenté correctement
+- [ ] Fonctions admin séparément protégées
+
+### Validation des inputs
+- [ ] Tous les inputs validés côté serveur
+- [ ] Requêtes SQL paramétrées (jamais d'interpolation)
+- [ ] Uploads : validation type, taille, stockage hors web root
+- [ ] Encoding des outputs pour prévenir XSS
+
+### Protection des données
+- [ ] HTTPS enforced partout
+- [ ] Données sensibles non loggées
+- [ ] PII traité selon exigences réglementaires
+- [ ] Backups chiffrés
+
+### Dépendances
+- [ ] Aucune CVE critique connue dans les dépendances
+- [ ] Lockfile commité
+- [ ] Scan CVE automatisé en CI/CD
+
+## 4. Sign-Off
+
+| Findings | Total | Résolus | Acceptés | Restants |
+|----------|-------|---------|----------|---------|
+| Critical | — | — | — | — |
+| High | — | — | — | — |
+| Medium | — | — | — | — |
+| Low | — | — | — | — |
+
+**Security sign-off :** ________________ **Date :** ________________
+
+*Conditions de sign-off : 0 Critical open, 0 High open (ou acceptés avec justification documentée)*