moicle 2.3.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/README.md +36 -47
  2. package/assets/commands/marketing.md +6 -6
  3. package/assets/skills/docs/sync/SKILL.md +195 -157
  4. package/assets/skills/feature/build/SKILL.md +891 -0
  5. package/assets/skills/feature/track/SKILL.md +157 -0
  6. package/assets/skills/fix/bug/SKILL.md +449 -0
  7. package/assets/skills/fix/incident/SKILL.md +6 -6
  8. package/assets/skills/marketing/brand/SKILL.md +304 -0
  9. package/assets/skills/marketing/content/SKILL.md +199 -141
  10. package/assets/skills/research/explore/SKILL.md +392 -0
  11. package/assets/skills/review/code/SKILL.md +622 -0
  12. package/dist/commands/install/usage.js +2 -2
  13. package/dist/commands/install/usage.js.map +1 -1
  14. package/package.json +1 -1
  15. package/assets/skills/docs/write/SKILL.md +0 -274
  16. package/assets/skills/feature/api/SKILL.md +0 -277
  17. package/assets/skills/feature/deprecate/SKILL.md +0 -276
  18. package/assets/skills/feature/new/SKILL.md +0 -273
  19. package/assets/skills/feature/refactor/SKILL.md +0 -269
  20. package/assets/skills/fix/hotfix/SKILL.md +0 -233
  21. package/assets/skills/fix/pr-comment/SKILL.md +0 -186
  22. package/assets/skills/fix/root-cause/SKILL.md +0 -276
  23. package/assets/skills/marketing/logo/SKILL.md +0 -252
  24. package/assets/skills/marketing/seo-blog/SKILL.md +0 -367
  25. package/assets/skills/marketing/video/SKILL.md +0 -258
  26. package/assets/skills/research/onboarding/SKILL.md +0 -225
  27. package/assets/skills/research/spike/SKILL.md +0 -228
  28. package/assets/skills/research/web/SKILL.md +0 -204
  29. package/assets/skills/review/architect/SKILL.md +0 -274
  30. package/assets/skills/review/branch/SKILL.md +0 -277
  31. package/assets/skills/review/pr/SKILL.md +0 -231
  32. package/assets/skills/review/tdd/SKILL.md +0 -245
@@ -0,0 +1,891 @@
1
+ ---
2
+ name: feature-build
3
+ description: Feature lifecycle workflow — build new DDD features, refactor existing code into DDD, add/integrate APIs, or deprecate features. Stack-aware with phase-based checks and a review loop. Use when user says "implement feature", "add feature", "build feature", "create feature", "new feature", "refactor", "clean up", "improve code", "restructure", "migrate to ddd", "refactor ddd", "integrate api", "add endpoint", "new api", "connect api", "api integration", "deprecate", "remove feature", "sunset", "phase out", "delete feature".
4
+ args: "[MODE] [DOMAIN] [FEATURE]"
5
+ ---
6
+
7
+ # Feature Build Workflow
8
+
9
+ One skill for the full lifecycle of a feature: **create it, restructure it, expose it via API, or sunset it** — all following DDD layers with rule checks per phase and a review loop.
10
+
11
+ **ARGUMENTS:** `<mode> <domain> <feature>` — `mode` ∈ `new | refactor | api | deprecate`. e.g. `new wallet savings`, `refactor marketing notification`, `api catalog`, `deprecate payments legacy-checkout`.
12
+
13
+ ## Pick your mode
14
+
15
+ | If you are… | Mode | Jump to |
16
+ |-------------|------|---------|
17
+ | Building a brand-new feature across DDD layers | **NEW** | [Mode NEW](#mode-new) |
18
+ | Restructuring existing code into DDD / fixing drift | **REFACTOR** | [Mode REFACTOR](#mode-refactor) |
19
+ | Adding an endpoint or integrating a third-party API | **API** | [Mode API](#mode-api) |
20
+ | Safely sunsetting a feature / endpoint / module | **DEPRECATE** | [Mode DEPRECATE](#mode-deprecate) |
21
+
22
+ - ❌ Quick bug fix → use `/fix-bug`
23
+ - ❌ Don't know the right approach yet → `/research-explore` (WEB or SPIKE) first
24
+ - ❌ Multi-step task you want to run as a tracked checklist loop → `/feature-track`
25
+
26
+ ## Read Architecture First (all modes)
27
+
28
+ Detect stack via `~/.claude/architecture/_shared/stack-detection.md`. Load `ddd-architecture.md` + the stack doc — extract directory layout, layer rules, forbidden imports, check scripts before any code. Severity definitions live in `~/.claude/architecture/_shared/severity-levels.md`.
29
+
30
+ ---
31
+ ---
32
+
33
+ # Mode NEW
34
+
35
+ Build a new feature following DDD layers with rule checks per phase and a final review loop until score ≥ B.
36
+
37
+ ## When to use
38
+
39
+ - ✅ Feature spans multiple DDD layers (domain + app + infra)
40
+ - ✅ The approach is well-understood (no major research / prototype needed)
41
+ - ✅ You want automated architecture review at the end
42
+ - ❌ Restructuring existing code → use **Mode REFACTOR**
43
+ - ❌ Adding only an endpoint → use **Mode API**
44
+
45
+ ## Workflow
46
+
47
+ ```
48
+ 1 PLAN → 2 DOMAIN → 3 INFRA → 4 APP → 5 WIRE → 6 TESTS → REVIEW LOOP
49
+ ```
50
+
51
+ ## Phase 1: PLAN
52
+
53
+ ### 1.1 Read a reference module
54
+ Pick the smallest existing module in the project as a template. Read ALL its files end-to-end:
55
+ - entities, value objects, events, ports, usecases
56
+ - service, handler, DTOs, listeners
57
+ - infrastructure store/API
58
+ - registration in router/provider/registry
59
+
60
+ ### 1.2 Plan the feature
61
+
62
+ Present to the user:
63
+
64
+ ```markdown
65
+ ## Feature Plan: {domain}/{feature}
66
+
67
+ ### Entities + fields
68
+ - `{Entity}` — {field: type, with constraint}
69
+ - ...
70
+
71
+ ### Value Objects
72
+ - `{Status}` — states: {list}, transitions: {list}
73
+ - ...
74
+
75
+ ### Endpoints / screens / commands
76
+ | Method | Path | Purpose |
77
+ |--------|------|---------|
78
+ | POST | /api/v1/wallets/:id/savings | Open savings account |
79
+
80
+ ### Domain events
81
+ | Event | Triggered when | Listeners |
82
+ |-------|----------------|-----------|
83
+ | `SavingsAccountOpened` | After Account.open() succeeds | NotificationListener |
84
+
85
+ ### Business rules
86
+ - Cannot open savings if main balance < min threshold
87
+ - Interest accrues nightly via scheduled job
88
+ - ...
89
+
90
+ ### Files to create
91
+ - `domain/wallet/entities/savings_account.go`
92
+ - `domain/wallet/valueobjects/savings_status.go`
93
+ - `domain/wallet/ports/savings_store.go`
94
+ - `domain/wallet/usecases/open_savings.go`
95
+ - `application/ports/http/savings_handler.go`
96
+ - `infrastructure/database/savings_store.go`
97
+ - (+ tests for each domain file)
98
+ ```
99
+
100
+ ### Gate
101
+ - [ ] Architecture docs read
102
+ - [ ] Reference module read end-to-end
103
+ - [ ] Plan presented
104
+ - [ ] **User CONFIRMED** before any code is written
105
+
106
+ ## Phase 2: DOMAIN LAYER
107
+
108
+ Build in order: **value objects → entities → events → ports → usecases**.
109
+
110
+ - **Value Objects** — typed values with behavior (`IsTerminal()`, `CanTransitionTo()`). Stdlib imports only.
111
+ - **Entities** — constructor + behavior methods + guard methods (`isActive()`, `canXxx()`) + business error types. Raise events on state change. Imports: stdlib + valueobjects + domain/shared.
112
+ - **Events** — one file per event, extend base event, carry data listeners need.
113
+ - **Ports** — one file per interface. Store ports use domain types. Platform-agnostic naming. No infra imports.
114
+ - **UseCases** — constructor with port deps + event dispatcher. Split by concern. Business logic lives here. Dispatch events after persistence. No infra imports.
115
+
116
+ ### Gate
117
+ ```bash
118
+ {build_domain} && echo PASS || echo FAIL
119
+ {grep_forbidden in domain/} && echo FAIL || echo PASS
120
+ {cross_domain_check} && echo FAIL || echo PASS
121
+ ```
122
+
123
+ ## Phase 3: INFRASTRUCTURE LAYER
124
+
125
+ ### 3.1 Persistence models (if applicable)
126
+ - ORM models, Prisma schema, Freezed classes
127
+ - Table/collection config
128
+ - Helpers for atomic updates
129
+
130
+ ### 3.2 Store / API implementations
131
+ - Implements port interfaces from domain
132
+ - Compile-time interface check (where supported)
133
+ - Mapper functions: domain entity ↔ persistence model
134
+ - NO business logic
135
+ - Use context consistently
136
+
137
+ ### Gate
138
+ - [ ] Infra build passes
139
+ - [ ] All ports from Phase 2 have an implementation
140
+
141
+ ## Phase 4: APPLICATION LAYER
142
+
143
+ ### 4.1 Service
144
+ - Thin wrapper delegating to usecases
145
+ - Can orchestrate cross-domain calls
146
+
147
+ ### 4.2 Handler / Controller / Screen
148
+ - Wiring function: store → usecase → service → handler → routes
149
+ - Thin: parse → service → respond
150
+ - DTOs in separate file
151
+
152
+ ### 4.3 Listeners (if domain raises events)
153
+ - One file per event
154
+ - Side-effects only (notifications, SSE, analytics, jobs)
155
+ - Background context for async work
156
+ - Register in event bus
157
+
158
+ ### Gate
159
+ - [ ] App build passes
160
+ - [ ] Every event has a registered listener (if needed)
161
+
162
+ ## Phase 5: WIRING
163
+
164
+ ### 5.1 Router / Provider
165
+ - Add routes / screens / providers for the new module
166
+ - Wire service dependencies if cross-module
167
+
168
+ ### 5.2 Persistence setup
169
+ - Add migrations / schema files
170
+ - Run migrations on dev DB
171
+
172
+ ### 5.3 Event registry
173
+ - Register all new listeners
174
+ - Verify event name strings match across event ↔ registry
175
+
176
+ ### Gate
177
+ - [ ] Full build passes
178
+ - [ ] Routes / providers registered
179
+ - [ ] Migrations applied locally
180
+
181
+ ## Phase 6: TESTS
182
+
183
+ ### Value Object tests
184
+ - All status transitions, terminal states, behavior methods, edge cases
185
+
186
+ ### Entity tests
187
+ - Constructor, state transitions, event collection after change, guard methods, boundary values
188
+
189
+ ### UseCase tests
190
+ - Mock port interfaces, happy path per method, validation errors, business rules, event dispatching
191
+
192
+ ### Gate
193
+ - [ ] All domain tests pass
194
+ - [ ] Coverage on new code ≥ 80%
195
+
196
+ ## Review Loop (NEW)
197
+
198
+ ```
199
+ LOOP:
200
+ 1. /review-code architect {stack} {domain}
201
+ 2. IF violations severity ≥ MEDIUM:
202
+ fix all → build → tests → GOTO 1
203
+ 3. IF score ≥ B → BREAK
204
+ ```
205
+
206
+ ## Final Report (NEW)
207
+
208
+ ```markdown
209
+ ## Feature Complete: {domain}/{feature}
210
+
211
+ ### Files
212
+ - Created: {N}, Modified: {N}
213
+
214
+ ### Endpoints / Screens
215
+ | Method | Route | Description |
216
+ |--------|-------|-------------|
217
+
218
+ ### Domain Events
219
+ | Event | Listeners |
220
+ |-------|-----------|
221
+
222
+ ### Test coverage
223
+ - {N} test files, {M} cases — value objects + entities + usecases
224
+
225
+ ### Review score: {A/B}
226
+ - Build / Lint / Domain purity / Tests: all PASS
227
+ ```
228
+
229
+ ---
230
+ ---
231
+
232
+ # Mode REFACTOR
233
+
234
+ Restructure existing code into DDD layers, or fix drift in an existing DDD module. **Preserves behavior** — refactor structure, never change logic.
235
+
236
+ ## When to use
237
+
238
+ - ✅ Migrating a legacy module into DDD layers
239
+ - ✅ Existing DDD module has drifted (fat controller, anemic entity, mixed concerns)
240
+ - ✅ Splitting one domain into multiple bounded contexts
241
+ - ❌ Building a brand-new feature → use **Mode NEW**
242
+ - ❌ Just renaming files / variables → just do it
243
+ - ❌ Fixing a bug → use `/fix-bug`
244
+
245
+ ## Workflow
246
+
247
+ ```
248
+ 0 FOUNDATION → 1 ANALYZE → 2 DOMAIN → 3 INFRA → 4 APP → 5 TESTS → 6 CLEANUP → REVIEW LOOP
249
+ ```
250
+
251
+ Each phase has a Rule Check. Do not skip any phase.
252
+
253
+ ## Phase 0: FOUNDATION
254
+
255
+ **New project (no `domain/` yet):** create
256
+ - `domain/shared/` — base event types, event collector, dispatcher interface
257
+ - Event bus infrastructure
258
+ - App bootstrap/config struct
259
+
260
+ **Existing project:** verify
261
+ ```bash
262
+ ls {domain_root}/shared/ 2>/dev/null && echo PASS || echo NEED SETUP
263
+ ls {eventbus_path}/ 2>/dev/null && echo PASS || echo NEED SETUP
264
+ ```
265
+
266
+ If FAIL → set up foundation before continuing.
267
+
268
+ ### Gate
269
+ - [ ] Shared domain types exist
270
+ - [ ] Event infrastructure exists (if domain raises events)
271
+
272
+ ## Phase 1: ANALYZE
273
+
274
+ **Goal:** read ALL source files in the old module before touching anything.
275
+
276
+ ### Read
277
+ - All files in the module dir
278
+ - Related models / types / enums
279
+ - Routes / providers / screens for this module
280
+ - Existing tests (CRITICAL — used in Phase 5)
281
+
282
+ ### Output to user
283
+ ```markdown
284
+ ## Refactor Plan: {module} → {domain}
285
+
286
+ ### Current state
287
+ - Entities/models: {list with fields}
288
+ - Usecases (functions): {list with 1-line logic summary}
289
+ - DTOs: {list}
290
+ - Cross-module calls: {list}
291
+ - Side-effects: {notifications / SSE / analytics / async jobs}
292
+ - External deps: {DB, cache, messaging}
293
+ - Endpoints/screens: {list with method + path}
294
+ - Test files: {list with case counts}
295
+
296
+ ### Proposed DDD structure
297
+ - Value objects to extract: {list}
298
+ - Entities: {list}
299
+ - Events: {list}
300
+ - Ports: {list}
301
+ - Usecases: {list}
302
+ - Listeners: {list}
303
+ ```
304
+
305
+ ### Gate
306
+ - [ ] All module files read
307
+ - [ ] Plan presented to user
308
+ - [ ] **User CONFIRMED** before continuing
309
+
310
+ ## Phase 2: DOMAIN LAYER
311
+
312
+ Create `domain/{domain}/` (or add to existing). **Order: VO → entities → events → ports → usecases**.
313
+
314
+ - **Value Objects** (`valueobjects/`) — extract typed values (status strings, rates, amounts). Immutable + behavior methods. Stdlib imports only.
315
+ - **Entities** (`entities/`) — convert old models. Constructor + behavior methods + event collection. Add mappers to/from persistence. No framework imports.
316
+ - **Events** (`events/`) — one file per event. Extract from existing direct side-effect calls.
317
+ - **Ports** (`ports/`) — one file per interface. Store ports (persistence), adapter ports (external services). Platform-agnostic naming (`URLParser` not `ShopeeURLParser`). No infra imports.
318
+ - **UseCases** (`usecases/`) — extract business logic from old controllers/handlers/services. Import from `ports/`. Split by concern, ≤200 lines/file. No infra imports.
319
+
320
+ ### Gate
321
+ ```bash
322
+ {build_domain} && echo PASS || echo FAIL
323
+ {grep_forbidden in domain/} && echo FAIL || echo PASS
324
+ {cross_domain_check} && echo FAIL || echo PASS
325
+ ```
326
+
327
+ ## Phase 3: INFRASTRUCTURE LAYER
328
+
329
+ - Implement port interfaces from `domain/{domain}/ports/`
330
+ - Mapper functions: domain entity ↔ persistence model
331
+ - Compile-time interface check (where supported)
332
+ - NO business logic
333
+ - Keep existing persistence models in place
334
+
335
+ ### Gate
336
+ - [ ] Infra build passes
337
+ - [ ] All port interfaces implemented
338
+
339
+ ## Phase 4: APPLICATION LAYER
340
+
341
+ ### 4.1 Listeners (extract side-effects)
342
+ **CRITICAL:** Side-effects (notifications, SSE, analytics, jobs) **MUST NOT** be called directly in usecases or infra. Flow must be: entity collects event → usecase dispatches → listener handles.
343
+
344
+ - One file per event listener
345
+ - Register in event bus
346
+
347
+ ### 4.2 Service
348
+ - Thin wrapper, delegates to usecases. No business logic.
349
+
350
+ ### 4.3 Handler / Controller / Screen
351
+ - Registration / wiring function
352
+ - Thin: parse → service → return
353
+ - DTOs in separate file
354
+ - **All endpoints must match the old paths + methods**
355
+
356
+ ### Gate
357
+ - [ ] App build passes
358
+ - [ ] Every old endpoint has a new handler at the same path
359
+
360
+ ## Phase 5: TESTS
361
+
362
+ **CRITICAL:** read old tests first, copy every scenario. Do not lose coverage.
363
+
364
+ 1. Read all old test files
365
+ 2. List all test cases + business scenarios
366
+ 3. Write domain tests covering all of them
367
+
368
+ ### What to test
369
+ - **Entities** — behavior methods, edge cases, business rules (pure, no mocks)
370
+ - **UseCases** — happy + error paths, validation, event collection (mock ports)
371
+ - **Value Objects** — transitions, calculations, edge cases (pure)
372
+
373
+ ### Gate
374
+ - [ ] Old test count ≤ new test count
375
+ - [ ] Every old scenario covered
376
+ - [ ] `{test_command}` passes
377
+
378
+ ## Phase 6: INTEGRATION & CLEANUP
379
+
380
+ ### 6.1 Wire up the new module
381
+ - Add registration calls in router / provider / registry
382
+ - Remove old module registrations
383
+ - Endpoints/screens match old paths
384
+
385
+ ### 6.2 Remove old module
386
+ - Delete old directory **only after** build + tests pass
387
+ - Do NOT delete shared models/types other modules still use
388
+
389
+ ### Gate
390
+ ```bash
391
+ {full_build} && echo PASS || echo FAIL
392
+ test -d {old_module_path} && echo "FAIL: still there" || echo PASS
393
+ grep -r "{old_import_path}" --include="*.{ext}" . && echo "FAIL: stale imports" || echo PASS
394
+ ```
395
+
396
+ ## Review Loop (REFACTOR)
397
+
398
+ After Phase 6, call `/review-code architect {stack} {domain}`. Loop until score ≥ B.
399
+
400
+ ```
401
+ LOOP:
402
+ 1. /review-code architect {stack} {domain}
403
+ 2. IF violations severity ≥ MEDIUM:
404
+ fix all → full build → all tests → GOTO 1
405
+ 3. IF score ≥ B → BREAK
406
+ ```
407
+
408
+ ## Final Report (REFACTOR)
409
+
410
+ ```markdown
411
+ ## Refactor Complete: {module} → {domain}
412
+
413
+ ### Changes
414
+ - Files created: {N}, modified: {N}, deleted: {N}
415
+
416
+ ### Endpoints preserved
417
+ | Old path | New handler | Status |
418
+ |----------|-------------|--------|
419
+
420
+ ### Domain events introduced
421
+ | Event | Listener(s) |
422
+ |-------|-------------|
423
+
424
+ ### Tests
425
+ - Files: {N}, cases: {M} — all old scenarios migrated: YES
426
+
427
+ ### Review score: {A/B}
428
+ - Build / Lint / Domain purity / Old module removed / No stale imports / Tests: all PASS
429
+ ```
430
+
431
+ ---
432
+ ---
433
+
434
+ # Mode API
435
+
436
+ End-to-end workflow for designing, implementing, testing, and documenting APIs — both internal endpoints and third-party integrations.
437
+
438
+ ## When to use
439
+
440
+ - ✅ Adding a new REST / GraphQL endpoint to your service
441
+ - ✅ Integrating a third-party API (Stripe, OpenAI, etc.) into the system
442
+ - ✅ Replacing or upgrading an existing API integration
443
+ - ❌ Just need a one-off HTTP call in a script → use Bash directly
444
+ - ❌ Need to research which API to use → use `/research-explore` (WEB) first
445
+ - ❌ Building a whole new domain → use **Mode NEW** (which covers the API surface as Phase 4)
446
+
447
+ ## Workflow
448
+
449
+ ```
450
+ DESIGN → IMPLEMENT → TEST → DOCUMENT → REVIEW LOOP
451
+ ```
452
+
453
+ Before any phase, also read existing API conventions in the project (look at 1–2 existing endpoints as reference).
454
+
455
+ ## Phase 1: DESIGN
456
+
457
+ **Goal:** lock the API contract before writing any code.
458
+
459
+ ### Actions
460
+ 1. Identify API type: REST / GraphQL / gRPC / third-party client
461
+ 2. Define contract:
462
+ - Endpoints / operations (method + path)
463
+ - Request / response schema (use real types from domain entities)
464
+ - Auth method
465
+ - Error codes per endpoint
466
+ - Pagination (cursor or offset) — pick ONE, apply to all list endpoints
467
+ - Idempotency keys for POST/PUT (if applicable)
468
+ 3. Write the contract as **OpenAPI 3.0** (REST) or **GraphQL SDL**
469
+
470
+ ### Minimal OpenAPI skeleton
471
+
472
+ ```yaml
473
+ openapi: 3.0.0
474
+ info: { title: <name>, version: 1.0.0 }
475
+ servers: [{ url: https://api.example.com/v1 }]
476
+ components:
477
+ securitySchemes:
478
+ BearerAuth: { type: http, scheme: bearer }
479
+ schemas:
480
+ Error: { type: object, properties: { code: { type: string }, message: { type: string } } }
481
+ paths:
482
+ /resource:
483
+ post:
484
+ summary: Create resource
485
+ security: [{ BearerAuth: [] }]
486
+ requestBody: { content: { application/json: { schema: { $ref: '#/components/schemas/CreateInput' } } } }
487
+ responses:
488
+ '201': { description: Created, content: { application/json: { schema: { $ref: '#/components/schemas/Resource' } } } }
489
+ '400': { description: Validation error, content: { application/json: { schema: { $ref: '#/components/schemas/Error' } } } }
490
+ ```
491
+
492
+ ### Gate
493
+ - [ ] Endpoints listed in a table (method, path, auth, purpose)
494
+ - [ ] Request / response schemas defined
495
+ - [ ] Error codes listed (with stable string codes, not just HTTP status)
496
+ - [ ] Pagination strategy chosen (cursor preferred)
497
+ - [ ] **User CONFIRMED contract** before continuing
498
+
499
+ ## Phase 2: IMPLEMENT
500
+
501
+ **Goal:** implement the contract per stack conventions, respecting DDD layers.
502
+
503
+ ### Layered placement (DDD)
504
+
505
+ | Concern | Layer | Notes |
506
+ |---------|-------|-------|
507
+ | Route definition | `application/ports/http/` | Thin handler: parse → service → respond |
508
+ | Request / Response DTOs | `application/ports/http/dto/` | NOT domain types |
509
+ | Validation | Handler or domain (depending on stack) | Reject bad input before reaching usecase |
510
+ | Business logic | `domain/{domain}/usecases/` | NEVER in the handler |
511
+ | External API client | `infrastructure/adapters/` | Implements a port in `domain/{domain}/ports/` |
512
+ | Auth check | Middleware / decorator | NOT inline in handler |
513
+
514
+ ### Standard error response
515
+
516
+ All endpoints return errors in the same shape:
517
+
518
+ ```json
519
+ { "error": { "code": "STRING", "message": "human-readable", "details": {} } }
520
+ ```
521
+
522
+ `code` is stable across versions; `message` may change. Map domain errors → HTTP codes in ONE place (middleware / interceptor).
523
+
524
+ ### Standard pagination (cursor)
525
+
526
+ ```
527
+ GET /resource?cursor=<opaque>&limit=<int 1..100, default 20>
528
+
529
+ {
530
+ "data": [...],
531
+ "pagination": { "next_cursor": "..." | null }
532
+ }
533
+ ```
534
+
535
+ ### Gate
536
+ - [ ] Routes registered in router / app module
537
+ - [ ] Handler is thin (parse → service → respond)
538
+ - [ ] Business logic in usecase, not handler
539
+ - [ ] External calls go through infrastructure adapter
540
+ - [ ] Auth + validation in middleware, not handler
541
+ - [ ] Build passes: `{stack_build_command}`
542
+
543
+ ## Phase 3: TEST
544
+
545
+ **Goal:** verify the contract holds and breaks safely.
546
+
547
+ ### Test layers
548
+
549
+ | Layer | Type | What |
550
+ |-------|------|------|
551
+ | Handler | Unit | Validation, error mapping (mock service) |
552
+ | UseCase | Unit | Business logic (mock port) |
553
+ | Adapter (external API) | Integration | Real HTTP call to sandbox OR contract test with `nock` / `WireMock` |
554
+ | End-to-end | Integration | Full request → response, real DB |
555
+
556
+ ### Mandatory test cases per endpoint
557
+ - [ ] Happy path
558
+ - [ ] Auth failure (missing / invalid token)
559
+ - [ ] Validation failure (each required field missing)
560
+ - [ ] Permission failure (valid token, wrong scope)
561
+ - [ ] Not found (where applicable)
562
+ - [ ] Rate limit / quota (where applicable)
563
+ - [ ] Idempotency (POST with same key returns same response)
564
+
565
+ ### Gate
566
+ - [ ] All mandatory cases covered
567
+ - [ ] Tests pass: `{stack_test_command}`
568
+ - [ ] Error response shape verified in tests
569
+
570
+ ## Phase 4: DOCUMENT
571
+
572
+ **Goal:** update API docs so consumers can use it without reading code.
573
+
574
+ ### What to update
575
+ 1. **OpenAPI spec** committed to repo (`openapi.yaml` or per-resource files)
576
+ 2. **API.md** — append the new endpoint(s) (or use `/docs-sync` for full re-author)
577
+ 3. **CHANGELOG.md** — note breaking / additive changes
578
+ 4. **README.md** — if this changes quick-start
579
+
580
+ ### Endpoint doc entry (minimal)
581
+
582
+ ```markdown
583
+ ### POST /resource
584
+
585
+ Create a resource. Idempotent via `Idempotency-Key` header.
586
+
587
+ **Auth:** Bearer
588
+
589
+ **Request** `{ "field": "value" }`
590
+
591
+ **Response 201** `{ "id": "...", "field": "value" }`
592
+
593
+ **Errors**
594
+ | Code | HTTP | Meaning |
595
+ |------|------|---------|
596
+ | `invalid_field` | 400 | `field` failed validation |
597
+ | `unauthorized` | 401 | Token missing or invalid |
598
+ | `already_exists` | 409 | Same idempotency key with different body |
599
+ ```
600
+
601
+ ### Gate
602
+ - [ ] OpenAPI spec updated and lints
603
+ - [ ] API.md entry added
604
+ - [ ] CHANGELOG entry
605
+ - [ ] At least 1 example request runs successfully (curl / Postman)
606
+
607
+ ## Review Loop (API)
608
+
609
+ Run `/review-code architect` for the touched domain. Loop until score ≥ B.
610
+
611
+ ```
612
+ LOOP:
613
+ 1. /review-code architect {stack} {domain}
614
+ 2. Fix violations → re-run tests + build → GOTO 1 (until score ≥ B)
615
+ ```
616
+
617
+ ## Final Report (API)
618
+
619
+ ```markdown
620
+ ## API Integration Complete
621
+
622
+ ### Endpoints Added / Changed
623
+ | Method | Path | Purpose |
624
+ |--------|------|---------|
625
+
626
+ ### Files Created
627
+ - `application/ports/http/resource_handler.{ext}`
628
+ - `domain/{domain}/usecases/create_resource.{ext}`
629
+ - `infrastructure/adapters/{external_service}.{ext}` (if applicable)
630
+
631
+ ### Tests
632
+ - {N} test files, {M} test cases — handler, usecase, adapter, e2e
633
+
634
+ ### Documentation
635
+ - [x] OpenAPI spec updated [x] API.md entry added [x] CHANGELOG entry
636
+
637
+ ### Review Score: {A/B}
638
+ ```
639
+
640
+ ---
641
+ ---
642
+
643
+ # Mode DEPRECATE
644
+
645
+ Safely sunset a feature, API, or module without breaking users. Built around a **timeline** (T-90 → T+30) and the principle that **announce → warn → migrate → remove → monitor**.
646
+
647
+ ## When to use
648
+
649
+ - ✅ Sunsetting a public API endpoint, SDK method, or user-facing feature
650
+ - ✅ Removing an internal module that other domains depend on
651
+ - ✅ Migrating consumers from v1 → v2 of anything
652
+ - ❌ Just deleting unused dead code (no consumers) → just delete in PR with explanation
653
+ - ❌ Renaming an internal helper → just rename, no deprecation needed
654
+ - ❌ Removing a feature behind a flag with 0 users → just remove the flag
655
+
656
+ ## Workflow
657
+
658
+ ```
659
+ IDENTIFY → PLAN → MIGRATE → REMOVE → VERIFY
660
+ ↓ ↓ ↓ ↓ ↓
661
+ announce warn migrate remove monitor
662
+ (T-90) (T-60) (T-30) (T-0) (T+30)
663
+ ```
664
+
665
+ ## Deprecation Strategy
666
+
667
+ | Strategy | When | Timeline |
668
+ |----------|------|----------|
669
+ | **Soft** | Internal API, replacement available, low usage | Announce → warn → migrate → remove (1–3 months) |
670
+ | **Hard** | Security issue, breaking infra change | Announce + remove fast (days to weeks, with mitigation) |
671
+ | **Versioned** | Public API, breaking change | Run v1 + v2 side-by-side, sunset v1 over months/years |
672
+
673
+ ## Phase 1: IDENTIFY
674
+
675
+ **Goal:** know what you're removing and who depends on it.
676
+
677
+ ### Actions
678
+ 1. Define the target: feature / endpoint / module / class / method
679
+ 2. Find ALL usages:
680
+ ```bash
681
+ grep -rn "{symbol}" --include="*.{ext}" .
682
+ # for APIs, check access logs:
683
+ {log_query for endpoint hits over last 30/90 days}
684
+ ```
685
+ 3. Identify consumers: internal teams / services, external users / SDK consumers, third-party integrations, docs and tutorials that reference it
686
+ 4. Assess impact (per architecture layer): which layers reference it, cross-domain consumers, breaking change severity
687
+ 5. Find replacement (or document "no replacement, here's the workaround")
688
+
689
+ ### Output
690
+
691
+ ```markdown
692
+ ## Deprecation Analysis: {target}
693
+
694
+ ### What
695
+ - Type: {feature / API / class / method / module}
696
+ - Location: {file:line(s)}
697
+ - Reason: {security / consolidation / better alternative / cost / etc.}
698
+
699
+ ### Replacement
700
+ - {New API / pattern, with migration mapping} OR {no replacement — rationale}
701
+
702
+ ### Usage
703
+ - Internal callers: {list with team contacts}
704
+ - External callers (last 30d): {N requests / N unique tokens}
705
+ - Docs referencing it: {list}
706
+
707
+ ### Impact
708
+ - Layers affected: {domain / application / infra}
709
+ - Severity: {breaking / non-breaking}
710
+ - Estimated migration effort per consumer: {hours}
711
+ ```
712
+
713
+ ### Gate
714
+ - [ ] All usages found (internal + external)
715
+ - [ ] Stakeholders listed with contacts
716
+ - [ ] Replacement defined (or explicit "no replacement")
717
+ - [ ] Impact severity assessed
718
+
719
+ ## Phase 2: PLAN
720
+
721
+ **Goal:** lock the timeline and the communication plan.
722
+
723
+ ### Timeline template
724
+
725
+ | Phase | Date | Action |
726
+ |-------|------|--------|
727
+ | T-90 | {date} | Announce deprecation (changelog + email + docs banner) |
728
+ | T-60 | {date} | Add runtime warning (log / response header) |
729
+ | T-30 | {date} | Hard warning (UI banner / error in non-prod) |
730
+ | T-0 | {date} | Remove. Return 410 Gone for APIs |
731
+ | T+30 | {date} | Remove deprecation code itself, archive docs |
732
+
733
+ **Adjust** based on strategy: hard = days, public API = months/quarters.
734
+
735
+ ### Comms checklist
736
+ - [ ] CHANGELOG entry
737
+ - [ ] Release notes
738
+ - [ ] Email to known consumers
739
+ - [ ] Docs banner on the deprecated feature page
740
+ - [ ] Migration guide written (with code diff before/after)
741
+ - [ ] Slack / forum announcement
742
+ - [ ] Updated SDK (if applicable) with deprecation in code
743
+
744
+ ### Gate
745
+ - [ ] Timeline locked with dates
746
+ - [ ] Migration guide drafted
747
+ - [ ] Comms plan signed off by stakeholders
748
+ - [ ] Replacement available and documented
749
+
750
+ ## Phase 3: MIGRATE
751
+
752
+ **Goal:** make consumers stop using the deprecated thing.
753
+
754
+ ### Add deprecation markers (in code)
755
+
756
+ Pick the language idiom — show **what** is deprecated, **when** it goes away, and **what to use instead**.
757
+
758
+ ```ts
759
+ /** @deprecated Removed on {date}. Use `newFunction()`. See {link}. */
760
+ export function oldFunction() { ... }
761
+ ```
762
+
763
+ ```go
764
+ // Deprecated: removed on {date}. Use NewFunction instead. See {link}.
765
+ func OldFunction() { ... }
766
+ ```
767
+
768
+ ```php
769
+ /** @deprecated since 2.0.0, removed in 3.0.0. Use newMethod(). See {link}. */
770
+ public function oldMethod() { ... }
771
+ ```
772
+
773
+ ```dart
774
+ @Deprecated('Removed on {date}. Use newWidget(). See {link}.')
775
+ class OldWidget { ... }
776
+ ```
777
+
778
+ ### Add runtime signal (for APIs)
779
+ - Response header: `Deprecation: true` + `Sunset: {RFC 3339 date}` + `Link: <docs>; rel="deprecation"`
780
+ - Server log: `deprecated.endpoint.called` with caller identity
781
+ - Metric: counter of deprecated calls, broken down by consumer
782
+
783
+ ### Migrate internal consumers proactively
784
+ - Open PRs against internal consumers yourself when possible
785
+ - Track migration progress (% consumers migrated)
786
+
787
+ ### Gate
788
+ - [ ] Deprecation markers in code
789
+ - [ ] Runtime signals in place (headers, logs, metrics)
790
+ - [ ] Internal usage trending down (verify weekly)
791
+ - [ ] Migration guide proven by ≥1 consumer
792
+
793
+ ## Phase 4: REMOVE
794
+
795
+ **Goal:** delete the deprecated thing safely.
796
+
797
+ ### Pre-removal checks
798
+ - [ ] Today's date ≥ T-0
799
+ - [ ] Usage metric shows 0 calls (or only known stragglers with explicit waiver)
800
+ - [ ] Final removal warning sent to remaining consumers
801
+ - [ ] Replacement still works and is documented
802
+
803
+ ### Removal steps
804
+ 1. Delete the code + tests + docs
805
+ 2. For APIs: return `410 Gone` (NOT 404 — different meaning) with migration link in body
806
+ 3. Remove DB columns / tables in a follow-up migration (NOT same PR — keep removal reversible)
807
+ 4. Update CHANGELOG: "Removed: {thing}. See migration guide {link}."
808
+ 5. Deploy through normal pipeline
809
+
810
+ ### Gate
811
+ - [ ] Code, tests, docs removed
812
+ - [ ] API returns 410 (if applicable)
813
+ - [ ] CHANGELOG entry
814
+ - [ ] Deployed to all environments
815
+
816
+ ## Phase 5: VERIFY (T+30)
817
+
818
+ **Goal:** confirm clean removal.
819
+
820
+ ### Checks
821
+ - [ ] No errors related to the removed code in monitoring
822
+ - [ ] No customer support tickets about the missing feature
823
+ - [ ] No leftover references in code (grep for the symbol)
824
+ - [ ] Deprecation infra (warning headers, log alerts) cleaned up
825
+ - [ ] DB cleanup migration applied (if any)
826
+
827
+ ### Final report
828
+
829
+ ```markdown
830
+ ## Deprecation Complete: {target}
831
+
832
+ ### Timeline
833
+ - Announced: {date} Removed: {date} Verified: {date}
834
+
835
+ ### Outcome
836
+ - Consumers migrated: {N/N}
837
+ - Errors post-removal: {0 / N — explanation}
838
+ - Replacement adoption: {%}
839
+
840
+ ### Cleanup
841
+ - [x] Code removed [x] Tests removed [x] Docs removed
842
+ - [x] DB columns dropped (in {migration}) [x] Deprecation infra cleaned
843
+ ```
844
+
845
+ ## Anti-Patterns (DEPRECATE)
846
+
847
+ - **Silent removal** — removing without warning. Always announce first.
848
+ - **Vague deprecation** — `@deprecated` with no date and no replacement. Always include both.
849
+ - **Forever-deprecation** — marking deprecated and never removing. Set the date.
850
+ - **Returning 404 instead of 410** — 404 = "doesn't exist", 410 = "intentionally gone". Use 410.
851
+ - **Same-PR removal of API + DB columns** — keep removal reversible; drop columns in a follow-up.
852
+
853
+ ---
854
+ ---
855
+
856
+ ## Hard Rules (all modes)
857
+
858
+ - **Read reference / old code first** — your code should look like the rest of the codebase; don't invent logic from variable names.
859
+ - **User confirms the plan / contract** before any code is written.
860
+ - **Phase order is sequential** — Rule Checks gate the next phase; don't skip ahead.
861
+ - **Domain has zero framework imports** — enforce via grep in the domain gate.
862
+ - **Listeners handle side-effects** — never call notifications/SSE/analytics from a usecase.
863
+ - **REFACTOR preserves behavior** — never change business logic; all endpoints keep their paths; read old tests so no scenario is lost.
864
+ - **API:** never put business logic in the handler; never call an external API directly from a usecase (go through an adapter implementing a domain port); error codes are stable strings; one pagination style; idempotency key for any state-creating POST.
865
+ - **DEPRECATE:** announce before removing; every `@deprecated` has a date + replacement; return 410 not 404; keep removal reversible.
866
+ - **Don't merge with score < B** — fix violations or document the waiver.
867
+
868
+ ## Related Skills
869
+
870
+ | When | Use |
871
+ |------|-----|
872
+ | Don't know approach yet | `/research-explore` (WEB) → then NEW mode |
873
+ | Want to validate by prototyping | `/research-explore` (SPIKE) → then NEW mode |
874
+ | Run the work as a tracked checklist loop | `/feature-track` |
875
+ | Architecture / TDD / PR review | `/review-code` (ARCHITECT / TDD / PR modes) |
876
+ | Documenting the full API surface | `/docs-sync` |
877
+ | Quick bug fix instead | `/fix-bug` |
878
+
879
+ ## Recommended Agents
880
+
881
+ | Phase / Mode | Agent | Purpose |
882
+ |--------------|-------|---------|
883
+ | PLAN / ANALYZE | `@clean-architect` | Architecture design / alignment |
884
+ | ANALYZE (REFACTOR) | `@refactor`, `@code-reviewer` | Refactor scope + smell detection |
885
+ | DESIGN (API) | `@api-designer` | API contract design (OpenAPI / GraphQL) |
886
+ | IDENTIFY (DEPRECATE) | `@refactor`, `@code-reviewer` | Dependency analysis + find usages |
887
+ | BUILD / IMPLEMENT | Stack-specific dev agent | Implementation |
888
+ | BUILD | `@db-designer` | Schema if new tables needed |
889
+ | TESTS | `@test-writer` | Domain / integration tests |
890
+ | REVIEW | `@code-reviewer`, `@security-audit` | Code quality + security |
891
+ | DOCUMENT / DEPRECATE | `@docs-writer` | OpenAPI + API.md + migration guide |