musubix 2.1.0 → 2.2.0

package/.github/prompts/sdd-requirements.prompt.md

@@ -1,193 +0,0 @@
-# MUSUBIX Requirements Command
-
-Create EARS-format requirements specification through interactive dialogue.
-
----
-
-## Instructions for AI Agent
-
-You are executing the `musubix requirements [feature-name]` command to create a requirements specification.
-
-### Command Format
-
-```bash
-npx musubix requirements analyze authentication
-npx musubix requirements validate spec.md
-npx musubix requirements map spec.md
-```
-
-### Your Task
-
-**CRITICAL**: Before generating requirements, engage in an interactive 1-on-1 dialogue with the user to uncover the TRUE PURPOSE behind their request.
-
-### Output Directory
-
-**Requirements documents are saved to**: `storage/specs/`
-
-- File: `storage/specs/REQ-{{FEATURE}}-001.md`
-
----
-
-## Process
-
-### 1. Read Steering Context (Article VI)
-
-**IMPORTANT**: Before starting, read steering files to understand project context:
-
-```bash
-# Read these files first
-steering/product.ja.md      # Business context, users, goals
-steering/structure.ja.md    # Architecture patterns
-steering/tech.ja.md         # Technology stack
-```
-
-**Extract**:
-
-- Target users
-- Product goals
-- Existing architecture patterns
-- Technology constraints (TypeScript, Node.js 20+)
-
----
-
-### 2. Interactive True Purpose Discovery
-
-**CRITICAL RULE**: Ask ONE question at a time, then STOP and WAIT.
-
-#### Question Sequence
-
-**Turn 1**: WHY question
-```
-この機能で解決したい『本当の課題』は何ですか？
-```
-
-**Turn 2**: WHO question
-```
-この機能を最も必要としているのは誰ですか？
-```
-
-**Turn 3**: WHAT-IF question
-```
-もしこの機能が完璧に動作したら、何が変わりますか？
-```
-
-**Turn 4**: CONSTRAINT question
-```
-この機能で『絶対にやってはいけないこと』はありますか？
-```
-
-**Turn 5**: SUCCESS CRITERIA question
-```
-この機能が『成功した』と言えるのはどんな状態ですか？
-```
-
----
-
-### 3. Apply EARS Format (Article IV)
-
-**CRITICAL**: All requirements MUST use one of 5 EARS patterns.
-
-| Pattern | Syntax | Usage |
-|---------|--------|-------|
-| **Ubiquitous** | `The [system] SHALL [action]` | Always-active features |
-| **Event-driven** | `WHEN [event], the [system] SHALL [action]` | User action triggers |
-| **State-driven** | `WHILE [state], the [system] SHALL [action]` | Continuous conditions |
-| **Unwanted** | `IF [error], THEN the [system] SHALL [action]` | Error handling |
-| **Optional** | `WHERE [feature], the [system] SHALL [action]` | Feature flags |
-
----
-
-### 4. Generate Requirements Document
-
-**Template**:
-
-```markdown
-# Requirements Specification: {{FEATURE_NAME}}
-
-**Document ID**: REQ-{{FEATURE}}-001
-**Version**: 1.0.0
-**Date**: {{DATE}}
-**Status**: Draft
-
-## Overview
-
-- **Purpose**: [True purpose discovered through dialogue]
-- **Scope**: [In/Out scope]
-- **Package**: packages/core/ or packages/mcp-server/ or packages/yata-client/
-
-## Stakeholders
-
-| Role | Description | Needs |
-|------|-------------|-------|
-| Developer | Uses MUSUBIX CLI | Efficient workflow |
-
-## Functional Requirements
-
-### REQ-{{COMPONENT}}-001: [Title]
-
-**EARS Pattern**: [Pattern name]
-
-> [EARS statement]
-
-**Priority**: P0/P1/P2/P3
-**Acceptance Criteria**:
-- [ ] [Criterion 1]
-- [ ] [Criterion 2]
-
-**Traceability**: → DES-{{FEATURE}}-001
-
-## Non-Functional Requirements
-
-### REQ-PERF-001: Performance
-The system SHALL respond within 200ms for 95% of requests.
-
-### REQ-SEC-001: Security
-The system SHALL prevent OWASP Top 10 vulnerabilities.
-
-## Traceability Matrix
-
-| Requirement | Design | Task | Test |
-|-------------|--------|------|------|
-| REQ-{{COMPONENT}}-001 | DES-{{FEATURE}}-001 | TSK-{{FEATURE}}-001 | TBD |
-```
-
----
-
-### 5. Requirements ID Format
-
-**Format**: `REQ-[COMPONENT]-[NUMBER]`
-
-**Examples**:
-- `REQ-CLI-001` - CLI component
-- `REQ-MCP-001` - MCP Server component
-- `REQ-YATA-001` - YATA Client component
-- `REQ-CORE-001` - Core library component
-
----
-
-### 6. Quality Checklist
-
-Each requirement MUST have:
-
-- [ ] Unique ID (REQ-COMPONENT-NNN)
-- [ ] EARS pattern (one of 5)
-- [ ] Clear SHALL statement
-- [ ] Testable acceptance criteria
-- [ ] Priority (P0/P1/P2/P3)
-- [ ] Status (Draft initially)
-
----
-
-### 7. MCP Tool Integration
-
-Use MUSUBIX MCP tools:
-
-```
-sdd_create_requirements - Create requirements document
-sdd_validate_requirements - Validate EARS patterns
-```
-
----
-
-**MUSUBIX**: https://github.com/nahisaho/MUSUBIX
-**Version**: 1.0.0

package/.github/prompts/sdd-review.prompt.md

@@ -1,155 +0,0 @@
-# MUSUBIX Code Review Command
-
-Perform comprehensive code review with SOLID principles and quality checks.
-
----
-
-## Instructions for AI Agent
-
-You are executing the `musubix review [feature-name]` command to perform code review.
-
-### Command Format
-
-```bash
-npx musubix codegen analyze <file>
-npx musubix trace validate
-```
-
-### Your Task
-
-Perform comprehensive code review focusing on:
-
-1. SOLID Principles Compliance
-2. Code Quality Metrics
-3. Design Pattern Usage
-4. Traceability Verification
-5. Best Practices Adherence
-
----
-
-## Process
-
-### 1. Read Source Code and Context
-
-```bash
-# Source Code
-packages/core/src/{{feature}}/**/*.ts
-packages/mcp-server/src/tools/**/*.ts
-
-# Design Documentation
-storage/specs/DES-{{FEATURE}}-001.md
-
-# Steering Context
-steering/structure.ja.md
-steering/tech.ja.md
-steering/rules/constitution.md
-```
-
-### 2. SOLID Principles Check
-
-Review each file for:
-
-| Principle | Check |
-|-----------|-------|
-| **S**ingle Responsibility | 1つのクラス/関数は1つの責務のみ |
-| **O**pen/Closed | 拡張に開き、修正に閉じている |
-| **L**iskov Substitution | 派生クラスは基底クラスと置換可能 |
-| **I**nterface Segregation | クライアント固有のインターフェース |
-| **D**ependency Inversion | 抽象に依存、具象に依存しない |
-
-### 3. Code Quality Metrics
-
-Analyze:
-
-- **Cyclomatic Complexity**: 関数あたり10以下
-- **Lines per Function**: 50行以下
-- **Lines per File**: 300行以下
-- **Nesting Depth**: 3レベル以下
-- **Parameter Count**: 5個以下
-
-### 4. Design Pattern Review
-
-Check for:
-
-- [ ] Repository Pattern (データアクセス)
-- [ ] Service Layer (ビジネスロジック)
-- [ ] Factory Pattern (オブジェクト生成)
-- [ ] Value Objects (ドメイン概念)
-- [ ] Result Type (エラーハンドリング)
-
-### 5. Best Practices Check
-
-| カテゴリ | チェック項目 |
-|---------|-------------|
-| 命名規則 | PascalCase (型), camelCase (変数/関数), UPPER_CASE (定数) |
-| TypeScript | strict mode, 明示的な型定義, any禁止 |
-| エラー処理 | Result<T, E>パターン, 適切なエラーメッセージ |
-| コメント | JSDoc形式, 複雑なロジックの説明 |
-| インポート | 絶対パス, 循環参照なし |
-
----
-
-## Output Format
-
-```markdown
-# Code Review Report: {{FEATURE}}
-
-## Summary
-- **Overall Score**: A/B/C/D/F
-- **Files Reviewed**: X files
-- **Issues Found**: X critical, X warnings, X suggestions
-
-## SOLID Compliance
-| Principle | Status | Notes |
-|-----------|--------|-------|
-| SRP | ✅/⚠️/❌ | ... |
-| OCP | ✅/⚠️/❌ | ... |
-| LSP | ✅/⚠️/❌ | ... |
-| ISP | ✅/⚠️/❌ | ... |
-| DIP | ✅/⚠️/❌ | ... |
-
-## Quality Metrics
-| Metric | Value | Status |
-|--------|-------|--------|
-| Avg Cyclomatic Complexity | X | ✅/⚠️/❌ |
-| Max Lines per Function | X | ✅/⚠️/❌ |
-| Max Nesting Depth | X | ✅/⚠️/❌ |
-
-## Issues
-
-### Critical (Must Fix)
-1. [FILE:LINE] Description
-
-### Warnings (Should Fix)
-1. [FILE:LINE] Description
-
-### Suggestions (Nice to Have)
-1. [FILE:LINE] Description
-
-## Recommendations
-1. ...
-2. ...
-```
-
----
-
-## Traceability
-
-This skill implements:
-- **Article III**: Test-First Imperative (コードレビューによる品質確保)
-- **Article VII**: Simplicity Gate (コードの複雑性チェック)
-
----
-
-## Related Commands
-
-```bash
-# Static analysis
-npx musubix codegen analyze <file>
-
-# Traceability validation
-npx musubix trace validate
-
-# Security scanning
-npx musubix codegen security <path>
-```

package/.github/prompts/sdd-security.prompt.md

@@ -1,228 +0,0 @@
-# MUSUBIX Security Scan Command
-
-Perform comprehensive security scanning and vulnerability detection.
-
----
-
-## Instructions for AI Agent
-
-You are executing the `musubix security [feature-name]` command to perform security analysis.
-
-### Command Format
-
-```bash
-npx musubix codegen security <path>
-```
-
-### Your Task
-
-Perform comprehensive security analysis covering:
-
-1. OWASP Top 10 vulnerabilities
-2. Dependency vulnerabilities
-3. Authentication/Authorization issues
-4. Data validation gaps
-5. Sensitive data exposure
-
----
-
-## Process
-
-### 1. Read Source Code and Dependencies
-
-```bash
-# Source Code
-packages/core/src/{{feature}}/**/*.ts
-packages/mcp-server/src/tools/**/*.ts
-
-# Dependencies
-package.json
-package-lock.json
-
-# Auth module
-packages/core/src/auth/**/*.ts
-```
-
-### 2. OWASP Top 10 Checks
-
-| # | Vulnerability | Check |
-|---|--------------|-------|
-| A01 | Broken Access Control | 認可チェックの実装確認 |
-| A02 | Cryptographic Failures | 暗号化の適切な使用 |
-| A03 | Injection | SQL/NoSQL/コマンドインジェクション |
-| A04 | Insecure Design | セキュリティパターンの適用 |
-| A05 | Security Misconfiguration | 設定の安全性 |
-| A06 | Vulnerable Components | 依存関係の脆弱性 |
-| A07 | Authentication Failures | 認証の実装不備 |
-| A08 | Software/Data Integrity | データ整合性の検証 |
-| A09 | Security Logging | ログと監視 |
-| A10 | SSRF | サーバーサイドリクエストフォージェリ |
-
-### 3. Code Pattern Analysis
-
-#### ❌ Dangerous Patterns
-
-```typescript
-// SQL Injection - 危険
-const query = `SELECT * FROM users WHERE id = ${userId}`;
-
-// Command Injection - 危険
-exec(`ls ${userInput}`);
-
-// Path Traversal - 危険
-const file = fs.readFileSync(`./uploads/${filename}`);
-
-// Hardcoded Secrets - 危険
-const apiKey = 'sk-1234567890abcdef';
-
-// eval() - 危険
-eval(userInput);
-```
-
-#### ✅ Safe Patterns
-
-```typescript
-// Parameterized Query - 安全
-const query = db.query('SELECT * FROM users WHERE id = ?', [userId]);
-
-// Input Validation - 安全
-const sanitized = sanitize(userInput);
-
-// Path Validation - 安全
-const safePath = path.resolve('./uploads', path.basename(filename));
-
-// Environment Variables - 安全
-const apiKey = process.env.API_KEY;
-
-// No eval - 安全
-const result = JSON.parse(jsonString);
-```
-
-### 4. Authentication & Authorization
-
-Check for:
-
-- [ ] JWT/Session token validation
-- [ ] Password hashing (bcrypt, argon2)
-- [ ] Role-based access control (RBAC)
-- [ ] Rate limiting
-- [ ] CSRF protection
-- [ ] Secure cookie flags
-
-### 5. Data Validation
-
-```typescript
-// ✅ Recommended: Zod schema validation
-import { z } from 'zod';
-
-const UserInputSchema = z.object({
-  email: z.string().email(),
-  password: z.string().min(8).max(100),
-  age: z.number().int().positive().max(150),
-});
-
-// Validate all user inputs
-const result = UserInputSchema.safeParse(userInput);
-if (!result.success) {
-  return err(new ValidationError(result.error));
-}
-```
-
-### 6. Dependency Audit
-
-```bash
-# Check for known vulnerabilities
-npm audit
-npm audit --audit-level=moderate
-
-# Update vulnerable packages
-npm audit fix
-```
-
----
-
-## Output Format
-
-```markdown
-# Security Scan Report: {{FEATURE}}
-
-## Summary
-- **Risk Level**: Critical/High/Medium/Low
-- **Vulnerabilities Found**: X critical, X high, X medium, X low
-- **Dependencies Audited**: X packages
-
-## OWASP Top 10 Assessment
-
-| Category | Status | Findings |
-|----------|--------|----------|
-| A01: Access Control | ✅/⚠️/❌ | ... |
-| A02: Cryptographic | ✅/⚠️/❌ | ... |
-| A03: Injection | ✅/⚠️/❌ | ... |
-| A04: Insecure Design | ✅/⚠️/❌ | ... |
-| A05: Misconfiguration | ✅/⚠️/❌ | ... |
-| A06: Vulnerable Deps | ✅/⚠️/❌ | ... |
-| A07: Auth Failures | ✅/⚠️/❌ | ... |
-| A08: Integrity | ✅/⚠️/❌ | ... |
-| A09: Logging | ✅/⚠️/❌ | ... |
-| A10: SSRF | ✅/⚠️/❌ | ... |
-
-## Critical Vulnerabilities
-
-### 1. [CRITICAL] SQL Injection in user-service.ts
-- **Location**: packages/core/src/user/user-service.ts:45
-- **Description**: User input directly concatenated in SQL query
-- **Remediation**: Use parameterized queries
-- **Reference**: CWE-89
-
-### 2. [HIGH] Hardcoded API Key
-- **Location**: packages/core/src/auth/config.ts:12
-- **Description**: API key stored in source code
-- **Remediation**: Use environment variables
-- **Reference**: CWE-798
-
-## Dependency Vulnerabilities
-
-| Package | Severity | Version | Fixed In |
-|---------|----------|---------|----------|
-| lodash | High | 4.17.20 | 4.17.21 |
-
-## Recommendations
-
-1. **Immediate**: Fix all critical vulnerabilities
-2. **Short-term**: Update vulnerable dependencies
-3. **Long-term**: Implement security testing in CI/CD
-
-## Compliance Checklist
-
-- [ ] Input validation on all user inputs
-- [ ] Output encoding for XSS prevention
-- [ ] Parameterized queries for database access
-- [ ] Secrets in environment variables
-- [ ] HTTPS enforced
-- [ ] Security headers configured
-- [ ] Rate limiting implemented
-- [ ] Audit logging enabled
-```
-
----
-
-## Traceability
-
-This skill implements:
-- **Article IX**: Integration-First Testing (セキュリティテスト)
-- Security requirements validation
-
----
-
-## Related Commands
-
-```bash
-# Security scan
-npx musubix codegen security <path>
-
-# Dependency audit
-npm audit
-
-# Static analysis
-npx musubix codegen analyze <file>
-```