oh-my-claude-sisyphus 3.6.3 → 3.7.0

package/templates/rules/performance.md

@@ -0,0 +1,40 @@
+# Performance Rules
+
+## Model Selection Strategy
+
+**Haiku** (90% of Sonnet capability, 3x cost savings):
+- Lightweight agents with frequent invocation
+- Code generation and exploration
+- Worker agents in multi-agent systems
+
+**Sonnet** (Best coding model):
+- Main development work
+- Orchestrating multi-agent workflows
+- Complex coding tasks
+
+**Opus** (Deepest reasoning):
+- Complex architectural decisions
+- Maximum reasoning requirements
+- Research and analysis tasks
+
+## Context Window Management
+
+Avoid last 20% of context window for:
+- Large-scale refactoring
+- Feature implementation spanning multiple files
+- Debugging complex interactions
+
+## Algorithm Efficiency
+
+Before implementing:
+- [ ] Consider time complexity
+- [ ] Avoid O(n^2) when O(n log n) possible
+- [ ] Use appropriate data structures
+- [ ] Cache expensive computations
+
+## [CUSTOMIZE] Project-Specific Performance
+
+Add your project-specific performance requirements here:
+- Response time targets
+- Bundle size limits
+- Database query limits

package/templates/rules/security.md

@@ -0,0 +1,41 @@
+# Security Rules
+
+## Mandatory Security Checks
+
+Before ANY commit:
+- [ ] No hardcoded secrets (API keys, passwords, tokens)
+- [ ] All user inputs validated
+- [ ] SQL injection prevention (parameterized queries)
+- [ ] XSS prevention (sanitized HTML)
+- [ ] CSRF protection enabled
+- [ ] Authentication/authorization verified
+- [ ] Rate limiting on all endpoints
+- [ ] Error messages don't leak sensitive data
+
+## Secret Management
+
+```typescript
+// NEVER: Hardcoded secrets
+const apiKey = "sk-proj-xxxxx"
+
+// ALWAYS: Environment variables
+const apiKey = process.env.API_KEY
+if (!apiKey) throw new Error('API_KEY not configured')
+```
+
+## Security Response Protocol
+
+If security issue found:
+1. STOP immediately
+2. Use `security-reviewer` agent
+3. Fix CRITICAL issues before continuing
+4. Rotate any exposed secrets
+5. Review entire codebase for similar issues
+
+## [CUSTOMIZE] Project-Specific Security
+
+Add your project-specific security requirements here:
+- Authentication method
+- Authorization rules
+- Data encryption requirements
+- Compliance requirements (GDPR, HIPAA, etc.)

package/templates/rules/testing.md

@@ -0,0 +1,42 @@
+# Testing Rules
+
+## Minimum Test Coverage: 80%
+
+Test Types (ALL required):
+1. **Unit Tests** - Individual functions, utilities, components
+2. **Integration Tests** - API endpoints, database operations
+3. **E2E Tests** - Critical user flows
+
+## Test-Driven Development
+
+MANDATORY workflow:
+1. Write test first (RED)
+2. Run test - it should FAIL
+3. Write minimal implementation (GREEN)
+4. Run test - it should PASS
+5. Refactor (IMPROVE)
+6. Verify coverage (80%+)
+
+## Edge Cases to Test
+
+Every function must be tested with:
+- [ ] Null/undefined inputs
+- [ ] Empty arrays/strings
+- [ ] Invalid types
+- [ ] Boundary values (min/max)
+- [ ] Error conditions
+
+## Test Quality Checklist
+
+- [ ] Tests are independent (no shared state)
+- [ ] Test names describe behavior
+- [ ] Mocks used for external dependencies
+- [ ] Both happy path and error paths tested
+- [ ] No flaky tests
+
+## [CUSTOMIZE] Project-Specific Testing
+
+Add your project-specific testing requirements here:
+- Test framework configuration
+- Mock setup patterns
+- E2E test scenarios