opencode-goopspec 0.1.0

package/skills/progress-tracking/skill.md

@@ -0,0 +1,155 @@
+---
+name: progress-tracking
+description: Track and report progress across phases and tasks
+category: core
+triggers:
+  - progress
+  - status
+  - track
+  - todo
+version: 0.1.0
+requires:
+  - goop-core
+---
+
+# Progress Tracking Skill
+
+## State Hierarchy
+
+```
+Project
+└── Milestone
+    └── Phase
+        └── Plan
+            └── Task
+                └── Todo
+```
+
+## Tracking Files
+
+### STATE.md
+
+Central state file at `.goopspec/STATE.md`:
+
+```markdown
+# Project State
+
+**Status:** Active
+**Current Phase:** 2
+**Current Plan:** feature-auth
+
+## Progress
+
+| Phase | Status | Tasks | Completion |
+|-------|--------|-------|------------|
+| 1 | Complete | 5/5 | 100% |
+| 2 | In Progress | 2/4 | 50% |
+| 3 | Pending | 0/3 | 0% |
+
+## Active Todos
+
+- [ ] Implement login endpoint
+- [x] Create user model
+- [ ] Add session management
+```
+
+### Checkpoints
+
+Saved at `.goopspec/checkpoints/{id}.json`:
+
+```json
+{
+  "id": "chk-abc123",
+  "timestamp": "2024-01-15T10:30:00Z",
+  "phase": "2",
+  "spec_file": ".goopspec/phases/phase-2/SPEC.md",
+  "todos": [
+    { "id": "1", "content": "Implement login", "status": "in_progress" }
+  ],
+  "modified_files": ["src/auth/login.ts"],
+  "context_usage": 45
+}
+```
+
+## Progress Updates
+
+### After Each Task
+
+1. Update todo status
+2. Record modified files
+3. Update STATE.md completion percentage
+4. Save checkpoint if configured
+
+### After Each Plan
+
+1. Mark plan as complete in state
+2. Generate SUMMARY.md
+3. Update phase progress
+4. Commit state changes
+
+### After Each Phase
+
+1. Run verification against must-haves
+2. Generate phase summary
+3. Update milestone progress
+4. Confirm with user before next phase
+
+## Using goop_checkpoint Tool
+
+```typescript
+// Save checkpoint
+goop_checkpoint({
+  action: "save",
+  name: "Before auth implementation"
+})
+
+// Load checkpoint
+goop_checkpoint({
+  action: "load",
+  checkpoint_id: "chk-abc123"
+})
+
+// List checkpoints
+goop_checkpoint({
+  action: "list"
+})
+```
+
+## Progress Visualization
+
+### Console Output
+
+```
+⬢ GoopSpec · Phase 2 Progress
+──────────────────────────────────────────────────────
+
+Plan: feature-auth (2/4 tasks)
+████████████░░░░░░░░░░░░░░░░░ 50%
+
+☑ Task 1: Create user model
+◉ Task 2: Implement login
+○ Task 3: Add session management
+○ Task 4: Write auth tests
+
+Time elapsed: 15m
+Estimated remaining: 20m
+
+──────────────────────────────────────────────────────
+```
+
+## Metrics
+
+Track these metrics:
+- Tasks completed per hour
+- Average task duration
+- Deviation frequency
+- Checkpoint frequency
+- Context usage over time
+
+## Best Practices
+
+1. **Atomic updates:** Update state after each task, not batch
+2. **Checkpoint often:** Before risky operations
+3. **Clear status:** Use unambiguous status values
+4. **Verify completions:** Don't mark done until verified
+5. **Time tracking:** Log start/end for estimates

package/skills/readme-generation/skill.md

@@ -0,0 +1,87 @@
+---
+name: readme-generation
+description: Create comprehensive, user-friendly README files that help users quickly understand and use a project.
+category: docs
+triggers:
+  - readme
+  - documentation
+  - onboarding
+  - usage
+version: 0.1.0
+---
+
+# README Generation Skill
+
+## Purpose
+Create comprehensive, user-friendly README files that help users quickly understand and use a project.
+
+## README Structure
+
+### 1. Header
+- Project name and logo (if applicable)
+- One-line description
+- Badges (build status, version, license)
+
+### 2. Quick Start
+- Installation command
+- Basic usage example
+- Link to documentation
+
+### 3. Features
+- Key capabilities (bulleted list)
+- What makes this project useful
+
+### 4. Installation
+- Prerequisites
+- Step-by-step installation
+- Configuration options
+
+### 5. Usage
+- Common use cases with code examples
+- API overview (if applicable)
+- Configuration reference
+
+### 6. Contributing
+- How to contribute
+- Development setup
+- Code style guidelines
+
+### 7. License
+- License type
+- Copyright notice
+
+## Best Practices
+
+1. **Be Concise** - Get to the point quickly
+2. **Show, Don't Tell** - Use code examples
+3. **Update Regularly** - Keep docs current
+4. **Test Examples** - Ensure code snippets work
+5. **Consider Audience** - Write for your users' skill level
+
+## Template
+
+```markdown
+# Project Name
+
+Brief description of what this project does.
+
+## Quick Start
+
+\`\`\`bash
+npm install project-name
+\`\`\`
+
+\`\`\`javascript
+import { thing } from 'project-name';
+thing.doSomething();
+\`\`\`
+
+## Features
+
+- Feature one
+- Feature two
+
+## License
+
+MIT
+```

package/skills/research/skill.md

@@ -0,0 +1,161 @@
+---
+name: research
+description: Research technologies, patterns, and best practices
+category: core
+triggers:
+  - research
+  - investigate
+  - explore
+  - learn
+version: 0.1.0
+requires:
+  - goop-core
+---
+
+# Research Skill
+
+## Research Methodology
+
+### 1. Define Scope
+What specific question needs answering?
+
+### 2. Identify Sources
+- Official documentation (Context7)
+- Community resources (Exa search)
+- Example repositories
+- Expert articles
+
+### 3. Gather Information
+- Use multiple sources
+- Note contradictions
+- Track source reliability
+
+### 4. Synthesize Findings
+- Identify patterns
+- Extract actionable recommendations
+- Flag uncertainties
+
+### 5. Document Results
+Create RESEARCH.md with findings.
+
+## Research Tools
+
+### Context7 (Official Docs)
+```typescript
+// Resolve library ID first
+context7_resolve_library_id({
+  query: "how to implement auth in Next.js",
+  libraryName: "next.js"
+})
+
+// Query documentation
+context7_query_docs({
+  libraryId: "/vercel/next.js",
+  query: "authentication middleware"
+})
+```
+
+### Exa Search (Web)
+```typescript
+web_search_exa({
+  query: "Next.js authentication best practices 2024",
+  numResults: 5
+})
+```
+
+### Web Fetch (Deep Dive)
+```typescript
+webfetch({
+  url: "https://example.com/article",
+  format: "markdown"
+})
+```
+
+## Research Areas
+
+### Stack Discovery
+- Core libraries and frameworks
+- Build tools and bundlers
+- Testing frameworks
+- Development tools
+
+### Architecture Patterns
+- Common patterns for domain
+- Best practices
+- Project structure conventions
+
+### Pitfalls
+- Common mistakes
+- Performance issues
+- Security vulnerabilities
+- Maintenance traps
+
+### Expert Resources
+- Official documentation
+- Community guides
+- Reference implementations
+
+## RESEARCH.md Template
+
+```markdown
+# Research: {Topic}
+
+**Domain:** {Technology area}
+**Date:** {YYYY-MM-DD}
+**Sources:** {Count} analyzed
+
+## Executive Summary
+{2-3 sentences on key findings}
+
+## Standard Stack
+
+| Category | Recommended | Alternatives | Notes |
+|----------|-------------|--------------|-------|
+| Framework | Next.js | Remix, SvelteKit | SSR support |
+| Auth | NextAuth | Clerk, Auth0 | Built-in |
+
+## Architecture Patterns
+
+### Recommended: {Pattern Name}
+{Description and when to use}
+
+## Common Pitfalls
+
+1. **{Issue}** - {Description}
+   - Prevention: {How to avoid}
+
+## Expert Resources
+
+- [Official Docs]({url}) - {description}
+- [Guide]({url}) - {description}
+
+## Recommendations
+
+### Must Use
+- {Technology} - {Rationale}
+
+### Avoid
+- {Technology} - {Why}
+
+## Uncertainties
+- {Question needing clarification}
+```
+
+## Parallel Research
+
+Spawn multiple researchers for different aspects:
+
+```
+Researcher 1: Stack Discovery
+Researcher 2: Architecture Patterns
+Researcher 3: Pitfalls & Gotchas
+Researcher 4: Expert Resources
+```
+
+## Best Practices
+
+1. **Cite sources** - Every claim has a source
+2. **Note dates** - Technology changes fast
+3. **Flag uncertainty** - Be honest about gaps
+4. **Actionable findings** - Recommendations, not just facts
+5. **Time-box** - 30-60 minutes typical, 2 hours max

package/skills/responsive-design/skill.md

@@ -0,0 +1,76 @@
+---
+name: responsive-design
+description: Create web interfaces that work well across all device sizes and orientations.
+category: design
+triggers:
+  - responsive
+  - mobile
+  - breakpoints
+  - layout
+version: 0.1.0
+---
+
+# Responsive Design Skill
+
+## Purpose
+Create web interfaces that work well across all device sizes and orientations.
+
+## Core Principles
+
+### 1. Mobile-First
+Design for mobile first, then enhance for larger screens.
+
+```css
+/* Mobile styles (default) */
+.container { padding: 1rem; }
+
+/* Tablet and up */
+@media (min-width: 768px) {
+  .container { padding: 2rem; }
+}
+
+/* Desktop and up */
+@media (min-width: 1024px) {
+  .container { padding: 3rem; max-width: 1200px; }
+}
+```
+
+### 2. Fluid Layouts
+Use relative units and flexible containers.
+
+```css
+.container {
+  width: 100%;
+  max-width: 1200px;
+  margin: 0 auto;
+  padding: 0 clamp(1rem, 5vw, 3rem);
+}
+```
+
+### 3. Responsive Images
+
+```html
+<picture>
+  <source media="(min-width: 1024px)" srcset="large.jpg">
+  <source media="(min-width: 768px)" srcset="medium.jpg">
+  <img src="small.jpg" alt="Description">
+</picture>
+```
+
+## Breakpoints
+
+| Name | Min Width | Target |
+|------|-----------|--------|
+| sm | 640px | Large phones |
+| md | 768px | Tablets |
+| lg | 1024px | Laptops |
+| xl | 1280px | Desktops |
+| 2xl | 1536px | Large screens |
+
+## Testing Checklist
+
+- [ ] Test on actual devices, not just browser resize
+- [ ] Check touch targets (min 44x44px)
+- [ ] Verify text readability at all sizes
+- [ ] Test landscape and portrait orientations
+- [ ] Check for horizontal scroll issues

package/skills/scientific-method/skill.md

@@ -0,0 +1,67 @@
+---
+name: scientific-method
+description: Apply scientific reasoning to software development for systematic problem-solving.
+category: core
+triggers:
+  - hypothesis
+  - experiment
+  - evidence
+  - method
+version: 0.1.0
+---
+
+# Scientific Method Skill
+
+## Purpose
+Apply scientific reasoning to software development for systematic problem-solving.
+
+## The Method
+
+### 1. Observation
+Gather facts about the current state.
+- What is actually happening?
+- What are the symptoms?
+- What data do we have?
+
+### 2. Question
+Formulate a clear question to answer.
+- What specifically are we trying to understand?
+- What would a solution look like?
+
+### 3. Hypothesis
+Propose an explanation or solution.
+- "If we do X, then Y should happen because Z"
+- Make it testable and falsifiable
+
+### 4. Prediction
+What specific outcomes would confirm/refute the hypothesis?
+- Define success criteria
+- Identify measurable indicators
+
+### 5. Experiment
+Test the hypothesis with minimal changes.
+- Change one variable at a time
+- Document what you're testing
+- Keep controls in place
+
+### 6. Analysis
+Interpret the results.
+- Did the prediction hold?
+- What did we learn?
+- Are there alternative explanations?
+
+### 7. Conclusion
+Draw conclusions and iterate.
+- Confirm or reject hypothesis
+- Form new hypotheses if needed
+- Document learnings
+
+## Application to Debugging
+
+1. **Observe** - Note error messages, behavior
+2. **Question** - "Why is X happening?"
+3. **Hypothesize** - "The bug is in module Y because..."
+4. **Predict** - "If I'm right, adding this log will show..."
+5. **Experiment** - Add the log, run the test
+6. **Analyze** - Check the output
+7. **Conclude** - Fix or form new hypothesis

package/skills/security-audit/skill.md

@@ -0,0 +1,152 @@
+---
+name: security-audit
+description: Audit code for security vulnerabilities
+category: review
+triggers:
+  - security
+  - vulnerability
+  - audit
+  - pentest
+version: 0.1.0
+requires:
+  - goop-core
+---
+
+# Security Audit Skill
+
+## Audit Scope
+
+### Code Review
+- Authentication/authorization logic
+- Input validation
+- Data handling
+- Cryptographic usage
+- Error handling
+
+### Configuration
+- Security headers
+- CORS settings
+- Environment variables
+- Dependencies
+
+### Infrastructure
+- API security
+- Database security
+- Network security
+
+## OWASP Top 10 Checklist
+
+### 1. Broken Access Control
+- [ ] Authorization on every endpoint
+- [ ] No privilege escalation paths
+- [ ] CORS properly configured
+
+### 2. Cryptographic Failures
+- [ ] TLS for data in transit
+- [ ] Encryption for sensitive data at rest
+- [ ] Strong hashing for passwords
+
+### 3. Injection
+- [ ] Parameterized queries
+- [ ] Input validation
+- [ ] Output encoding
+
+### 4. Insecure Design
+- [ ] Threat model exists
+- [ ] Security requirements defined
+- [ ] Secure defaults
+
+### 5. Security Misconfiguration
+- [ ] Debug disabled in production
+- [ ] Default credentials changed
+- [ ] Security headers set
+
+### 6. Vulnerable Components
+- [ ] Dependencies up to date
+- [ ] No known vulnerabilities
+- [ ] License compliance
+
+### 7. Auth Failures
+- [ ] Strong password policy
+- [ ] Account lockout
+- [ ] Session management
+
+### 8. Data Integrity
+- [ ] Input validation
+- [ ] Signed updates
+- [ ] Integrity checks
+
+### 9. Logging Failures
+- [ ] Security events logged
+- [ ] No sensitive data in logs
+- [ ] Log integrity protected
+
+### 10. SSRF
+- [ ] URL validation
+- [ ] Restricted outbound requests
+- [ ] Network segmentation
+
+## Security Tools
+
+```bash
+# Dependency audit
+npm audit
+pip-audit
+cargo audit
+
+# Static analysis
+semgrep --config auto .
+eslint --plugin security .
+
+# Secret scanning
+gitleaks detect
+trufflehog filesystem .
+
+# Vulnerability scanning
+snyk test
+```
+
+## Audit Report Template
+
+```markdown
+# Security Audit Report
+
+**Date:** {YYYY-MM-DD}
+**Scope:** {What was audited}
+**Risk Level:** Critical/High/Medium/Low
+
+## Executive Summary
+{Brief overview of findings}
+
+## Critical Findings
+{Issues requiring immediate attention}
+
+## High Priority
+{Important issues to address soon}
+
+## Medium Priority
+{Issues to plan for}
+
+## Low Priority
+{Best practice improvements}
+
+## Recommendations
+{Prioritized action items}
+```
+
+## Risk Ratings
+
+| Severity | CVSS | Response |
+|----------|------|----------|
+| Critical | 9.0-10.0 | Immediate |
+| High | 7.0-8.9 | 24 hours |
+| Medium | 4.0-6.9 | 1 week |
+| Low | 0.1-3.9 | Next release |
+
+## Best Practices
+
+1. **Defense in depth** - Multiple layers
+2. **Least privilege** - Minimal access
+3. **Fail secure** - Safe defaults
+4. **Keep it simple** - Less attack surface
+5. **Audit regularly** - Continuous security