siesa-agents 2.1.23 → 2.1.24-dev.0

package/bmad-core/data/backend-standards.md

@@ -1,32 +1,43 @@
 # Backend Development Standards
 
-> **Note**: For architecture patterns and principles (Hexagonal Architecture, DDD, folder structure), see [architecture-patterns.md](./architecture-patterns.md)
+## Architecture Principles
+
+### Hexagonal Architecture Implementation
+- **Application Core**: Domain entities, value objects, aggregates, and domain services
+- **Primary Ports**: Use cases, commands, queries, and application services  
+- **Primary Adapters**: REST controllers, GraphQL resolvers, message handlers
+- **Secondary Ports**: Repository interfaces, external service interfaces
+- **Secondary Adapters**: Prisma repositories, HTTP clients, message publishers
+
+### Dependency Rules
+- Application core must not depend on external frameworks
+- All dependencies point inward toward the domain
+- Use dependency inversion for all external concerns
+- Interfaces defined in application layer, implementations in infrastructure
 
 ## Technology Stack Standards
 
 ### Core Technologies
 - **NestJS**: 10+ with TypeScript and decorators
 - **TypeScript**: Strict mode enabled, no `any` types
-- **Prisma**: ORM for database operations (no raw queries allowed)
-- **Jest + Supertest**: Unit, integration, and E2E testing
-- **Class-validator + Class-transformer**: DTO validation
+- **Prisma**: ORM for database operations (no raw queries)
+- **Jest**: Unit and integration testing
+- **Class-validator**: Request validation and transformation
 
-### Framework Standards
-- **Default Framework**: NestJS 10+ with TypeScript
-- **Database**: Prisma ORM only - no raw SQL queries
-- **Testing**: TDD approach with comprehensive test coverage
-- **Documentation**: Swagger/OpenAPI auto-generated from decorators
-- **Messaging**: NestJS Microservices (Redis, RabbitMQ, or gRPC)
+### Framework Selection Rules
+- **Default**: Always use NestJS 10+ with TypeScript
+- **Database**: Prisma ORM only - no raw SQL queries allowed
+- **Testing**: TDD approach with Jest and Supertest
+- **Documentation**: Swagger/OpenAPI for all endpoints
 
 ### Development Tools
-- **Nx**: MonoRepo management and build orchestration
+- **Nx**: MonoRepo management and build system
 - **ESLint + Prettier**: Code quality and formatting
-- **Husky**: Pre-commit hooks for quality gates
-- **Winston**: Structured logging with log levels
-- **Redis**: Caching, session storage, and message transport
-- **Passport + JWT**: Authentication and authorization
+- **Husky**: Git hooks for pre-commit validation
+- **Winston**: Structured logging
+- **Redis**: Caching and message transport
 
-## Domain-Driven Design Implementation
+## Domain-Driven Design Standards
 
 ### Entity Structure
 ```typescript
@@ -35,6 +46,7 @@ export class UserEntity extends AggregateRoot {
     public readonly id: UserId,
     private _email: EmailValueObject,
     private _name: NameValueObject,
+    private _createdAt: Date,
   ) {
     super();
   }
@@ -44,6 +56,7 @@ export class UserEntity extends AggregateRoot {
       UserId.generate(),
       EmailValueObject.create(props.email),
       NameValueObject.create(props.name),
+      new Date(),
     );
     user.addDomainEvent(new UserCreatedEvent(user.id));
     return user;
@@ -78,6 +91,11 @@ export class EmailValueObject {
     }
   }
 
+  private isValidEmail(email: string): boolean {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    return emailRegex.test(email);
+  }
+
   equals(other: EmailValueObject): boolean {
     return this.value === other.value;
   }
@@ -88,45 +106,15 @@ export class EmailValueObject {
 }
 ```
 
-### Repository Pattern
+### Repository Interface Pattern
 ```typescript
-// Interface (in application/ports/repositories)
 export interface UserRepositoryInterface {
   save(user: UserEntity): Promise<UserEntity>;
   findById(id: UserId): Promise<UserEntity | null>;
   findByEmail(email: EmailValueObject): Promise<UserEntity | null>;
+  findAll(criteria: FindUsersCriteria): Promise<UserEntity[]>;
   delete(id: UserId): Promise<void>;
 }
-
-// Implementation (in infrastructure/repositories)
-@Injectable()
-export class PrismaUserRepository implements UserRepositoryInterface {
-  constructor(private readonly prisma: PrismaService) {}
-
-  async save(user: UserEntity): Promise<UserEntity> {
-    const data = {
-      id: user.id.toString(),
-      email: user.email.toString(),
-      name: user.name.toString(),
-    };
-
-    const savedUser = await this.prisma.user.upsert({
-      where: { id: data.id },
-      update: data,
-      create: data,
-    });
-
-    return this.toDomain(savedUser);
-  }
-
-  private toDomain(prismaUser: User): UserEntity {
-    return UserEntity.reconstitute({
-      id: UserId.create(prismaUser.id),
-      email: EmailValueObject.create(prismaUser.email),
-      name: NameValueObject.create(prismaUser.name),
-    });
-  }
-}
 ```
 
 ## Use Case Standards
@@ -145,19 +133,20 @@ export class CreateUserUseCase {
   async execute(command: CreateUserCommand): Promise<UserResponseDto> {
     // 1. Validate business rules
     await this.validateUserDoesNotExist(command.email);
-
+    
     // 2. Create domain entity
     const user = UserEntity.create({
       email: command.email,
       name: command.name,
     });
-
+    
     // 3. Persist entity
     const savedUser = await this.userRepository.save(user);
-
+    
     // 4. Publish domain events
     await this.eventBus.publishAll(savedUser.getUncommittedEvents());
-
+    savedUser.markEventsAsCommitted();
+    
     // 5. Return response DTO
     return UserResponseDto.fromEntity(savedUser);
   }
@@ -183,16 +172,20 @@ export class CreateUserCommand {
   @IsNotEmpty()
   @Length(2, 50)
   readonly name: string;
+
+  @IsOptional()
+  @IsString()
+  readonly organizationId?: string;
 }
 ```
 
 ## Testing Standards
 
 ### Testing Strategy
-- **Unit Tests**: Domain entities, value objects, use cases (isolated logic)
-- **Integration Tests**: Repository implementations, database operations
-- **E2E Tests**: Complete API workflows with Supertest
-- **TDD Approach**: Write tests before implementation
+- **Unit Tests**: Domain entities, value objects, use cases
+- **Integration Tests**: Repository implementations, external services
+- **E2E Tests**: Complete API workflows
+- **Contract Tests**: External service integrations
 
 ### Test Structure
 ```typescript
@@ -205,8 +198,19 @@ describe('CreateUserUseCase', () => {
     const module = await Test.createTestingModule({
       providers: [
         CreateUserUseCase,
-        { provide: USER_REPOSITORY, useValue: { save: jest.fn(), findByEmail: jest.fn() } },
-        { provide: EVENT_BUS, useValue: { publishAll: jest.fn() } },
+        {
+          provide: USER_REPOSITORY,
+          useValue: {
+            save: jest.fn(),
+            findByEmail: jest.fn(),
+          },
+        },
+        {
+          provide: EVENT_BUS,
+          useValue: {
+            publishAll: jest.fn(),
+          },
+        },
       ],
     }).compile();
 
@@ -215,33 +219,46 @@ describe('CreateUserUseCase', () => {
     eventBus = module.get(EVENT_BUS);
   });
 
-  it('should create user successfully', async () => {
-    // Arrange
-    const command = new CreateUserCommand();
-    command.email = 'test@example.com';
-    command.name = 'Test User';
+  describe('execute', () => {
+    it('should create user successfully', async () => {
+      // Arrange
+      const command = new CreateUserCommand();
+      command.email = 'test@example.com';
+      command.name = 'Test User';
 
-    userRepository.findByEmail.mockResolvedValue(null);
-    userRepository.save.mockResolvedValue(UserEntity.create(command));
+      const expectedUser = UserEntity.create({
+        email: command.email,
+        name: command.name,
+      });
 
-    // Act
-    const result = await useCase.execute(command);
+      userRepository.findByEmail.mockResolvedValue(null);
+      userRepository.save.mockResolvedValue(expectedUser);
 
-    // Assert
-    expect(result.email).toBe(command.email);
-    expect(userRepository.save).toHaveBeenCalledWith(expect.any(UserEntity));
-    expect(eventBus.publishAll).toHaveBeenCalled();
-  });
+      // Act
+      const result = await useCase.execute(command);
 
-  it('should throw error when user already exists', async () => {
-    // Arrange
-    const command = new CreateUserCommand();
-    command.email = 'existing@example.com';
+      // Assert
+      expect(result.email).toBe(command.email);
+      expect(userRepository.save).toHaveBeenCalledWith(expect.any(UserEntity));
+      expect(eventBus.publishAll).toHaveBeenCalled();
+    });
 
-    userRepository.findByEmail.mockResolvedValue(UserEntity.create(command));
+    it('should throw error when user already exists', async () => {
+      // Arrange
+      const command = new CreateUserCommand();
+      command.email = 'existing@example.com';
+      command.name = 'Test User';
 
-    // Act & Assert
-    await expect(useCase.execute(command)).rejects.toThrow(UserAlreadyExistsException);
+      const existingUser = UserEntity.create({
+        email: command.email,
+        name: 'Existing User',
+      });
+
+      userRepository.findByEmail.mockResolvedValue(existingUser);
+
+      // Act & Assert
+      await expect(useCase.execute(command)).rejects.toThrow(UserAlreadyExistsException);
+    });
   });
 });
 ```
@@ -260,20 +277,23 @@ export class UserController {
 
   @Post()
   @ApiOperation({ summary: 'Create a new user' })
-  @ApiResponse({ status: 201, type: UserResponseDto })
+  @ApiResponse({ status: 201, description: 'User created successfully', type: UserResponseDto })
   @ApiResponse({ status: 400, description: 'Bad request' })
-  async createUser(@Body() dto: CreateUserDto): Promise<UserResponseDto> {
+  @ApiResponse({ status: 409, description: 'User already exists' })
+  async createUser(@Body() createUserDto: CreateUserDto): Promise<UserResponseDto> {
     const command = new CreateUserCommand();
-    Object.assign(command, dto);
+    Object.assign(command, createUserDto);
     return this.createUserUseCase.execute(command);
   }
 
   @Get(':id')
   @ApiOperation({ summary: 'Get user by ID' })
-  @ApiResponse({ status: 200, type: UserResponseDto })
+  @ApiParam({ name: 'id', description: 'User ID' })
+  @ApiResponse({ status: 200, description: 'User found', type: UserResponseDto })
   @ApiResponse({ status: 404, description: 'User not found' })
   async getUser(@Param('id', ParseUUIDPipe) id: string): Promise<UserResponseDto> {
-    return this.getUserUseCase.execute(new GetUserQuery(id));
+    const query = new GetUserQuery(id);
+    return this.getUserUseCase.execute(query);
   }
 }
 ```
@@ -288,7 +308,9 @@ model User {
   name      String
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
-  orders    Order[]
+
+  // Relationships
+  orders Order[]
 
   @@map("users")
 }
@@ -298,6 +320,8 @@ model Order {
   total    Decimal     @db.Decimal(10, 2)
   status   OrderStatus
   userId   String
+  
+  // Relationships
   user     User        @relation(fields: [userId], references: [id])
   items    OrderItem[]
 
@@ -313,60 +337,104 @@ enum OrderStatus {
 }
 ```
 
-### Prisma Best Practices
-- Use enums for fixed value sets
-- Always add indexes on foreign keys
-- Use `@@map` for table naming (plural snake_case)
-- Include `createdAt` and `updatedAt` timestamps
-- Use `cuid()` for primary keys
-- No raw SQL queries - use Prisma Client only
+### Repository Implementation
+```typescript
+@Injectable()
+export class PrismaUserRepository implements UserRepositoryInterface {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async save(user: UserEntity): Promise<UserEntity> {
+    const data = {
+      id: user.id.toString(),
+      email: user.email.toString(),
+      name: user.name.toString(),
+    };
+
+    const savedUser = await this.prisma.user.upsert({
+      where: { id: data.id },
+      update: data,
+      create: data,
+    });
+
+    return this.toDomain(savedUser);
+  }
+
+  async findById(id: UserId): Promise<UserEntity | null> {
+    const user = await this.prisma.user.findUnique({
+      where: { id: id.toString() },
+    });
+
+    return user ? this.toDomain(user) : null;
+  }
+
+  private toDomain(prismaUser: User): UserEntity {
+    return UserEntity.reconstitute({
+      id: UserId.create(prismaUser.id),
+      email: EmailValueObject.create(prismaUser.email),
+      name: NameValueObject.create(prismaUser.name),
+      createdAt: prismaUser.createdAt,
+    });
+  }
+}
+```
 
 ## Security Standards
 
 ### Authentication & Authorization
-- **JWT Tokens**: Proper expiration and refresh token handling
-- **RBAC**: Role-based access control with Guards
-- **Validation**: Input validation on all endpoints (class-validator)
-- **Rate Limiting**: Throttle public endpoints to prevent abuse
-- **Environment**: HTTPS only in production, secrets in env variables
+- JWT tokens with proper expiration
+- Role-based access control (RBAC)
+- Input validation on all endpoints
+- Rate limiting for public endpoints
+- HTTPS only in production
 
 ### Data Protection
-- Encrypt sensitive data at rest and in transit
-- Never commit secrets to repository
-- Implement audit logging for critical operations
-- OWASP Top 10 compliance
-- Regular dependency security audits
+- Encrypt sensitive data at rest
+- Use environment variables for secrets
+- Implement audit logging
+- Regular security updates
+- OWASP compliance
 
 ## Performance Standards
 
 ### Database Optimization
-- Proper indexing on frequently queried fields
-- Connection pooling via Prisma
-- Pagination for large datasets (cursor-based preferred)
-- Avoid N+1 queries with Prisma `include`
-- Query monitoring and slow query logging
+- Proper indexing strategies
+- Connection pooling
+- Query optimization
+- Pagination for large datasets
+- Database monitoring
 
 ### Caching Strategy
-- **Redis**: Session data, rate limiting, and frequently accessed data
-- **Application Cache**: In-memory caching for configuration
-- **TTL Strategy**: Appropriate time-to-live for different data types
-- **Invalidation**: Event-driven cache invalidation
+- Redis for session data
+- Application-level caching
+- HTTP caching headers
+- CDN for static assets
+- Cache invalidation patterns
 
-## Error Handling
+## MonoRepo Organization
 
-### Exception Hierarchy
-- Domain exceptions for business rule violations
-- Application exceptions for use case errors
-- Infrastructure exceptions for external service failures
-- HTTP exception filters for API responses
+### Shared Libraries Structure
+```
+libs/
+├── common/
+│   ├── decorators/
+│   ├── filters/
+│   ├── guards/
+│   ├── interceptors/
+│   ├── pipes/
+│   └── utils/
+├── domain-core/
+│   ├── base/
+│   ├── interfaces/
+│   └── exceptions/
+└── database/
+    ├── base-repository.ts
+    ├── transaction.decorator.ts
+    └── prisma.service.ts
+```
 
-### Error Response Format
-```typescript
-{
-  "statusCode": 400,
-  "message": "User with email already exists",
-  "error": "UserAlreadyExistsException",
-  "timestamp": "2024-01-15T10:30:00Z",
-  "path": "/api/users"
-}
-```
+### Service Independence
+- Each microservice has its own database
+- Shared code through libraries only
+- Independent deployment pipelines
+- Service-to-service communication via events
+- No direct database access between services

package/bmad-core/data/frontend-standards.md

@@ -335,4 +335,40 @@ import { Button } from '@/components/ui/button';
 - Cache-first for static assets
 - Network-first for dynamic data
 - Fallback pages for offline scenarios
-- Sync when connection restored
+- Sync when connection restored
+
+## Language Standards (Frontend & Backend)
+
+### Spanish for All User-Facing Content (CRITICAL RULE)
+
+**MANDATORY: All text visible to end users MUST be in Spanish.**
+
+#### ✅ Spanish Required:
+- UI labels, buttons, forms, messages, notifications
+- API responses, validation errors, email templates
+- Any text the user sees (frontend or backend)
+
+#### ✅ English Required:
+- Code (variables, functions, classes)
+- Technical logs, comments, git commits
+- Developer documentation
+
+#### ❌ Never mix languages in user-facing text
+
+**Examples:**
+```typescript
+// ✅ CORRECT
+<Button>Guardar</Button>
+toast.success("Datos guardados correctamente");
+throw new BadRequestException('No se pudo crear el usuario');
+
+// ❌ INCORRECT
+<Button>Save cambios</Button>
+toast.error("Failed al guardar");
+throw new BadRequestException('Invalid datos proporcionados');
+```
+
+**Implementation:**
+- Create message constants in Spanish
+- Validate all user-facing text before story completion
+- Technical logs stay in English, user messages in Spanish

package/claude/hooks/file-restriction-hook.py

@@ -0,0 +1,51 @@
+import sys
+import json
+import os
+
+try:
+    # Leer JSON desde stdin
+    data = json.load(sys.stdin)
+
+    # Obtener información del archivo y sesión
+    file_path = data.get('tool_input', {}).get('file_path', '')
+    extension = os.path.splitext(file_path)[1].lower() if file_path else ''
+    session_id = data.get('session_id', '')
+    cwd = data.get('cwd', '')
+
+    # Construir ruta relativa al log desde el cwd
+    log_file = os.path.join(cwd, '.claude', 'logs', 'active_agents.json')
+
+    # Agentes que solo pueden escribir markdown
+    MARKDOWN_ONLY_AGENTS = ['PO', 'SM', 'PM', 'ANALYST', 'ARCHITECT', 'UX-EXPERT']
+
+    # Verificar si la sesión actual tiene un agente activo
+    if session_id and os.path.exists(log_file):
+        try:
+            with open(log_file, 'r', encoding='utf-8') as f:
+                active_agents = json.load(f)
+            
+            # Si la sesión actual tiene un agente activo
+            if session_id in active_agents:
+                agent_type = active_agents[session_id]['agent']
+                
+                # Si el agente está en la lista de solo markdown
+                if agent_type in MARKDOWN_ONLY_AGENTS:
+                    # Solo permitir archivos markdown
+                    if extension != '.md':
+                        result = {
+                            "hookSpecificOutput": {
+                                "hookEventName": "PreToolUse",
+                                "permissionDecision": "deny",
+                                "permissionDecisionReason": f"⛔ El agente de tipo {agent_type} solo puede redactar archivos markdown"
+                            }
+                        }
+                        print(json.dumps(result))
+                        sys.exit(0)
+        except:
+            # Si hay error leyendo el log, permitir la operación
+            pass
+
+    # Si no está bloqueado, permitir la operación (no imprimir nada)
+except Exception as e:
+    # En caso de error, permitir la operación
+    pass

package/claude/hooks/track-agent.py

@@ -0,0 +1,67 @@
+import sys
+import json
+import os
+from datetime import datetime
+
+try:
+    # Leer JSON desde stdin
+    data = json.load(sys.stdin)
+    
+    session_id = data.get('session_id', '')
+    prompt = data.get('prompt', '').lower()
+    cwd = data.get('cwd', '')
+    
+    # Construir ruta relativa al log desde el cwd
+    log_file = os.path.join(cwd, '.claude', 'logs', 'active_agents.json')
+    
+    # Crear directorio si no existe
+    log_dir = os.path.dirname(log_file)
+    os.makedirs(log_dir, exist_ok=True)
+    
+    # Lista completa de agentes disponibles
+    agent_identifiers = {
+        'agents:po': 'PO',
+        'agents:sm': 'SM',
+        'agents:pm': 'PM',
+        'agents:analyst': 'ANALYST',
+        'agents:architect': 'ARCHITECT',
+        'agents:dev': 'DEV',
+        'agents:backend': 'BACKEND',
+        'agents:frontend': 'FRONTEND',
+        'agents:qa': 'QA',
+        'agents:ux-expert': 'UX-EXPERT',
+        'agents:bmad-master': 'BMAD-MASTER',
+        'agents:bmad-orchestrator': 'BMAD-ORCHESTRATOR'
+    }
+    
+    # Detectar si se está invocando un agente
+    agent_type = None
+    for identifier, agent_name in agent_identifiers.items():
+        if identifier in prompt or f'/bmad:{identifier}' in prompt:
+            agent_type = agent_name
+            break
+    
+    if agent_type and session_id:
+        # Leer log existente
+        active_agents = {}
+        if os.path.exists(log_file):
+            try:
+                with open(log_file, 'r', encoding='utf-8') as f:
+                    active_agents = json.load(f)
+            except:
+                active_agents = {}
+        
+        # Actualizar o agregar la sesión con el agente actual
+        active_agents[session_id] = {
+            'agent': agent_type,
+            'timestamp': datetime.now().isoformat(),
+            'last_prompt': prompt[:100]  # Guardar inicio del prompt para debug
+        }
+        
+        # Guardar log actualizado
+        with open(log_file, 'w', encoding='utf-8') as f:
+            json.dump(active_agents, f, indent=2, ensure_ascii=False)
+
+except Exception as e:
+    # En caso de error, no bloquear la operación
+    pass

package/claude/settings.local.json

@@ -16,5 +16,41 @@
     ],
     "deny": [],
     "ask": []
-  }
+  },
+  "hooks": {
+    "UserPromptSubmit": [
+      {
+        "matcher": ".*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python .claude/hooks/track-agent.py"
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python .claude/hooks/file-restriction-hook.py"
+          }
+        ]
+      }
+    ],
+    "SessionEnd": [
+      {
+        "matcher": ".*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python .claude/hooks/cleanup-agent.py"
+          }
+        ]
+      }
+    ]
+  },
+  "disableAllHooks": false
 }

package/kiro/README.md

@@ -0,0 +1,13 @@
+# Kiro Configuration
+
+Esta carpeta contiene las configuraciones y specs para Kiro IDE.
+
+## Estructura
+
+- **specs/** - Especificaciones de features (requirements, design, tasks)
+- **steering/** - Reglas y contexto adicional para el agente
+- **settings/** - Configuraciones de Kiro (MCP, etc.)
+
+## Uso
+
+Las specs siguen el workflow: Requirements → Design → Tasks → Implementation