sinapse-ai 9.4.0 → 9.5.0

package/.sinapse-ai/infrastructure/templates/coderabbit.yaml.template

@@ -1,280 +1,280 @@
-# =============================================================================
-# CodeRabbit Configuration Template
-# =============================================================================
-# Template for user projects created with SINAPSE-FULLSTACK
-# Generated by: *setup-github task (Story 5.10)
-#
-# Variables (replaced during installation):
-#   {{REVIEW_PROFILE}} - Review profile (chill | assertive)
-#   {{PROJECT_NAME}} - Project name
-#   {{PATH_INSTRUCTIONS}} - Dynamically generated path instructions
-#
-# Documentation: https://docs.coderabbit.ai/configuration
-# =============================================================================
-
-version: 2
-language: "en-US"
-early_access: false
-
-# -----------------------------------------------------------------------------
-# REVIEW CONFIGURATION
-# -----------------------------------------------------------------------------
-reviews:
-  # Profile options: chill | assertive
-  # - chill: Minimal feedback, only critical issues (RECOMMENDED for new projects)
-  # - assertive: Comprehensive feedback, strict standards (for production)
-  profile: "{{REVIEW_PROFILE}}"
-
-  # Workflow settings
-  request_changes_workflow: false
-  high_level_summary: true
-  high_level_summary_placeholder: "@coderabbitai summary"
-  poem: false
-  review_status: true
-  collapse_walkthrough: false
-  abort_on_close: true
-
-  # Auto-review settings
-  auto_review:
-    enabled: true
-    drafts: false
-    base_branches:
-      - "main"
-      - "develop"
-      - "release/*"
-
-  # Finishing touches (disabled by default - enable as needed)
-  finishing_touches:
-    docstrings:
-      enabled: false
-    unit_tests:
-      enabled: false
-
-  # ---------------------------------------------------------------------------
-  # PATH FILTERS - Exclude from review
-  # ---------------------------------------------------------------------------
-  path_filters:
-    # Generated/build files
-    - "!**/node_modules/**"
-    - "!**/dist/**"
-    - "!**/build/**"
-    - "!**/.next/**"
-    - "!**/coverage/**"
-    - "!**/*.min.js"
-    - "!**/*.min.css"
-
-    # Lock files
-    - "!**/package-lock.json"
-    - "!**/yarn.lock"
-    - "!**/pnpm-lock.yaml"
-
-    # Generated type definitions
-    - "!**/*.d.ts"
-
-  # ---------------------------------------------------------------------------
-  # PATH INSTRUCTIONS - Context-specific review rules
-  # ---------------------------------------------------------------------------
-  path_instructions:
-    # -------------------------------------------------------------------------
-    # SOURCE CODE
-    # -------------------------------------------------------------------------
-    - path: "src/**/*.ts"
-      instructions: |
-        TypeScript source code.
-
-        CRITICAL (must fix immediately):
-        - Hardcoded credentials or API keys
-        - SQL injection vulnerabilities
-        - XSS vulnerabilities
-        - Exposed sensitive data in logs
-
-        HIGH (should fix before merge):
-        - Strict typing violations (minimize 'any')
-        - Missing error handling
-        - Unhandled promise rejections
-        - Memory leak patterns
-
-        MEDIUM (document as tech debt):
-        - Code duplication
-        - Complex functions (>50 lines)
-        - Missing input validation
-
-        LOW (optional):
-        - Style inconsistencies
-        - Naming suggestions
-
-    - path: "src/**/*.tsx"
-      instructions: |
-        React component files.
-
-        FOCUS ON:
-        - Component prop typing
-        - Hook dependency arrays
-        - Key prop usage in lists
-        - Memory leaks (useEffect cleanup)
-        - Accessibility (aria labels, semantic HTML)
-
-        SKIP:
-        - JSX formatting preferences
-        - Component organization styles
-
-    - path: "src/**/*.js"
-      instructions: |
-        JavaScript source code.
-
-        FOCUS ON:
-        - Security vulnerabilities
-        - Error handling
-        - Performance issues
-
-        SUGGEST:
-        - TypeScript migration for critical files
-
-    # -------------------------------------------------------------------------
-    # TESTS
-    # -------------------------------------------------------------------------
-    - path: "**/*.test.ts"
-      instructions: |
-        Test files.
-
-        VALIDATE:
-        - Tests cover edge cases
-        - Mocks are properly typed
-        - Test names are descriptive
-        - No implementation code in tests
-
-        DO NOT:
-        - Require JSDoc comments in tests
-        - Flag test-specific patterns (any in mocks, etc.)
-        - Suggest test framework changes
-
-    - path: "**/*.test.tsx"
-      instructions: |
-        React component test files.
-
-        VALIDATE:
-        - User interaction testing (not implementation details)
-        - Accessibility testing when applicable
-        - Proper async handling (waitFor, findBy)
-
-    - path: "**/*.spec.ts"
-      instructions: |
-        Integration/E2E test files.
-
-        VALIDATE:
-        - Test isolation
-        - Cleanup procedures
-        - Timeout handling
-
-    # -------------------------------------------------------------------------
-    # API & DATABASE
-    # -------------------------------------------------------------------------
-    - path: "src/api/**"
-      instructions: |
-        API endpoint files.
-
-        CRITICAL:
-        - Input validation missing
-        - SQL injection risks
-        - XSS vulnerabilities
-        - Authentication bypass risks
-
-        HIGH:
-        - Missing authentication checks
-        - Inconsistent error responses
-        - Missing rate limiting considerations
-
-        MEDIUM:
-        - Response format inconsistencies
-        - Missing pagination for lists
-
-    - path: "**/migrations/**"
-      instructions: |
-        Database migration files.
-
-        CRITICAL:
-        - Data loss potential (DROP without backup)
-        - Missing rollback strategy
-        - Breaking schema changes
-
-        HIGH:
-        - Missing indexes for foreign keys
-        - Large table alterations without batch
-
-        NEVER:
-        - Approve destructive migrations without explicit confirmation
-
-    # -------------------------------------------------------------------------
-    # CONFIGURATION
-    # -------------------------------------------------------------------------
-    - path: "*.config.*"
-      instructions: |
-        Configuration files.
-
-        CRITICAL:
-        - Hardcoded secrets
-        - Production credentials in config
-
-        HIGH:
-        - Environment-specific values hardcoded
-        - Missing environment variable fallbacks
-
-        SUGGEST:
-        - Use .env variables for sensitive data
-        - Document configuration options
-
-    - path: ".env*"
-      instructions: |
-        Environment files.
-
-        CRITICAL:
-        - Real secrets in .env.example
-        - Production values committed
-
-        WARN:
-        - Missing required variables documentation
-
-    # -------------------------------------------------------------------------
-    # DOCUMENTATION
-    # -------------------------------------------------------------------------
-    - path: "docs/**"
-      instructions: |
-        Documentation files.
-
-        VALIDATE:
-        - Clarity and completeness
-        - Code examples are correct
-        - Links are valid
-
-        DO NOT:
-        - Flag markdown style preferences
-        - Require specific heading structures
-
-    - path: "README.md"
-      instructions: |
-        Project README.
-
-        VALIDATE:
-        - Setup instructions are complete
-        - Examples are functional
-        - Links work
-
-{{PATH_INSTRUCTIONS}}
-
-# -----------------------------------------------------------------------------
-# CHAT CONFIGURATION
-# -----------------------------------------------------------------------------
-chat:
-  auto_reply: true
-
-# -----------------------------------------------------------------------------
-# KNOWLEDGE BASE
-# -----------------------------------------------------------------------------
-knowledge_base:
-  learnings:
-    scope: "auto"
-  issues:
-    scope: "auto"
-  pull_requests:
-    scope: "auto"
-
+# =============================================================================
+# CodeRabbit Configuration Template
+# =============================================================================
+# Template for user projects created with SINAPSE-FULLSTACK
+# Generated by: *setup-github task (Story 5.10)
+#
+# Variables (replaced during installation):
+#   {{REVIEW_PROFILE}} - Review profile (chill | assertive)
+#   {{PROJECT_NAME}} - Project name
+#   {{PATH_INSTRUCTIONS}} - Dynamically generated path instructions
+#
+# Documentation: https://docs.coderabbit.ai/configuration
+# =============================================================================
+
+version: 2
+language: "en-US"
+early_access: false
+
+# -----------------------------------------------------------------------------
+# REVIEW CONFIGURATION
+# -----------------------------------------------------------------------------
+reviews:
+  # Profile options: chill | assertive
+  # - chill: Minimal feedback, only critical issues (RECOMMENDED for new projects)
+  # - assertive: Comprehensive feedback, strict standards (for production)
+  profile: "{{REVIEW_PROFILE}}"
+
+  # Workflow settings
+  request_changes_workflow: false
+  high_level_summary: true
+  high_level_summary_placeholder: "@coderabbitai summary"
+  poem: false
+  review_status: true
+  collapse_walkthrough: false
+  abort_on_close: true
+
+  # Auto-review settings
+  auto_review:
+    enabled: true
+    drafts: false
+    base_branches:
+      - "main"
+      - "develop"
+      - "release/*"
+
+  # Finishing touches (disabled by default - enable as needed)
+  finishing_touches:
+    docstrings:
+      enabled: false
+    unit_tests:
+      enabled: false
+
+  # ---------------------------------------------------------------------------
+  # PATH FILTERS - Exclude from review
+  # ---------------------------------------------------------------------------
+  path_filters:
+    # Generated/build files
+    - "!**/node_modules/**"
+    - "!**/dist/**"
+    - "!**/build/**"
+    - "!**/.next/**"
+    - "!**/coverage/**"
+    - "!**/*.min.js"
+    - "!**/*.min.css"
+
+    # Lock files
+    - "!**/package-lock.json"
+    - "!**/yarn.lock"
+    - "!**/pnpm-lock.yaml"
+
+    # Generated type definitions
+    - "!**/*.d.ts"
+
+  # ---------------------------------------------------------------------------
+  # PATH INSTRUCTIONS - Context-specific review rules
+  # ---------------------------------------------------------------------------
+  path_instructions:
+    # -------------------------------------------------------------------------
+    # SOURCE CODE
+    # -------------------------------------------------------------------------
+    - path: "src/**/*.ts"
+      instructions: |
+        TypeScript source code.
+
+        CRITICAL (must fix immediately):
+        - Hardcoded credentials or API keys
+        - SQL injection vulnerabilities
+        - XSS vulnerabilities
+        - Exposed sensitive data in logs
+
+        HIGH (should fix before merge):
+        - Strict typing violations (minimize 'any')
+        - Missing error handling
+        - Unhandled promise rejections
+        - Memory leak patterns
+
+        MEDIUM (document as tech debt):
+        - Code duplication
+        - Complex functions (>50 lines)
+        - Missing input validation
+
+        LOW (optional):
+        - Style inconsistencies
+        - Naming suggestions
+
+    - path: "src/**/*.tsx"
+      instructions: |
+        React component files.
+
+        FOCUS ON:
+        - Component prop typing
+        - Hook dependency arrays
+        - Key prop usage in lists
+        - Memory leaks (useEffect cleanup)
+        - Accessibility (aria labels, semantic HTML)
+
+        SKIP:
+        - JSX formatting preferences
+        - Component organization styles
+
+    - path: "src/**/*.js"
+      instructions: |
+        JavaScript source code.
+
+        FOCUS ON:
+        - Security vulnerabilities
+        - Error handling
+        - Performance issues
+
+        SUGGEST:
+        - TypeScript migration for critical files
+
+    # -------------------------------------------------------------------------
+    # TESTS
+    # -------------------------------------------------------------------------
+    - path: "**/*.test.ts"
+      instructions: |
+        Test files.
+
+        VALIDATE:
+        - Tests cover edge cases
+        - Mocks are properly typed
+        - Test names are descriptive
+        - No implementation code in tests
+
+        DO NOT:
+        - Require JSDoc comments in tests
+        - Flag test-specific patterns (any in mocks, etc.)
+        - Suggest test framework changes
+
+    - path: "**/*.test.tsx"
+      instructions: |
+        React component test files.
+
+        VALIDATE:
+        - User interaction testing (not implementation details)
+        - Accessibility testing when applicable
+        - Proper async handling (waitFor, findBy)
+
+    - path: "**/*.spec.ts"
+      instructions: |
+        Integration/E2E test files.
+
+        VALIDATE:
+        - Test isolation
+        - Cleanup procedures
+        - Timeout handling
+
+    # -------------------------------------------------------------------------
+    # API & DATABASE
+    # -------------------------------------------------------------------------
+    - path: "src/api/**"
+      instructions: |
+        API endpoint files.
+
+        CRITICAL:
+        - Input validation missing
+        - SQL injection risks
+        - XSS vulnerabilities
+        - Authentication bypass risks
+
+        HIGH:
+        - Missing authentication checks
+        - Inconsistent error responses
+        - Missing rate limiting considerations
+
+        MEDIUM:
+        - Response format inconsistencies
+        - Missing pagination for lists
+
+    - path: "**/migrations/**"
+      instructions: |
+        Database migration files.
+
+        CRITICAL:
+        - Data loss potential (DROP without backup)
+        - Missing rollback strategy
+        - Breaking schema changes
+
+        HIGH:
+        - Missing indexes for foreign keys
+        - Large table alterations without batch
+
+        NEVER:
+        - Approve destructive migrations without explicit confirmation
+
+    # -------------------------------------------------------------------------
+    # CONFIGURATION
+    # -------------------------------------------------------------------------
+    - path: "*.config.*"
+      instructions: |
+        Configuration files.
+
+        CRITICAL:
+        - Hardcoded secrets
+        - Production credentials in config
+
+        HIGH:
+        - Environment-specific values hardcoded
+        - Missing environment variable fallbacks
+
+        SUGGEST:
+        - Use .env variables for sensitive data
+        - Document configuration options
+
+    - path: ".env*"
+      instructions: |
+        Environment files.
+
+        CRITICAL:
+        - Real secrets in .env.example
+        - Production values committed
+
+        WARN:
+        - Missing required variables documentation
+
+    # -------------------------------------------------------------------------
+    # DOCUMENTATION
+    # -------------------------------------------------------------------------
+    - path: "docs/**"
+      instructions: |
+        Documentation files.
+
+        VALIDATE:
+        - Clarity and completeness
+        - Code examples are correct
+        - Links are valid
+
+        DO NOT:
+        - Flag markdown style preferences
+        - Require specific heading structures
+
+    - path: "README.md"
+      instructions: |
+        Project README.
+
+        VALIDATE:
+        - Setup instructions are complete
+        - Examples are functional
+        - Links work
+
+{{PATH_INSTRUCTIONS}}
+
+# -----------------------------------------------------------------------------
+# CHAT CONFIGURATION
+# -----------------------------------------------------------------------------
+chat:
+  auto_reply: true
+
+# -----------------------------------------------------------------------------
+# KNOWLEDGE BASE
+# -----------------------------------------------------------------------------
+knowledge_base:
+  learnings:
+    scope: "auto"
+  issues:
+    scope: "auto"
+  pull_requests:
+    scope: "auto"
+

package/.sinapse-ai/infrastructure/templates/config/env.example

@@ -0,0 +1,16 @@
+# =============================================================================
+# Environment Variables — {{PROJECT_NAME}}
+# =============================================================================
+# Copy this file to .env and fill in real values.
+# NEVER commit .env with real credentials.
+# =============================================================================
+
+# Database
+DATABASE_URL=postgresql://user:password@localhost:5432/dbname
+SUPABASE_URL=https://your-project.supabase.co
+SUPABASE_ANON_KEY=your-anon-key-here
+# NEVER put service_role key here — use server-only env
+
+# App
+NEXT_PUBLIC_APP_URL=http://localhost:3000
+NODE_ENV=development

package/.sinapse-ai/infrastructure/templates/config/gitignore-additions.tmpl

@@ -0,0 +1,59 @@
+# ========================================
+# SINAPSE Project Ignores
+# Applied by: sinapse setup-infra
+# ========================================
+
+# Dependencies
+node_modules/
+
+# Build output
+dist/
+build/
+out/
+.next/
+.nuxt/
+.output/
+
+# Environment (NEVER commit real values)
+.env
+.env.local
+.env.*.local
+.env.development
+.env.test
+.env.production
+
+# Testing
+coverage/
+.nyc_output/
+test-results/
+
+# TypeScript
+*.tsbuildinfo
+
+# IDE & Editor
+.vscode/settings.json
+.idea/
+*.sublime-workspace
+
+# OS files
+.DS_Store
+Thumbs.db
+desktop.ini
+
+# Logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+
+# SINAPSE runtime
+.sinapse/
+.sinapse-ai/.cache/
+.sinapse-ai/logs/
+.sinapse-ai/*.local.yaml
+
+# Temporary
+tmp/
+temp/
+*.tmp
+*.swp
+*~

package/.sinapse-ai/infrastructure/templates/github/CODEOWNERS.template

@@ -0,0 +1,12 @@
+# Code Owners — {{PROJECT_NAME}}
+# All PRs require approval from an owner before merge.
+
+# Default: all files require maintainer review
+* @{{MAINTAINER}}
+
+# Framework and agent configuration
+.sinapse-ai/ @{{MAINTAINER}}
+.claude/      @{{MAINTAINER}}
+
+# CI/CD and GitHub config
+.github/      @{{MAINTAINER}}

package/.sinapse-ai/infrastructure/templates/github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,29 @@
+## Summary
+<!-- 1-3 sentences describing what this PR does and why -->
+
+## Story
+**Story:** `docs/stories/__.story.md`
+
+## Type
+- [ ] Bug fix
+- [ ] Feature
+- [ ] Breaking change
+- [ ] Documentation
+- [ ] Refactor
+
+## Quality Gates
+| Gate | Status |
+|------|--------|
+| Lint | :question: |
+| TypeCheck | :question: |
+| Tests | :question: |
+
+## Security
+- [ ] No secrets in code
+- [ ] Input validation on new endpoints
+- [ ] RLS reviewed (if DB changes)
+
+## Checklist
+- [ ] Tests added/updated
+- [ ] Story updated with progress
+- [ ] PR title follows Conventional Commits