npm - specweave - Versions diffs - 0.3.13 → 0.4.1 - Mend

specweave 0.3.13 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (168) hide show

package/CLAUDE.md +506 -17
package/README.md +100 -58
package/bin/install-all.sh +9 -2
package/bin/install-hooks.sh +57 -0
package/bin/specweave.js +16 -0
package/dist/adapters/adapter-base.d.ts +21 -0
package/dist/adapters/adapter-base.d.ts.map +1 -1
package/dist/adapters/adapter-base.js +28 -0
package/dist/adapters/adapter-base.js.map +1 -1
package/dist/adapters/adapter-interface.d.ts +41 -0
package/dist/adapters/adapter-interface.d.ts.map +1 -1
package/dist/adapters/claude/adapter.d.ts +36 -0
package/dist/adapters/claude/adapter.d.ts.map +1 -1
package/dist/adapters/claude/adapter.js +135 -0
package/dist/adapters/claude/adapter.js.map +1 -1
package/dist/adapters/copilot/adapter.d.ts +25 -0
package/dist/adapters/copilot/adapter.d.ts.map +1 -1
package/dist/adapters/copilot/adapter.js +112 -0
package/dist/adapters/copilot/adapter.js.map +1 -1
package/dist/adapters/cursor/adapter.d.ts +36 -0
package/dist/adapters/cursor/adapter.d.ts.map +1 -1
package/dist/adapters/cursor/adapter.js +140 -0
package/dist/adapters/cursor/adapter.js.map +1 -1
package/dist/adapters/generic/adapter.d.ts +25 -0
package/dist/adapters/generic/adapter.d.ts.map +1 -1
package/dist/adapters/generic/adapter.js +111 -0
package/dist/adapters/generic/adapter.js.map +1 -1
package/dist/cli/commands/init.d.ts.map +1 -1
package/dist/cli/commands/init.js +103 -1
package/dist/cli/commands/init.js.map +1 -1
package/dist/cli/commands/plugin.d.ts +37 -0
package/dist/cli/commands/plugin.d.ts.map +1 -0
package/dist/cli/commands/plugin.js +296 -0
package/dist/cli/commands/plugin.js.map +1 -0
package/dist/core/agent-model-manager.d.ts +52 -0
package/dist/core/agent-model-manager.d.ts.map +1 -0
package/dist/core/agent-model-manager.js +120 -0
package/dist/core/agent-model-manager.js.map +1 -0
package/dist/core/cost-tracker.d.ts +108 -0
package/dist/core/cost-tracker.d.ts.map +1 -0
package/dist/core/cost-tracker.js +281 -0
package/dist/core/cost-tracker.js.map +1 -0
package/dist/core/model-selector.d.ts +57 -0
package/dist/core/model-selector.d.ts.map +1 -0
package/dist/core/model-selector.js +115 -0
package/dist/core/model-selector.js.map +1 -0
package/dist/core/phase-detector.d.ts +62 -0
package/dist/core/phase-detector.d.ts.map +1 -0
package/dist/core/phase-detector.js +229 -0
package/dist/core/phase-detector.js.map +1 -0
package/dist/core/plugin-detector.d.ts +96 -0
package/dist/core/plugin-detector.d.ts.map +1 -0
package/dist/core/plugin-detector.js +349 -0
package/dist/core/plugin-detector.js.map +1 -0
package/dist/core/plugin-loader.d.ts +111 -0
package/dist/core/plugin-loader.d.ts.map +1 -0
package/dist/core/plugin-loader.js +319 -0
package/dist/core/plugin-loader.js.map +1 -0
package/dist/core/plugin-manager.d.ts +144 -0
package/dist/core/plugin-manager.d.ts.map +1 -0
package/dist/core/plugin-manager.js +393 -0
package/dist/core/plugin-manager.js.map +1 -0
package/dist/core/schemas/plugin-manifest.schema.json +253 -0
package/dist/core/types/plugin.d.ts +252 -0
package/dist/core/types/plugin.d.ts.map +1 -0
package/dist/core/types/plugin.js +48 -0
package/dist/core/types/plugin.js.map +1 -0
package/dist/integrations/jira/jira-mapper.d.ts +2 -2
package/dist/integrations/jira/jira-mapper.js +2 -2
package/dist/types/cost-tracking.d.ts +43 -0
package/dist/types/cost-tracking.d.ts.map +1 -0
package/dist/types/cost-tracking.js +8 -0
package/dist/types/cost-tracking.js.map +1 -0
package/dist/types/model-selection.d.ts +53 -0
package/dist/types/model-selection.d.ts.map +1 -0
package/dist/types/model-selection.js +12 -0
package/dist/types/model-selection.js.map +1 -0
package/dist/utils/cost-reporter.d.ts +58 -0
package/dist/utils/cost-reporter.d.ts.map +1 -0
package/dist/utils/cost-reporter.js +224 -0
package/dist/utils/cost-reporter.js.map +1 -0
package/dist/utils/pricing-constants.d.ts +70 -0
package/dist/utils/pricing-constants.d.ts.map +1 -0
package/dist/utils/pricing-constants.js +71 -0
package/dist/utils/pricing-constants.js.map +1 -0
package/package.json +13 -9
package/src/adapters/adapter-base.ts +33 -0
package/src/adapters/adapter-interface.ts +46 -0
package/src/adapters/claude/adapter.ts +164 -0
package/src/adapters/copilot/adapter.ts +138 -0
package/src/adapters/cursor/adapter.ts +170 -0
package/src/adapters/generic/adapter.ts +137 -0
package/src/agents/architect/AGENT.md +3 -0
package/src/agents/code-reviewer.md +156 -0
package/src/agents/data-scientist/AGENT.md +181 -0
package/src/agents/database-optimizer/AGENT.md +147 -0
package/src/agents/devops/AGENT.md +3 -0
package/src/agents/diagrams-architect/AGENT.md +3 -0
package/src/agents/docs-writer/AGENT.md +3 -0
package/src/agents/kubernetes-architect/AGENT.md +142 -0
package/src/agents/ml-engineer/AGENT.md +150 -0
package/src/agents/mlops-engineer/AGENT.md +201 -0
package/src/agents/network-engineer/AGENT.md +149 -0
package/src/agents/observability-engineer/AGENT.md +213 -0
package/src/agents/payment-integration/AGENT.md +35 -0
package/src/agents/performance/AGENT.md +3 -0
package/src/agents/performance-engineer/AGENT.md +153 -0
package/src/agents/pm/AGENT.md +3 -0
package/src/agents/qa-lead/AGENT.md +3 -0
package/src/agents/security/AGENT.md +3 -0
package/src/agents/sre/AGENT.md +3 -0
package/src/agents/tdd-orchestrator/AGENT.md +169 -0
package/src/agents/tech-lead/AGENT.md +3 -0
package/src/commands/specweave.costs.md +261 -0
package/src/commands/specweave.increment.md +48 -4
package/src/commands/specweave.ml-pipeline.md +292 -0
package/src/commands/specweave.monitor-setup.md +501 -0
package/src/commands/specweave.slo-implement.md +1055 -0
package/src/commands/specweave.sync-github.md +1 -1
package/src/commands/specweave.tdd-cycle.md +199 -0
package/src/commands/specweave.tdd-green.md +842 -0
package/src/commands/specweave.tdd-red.md +135 -0
package/src/commands/specweave.tdd-refactor.md +165 -0
package/src/hooks/post-increment-plugin-detect.sh +142 -0
package/src/hooks/post-task-completion.sh +53 -11
package/src/hooks/pre-task-plugin-detect.sh +96 -0
package/src/skills/SKILLS-INDEX.md +18 -10
package/src/skills/billing-automation/SKILL.md +559 -0
package/src/skills/distributed-tracing/SKILL.md +438 -0
package/src/skills/e2e-playwright/README.md +1 -1
package/src/skills/e2e-playwright/package.json +1 -1
package/src/skills/gitops-workflow/SKILL.md +285 -0
package/src/skills/gitops-workflow/references/argocd-setup.md +134 -0
package/src/skills/gitops-workflow/references/sync-policies.md +131 -0
package/src/skills/grafana-dashboards/SKILL.md +369 -0
package/src/skills/helm-chart-scaffolding/SKILL.md +544 -0
package/src/skills/helm-chart-scaffolding/assets/Chart.yaml.template +42 -0
package/src/skills/helm-chart-scaffolding/assets/values.yaml.template +185 -0
package/src/skills/helm-chart-scaffolding/references/chart-structure.md +500 -0
package/src/skills/helm-chart-scaffolding/scripts/validate-chart.sh +244 -0
package/src/skills/k8s-manifest-generator/SKILL.md +511 -0
package/src/skills/k8s-manifest-generator/assets/configmap-template.yaml +296 -0
package/src/skills/k8s-manifest-generator/assets/deployment-template.yaml +203 -0
package/src/skills/k8s-manifest-generator/assets/service-template.yaml +171 -0
package/src/skills/k8s-manifest-generator/references/deployment-spec.md +753 -0
package/src/skills/k8s-manifest-generator/references/service-spec.md +724 -0
package/src/skills/k8s-security-policies/SKILL.md +334 -0
package/src/skills/k8s-security-policies/assets/network-policy-template.yaml +177 -0
package/src/skills/k8s-security-policies/references/rbac-patterns.md +187 -0
package/src/skills/ml-pipeline-workflow/SKILL.md +245 -0
package/src/skills/paypal-integration/SKILL.md +467 -0
package/src/skills/pci-compliance/SKILL.md +466 -0
package/src/skills/prometheus-configuration/SKILL.md +392 -0
package/src/skills/slo-implementation/SKILL.md +329 -0
package/src/skills/stripe-integration/SKILL.md +442 -0
package/src/skills/tdd-workflow/SKILL.md +378 -0
package/src/templates/README.md.template +1 -1
package/src/skills/bmad-method-expert/SKILL.md +0 -626
package/src/skills/bmad-method-expert/scripts/analyze-project.js +0 -318
package/src/skills/bmad-method-expert/scripts/check-setup.js +0 -208
package/src/skills/bmad-method-expert/scripts/generate-template.js +0 -1149
package/src/skills/bmad-method-expert/scripts/validate-documents.js +0 -340
package/src/skills/context-optimizer/SKILL.md +0 -588
package/src/skills/figma-designer/SKILL.md +0 -149
package/src/skills/figma-implementer/SKILL.md +0 -148
package/src/skills/figma-mcp-connector/SKILL.md +0 -136
package/src/skills/figma-to-code/SKILL.md +0 -128
package/src/skills/spec-kit-expert/SKILL.md +0 -1010

package/src/skills/pci-compliance/SKILL.md ADDED Viewed

@@ -0,0 +1,466 @@
+---
+name: pci-compliance
+description: Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.
+---
+# PCI Compliance
+Master PCI DSS (Payment Card Industry Data Security Standard) compliance for secure payment processing and handling of cardholder data.
+## When to Use This Skill
+- Building payment processing systems
+- Handling credit card information
+- Implementing secure payment flows
+- Conducting PCI compliance audits
+- Reducing PCI compliance scope
+- Implementing tokenization and encryption
+- Preparing for PCI DSS assessments
+## PCI DSS Requirements (12 Core Requirements)
+### Build and Maintain Secure Network
+1. Install and maintain firewall configuration
+2. Don't use vendor-supplied defaults for passwords
+### Protect Cardholder Data
+3. Protect stored cardholder data
+4. Encrypt transmission of cardholder data across public networks
+### Maintain Vulnerability Management
+5. Protect systems against malware
+6. Develop and maintain secure systems and applications
+### Implement Strong Access Control
+7. Restrict access to cardholder data by business need-to-know
+8. Identify and authenticate access to system components
+9. Restrict physical access to cardholder data
+### Monitor and Test Networks
+10. Track and monitor all access to network resources and cardholder data
+11. Regularly test security systems and processes
+### Maintain Information Security Policy
+12. Maintain a policy that addresses information security
+## Compliance Levels
+**Level 1**: > 6 million transactions/year (annual ROC required)
+**Level 2**: 1-6 million transactions/year (annual SAQ)
+**Level 3**: 20,000-1 million e-commerce transactions/year
+**Level 4**: < 20,000 e-commerce or < 1 million total transactions
+## Data Minimization (Never Store)
+```python
+# NEVER STORE THESE
+PROHIBITED_DATA = {
+    'full_track_data': 'Magnetic stripe data',
+    'cvv': 'Card verification code/value',
+    'pin': 'PIN or PIN block'
+}
+# CAN STORE (if encrypted)
+ALLOWED_DATA = {
+    'pan': 'Primary Account Number (card number)',
+    'cardholder_name': 'Name on card',
+    'expiration_date': 'Card expiration',
+    'service_code': 'Service code'
+}
+class PaymentData:
+    """Safe payment data handling."""
+    def __init__(self):
+        self.prohibited_fields = ['cvv', 'cvv2', 'cvc', 'pin']
+    def sanitize_log(self, data):
+        """Remove sensitive data from logs."""
+        sanitized = data.copy()
+        # Mask PAN
+        if 'card_number' in sanitized:
+            card = sanitized['card_number']
+            sanitized['card_number'] = f"{card[:6]}{'*' * (len(card) - 10)}{card[-4:]}"
+        # Remove prohibited data
+        for field in self.prohibited_fields:
+            sanitized.pop(field, None)
+        return sanitized
+    def validate_no_prohibited_storage(self, data):
+        """Ensure no prohibited data is being stored."""
+        for field in self.prohibited_fields:
+            if field in data:
+                raise SecurityError(f"Attempting to store prohibited field: {field}")
+```
+## Tokenization
+### Using Payment Processor Tokens
+```python
+import stripe
+class TokenizedPayment:
+    """Handle payments using tokens (no card data on server)."""
+    @staticmethod
+    def create_payment_method_token(card_details):
+        """Create token from card details (client-side only)."""
+        # THIS SHOULD ONLY BE DONE CLIENT-SIDE WITH STRIPE.JS
+        # NEVER send card details to your server
+        """
+        // Frontend JavaScript
+        const stripe = Stripe('pk_...');
+        const {token, error} = await stripe.createToken({
+            card: {
+                number: '4242424242424242',
+                exp_month: 12,
+                exp_year: 2024,
+                cvc: '123'
+            }
+        });
+        // Send token.id to server (NOT card details)
+        """
+        pass
+    @staticmethod
+    def charge_with_token(token_id, amount):
+        """Charge using token (server-side)."""
+        # Your server only sees the token, never the card number
+        stripe.api_key = "sk_..."
+        charge = stripe.Charge.create(
+            amount=amount,
+            currency="usd",
+            source=token_id,  # Token instead of card details
+            description="Payment"
+        )
+        return charge
+    @staticmethod
+    def store_payment_method(customer_id, payment_method_token):
+        """Store payment method as token for future use."""
+        stripe.Customer.modify(
+            customer_id,
+            source=payment_method_token
+        )
+        # Store only customer_id and payment_method_id in your database
+        # NEVER store actual card details
+        return {
+            'customer_id': customer_id,
+            'has_payment_method': True
+            # DO NOT store: card number, CVV, etc.
+        }
+```
+### Custom Tokenization (Advanced)
+```python
+import secrets
+from cryptography.fernet import Fernet
+class TokenVault:
+    """Secure token vault for card data (if you must store it)."""
+    def __init__(self, encryption_key):
+        self.cipher = Fernet(encryption_key)
+        self.vault = {}  # In production: use encrypted database
+    def tokenize(self, card_data):
+        """Convert card data to token."""
+        # Generate secure random token
+        token = secrets.token_urlsafe(32)
+        # Encrypt card data
+        encrypted = self.cipher.encrypt(json.dumps(card_data).encode())
+        # Store token -> encrypted data mapping
+        self.vault[token] = encrypted
+        return token
+    def detokenize(self, token):
+        """Retrieve card data from token."""
+        encrypted = self.vault.get(token)
+        if not encrypted:
+            raise ValueError("Token not found")
+        # Decrypt
+        decrypted = self.cipher.decrypt(encrypted)
+        return json.loads(decrypted.decode())
+    def delete_token(self, token):
+        """Remove token from vault."""
+        self.vault.pop(token, None)
+```
+## Encryption
+### Data at Rest
+```python
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+import os
+class EncryptedStorage:
+    """Encrypt data at rest using AES-256-GCM."""
+    def __init__(self, encryption_key):
+        """Initialize with 256-bit key."""
+        self.key = encryption_key  # Must be 32 bytes
+    def encrypt(self, plaintext):
+        """Encrypt data."""
+        # Generate random nonce
+        nonce = os.urandom(12)
+        # Encrypt
+        aesgcm = AESGCM(self.key)
+        ciphertext = aesgcm.encrypt(nonce, plaintext.encode(), None)
+        # Return nonce + ciphertext
+        return nonce + ciphertext
+    def decrypt(self, encrypted_data):
+        """Decrypt data."""
+        # Extract nonce and ciphertext
+        nonce = encrypted_data[:12]
+        ciphertext = encrypted_data[12:]
+        # Decrypt
+        aesgcm = AESGCM(self.key)
+        plaintext = aesgcm.decrypt(nonce, ciphertext, None)
+        return plaintext.decode()
+# Usage
+storage = EncryptedStorage(os.urandom(32))
+encrypted_pan = storage.encrypt("4242424242424242")
+# Store encrypted_pan in database
+```
+### Data in Transit
+```python
+# Always use TLS 1.2 or higher
+# Flask/Django example
+app.config['SESSION_COOKIE_SECURE'] = True  # HTTPS only
+app.config['SESSION_COOKIE_HTTPONLY'] = True
+app.config['SESSION_COOKIE_SAMESITE'] = 'Strict'
+# Enforce HTTPS
+from flask_talisman import Talisman
+Talisman(app, force_https=True)
+```
+## Access Control
+```python
+from functools import wraps
+from flask import session
+def require_pci_access(f):
+    """Decorator to restrict access to cardholder data."""
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        user = session.get('user')
+        # Check if user has PCI access role
+        if not user or 'pci_access' not in user.get('roles', []):
+            return {'error': 'Unauthorized access to cardholder data'}, 403
+        # Log access attempt
+        audit_log(
+            user=user['id'],
+            action='access_cardholder_data',
+            resource=f.__name__
+        )
+        return f(*args, **kwargs)
+    return decorated_function
+@app.route('/api/payment-methods')
+@require_pci_access
+def get_payment_methods():
+    """Retrieve payment methods (restricted access)."""
+    # Only accessible to users with pci_access role
+    pass
+```
+## Audit Logging
+```python
+import logging
+from datetime import datetime
+class PCIAuditLogger:
+    """PCI-compliant audit logging."""
+    def __init__(self):
+        self.logger = logging.getLogger('pci_audit')
+        # Configure to write to secure, append-only log
+    def log_access(self, user_id, resource, action, result):
+        """Log access to cardholder data."""
+        entry = {
+            'timestamp': datetime.utcnow().isoformat(),
+            'user_id': user_id,
+            'resource': resource,
+            'action': action,
+            'result': result,
+            'ip_address': request.remote_addr
+        }
+        self.logger.info(json.dumps(entry))
+    def log_authentication(self, user_id, success, method):
+        """Log authentication attempt."""
+        entry = {
+            'timestamp': datetime.utcnow().isoformat(),
+            'user_id': user_id,
+            'event': 'authentication',
+            'success': success,
+            'method': method,
+            'ip_address': request.remote_addr
+        }
+        self.logger.info(json.dumps(entry))
+# Usage
+audit = PCIAuditLogger()
+audit.log_access(user_id=123, resource='payment_methods', action='read', result='success')
+```
+## Security Best Practices
+### Input Validation
+```python
+import re
+def validate_card_number(card_number):
+    """Validate card number format (Luhn algorithm)."""
+    # Remove spaces and dashes
+    card_number = re.sub(r'[\s-]', '', card_number)
+    # Check if all digits
+    if not card_number.isdigit():
+        return False
+    # Luhn algorithm
+    def luhn_checksum(card_num):
+        def digits_of(n):
+            return [int(d) for d in str(n)]
+        digits = digits_of(card_num)
+        odd_digits = digits[-1::-2]
+        even_digits = digits[-2::-2]
+        checksum = sum(odd_digits)
+        for d in even_digits:
+            checksum += sum(digits_of(d * 2))
+        return checksum % 10
+    return luhn_checksum(card_number) == 0
+def sanitize_input(user_input):
+    """Sanitize user input to prevent injection."""
+    # Remove special characters
+    # Validate against expected format
+    # Escape for database queries
+    pass
+```
+## PCI DSS SAQ (Self-Assessment Questionnaire)
+### SAQ A (Least Requirements)
+- E-commerce using hosted payment page
+- No card data on your systems
+- ~20 questions
+### SAQ A-EP
+- E-commerce with embedded payment form
+- Uses JavaScript to handle card data
+- ~180 questions
+### SAQ D (Most Requirements)
+- Store, process, or transmit card data
+- Full PCI DSS requirements
+- ~300 questions
+## Compliance Checklist
+```python
+PCI_COMPLIANCE_CHECKLIST = {
+    'network_security': [
+        'Firewall configured and maintained',
+        'No vendor default passwords',
+        'Network segmentation implemented'
+    ],
+    'data_protection': [
+        'No storage of CVV, track data, or PIN',
+        'PAN encrypted when stored',
+        'PAN masked when displayed',
+        'Encryption keys properly managed'
+    ],
+    'vulnerability_management': [
+        'Anti-virus installed and updated',
+        'Secure development practices',
+        'Regular security patches',
+        'Vulnerability scanning performed'
+    ],
+    'access_control': [
+        'Access restricted by role',
+        'Unique IDs for all users',
+        'Multi-factor authentication',
+        'Physical security measures'
+    ],
+    'monitoring': [
+        'Audit logs enabled',
+        'Log review process',
+        'File integrity monitoring',
+        'Regular security testing'
+    ],
+    'policy': [
+        'Security policy documented',
+        'Risk assessment performed',
+        'Security awareness training',
+        'Incident response plan'
+    ]
+}
+```
+## Resources
+- **references/data-minimization.md**: Never store prohibited data
+- **references/tokenization.md**: Tokenization strategies
+- **references/encryption.md**: Encryption requirements
+- **references/access-control.md**: Role-based access
+- **references/audit-logging.md**: Comprehensive logging
+- **assets/pci-compliance-checklist.md**: Complete checklist
+- **assets/encrypted-storage.py**: Encryption utilities
+- **scripts/audit-payment-system.sh**: Compliance audit script
+## Common Violations
+1. **Storing CVV**: Never store card verification codes
+2. **Unencrypted PAN**: Card numbers must be encrypted at rest
+3. **Weak Encryption**: Use AES-256 or equivalent
+4. **No Access Controls**: Restrict who can access cardholder data
+5. **Missing Audit Logs**: Must log all access to payment data
+6. **Insecure Transmission**: Always use TLS 1.2+
+7. **Default Passwords**: Change all default credentials
+8. **No Security Testing**: Regular penetration testing required
+## Reducing PCI Scope
+1. **Use Hosted Payments**: Stripe Checkout, PayPal, etc.
+2. **Tokenization**: Replace card data with tokens
+3. **Network Segmentation**: Isolate cardholder data environment
+4. **Outsource**: Use PCI-compliant payment processors
+5. **No Storage**: Never store full card details
+By minimizing systems that touch card data, you reduce compliance burden significantly.