npm - start-vibing-stacks - Versions diffs - 2.6.0 → 2.7.0 - Mend

start-vibing-stacks 2.6.0 → 2.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/stacks/nodejs/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,90 @@
+name: CI
+on:
+  pull_request:
+  push:
+    branches: [main]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+permissions:
+  contents: read
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+      - name: Typecheck
+        run: bun run typecheck
+      - name: Lint
+        run: bun run lint
+      - name: Unit tests
+        run: bun run test
+      - name: Build
+        run: bun run build
+  security:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+      - name: Audit dependencies
+        run: bun audit --audit-level=high
+        continue-on-error: false
+      - name: Gitleaks (secret scan)
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  e2e:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+      - name: Install Playwright browsers
+        run: bunx playwright install --with-deps chromium
+      - name: Run Playwright tests
+        run: bunx playwright test
+      - uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 14

package/stacks/nodejs/workflows/security.yml ADDED Viewed

@@ -0,0 +1,45 @@
+name: Security
+on:
+  schedule:
+    - cron: '0 4 * * 1'         # Mondays 04:00 UTC
+  push:
+    branches: [main]
+  workflow_dispatch:
+permissions:
+  contents: read
+  security-events: write
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      - run: bun install --frozen-lockfile
+      - run: bun audit --audit-level=high
+  gitleaks:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  codeql:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript-typescript
+      - uses: github/codeql-action/analyze@v3

package/stacks/php/skills/api-design/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: api-design
+version: 1.0.0
+---
 # PHP API Design Standards
 ## RESTful Principles

package/stacks/php/skills/api-security/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: api-security
+version: 1.0.0
+---
 # API Security — NSA-Level Hardening for Laravel + Octane
 **ALWAYS invoke when building APIs, auth endpoints, or handling user input.**

package/stacks/php/skills/composer-workflow/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: composer-workflow
+version: 1.0.0
+---
 # Composer Workflow
 ## Requirements

package/stacks/php/skills/external-api-patterns/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: external-api-patterns
+version: 1.0.0
+---
 # External API Patterns — HTTP Client for Laravel + Octane
 **ALWAYS invoke when consuming external APIs, webhooks, or third-party services.**

package/stacks/php/skills/inertia-react/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: inertia-react
+version: 1.0.0
+---
 # Inertia.js + React — Laravel Frontend
 **ALWAYS invoke when writing Inertia.js pages, components, or shared data.**

package/stacks/php/skills/laravel-inertia-i18n/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: laravel-inertia-i18n
+version: 1.0.0
+---
 # Laravel + Inertia i18n — Centralized Translations
 **ALWAYS invoke when adding translations, creating new pages, or working with multilingual content.**

package/stacks/php/skills/laravel-octane/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: laravel-octane
+version: 1.0.0
+---
 # Laravel Octane (RoadRunner) Patterns
 ## How Octane Works

package/stacks/php/skills/laravel-patterns/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: laravel-patterns
+version: 1.0.0
+---
 # Laravel Patterns & Standards
 ## Model Standards

package/stacks/php/skills/mariadb-octane/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: mariadb-octane
+version: 1.0.0
+---
 # MariaDB + Octane — Database Patterns for Persistent Workers
 **ALWAYS invoke when writing queries, migrations, models, or DB config in Laravel Octane.**

package/stacks/php/skills/php-patterns/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: php-patterns
+version: 1.0.0
+---
 # PHP 8.3+ Patterns for Laravel
 ## Version Requirements

package/stacks/php/skills/phpstan-analysis/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: phpstan-analysis
+version: 1.0.0
+---
 # PHPStan Static Analysis
 ## Setup

package/stacks/php/skills/phpunit-testing/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: phpunit-testing
+version: 1.0.0
+---
 # PHPUnit Testing Skill
 ## Setup

package/stacks/php/skills/security-scan-php/SKILL.md CHANGED Viewed

@@ -1,3 +1,8 @@
+---
+name: security-scan-php
+version: 1.0.0
+---
 # Laravel Security Scan
 ## OWASP Top 10 for Laravel

package/stacks/php/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,106 @@
+name: CI
+on:
+  pull_request:
+  push:
+    branches: [main]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+permissions:
+  contents: read
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    services:
+      mariadb:
+        image: mariadb:11
+        env:
+          MARIADB_ROOT_PASSWORD: root
+          MARIADB_DATABASE: testing
+        ports: ['3306:3306']
+        options: >-
+          --health-cmd "healthcheck.sh --connect --innodb_initialized"
+          --health-interval 10s --health-timeout 5s --health-retries 5
+      redis:
+        image: redis:7-alpine
+        ports: ['6379:6379']
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s --health-timeout 5s --health-retries 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          extensions: mbstring, pdo_mysql, redis, swoole, intl, bcmath, zip
+          coverage: pcov
+          tools: composer:v2
+      - name: Cache composer
+        uses: actions/cache@v4
+        with:
+          path: vendor
+          key: composer-${{ hashFiles('composer.lock') }}
+      - name: Install dependencies
+        run: composer install --no-interaction --prefer-dist --optimize-autoloader
+      - name: Copy env
+        run: cp .env.example .env && php artisan key:generate
+      - name: PHPStan
+        run: vendor/bin/phpstan analyse --no-progress --memory-limit=512M
+      - name: Pint (code style)
+        run: vendor/bin/pint --test
+      - name: Migrate
+        env:
+          DB_CONNECTION: mariadb
+          DB_HOST: 127.0.0.1
+          DB_PORT: 3306
+          DB_DATABASE: testing
+          DB_USERNAME: root
+          DB_PASSWORD: root
+        run: php artisan migrate --force
+      - name: PHPUnit / Pest
+        env:
+          DB_CONNECTION: mariadb
+          DB_HOST: 127.0.0.1
+          DB_PORT: 3306
+          DB_DATABASE: testing
+          DB_USERNAME: root
+          DB_PASSWORD: root
+          REDIS_HOST: 127.0.0.1
+        run: vendor/bin/pest --coverage --min=70
+  security:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          tools: composer:v2
+      - name: Install dependencies
+        run: composer install --no-interaction --prefer-dist
+      - name: Composer audit
+        run: composer audit
+      - name: Gitleaks (secret scan)
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/stacks/php/workflows/security.yml ADDED Viewed

@@ -0,0 +1,36 @@
+name: Security
+on:
+  schedule:
+    - cron: '0 4 * * 1'
+  push:
+    branches: [main]
+  workflow_dispatch:
+permissions:
+  contents: read
+  security-events: write
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          tools: composer:v2
+      - run: composer install --no-interaction --prefer-dist
+      - run: composer audit
+  gitleaks:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}