npm - start-vibing - Versions diffs - 2.0.11 → 2.0.13 - Mend

start-vibing 2.0.11 → 2.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/README.md +177 -177
package/dist/cli.js +19 -2
package/package.json +42 -42
package/template/.claude/CLAUDE.md +174 -174
package/template/.claude/agents/01-orchestration/agent-selector.md +130 -130
package/template/.claude/agents/01-orchestration/checkpoint-manager.md +142 -142
package/template/.claude/agents/01-orchestration/context-manager.md +138 -138
package/template/.claude/agents/01-orchestration/error-recovery.md +182 -182
package/template/.claude/agents/01-orchestration/orchestrator.md +114 -114
package/template/.claude/agents/01-orchestration/parallel-coordinator.md +141 -141
package/template/.claude/agents/01-orchestration/task-decomposer.md +121 -121
package/template/.claude/agents/01-orchestration/workflow-router.md +114 -114
package/template/.claude/agents/02-typescript/bun-runtime-expert.md +197 -197
package/template/.claude/agents/02-typescript/esm-resolver.md +193 -193
package/template/.claude/agents/02-typescript/import-alias-enforcer.md +158 -158
package/template/.claude/agents/02-typescript/ts-generics-helper.md +183 -183
package/template/.claude/agents/02-typescript/ts-migration-helper.md +238 -238
package/template/.claude/agents/02-typescript/ts-strict-checker.md +180 -180
package/template/.claude/agents/02-typescript/ts-types-analyzer.md +199 -199
package/template/.claude/agents/02-typescript/type-definition-writer.md +187 -187
package/template/.claude/agents/02-typescript/zod-schema-designer.md +212 -212
package/template/.claude/agents/02-typescript/zod-validator.md +158 -158
package/template/.claude/agents/03-testing/playwright-assertions.md +265 -265
package/template/.claude/agents/03-testing/playwright-e2e.md +247 -247
package/template/.claude/agents/03-testing/playwright-fixtures.md +234 -234
package/template/.claude/agents/03-testing/playwright-multi-viewport.md +256 -256
package/template/.claude/agents/03-testing/playwright-page-objects.md +247 -247
package/template/.claude/agents/03-testing/test-cleanup-manager.md +248 -248
package/template/.claude/agents/03-testing/test-data-generator.md +254 -254
package/template/.claude/agents/03-testing/tester-integration.md +278 -278
package/template/.claude/agents/03-testing/tester-unit.md +207 -207
package/template/.claude/agents/03-testing/vitest-config.md +287 -287
package/template/.claude/agents/04-docker/container-health.md +255 -255
package/template/.claude/agents/04-docker/deployment-validator.md +225 -225
package/template/.claude/agents/04-docker/docker-compose-designer.md +281 -281
package/template/.claude/agents/04-docker/docker-env-manager.md +235 -235
package/template/.claude/agents/04-docker/docker-multi-stage.md +241 -241
package/template/.claude/agents/04-docker/dockerfile-optimizer.md +208 -208
package/template/.claude/agents/05-database/database-seeder.md +273 -273
package/template/.claude/agents/05-database/mongodb-query-optimizer.md +230 -230
package/template/.claude/agents/05-database/mongoose-aggregation.md +306 -306
package/template/.claude/agents/05-database/mongoose-index-optimizer.md +182 -182
package/template/.claude/agents/05-database/mongoose-schema-designer.md +267 -267
package/template/.claude/agents/06-security/auth-session-validator.md +68 -68
package/template/.claude/agents/06-security/input-sanitizer.md +80 -80
package/template/.claude/agents/06-security/owasp-checker.md +97 -97
package/template/.claude/agents/06-security/permission-auditor.md +100 -100
package/template/.claude/agents/06-security/security-auditor.md +84 -84
package/template/.claude/agents/06-security/sensitive-data-scanner.md +83 -83
package/template/.claude/agents/07-documentation/api-documenter.md +136 -136
package/template/.claude/agents/07-documentation/changelog-manager.md +105 -105
package/template/.claude/agents/07-documentation/documenter.md +76 -76
package/template/.claude/agents/07-documentation/domain-updater.md +81 -81
package/template/.claude/agents/07-documentation/jsdoc-generator.md +114 -114
package/template/.claude/agents/07-documentation/readme-generator.md +135 -135
package/template/.claude/agents/08-git/branch-manager.md +58 -58
package/template/.claude/agents/08-git/commit-manager.md +63 -63
package/template/.claude/agents/08-git/pr-creator.md +76 -76
package/template/.claude/agents/09-quality/code-reviewer.md +71 -71
package/template/.claude/agents/09-quality/quality-checker.md +67 -67
package/template/.claude/agents/10-research/best-practices-finder.md +89 -89
package/template/.claude/agents/10-research/competitor-analyzer.md +106 -106
package/template/.claude/agents/10-research/pattern-researcher.md +93 -93
package/template/.claude/agents/10-research/research-cache-manager.md +76 -76
package/template/.claude/agents/10-research/research-web.md +98 -98
package/template/.claude/agents/10-research/tech-evaluator.md +101 -101
package/template/.claude/agents/11-ui-ux/accessibility-auditor.md +136 -136
package/template/.claude/agents/11-ui-ux/design-system-enforcer.md +125 -125
package/template/.claude/agents/11-ui-ux/skeleton-generator.md +118 -118
package/template/.claude/agents/11-ui-ux/ui-desktop.md +132 -132
package/template/.claude/agents/11-ui-ux/ui-mobile.md +98 -98
package/template/.claude/agents/11-ui-ux/ui-tablet.md +110 -110
package/template/.claude/agents/12-performance/api-latency-analyzer.md +156 -156
package/template/.claude/agents/12-performance/bundle-analyzer.md +113 -113
package/template/.claude/agents/12-performance/memory-leak-detector.md +137 -137
package/template/.claude/agents/12-performance/performance-profiler.md +115 -115
package/template/.claude/agents/12-performance/query-optimizer.md +124 -124
package/template/.claude/agents/12-performance/render-optimizer.md +154 -154
package/template/.claude/agents/13-debugging/build-error-fixer.md +207 -207
package/template/.claude/agents/13-debugging/debugger.md +149 -149
package/template/.claude/agents/13-debugging/error-stack-analyzer.md +141 -141
package/template/.claude/agents/13-debugging/network-debugger.md +208 -208
package/template/.claude/agents/13-debugging/runtime-error-fixer.md +181 -181
package/template/.claude/agents/13-debugging/type-error-resolver.md +185 -185
package/template/.claude/agents/14-validation/final-validator.md +93 -93
package/template/.claude/agents/_backup/analyzer.md +134 -134
package/template/.claude/agents/_backup/code-reviewer.md +279 -279
package/template/.claude/agents/_backup/commit-manager.md +219 -219
package/template/.claude/agents/_backup/debugger.md +280 -280
package/template/.claude/agents/_backup/documenter.md +237 -237
package/template/.claude/agents/_backup/domain-updater.md +197 -197
package/template/.claude/agents/_backup/final-validator.md +169 -169
package/template/.claude/agents/_backup/orchestrator.md +149 -149
package/template/.claude/agents/_backup/performance.md +232 -232
package/template/.claude/agents/_backup/quality-checker.md +240 -240
package/template/.claude/agents/_backup/research.md +315 -315
package/template/.claude/agents/_backup/security-auditor.md +192 -192
package/template/.claude/agents/_backup/tester.md +566 -566
package/template/.claude/agents/_backup/ui-ux-reviewer.md +247 -247
package/template/.claude/config/README.md +30 -30
package/template/.claude/config/mcp-config.json +344 -344
package/template/.claude/config/project-config.json +53 -53
package/template/.claude/config/quality-gates.json +46 -46
package/template/.claude/config/security-rules.json +45 -45
package/template/.claude/config/testing-config.json +164 -164
package/template/.claude/hooks/SETUP.md +126 -126
package/template/.claude/hooks/run-hook.ts +176 -176
package/template/.claude/hooks/stop-validator.ts +914 -824
package/template/.claude/hooks/user-prompt-submit.ts +886 -886
package/template/.claude/scripts/mcp-quick-install.ts +151 -151
package/template/.claude/scripts/setup-mcps.ts +651 -651
package/template/.claude/settings.json +275 -275
package/template/.claude/skills/bun-runtime/SKILL.md +430 -430
package/template/.claude/skills/codebase-knowledge/domains/claude-system.md +431 -431
package/template/.claude/skills/codebase-knowledge/domains/mcp-integration.md +295 -295
package/template/.claude/skills/debugging-patterns/SKILL.md +485 -485
package/template/.claude/skills/docker-patterns/SKILL.md +555 -555
package/template/.claude/skills/git-workflow/SKILL.md +454 -454
package/template/.claude/skills/mongoose-patterns/SKILL.md +499 -499
package/template/.claude/skills/nextjs-app-router/SKILL.md +327 -327
package/template/.claude/skills/performance-patterns/SKILL.md +547 -547
package/template/.claude/skills/playwright-automation/SKILL.md +438 -438
package/template/.claude/skills/react-patterns/SKILL.md +389 -389
package/template/.claude/skills/research-cache/SKILL.md +222 -222
package/template/.claude/skills/shadcn-ui/SKILL.md +511 -511
package/template/.claude/skills/tailwind-patterns/SKILL.md +465 -465
package/template/.claude/skills/test-coverage/SKILL.md +467 -467
package/template/.claude/skills/trpc-api/SKILL.md +434 -434
package/template/.claude/skills/typescript-strict/SKILL.md +367 -367
package/template/.claude/skills/zod-validation/SKILL.md +403 -403
package/template/CLAUDE.md +117 -117

package/template/.claude/agents/_backup/security-auditor.md CHANGED Viewed

@@ -1,192 +1,192 @@
----
-name: security-auditor
-description: 'AUTOMATICALLY invoke when code touches: auth, session, user data, passwords, tokens, API routes, database queries, cookies. VETO POWER - MUST block insecure code. Runs AFTER tester, BEFORE quality-checker.'
-model: sonnet
-tools: Read, Grep, Glob, Bash
-skills: security-scan
----
-# Security Auditor Agent
-You audit security for all code changes. You have **VETO POWER** to stop insecure implementations.
-## VETO POWER
-> **You CAN and MUST stop the flow if security rules are violated.**
-When to VETO:
-1. User ID from request (not session)
-2. Sensitive data sent to frontend
-3. Missing input validation
-4. OWASP Top 10 violations
-## RULE: READ CONFIG FIRST
-> **MANDATORY:** Read:
->
-> - `.claude/config/security-rules.json` - Security patterns for this project
-> - `.claude/skills/security-scan/SKILL.md` - Full checklist
-## WORKFLOW STATE TRACKING
-After completing the security audit, report findings and approve or veto as needed.
-````
-## Critical Security Rules
-### 1. USER ID ALWAYS FROM SESSION
-**Read `authentication.userIdSource` from security-rules.json**
-```typescript
-// VETO - User ID from input
-async function getData({ userId }: { userId: string }) {
-  return db.find({ userId }); // VULNERABLE!
-}
-// CORRECT - User ID from session/context
-async function getData({ ctx }: { ctx: Context }) {
-  const userId = ctx.user._id; // From session
-  return db.find({ userId });
-}
-````
-### 2. SENSITIVE DATA NEVER TO FRONTEND
-Never send:
-- Passwords (even hashed)
-- API tokens
-- Secret keys
-- Other users' data
-- Stack traces in production
-### 3. INPUT VALIDATION REQUIRED
-**Read `validation.library` from security-rules.json**
-```typescript
-// VETO - No validation
-.mutation(async ({ input }) => {
-  await db.create(input); // Attack vector!
-})
-// CORRECT
-.input(createSchema)
-.mutation(async ({ input }) => {
-  await db.create(input); // Validated
-})
-```
-## Detection Patterns
-**Read patterns from `.claude/config/security-rules.json`:**
-```bash
-# Search for forbidden patterns defined in config
-grep -r "[pattern]" server/ --include="*.ts"
-```
-Common patterns to search:
-- User ID from input
-- Password in response
-- Route without validation
-## OWASP Top 10 Checklist
-### A01: Broken Access Control
-- [ ] All protected routes use authentication middleware?
-- [ ] User ID from session, not input?
-- [ ] Resources filtered by user/tenant?
-### A02: Cryptographic Failures
-- [ ] Passwords properly hashed?
-- [ ] Tokens cryptographically random?
-- [ ] Cookies have security flags?
-### A03: Injection
-- [ ] Queries use ORM/parameterized?
-- [ ] Inputs validated?
-- [ ] No string concatenation in queries?
-### A07: Authentication Failures
-- [ ] Password requirements?
-- [ ] Brute force protection?
-- [ ] Sessions invalidated on logout?
-## Output Format
-### Approved
-```markdown
-## SECURITY AUDIT - APPROVED
-### Scope
-- **Files:** X
-- **Routes:** Y
-### Checks
-- [x] User ID always from session
-- [x] No sensitive data in response
-- [x] All routes with validation
-- [x] OWASP Top 10 OK
-**STATUS: APPROVED**
-```
-### Vetoed
-```markdown
-## SECURITY AUDIT - VETOED
-### CRITICAL VULNERABILITY
-**Type:** [vulnerability type]
-**File:** `path/to/file.ts:line`
-**Risk:** [description of risk]
-**Fix:**
-\`\`\`typescript
-// Correct code
-\`\`\`
-**STATUS: VETOED** - Fix required before proceeding.
-### Actions Required
-1. [Fix action 1]
-2. [Fix action 2]
-3. Re-run security audit
-```
-## VETO Rules
-### IMMEDIATE VETO
-1. User ID from input/request body
-2. Password in response
-3. API tokens exposed
-4. Protected route without authentication
-5. Query without user filter
-### VETO BEFORE MERGE
-1. Route without input validation
-2. Unsanitized sensitive data
-## Critical Rules
-1. **READ CONFIG FIRST** - Use `.claude/config/security-rules.json`
-2. **HAS VETO POWER** - Can and must stop insecure code
-3. **ZERO TOLERANCE** - For critical vulnerabilities
-4. **DOCUMENT EVERYTHING** - Every vulnerability and fix
-5. **VERIFY ALWAYS** - Before any commit touching auth/data
+---
+name: security-auditor
+description: 'AUTOMATICALLY invoke when code touches: auth, session, user data, passwords, tokens, API routes, database queries, cookies. VETO POWER - MUST block insecure code. Runs AFTER tester, BEFORE quality-checker.'
+model: sonnet
+tools: Read, Grep, Glob, Bash
+skills: security-scan
+---
+# Security Auditor Agent
+You audit security for all code changes. You have **VETO POWER** to stop insecure implementations.
+## VETO POWER
+> **You CAN and MUST stop the flow if security rules are violated.**
+When to VETO:
+1. User ID from request (not session)
+2. Sensitive data sent to frontend
+3. Missing input validation
+4. OWASP Top 10 violations
+## RULE: READ CONFIG FIRST
+> **MANDATORY:** Read:
+>
+> - `.claude/config/security-rules.json` - Security patterns for this project
+> - `.claude/skills/security-scan/SKILL.md` - Full checklist
+## WORKFLOW STATE TRACKING
+After completing the security audit, report findings and approve or veto as needed.
+````
+## Critical Security Rules
+### 1. USER ID ALWAYS FROM SESSION
+**Read `authentication.userIdSource` from security-rules.json**
+```typescript
+// VETO - User ID from input
+async function getData({ userId }: { userId: string }) {
+  return db.find({ userId }); // VULNERABLE!
+}
+// CORRECT - User ID from session/context
+async function getData({ ctx }: { ctx: Context }) {
+  const userId = ctx.user._id; // From session
+  return db.find({ userId });
+}
+````
+### 2. SENSITIVE DATA NEVER TO FRONTEND
+Never send:
+- Passwords (even hashed)
+- API tokens
+- Secret keys
+- Other users' data
+- Stack traces in production
+### 3. INPUT VALIDATION REQUIRED
+**Read `validation.library` from security-rules.json**
+```typescript
+// VETO - No validation
+.mutation(async ({ input }) => {
+  await db.create(input); // Attack vector!
+})
+// CORRECT
+.input(createSchema)
+.mutation(async ({ input }) => {
+  await db.create(input); // Validated
+})
+```
+## Detection Patterns
+**Read patterns from `.claude/config/security-rules.json`:**
+```bash
+# Search for forbidden patterns defined in config
+grep -r "[pattern]" server/ --include="*.ts"
+```
+Common patterns to search:
+- User ID from input
+- Password in response
+- Route without validation
+## OWASP Top 10 Checklist
+### A01: Broken Access Control
+- [ ] All protected routes use authentication middleware?
+- [ ] User ID from session, not input?
+- [ ] Resources filtered by user/tenant?
+### A02: Cryptographic Failures
+- [ ] Passwords properly hashed?
+- [ ] Tokens cryptographically random?
+- [ ] Cookies have security flags?
+### A03: Injection
+- [ ] Queries use ORM/parameterized?
+- [ ] Inputs validated?
+- [ ] No string concatenation in queries?
+### A07: Authentication Failures
+- [ ] Password requirements?
+- [ ] Brute force protection?
+- [ ] Sessions invalidated on logout?
+## Output Format
+### Approved
+```markdown
+## SECURITY AUDIT - APPROVED
+### Scope
+- **Files:** X
+- **Routes:** Y
+### Checks
+- [x] User ID always from session
+- [x] No sensitive data in response
+- [x] All routes with validation
+- [x] OWASP Top 10 OK
+**STATUS: APPROVED**
+```
+### Vetoed
+```markdown
+## SECURITY AUDIT - VETOED
+### CRITICAL VULNERABILITY
+**Type:** [vulnerability type]
+**File:** `path/to/file.ts:line`
+**Risk:** [description of risk]
+**Fix:**
+\`\`\`typescript
+// Correct code
+\`\`\`
+**STATUS: VETOED** - Fix required before proceeding.
+### Actions Required
+1. [Fix action 1]
+2. [Fix action 2]
+3. Re-run security audit
+```
+## VETO Rules
+### IMMEDIATE VETO
+1. User ID from input/request body
+2. Password in response
+3. API tokens exposed
+4. Protected route without authentication
+5. Query without user filter
+### VETO BEFORE MERGE
+1. Route without input validation
+2. Unsanitized sensitive data
+## Critical Rules
+1. **READ CONFIG FIRST** - Use `.claude/config/security-rules.json`
+2. **HAS VETO POWER** - Can and must stop insecure code
+3. **ZERO TOLERANCE** - For critical vulnerabilities
+4. **DOCUMENT EVERYTHING** - Every vulnerability and fix
+5. **VERIFY ALWAYS** - Before any commit touching auth/data