npm - timsquad - Versions diffs - 2.1.0 → 3.4.0 - Mend

timsquad 2.1.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (438) hide show

package/templates/project-types/fintech/process/workflow.xml ADDED Viewed

@@ -0,0 +1,316 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<workflow extends="common/process/workflow-base.xml">
+  <metadata>
+    <name>fintech-workflow</name>
+    <description>금융/결제 시스템용 보안 강화 워크플로우</description>
+    <type>fintech</type>
+    <version>1.0</version>
+    <security-level>high</security-level>
+  </metadata>
+  <!-- Fintech는 단일 프리셋: 항상 최고 보안 -->
+  <presets>
+    <preset id="secure" level="3" description="보안 강화 - 모든 검증 필수" default="true">
+      <phases include="planning,implementation,review,security,audit,complete"/>
+      <mandatory>
+        <item>모든 Phase User 승인 필요</item>
+        <item>보안 검토 필수 (매 Phase)</item>
+        <item>감사 로그 기록 필수</item>
+        <item>Consensus 사용 (주요 결정)</item>
+        <item>테스트 커버리지 95% 이상</item>
+      </mandatory>
+      <forbidden>
+        <item>보안 검토 생략</item>
+        <item>하드코딩된 시크릿</item>
+        <item>평문 민감 데이터 저장</item>
+        <item>감사 로그 없는 트랜잭션</item>
+      </forbidden>
+    </preset>
+  </presets>
+  <!-- Fintech 특화 Phase 확장 -->
+  <phase-extensions>
+    <!-- 기획 Phase: 보안 설계 포함 -->
+    <extend-phase id="planning">
+      <additional-tasks>
+        <task id="threat-model">위협 모델링 (STRIDE)</task>
+        <task id="security-design">보안 아키텍처 설계</task>
+        <task id="compliance-check">컴플라이언스 요건 확인</task>
+        <task id="data-classification">데이터 분류 및 보호 등급</task>
+      </additional-tasks>
+      <additional-outputs>
+        <output>ssot/security-spec.md</output>
+        <output>ssot/compliance-spec.md</output>
+        <output>ssot/threat-model.md</output>
+        <output>ssot/data-classification.md</output>
+      </additional-outputs>
+      <agent-assignment>
+        <task ref="threat-model" agent="tsq-security" required="true"/>
+        <task ref="security-design" agent="tsq-security" required="true"/>
+        <task ref="compliance-check" agent="tsq-auditor" fallback="tsq-security"/>
+      </agent-assignment>
+      <!-- 주요 결정 Consensus 필수 -->
+      <consensus-required>
+        <decision>인증 방식 선택</decision>
+        <decision>암호화 전략</decision>
+        <decision>데이터 저장 위치</decision>
+        <decision>외부 연동 방식</decision>
+      </consensus-required>
+      <exit-criteria>
+        <criterion>보안 설계 문서 완성</criterion>
+        <criterion>위협 모델 작성 완료</criterion>
+        <criterion>컴플라이언스 요건 확인</criterion>
+        <criterion>Security Agent 승인</criterion>
+        <criterion>User 승인</criterion>
+      </exit-criteria>
+    </extend-phase>
+    <!-- 구현 Phase: 보안 코딩 필수 -->
+    <extend-phase id="implementation">
+      <security-requirements>
+        <requirement>모든 입력 검증 (Whitelist)</requirement>
+        <requirement>파라미터화된 쿼리만 사용</requirement>
+        <requirement>민감 데이터 암호화</requirement>
+        <requirement>시크릿 환경변수/Vault 사용</requirement>
+        <requirement>감사 로그 구현</requirement>
+      </security-requirements>
+      <parallel-tracks>
+        <track id="core-services" agent="tsq-developer">
+          <description>핵심 서비스 구현</description>
+          <tasks>
+            <task id="domain">도메인 모델 구현 (DDD)</task>
+            <task id="business">비즈니스 로직 구현</task>
+            <task id="validation">입력 검증 레이어</task>
+          </tasks>
+          <security-checkpoint>
+            <check agent="tsq-security">비즈니스 로직 보안 검토</check>
+          </security-checkpoint>
+        </track>
+        <track id="auth-service" agent="tsq-developer" security-critical="true">
+          <description>인증/인가 구현 (보안 중요)</description>
+          <tasks>
+            <task id="auth">인증 시스템 구현</task>
+            <task id="mfa">MFA 구현</task>
+            <task id="session">세션 관리</task>
+            <task id="rbac">권한 관리 (RBAC)</task>
+          </tasks>
+          <mandatory-review agent="tsq-security"/>
+        </track>
+        <track id="data-layer" agent="tsq-developer">
+          <description>데이터 계층 구현</description>
+          <tasks>
+            <task id="encryption">데이터 암호화 구현</task>
+            <task id="audit-log">감사 로그 구현</task>
+            <task id="backup">백업/복구 로직</task>
+          </tasks>
+          <mandatory-review agent="tsq-security"/>
+        </track>
+        <track id="transaction" agent="tsq-developer" security-critical="true">
+          <description>트랜잭션/결제 구현</description>
+          <tasks>
+            <task id="tx-logic">트랜잭션 로직</task>
+            <task id="idempotency">멱등성 보장</task>
+            <task id="reconciliation">정산 로직</task>
+          </tasks>
+          <mandatory-review agent="tsq-security"/>
+          <consensus-required>true</consensus-required>
+        </track>
+      </parallel-tracks>
+      <methodology-variants>
+        <variant methodology="tdd" enforced="true">
+          <task-order>test → implement → security-review → refactor</task-order>
+          <enforcement>보안 테스트 포함 필수</enforcement>
+        </variant>
+        <variant methodology="ddd" enforced="true">
+          <bounded-contexts>필수 정의</bounded-contexts>
+          <anti-corruption-layer>외부 연동 시 필수</anti-corruption-layer>
+        </variant>
+      </methodology-variants>
+      <exit-criteria>
+        <criterion>모든 보안 요건 충족</criterion>
+        <criterion>감사 로그 검증 완료</criterion>
+        <criterion>테스트 커버리지 95% 이상</criterion>
+        <criterion>Security Agent 코드 리뷰 통과</criterion>
+      </exit-criteria>
+    </extend-phase>
+    <!-- 검증 Phase: 강화된 보안 검증 -->
+    <extend-phase id="review">
+      <additional-checklists>
+        <checklist name="보안 코딩 검증" priority="critical">
+          <item>SQL Injection 방지 확인</item>
+          <item>XSS 방지 확인</item>
+          <item>CSRF 토큰 사용 확인</item>
+          <item>인증/인가 로직 검증</item>
+          <item>세션 관리 검증</item>
+          <item>암호화 구현 검증</item>
+          <item>시크릿 관리 검증</item>
+        </checklist>
+        <checklist name="감사 로그 검증" priority="critical">
+          <item>모든 트랜잭션 로깅</item>
+          <item>로그 변조 방지</item>
+          <item>민감 정보 마스킹</item>
+          <item>로그 보관 정책 준수</item>
+        </checklist>
+        <checklist name="컴플라이언스 검증">
+          <item>PCI-DSS 요건 충족</item>
+          <item>GDPR 요건 충족</item>
+          <item>데이터 분류 정책 준수</item>
+          <item>접근 제어 정책 준수</item>
+        </checklist>
+        <checklist name="장애 대응">
+          <item>에러 핸들링 검증</item>
+          <item>Fallback 로직 검증</item>
+          <item>Circuit Breaker 검증</item>
+          <item>복구 절차 검증</item>
+        </checklist>
+      </additional-checklists>
+      <mandatory-reviewers>
+        <reviewer agent="tsq-qa">기능 검증</reviewer>
+        <reviewer agent="tsq-security">보안 검증</reviewer>
+      </mandatory-reviewers>
+    </extend-phase>
+    <!-- 보안 Phase: 심층 보안 검토 -->
+    <extend-phase id="security">
+      <enhanced-tasks>
+        <task id="pentest-plan">펜테스트 계획 수립</task>
+        <task id="vulnerability-scan">취약점 스캔 (자동화)</task>
+        <task id="code-audit">보안 코드 감사</task>
+        <task id="crypto-review">암호화 구현 검토</task>
+        <task id="compliance-audit">컴플라이언스 감사</task>
+      </enhanced-tasks>
+      <tools>
+        <tool name="SAST">정적 분석 (SonarQube, Semgrep)</tool>
+        <tool name="DAST">동적 분석 (OWASP ZAP)</tool>
+        <tool name="SCA">의존성 분석 (Snyk, npm audit)</tool>
+        <tool name="Secrets">시크릿 스캔 (gitleaks, trufflehog)</tool>
+      </tools>
+      <severity-actions>
+        <action severity="Critical" deadline="immediate">
+          즉시 수정 필수. 배포 차단.
+        </action>
+        <action severity="High" deadline="24h">
+          24시간 내 수정. 배포 보류.
+        </action>
+        <action severity="Medium" deadline="7d">
+          7일 내 수정. 조건부 배포 가능.
+        </action>
+        <action severity="Low" deadline="30d">
+          30일 내 수정. 배포 가능.
+        </action>
+      </severity-actions>
+      <exit-criteria>
+        <criterion>Critical/High 취약점 0건</criterion>
+        <criterion>Medium 취약점 해결 계획 수립</criterion>
+        <criterion>펜테스트 완료 (또는 계획 승인)</criterion>
+        <criterion>Security Agent 최종 승인</criterion>
+        <criterion>User 승인</criterion>
+      </exit-criteria>
+    </extend-phase>
+    <!-- 감사 Phase (Fintech 전용) -->
+    <new-phase id="audit" after="security">
+      <primary-agent>tsq-auditor</primary-agent>
+      <fallback-agent>tsq-security</fallback-agent>
+      <description>컴플라이언스 및 감사 준비</description>
+      <tasks>
+        <task id="compliance-report">컴플라이언스 리포트 작성</task>
+        <task id="audit-trail">감사 추적 검증</task>
+        <task id="documentation">규제 문서 완성</task>
+        <task id="evidence">증적 자료 수집</task>
+      </tasks>
+      <deliverables>
+        <deliverable>컴플라이언스 체크리스트</deliverable>
+        <deliverable>보안 감사 리포트</deliverable>
+        <deliverable>증적 자료 패키지</deliverable>
+      </deliverables>
+      <exit-criteria>
+        <criterion>컴플라이언스 요건 100% 충족</criterion>
+        <criterion>감사 증적 완비</criterion>
+        <criterion>User 최종 승인</criterion>
+      </exit-criteria>
+    </new-phase>
+  </phase-extensions>
+  <!-- Fintech 특화 에스컬레이션 (엄격) -->
+  <escalation-extensions>
+    <rule trigger="보안 취약점 발견" route="tsq-security" action="즉시 중단">
+      모든 작업 중단. 취약점 해결 후 재개.
+    </rule>
+    <rule trigger="컴플라이언스 위반" route="User" action="즉시 보고">
+      규제 위반 가능성 즉시 사용자에게 보고.
+    </rule>
+    <rule trigger="트랜잭션 로직 변경" route="tsq-security" action="Consensus">
+      금융 로직 변경 시 Consensus 필수.
+    </rule>
+    <rule trigger="인증 로직 변경" route="tsq-security" action="Consensus">
+      인증/인가 변경 시 Consensus 필수.
+    </rule>
+  </escalation-extensions>
+  <!-- User 승인 필요 지점 (강화) -->
+  <user-checkpoints-extended>
+    <checkpoint phase="planning" event="보안 설계 완료" required="true"/>
+    <checkpoint phase="implementation" event="인증 모듈 완료" required="true"/>
+    <checkpoint phase="implementation" event="트랜잭션 모듈 완료" required="true"/>
+    <checkpoint phase="review" event="보안 검토 완료" required="true"/>
+    <checkpoint phase="security" event="취약점 스캔 완료" required="true"/>
+    <checkpoint phase="audit" event="컴플라이언스 검증 완료" required="true"/>
+    <checkpoint phase="complete" event="배포 승인" required="true"/>
+  </user-checkpoints-extended>
+  <!-- 배포 설정 (엄격) -->
+  <deployment>
+    <environments>
+      <env name="development" auto-deploy="false"/>
+      <env name="staging" requires-review="true" requires-security="true"/>
+      <env name="production" requires-approval="true" requires-security-sign-off="true"/>
+    </environments>
+    <ci-cd>
+      <provider>github-actions</provider>
+      <checks>
+        <check>lint</check>
+        <check>type-check</check>
+        <check>unit-tests</check>
+        <check>integration-tests</check>
+        <check>security-scan</check>
+        <check>dependency-audit</check>
+        <check>secrets-scan</check>
+        <check>build</check>
+      </checks>
+      <required-approvals>2</required-approvals>
+      <security-gate>true</security-gate>
+    </ci-cd>
+    <rollback>
+      <strategy>blue-green</strategy>
+      <auto-rollback-on>
+        <trigger>error-rate > 1%</trigger>
+        <trigger>latency-p99 > 2s</trigger>
+        <trigger>security-alert</trigger>
+      </auto-rollback-on>
+    </rollback>
+  </deployment>
+</workflow>

package/templates/project-types/infra/config.yaml ADDED Viewed

@@ -0,0 +1,327 @@
+# TimSquad Infrastructure 프로젝트 설정
+# DevOps, 인프라, 자동화 전용
+type: infra
+description: "DevOps, IaC, CI/CD 파이프라인, 모니터링, 자동화"
+# ============================================================
+# 에이전트 설정
+# ============================================================
+agents:
+  # Planner는 인프라 아키텍처에 집중
+  planner:
+    model: opus
+    focus:
+      - infrastructure_architecture
+      - cost_optimization
+      - high_availability
+      - disaster_recovery
+    ssot_priority:
+      - deployment-spec.md
+      - env-config.md
+      - security-spec.md
+  # Developer는 IaC 구현
+  developer:
+    model: sonnet
+    skills:
+      - coding
+      - terraform  # 또는 적절한 IaC
+    focus:
+      - iac_implementation
+      - automation_scripts
+      - ci_cd_pipelines
+  # Security는 필수
+  security:
+    model: sonnet
+    required: true
+    focus:
+      - network_security
+      - access_control
+      - secrets_management
+      - compliance
+  # QA는 인프라 테스트
+  qa:
+    model: sonnet
+    focus:
+      - infrastructure_testing
+      - chaos_engineering
+      - load_testing
+# ============================================================
+# SSOT 문서 설정
+# ============================================================
+ssot:
+  required:
+    - prd.md
+    - planning.md
+    - requirements.md
+    - deployment-spec.md    # 배포 아키텍처 필수
+    - env-config.md         # 환경 설정 필수
+    - security-spec.md      # 보안 설정 필수
+  recommended:
+    - integration-spec.md   # 외부 연동
+    - error-codes.md        # 알람 코드
+  optional:
+    - ui-ux-spec.md
+    - data-design.md
+    - functional-spec.md
+# ============================================================
+# 워크플로우 설정
+# ============================================================
+workflow:
+  phases:
+    planning:
+      focus:
+        - 인프라 아키텍처 설계
+        - 비용 산정
+        - 보안 요구사항
+        - DR 전략
+      deliverables:
+        - deployment-spec.md
+        - security-spec.md
+        - env-config.md
+    implementation:
+      focus:
+        - IaC 코드 작성
+        - CI/CD 파이프라인
+        - 모니터링 설정
+      validation:
+        - terraform_validate
+        - security_scan
+        - cost_estimate
+    testing:
+      focus:
+        - 인프라 테스트
+        - 보안 스캔
+        - 장애 복구 테스트
+      environments:
+        - dev
+        - staging
+    deployment:
+      strategy: "blue-green"  # 또는 canary
+      rollback: required
+      approval:
+        staging: auto
+        production: manual
+# ============================================================
+# IaC 규칙
+# ============================================================
+iac:
+  tool: terraform  # 또는 pulumi, cdk
+  terraform:
+    version: ">= 1.5.0"
+    # 모듈화
+    modules:
+      required: true
+      naming: "terraform-{provider}-{name}"
+    # 상태 관리
+    state:
+      backend: "s3"  # 또는 적절한 백엔드
+      locking: true
+      encryption: true
+    # 네이밍 규칙
+    naming:
+      resources: "snake_case"
+      variables: "snake_case"
+      outputs: "snake_case"
+    # 필수 태그
+    required_tags:
+      - Environment
+      - Project
+      - ManagedBy
+      - Owner
+  validation:
+    - terraform_fmt
+    - terraform_validate
+    - tflint
+    - checkov  # 보안 스캔
+# ============================================================
+# CI/CD 규칙
+# ============================================================
+cicd:
+  platform: github_actions  # 또는 gitlab, jenkins
+  pipelines:
+    # 인프라 파이프라인
+    infrastructure:
+      triggers:
+        - push_to_main
+        - pull_request
+      stages:
+        - validate
+        - plan
+        - apply  # production은 수동 승인
+    # 애플리케이션 배포
+    application:
+      triggers:
+        - tag_push
+        - manual
+      stages:
+        - build
+        - test
+        - deploy_staging
+        - approval
+        - deploy_production
+  security:
+    # 시크릿 스캔
+    secret_scanning: required
+    # SAST
+    sast: required
+    # 의존성 스캔
+    dependency_scan: required
+# ============================================================
+# 보안 규칙
+# ============================================================
+security:
+  network:
+    # VPC 분리
+    vpc_isolation: required
+    # 프라이빗 서브넷
+    private_subnets: required
+    # NAT Gateway
+    nat_gateway: true
+    # 보안 그룹
+    security_groups:
+      least_privilege: required
+      no_0_0_0_0: true
+  access:
+    # IAM 정책
+    iam:
+      least_privilege: required
+      mfa: required
+      role_based: true
+    # 시크릿 관리
+    secrets:
+      manager: "aws_secrets_manager"  # 또는 vault
+      rotation: required
+      encryption: required
+  compliance:
+    # 감사 로깅
+    audit_logging: required
+    # 암호화
+    encryption_at_rest: required
+    encryption_in_transit: required
+# ============================================================
+# 모니터링 규칙
+# ============================================================
+monitoring:
+  metrics:
+    tool: cloudwatch  # 또는 prometheus, datadog
+    required:
+      - cpu_utilization
+      - memory_utilization
+      - disk_usage
+      - network_io
+      - error_rate
+      - latency
+  logging:
+    tool: cloudwatch_logs  # 또는 elk, splunk
+    retention: "30d"
+    centralized: true
+  alerting:
+    channels:
+      - slack
+      - pagerduty
+      - email
+    severity:
+      critical:
+        response_time: "5m"
+        escalation: "15m"
+      warning:
+        response_time: "30m"
+      info:
+        notification_only: true
+  dashboards:
+    required:
+      - infrastructure_overview
+      - cost_dashboard
+      - security_dashboard
+# ============================================================
+# 비용 관리
+# ============================================================
+cost:
+  tracking:
+    enabled: true
+    tags_required: true
+    budget_alerts: true
+  optimization:
+    right_sizing: true
+    reserved_instances: recommended
+    spot_instances: optional
+  reporting:
+    frequency: weekly
+    breakdown_by:
+      - service
+      - environment
+      - team
+# ============================================================
+# DR (재해 복구)
+# ============================================================
+disaster_recovery:
+  rpo: "1h"   # Recovery Point Objective
+  rto: "4h"   # Recovery Time Objective
+  backup:
+    frequency: daily
+    retention: "30d"
+    cross_region: true
+  failover:
+    strategy: "active-passive"  # 또는 active-active
+    automated: true
+    testing_frequency: quarterly
+# ============================================================
+# 환경 설정
+# ============================================================
+environments:
+  development:
+    auto_deploy: true
+    cost_tier: minimal
+    ha: false
+  staging:
+    auto_deploy: true
+    cost_tier: medium
+    ha: false
+    production_like: true
+  production:
+    auto_deploy: false
+    approval_required: true
+    cost_tier: full
+    ha: true
+    multi_az: true