vibe-coder-kit 6.0.0

package/.vibe/flows/05-code.md

@@ -0,0 +1,49 @@
+# 05-code — Implementation
+
+## Entry Criteria
+- 04-approve completed
+- Plan approved
+- Tasks defined
+
+## Steps
+
+### For Each Task:
+
+#### 1. RED — Write Failing Test
+- Write test that describes expected behavior
+- Run test (should fail)
+- Commit: `test(name): add failing test`
+
+#### 2. GREEN — Make Test Pass
+- Write minimal code to pass test
+- Run test (should pass)
+- Commit: `feat(name): implement feature`
+
+#### 3. REFACTOR — Improve Code
+- Remove code smells
+- Improve naming
+- Extract functions if needed
+- Run tests (should still pass)
+- Commit: `refactor(name): improve code`
+
+#### 4. QUALITY — Verify
+- Run all tests
+- Check lint
+- Check type safety
+- Check coverage (>80%)
+- Update STATE.md
+
+### After All Tasks:
+- Run full test suite
+- Verify all tests pass
+- Update state to COMPLETED
+
+## Exit Criteria
+- [ ] All tasks completed
+- [ ] All tests passing
+- [ ] Coverage > 80%
+- [ ] Lint clean
+- [ ] Type safe
+
+## Duration
+Expected: Variable (depends on task count)

package/.vibe/flows/06-review.md

@@ -0,0 +1,41 @@
+# 06-review — Code Review & QA
+
+## Entry Criteria
+- 05-code completed
+- All tests passing
+
+## Steps
+
+### 1. Self Review
+- Review own code against rules
+- Check for: security, quality, performance
+- Document findings
+
+### 2. Functional Verification
+- Test edge cases manually
+- Verify user requirements met
+- Check error handling
+
+### 3. Security Scan
+- Run security rules plugin
+- Check for vulnerabilities
+- Verify input validation
+
+### 4. User Approval
+- Present findings to user
+- Get approval or feedback
+- Address any issues
+
+### 5. Self-Reflection
+- Confidence level: [1-10]
+- Review thoroughness
+- Issues found and resolved
+
+## Exit Criteria
+- [ ] Review completed
+- [ ] No critical issues
+- [ ] User approved
+- [ ] Ready for next phase
+
+## Duration
+Expected: 15-30 minutes

package/.vibe/flows/08-learn.md

@@ -0,0 +1,40 @@
+# 08-learn — Knowledge Capture
+
+## Entry Criteria
+- 06-review completed
+- Work done
+
+## Steps
+
+### 1. Capture Knowledge
+- Document decisions made
+- Record lessons learned
+- Note gotchas encountered
+- Save conventions followed
+
+### 2. Update Knowledge Base
+- Create knowledge entries in memory/knowledge/
+- Update INDEX.md
+- Add to relevant categories
+
+### 3. Update Changelog
+- Add entry to CHANGELOG.md
+- Include: what changed, why, impact
+
+### 4. Archive Session
+- Move SESSION.md to archive/
+- Create new SESSION.md for next session
+
+### 5. Self-Reflection
+- Confidence level: [1-10]
+- Knowledge quality
+- Session总结
+
+## Exit Criteria
+- [ ] Knowledge recorded
+- [ ] INDEX.md updated
+- [ ] Changelog updated
+- [ ] Session archived
+
+## Duration
+Expected: 5-10 minutes

package/.vibe/phase-graph.json

@@ -0,0 +1,111 @@
+{
+  "phases": {
+    "init": {
+      "id": "init",
+      "name": "Project Initialization",
+      "depends": [],
+      "next": ["clarify"],
+      "entryCriteria": [],
+      "exitCriteria": ["config created", "state initialized"],
+      "optional": false
+    },
+    "clarify": {
+      "id": "clarify",
+      "name": "Requirements Clarification",
+      "depends": ["init"],
+      "next": ["brainstorm", "plan"],
+      "entryCriteria": ["task defined"],
+      "exitCriteria": ["no open questions", "scope defined"],
+      "optional": false
+    },
+    "brainstorm": {
+      "id": "brainstorm",
+      "name": "Research & Alternatives",
+      "depends": ["clarify"],
+      "next": ["plan"],
+      "entryCriteria": ["ambiguity exists"],
+      "exitCriteria": ["alternatives evaluated"],
+      "optional": true,
+      "parallelGroup": "planning"
+    },
+    "plan": {
+      "id": "plan",
+      "name": "Planning",
+      "depends": ["clarify"],
+      "next": ["approve"],
+      "entryCriteria": ["scope clear"],
+      "exitCriteria": ["task list created"],
+      "optional": false,
+      "parallelGroup": "planning"
+    },
+    "approve": {
+      "id": "approve",
+      "name": "Architecture Review",
+      "depends": ["plan"],
+      "next": ["code"],
+      "entryCriteria": ["plan ready"],
+      "exitCriteria": ["approved"],
+      "optional": false
+    },
+    "code": {
+      "id": "code",
+      "name": "Implementation",
+      "depends": ["approve"],
+      "next": ["review"],
+      "entryCriteria": ["approval received"],
+      "exitCriteria": ["all tasks done", "tests passing"],
+      "optional": false,
+      "parallelGroup": "development"
+    },
+    "review": {
+      "id": "review",
+      "name": "Code Review",
+      "depends": ["code"],
+      "next": ["learn", "deploy"],
+      "entryCriteria": ["code complete"],
+      "exitCriteria": ["review approved"],
+      "optional": false
+    },
+    "fix": {
+      "id": "fix",
+      "name": "Bug Fixes",
+      "depends": ["review"],
+      "next": ["code"],
+      "entryCriteria": ["bugs found"],
+      "exitCriteria": ["bugs fixed"],
+      "optional": true,
+      "parallelGroup": "development"
+    },
+    "learn": {
+      "id": "learn",
+      "name": "Knowledge Capture",
+      "depends": ["review"],
+      "next": ["done"],
+      "entryCriteria": ["review complete"],
+      "exitCriteria": ["knowledge recorded"],
+      "optional": false
+    },
+    "deploy": {
+      "id": "deploy",
+      "name": "Deployment",
+      "depends": ["review"],
+      "next": ["learn"],
+      "entryCriteria": ["review approved"],
+      "exitCriteria": ["deploy successful"],
+      "optional": true
+    },
+    "done": {
+      "id": "done",
+      "name": "Workflow Complete",
+      "depends": ["learn"],
+      "next": [],
+      "entryCriteria": ["knowledge captured"],
+      "exitCriteria": ["state reset"],
+      "optional": false
+    }
+  },
+  "parallelGroups": [
+    ["brainstorm", "plan"],
+    ["code", "fix"]
+  ]
+}

package/.vibe/plugins/core/quality/rules.yaml

@@ -0,0 +1,49 @@
+# Quality Rules Plugin
+name: quality-rules
+version: 1.0.0
+description: Core quality rules for Vibe Coder Kit
+author: vibe-core
+
+rules:
+  - id: QLT-001
+    name: require-tests
+    pattern: ""
+    action: warn
+    message: "Her görev için test yazılması gerekiyor"
+    severity: high
+    category: quality
+
+  - id: QLT-002
+    name: no-any-type
+    pattern: ":\\s*any\\b"
+    action: warn
+    message: "any tipi kullanımı kaçınılmalı"
+    severity: medium
+    category: quality
+
+  - id: QLT-003
+    name: require-error-handling
+    pattern: "catch\\s*\\([^)]*\\)\\s*\\{\\s*\\}"
+    action: warn
+    message: "Boş catch bloğu tespit edildi"
+    severity: high
+    category: quality
+
+  - id: QLT-004
+    name: no-hardcoded-urls
+    pattern: "https?://[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}"
+    action: info
+    message: "Hardcoded URL kullanımı tespit edildi"
+    severity: low
+    category: quality
+
+hooks:
+  - phase: code
+    action: run_quality_check
+    priority: 2
+    timing: post
+
+  - phase: review
+    action: generate_quality_report
+    priority: 1
+    timing: post

package/.vibe/plugins/core/security/rules.yaml

@@ -0,0 +1,57 @@
+# Security Rules Plugin
+name: security-rules
+version: 1.0.0
+description: Core security rules for Vibe Coder Kit
+author: vibe-core
+
+rules:
+  - id: SEC-001
+    name: no-secrets-in-code
+    pattern: "(API_KEY|SECRET|PASSWORD|PRIVATE_KEY)\\s*[:=]\\s*['\"]"
+    action: block
+    message: "Kodda secret tespit edildi"
+    severity: critical
+    category: security
+
+  - id: SEC-002
+    name: no-eval
+    pattern: "eval\\("
+    action: warn
+    message: "eval() kullanımı tespit edildi"
+    severity: high
+    category: security
+
+  - id: SEC-003
+    name: no-inner-html
+    pattern: "innerHTML\\s*="
+    action: warn
+    message: "innerHTML kullanımı XSS riski taşıyor"
+    severity: high
+    category: security
+
+  - id: SEC-004
+    name: no-http-in-prod
+    pattern: "http://(?!localhost|127\\.0\\.0\\.1)"
+    action: warn
+    message: "Production'da HTTP kullanımı tespit edildi"
+    severity: medium
+    category: security
+
+  - id: SEC-005
+    name: no-console-log
+    pattern: "console\\.log\\("
+    action: info
+    message: "console.log kullanımı tespit edildi"
+    severity: low
+    category: hygiene
+
+hooks:
+  - phase: code
+    action: run_security_scan
+    priority: 1
+    timing: post
+
+  - phase: review
+    action: generate_security_report
+    priority: 2
+    timing: post

package/.vibe/templates/github-actions.yml

@@ -0,0 +1,121 @@
+# Vibe Coder Kit — GitHub Actions CI/CD Integration
+name: VCK Workflow
+
+on:
+  push:
+    branches: [main, feat/*, fix/*]
+  pull_request:
+    branches: [main]
+
+env:
+  NODE_VERSION: '20'
+
+jobs:
+  # Phase: Code — Triggered on feat/* and fix/* branches
+  phase-code:
+    if: startsWith(github.ref, 'refs/heads/feat/') || startsWith(github.ref, 'refs/heads/fix/')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Run tests
+        run: npm test
+      
+      - name: Run linter
+        run: npm run lint
+      
+      - name: Check test coverage
+        run: npm run test:coverage -- --threshold=80
+      
+      - name: Security audit
+        run: npm audit --audit-level=moderate
+      
+      - name: Update VCK state
+        if: success()
+        run: |
+          echo '{"phase":"code","type":"COMPLETED","timestamp":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' >> .vibe/state/events.jsonl
+
+  # Phase: Review — Triggered on PRs
+  phase-review:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    needs: phase-code
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Code Quality Gate
+        run: |
+          echo "Running code quality checks..."
+          npm run lint
+          npm run test:coverage
+      
+      - name: Security Scan
+        run: |
+          npm audit --audit-level=critical
+      
+      - name: Size Limit Check
+        run: npx size-limit
+        continue-on-error: true
+
+  # Phase: Deploy — Triggered on main branch
+  phase-deploy:
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    needs: phase-review
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      
+      - name: Install & Build
+        run: |
+          npm ci
+          npm run build
+      
+      - name: Run smoke tests
+        run: npm run test:smoke || true
+      
+      - name: Deploy to production
+        run: |
+          echo "Deploying to production..."
+          # Add your deploy command here
+          # npm run deploy
+      
+      - name: Post-deploy health check
+        run: |
+          echo "Running health check..."
+          # Add health check here
+          # curl -f https://your-app.com/health
+      
+      - name: Update VCK state
+        if: success()
+        run: |
+          echo '{"phase":"deploy","type":"COMPLETED","timestamp":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' >> .vibe/state/events.jsonl
+
+  # Rollback job
+  rollback:
+    if: failure() && needs.phase-deploy.result == 'failure'
+    runs-on: ubuntu-latest
+    needs: phase-deploy
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Automatic Rollback
+        run: |
+          echo "Initiating rollback..."
+          # Add your rollback command here
+          # git revert HEAD --no-edit
+          # npm run deploy:rollback

package/AGENTS.md

@@ -0,0 +1,88 @@
+# Vibe Coder Kit — Agent Instructions
+
+## Quick Start
+
+1. Read `.vibe/config.json` for project configuration
+2. Read `.vibe/state/derived-state.json` for current state
+3. Read the relevant flow file from `.vibe/flows/`
+4. Follow the steps in the flow file
+5. Update state after completing each step
+
+## Core Rules
+
+### Rule 1: Safety First
+- Never expose secrets in code
+- Never run destructive commands without approval
+- Always validate user input
+
+### Rule 2: State Management
+- Use EventStore for all state changes
+- Never edit derived-state.json directly
+- Append events, don't modify
+
+### Rule 3: Workflow
+- Follow the DAG in phase-graph.json
+- Validate transitions before executing
+- Respect entry/exit criteria
+
+### Rule 4: Quality
+- Write tests before code (TDD)
+- Maintain > 80% coverage
+- Run lint and type checks
+
+### Rule 5: Knowledge
+- Document decisions in knowledge base
+- Update INDEX.md after adding entries
+- Capture lessons learned
+
+### Rule 6: Honesty
+- Say "I don't know" when uncertain
+- Present pros and cons
+- State assumptions clearly
+
+### Rule 7: Security
+- Use security rules plugin
+- Scan code before committing
+- Never commit secrets
+
+### Rule 8: Team
+- Respect role-based access
+- Follow governance rules
+- Document for others
+
+## File Structure
+
+```
+.vibe/
+├── config.json           # Project configuration
+├── phase-graph.json      # Workflow DAG
+├── core/                 # Core modules
+│   ├── index.ts          # Main exports
+│   ├── event-store.ts    # State management
+│   ├── dag.ts            # Workflow engine
+│   ├── plugin-registry.ts
+│   ├── circuit-breaker.ts
+│   ├── saga.ts
+│   ├── idempotency.ts
+│   ├── validator.ts
+│   ├── cli.ts
+│   ├── telemetry.ts
+│   ├── health-check.ts
+│   ├── cost-tracker.ts
+│   ├── knowledge-store.ts
+│   └── team-config.ts
+├── flows/                # Workflow definitions
+├── plugins/              # Rule plugins
+├── behaviors/            # Behavior protocols
+├── state/                # Event store
+├── memory/               # Knowledge base
+├── workspace/            # Working files
+└── templates/            # CI/CD templates
+```
+
+## Commands
+
+- `vibe init` — Initialize project
+- `vibe status` — Show current status
+- `vibe doctor` — Health check
+- `vibe rollback` — Rollback last action

package/README.md

@@ -0,0 +1,129 @@
+# Vibe Coder Kit
+
+Production-ready AI agent workflow template with TypeScript enforcement.
+
+## What is it?
+
+Vibe Coder Kit (VCK) is a framework that makes AI agents work safely, traceably, and with quality. It replaces mutable STATE.md with immutable event logs, linear phase numbering with DAG-based workflows, and natural language rules with TypeScript enforcement.
+
+## Quick Start
+
+### Install globally
+
+```bash
+npm install -g vibe-coder-kit
+```
+
+### Add to any project
+
+```bash
+cd your-project
+vibe init
+```
+
+### Or use with npx (no install)
+
+```bash
+npx vibe-coder-kit init
+```
+
+## Usage
+
+```bash
+# Install VCK to current project
+vibe init
+
+# Show current status
+vibe status
+
+# Health check
+vibe doctor
+
+# Show version
+vibe version
+```
+
+## What it does
+
+### Workflow Management
+Manages the entire software development lifecycle:
+
+```
+init → clarify → brainstorm → plan → approve → code → review → learn → done
+```
+
+### Agent Control
+Prevents AI agents from working carelessly:
+
+- **Secret detection**: Catches API keys, passwords in code
+- **Test enforcement**: Can't skip tests
+- **RBAC**: Role-based access control
+- **Budget limits**: Stops when token limit exceeded
+
+### Reliability
+Prevents system crashes:
+
+- **Circuit Breaker**: Stops on too many failures
+- **Saga**: Automatic rollback on step failure
+- **Retry**: Auto-retry with exponential backoff
+
+### Observability
+Everything is logged:
+
+- **Event Store**: All operations recorded (append-only)
+- **Telemetry**: Performance metrics
+- **Knowledge Store**: Lessons learned
+
+## Project Structure
+
+After installation, your project will have:
+
+```
+your-project/
+├── .vibe/
+│   ├── core/           # TypeScript modules
+│   ├── flows/          # Workflow definitions
+│   ├── plugins/        # Rule plugins
+│   ├── behaviors/      # Behavior protocols
+│   ├── config.json     # Configuration
+│   ├── phase-graph.json # DAG workflow
+│   └── state/          # Event store
+└── AGENTS.md           # Agent instructions
+```
+
+## Configuration
+
+Edit `.vibe/config.json` to customize:
+
+```json
+{
+  "projectType": "web",
+  "teamSize": "small",
+  "painPoint": "review",
+  "costTracking": {
+    "budgetPerSession": 50000
+  }
+}
+```
+
+## How to use with AI agents
+
+Just tell your agent:
+
+> "Follow the rules in .vibe/"
+
+The agent will:
+1. Read `AGENTS.md`
+2. Follow the workflow in `phase-graph.json`
+3. Execute flows from `.vibe/flows/`
+4. Log events to `.vibe/state/events.jsonl`
+5. Enforce rules from `.vibe/plugins/`
+
+## Requirements
+
+- Node.js >= 18.0.0
+- npm >= 9.0.0
+
+## License
+
+MIT