ai-sdlc-kit 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,5 @@
1
+ dist/
2
+ __pycache__/
3
+ *.egg-info/
4
+ .venv/
5
+ .sdlc/questions.md
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 xajeel
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,178 @@
1
+ Metadata-Version: 2.4
2
+ Name: ai-sdlc-kit
3
+ Version: 0.1.0
4
+ Summary: Spec-driven SDLC skills for AI coding agents — Claude Code, Cursor, Windsurf, Gemini CLI
5
+ Project-URL: Homepage, https://github.com/xajeel/AI-SDLC
6
+ Author: xajeel
7
+ License-Expression: MIT
8
+ License-File: LICENSE
9
+ Keywords: agents,ai,claude-code,cursor,sdlc,skills,spec-driven
10
+ Classifier: Intended Audience :: Developers
11
+ Classifier: Operating System :: OS Independent
12
+ Classifier: Programming Language :: Python :: 3
13
+ Classifier: Topic :: Software Development
14
+ Requires-Python: >=3.9
15
+ Description-Content-Type: text/markdown
16
+
17
+ # AI-SDLC v2 — Spec-Driven Skills for AI Coding Agents
18
+
19
+ A lean, token-efficient Software Development Life Cycle for AI coding agents (Claude Code, Cursor, Windsurf, Gemini CLI). Six skills that make an agent work the way a senior engineer does: **understand → decide → plan in verifiable steps → build with checks after every step → gate → ship**.
20
+
21
+ Designed so that **even a small model can execute reliably**: the planning skill (run once, ideally with a strong model) removes every judgment call up front, and the execution skills are mechanical loops with hard stop conditions.
22
+
23
+ ---
24
+
25
+ ## Design principles (what changed from v1)
26
+
27
+ | v1 problem | v2 fix |
28
+ |---|---|
29
+ | Huge token use | Skills are 4–10× smaller; artifacts have hard size budgets; every skill reads only the files it names — never "scan the codebase" |
30
+ | Implementation files full of code, impossible to review | Specs contain **instructions + contracts** (signatures, shapes, exact steps) — never code bodies. You review decisions and contracts, not walls of code |
31
+ | QA didn't catch bugs | Checks are **defined at plan time** (every task has a `Verify` command, every goal an acceptance check). QA just executes them — nothing left to a model's mood |
32
+ | Too many files per feature | **One spec file per feature.** Plan, decisions, tasks, and QA log all live in `.sdlc/specs/<feature>.md` |
33
+ | Features silently broke each other | `/build` runs the full test suite every 2 tasks (not only at the end); `/qa` treats any regression as an automatic FAIL |
34
+ | Style drift, copied bugs | Every task names a `Pattern:` file the new code must mirror; PROJECT.md carries ≤ 12 checkable convention rules |
35
+ | Black-box output | Every spec opens with **What & why** (plain-English story of the feature) and a **Decisions** section: what each component is, what was chosen, why, and what was rejected — written to pass the "12th-grader test", so you can explain the design to anyone |
36
+
37
+ ---
38
+
39
+ ## Install
40
+
41
+ Copy the folders inside `skills/` into your agent's skills directory at the project root:
42
+
43
+ | Agent / IDE | Path |
44
+ |---|---|
45
+ | Claude Code | `.claude/skills/` |
46
+ | Cursor | `.cursor/skills/` |
47
+ | Windsurf | `.windsurf/skills/` |
48
+ | Gemini CLI | `.gemini/skills/` |
49
+
50
+ The skills appear as slash commands: `/sdlc-init`, `/roadmap`, `/spec`, `/build`, `/qa`, `/ship`.
51
+
52
+ ---
53
+
54
+ ## The flow
55
+
56
+ ```
57
+ /sdlc-init one-time setup → .sdlc/PROJECT.md + STATE.md
58
+
59
+ /roadmap (optional) whole project → features → .sdlc/ROADMAP.md
60
+
61
+ /spec <feature> plan one feature → .sdlc/specs/<feature>.md
62
+ │ (research, decisions, tasks with contracts + verify commands)
63
+ /build <feature> implement task-by-task → code; verify gate after EVERY task,
64
+ │ full-suite checkpoint every 2 tasks
65
+ /qa <feature> mechanical gate → verdict appended to the spec;
66
+ │ failures become fix-tasks for /build
67
+ /ship <feature> safe commit → feature branch only, STATE.md updated
68
+ ```
69
+
70
+ The `/build → /qa → /build` loop is the self-healing part: QA never fixes code, it appends `F1, F2…` fix-tasks to the spec, and `/build` executes them like any other task.
71
+
72
+ ## The six skills
73
+
74
+ | Skill | Does | Reads | Writes |
75
+ |---|---|---|---|
76
+ | `sdlc-init` | One-time project setup: stack, layout, commands, conventions, boundaries | manifests + a few source files, or PRD, or your answers | `PROJECT.md`, `STATE.md` |
77
+ | `roadmap` | Splits a PRD into ordered, shippable features (what + order, never how) | PROJECT.md, the PRD | `ROADMAP.md` |
78
+ | `spec` | Plans one feature: researches unknowns, records decisions, writes ≤ 8 tasks with `Files / Pattern / Do / Verify` | PROJECT.md, STATE.md, only the files the feature touches | `specs/<feature>.md` |
79
+ | `build` | Executes the spec exactly: whitelist files, mirror patterns, verify after every task, checkpoint every 2 | PROJECT.md, the spec, only listed files | code + spec checkboxes |
80
+ | `qa` | Re-runs all verifies + acceptance checks + full suite + diff scan; PASS/FAIL verdict; failures → fix-tasks | PROJECT.md, the spec, the diff | QA log in the spec |
81
+ | `ship` | Branch guard, explicit staging, conventional commit from the spec, records update. Never pushes | the spec | git commit, STATE.md, ROADMAP.md |
82
+
83
+ Bonus: `architecture-diagram` — renders a self-contained HTML/SVG architecture diagram (unchanged from v1).
84
+
85
+ ---
86
+
87
+ ## The `.sdlc/` folder — 4 file types, that's all
88
+
89
+ ```
90
+ .sdlc/
91
+ ├── PROJECT.md # ≤ 80 lines: stack, layout, commands, conventions, boundaries
92
+ ├── STATE.md # one table: feature | spec | status | shipped date (+ cross-feature notes)
93
+ ├── ROADMAP.md # optional: ordered feature list for a whole project
94
+ └── specs/
95
+ └── <feature>.md # everything about one feature: goal, decisions, touches,
96
+ # tasks (with checkboxes = live progress), acceptance checks, QA log
97
+ ```
98
+
99
+ A spec file looks like this (abridged):
100
+
101
+ ```markdown
102
+ # user-auth
103
+ Status: building
104
+ Goal: Email+password auth issuing JWT access/refresh tokens
105
+ Done when:
106
+ - POST /v1/auth/login returns tokens for valid credentials
107
+ - Protected routes return 401 without a valid token
108
+
109
+ ## What & why — plain English
110
+ When someone signs up, we store their account with a scrambled (hashed) password —
111
+ we never keep the real one. When they log in, we check the password and hand back
112
+ two digital passes: a short-lived access token shown on every request, and a
113
+ longer-lived refresh token used to get a new pass when the old one expires.
114
+ Any protected page simply refuses visitors without a valid pass.
115
+
116
+ ## Decisions
117
+ - **JWT tokens** — a JWT is a signed digital pass the server can verify without a
118
+ database lookup. Chose: 15-min access token + rotating 7-day refresh token.
119
+ Why: servers don't have to remember who is logged in, so the app scales by just
120
+ adding more servers. Rejected: cookie sessions — they need shared session
121
+ storage, which complicates scaling.
122
+ - **bcrypt (cost 12)** — a slow-by-design password scrambler, so stolen data is
123
+ useless to attackers. Why: the battle-tested standard. Rejected: argon2 —
124
+ slightly stronger but adds a native dependency our stack doesn't need.
125
+
126
+ ## Touches
127
+ - Edits: src/main.py (register router)
128
+ - Mirrors: src/routes/items.py, src/services/items.py
129
+ - Risk: shared error handler in src/exceptions.py
130
+
131
+ ## Tasks
132
+ ### [x] T1 — User model + migration
133
+ Files: CREATE src/models/user.py, CREATE migrations/…
134
+ Pattern: src/models/item.py
135
+ Do:
136
+ - Table users: id UUID pk, email unique not-null, password_hash str, created_at
137
+ - Migration with upgrade + downgrade
138
+ Verify: `uv run alembic upgrade head` → applies cleanly
139
+
140
+ ### [ ] T2 — Auth service
141
+ Files: CREATE src/services/auth.py
142
+ Pattern: src/services/items.py
143
+ Do:
144
+ - register(email, password) -> User — reject duplicate email with ConflictError
145
+ - login(email, password) -> TokenPair(access: str, refresh: str)
146
+ - Hash with bcrypt cost 12; never log passwords
147
+ Verify: `uv run pytest tests/auth -q` → pass
148
+
149
+ ## Acceptance checks
150
+ - [ ] `curl -s -X POST :8000/v1/auth/login -d '{…}'` → 200 with access + refresh tokens
151
+ - [ ] `curl -s :8000/v1/items` (no token) → 401
152
+
153
+ ## QA log
154
+ ### QA 2026-07-12 — PASS
155
+ Task verifies: 5/5 · Acceptance: 3/3 · Suite: 42 passed · Regressions: 0
156
+ Try it:
157
+ 1. Run `uv run uvicorn src.main:app`, POST /v1/auth/register with {"email":"test@example.com","password":"Pass123!"}
158
+ 2. Expect 201 and a user id; then login with the same credentials → 200 with two tokens
159
+ ```
160
+
161
+ Notice: an implementer needs **no other document**, a reviewer reads Decisions + contracts in minutes, the checkboxes are resumable progress state, and QA's checklist was fixed the moment the spec was written.
162
+
163
+ ---
164
+
165
+ ## Why this works with small models
166
+
167
+ 1. **Judgment happens once, at spec time.** Use your best model for `/spec`. After that, `/build` and `/qa` are deterministic loops — pick task, read 2–3 listed files, follow exact bullets, run a command, check a box.
168
+ 2. **Whitelists instead of freedom.** A task's `Files:` list is a hard boundary; needing another file is a stop-and-report, not an improvisation.
169
+ 3. **Patterns instead of taste.** "Mirror `src/services/items.py`" keeps style consistent without describing style.
170
+ 4. **Verification is a command, not an opinion.** Every task and every acceptance criterion is proven by running something and comparing output.
171
+ 5. **Tiny context.** PROJECT.md ≤ 80 lines, one spec per feature, skills that forbid whole-codebase scans — the model's window stays small and focused.
172
+
173
+ ## Roadmap for this kit
174
+
175
+ - pip / npm installer that copies skills into the right folder per agent and scaffolds `.sdlc/`
176
+ - Optional CI hook: run `/qa` checks headlessly on pull requests
177
+
178
+ Related prior art: [github/spec-kit](https://github.com/github/spec-kit).
@@ -0,0 +1,162 @@
1
+ # AI-SDLC v2 — Spec-Driven Skills for AI Coding Agents
2
+
3
+ A lean, token-efficient Software Development Life Cycle for AI coding agents (Claude Code, Cursor, Windsurf, Gemini CLI). Six skills that make an agent work the way a senior engineer does: **understand → decide → plan in verifiable steps → build with checks after every step → gate → ship**.
4
+
5
+ Designed so that **even a small model can execute reliably**: the planning skill (run once, ideally with a strong model) removes every judgment call up front, and the execution skills are mechanical loops with hard stop conditions.
6
+
7
+ ---
8
+
9
+ ## Design principles (what changed from v1)
10
+
11
+ | v1 problem | v2 fix |
12
+ |---|---|
13
+ | Huge token use | Skills are 4–10× smaller; artifacts have hard size budgets; every skill reads only the files it names — never "scan the codebase" |
14
+ | Implementation files full of code, impossible to review | Specs contain **instructions + contracts** (signatures, shapes, exact steps) — never code bodies. You review decisions and contracts, not walls of code |
15
+ | QA didn't catch bugs | Checks are **defined at plan time** (every task has a `Verify` command, every goal an acceptance check). QA just executes them — nothing left to a model's mood |
16
+ | Too many files per feature | **One spec file per feature.** Plan, decisions, tasks, and QA log all live in `.sdlc/specs/<feature>.md` |
17
+ | Features silently broke each other | `/build` runs the full test suite every 2 tasks (not only at the end); `/qa` treats any regression as an automatic FAIL |
18
+ | Style drift, copied bugs | Every task names a `Pattern:` file the new code must mirror; PROJECT.md carries ≤ 12 checkable convention rules |
19
+ | Black-box output | Every spec opens with **What & why** (plain-English story of the feature) and a **Decisions** section: what each component is, what was chosen, why, and what was rejected — written to pass the "12th-grader test", so you can explain the design to anyone |
20
+
21
+ ---
22
+
23
+ ## Install
24
+
25
+ Copy the folders inside `skills/` into your agent's skills directory at the project root:
26
+
27
+ | Agent / IDE | Path |
28
+ |---|---|
29
+ | Claude Code | `.claude/skills/` |
30
+ | Cursor | `.cursor/skills/` |
31
+ | Windsurf | `.windsurf/skills/` |
32
+ | Gemini CLI | `.gemini/skills/` |
33
+
34
+ The skills appear as slash commands: `/sdlc-init`, `/roadmap`, `/spec`, `/build`, `/qa`, `/ship`.
35
+
36
+ ---
37
+
38
+ ## The flow
39
+
40
+ ```
41
+ /sdlc-init one-time setup → .sdlc/PROJECT.md + STATE.md
42
+
43
+ /roadmap (optional) whole project → features → .sdlc/ROADMAP.md
44
+
45
+ /spec <feature> plan one feature → .sdlc/specs/<feature>.md
46
+ │ (research, decisions, tasks with contracts + verify commands)
47
+ /build <feature> implement task-by-task → code; verify gate after EVERY task,
48
+ │ full-suite checkpoint every 2 tasks
49
+ /qa <feature> mechanical gate → verdict appended to the spec;
50
+ │ failures become fix-tasks for /build
51
+ /ship <feature> safe commit → feature branch only, STATE.md updated
52
+ ```
53
+
54
+ The `/build → /qa → /build` loop is the self-healing part: QA never fixes code, it appends `F1, F2…` fix-tasks to the spec, and `/build` executes them like any other task.
55
+
56
+ ## The six skills
57
+
58
+ | Skill | Does | Reads | Writes |
59
+ |---|---|---|---|
60
+ | `sdlc-init` | One-time project setup: stack, layout, commands, conventions, boundaries | manifests + a few source files, or PRD, or your answers | `PROJECT.md`, `STATE.md` |
61
+ | `roadmap` | Splits a PRD into ordered, shippable features (what + order, never how) | PROJECT.md, the PRD | `ROADMAP.md` |
62
+ | `spec` | Plans one feature: researches unknowns, records decisions, writes ≤ 8 tasks with `Files / Pattern / Do / Verify` | PROJECT.md, STATE.md, only the files the feature touches | `specs/<feature>.md` |
63
+ | `build` | Executes the spec exactly: whitelist files, mirror patterns, verify after every task, checkpoint every 2 | PROJECT.md, the spec, only listed files | code + spec checkboxes |
64
+ | `qa` | Re-runs all verifies + acceptance checks + full suite + diff scan; PASS/FAIL verdict; failures → fix-tasks | PROJECT.md, the spec, the diff | QA log in the spec |
65
+ | `ship` | Branch guard, explicit staging, conventional commit from the spec, records update. Never pushes | the spec | git commit, STATE.md, ROADMAP.md |
66
+
67
+ Bonus: `architecture-diagram` — renders a self-contained HTML/SVG architecture diagram (unchanged from v1).
68
+
69
+ ---
70
+
71
+ ## The `.sdlc/` folder — 4 file types, that's all
72
+
73
+ ```
74
+ .sdlc/
75
+ ├── PROJECT.md # ≤ 80 lines: stack, layout, commands, conventions, boundaries
76
+ ├── STATE.md # one table: feature | spec | status | shipped date (+ cross-feature notes)
77
+ ├── ROADMAP.md # optional: ordered feature list for a whole project
78
+ └── specs/
79
+ └── <feature>.md # everything about one feature: goal, decisions, touches,
80
+ # tasks (with checkboxes = live progress), acceptance checks, QA log
81
+ ```
82
+
83
+ A spec file looks like this (abridged):
84
+
85
+ ```markdown
86
+ # user-auth
87
+ Status: building
88
+ Goal: Email+password auth issuing JWT access/refresh tokens
89
+ Done when:
90
+ - POST /v1/auth/login returns tokens for valid credentials
91
+ - Protected routes return 401 without a valid token
92
+
93
+ ## What & why — plain English
94
+ When someone signs up, we store their account with a scrambled (hashed) password —
95
+ we never keep the real one. When they log in, we check the password and hand back
96
+ two digital passes: a short-lived access token shown on every request, and a
97
+ longer-lived refresh token used to get a new pass when the old one expires.
98
+ Any protected page simply refuses visitors without a valid pass.
99
+
100
+ ## Decisions
101
+ - **JWT tokens** — a JWT is a signed digital pass the server can verify without a
102
+ database lookup. Chose: 15-min access token + rotating 7-day refresh token.
103
+ Why: servers don't have to remember who is logged in, so the app scales by just
104
+ adding more servers. Rejected: cookie sessions — they need shared session
105
+ storage, which complicates scaling.
106
+ - **bcrypt (cost 12)** — a slow-by-design password scrambler, so stolen data is
107
+ useless to attackers. Why: the battle-tested standard. Rejected: argon2 —
108
+ slightly stronger but adds a native dependency our stack doesn't need.
109
+
110
+ ## Touches
111
+ - Edits: src/main.py (register router)
112
+ - Mirrors: src/routes/items.py, src/services/items.py
113
+ - Risk: shared error handler in src/exceptions.py
114
+
115
+ ## Tasks
116
+ ### [x] T1 — User model + migration
117
+ Files: CREATE src/models/user.py, CREATE migrations/…
118
+ Pattern: src/models/item.py
119
+ Do:
120
+ - Table users: id UUID pk, email unique not-null, password_hash str, created_at
121
+ - Migration with upgrade + downgrade
122
+ Verify: `uv run alembic upgrade head` → applies cleanly
123
+
124
+ ### [ ] T2 — Auth service
125
+ Files: CREATE src/services/auth.py
126
+ Pattern: src/services/items.py
127
+ Do:
128
+ - register(email, password) -> User — reject duplicate email with ConflictError
129
+ - login(email, password) -> TokenPair(access: str, refresh: str)
130
+ - Hash with bcrypt cost 12; never log passwords
131
+ Verify: `uv run pytest tests/auth -q` → pass
132
+
133
+ ## Acceptance checks
134
+ - [ ] `curl -s -X POST :8000/v1/auth/login -d '{…}'` → 200 with access + refresh tokens
135
+ - [ ] `curl -s :8000/v1/items` (no token) → 401
136
+
137
+ ## QA log
138
+ ### QA 2026-07-12 — PASS
139
+ Task verifies: 5/5 · Acceptance: 3/3 · Suite: 42 passed · Regressions: 0
140
+ Try it:
141
+ 1. Run `uv run uvicorn src.main:app`, POST /v1/auth/register with {"email":"test@example.com","password":"Pass123!"}
142
+ 2. Expect 201 and a user id; then login with the same credentials → 200 with two tokens
143
+ ```
144
+
145
+ Notice: an implementer needs **no other document**, a reviewer reads Decisions + contracts in minutes, the checkboxes are resumable progress state, and QA's checklist was fixed the moment the spec was written.
146
+
147
+ ---
148
+
149
+ ## Why this works with small models
150
+
151
+ 1. **Judgment happens once, at spec time.** Use your best model for `/spec`. After that, `/build` and `/qa` are deterministic loops — pick task, read 2–3 listed files, follow exact bullets, run a command, check a box.
152
+ 2. **Whitelists instead of freedom.** A task's `Files:` list is a hard boundary; needing another file is a stop-and-report, not an improvisation.
153
+ 3. **Patterns instead of taste.** "Mirror `src/services/items.py`" keeps style consistent without describing style.
154
+ 4. **Verification is a command, not an opinion.** Every task and every acceptance criterion is proven by running something and comparing output.
155
+ 5. **Tiny context.** PROJECT.md ≤ 80 lines, one spec per feature, skills that forbid whole-codebase scans — the model's window stays small and focused.
156
+
157
+ ## Roadmap for this kit
158
+
159
+ - pip / npm installer that copies skills into the right folder per agent and scaffolds `.sdlc/`
160
+ - Optional CI hook: run `/qa` checks headlessly on pull requests
161
+
162
+ Related prior art: [github/spec-kit](https://github.com/github/spec-kit).
@@ -0,0 +1,36 @@
1
+ [build-system]
2
+ requires = ["hatchling"]
3
+ build-backend = "hatchling.build"
4
+
5
+ [project]
6
+ name = "ai-sdlc-kit"
7
+ version = "0.1.0"
8
+ description = "Spec-driven SDLC skills for AI coding agents — Claude Code, Cursor, Windsurf, Gemini CLI"
9
+ readme = "README.md"
10
+ license = "MIT"
11
+ license-files = ["LICENSE"]
12
+ requires-python = ">=3.9"
13
+ authors = [{ name = "xajeel" }]
14
+ keywords = ["ai", "agents", "sdlc", "claude-code", "cursor", "skills", "spec-driven"]
15
+ classifiers = [
16
+ "Programming Language :: Python :: 3",
17
+ "Operating System :: OS Independent",
18
+ "Intended Audience :: Developers",
19
+ "Topic :: Software Development",
20
+ ]
21
+
22
+ [project.scripts]
23
+ ai-sdlc = "ai_sdlc.cli:main"
24
+
25
+ [project.urls]
26
+ Homepage = "https://github.com/xajeel/AI-SDLC"
27
+
28
+ [tool.hatch.build.targets.wheel]
29
+ packages = ["src/ai_sdlc"]
30
+
31
+ # This line is what bundles the repo-root skills/ folder into the wheel:
32
+ [tool.hatch.build.targets.wheel.force-include]
33
+ "skills" = "ai_sdlc/skills"
34
+
35
+ [tool.hatch.build.targets.sdist]
36
+ include = ["src", "skills", "README.md", "LICENSE", "pyproject.toml"]
@@ -0,0 +1,163 @@
1
+ ---
2
+ name: architecture-diagram
3
+ description: Create professional, dark-themed architecture diagrams as standalone HTML files with SVG graphics. Use when the user asks for system architecture diagrams, infrastructure diagrams, cloud architecture visualizations, security diagrams, network topology diagrams, or any technical diagram showing system components and their relationships.
4
+ license: MIT
5
+ metadata:
6
+ version: "1.0"
7
+ author: Cocoon AI (hello@cocoon-ai.com)
8
+ ---
9
+
10
+ # Architecture Diagram Skill
11
+
12
+ Create professional technical architecture diagrams as self-contained HTML files with inline SVG graphics and CSS styling.
13
+
14
+ ## Design System
15
+
16
+ ### Color Palette
17
+
18
+ Use these semantic colors for component types:
19
+
20
+ | Component Type | Fill (rgba) | Stroke |
21
+ |---------------|-------------|--------|
22
+ | Frontend | `rgba(8, 51, 68, 0.4)` | `#22d3ee` (cyan-400) |
23
+ | Backend | `rgba(6, 78, 59, 0.4)` | `#34d399` (emerald-400) |
24
+ | Database | `rgba(76, 29, 149, 0.4)` | `#a78bfa` (violet-400) |
25
+ | AWS/Cloud | `rgba(120, 53, 15, 0.3)` | `#fbbf24` (amber-400) |
26
+ | Security | `rgba(136, 19, 55, 0.4)` | `#fb7185` (rose-400) |
27
+ | Message Bus | `rgba(251, 146, 60, 0.3)` | `#fb923c` (orange-400) |
28
+ | External/Generic | `rgba(30, 41, 59, 0.5)` | `#94a3b8` (slate-400) |
29
+
30
+ ### Typography
31
+
32
+ Use JetBrains Mono for all text (monospace, technical aesthetic):
33
+ ```html
34
+ <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap" rel="stylesheet">
35
+ ```
36
+
37
+ Font sizes: 12px for component names, 9px for sublabels, 8px for annotations, 7px for tiny labels.
38
+
39
+ ### Visual Elements
40
+
41
+ **Background:** `#020617` (slate-950) with subtle grid pattern:
42
+ ```svg
43
+ <pattern id="grid" width="40" height="40" patternUnits="userSpaceOnUse">
44
+ <path d="M 40 0 L 0 0 0 40" fill="none" stroke="#1e293b" stroke-width="0.5"/>
45
+ </pattern>
46
+ ```
47
+
48
+ **Component boxes:** Rounded rectangles (`rx="6"`) with 1.5px stroke, semi-transparent fills.
49
+
50
+ **Security groups:** Dashed stroke (`stroke-dasharray="4,4"`), transparent fill, rose color.
51
+
52
+ **Region boundaries:** Larger dashed stroke (`stroke-dasharray="8,4"`), amber color, `rx="12"`.
53
+
54
+ **Arrows:** Use SVG marker for arrowheads:
55
+ ```svg
56
+ <marker id="arrowhead" markerWidth="10" markerHeight="7" refX="9" refY="3.5" orient="auto">
57
+ <polygon points="0 0, 10 3.5, 0 7" fill="#64748b" />
58
+ </marker>
59
+ ```
60
+
61
+ **Arrow z-order:** Draw connection arrows early in the SVG (after the background grid) so they render behind component boxes. SVG elements are painted in document order, so arrows drawn first will appear behind shapes drawn later.
62
+
63
+ **Masking arrows behind transparent fills:** Since component boxes use semi-transparent fills (`rgba(..., 0.4)`), arrows behind them will show through. To fully mask arrows, draw an opaque background rect (e.g., `fill="#0f172a"`) at the same position before drawing the semi-transparent styled rect on top:
64
+ ```svg
65
+ <!-- Opaque background to mask arrows -->
66
+ <rect x="X" y="Y" width="W" height="H" rx="6" fill="#0f172a"/>
67
+ <!-- Styled component on top -->
68
+ <rect x="X" y="Y" width="W" height="H" rx="6" fill="rgba(76, 29, 149, 0.4)" stroke="#a78bfa" stroke-width="1.5"/>
69
+ ```
70
+
71
+ **Auth/security flows:** Dashed lines in rose color (`#fb7185`).
72
+
73
+ **Message buses / Event buses:** Small connector elements between services. Use orange color (`#fb923c` stroke, `rgba(251, 146, 60, 0.3)` fill):
74
+ ```svg
75
+ <rect x="X" y="Y" width="120" height="20" rx="4" fill="rgba(251, 146, 60, 0.3)" stroke="#fb923c" stroke-width="1"/>
76
+ <text x="CENTER_X" y="Y+14" fill="#fb923c" font-size="7" text-anchor="middle">Kafka / RabbitMQ</text>
77
+ ```
78
+
79
+ ### Spacing Rules
80
+
81
+ **CRITICAL:** When stacking components vertically, ensure proper spacing to avoid overlaps:
82
+
83
+ - **Standard component height:** 60px for services, 80-120px for larger components
84
+ - **Minimum vertical gap between components:** 40px
85
+ - **Inline connectors (message buses):** Place IN the gap between components, not overlapping
86
+
87
+ **Example vertical layout:**
88
+ ```
89
+ Component A: y=70, height=60 → ends at y=130
90
+ Gap: y=130 to y=170 → 40px gap, place bus at y=140 (20px tall)
91
+ Component B: y=170, height=60 → ends at y=230
92
+ ```
93
+
94
+ **Wrong:** Placing a message bus at y=160 when Component B starts at y=170 (causes overlap)
95
+ **Right:** Placing a message bus at y=140, centered in the 40px gap (y=130 to y=170)
96
+
97
+ ### Legend Placement
98
+
99
+ **CRITICAL:** Place legends OUTSIDE all boundary boxes (region boundaries, cluster boundaries, security groups).
100
+
101
+ - Calculate where all boundaries end (y position + height)
102
+ - Place legend at least 20px below the lowest boundary
103
+ - Expand SVG viewBox height if needed to accommodate
104
+
105
+ **Example:**
106
+ ```
107
+ Kubernetes Cluster: y=30, height=460 → ends at y=490
108
+ Legend should start at: y=510 or below
109
+ SVG viewBox height: at least 560 to fit legend
110
+ ```
111
+
112
+ **Wrong:** Legend at y=470 inside a cluster boundary that ends at y=490
113
+ **Right:** Legend at y=510, below the cluster boundary, with viewBox height extended
114
+
115
+ ### Layout Structure
116
+
117
+ 1. **Header** - Title with pulsing dot indicator, subtitle
118
+ 2. **Main SVG diagram** - Contained in rounded border card
119
+ 3. **Summary cards** - Grid of 3 cards below diagram with key details
120
+ 4. **Footer** - Minimal metadata line
121
+
122
+ ### Component Box Pattern
123
+
124
+ ```svg
125
+ <rect x="X" y="Y" width="W" height="H" rx="6" fill="FILL_COLOR" stroke="STROKE_COLOR" stroke-width="1.5"/>
126
+ <text x="CENTER_X" y="Y+20" fill="white" font-size="11" font-weight="600" text-anchor="middle">LABEL</text>
127
+ <text x="CENTER_X" y="Y+36" fill="#94a3b8" font-size="9" text-anchor="middle">sublabel</text>
128
+ ```
129
+
130
+ ### Info Card Pattern
131
+
132
+ ```html
133
+ <div class="card">
134
+ <div class="card-header">
135
+ <div class="card-dot COLOR"></div>
136
+ <h3>Title</h3>
137
+ </div>
138
+ <ul>
139
+ <li>• Item one</li>
140
+ <li>• Item two</li>
141
+ </ul>
142
+ </div>
143
+ ```
144
+
145
+ ## Template
146
+
147
+ Copy and customize the template at `assets/template.html`. Key customization points:
148
+
149
+ 1. Update the `<title>` and header text
150
+ 2. Modify SVG viewBox dimensions if needed (default: `1000 x 680`)
151
+ 3. Add/remove/reposition component boxes
152
+ 4. Draw connection arrows between components
153
+ 5. Update the three summary cards
154
+ 6. Update footer metadata
155
+
156
+ ## Output
157
+
158
+ Always produce a single self-contained `.html` file with:
159
+ - Embedded CSS (no external stylesheets except Google Fonts)
160
+ - Inline SVG (no external images)
161
+ - No JavaScript required (pure CSS animations)
162
+
163
+ The file should render correctly when opened directly in any modern browser.