ai-sdlc-kit 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ai_sdlc_kit-0.1.0/.gitignore +5 -0
- ai_sdlc_kit-0.1.0/LICENSE +21 -0
- ai_sdlc_kit-0.1.0/PKG-INFO +178 -0
- ai_sdlc_kit-0.1.0/README.md +162 -0
- ai_sdlc_kit-0.1.0/pyproject.toml +36 -0
- ai_sdlc_kit-0.1.0/skills/architecture-diagram/SKILL.md +163 -0
- ai_sdlc_kit-0.1.0/skills/architecture-diagram/assets/template.html +319 -0
- ai_sdlc_kit-0.1.0/skills/build/SKILL.md +43 -0
- ai_sdlc_kit-0.1.0/skills/qa/SKILL.md +52 -0
- ai_sdlc_kit-0.1.0/skills/roadmap/SKILL.md +53 -0
- ai_sdlc_kit-0.1.0/skills/sdlc-init/SKILL.md +91 -0
- ai_sdlc_kit-0.1.0/skills/ship/SKILL.md +52 -0
- ai_sdlc_kit-0.1.0/skills/spec/SKILL.md +106 -0
- ai_sdlc_kit-0.1.0/src/ai_sdlc/__init__.py +1 -0
- ai_sdlc_kit-0.1.0/src/ai_sdlc/cli.py +144 -0
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 xajeel
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: ai-sdlc-kit
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Spec-driven SDLC skills for AI coding agents — Claude Code, Cursor, Windsurf, Gemini CLI
|
|
5
|
+
Project-URL: Homepage, https://github.com/xajeel/AI-SDLC
|
|
6
|
+
Author: xajeel
|
|
7
|
+
License-Expression: MIT
|
|
8
|
+
License-File: LICENSE
|
|
9
|
+
Keywords: agents,ai,claude-code,cursor,sdlc,skills,spec-driven
|
|
10
|
+
Classifier: Intended Audience :: Developers
|
|
11
|
+
Classifier: Operating System :: OS Independent
|
|
12
|
+
Classifier: Programming Language :: Python :: 3
|
|
13
|
+
Classifier: Topic :: Software Development
|
|
14
|
+
Requires-Python: >=3.9
|
|
15
|
+
Description-Content-Type: text/markdown
|
|
16
|
+
|
|
17
|
+
# AI-SDLC v2 — Spec-Driven Skills for AI Coding Agents
|
|
18
|
+
|
|
19
|
+
A lean, token-efficient Software Development Life Cycle for AI coding agents (Claude Code, Cursor, Windsurf, Gemini CLI). Six skills that make an agent work the way a senior engineer does: **understand → decide → plan in verifiable steps → build with checks after every step → gate → ship**.
|
|
20
|
+
|
|
21
|
+
Designed so that **even a small model can execute reliably**: the planning skill (run once, ideally with a strong model) removes every judgment call up front, and the execution skills are mechanical loops with hard stop conditions.
|
|
22
|
+
|
|
23
|
+
---
|
|
24
|
+
|
|
25
|
+
## Design principles (what changed from v1)
|
|
26
|
+
|
|
27
|
+
| v1 problem | v2 fix |
|
|
28
|
+
|---|---|
|
|
29
|
+
| Huge token use | Skills are 4–10× smaller; artifacts have hard size budgets; every skill reads only the files it names — never "scan the codebase" |
|
|
30
|
+
| Implementation files full of code, impossible to review | Specs contain **instructions + contracts** (signatures, shapes, exact steps) — never code bodies. You review decisions and contracts, not walls of code |
|
|
31
|
+
| QA didn't catch bugs | Checks are **defined at plan time** (every task has a `Verify` command, every goal an acceptance check). QA just executes them — nothing left to a model's mood |
|
|
32
|
+
| Too many files per feature | **One spec file per feature.** Plan, decisions, tasks, and QA log all live in `.sdlc/specs/<feature>.md` |
|
|
33
|
+
| Features silently broke each other | `/build` runs the full test suite every 2 tasks (not only at the end); `/qa` treats any regression as an automatic FAIL |
|
|
34
|
+
| Style drift, copied bugs | Every task names a `Pattern:` file the new code must mirror; PROJECT.md carries ≤ 12 checkable convention rules |
|
|
35
|
+
| Black-box output | Every spec opens with **What & why** (plain-English story of the feature) and a **Decisions** section: what each component is, what was chosen, why, and what was rejected — written to pass the "12th-grader test", so you can explain the design to anyone |
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
39
|
+
## Install
|
|
40
|
+
|
|
41
|
+
Copy the folders inside `skills/` into your agent's skills directory at the project root:
|
|
42
|
+
|
|
43
|
+
| Agent / IDE | Path |
|
|
44
|
+
|---|---|
|
|
45
|
+
| Claude Code | `.claude/skills/` |
|
|
46
|
+
| Cursor | `.cursor/skills/` |
|
|
47
|
+
| Windsurf | `.windsurf/skills/` |
|
|
48
|
+
| Gemini CLI | `.gemini/skills/` |
|
|
49
|
+
|
|
50
|
+
The skills appear as slash commands: `/sdlc-init`, `/roadmap`, `/spec`, `/build`, `/qa`, `/ship`.
|
|
51
|
+
|
|
52
|
+
---
|
|
53
|
+
|
|
54
|
+
## The flow
|
|
55
|
+
|
|
56
|
+
```
|
|
57
|
+
/sdlc-init one-time setup → .sdlc/PROJECT.md + STATE.md
|
|
58
|
+
│
|
|
59
|
+
/roadmap (optional) whole project → features → .sdlc/ROADMAP.md
|
|
60
|
+
│
|
|
61
|
+
/spec <feature> plan one feature → .sdlc/specs/<feature>.md
|
|
62
|
+
│ (research, decisions, tasks with contracts + verify commands)
|
|
63
|
+
/build <feature> implement task-by-task → code; verify gate after EVERY task,
|
|
64
|
+
│ full-suite checkpoint every 2 tasks
|
|
65
|
+
/qa <feature> mechanical gate → verdict appended to the spec;
|
|
66
|
+
│ failures become fix-tasks for /build
|
|
67
|
+
/ship <feature> safe commit → feature branch only, STATE.md updated
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
The `/build → /qa → /build` loop is the self-healing part: QA never fixes code, it appends `F1, F2…` fix-tasks to the spec, and `/build` executes them like any other task.
|
|
71
|
+
|
|
72
|
+
## The six skills
|
|
73
|
+
|
|
74
|
+
| Skill | Does | Reads | Writes |
|
|
75
|
+
|---|---|---|---|
|
|
76
|
+
| `sdlc-init` | One-time project setup: stack, layout, commands, conventions, boundaries | manifests + a few source files, or PRD, or your answers | `PROJECT.md`, `STATE.md` |
|
|
77
|
+
| `roadmap` | Splits a PRD into ordered, shippable features (what + order, never how) | PROJECT.md, the PRD | `ROADMAP.md` |
|
|
78
|
+
| `spec` | Plans one feature: researches unknowns, records decisions, writes ≤ 8 tasks with `Files / Pattern / Do / Verify` | PROJECT.md, STATE.md, only the files the feature touches | `specs/<feature>.md` |
|
|
79
|
+
| `build` | Executes the spec exactly: whitelist files, mirror patterns, verify after every task, checkpoint every 2 | PROJECT.md, the spec, only listed files | code + spec checkboxes |
|
|
80
|
+
| `qa` | Re-runs all verifies + acceptance checks + full suite + diff scan; PASS/FAIL verdict; failures → fix-tasks | PROJECT.md, the spec, the diff | QA log in the spec |
|
|
81
|
+
| `ship` | Branch guard, explicit staging, conventional commit from the spec, records update. Never pushes | the spec | git commit, STATE.md, ROADMAP.md |
|
|
82
|
+
|
|
83
|
+
Bonus: `architecture-diagram` — renders a self-contained HTML/SVG architecture diagram (unchanged from v1).
|
|
84
|
+
|
|
85
|
+
---
|
|
86
|
+
|
|
87
|
+
## The `.sdlc/` folder — 4 file types, that's all
|
|
88
|
+
|
|
89
|
+
```
|
|
90
|
+
.sdlc/
|
|
91
|
+
├── PROJECT.md # ≤ 80 lines: stack, layout, commands, conventions, boundaries
|
|
92
|
+
├── STATE.md # one table: feature | spec | status | shipped date (+ cross-feature notes)
|
|
93
|
+
├── ROADMAP.md # optional: ordered feature list for a whole project
|
|
94
|
+
└── specs/
|
|
95
|
+
└── <feature>.md # everything about one feature: goal, decisions, touches,
|
|
96
|
+
# tasks (with checkboxes = live progress), acceptance checks, QA log
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
A spec file looks like this (abridged):
|
|
100
|
+
|
|
101
|
+
```markdown
|
|
102
|
+
# user-auth
|
|
103
|
+
Status: building
|
|
104
|
+
Goal: Email+password auth issuing JWT access/refresh tokens
|
|
105
|
+
Done when:
|
|
106
|
+
- POST /v1/auth/login returns tokens for valid credentials
|
|
107
|
+
- Protected routes return 401 without a valid token
|
|
108
|
+
|
|
109
|
+
## What & why — plain English
|
|
110
|
+
When someone signs up, we store their account with a scrambled (hashed) password —
|
|
111
|
+
we never keep the real one. When they log in, we check the password and hand back
|
|
112
|
+
two digital passes: a short-lived access token shown on every request, and a
|
|
113
|
+
longer-lived refresh token used to get a new pass when the old one expires.
|
|
114
|
+
Any protected page simply refuses visitors without a valid pass.
|
|
115
|
+
|
|
116
|
+
## Decisions
|
|
117
|
+
- **JWT tokens** — a JWT is a signed digital pass the server can verify without a
|
|
118
|
+
database lookup. Chose: 15-min access token + rotating 7-day refresh token.
|
|
119
|
+
Why: servers don't have to remember who is logged in, so the app scales by just
|
|
120
|
+
adding more servers. Rejected: cookie sessions — they need shared session
|
|
121
|
+
storage, which complicates scaling.
|
|
122
|
+
- **bcrypt (cost 12)** — a slow-by-design password scrambler, so stolen data is
|
|
123
|
+
useless to attackers. Why: the battle-tested standard. Rejected: argon2 —
|
|
124
|
+
slightly stronger but adds a native dependency our stack doesn't need.
|
|
125
|
+
|
|
126
|
+
## Touches
|
|
127
|
+
- Edits: src/main.py (register router)
|
|
128
|
+
- Mirrors: src/routes/items.py, src/services/items.py
|
|
129
|
+
- Risk: shared error handler in src/exceptions.py
|
|
130
|
+
|
|
131
|
+
## Tasks
|
|
132
|
+
### [x] T1 — User model + migration
|
|
133
|
+
Files: CREATE src/models/user.py, CREATE migrations/…
|
|
134
|
+
Pattern: src/models/item.py
|
|
135
|
+
Do:
|
|
136
|
+
- Table users: id UUID pk, email unique not-null, password_hash str, created_at
|
|
137
|
+
- Migration with upgrade + downgrade
|
|
138
|
+
Verify: `uv run alembic upgrade head` → applies cleanly
|
|
139
|
+
|
|
140
|
+
### [ ] T2 — Auth service
|
|
141
|
+
Files: CREATE src/services/auth.py
|
|
142
|
+
Pattern: src/services/items.py
|
|
143
|
+
Do:
|
|
144
|
+
- register(email, password) -> User — reject duplicate email with ConflictError
|
|
145
|
+
- login(email, password) -> TokenPair(access: str, refresh: str)
|
|
146
|
+
- Hash with bcrypt cost 12; never log passwords
|
|
147
|
+
Verify: `uv run pytest tests/auth -q` → pass
|
|
148
|
+
|
|
149
|
+
## Acceptance checks
|
|
150
|
+
- [ ] `curl -s -X POST :8000/v1/auth/login -d '{…}'` → 200 with access + refresh tokens
|
|
151
|
+
- [ ] `curl -s :8000/v1/items` (no token) → 401
|
|
152
|
+
|
|
153
|
+
## QA log
|
|
154
|
+
### QA 2026-07-12 — PASS
|
|
155
|
+
Task verifies: 5/5 · Acceptance: 3/3 · Suite: 42 passed · Regressions: 0
|
|
156
|
+
Try it:
|
|
157
|
+
1. Run `uv run uvicorn src.main:app`, POST /v1/auth/register with {"email":"test@example.com","password":"Pass123!"}
|
|
158
|
+
2. Expect 201 and a user id; then login with the same credentials → 200 with two tokens
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
Notice: an implementer needs **no other document**, a reviewer reads Decisions + contracts in minutes, the checkboxes are resumable progress state, and QA's checklist was fixed the moment the spec was written.
|
|
162
|
+
|
|
163
|
+
---
|
|
164
|
+
|
|
165
|
+
## Why this works with small models
|
|
166
|
+
|
|
167
|
+
1. **Judgment happens once, at spec time.** Use your best model for `/spec`. After that, `/build` and `/qa` are deterministic loops — pick task, read 2–3 listed files, follow exact bullets, run a command, check a box.
|
|
168
|
+
2. **Whitelists instead of freedom.** A task's `Files:` list is a hard boundary; needing another file is a stop-and-report, not an improvisation.
|
|
169
|
+
3. **Patterns instead of taste.** "Mirror `src/services/items.py`" keeps style consistent without describing style.
|
|
170
|
+
4. **Verification is a command, not an opinion.** Every task and every acceptance criterion is proven by running something and comparing output.
|
|
171
|
+
5. **Tiny context.** PROJECT.md ≤ 80 lines, one spec per feature, skills that forbid whole-codebase scans — the model's window stays small and focused.
|
|
172
|
+
|
|
173
|
+
## Roadmap for this kit
|
|
174
|
+
|
|
175
|
+
- pip / npm installer that copies skills into the right folder per agent and scaffolds `.sdlc/`
|
|
176
|
+
- Optional CI hook: run `/qa` checks headlessly on pull requests
|
|
177
|
+
|
|
178
|
+
Related prior art: [github/spec-kit](https://github.com/github/spec-kit).
|
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
# AI-SDLC v2 — Spec-Driven Skills for AI Coding Agents
|
|
2
|
+
|
|
3
|
+
A lean, token-efficient Software Development Life Cycle for AI coding agents (Claude Code, Cursor, Windsurf, Gemini CLI). Six skills that make an agent work the way a senior engineer does: **understand → decide → plan in verifiable steps → build with checks after every step → gate → ship**.
|
|
4
|
+
|
|
5
|
+
Designed so that **even a small model can execute reliably**: the planning skill (run once, ideally with a strong model) removes every judgment call up front, and the execution skills are mechanical loops with hard stop conditions.
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## Design principles (what changed from v1)
|
|
10
|
+
|
|
11
|
+
| v1 problem | v2 fix |
|
|
12
|
+
|---|---|
|
|
13
|
+
| Huge token use | Skills are 4–10× smaller; artifacts have hard size budgets; every skill reads only the files it names — never "scan the codebase" |
|
|
14
|
+
| Implementation files full of code, impossible to review | Specs contain **instructions + contracts** (signatures, shapes, exact steps) — never code bodies. You review decisions and contracts, not walls of code |
|
|
15
|
+
| QA didn't catch bugs | Checks are **defined at plan time** (every task has a `Verify` command, every goal an acceptance check). QA just executes them — nothing left to a model's mood |
|
|
16
|
+
| Too many files per feature | **One spec file per feature.** Plan, decisions, tasks, and QA log all live in `.sdlc/specs/<feature>.md` |
|
|
17
|
+
| Features silently broke each other | `/build` runs the full test suite every 2 tasks (not only at the end); `/qa` treats any regression as an automatic FAIL |
|
|
18
|
+
| Style drift, copied bugs | Every task names a `Pattern:` file the new code must mirror; PROJECT.md carries ≤ 12 checkable convention rules |
|
|
19
|
+
| Black-box output | Every spec opens with **What & why** (plain-English story of the feature) and a **Decisions** section: what each component is, what was chosen, why, and what was rejected — written to pass the "12th-grader test", so you can explain the design to anyone |
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
## Install
|
|
24
|
+
|
|
25
|
+
Copy the folders inside `skills/` into your agent's skills directory at the project root:
|
|
26
|
+
|
|
27
|
+
| Agent / IDE | Path |
|
|
28
|
+
|---|---|
|
|
29
|
+
| Claude Code | `.claude/skills/` |
|
|
30
|
+
| Cursor | `.cursor/skills/` |
|
|
31
|
+
| Windsurf | `.windsurf/skills/` |
|
|
32
|
+
| Gemini CLI | `.gemini/skills/` |
|
|
33
|
+
|
|
34
|
+
The skills appear as slash commands: `/sdlc-init`, `/roadmap`, `/spec`, `/build`, `/qa`, `/ship`.
|
|
35
|
+
|
|
36
|
+
---
|
|
37
|
+
|
|
38
|
+
## The flow
|
|
39
|
+
|
|
40
|
+
```
|
|
41
|
+
/sdlc-init one-time setup → .sdlc/PROJECT.md + STATE.md
|
|
42
|
+
│
|
|
43
|
+
/roadmap (optional) whole project → features → .sdlc/ROADMAP.md
|
|
44
|
+
│
|
|
45
|
+
/spec <feature> plan one feature → .sdlc/specs/<feature>.md
|
|
46
|
+
│ (research, decisions, tasks with contracts + verify commands)
|
|
47
|
+
/build <feature> implement task-by-task → code; verify gate after EVERY task,
|
|
48
|
+
│ full-suite checkpoint every 2 tasks
|
|
49
|
+
/qa <feature> mechanical gate → verdict appended to the spec;
|
|
50
|
+
│ failures become fix-tasks for /build
|
|
51
|
+
/ship <feature> safe commit → feature branch only, STATE.md updated
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
The `/build → /qa → /build` loop is the self-healing part: QA never fixes code, it appends `F1, F2…` fix-tasks to the spec, and `/build` executes them like any other task.
|
|
55
|
+
|
|
56
|
+
## The six skills
|
|
57
|
+
|
|
58
|
+
| Skill | Does | Reads | Writes |
|
|
59
|
+
|---|---|---|---|
|
|
60
|
+
| `sdlc-init` | One-time project setup: stack, layout, commands, conventions, boundaries | manifests + a few source files, or PRD, or your answers | `PROJECT.md`, `STATE.md` |
|
|
61
|
+
| `roadmap` | Splits a PRD into ordered, shippable features (what + order, never how) | PROJECT.md, the PRD | `ROADMAP.md` |
|
|
62
|
+
| `spec` | Plans one feature: researches unknowns, records decisions, writes ≤ 8 tasks with `Files / Pattern / Do / Verify` | PROJECT.md, STATE.md, only the files the feature touches | `specs/<feature>.md` |
|
|
63
|
+
| `build` | Executes the spec exactly: whitelist files, mirror patterns, verify after every task, checkpoint every 2 | PROJECT.md, the spec, only listed files | code + spec checkboxes |
|
|
64
|
+
| `qa` | Re-runs all verifies + acceptance checks + full suite + diff scan; PASS/FAIL verdict; failures → fix-tasks | PROJECT.md, the spec, the diff | QA log in the spec |
|
|
65
|
+
| `ship` | Branch guard, explicit staging, conventional commit from the spec, records update. Never pushes | the spec | git commit, STATE.md, ROADMAP.md |
|
|
66
|
+
|
|
67
|
+
Bonus: `architecture-diagram` — renders a self-contained HTML/SVG architecture diagram (unchanged from v1).
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## The `.sdlc/` folder — 4 file types, that's all
|
|
72
|
+
|
|
73
|
+
```
|
|
74
|
+
.sdlc/
|
|
75
|
+
├── PROJECT.md # ≤ 80 lines: stack, layout, commands, conventions, boundaries
|
|
76
|
+
├── STATE.md # one table: feature | spec | status | shipped date (+ cross-feature notes)
|
|
77
|
+
├── ROADMAP.md # optional: ordered feature list for a whole project
|
|
78
|
+
└── specs/
|
|
79
|
+
└── <feature>.md # everything about one feature: goal, decisions, touches,
|
|
80
|
+
# tasks (with checkboxes = live progress), acceptance checks, QA log
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
A spec file looks like this (abridged):
|
|
84
|
+
|
|
85
|
+
```markdown
|
|
86
|
+
# user-auth
|
|
87
|
+
Status: building
|
|
88
|
+
Goal: Email+password auth issuing JWT access/refresh tokens
|
|
89
|
+
Done when:
|
|
90
|
+
- POST /v1/auth/login returns tokens for valid credentials
|
|
91
|
+
- Protected routes return 401 without a valid token
|
|
92
|
+
|
|
93
|
+
## What & why — plain English
|
|
94
|
+
When someone signs up, we store their account with a scrambled (hashed) password —
|
|
95
|
+
we never keep the real one. When they log in, we check the password and hand back
|
|
96
|
+
two digital passes: a short-lived access token shown on every request, and a
|
|
97
|
+
longer-lived refresh token used to get a new pass when the old one expires.
|
|
98
|
+
Any protected page simply refuses visitors without a valid pass.
|
|
99
|
+
|
|
100
|
+
## Decisions
|
|
101
|
+
- **JWT tokens** — a JWT is a signed digital pass the server can verify without a
|
|
102
|
+
database lookup. Chose: 15-min access token + rotating 7-day refresh token.
|
|
103
|
+
Why: servers don't have to remember who is logged in, so the app scales by just
|
|
104
|
+
adding more servers. Rejected: cookie sessions — they need shared session
|
|
105
|
+
storage, which complicates scaling.
|
|
106
|
+
- **bcrypt (cost 12)** — a slow-by-design password scrambler, so stolen data is
|
|
107
|
+
useless to attackers. Why: the battle-tested standard. Rejected: argon2 —
|
|
108
|
+
slightly stronger but adds a native dependency our stack doesn't need.
|
|
109
|
+
|
|
110
|
+
## Touches
|
|
111
|
+
- Edits: src/main.py (register router)
|
|
112
|
+
- Mirrors: src/routes/items.py, src/services/items.py
|
|
113
|
+
- Risk: shared error handler in src/exceptions.py
|
|
114
|
+
|
|
115
|
+
## Tasks
|
|
116
|
+
### [x] T1 — User model + migration
|
|
117
|
+
Files: CREATE src/models/user.py, CREATE migrations/…
|
|
118
|
+
Pattern: src/models/item.py
|
|
119
|
+
Do:
|
|
120
|
+
- Table users: id UUID pk, email unique not-null, password_hash str, created_at
|
|
121
|
+
- Migration with upgrade + downgrade
|
|
122
|
+
Verify: `uv run alembic upgrade head` → applies cleanly
|
|
123
|
+
|
|
124
|
+
### [ ] T2 — Auth service
|
|
125
|
+
Files: CREATE src/services/auth.py
|
|
126
|
+
Pattern: src/services/items.py
|
|
127
|
+
Do:
|
|
128
|
+
- register(email, password) -> User — reject duplicate email with ConflictError
|
|
129
|
+
- login(email, password) -> TokenPair(access: str, refresh: str)
|
|
130
|
+
- Hash with bcrypt cost 12; never log passwords
|
|
131
|
+
Verify: `uv run pytest tests/auth -q` → pass
|
|
132
|
+
|
|
133
|
+
## Acceptance checks
|
|
134
|
+
- [ ] `curl -s -X POST :8000/v1/auth/login -d '{…}'` → 200 with access + refresh tokens
|
|
135
|
+
- [ ] `curl -s :8000/v1/items` (no token) → 401
|
|
136
|
+
|
|
137
|
+
## QA log
|
|
138
|
+
### QA 2026-07-12 — PASS
|
|
139
|
+
Task verifies: 5/5 · Acceptance: 3/3 · Suite: 42 passed · Regressions: 0
|
|
140
|
+
Try it:
|
|
141
|
+
1. Run `uv run uvicorn src.main:app`, POST /v1/auth/register with {"email":"test@example.com","password":"Pass123!"}
|
|
142
|
+
2. Expect 201 and a user id; then login with the same credentials → 200 with two tokens
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
Notice: an implementer needs **no other document**, a reviewer reads Decisions + contracts in minutes, the checkboxes are resumable progress state, and QA's checklist was fixed the moment the spec was written.
|
|
146
|
+
|
|
147
|
+
---
|
|
148
|
+
|
|
149
|
+
## Why this works with small models
|
|
150
|
+
|
|
151
|
+
1. **Judgment happens once, at spec time.** Use your best model for `/spec`. After that, `/build` and `/qa` are deterministic loops — pick task, read 2–3 listed files, follow exact bullets, run a command, check a box.
|
|
152
|
+
2. **Whitelists instead of freedom.** A task's `Files:` list is a hard boundary; needing another file is a stop-and-report, not an improvisation.
|
|
153
|
+
3. **Patterns instead of taste.** "Mirror `src/services/items.py`" keeps style consistent without describing style.
|
|
154
|
+
4. **Verification is a command, not an opinion.** Every task and every acceptance criterion is proven by running something and comparing output.
|
|
155
|
+
5. **Tiny context.** PROJECT.md ≤ 80 lines, one spec per feature, skills that forbid whole-codebase scans — the model's window stays small and focused.
|
|
156
|
+
|
|
157
|
+
## Roadmap for this kit
|
|
158
|
+
|
|
159
|
+
- pip / npm installer that copies skills into the right folder per agent and scaffolds `.sdlc/`
|
|
160
|
+
- Optional CI hook: run `/qa` checks headlessly on pull requests
|
|
161
|
+
|
|
162
|
+
Related prior art: [github/spec-kit](https://github.com/github/spec-kit).
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["hatchling"]
|
|
3
|
+
build-backend = "hatchling.build"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "ai-sdlc-kit"
|
|
7
|
+
version = "0.1.0"
|
|
8
|
+
description = "Spec-driven SDLC skills for AI coding agents — Claude Code, Cursor, Windsurf, Gemini CLI"
|
|
9
|
+
readme = "README.md"
|
|
10
|
+
license = "MIT"
|
|
11
|
+
license-files = ["LICENSE"]
|
|
12
|
+
requires-python = ">=3.9"
|
|
13
|
+
authors = [{ name = "xajeel" }]
|
|
14
|
+
keywords = ["ai", "agents", "sdlc", "claude-code", "cursor", "skills", "spec-driven"]
|
|
15
|
+
classifiers = [
|
|
16
|
+
"Programming Language :: Python :: 3",
|
|
17
|
+
"Operating System :: OS Independent",
|
|
18
|
+
"Intended Audience :: Developers",
|
|
19
|
+
"Topic :: Software Development",
|
|
20
|
+
]
|
|
21
|
+
|
|
22
|
+
[project.scripts]
|
|
23
|
+
ai-sdlc = "ai_sdlc.cli:main"
|
|
24
|
+
|
|
25
|
+
[project.urls]
|
|
26
|
+
Homepage = "https://github.com/xajeel/AI-SDLC"
|
|
27
|
+
|
|
28
|
+
[tool.hatch.build.targets.wheel]
|
|
29
|
+
packages = ["src/ai_sdlc"]
|
|
30
|
+
|
|
31
|
+
# This line is what bundles the repo-root skills/ folder into the wheel:
|
|
32
|
+
[tool.hatch.build.targets.wheel.force-include]
|
|
33
|
+
"skills" = "ai_sdlc/skills"
|
|
34
|
+
|
|
35
|
+
[tool.hatch.build.targets.sdist]
|
|
36
|
+
include = ["src", "skills", "README.md", "LICENSE", "pyproject.toml"]
|
|
@@ -0,0 +1,163 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: architecture-diagram
|
|
3
|
+
description: Create professional, dark-themed architecture diagrams as standalone HTML files with SVG graphics. Use when the user asks for system architecture diagrams, infrastructure diagrams, cloud architecture visualizations, security diagrams, network topology diagrams, or any technical diagram showing system components and their relationships.
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
version: "1.0"
|
|
7
|
+
author: Cocoon AI (hello@cocoon-ai.com)
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Architecture Diagram Skill
|
|
11
|
+
|
|
12
|
+
Create professional technical architecture diagrams as self-contained HTML files with inline SVG graphics and CSS styling.
|
|
13
|
+
|
|
14
|
+
## Design System
|
|
15
|
+
|
|
16
|
+
### Color Palette
|
|
17
|
+
|
|
18
|
+
Use these semantic colors for component types:
|
|
19
|
+
|
|
20
|
+
| Component Type | Fill (rgba) | Stroke |
|
|
21
|
+
|---------------|-------------|--------|
|
|
22
|
+
| Frontend | `rgba(8, 51, 68, 0.4)` | `#22d3ee` (cyan-400) |
|
|
23
|
+
| Backend | `rgba(6, 78, 59, 0.4)` | `#34d399` (emerald-400) |
|
|
24
|
+
| Database | `rgba(76, 29, 149, 0.4)` | `#a78bfa` (violet-400) |
|
|
25
|
+
| AWS/Cloud | `rgba(120, 53, 15, 0.3)` | `#fbbf24` (amber-400) |
|
|
26
|
+
| Security | `rgba(136, 19, 55, 0.4)` | `#fb7185` (rose-400) |
|
|
27
|
+
| Message Bus | `rgba(251, 146, 60, 0.3)` | `#fb923c` (orange-400) |
|
|
28
|
+
| External/Generic | `rgba(30, 41, 59, 0.5)` | `#94a3b8` (slate-400) |
|
|
29
|
+
|
|
30
|
+
### Typography
|
|
31
|
+
|
|
32
|
+
Use JetBrains Mono for all text (monospace, technical aesthetic):
|
|
33
|
+
```html
|
|
34
|
+
<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap" rel="stylesheet">
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Font sizes: 12px for component names, 9px for sublabels, 8px for annotations, 7px for tiny labels.
|
|
38
|
+
|
|
39
|
+
### Visual Elements
|
|
40
|
+
|
|
41
|
+
**Background:** `#020617` (slate-950) with subtle grid pattern:
|
|
42
|
+
```svg
|
|
43
|
+
<pattern id="grid" width="40" height="40" patternUnits="userSpaceOnUse">
|
|
44
|
+
<path d="M 40 0 L 0 0 0 40" fill="none" stroke="#1e293b" stroke-width="0.5"/>
|
|
45
|
+
</pattern>
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
**Component boxes:** Rounded rectangles (`rx="6"`) with 1.5px stroke, semi-transparent fills.
|
|
49
|
+
|
|
50
|
+
**Security groups:** Dashed stroke (`stroke-dasharray="4,4"`), transparent fill, rose color.
|
|
51
|
+
|
|
52
|
+
**Region boundaries:** Larger dashed stroke (`stroke-dasharray="8,4"`), amber color, `rx="12"`.
|
|
53
|
+
|
|
54
|
+
**Arrows:** Use SVG marker for arrowheads:
|
|
55
|
+
```svg
|
|
56
|
+
<marker id="arrowhead" markerWidth="10" markerHeight="7" refX="9" refY="3.5" orient="auto">
|
|
57
|
+
<polygon points="0 0, 10 3.5, 0 7" fill="#64748b" />
|
|
58
|
+
</marker>
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
**Arrow z-order:** Draw connection arrows early in the SVG (after the background grid) so they render behind component boxes. SVG elements are painted in document order, so arrows drawn first will appear behind shapes drawn later.
|
|
62
|
+
|
|
63
|
+
**Masking arrows behind transparent fills:** Since component boxes use semi-transparent fills (`rgba(..., 0.4)`), arrows behind them will show through. To fully mask arrows, draw an opaque background rect (e.g., `fill="#0f172a"`) at the same position before drawing the semi-transparent styled rect on top:
|
|
64
|
+
```svg
|
|
65
|
+
<!-- Opaque background to mask arrows -->
|
|
66
|
+
<rect x="X" y="Y" width="W" height="H" rx="6" fill="#0f172a"/>
|
|
67
|
+
<!-- Styled component on top -->
|
|
68
|
+
<rect x="X" y="Y" width="W" height="H" rx="6" fill="rgba(76, 29, 149, 0.4)" stroke="#a78bfa" stroke-width="1.5"/>
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
**Auth/security flows:** Dashed lines in rose color (`#fb7185`).
|
|
72
|
+
|
|
73
|
+
**Message buses / Event buses:** Small connector elements between services. Use orange color (`#fb923c` stroke, `rgba(251, 146, 60, 0.3)` fill):
|
|
74
|
+
```svg
|
|
75
|
+
<rect x="X" y="Y" width="120" height="20" rx="4" fill="rgba(251, 146, 60, 0.3)" stroke="#fb923c" stroke-width="1"/>
|
|
76
|
+
<text x="CENTER_X" y="Y+14" fill="#fb923c" font-size="7" text-anchor="middle">Kafka / RabbitMQ</text>
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### Spacing Rules
|
|
80
|
+
|
|
81
|
+
**CRITICAL:** When stacking components vertically, ensure proper spacing to avoid overlaps:
|
|
82
|
+
|
|
83
|
+
- **Standard component height:** 60px for services, 80-120px for larger components
|
|
84
|
+
- **Minimum vertical gap between components:** 40px
|
|
85
|
+
- **Inline connectors (message buses):** Place IN the gap between components, not overlapping
|
|
86
|
+
|
|
87
|
+
**Example vertical layout:**
|
|
88
|
+
```
|
|
89
|
+
Component A: y=70, height=60 → ends at y=130
|
|
90
|
+
Gap: y=130 to y=170 → 40px gap, place bus at y=140 (20px tall)
|
|
91
|
+
Component B: y=170, height=60 → ends at y=230
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
**Wrong:** Placing a message bus at y=160 when Component B starts at y=170 (causes overlap)
|
|
95
|
+
**Right:** Placing a message bus at y=140, centered in the 40px gap (y=130 to y=170)
|
|
96
|
+
|
|
97
|
+
### Legend Placement
|
|
98
|
+
|
|
99
|
+
**CRITICAL:** Place legends OUTSIDE all boundary boxes (region boundaries, cluster boundaries, security groups).
|
|
100
|
+
|
|
101
|
+
- Calculate where all boundaries end (y position + height)
|
|
102
|
+
- Place legend at least 20px below the lowest boundary
|
|
103
|
+
- Expand SVG viewBox height if needed to accommodate
|
|
104
|
+
|
|
105
|
+
**Example:**
|
|
106
|
+
```
|
|
107
|
+
Kubernetes Cluster: y=30, height=460 → ends at y=490
|
|
108
|
+
Legend should start at: y=510 or below
|
|
109
|
+
SVG viewBox height: at least 560 to fit legend
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
**Wrong:** Legend at y=470 inside a cluster boundary that ends at y=490
|
|
113
|
+
**Right:** Legend at y=510, below the cluster boundary, with viewBox height extended
|
|
114
|
+
|
|
115
|
+
### Layout Structure
|
|
116
|
+
|
|
117
|
+
1. **Header** - Title with pulsing dot indicator, subtitle
|
|
118
|
+
2. **Main SVG diagram** - Contained in rounded border card
|
|
119
|
+
3. **Summary cards** - Grid of 3 cards below diagram with key details
|
|
120
|
+
4. **Footer** - Minimal metadata line
|
|
121
|
+
|
|
122
|
+
### Component Box Pattern
|
|
123
|
+
|
|
124
|
+
```svg
|
|
125
|
+
<rect x="X" y="Y" width="W" height="H" rx="6" fill="FILL_COLOR" stroke="STROKE_COLOR" stroke-width="1.5"/>
|
|
126
|
+
<text x="CENTER_X" y="Y+20" fill="white" font-size="11" font-weight="600" text-anchor="middle">LABEL</text>
|
|
127
|
+
<text x="CENTER_X" y="Y+36" fill="#94a3b8" font-size="9" text-anchor="middle">sublabel</text>
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
### Info Card Pattern
|
|
131
|
+
|
|
132
|
+
```html
|
|
133
|
+
<div class="card">
|
|
134
|
+
<div class="card-header">
|
|
135
|
+
<div class="card-dot COLOR"></div>
|
|
136
|
+
<h3>Title</h3>
|
|
137
|
+
</div>
|
|
138
|
+
<ul>
|
|
139
|
+
<li>• Item one</li>
|
|
140
|
+
<li>• Item two</li>
|
|
141
|
+
</ul>
|
|
142
|
+
</div>
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
## Template
|
|
146
|
+
|
|
147
|
+
Copy and customize the template at `assets/template.html`. Key customization points:
|
|
148
|
+
|
|
149
|
+
1. Update the `<title>` and header text
|
|
150
|
+
2. Modify SVG viewBox dimensions if needed (default: `1000 x 680`)
|
|
151
|
+
3. Add/remove/reposition component boxes
|
|
152
|
+
4. Draw connection arrows between components
|
|
153
|
+
5. Update the three summary cards
|
|
154
|
+
6. Update footer metadata
|
|
155
|
+
|
|
156
|
+
## Output
|
|
157
|
+
|
|
158
|
+
Always produce a single self-contained `.html` file with:
|
|
159
|
+
- Embedded CSS (no external stylesheets except Google Fonts)
|
|
160
|
+
- Inline SVG (no external images)
|
|
161
|
+
- No JavaScript required (pure CSS animations)
|
|
162
|
+
|
|
163
|
+
The file should render correctly when opened directly in any modern browser.
|