zhongwei/gh-claudeforge-marketplace-plugins-super-enterprise-workspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-29 18:14:29 +08:00
commit cacbf4f891
8 changed files with 2857 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

624
commands/workspace-audit.md Normal file
View File

@@ -0,0 +1,624 @@
---
description: Comprehensive workspace audit analyzing architecture compliance, security posture, code quality, and operational readiness
version: 1.0.0
---
# Enterprise Workspace Audit Command
You are an expert workspace auditor responsible for conducting comprehensive assessments of workspace health, compliance status, security posture, code quality, and operational readiness. Your audits provide actionable insights and recommendations for continuous improvement.
## Core Mission
Execute thorough workspace audits covering architecture governance, security compliance, code quality metrics, performance benchmarks, dependency health, documentation completeness, and operational readiness, producing detailed reports with prioritized remediation recommendations.
## Workspace Audit Protocol
When this command is invoked, execute comprehensive multi-dimensional audit:
### Phase 1: Architecture Compliance Audit
1. **Directory Structure Validation**
```bash
# Verify standard directory structure
required_dirs=("src" "tests" "docs" "config" "scripts")
for dir in "${required_dirs[@]}"; do
[ -d "$dir" ] && echo "✓ $dir" || echo "❌ Missing: $dir"
done
# Check for anti-patterns
find src -name "*.backup" -o -name "*.old" -o -name "temp_*"
find . -name "node_modules" -not -path "./node_modules" | head -5
```
2. **Naming Convention Compliance**
```bash
# Check file naming conventions
find src -type f -name "*[A-Z]*" | grep -v "\.tsx\|\.jsx" || echo "✓ Lowercase files"
# Verify component naming (PascalCase for React components)
find src/components -name "*.tsx" ! -name "[A-Z]*" | head -10
# Check for inconsistent extensions
find src -name "*.ts" -o -name "*.tsx" | wc -l
find src -name "*.js" -o -name "*.jsx" | wc -l
```
3. **Dependency Architecture Analysis**
```bash
# Detect circular dependencies
npx madge --circular --extensions ts,tsx src/
# Generate dependency graph
npx madge --image deps-graph.png src/
# Check for unused dependencies
npx depcheck
# Analyze bundle composition
npm run build && npx webpack-bundle-analyzer stats.json
```
### Phase 2: Security Posture Assessment
1. **Vulnerability Scanning**
```bash
# NPM audit
npm audit --json > audit-report.json
# Snyk security scan
npx snyk test --severity-threshold=medium --json > snyk-report.json
# Check for outdated packages with vulnerabilities
npm outdated --json | jq 'to_entries | map(select(.value.latest != .value.current))'
```
2. **Secret Detection**
```bash
# Scan for exposed secrets
if command -v gitleaks &> /dev/null; then
gitleaks detect --source . --report-format json --report-path secrets-report.json
fi
# Check environment files
find . -name ".env*" -not -name ".env.example" -not -path "*/node_modules/*"
# Scan for hardcoded credentials patterns
grep -r -E "(password|apikey|api_key|secret|token).*=.*['\"].*['\"]" src/ || echo "✓ No hardcoded credentials"
```
3. **Access Control Review**
```bash
# Check file permissions
find . -type f -perm 0777 | grep -v node_modules
# Review .gitignore completeness
cat .gitignore | grep -E "\.env|node_modules|dist|\.log" || echo "⚠️ Incomplete .gitignore"
# Check for committed secrets
git log --all --full-history -- "**/.env" "**/*secret*" "**/*password*"
```
### Phase 3: Code Quality Assessment
1. **Static Code Analysis**
```bash
# ESLint analysis
npx eslint src/ --format json --output-file eslint-report.json
eslint_errors=$(jq '[.[] | .errorCount] | add' eslint-report.json)
eslint_warnings=$(jq '[.[] | .warningCount] | add' eslint-report.json)
echo "ESLint Results: $eslint_errors errors, $eslint_warnings warnings"
# TypeScript strict mode check
grep -E "\"strict\":\s*true" tsconfig.json || echo "⚠️ TypeScript strict mode not enabled"
# Check for console.log statements
grep -r "console.log" src/ | grep -v "// eslint-disable" | wc -l
```
2. **Code Complexity Metrics**
```bash
# Calculate cyclomatic complexity
npx complexity-report src/ --format json > complexity-report.json
# Identify high-complexity functions (>10)
jq '.functions[] | select(.cyclomatic > 10) | {name, complexity: .cyclomatic}' complexity-report.json
# Measure code duplication
npx jscpd src/ --format json --output duplication-report.json
# Lines of code metrics
npx cloc src/ --json > loc-metrics.json
```
3. **Test Coverage Analysis**
```bash
# Generate coverage report
npm test -- --coverage --json --outputFile=coverage-summary.json
# Check coverage thresholds
coverage_lines=$(jq '.coverage.total.lines.pct' coverage-summary.json)
coverage_branches=$(jq '.coverage.total.branches.pct' coverage-summary.json)
echo "Coverage: Lines $coverage_lines%, Branches $coverage_branches%"
# Identify untested files
find src -name "*.ts" -o -name "*.tsx" | while read file; do
grep -q "$file" coverage-summary.json || echo "⚠️ No tests: $file"
done
```
### Phase 4: Performance Audit
1. **Build Performance**
```bash
# Measure build time
time npm run build
# Analyze bundle size
du -sh dist/
find dist -name "*.js" -exec du -h {} + | sort -rh | head -10
# Check for source maps in production
find dist -name "*.map" | wc -l
```
2. **Runtime Performance Metrics**
```bash
# Check for performance anti-patterns
grep -r "useEffect.*\[\]" src/ | wc -l # Empty dependency arrays
grep -r "React.memo" src/ | wc -l # Memoization usage
# Identify large components
find src/components -name "*.tsx" -exec wc -l {} + | sort -rn | head -10
```
3. **Database Query Analysis**
```bash
# Check for N+1 query patterns
grep -r "forEach.*await" src/ | grep -v "test"
# Review index usage
cat prisma/schema.prisma | grep -E "@@index|@@unique"
```
### Phase 5: Documentation Completeness
1. **Code Documentation**
```bash
# Check for JSDoc coverage
find src -name "*.ts" -o -name "*.tsx" | while read file; do
functions=$(grep -E "^(export )?(async )?function" "$file" | wc -l)
jsdocs=$(grep -B1 "^(export )?(async )?function" "$file" | grep -E "\/\*\*" | wc -l)
echo "$file: $jsdocs/$functions functions documented"
done
# Check README completeness
sections=("Installation" "Usage" "Contributing" "License")
for section in "${sections[@]}"; do
grep -q "$section" README.md && echo "✓ $section" || echo "❌ Missing: $section"
done
```
2. **API Documentation**
```bash
# Verify OpenAPI spec exists
[ -f "openapi.yaml" ] && echo "✓ OpenAPI spec found" || echo "⚠️ No API documentation"
# Check for endpoint documentation
grep -r "@api" src/ | wc -l
# Verify changelog maintenance
[ -f "CHANGELOG.md" ] && echo "✓ Changelog exists" || echo "❌ No changelog"
```
### Phase 6: Operational Readiness
1. **CI/CD Pipeline Health**
```bash
# Validate workflow files
for workflow in .github/workflows/*.yml; do
echo "Checking $workflow"
npx @action-validator/cli "$workflow" || echo "⚠️ Invalid workflow: $workflow"
done
# Check for required workflows
required_workflows=("ci.yml" "cd.yml" "security.yml")
for workflow in "${required_workflows[@]}"; do
[ -f ".github/workflows/$workflow" ] && echo "✓ $workflow" || echo "❌ Missing: $workflow"
done
```
2. **Environment Configuration**
```bash
# Verify environment templates
[ -f ".env.example" ] && echo "✓ Environment template exists" || echo "❌ No .env.example"
# Check for environment-specific configs
for env in development staging production; do
[ -f "config/$env.json" ] && echo "✓ $env config" || echo "⚠️ Missing $env config"
done
```
3. **Monitoring and Logging**
```bash
# Check for logging implementation
grep -r "logger\|console\.(log|error|warn)" src/ | wc -l
# Verify error tracking setup
grep -r "Sentry\|Rollbar\|Bugsnag" src/ | head -1 || echo "⚠️ No error tracking"
# Check for performance monitoring
grep -r "performance.mark\|performance.measure" src/ || echo "⚠️ No performance monitoring"
```
### Phase 7: Dependency Health Check
1. **Dependency Audit**
```bash
# Check dependency freshness
npm outdated --json | jq -r 'to_entries[] | "\(.key): \(.value.current) → \(.value.latest)"'
# Identify deprecated packages
npm ls --json | jq -r '.. | .deprecated? // empty'
# Check for multiple versions of same package
npm ls --json | jq -r '.. | .dependencies? // empty | keys[] as $k | "\($k)"' | sort | uniq -c | sort -rn | head -10
```
2. **License Compliance**
```bash
# Generate license report
npx license-checker --summary
# Check for license conflicts
npx license-checker --onlyAllow "MIT;Apache-2.0;BSD-3-Clause;ISC" --json > licenses.json || echo "⚠️ License conflicts detected"
# Generate SBOM
npm sbom --sbom-format cyclonedx --output-file sbom.json
```
## Comprehensive Audit Report
Generate detailed audit report:
```markdown
# Workspace Audit Report
**Audit Date:** 2024-01-15 15:45:00 UTC
**Auditor:** Enterprise Workspace Auditor
**Workspace:** production-app
**Overall Score:** 8.2/10 ⭐⭐⭐⭐
---
## Executive Summary
This workspace demonstrates strong engineering practices with room for improvement in documentation and security hardening. The codebase is well-structured, tested, and maintainable, but requires attention to identified security vulnerabilities and performance optimizations.
### Key Findings
✅ **Strengths:**
- Excellent test coverage (87%)
- Well-organized architecture
- Active dependency management
- Comprehensive CI/CD pipelines
⚠️ **Areas for Improvement:**
- 3 high-severity security vulnerabilities
- Missing API documentation
- 12% of functions lack documentation
- Bundle size exceeds recommended threshold
❌ **Critical Issues:**
- Exposed secrets in git history
- Missing security headers configuration
- Production source maps exposed
---
## Detailed Assessment
### 1. Architecture Compliance (9/10)
**Score Breakdown:**
- Directory Structure: 10/10 ✓
- Naming Conventions: 9/10 ✓
- Dependency Architecture: 8/10 ⚠️
**Findings:**
✓ Standard directory structure followed
✓ Consistent naming conventions
⚠️ 2 circular dependencies detected:
- src/services/UserService.ts ↔ src/services/AuthService.ts
- src/components/Dashboard.tsx ↔ src/components/Sidebar.tsx
**Recommendations:**
1. Break circular dependencies using interfaces
2. Consider feature-based organization for large modules
3. Extract shared utilities to separate package
### 2. Security Posture (6/10)
**Score Breakdown:**
- Vulnerability Management: 5/10 ❌
- Secret Protection: 7/10 ⚠️
- Access Control: 8/10 ✓
**Critical Findings:**
❌ 3 high-severity vulnerabilities in dependencies:
- axios@0.21.1 (CVE-2023-45857) - Upgrade to 1.6.0+
- lodash@4.17.19 (CVE-2021-23337) - Upgrade to 4.17.21+
- semver@5.7.0 (CVE-2022-25883) - Upgrade to 7.5.4+
⚠️ Exposed secrets found in git history (commit abc123)
⚠️ .env file not in .gitignore (added 2 weeks ago)
**Immediate Actions Required:**
1. Update vulnerable dependencies immediately
2. Rotate exposed API keys
3. Add secrets to .gitignore
4. Run git history cleanup: `git filter-branch`
5. Enable branch protection rules
### 3. Code Quality (8.5/10)
**Score Breakdown:**
- Static Analysis: 9/10 ✓
- Complexity: 8/10 ✓
- Test Coverage: 9/10 ✓
- Code Duplication: 7/10 ⚠️
**Metrics:**
- Lines of Code: 15,420
- Test Coverage: 87% (target: 80%) ✓
- Average Complexity: 4.2 (good)
- High Complexity Functions: 5 (threshold: 10) ⚠️
- Code Duplication: 8% (acceptable)
- ESLint Issues: 23 warnings, 0 errors
**High Complexity Functions:**
1. UserService.validateAndCreateUser() - Complexity: 15
2. ReportGenerator.generateReport() - Complexity: 13
3. DataProcessor.transformData() - Complexity: 12
4. PaymentService.processPayment() - Complexity: 11
5. AuthMiddleware.validateToken() - Complexity: 10
**Recommendations:**
1. Refactor high-complexity functions
2. Reduce code duplication in utility files
3. Address remaining ESLint warnings
4. Add tests for edge cases
### 4. Performance (7/10)
**Score Breakdown:**
- Build Performance: 8/10 ✓
- Runtime Performance: 7/10 ⚠️
- Bundle Optimization: 6/10 ⚠️
**Metrics:**
- Build Time: 45 seconds (good)
- Bundle Size: 2.8 MB (target: 2 MB) ⚠️
- Largest Chunks:
- vendor.js: 1.2 MB
- main.js: 890 KB
- components.js: 710 KB
**Issues:**
⚠️ Bundle size exceeds recommendation by 40%
⚠️ 15 large images not optimized (total 3.2 MB)
⚠️ Source maps included in production build
**Optimization Opportunities:**
1. Implement code splitting for routes
2. Lazy load components below fold
3. Optimize images with next-gen formats
4. Remove source maps from production
5. Tree-shake unused lodash functions
6. Enable gzip/brotli compression
### 5. Documentation (6.5/10)
**Score Breakdown:**
- Code Documentation: 7/10 ⚠️
- API Documentation: 5/10 ⚠️
- User Documentation: 7/10 ⚠️
**Statistics:**
- Functions Documented: 88% (142/161)
- README Completeness: 70%
- API Docs: Missing ❌
- Changelog: Present but outdated
**Missing Documentation:**
- 19 public functions lack JSDoc comments
- No OpenAPI/Swagger specification
- Installation guide incomplete
- Architecture diagrams missing
- Troubleshooting guide needed
**Recommendations:**
1. Document all public APIs
2. Generate OpenAPI specification
3. Create architecture diagrams
4. Update README with complete setup guide
5. Maintain CHANGELOG.md regularly
### 6. Operational Readiness (8/10)
**Score Breakdown:**
- CI/CD Pipelines: 9/10 ✓
- Environment Management: 8/10 ✓
- Monitoring: 7/10 ⚠️
**Infrastructure:**
✓ Comprehensive CI/CD workflows
✓ Environment configuration templates
✓ Docker containerization
⚠️ Limited monitoring coverage
⚠️ No alerting configuration
**Recommendations:**
1. Add performance monitoring (New Relic/Datadog)
2. Configure alerts for critical errors
3. Implement log aggregation
4. Set up uptime monitoring
5. Create runbook documentation
### 7. Dependency Health (7.5/10)
**Statistics:**
- Total Dependencies: 127 (78 direct, 49 dev)
- Outdated Packages: 23
- Deprecated Packages: 2
- License Issues: 0 ✓
**Deprecated Dependencies:**
❌ request@2.88.2 (use axios or node-fetch)
❌ core-js@2.6.12 (upgrade to v3)
**Recommendations:**
1. Update 23 outdated packages
2. Replace deprecated dependencies
3. Audit and remove unused dependencies
4. Consider dependency update automation
---
## Priority Action Items
### Critical (Fix Immediately)
1. 🔴 Update 3 high-severity vulnerable dependencies
2. 🔴 Rotate exposed API keys in git history
3. 🔴 Remove production source maps
### High Priority (Fix This Week)
1. 🟠 Break 2 circular dependencies
2. 🟠 Add missing API documentation
3. 🟠 Optimize bundle size to <2MB
4. 🟠 Document 19 undocumented functions
### Medium Priority (Fix This Sprint)
1. 🟡 Refactor 5 high-complexity functions
2. 🟡 Replace deprecated dependencies
3. 🟡 Set up performance monitoring
4. 🟡 Create architecture diagrams
### Low Priority (Plan for Next Sprint)
1. 🟢 Reduce code duplication
2. 🟢 Update outdated dependencies
3. 🟢 Improve test coverage to 90%
4. 🟢 Add integration tests
---
## Compliance Status
### Security Compliance
- [ ] OWASP Top 10 - 70% compliant
- [ ] CWE Top 25 - 85% compliant
- [x] Dependency scanning - Enabled
- [ ] Secret scanning - Needs improvement
### Code Quality Standards
- [x] Linting enabled and enforced
- [x] Code formatting automated
- [x] Type safety (TypeScript strict mode)
- [x] Test coverage >80%
### Operational Standards
- [x] CI/CD pipelines functional
- [x] Automated deployments
- [ ] Monitoring and alerting
- [ ] Incident response procedures
---
## Trend Analysis
Comparing to previous audit (30 days ago):
**Improvements:**
✓ Test coverage: 79% → 87% (+8%)
✓ Build time: 67s → 45s (-33%)
✓ ESLint issues: 45 → 23 (-49%)
**Regressions:**
⚠️ Security vulnerabilities: 0 → 3 (+3)
⚠️ Bundle size: 2.1 MB → 2.8 MB (+33%)
⚠️ Undocumented functions: 8 → 19 (+11)
**Recommendations:**
- Maintain momentum on test coverage
- Address security regression immediately
- Implement bundle size monitoring
- Enforce documentation requirements
---
## Next Audit Schedule
**Regular Audits:** Weekly automated, Monthly comprehensive
**Next Comprehensive Audit:** 2024-02-15
**Follow-up Review:** 2024-01-22 (critical items only)
---
## Audit Methodology
This audit was conducted using:
- Static code analysis (ESLint, TypeScript)
- Dependency scanning (npm audit, Snyk)
- Security scanning (Gitleaks)
- Performance profiling
- Manual code review
- Documentation review
- Best practices checklist
**Audit Duration:** 2 hours
**Files Analyzed:** 347
**Tools Used:** 15
**Checks Performed:** 127
```
## Success Criteria
A comprehensive audit provides:
- Complete health assessment
- Prioritized action items
- Trend analysis
- Compliance status
- Clear recommendations
- Measurable metrics
- Follow-up schedule
## Business Impact
**Risk Mitigation:** Identify and address vulnerabilities
**Quality Improvement:** Systematic code quality enhancement
**Compliance:** Maintain audit readiness
**Performance:** Optimize for better user experience
**Cost Reduction:** Prevent technical debt accumulation
This enterprise workspace audit provides complete visibility into workspace health with actionable recommendations for continuous improvement.

673
commands/workspace-init.md Normal file
View File

@@ -0,0 +1,673 @@
---
description: Initialize enterprise workspace with architecture governance, compliance frameworks, and automated validation infrastructure
version: 1.0.0
---
# Enterprise Workspace Initialization Command
You are an expert workspace architect responsible for establishing comprehensive enterprise workspace environments that integrate architecture governance, compliance tracking, development standards, and automated validation. Your initialization process creates scalable, maintainable, and compliant workspace foundations.
## Core Mission
Initialize complete enterprise workspace infrastructure including project structure, configuration management, compliance frameworks, quality gates, security policies, documentation systems, and automated validation pipelines that ensure consistent, high-quality development practices across teams.
## Workspace Initialization Protocol
When this command is invoked, execute the following comprehensive initialization sequence:
### Phase 1: Environment Discovery and Analysis
1. **Analyze Existing Environment**
```bash
# Check current directory structure
ls -la
tree -L 3 -a
# Identify project type
cat package.json 2>/dev/null || cat pyproject.toml 2>/dev/null || cat Cargo.toml 2>/dev/null
# Check for existing configurations
ls -la .* | grep -E "rc|config|ignore"
# Identify version control
git status 2>/dev/null || echo "No git repository"
# Check for CI/CD configuration
ls -la .github .gitlab-ci.yml .circleci 2>/dev/null
```
Assess:
- Project type and technology stack
- Existing configuration files
- Current project structure
- Version control status
- CI/CD infrastructure presence
- Team size indicators
- Development maturity level
2. **Determine Workspace Requirements**
Based on project type, configure appropriate:
**For Web Applications:**
- Frontend framework setup (React, Vue, Angular)
- Backend API structure (Express, FastAPI, Spring)
- Database configuration
- Authentication/authorization framework
- State management architecture
- Testing infrastructure
**For Libraries/Packages:**
- Package structure and entry points
- Build and bundle configuration
- API documentation generation
- Version management strategy
- Publishing pipeline
- Compatibility testing
**For Microservices:**
- Service mesh configuration
- Inter-service communication
- Service discovery setup
- Distributed tracing
- Centralized logging
- API gateway configuration
3. **Identify Compliance Requirements**
Determine required compliance frameworks:
- SOC 2 compliance requirements
- GDPR data protection rules
- HIPAA healthcare regulations
- PCI DSS payment security
- ISO 27001 information security
- Industry-specific standards
### Phase 2: Directory Structure Initialization
1. **Create Enterprise Directory Structure**
```bash
# Core application directories
mkdir -p src/{components,services,utils,types,hooks,contexts}
mkdir -p src/{features,layouts,pages,routing}
mkdir -p src/{api,models,controllers,middleware}
# Testing infrastructure
mkdir -p tests/{unit,integration,e2e,fixtures,mocks}
mkdir -p tests/{performance,security,accessibility}
# Configuration management
mkdir -p config/{environments,features,integrations}
mkdir -p config/{security,compliance,monitoring}
# Documentation system
mkdir -p docs/{architecture,api,guides,tutorials}
mkdir -p docs/{decisions,runbooks,troubleshooting}
# Infrastructure as code
mkdir -p infrastructure/{terraform,kubernetes,docker}
mkdir -p infrastructure/{scripts,templates,policies}
# CI/CD pipelines
mkdir -p .github/workflows
mkdir -p .github/{ISSUE_TEMPLATE,PULL_REQUEST_TEMPLATE}
# Development tools
mkdir -p tools/{generators,validators,analyzers}
mkdir -p scripts/{build,deploy,maintenance}
# Quality assurance
mkdir -p quality/{standards,checklists,reports}
mkdir -p quality/{metrics,audits,reviews}
```
2. **Initialize Configuration Files**
Create comprehensive configuration ecosystem:
**EditorConfig** (`.editorconfig`):
```ini
root = true
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = space
indent_size = 2
[*.{js,jsx,ts,tsx}]
indent_size = 2
[*.{py}]
indent_size = 4
[*.{md,markdown}]
trim_trailing_whitespace = false
[Makefile]
indent_style = tab
```
**Git Configuration** (`.gitignore`):
```
# Dependencies
node_modules/
vendor/
.pnp
.pnp.js
# Testing
coverage/
.nyc_output/
*.lcov
# Production
build/
dist/
out/
# Environment
.env
.env.local
.env.*.local
# IDE
.vscode/
.idea/
*.swp
*.swo
*~
# OS
.DS_Store
Thumbs.db
# Logs
logs/
*.log
npm-debug.log*
# Temporary
tmp/
temp/
.cache/
```
**Git Attributes** (`.gitattributes`):
```
* text=auto eol=lf
*.jpg binary
*.png binary
*.gif binary
*.ico binary
*.mov binary
*.mp4 binary
*.mp3 binary
*.zip binary
*.pdf binary
```
### Phase 3: Development Standards Configuration
1. **Code Quality Tools**
**ESLint Configuration** (`.eslintrc.js`):
```javascript
module.exports = {
root: true,
env: {
browser: true,
es2021: true,
node: true,
},
extends: [
'eslint:recommended',
'plugin:@typescript-eslint/recommended',
'plugin:react/recommended',
'plugin:react-hooks/recommended',
'plugin:jsx-a11y/recommended',
'plugin:security/recommended',
'prettier',
],
parser: '@typescript-eslint/parser',
parserOptions: {
ecmaVersion: 'latest',
sourceType: 'module',
ecmaFeatures: {
jsx: true,
},
project: './tsconfig.json',
},
plugins: [
'@typescript-eslint',
'react',
'react-hooks',
'jsx-a11y',
'security',
'import',
],
rules: {
'no-console': ['warn', { allow: ['warn', 'error'] }],
'no-debugger': 'error',
'no-unused-vars': 'off',
'@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
'@typescript-eslint/explicit-function-return-type': 'warn',
'@typescript-eslint/no-explicit-any': 'error',
'react/prop-types': 'off',
'react/react-in-jsx-scope': 'off',
'import/order': ['error', {
groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
'newlines-between': 'always',
alphabetize: { order: 'asc', caseInsensitive: true },
}],
},
settings: {
react: {
version: 'detect',
},
},
};
```
**Prettier Configuration** (`.prettierrc.js`):
```javascript
module.exports = {
semi: true,
trailingComma: 'es5',
singleQuote: true,
printWidth: 100,
tabWidth: 2,
useTabs: false,
arrowParens: 'always',
endOfLine: 'lf',
bracketSpacing: true,
jsxBracketSameLine: false,
};
```
2. **TypeScript Configuration** (tsconfig.json):
```json
{
"compilerOptions": {
"target": "ES2020",
"lib": ["ES2020", "DOM", "DOM.Iterable"],
"jsx": "react-jsx",
"module": "ESNext",
"moduleResolution": "bundler",
"resolveJsonModule": true,
"allowJs": false,
"checkJs": false,
"outDir": "./dist",
"rootDir": "./src",
"strict": true,
"noImplicitAny": true,
"strictNullChecks": true,
"strictFunctionTypes": true,
"strictBindCallApply": true,
"strictPropertyInitialization": true,
"noImplicitThis": true,
"alwaysStrict": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"noImplicitReturns": true,
"noFallthroughCasesInSwitch": true,
"esModuleInterop": true,
"allowSyntheticDefaultImports": true,
"forceConsistentCasingInFileNames": true,
"skipLibCheck": true,
"baseUrl": ".",
"paths": {
"@/*": ["src/*"],
"@components/*": ["src/components/*"],
"@services/*": ["src/services/*"],
"@utils/*": ["src/utils/*"],
"@types/*": ["src/types/*"]
}
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist", "build", "tests"]
}
```
### Phase 4: Testing Infrastructure Setup
1. **Testing Configuration**
**Jest Configuration** (jest.config.js):
```javascript
module.exports = {
preset: 'ts-jest',
testEnvironment: 'jsdom',
roots: ['<rootDir>/src', '<rootDir>/tests'],
testMatch: ['**/__tests__/**/*.+(ts|tsx|js)', '**/?(*.)+(spec|test).+(ts|tsx|js)'],
transform: {
'^.+\\.(ts|tsx)$': 'ts-jest',
},
collectCoverageFrom: [
'src/**/*.{js,jsx,ts,tsx}',
'!src/**/*.d.ts',
'!src/**/*.stories.tsx',
'!src/index.tsx',
],
coverageThreshold: {
global: {
branches: 80,
functions: 80,
lines: 80,
statements: 80,
},
},
moduleNameMapper: {
'^@/(.*)$': '<rootDir>/src/$1',
'^@components/(.*)$': '<rootDir>/src/components/$1',
'^@services/(.*)$': '<rootDir>/src/services/$1',
'^@utils/(.*)$': '<rootDir>/src/utils/$1',
'\\.(css|less|scss|sass)$': 'identity-obj-proxy',
},
setupFilesAfterEnv: ['<rootDir>/tests/setup.ts'],
};
```
2. **Test Setup Files**
Create `tests/setup.ts`:
```typescript
import '@testing-library/jest-dom';
import { server } from './mocks/server';
// Establish API mocking before all tests
beforeAll(() => server.listen());
// Reset handlers after each test
afterEach(() => server.resetHandlers());
// Clean up after tests are finished
afterAll(() => server.close());
```
### Phase 5: CI/CD Pipeline Configuration
1. **GitHub Actions Workflows**
**Main CI Workflow** (`.github/workflows/ci.yml`):
```yaml
name: Continuous Integration
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
jobs:
quality:
name: Code Quality
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run lint
- run: npm run format:check
- run: npm run typecheck
test:
name: Test Suite
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm test -- --coverage
- uses: codecov/codecov-action@v3
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm audit --audit-level=moderate
- uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
build:
name: Build
runs-on: ubuntu-latest
needs: [quality, test]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run build
- uses: actions/upload-artifact@v3
with:
name: build-artifacts
path: dist/
```
### Phase 6: Documentation System Initialization
1. **Architecture Documentation**
Create `docs/architecture/overview.md`:
```markdown
# Architecture Overview
## System Architecture
[Describe high-level architecture]
## Technology Stack
### Frontend
- React 18 with TypeScript
- State Management: Zustand/Redux
- Styling: Tailwind CSS
- Forms: React Hook Form
- Testing: Jest, React Testing Library
### Backend
- Node.js with Express
- Database: PostgreSQL
- ORM: Prisma
- Authentication: JWT
- API Documentation: OpenAPI/Swagger
### Infrastructure
- Hosting: AWS/Azure/GCP
- CI/CD: GitHub Actions
- Monitoring: Datadog/New Relic
- Logging: Winston/Pino
- Error Tracking: Sentry
## Key Design Decisions
See [Architecture Decision Records](./decisions/README.md)
## Security Architecture
[Describe security measures]
## Scalability Considerations
[Describe scalability approach]
```
2. **Development Guidelines**
Create `docs/guides/development.md`:
```markdown
# Development Guide
## Getting Started
1. Clone repository
2. Install dependencies: `npm install`
3. Copy `.env.example` to `.env`
4. Run development server: `npm run dev`
## Code Style
- Follow ESLint and Prettier configurations
- Use TypeScript for all new code
- Write tests for all features
- Document complex logic
## Git Workflow
- Create feature branches from `develop`
- Follow conventional commit format
- Keep commits atomic and focused
- Write descriptive PR descriptions
## Testing Guidelines
- Write unit tests for business logic
- Write integration tests for API endpoints
- Write E2E tests for critical user flows
- Maintain >80% code coverage
## Code Review Checklist
- [ ] Tests pass and coverage maintained
- [ ] No linting errors
- [ ] Documentation updated
- [ ] Security considerations addressed
- [ ] Performance impact assessed
```
### Phase 7: Compliance Framework Setup
1. **Create Compliance Documentation**
Initialize compliance tracking:
```bash
mkdir -p compliance/{policies,procedures,audits,reports}
# Create policy templates
cat > compliance/policies/security-policy.md
cat > compliance/policies/data-protection-policy.md
cat > compliance/policies/access-control-policy.md
# Create audit checklists
cat > compliance/audits/security-checklist.md
cat > compliance/audits/code-quality-checklist.md
```
2. **Security Policies**
Create comprehensive security documentation defining:
- Authentication and authorization requirements
- Data encryption standards
- API security guidelines
- Dependency management policies
- Incident response procedures
- Security testing requirements
### Phase 8: Automation and Tooling
1. **Development Scripts**
Create `scripts/validate-commit.sh`:
```bash
#!/bin/bash
set -e
echo "Running pre-commit validations..."
# Lint staged files
npm run lint:staged
# Type check
npm run typecheck
# Run tests related to changes
npm test -- --findRelatedTests --bail
# Check for secrets
if command -v gitleaks &> /dev/null; then
gitleaks protect --staged
fi
echo "All validations passed!"
```
2. **Quality Gates Script**
Create `scripts/quality-gate.sh`:
```bash
#!/bin/bash
set -e
echo "Checking quality gates..."
# Code coverage threshold
COVERAGE=$(npm test -- --coverage --silent | grep "All files" | awk '{print $10}' | tr -d '%')
if [ "$COVERAGE" -lt 80 ]; then
echo "ERROR: Code coverage below 80%"
exit 1
fi
# Bundle size check
npm run build
BUNDLE_SIZE=$(du -sk dist | awk '{print $1}')
if [ "$BUNDLE_SIZE" -gt 5000 ]; then
echo "WARNING: Bundle size exceeds 5MB"
fi
echo "All quality gates passed!"
```
## Success Metrics
A successful workspace initialization includes:
- Complete directory structure created
- All configuration files initialized
- Development tools configured
- Testing infrastructure operational
- CI/CD pipelines functional
- Documentation framework established
- Compliance tracking in place
- Automated validation working
- Team onboarding documentation ready
## Business Impact
**Development Velocity:**
- Reduce setup time from days to minutes
- Standardize development environments
- Eliminate configuration drift
**Quality Improvement:**
- Enforce code quality standards
- Automate testing and validation
- Catch issues early in development
**Compliance Achievement:**
- Track compliance requirements
- Automate compliance checks
- Generate audit reports
**Team Productivity:**
- Reduce onboarding friction
- Provide clear guidelines
- Enable self-service workflows
This enterprise workspace initialization establishes a solid foundation for scalable, maintainable, and compliant software development.

482
commands/workspace-sync.md Normal file
View File

@@ -0,0 +1,482 @@
---
description: Synchronize workspace configuration, dependencies, and standards across team members ensuring consistency and compliance
version: 1.0.0
---
# Enterprise Workspace Synchronization Command
You are an expert workspace synchronization specialist responsible for maintaining consistency across development environments, ensuring all team members work with identical configurations, dependencies, and standards. Your synchronization process eliminates environment drift and ensures reproducible builds.
## Core Mission
Synchronize workspace configurations, development dependencies, tool versions, environment variables, compliance policies, and code standards across all team members and environments, ensuring perfect consistency and eliminating "works on my machine" scenarios.
## Workspace Synchronization Protocol
When this command is invoked, execute comprehensive synchronization:
### Phase 1: Configuration Drift Detection
1. **Analyze Current Configuration State**
```bash
# Check Node.js and npm versions
node --version
npm --version
# Check package versions
npm list --depth=0
# Verify git configuration
git config --list --local
# Check environment variables
env | grep -E "NODE_ENV|API_URL|DATABASE"
# Verify tool versions
npx eslint --version
npx prettier --version
npx typescript --version
```
2. **Compare Against Standard Configuration**
Load workspace standard from `.workspace-config.json`:
```json
{
"nodeVersion": "20.x",
"npmVersion": "10.x",
"requiredTools": {
"typescript": "^5.0.0",
"eslint": "^8.50.0",
"prettier": "^3.0.0"
},
"environmentVariables": {
"NODE_ENV": "development",
"API_URL": "http://localhost:3000"
},
"gitConfig": {
"core.autocrlf": "false",
"pull.rebase": "true"
}
}
```
3. **Identify Discrepancies**
Report configuration drift:
```
Configuration Drift Detected:
Version Mismatches:
- Node.js: Expected 20.x, Found 18.16.0 ⚠️
- TypeScript: Expected ^5.0.0, Found ^4.9.5 ⚠️
Missing Tools:
- commitlint not installed ❌
- husky not configured ❌
Environment Variables:
- API_URL not set ❌
- DATABASE_URL using wrong value ⚠️
Git Configuration:
- core.autocrlf set to 'true' (should be 'false') ⚠️
```
### Phase 2: Dependency Synchronization
1. **Package Dependencies**
```bash
# Check for outdated packages
npm outdated
# Check for security vulnerabilities
npm audit
# Verify lockfile integrity
npm ci --dry-run
# Update dependencies to match lockfile
npm ci
```
2. **Global Tool Installation**
Ensure required global tools are installed:
```bash
# Check and install global tools
npm list -g --depth=0 | grep commitlint || npm install -g @commitlint/cli
npm list -g --depth=0 | grep prettier || npm install -g prettier
npm list -g --depth=0 | grep typescript || npm install -g typescript
```
3. **System Dependencies**
Verify system-level dependencies:
```bash
# Check for Docker
docker --version || echo "Docker not installed"
# Check for Git LFS
git lfs version || echo "Git LFS not installed"
# Platform-specific checks
if [[ "$OSTYPE" == "darwin"* ]]; then
brew --version || echo "Homebrew not installed"
fi
```
### Phase 3: Configuration Synchronization
1. **Environment Variables Sync**
```bash
# Create .env from template if missing
if [ ! -f .env ]; then
cp .env.example .env
echo "Created .env from template"
fi
# Validate required environment variables
required_vars=("DATABASE_URL" "API_KEY" "JWT_SECRET")
for var in "${required_vars[@]}"; do
if ! grep -q "^$var=" .env; then
echo "WARNING: $var not set in .env"
fi
done
```
2. **Git Configuration Sync**
```bash
# Apply standard git configuration
git config --local core.autocrlf false
git config --local core.eol lf
git config --local pull.rebase true
git config --local fetch.prune true
git config --local diff.algorithm histogram
# Configure Git hooks
npx husky install
npx husky add .husky/pre-commit "npm run pre-commit"
npx husky add .husky/commit-msg "npx commitlint --edit $1"
```
3. **Editor Configuration Sync**
Ensure consistent editor settings:
```bash
# Verify EditorConfig is being respected
if [ -f .editorconfig ]; then
echo "EditorConfig present ✓"
else
echo "WARNING: EditorConfig missing"
fi
# Check VSCode settings
if [ -d .vscode ]; then
echo "VSCode workspace settings found ✓"
fi
```
### Phase 4: Code Standards Synchronization
1. **Linting Configuration**
```bash
# Update ESLint configuration
npm install --save-dev eslint @typescript-eslint/parser @typescript-eslint/eslint-plugin
# Run linter to check for issues
npm run lint -- --max-warnings 0
# Apply auto-fixes
npm run lint -- --fix
```
2. **Formatting Standards**
```bash
# Check code formatting
npm run format:check
# Apply formatting
npm run format
# Verify all files formatted
git diff --exit-code || echo "Some files were reformatted"
```
3. **Type Checking**
```bash
# Run TypeScript compiler
npm run typecheck
# Generate type declarations
npm run build:types
```
### Phase 5: Database Schema Synchronization
1. **Migration Status Check**
```bash
# Check pending migrations
npx prisma migrate status
# Apply pending migrations
npx prisma migrate deploy
# Regenerate Prisma client
npx prisma generate
```
2. **Seed Data Sync**
```bash
# Reset development database
if [ "$NODE_ENV" = "development" ]; then
npx prisma migrate reset --force
npx prisma db seed
fi
```
### Phase 6: Documentation Synchronization
1. **API Documentation**
```bash
# Regenerate API documentation
npm run docs:api
# Update OpenAPI/Swagger specs
npm run openapi:generate
# Verify documentation build
npm run docs:build
```
2. **Dependency Documentation**
```bash
# Generate dependency graph
npm run deps:graph
# Update package documentation
npm run docs:packages
# Create SBOM (Software Bill of Materials)
npm run sbom:generate
```
### Phase 7: Testing Infrastructure Sync
1. **Test Environment Setup**
```bash
# Set up test database
DATABASE_URL=postgres://test npm run test:db:setup
# Install test utilities
npm install --save-dev @testing-library/react @testing-library/jest-dom
# Configure test coverage
npm test -- --coverage --watchAll=false
```
2. **Mock Data Synchronization**
```bash
# Update test fixtures
npm run fixtures:generate
# Sync mock server configuration
npm run mocks:sync
```
### Phase 8: CI/CD Pipeline Sync
1. **Workflow Validation**
```bash
# Validate GitHub Actions workflows
if [ -d .github/workflows ]; then
for file in .github/workflows/*.yml; do
echo "Validating $file"
npx @action-validator/cli "$file"
done
fi
```
2. **Secret Management**
```bash
# Check for required secrets
required_secrets=("NPM_TOKEN" "AWS_ACCESS_KEY" "DATABASE_URL")
echo "Required CI/CD secrets:"
for secret in "${required_secrets[@]}"; do
echo " - $secret"
done
```
### Phase 9: Compliance Sync
1. **License Compliance**
```bash
# Check dependency licenses
npx license-checker --summary
# Verify no incompatible licenses
npx license-checker --onlyAllow "MIT;Apache-2.0;BSD-3-Clause;ISC"
# Generate license report
npx license-checker --json > compliance/licenses.json
```
2. **Security Compliance**
```bash
# Run security audit
npm audit --audit-level=moderate
# Check for known vulnerabilities
npx snyk test
# Scan for secrets in code
if command -v gitleaks &> /dev/null; then
gitleaks detect --source . --verbose
fi
```
3. **Code Quality Metrics**
```bash
# Generate complexity report
npx madge --circular --extensions ts,tsx src/
# Calculate technical debt
npx code-complexity --threshold 10 src/
# Check bundle size
npm run build && npm run analyze
```
## Synchronization Report
Generate comprehensive synchronization report:
```markdown
# Workspace Synchronization Report
**Date:** 2024-01-15 14:30:00 UTC
**Duration:** 45 seconds
**Status:** ✓ Success
## Summary
- 15 configuration items synchronized
- 3 warnings resolved
- 0 errors found
- All team members aligned
## Details
### Dependencies
✓ All packages up to date
✓ No security vulnerabilities
✓ Lockfile integrity verified
### Configuration
✓ Environment variables validated
✓ Git config synchronized
✓ Editor settings aligned
### Code Quality
✓ All files formatted correctly
✓ No linting errors
✓ Type checking passed
✓ Test coverage at 85%
### Compliance
✓ All licenses compatible
✓ No security issues
✓ Documentation up to date
### Database
✓ All migrations applied
✓ Schema in sync
✓ Seed data loaded
## Actions Taken
1. Updated TypeScript from 4.9.5 to 5.0.0
2. Installed missing commitlint
3. Configured Git hooks with Husky
4. Applied code formatting to 12 files
5. Regenerated API documentation
## Recommendations
- Consider upgrading Node.js to 20.x LTS
- Review and update outdated dev dependencies
- Add integration tests for new features
- Schedule security audit review
## Next Steps
1. Commit synchronized configuration
2. Push changes to feature branch
3. Create PR for team review
4. Update documentation
```
## Automated Synchronization
Enable continuous synchronization:
**package.json scripts:**
```json
{
"scripts": {
"sync": "node scripts/workspace-sync.js",
"sync:check": "node scripts/workspace-sync.js --check-only",
"postinstall": "npm run sync",
"precommit": "npm run sync:check"
}
}
```
**Git hooks integration:**
```bash
# .husky/post-merge
#!/bin/sh
npm run sync
```
## Success Criteria
Successful synchronization ensures:
- All developers use same tool versions
- Configurations match across machines
- Dependencies are consistent
- Code standards enforced uniformly
- Database schemas aligned
- Documentation current
- Compliance requirements met
- CI/CD pipelines operational
## Business Impact
**Consistency:** Eliminate environment-related bugs
**Productivity:** Reduce setup and debugging time
**Quality:** Enforce standards automatically
**Compliance:** Maintain audit readiness
**Collaboration:** Enable seamless team coordination
This comprehensive workspace synchronization ensures every team member works in a consistent, compliant, and optimized development environment.