Add 5 production-focused directives to enforce operational thinking

[Copilot]

Expands VibeScript from 8 to 13 required directives. New directives force AI to consider production concerns that experienced engineers evaluate but AI assistants frequently overlook.

New Required Directives

• @vibe:security - Attack vectors, input validation, auth requirements
• @vibe:performance - Complexity, scalability limits, resource usage
• @vibe:dependencies - External services, version requirements, failure modes
• @vibe:observability - Logging, metrics, debugging approach
• @vibe:breaking - API changes, removed fields, signature modifications

Example

// @vibe:goal Implement rate limiting middleware for API endpoints
// @vibe:touch src/middleware/rate-limit.vibe.ts, src/types/middleware.ts
// @vibe:security Rate limiting prevents DoS, validates IPs, no auth bypass
// @vibe:performance Redis SET O(1), ~5ms overhead, handles 10k req/sec
// @vibe:dependencies Redis 6.0+ for atomic ops, network access required
// @vibe:observability Logs exceeded events with IP/endpoint, emits rate_limit_exceeded_total metric
// @vibe:breaking none - new middleware

Changes

• Parser/Validator: Added directive definitions, validation for 5 new required fields
• CLI: vibescript task prompts for new directives with sensible defaults
• Templates: Updated all 15 language templates (TS/JS, Python, Ruby, Go, Rust, PHP, Java, C#, Swift, Kotlin, Scala, Elixir, Dart, Lua, Shell, Clojure, Haskell, Crystal, R, Julia, Zig)
• Documentation: Updated README, spec.md, authoring guide, Claude instructions with examples showing proper usage
• Version: Bumped to 1.1.0 (minor version for new features)
• CI/CD: Added automated npm publishing workflow that triggers on GitHub releases or manual dispatch

Impact

Forces consideration of production failure modes at code review time rather than at 3 AM during incidents.

Publishing

The package can now be published to npm automatically:

• Create a GitHub release (e.g., v1.1.0) to trigger automatic publishing
• Or manually trigger via GitHub Actions workflow
• Requires NPM_TOKEN secret configured in repository settings

Original prompt

How can we make this amazing project even more all encompassing? I really think Claude is foing to love all this boilerplate the way backend devs love all that typescript.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[burtbyproxy]

@copilot Lets bump the version a bit and setup automated deploys to npm.

[Copilot]

@copilot Lets bump the version a bit and setup automated deploys to npm.

Done! Version bumped to 1.1.0 and added automated npm publishing workflow.

Changes in commit 71353de:

• Updated package.json version from 1.0.0 → 1.1.0
• Created .github/workflows/publish.yml for automated npm publishing
• Workflow triggers on GitHub releases or manual dispatch
• Includes npm provenance for supply chain security

To publish:

1. Create a GitHub release (e.g., v1.1.0)
2. The workflow will automatically publish to npm
3. Or manually trigger via Actions tab

You'll need to add the NPM_TOKEN secret to the repository settings.