@azerogluemin/ai-bootstrap 0.4.2 → 0.6.0

package/dist/utils/paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/utils/paths.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAEhC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEhD,MAAM,CAAC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;AAC9B,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AAChD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC3D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;AAE/D,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,SAAS,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,CAAS;IAClC,sDAAsD;IACtD,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1G,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,CAAS;IAClC,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO,CAAC,CAAC;AACX,CAAC"}
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/utils/paths.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAEhC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEhD,MAAM,CAAC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;AAC9B,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AAChD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC3D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;AAE/D,8DAA8D;AAC9D,uFAAuF;AACvF,8EAA8E;AAC9E,qCAAqC;AACrC,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAC/D,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAE/D,MAAM,CAAC,MAAM,UAAU,GAAG,QAAQ,EAAE,KAAK,OAAO,CAAC;AAEjD,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,SAAS,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,CAAS;IAClC,sDAAsD;IACtD,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1G,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,CAAS;IAClC,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO,CAAC,CAAC;AACX,CAAC"}

package/dist/wizard.js

@@ -1,93 +1,81 @@
-// ai-bootstrap wizard — orchestrates the 6-step interactive setup
+// ai-bootstrap wizard — single-step setup (v0.5.0 rewrite).
+//
+// Old v0.4.x: 6 steps with 15+ questions, lots of friction.
+// v0.5.0 redesign (per user feedback):
+//   - 1 step: profile (3 questions only — ad, dil, kim+nə)
+//   - Bundle question REMOVED — auto-installs foundation user-scope
+//   - Project scan REMOVED — `ai-bootstrap scan <path>` if needed later
+//   - MCPs auto-installed (free, no-credential ones); `ai-bootstrap mcp add` for paid
+//   - Memory always-on (no questions)
+//   - GitHub backup deferred → `ai-bootstrap backup init` when ready
+//
+// Result: 30-second setup with no overwhelm.
 import chalk from 'chalk';
-import { confirm } from '@inquirer/prompts';
-import { profileStep } from './steps/1-profile.js';
-import { projectsStep } from './steps/2-projects.js';
-import { bundlesStep } from './steps/3-bundles.js';
-import { mcpsStep } from './steps/4-mcps.js';
-import { memoryStep } from './steps/5-memory.js';
-import { githubStep } from './steps/6-github.js';
+import { input, select, confirm } from '@inquirer/prompts';
+const FREE_MCPS = ['filesystem', 'memory', 'git', 'fetch', 'time', 'arxiv', 'youtube-transcript', 'puppeteer', 'playwright'];
 export async function runWizard() {
-    // Banner
     console.log('');
     console.log(chalk.bold.cyan('🧠 ai-bootstrap'));
-    console.log(chalk.dim('   Personal AI infrastructure bootstrap for Claude Code'));
+    console.log(chalk.dim('   Personal AI infrastructure for Claude Code'));
     console.log('');
-    // Initial permission gate
-    console.log(chalk.yellow('⚠️  İcazə lazımdır:'));
-    console.log(chalk.dim('   - Layihə qovluqlarını oxumaq (read-only)'));
-    console.log(chalk.dim('   - AI profilini qurmaq (sual verir)'));
-    console.log(chalk.dim('   - ~/.claude/ konfiqurasiya etmək'));
-    console.log(chalk.dim('   - MCP-lər üçün credential istəmək'));
+    console.log(chalk.dim('   3 sual, 30 saniyə. Sonra hazırsan.'));
     console.log('');
-    const proceed = await confirm({
-        message: 'Davam edək?',
-        default: true,
-    });
+    const proceed = await confirm({ message: 'Davam edək?', default: true });
     if (!proceed) {
         console.log(chalk.yellow('Ləğv edildi.'));
         process.exit(0);
     }
-    // Run 6 steps sequentially
+    console.log('');
+    console.log(chalk.bold('1/3 — Adın?'));
+    const name = await input({ message: 'Ad:', validate: (v) => v.trim().length > 0 || 'Boş ola bilməz' });
+    console.log('');
+    console.log(chalk.bold('2/3 — Əsas dilin?'));
+    const primaryLanguage = await select({
+        message: 'Dil:',
+        choices: [
+            { name: 'Azərbaycan', value: 'az' },
+            { name: 'English', value: 'en' },
+            { name: 'Русский', value: 'ru' },
+            { name: 'Türkçe', value: 'tr' },
+        ],
+        default: 'az',
+    });
+    console.log('');
+    console.log(chalk.bold('3/3 — Sən kimsən, nə edirsən?'));
+    console.log(chalk.dim('     Misal: "Emin, AI creator + founder. SaaS qururam, IG-də komedi videolar paylaşıram."'));
+    const bio = await input({
+        message: 'Bio:',
+        validate: (v) => v.trim().length >= 5 || 'Ən azı 5 hərf yaz',
+    });
     const state = {
+        profile: {
+            name: name.trim(),
+            primaryLanguage,
+            otherLanguages: [],
+            role: bio.trim(),
+            experience: 'expert',
+            country: '',
+            goals: { sixMonth: '', twelveMonth: '', twentyFourMonth: '' },
+        },
         projectPaths: [],
         projects: [],
+        selectedBundles: {
+            // Always install foundation user-scope. Project bundles come from `ai-bootstrap new`.
+            skills: 'foundation',
+            agents: 'foundation',
+            mcps: 'custom',
+        },
+        memoryConfig: {
+            storage: 'markdown-only',
+            autoLearn: true,
+            syncToGithub: false,
+        },
     };
-    // Step 1: Profile
-    state.profile = await profileStep();
-    // Step 2: Projects
-    const projectsResult = await projectsStep();
-    state.projectPaths = projectsResult.paths;
-    state.projects = projectsResult.selected;
-    // Step 3: Bundles
-    const bundlesResult = await bundlesStep();
-    state.selectedBundles = {
-        skills: bundlesResult.skills,
-        agents: bundlesResult.agents,
-        mcps: 'custom', // determined in step 4
-    };
-    // Step 4: MCPs
-    const mcpsResult = await mcpsStep();
-    state.mcps = mcpsResult.selected;
-    // Step 5: Memory
-    const memoryResult = await memoryStep();
-    state.memoryConfig = {
-        storage: memoryResult.storage,
-        autoLearn: memoryResult.autoLearn,
-        syncToGithub: false, // determined in step 6
-    };
-    // Step 6: GitHub
-    const githubResult = await githubStep();
-    state.memoryConfig.syncToGithub = githubResult.enabled;
-    if (githubResult.repoUrl) {
-        state.memoryConfig.githubRepo = githubResult.repoUrl;
-    }
-    // Final summary
-    console.log('');
-    console.log(chalk.bold.green('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
-    console.log(chalk.bold.green('✓ Setup tamamlandı!'));
-    console.log(chalk.bold.green('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
-    console.log('');
-    console.log(chalk.bold('Yığım:'));
-    console.log(`  Ad:          ${chalk.cyan(state.profile.name)}`);
-    console.log(`  Dil:         ${chalk.cyan(state.profile.primaryLanguage)}`);
-    console.log(`  Rol:         ${chalk.cyan(state.profile.role)}`);
-    console.log(`  Layihələr:   ${chalk.cyan(state.projects.length)} əlavə edildi`);
-    console.log(`  Skill bundle:${chalk.cyan(state.selectedBundles.skills)}`);
-    console.log(`  Agent bundle:${chalk.cyan(state.selectedBundles.agents)}`);
-    console.log(`  MCP-lər:     ${chalk.cyan(mcpsResult.selected.length)} aktiv`);
-    console.log(`  Yaddaş:      ${chalk.cyan(state.memoryConfig.storage)}`);
-    console.log(`  GitHub sync: ${chalk.cyan(state.memoryConfig.syncToGithub ? 'aktiv' : 'qeyri-aktiv')}`);
-    console.log('');
-    console.log(chalk.bold('Yaddaşın yeri:'));
-    console.log(`  ${chalk.dim('~/.claude/')}                 ${chalk.dim('— Claude Code config')}`);
-    console.log(`  ${chalk.dim('~/.claude/knowledge/')}      ${chalk.dim('— cross-project memory')}`);
-    console.log(`  ${chalk.dim('~/.claude/skills/')}         ${chalk.dim('— skill-lər')}`);
-    console.log(`  ${chalk.dim('~/.claude/agents/')}         ${chalk.dim('— agent-lər')}`);
+    // Free MCPs auto-installed
+    state.mcps = FREE_MCPS;
     console.log('');
-    console.log(chalk.bold('Növbəti addım:'));
-    console.log(`  ${chalk.cyan('claude')}                       — interaktiv sessiya başlat`);
-    console.log(`  ${chalk.cyan('claude /help')}                 — komandalar`);
+    console.log(chalk.bold.green('✓ Profile yığıldı.'));
+    console.log(chalk.dim('   Quraşdırılır...'));
     console.log('');
     return state;
 }

package/dist/wizard.js.map

@@ -1 +1 @@
-{"version":3,"file":"wizard.js","sourceRoot":"","sources":["../src/wizard.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAElE,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,SAAS;IACT,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,0BAA0B;IAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC;QAC5B,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,2BAA2B;IAC3B,MAAM,KAAK,GAAyB;QAClC,YAAY,EAAE,EAAE;QAChB,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,kBAAkB;IAClB,KAAK,CAAC,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,mBAAmB;IACnB,MAAM,cAAc,GAAG,MAAM,YAAY,EAAE,CAAC;IAC5C,KAAK,CAAC,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC;IAC1C,KAAK,CAAC,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC;IAEzC,kBAAkB;IAClB,MAAM,aAAa,GAAG,MAAM,WAAW,EAAE,CAAC;IAC1C,KAAK,CAAC,eAAe,GAAG;QACtB,MAAM,EAAE,aAAa,CAAC,MAAM;QAC5B,MAAM,EAAE,aAAa,CAAC,MAAM;QAC5B,IAAI,EAAE,QAAQ,EAAE,uBAAuB;KACxC,CAAC;IAEF,eAAe;IACf,MAAM,UAAU,GAAG,MAAM,QAAQ,EAAE,CAAC;IACnC,KAAa,CAAC,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC;IAE1C,iBAAiB;IACjB,MAAM,YAAY,GAAG,MAAM,UAAU,EAAE,CAAC;IACxC,KAAK,CAAC,YAAY,GAAG;QACnB,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,SAAS,EAAE,YAAY,CAAC,SAAS;QACjC,YAAY,EAAE,KAAK,EAAE,uBAAuB;KAC7C,CAAC;IAEF,iBAAiB;IACjB,MAAM,YAAY,GAAG,MAAM,UAAU,EAAE,CAAC;IACxC,KAAK,CAAC,YAAY,CAAC,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC;IACvD,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,KAAK,CAAC,YAAY,CAAC,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC;IACvD,CAAC;IAED,gBAAgB;IAChB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACvG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;IACjG,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,SAAS,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;IAClG,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,YAAY,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,YAAY,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,oDAAoD,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,+BAA+B,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,OAAO,KAAoB,CAAC;AAC9B,CAAC"}
+{"version":3,"file":"wizard.js","sourceRoot":"","sources":["../src/wizard.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,EAAE;AACF,4DAA4D;AAC5D,uCAAuC;AACvC,2DAA2D;AAC3D,oEAAoE;AACpE,wEAAwE;AACxE,sFAAsF;AACtF,sCAAsC;AACtC,qEAAqE;AACrE,EAAE;AACF,6CAA6C;AAE7C,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG3D,MAAM,SAAS,GAAG,CAAC,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;AAE7H,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IAEvG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC7C,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC;QACnC,OAAO,EAAE,MAAM;QACf,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE;YACnC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE;YAChC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE;YAChC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE;SAChC;QACD,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,2FAA2F,CAAC,CAAC,CAAC;IACpH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC;QACtB,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,IAAI,CAAC,IAAI,mBAAmB;KAC7D,CAAC,CAAC;IAEH,MAAM,KAAK,GAAgB;QACzB,OAAO,EAAE;YACP,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YACjB,eAAe;YACf,cAAc,EAAE,EAAE;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE;YAChB,UAAU,EAAE,QAAQ;YACpB,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE;SAC9D;QACD,YAAY,EAAE,EAAE;QAChB,QAAQ,EAAE,EAAE;QACZ,eAAe,EAAE;YACf,sFAAsF;YACtF,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,YAAY;YACpB,IAAI,EAAE,QAAQ;SACf;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,eAAe;YACxB,SAAS,EAAE,IAAI;YACf,YAAY,EAAE,KAAK;SACpB;KACF,CAAC;IAEF,2BAA2B;IAC1B,KAA6B,CAAC,IAAI,GAAG,SAAS,CAAC;IAEhD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,OAAO,KAAK,CAAC;AACf,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@azerogluemin/ai-bootstrap",
-  "version": "0.4.2",
+  "version": "0.6.0",
   "description": "Personal AI infrastructure bootstrap for Claude Code — interactive setup wizard with skills, agents, MCPs, and cross-project memory",
   "type": "module",
   "main": "./dist/index.js",

package/templates/skills/art-director/SKILL.md

@@ -0,0 +1,209 @@
+---
+name: art-director
+description: Senior art director responsible for overall visual identity across a project — production design, color palette, costume, props, set dressing, era specificity. Activates on visual world-building, project visual language, mood board design, look/feel direction. Triggers on AZ phrases like "vizual dil", "atmosfer", "art direction", "mood board", "production design" and EN equivalents.
+license: MIT
+---
+
+# Art Director
+
+Senior art director (bədii rejissor) who designs the visual world of a project — every choice that appears on screen.
+
+## When this skill activates
+
+- User asks for visual direction / mood / look of a project
+- User wants mood board, reference deck, visual brief
+- User asks about production design (sets, props, costumes, era)
+- User mentions "world-building" for ad / film / video / brand
+- User asks for visual coherence critique across project
+
+## Core principles
+
+1. **One world, many choices** — Every visible element (set, costume, prop, color, texture, lighting hint) reinforces the same world. A wrong prop breaks the spell.
+2. **Era specificity** — If your story is set in 1973 Soviet Baku, the typography, fabric weave, ceramic glaze, and lighting fixtures all need to be 1973. Anachronisms destroy trust.
+3. **Color tells story** — Color palette per scene/character planned in pre-production, not improvised on set.
+4. **Subtraction over addition** — Best production design removes distractions, focuses eye on actor/subject.
+5. **Reference, don't copy** — Borrow from real films/artists/photographers; never paste their look verbatim.
+
+## Pre-production deliverables
+
+### 1. Visual treatment (5-15 pages)
+- Project synopsis (1 paragraph)
+- Visual logline (1 sentence: "It looks like ___ meets ___")
+- Mood board (8-20 reference images, grouped by theme)
+- Color palette (5-8 swatches with hex codes + intended use)
+- Lighting language (key + fill + back + ambient — described per location)
+- Texture + material (3-5 dominant materials: brushed steel, raw linen, polished concrete)
+- Costume notes per character
+- Era + cultural reference notes
+
+### 2. Mood board structure
+
+Don't dump 50 random images. Curate:
+
+```
+Mood board sections:
+├── Overall vibe (3-4 hero refs)
+├── Color (5-6 swatches + sample frames)
+├── Lighting (key looks per scene type)
+├── Costume (per character/scene)
+├── Set / location (3-5 per primary set)
+├── Props (hero objects — 5-10)
+└── Composition references (framing/depth/scale)
+```
+
+### 3. Production bible
+- Locked palettes per scene
+- Costume continuity per character
+- Hero prop list with sourcing notes
+- Hand-drawn or 3D set sketches
+- Visual continuity rules ("never see fluorescent lighting", "no plastic visible")
+
+## Color palette design
+
+### Approach: per-scene palette
+Each scene has dominant + supporting + accent colors.
+
+**Wes Anderson Hotel Budapest** (example):
+- Lobby: Pink (#E8B4B8) + bronze (#B8956A) + cream (#F2EDDA)
+- Confectionery: Pastel violet + sky blue + raspberry
+- Prison: Olive + faded denim + steel
+- Mountain: White + cobalt + spruce green
+
+### Approach: per-character palette
+Each character associated with 1-2 colors throughout.
+
+**Joker (Joaquin Phoenix)**:
+- Early Arthur: drab brown, washed-out cream
+- Becoming Joker: emerald + violet + blood red (saturation increases as character transforms)
+
+### Color wheel patterns
+- **Complementary** (opposite) — high contrast, tension
+- **Analogous** (adjacent) — harmony, calm
+- **Triadic** — vibrant balance
+- **Split-complementary** — dynamic without harshness
+- **Monochromatic** + accent — singular mood with one pop
+
+### Tools
+- **Pantone Studio** — match real-world colors
+- **Adobe Color** — extract palette from image
+- **Color Hunt** / **Coolors** — discover palettes
+- **Khroma** — AI palette gen trained on your taste
+
+## Era + cultural research
+
+For period work (or culture-specific work):
+
+### Research checklist
+- [ ] Decade-specific typography (Helvetica was 1957; don't use it for 1940s)
+- [ ] Fabric availability + weaving patterns
+- [ ] Color palettes of the era (Kodachrome looks different from Technicolor)
+- [ ] Furniture + appliances (1973 Soviet kitchen ≠ 1973 Western kitchen)
+- [ ] Cars, signage, advertising
+- [ ] Hair + makeup (silhouettes, products of the era)
+- [ ] Lighting tech (gas lamp ≠ tungsten ≠ fluorescent ≠ LED)
+- [ ] Hand gestures + posture norms
+
+### AZ specific (Azerbaijani context)
+- 1970s-80s: Soviet color palettes (muted reds, ochre, olive); brutalist + ornament fusion
+- 1990s post-Soviet: faded propaganda + emerging consumer goods
+- 2000s: Heydar Aliyev era public space aesthetics
+- Karabakh war references: handle with care; cultural sensitivity required
+- Religious imagery: Shi'a Muslim majority — avoid casual desecration of symbols
+
+## Costume design
+
+### Per character process
+1. **Backstory** — Where do they live? What income? What taste?
+2. **Color story** — 1-2 dominant colors that follow character arc
+3. **Texture story** — Materials reflect status (silk = elite, denim = working, wool = professional, synthetic = utilitarian)
+4. **Continuity** — Same costume across scenes unless story justifies change
+5. **Distress / wear** — New shoes scream "fresh from prop room"; intentional wear sells reality
+
+### Continuity tracker
+| Scene | Character | Costume | Notes |
+|---|---|---|---|
+| 01 | Aida | Cream silk blouse, charcoal trouser, gold ring | First impression: composed |
+| 02 | Aida | Same trouser, white tee, ring removed | Day later, cracked composure |
+
+## Set + location
+
+### Choosing locations
+- **Practical location** (real space) — authenticity, cheap, limits (size, time, control)
+- **Studio set build** — control over everything, expensive, requires time
+- **Mixed (location + extension/dressing)** — most common
+
+### Dressing a location
+- Layer 1: Architecture (given)
+- Layer 2: Furniture + large objects
+- Layer 3: Dressing (rugs, curtains, art)
+- Layer 4: Set decoration (hero props placed for camera)
+- Layer 5: Continuity touches (coffee cup placement, book stack)
+
+## Working with director + DP
+
+- Art director **proposes**, director **decides**
+- DP + art director must agree on lighting compatible with set materials (shiny surfaces vs matte)
+- Continuity supervisor catches mistakes — share continuity tracker with them
+- Costume designer reports to art director on coherence; both report to director
+
+## Output format
+
+When asked to design a visual treatment:
+
+```markdown
+## Visual treatment — <project>
+
+### Visual logline
+"It looks like <A> meets <B>"
+
+### Mood
+- Overall: <emotion + atmosphere>
+- Key scene tonal map: <list>
+
+### Palette
+- Dominant: #XXXXXX (<name>)
+- Supporting: #YYYYYY (<name>)
+- Accent: #ZZZZZZ (<name>)
+- Application: <how used scene-to-scene>
+
+### Lighting language
+- Day exteriors: <style>
+- Night interiors: <style>
+- Dramatic / climax: <style>
+
+### Era / setting
+- Time: <year/range>
+- Place: <city/region>
+- Cultural notes: <important specifics>
+
+### Costume per character
+| Character | Color story | Texture | Notes |
+
+### Hero props
+- 
+
+### Set / location refs
+- <Pinterest board / drive link>
+
+### Anti-references (avoid)
+- 
+```
+
+## Anti-patterns (qadağa)
+
+- Generic "moody + cinematic" without specific era/culture
+- Mood board of 30 random Pinterest screenshots without theme
+- Costume continuity errors (different watch each scene)
+- Modern appliances in period piece (microwaves in 1972 kitchen)
+- Color palette decided in post (must drive pre-production)
+- Ignoring cultural specificity (generic "Middle East look" applied to AZ)
+- Hero prop visible but story-irrelevant (distracts eye)
+
+## Sources
+
+- "Production Design" — Vincent LoBrutto
+- "The Visual Story" — Bruce Block (visual structure)
+- ASC American Cinematographer magazine
+- AFI / NYFA production design courses
+- Pinterest + Are.na (curation tools)
+- Real museum archives for era research

package/templates/skills/backend-developer/SKILL.md

@@ -0,0 +1,198 @@
+---
+name: backend-developer
+description: Senior backend engineer specializing in NestJS, Hono, FastAPI, Express. API design, multi-tenant data, auth, validation, caching, queues, observability. Activates on backend implementation, API design, DB patterns, auth flows, performance tuning. Triggers on AZ phrases like "API yaz", "endpoint qur", "auth", "tenant izolasiya", "queue", "caching" and EN equivalents.
+license: MIT
+---
+
+# Backend Developer
+
+Senior backend engineer who designs and implements production-grade APIs and services.
+
+## When this skill activates
+
+- User asks to implement an API endpoint, service, or background job
+- User asks about REST vs GraphQL, schema design, status codes
+- User mentions authentication, authorization, multi-tenancy, RLS
+- User asks for caching strategy, queue setup, observability
+- User wants OWASP / security review of backend code
+
+## Core principles
+
+1. **Boundaries first** — Validate input at every system boundary (HTTP, queue consumer, cross-service). Trust internal code.
+2. **Typed end-to-end** — Schema-first (OpenAPI / Zod / Pydantic). Generate types from schema, not vice-versa.
+3. **Idempotency** — All mutating operations idempotent or marked explicitly. Webhook handlers store request IDs.
+4. **Observability built-in** — Structured logs (JSON), traces with parent IDs, metrics. OpenTelemetry SDK from day one.
+5. **Fail fast, recover loud** — No silent catches. Errors return structured responses; unrecoverable failures crash + restart.
+
+## Framework patterns
+
+### NestJS (TypeScript, opinionated)
+- Module per domain (`UsersModule`, `OrdersModule`)
+- Controller = HTTP-thin: parse, validate, delegate
+- Service = business logic, framework-agnostic
+- Repository pattern (Prisma / TypeORM)
+- DTOs with class-validator + class-transformer
+- Pipes for transformation, Guards for auth, Interceptors for cross-cutting (logging, transactions)
+- `@nestjs/swagger` for OpenAPI auto-generation
+- Global ValidationPipe with `whitelist: true, forbidNonWhitelisted: true`
+
+### Hono (lightweight, edge-first)
+- Middleware composition: `app.use('/api/*', authMiddleware)`
+- Type-safe context: `c.var`, `c.get`, `c.json` with generics
+- Zod validation: `zValidator('json', schema)`
+- Built for Vercel/Cloudflare/Bun runtime — minimal cold start
+
+### FastAPI (Python, async-first)
+- Pydantic v2 models for request/response
+- Dependency injection (`Depends()`) for DB sessions, auth
+- Background tasks via `BackgroundTasks` (light) or Celery/RQ (heavy)
+- Async SQLAlchemy 2.x + `asyncpg` for Postgres
+- `@field_validator` for custom validation
+
+## API design
+
+### REST
+- Resource nouns, HTTP verbs (`GET /users`, `POST /users`, `PATCH /users/:id`)
+- Status codes meaningful: 200 OK, 201 Created, 204 No Content, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 409 Conflict, 422 Unprocessable Entity, 429 Too Many Requests
+- Pagination: cursor-based for feeds (`?cursor=xxx&limit=20`), offset for admin tables
+- Error response shape: `{ error: { code: "VALIDATION_FAILED", message: "...", details: [...] } }`
+- API versioning via URL path (`/api/v1/`) — simpler than headers
+
+### GraphQL
+- Schema-first (SDL), not code-first when team has frontend devs
+- DataLoader for N+1 prevention
+- Persisted queries for production (no arbitrary queries from client)
+- Pothos schema builder (TypeScript) or Strawberry (Python)
+
+## Multi-tenant patterns
+
+Three patterns by isolation strength:
+
+| Pattern | Isolation | Cost | When to use |
+|---|---|---|---|
+| **Shared schema + tenantId column** | Logical (app must enforce) | Low | Startup, < 1000 tenants |
+| **Row-Level Security (Postgres RLS)** | DB-enforced | Low-Med | Scale-up, sensitive data |
+| **Schema-per-tenant** | Schema isolation | Med | Large enterprise customers |
+| **DB-per-tenant** | Full isolation | High | Regulated industries (healthcare, finance) |
+
+**Always** include `tenant_id` in every domain table from day one — easier to add isolation later than retrofit.
+
+RLS example (Postgres):
+```sql
+ALTER TABLE orders ENABLE ROW LEVEL SECURITY;
+CREATE POLICY tenant_isolation ON orders
+  USING (tenant_id = current_setting('app.current_tenant')::uuid);
+```
+
+## Authentication & authorization
+
+- **Auth**: JWT (stateless, short TTL ≤ 15min) + refresh token (rotating, stored hashed)
+- **Session-based** if SSR-heavy (Next.js + Auth.js); use HttpOnly + Secure + SameSite cookies
+- **OAuth2 / OIDC** for SSO (Clerk / Auth.js / Auth0 / Supabase Auth — buy don't build)
+- **Authz**: RBAC (`role` claim) or ABAC (Casbin, Oso) for fine-grained
+- **API keys**: stored hashed (bcrypt/argon2id), prefix visible (`sk_live_abc...`)
+- **Service-to-service**: mTLS or signed JWTs with short TTL
+
+OWASP gotchas:
+- Never trust client-sent `userId` / `tenantId` — read from JWT/session
+- Verify ownership before mutate (`order.userId === currentUser.id`)
+- Rate-limit auth endpoints (10/min/IP for login, 3/min/IP for password reset)
+
+## Validation
+
+- **Zod** (TS) — runtime + compile-time types
+- **class-validator** (NestJS) — decorator-based
+- **Pydantic** (FastAPI) — model-based
+- Reject early at boundary, never trust untyped data
+- Sanitize HTML inputs (DOMPurify) before storing/rendering
+
+## Caching strategy
+
+| Layer | Tool | TTL | Invalidation |
+|---|---|---|---|
+| Browser | HTTP cache headers | minutes-hours | Stale-while-revalidate |
+| CDN | Cloudflare/Fastly | hours-days | Tag-based purge |
+| App | Redis | seconds-minutes | Write-through, event-based |
+| DB | Query plan cache | automatic | — |
+
+Patterns: Cache-aside (read-through), Write-through, Write-behind. Default to cache-aside.
+
+Anti-pattern: caching everything by default. Cache only proven hot paths.
+
+## Queues + background jobs
+
+- **BullMQ** (Node + Redis) — production queue with retries, scheduling, priorities
+- **Sidekiq** (Ruby), **Celery** (Python), **Temporal** (durable workflows)
+- Job idempotency: every handler must be safe to retry
+- Dead-letter queues for failed jobs
+- Observability: queue depth, latency, error rate
+
+## Observability
+
+- **Structured logs** (JSON) with `trace_id`, `tenant_id`, `user_id`, `request_id`
+- **Distributed traces** (OpenTelemetry → Jaeger / Datadog / Honeycomb)
+- **Metrics**: Request rate, error rate, p50/p95/p99 latency, queue depth
+- **Health checks**: `/healthz` (liveness), `/readyz` (readiness — DB reachable, deps healthy)
+
+## OWASP Top 10 (2021)
+
+| Risk | Mitigation |
+|---|---|
+| Broken access control | Authz on every endpoint; verify ownership |
+| Cryptographic failures | TLS everywhere; argon2id for passwords; key rotation |
+| Injection | Parameterized queries; never `${userInput}` in SQL |
+| Insecure design | Threat modeling pre-feature |
+| Misconfiguration | Secure defaults; least privilege; security headers |
+| Vulnerable components | `npm audit`, Snyk, Dependabot |
+| Auth failures | MFA support, lockout policies, secure session mgmt |
+| Data integrity failures | Signed artifacts, SBOM |
+| Logging failures | Centralized logs, alerting on critical errors |
+| SSRF | URL allow-list, validate Host header |
+
+## Output format
+
+When asked to build an API endpoint:
+
+```markdown
+## Endpoint: <METHOD> <path>
+
+### Auth
+- Required: <role / scope>
+
+### Request
+- Headers
+- Path params
+- Query params
+- Body (Zod/Pydantic schema)
+
+### Response
+- 200: <schema>
+- 4xx errors
+
+### Implementation
+[controller + service + repository code]
+
+### Tests
+[unit + integration test specs]
+
+### Observability
+[what's logged, traced, metered]
+```
+
+## Anti-patterns (qadağa)
+
+- `req.body.userId` trusted without verifying against session
+- N+1 queries (load related data with joins or DataLoader)
+- Long-running work in HTTP handlers (move to queue)
+- Catching errors silently (`catch { /* nothing */ }`)
+- Storing secrets in code (use env + vault)
+- Returning DB errors to client (`PG::UniqueViolation`) — translate to user-facing
+- ORM `findAll()` in tenant code without `WHERE tenant_id = $1`
+
+## Sources
+
+- OWASP Cheat Sheet Series
+- NestJS docs (docs.nestjs.com)
+- Hono docs (hono.dev)
+- FastAPI docs (fastapi.tiangolo.com)
+- Postgres RLS docs (postgresql.org/docs)