@cloudstreamsoftware/claude-tools 1.0.0 → 1.2.0

package/skills/tutorial/tracks/accelerated/day-3-workflow-mastery.md

@@ -0,0 +1,305 @@
+# Day 3: Workflow Mastery
+
+**Duration**: 2-3 hours
+**Covers**: Standard Lesson 4 (Workflow Patterns) + Hands-on Practice
+**Assessment**: Checkpoint 1 after this day
+
+---
+
+## Part 1: Workflow Patterns by Task Type
+
+Different tasks require different workflows. Master these patterns:
+
+### New Feature Workflow
+
+```
+/plan "feature description"
+  ↓
+/tdd "component/function"
+  ↓
+/code-review
+  ↓
+/verify
+  ↓
+git commit
+```
+
+**When**: Adding new functionality
+**Key point**: Always plan first to prevent scope creep
+
+### Bug Fix Workflow
+
+```
+/tdd "reproduce bug"        # Write failing test
+  ↓
+Fix the bug                 # Make test pass
+  ↓
+/verify                     # Ensure no regression
+  ↓
+git commit
+```
+
+**When**: Fixing reported issues
+**Key point**: Reproduce with test BEFORE fixing
+
+### Refactoring Workflow
+
+```
+/checkpoint "before-refactor"
+  ↓
+/verify                     # Baseline passing
+  ↓
+Refactor incrementally
+  ↓
+/verify                     # Still passing
+  ↓
+/code-review
+  ↓
+git commit
+```
+
+**When**: Improving code structure
+**Key point**: Checkpoint first, verify often
+
+### Security-Sensitive Workflow
+
+```
+/plan "security feature"
+  ↓
+/tdd "security component"
+  ↓
+/code-review --security
+  ↓
+/verify
+  ↓
+Manual security review
+  ↓
+git commit
+```
+
+**When**: Auth, payments, data encryption
+**Key point**: Always use `--security` flag
+
+---
+
+## Part 2: The Complete Development Cycle
+
+For substantial features, use the full orchestration:
+
+```
+/orchestrate "implement user dashboard"
+```
+
+This chains agents in optimal order:
+1. **Planner** → Designs architecture
+2. **Architect** → Validates patterns
+3. **TDD Guide** → Enforces test-first
+4. **Code Reviewer** → Catches issues
+
+### When to Use /orchestrate vs Manual
+
+| Use /orchestrate | Use Manual Commands |
+|------------------|---------------------|
+| Multi-file features | Single file changes |
+| New subsystems | Bug fixes |
+| Complex refactors | Quick enhancements |
+| Architectural changes | Routine updates |
+
+---
+
+## Part 3: Verification Patterns
+
+### Pre-Commit Verification
+
+Always run before committing:
+
+```
+/verify
+```
+
+If issues found, fix and re-verify until clean.
+
+### Build-Fix Loop
+
+When builds fail:
+
+```
+/build-fix
+```
+
+This:
+1. Parses build errors
+2. Fixes incrementally
+3. Re-runs build
+4. Repeats until clean
+
+### Continuous Verification
+
+During long sessions:
+```
+/verify          # After each logical chunk
+```
+
+Don't wait until the end - catch issues early.
+
+---
+
+## Part 4: Hands-On Practice
+
+### Exercise 3.1: Complete Feature Workflow
+
+Implement a simple feature from scratch:
+
+**Task**: Add a utility function with tests
+
+```
+/checkpoint "exercise-start"
+
+/plan "add string utility: capitalize first letter of each word"
+
+/tdd "capitalizeWords function"
+
+/code-review
+
+/verify
+```
+
+Observe:
+- How plan informs implementation
+- TDD creates tests first
+- Code review catches issues
+- Verify ensures everything passes
+
+### Exercise 3.2: Bug Fix Workflow
+
+Simulate fixing a bug:
+
+**Setup**: Create a buggy function
+```javascript
+// buggy.js
+function divide(a, b) {
+  return a / b;  // Bug: doesn't handle division by zero
+}
+```
+
+**Fix using TDD**:
+```
+/tdd "reproduce division by zero bug"
+```
+
+1. Write test that exposes the bug
+2. Fix the function
+3. Verify test passes
+
+### Exercise 3.3: Refactoring Workflow
+
+Practice safe refactoring:
+
+**Setup**: Create code that works but is messy
+```javascript
+function processData(d) {
+  if (d && d.items && d.items.length > 0) {
+    return d.items.map(i => i.value * 2);
+  }
+  return [];
+}
+```
+
+**Refactor safely**:
+```
+/checkpoint "before-refactor"
+/verify  # Baseline
+
+# Refactor the function for clarity
+# ...
+
+/verify  # Confirm still passing
+/code-review
+```
+
+### Exercise 3.4: Security-Sensitive Workflow
+
+Practice security-focused development:
+
+**Task**: Add password validation
+
+```
+/plan "add password strength validation"
+
+/tdd "password validator"
+
+/code-review --security
+
+/verify
+```
+
+Note the additional security checks in the review.
+
+---
+
+## Verification Checklist
+
+Before taking Checkpoint 1, confirm:
+
+- [ ] Can execute New Feature workflow
+- [ ] Can execute Bug Fix workflow
+- [ ] Can execute Refactoring workflow
+- [ ] Understand when to use `/orchestrate`
+- [ ] Practiced verification patterns
+- [ ] Completed all 4 exercises
+
+---
+
+## Checkpoint 1 Assessment
+
+After completing Day 3, you must pass Checkpoint 1 before proceeding.
+
+Run:
+```
+/tutorial checkpoint-1
+```
+
+Topics covered:
+- Core concepts and philosophy
+- Essential commands
+- Workflow patterns
+
+Passing score: 80%
+Max retakes: 2
+
+See: [Checkpoint 1 Assessment](assessment/checkpoint-1.md)
+
+---
+
+## Key Takeaways
+
+1. **Different tasks need different workflows** - don't use one pattern for everything
+2. **Bug fixes start with a failing test** - prove the bug exists before fixing
+3. **Refactors need checkpoints** - always have a rollback option
+4. **Security code gets extra scrutiny** - use `--security` flag
+5. **Verify often, not just at the end** - catch issues early
+
+---
+
+## Quick Reference
+
+### Workflow Summary
+
+| Task | Workflow |
+|------|----------|
+| New Feature | plan → tdd → code-review → verify |
+| Bug Fix | tdd (reproduce) → fix → verify |
+| Refactor | checkpoint → verify → refactor → verify → code-review |
+| Security | plan → tdd → code-review --security → verify |
+
+### Key Commands
+
+```
+/orchestrate "task"       - Full agent chain
+/build-fix                - Iterative build repair
+/verify                   - Complete validation
+```
+
+---
+
+**Day 3 Complete** | **CHECKPOINT 1 REQUIRED** | Next: [Day 4 - Compliance & Zoho](day-4-compliance-zoho.md)

package/skills/tutorial/tracks/accelerated/day-4-compliance-zoho.md

@@ -0,0 +1,304 @@
+# Day 4: Compliance & Zoho Development
+
+**Duration**: 3-4 hours
+**Covers**: Standard Lessons 5-6 (Compliance Modes, Zoho Platform)
+
+---
+
+## Part 1: Compliance Modes
+
+CloudStream serves regulated industries. Compliance modes ensure code meets legal requirements.
+
+### The Three Frameworks
+
+| Mode | Industry | Key Requirements |
+|------|----------|------------------|
+| HIPAA | Healthcare | PHI protection, encryption, audit logs |
+| SOC2 | SaaS/Cloud | Data security, availability, processing integrity |
+| PCI-DSS | Payments | Cardholder data protection, access control |
+
+### Violation Consequences
+
+| Framework | Penalty |
+|-----------|---------|
+| HIPAA | Up to $1.5M per incident |
+| SOC2 | Failed audits, lost enterprise customers |
+| PCI-DSS | Inability to process payments |
+
+The system catches violations during development, not after deployment.
+
+### Enabling Compliance Mode
+
+Add to your project's CLAUDE.md:
+
+```markdown
+## Compliance Mode: hipaa
+```
+
+Or multiple modes:
+```markdown
+## Compliance Mode: hipaa, soc2
+```
+
+### What Changes with Compliance Mode
+
+When compliance mode is active:
+
+1. **`/code-review`** checks for compliance violations
+2. **`/compliance-check`** runs a full audit
+3. **Agents** add compliance-specific validations
+4. **Generated code** includes required safeguards
+
+### Compliance Check Details
+
+#### HIPAA Mode
+```markdown
+## Compliance Mode: hipaa
+```
+Checks for:
+- PHI in logs/errors
+- Encryption at rest/transit
+- Audit trail for data access
+- Minimum necessary access
+
+#### SOC2 Mode
+```markdown
+## Compliance Mode: soc2
+```
+Checks for:
+- Data retention policies
+- Change management logging
+- Incident response procedures
+- Vendor management
+
+#### PCI-DSS Mode
+```markdown
+## Compliance Mode: pci-dss
+```
+Checks for:
+- Card data exposure
+- Encryption standards
+- Access logging
+- Network segmentation
+
+---
+
+## Part 2: Zoho Development
+
+Zoho is CloudStream's primary platform. Understanding its constraints is essential.
+
+### Platform Constraints
+
+| Platform | Constraint | Limit |
+|----------|------------|-------|
+| Deluge | Statements per function | 5,000 |
+| Catalyst | Function timeout | 40 seconds |
+| Catalyst | I/O timeout | 30 seconds |
+| Catalyst | Memory per function | 512 MB |
+| Creator | Subforms per form | 10 |
+| Deluge | API calls per day | 25,000 |
+| OAuth | Token expiry | 1 hour |
+| Creator | Audit retention | 1 year |
+
+### Specialized Agents
+
+| Agent | Purpose |
+|-------|---------|
+| `creator-architect` | Creator app design and form hierarchy |
+| `catalyst-deployer` | Catalyst function deployment |
+| `deluge-reviewer` | Deluge script validation |
+
+### Key Commands
+
+```
+/zoho-scaffold creator-app "app-name"       - Scaffold Creator app
+/zoho-scaffold catalyst-function "func"     - Scaffold Catalyst function
+/deluge "task description"                  - Generate Deluge code
+```
+
+---
+
+## Part 3: Zoho Development Patterns
+
+### Creator App Scaffolding
+
+```
+/zoho-scaffold creator-app "inventory-tracker"
+```
+
+Generates:
+- Form hierarchy design
+- Workflow templates
+- Widget placeholders
+- Connection setup
+- Compliance fields (if mode active)
+
+### Catalyst Function Scaffolding
+
+```
+/zoho-scaffold catalyst-function "webhook-processor"
+```
+
+Generates:
+- Function entry point with proper signature
+- Error handling with try-catch
+- Timeout management (context.close())
+- Environment configuration
+- Logging setup
+
+### Deluge Code Generation
+
+```
+/deluge "fetch contacts from CRM and update Creator form"
+```
+
+Generates code with:
+- Null checks on every variable
+- Try-catch error handling
+- Statement count awareness
+- API call batching
+- Proper indentation and comments
+
+### Critical Patterns
+
+#### context.close() Requirement
+```javascript
+// Catalyst functions MUST call context.close()
+try {
+  // ... function logic
+  context.close();
+} catch (err) {
+  context.close();  // Even on error!
+  throw err;
+}
+```
+
+#### Null-Safe Deluge
+```deluge
+// NEVER: record.get("field")  -- will crash if null
+// ALWAYS: ifnull(record.get("field"), "")
+value = ifnull(record.get("field"), "default");
+```
+
+---
+
+## Exercises
+
+### Exercise 4.1: Enable Compliance Mode
+
+1. Create or edit a project's CLAUDE.md
+2. Add HIPAA compliance mode:
+   ```markdown
+   ## Compliance Mode: hipaa
+   ```
+3. Run a compliance check:
+   ```
+   /compliance-check
+   ```
+4. Observe the audit output
+
+### Exercise 4.2: Review with Compliance
+
+1. Create a simple file:
+   ```javascript
+   function logUserData(user) {
+     console.log(user.email, user.ssn);  // BAD: logs PHI
+   }
+   ```
+2. Run code review:
+   ```
+   /code-review
+   ```
+3. Note the compliance violations flagged
+
+### Exercise 4.3: Scaffold Catalyst Function
+
+```
+/zoho-scaffold catalyst-function "data-sync"
+```
+
+Observe:
+- Generated file structure
+- Error handling patterns
+- context.close() placement
+- Timeout management
+
+### Exercise 4.4: Generate Deluge Code
+
+```
+/deluge "calculate invoice totals with tax for a list of orders"
+```
+
+Observe:
+- Null safety patterns
+- Statement count comments
+- Error handling
+- API batching (if applicable)
+
+### Exercise 4.5: Full Zoho Workflow
+
+Combine compliance and Zoho development:
+
+```
+# Set compliance mode in CLAUDE.md
+## Compliance Mode: hipaa
+
+# Scaffold with compliance
+/zoho-scaffold creator-app "patient-portal"
+
+# Review compliance integration
+/code-review
+```
+
+---
+
+## Verification Checklist
+
+Before proceeding to Day 5, confirm:
+
+- [ ] Can set compliance mode in CLAUDE.md
+- [ ] Ran `/compliance-check` and understood output
+- [ ] Understand HIPAA/SOC2/PCI-DSS basics
+- [ ] Scaffolded a Catalyst function
+- [ ] Generated Deluge code with `/deluge`
+- [ ] Understand platform constraints (5000 statements, 40s timeout)
+- [ ] Know critical patterns (context.close, null safety)
+
+---
+
+## Key Takeaways
+
+1. **Set compliance mode once** - the system handles the rest
+2. **Zoho has hard limits** - 5000 statements, 40 second timeout
+3. **Always use scaffolding** - it includes required patterns
+4. **Deluge needs null safety** - every variable access
+5. **Catalyst needs context.close()** - every function, even on error
+
+---
+
+## Quick Reference
+
+### Compliance Commands
+```
+/compliance-check           - Run full audit
+/code-review                - Includes compliance checks when mode is set
+```
+
+### Zoho Commands
+```
+/zoho-scaffold creator-app "name"           - Creator app
+/zoho-scaffold catalyst-function "name"     - Catalyst function
+/deluge "description"                       - Generate Deluge code
+```
+
+### Constraint Limits
+```
+Deluge:   5,000 statements / function
+Catalyst: 40 second timeout
+Creator:  10 subforms / form
+OAuth:    1 hour token expiry
+```
+
+---
+
+**Day 4 Complete** | Next: [Day 5 - Hooks & Skills](day-5-hooks-skills.md)