@event4u/agent-config 2.24.0 → 2.26.0

package/.agent-src/skills/code-review/SKILL.md

@@ -37,68 +37,73 @@ Use this skill when:
 
 ## Review checklist
 
+The checks below are stack-agnostic. For framework-specific conventions (PSR-12 + `declare(strict_types=1)`, FormRequest, single-action `__invoke`, API Resources, Pest, Blade escaping, Eloquent N+1) defer to the carve-outs:
+- PHP / Laravel → [`laravel`](../laravel/SKILL.md), [`laravel-validation`](../laravel-validation/SKILL.md), [`eloquent`](../eloquent/SKILL.md), [`pest-testing`](../pest-testing/SKILL.md), [`blade-ui`](../blade-ui/SKILL.md), [`php-coder`](../php-coder/SKILL.md)
+- Symfony → [`symfony-workflow`](../symfony-workflow/SKILL.md)
+- Next.js / TS → [`nextjs-patterns`](../nextjs-patterns/SKILL.md), [`react-shadcn-ui`](../react-shadcn-ui/SKILL.md)
+
 ### Code quality
 
 | Check | What to look for |
 |---|---|
-| **Strict types** | `declare(strict_types=1)` in new files, typed properties/params/returns |
-| **PSR-12** | Coding style, line length ≤120, trailing commas, Yoda comparisons |
-| **Naming** | Clear, descriptive names. `camelCase` vars, `snake_case` array keys, `UPPER_SNAKE` constants |
+| **Type discipline** | New code is fully typed in the project's idiom (PHP typed properties + `declare(strict_types=1)`, TS strict, Python type hints, Go / Rust by construction). |
+| **Style conformance** | Matches the project's formatter / linter output — no reformatting battles, no out-of-band style. |
+| **Naming** | Clear, descriptive names; matches the dominant casing in the surrounding code (camelCase / snake_case / PascalCase per the language's idiom). |
 | **Early returns** | No deep nesting. Guard clauses at the top. |
-| **Single responsibility** | Each class/method does one thing. Controllers are thin. |
-| **No magic** | No magic properties on models (use getters/setters). No `$request->input()` without FormRequest. |
-| **PHPDoc** | Only where type hints are insufficient (generics, complex arrays). No redundant docblocks. |
+| **Single responsibility** | Each class / module / function does one thing. HTTP handlers stay thin. |
+| **No magic** | No reach-through to globals (`app()`, `$_GET`, ambient context). No untyped data shapes leaking out of the I/O boundary. |
+| **Doc comments** | Only where the type system is insufficient (generics, complex shapes). No redundant docblocks. |
 
 ### Architecture
 
 | Check | What to look for |
 |---|---|
-| **Layer separation** | Business logic in services, not controllers. Models have no business logic. |
-| **Single-action controllers** | New controllers use `__invoke()`. No multi-action controllers. |
-| **FormRequest** | Every controller has a dedicated FormRequest. No inline `$request->validate()`. |
-| **API Resources** | Controllers return Resources, never raw models or `response()->json()`. |
-| **DTOs** | Structured data transfer between layers, not raw arrays. |
-| **Dependency injection** | Constructor injection, no `new Service()` or `app()` calls in business logic. |
+| **Layer separation** | Business logic in services / use-cases, not in HTTP handlers. Domain models stay I/O-free. |
+| **Handler shape** | New handlers follow the framework's recommended shape (Laravel single-action `__invoke`, Next.js route handler, Express handler-per-route). See the stack carve-out. |
+| **Input validation** | Validated at the request boundary via the framework's primitive (Laravel `FormRequest`, Zod / class-validator, Pydantic, struct-tag validators). No ad-hoc inline `if` checks. |
+| **Response shaping** | Returns through a transformer / serializer / DTO. Never returns raw ORM entities. |
+| **DTOs / value objects** | Structured data between layers, not raw associative arrays / `any` / `dict[str, Any]`. |
+| **Dependency injection** | Constructor injection (or framework-idiomatic equivalent). No service-locator calls in business logic. |
 
 ### Database & Performance
 
 | Check | What to look for |
 |---|---|
-| **N+1 queries** | Relationship access in loops without eager loading |
-| **Missing indexes** | New columns used in WHERE/JOIN without index |
-| **Unbounded queries** | `Model::all()` or queries without pagination/limit |
-| **Raw SQL** | Parameterized queries only. No string concatenation with user input. |
-| **Migrations** | Reversible (has `down()`). Correct connection. Correct table prefix. |
-| **Money** | Uses `decimal` or `Math` helper, never `float` |
+| **N+1 queries** | Relationship / association access in loops without eager / batch loading. |
+| **Missing indexes** | New columns used in `WHERE` / `JOIN` without a supporting index. |
+| **Unbounded queries** | Full-table reads (`Model::all()`, `SELECT *` without `LIMIT`, unpaged list endpoints). |
+| **Raw SQL** | Parameterised queries only. No string concatenation with user input. |
+| **Migrations** | Reversible. Targets the right connection / schema. Idempotent where the platform supports it. |
+| **Money / precision** | Uses an exact-precision type (PHP `decimal` / `Math` helper, TS bigint / decimal lib, Python `Decimal`), never `float`. |
 
 ### Security
 
 | Check | What to look for |
 |---|---|
-| **Authorization** | Policy check in FormRequest or middleware. No unprotected endpoints. |
-| **Input validation** | All user input validated via FormRequest rules. |
-| **Mass assignment** | No `$model->fill($request->all())` without `$fillable`/`$guarded`. |
-| **SQL injection** | No raw queries with unescaped user input. |
-| **XSS** | Blade output escaped (`{{ }}` not `{!! !!}`) unless intentional. |
-| **Sensitive data** | No secrets, tokens, or passwords in code or logs. |
+| **Authorization** | Authz check at every state-changing endpoint (Laravel Policy, Symfony voter, NestJS guard, framework middleware). No unprotected mutating routes. |
+| **Input validation** | All user input validated at the boundary via the framework's primitive. |
+| **Mass assignment** | No bulk-binding raw request payloads to ORM entities without an explicit allow-list (`$fillable` / `$guarded` in Laravel, DTO mapping in TS / Python). |
+| **Injection** | No raw queries / command lines / template strings with unescaped user input. |
+| **Output encoding** | Template output is escaped by default; raw / unescaped output is intentional and reviewed (Blade `{{ }}` vs `{!! !!}`, React `dangerouslySetInnerHTML`, Jinja `\|safe`). |
+| **Sensitive data** | No secrets, tokens, or passwords in code, logs, or error responses. |
 
 ### Tests
 
 | Check | What to look for |
 |---|---|
-| **Coverage** | New code paths have tests. Bug fixes have regression tests. |
-| **Test quality** | Tests verify behavior, not implementation details. |
-| **Pest syntax** | Correct Pest conventions. No `readonly`/`final` on test classes. |
-| **Seeders** | Test data via seeders (or factories where allowed). |
+| **Coverage** | New code paths have tests. Bug fixes have regression tests (RED → GREEN). |
+| **Test quality** | Tests verify behaviour, not implementation details. |
+| **Framework idiom** | Correct conventions for the project's test framework (Pest / PHPUnit, Jest / Vitest, pytest, `go test`, `cargo test`) — see the stack carve-out for specifics. |
+| **Test data** | Provisioned via the project's idiom (seeders, factories, fixtures, builders). |
 | **Assertions** | Meaningful assertions. Not just "no exception thrown". |
-| **Flaky risks** | Time-dependent tests use `travel()`. No reliance on execution speed. |
+| **Flaky risks** | Time-dependent tests freeze the clock (`travel()`, `jest.useFakeTimers()`, `freezegun`). No reliance on execution speed. |
 
 ## Before creating a PR
 
-1. Run quality pipeline: PHPStan → Rector → ECS → PHPStan (see `quality-tools` skill for commands)
-2. Run tests: `make test` (or project equivalent)
+1. Run the project's quality pipeline (see the stack carve-out for the exact commands — PHP: `quality-tools`).
+2. Run tests via the project's runner (`make test`, `npm test`, `pytest`, `go test ./...`, or the project's wrapper script).
 3. Ensure CI passes on the branch.
-4. Self-review the diff: `git diff origin/main..HEAD`
+4. Self-review the diff: `git diff origin/main..HEAD`.
 
 ## Receiving feedback
 
@@ -114,7 +119,7 @@ When receiving code review feedback, follow this sequence:
 6. **IMPLEMENT** — One item at a time, test each.
 
 If **any item is unclear**, STOP — do not implement anything yet. Items may be related;
-partial understanding → wrong impl.
+partial understanding leads to wrong implementation.
 
 ### No performative agreement
 
@@ -132,7 +137,7 @@ partial understanding → wrong impl.
 **External / Copilot / bot feedback** (less context):
 - Check: Technically correct for THIS codebase?
 - Check: Does it break existing functionality?
-- Check: Is there a reason for the current impl?
+- Check: Is there a reason for the current implementation?
 - Check: Does the reviewer understand the full context?
 - **YAGNI check:** If the reviewer suggests "implementing properly", grep the codebase
   for actual usage. If unused → suggest removing (YAGNI).
@@ -181,7 +186,7 @@ Description and suggested improvement.
 Description.
 ```
 
-Group related findings. Don't repeat what linters/PHPStan already catch — focus on
+Group related findings. Don't repeat what the project's linter / type-checker already catches — focus on
 logic, architecture, and things tools can't detect.
 
 ## Adversarial review
@@ -211,5 +216,5 @@ Focus on the "Code changes / Refactoring" attack questions.
 - Do NOT approve without actually reading the code.
 - Do NOT agree with review comments without verifying them against the codebase.
 - Do NOT use performative language when responding to feedback ("Great point!", "Excellent catch!").
-- Do NOT nitpick style issues that ECS/Rector handle automatically.
+- Do NOT nitpick style issues the project's formatter / auto-refactor (ECS, Prettier, Ruff, gofmt) handles automatically.
 - Do NOT merge without CI passing and quality checks green.

package/.agent-src/skills/context-authoring/SKILL.md

@@ -71,7 +71,7 @@ source when the user is unsure.
 |---|---|
 | `auth-model.md` | Policy classes, Gate definitions, permission seeders, role enums, `@can` directives, middleware |
 | `tenant-boundaries.md` | Base query scopes, connection-switching middleware, tenant-resolution service, global scopes, `.env` vars like `TENANT_*` |
-| `data-sensitivity.md` | Eloquent `$hidden` / `$casts`, Sentry `beforeSend`, logging helpers, API resources, export commands |
+| `data-sensitivity.md` | ORM hidden-field config (Eloquent `$hidden` / `$casts`, Symfony `#[Ignore]`, Prisma `select` defaults, SQLAlchemy `__init__` filters), Sentry `beforeSend`, logging redaction helpers, API serialisers / resources, export commands |
 | `deployment-order.md` | `database/migrations/`, feature-flag config (Pennant / LaunchDarkly), deploy scripts, CI workflow, rollback runbooks in `docs/` |
 | `observability.md` | `config/logging.php`, Sentry init, dashboard links in READMEs, alert rules in Terraform/Grafana dashboards |
 

package/.agent-src/skills/dashboard-design/SKILL.md

@@ -4,8 +4,7 @@ description: "Use when designing monitoring dashboards — visualization selecti
 source: package
 domain: devops
 recommended_for_user_types: [ops, gtm]
-
-
+framework: laravel
 ---
 
 # dashboard-design

package/.agent-src/skills/database/SKILL.md

@@ -14,8 +14,8 @@ domain: engineering
 Use when designing schemas, optimizing queries, adding indexes, or troubleshooting database performance.
 
 Do NOT use when:
-- Writing Eloquent models (use `eloquent` skill)
-- Creating migrations only (use `migration-creator` skill)
+- Writing framework-specific ORM models (use the matching skill — e.g. `eloquent` for Laravel, `symfony-workflow` for Doctrine, framework-native skill for Prisma / TypeORM / SQLAlchemy / GORM / Diesel)
+- Creating migrations only — use the framework-specific migration skill (`laravel-migration` for Laravel, framework-native for others)
 
 ## Procedure: Optimize a query
 
@@ -52,7 +52,12 @@ Re-run `EXPLAIN` and confirm improved plan.
 
 1. **Read migrations** — source of truth
 2. **Read models** — `$table`, `$connection`, `$fillable`, `$casts`, relationships
-3. **Run schema queries** — `php artisan tinker --execute="Schema::getColumnListing('table')"`
+3. **Run schema queries** — use the project's REPL or a raw introspection query:
+   - Laravel: `php artisan tinker --execute="Schema::getColumnListing('table')"`
+   - Symfony / Doctrine: `bin/console doctrine:mapping:info`
+   - Rails: `bin/rails runner "p ActiveRecord::Base.connection.columns('table').map(&:name)"`
+   - Prisma: `npx prisma db pull --print | grep -A20 "model Table"`
+   - Generic SQL: `psql -d mydb -c "\d table"` / `mysql -e "DESCRIBE table"`
 4. **Check project docs** — `agents/docs/` for conventions
 
 | Trap | Reality |

package/.agent-src/skills/dependency-upgrade/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: dependency-upgrade
-description: "Use when upgrading dependencies — "update Laravel", "bump PHP version", or "upgrade packages". Covers changelog review, breaking change detection, and verification."
+description: "Use when upgrading dependencies — 'update framework X', 'bump runtime version', or 'upgrade packages'. Covers changelog review, breaking-change detection, and verification. Stack-agnostic."
 source: package
 domain: engineering
 ---
@@ -9,10 +9,10 @@ domain: engineering
 
 ## When to use
 
-Use this skill when upgrading Composer packages, npm packages, or any project dependency.
+Use this skill when upgrading project dependencies on any stack — Composer (PHP), npm / pnpm / yarn (JS/TS), pip / poetry / uv (Python), go.mod (Go), Cargo (Rust), or any other language-level package manager.
 
 Do NOT use when:
-- Installing new deps for the first time
+- Installing new dependencies for the first time
 - Routine code changes unrelated to package versions
 
 ## Procedure: Upgrade a dependency
@@ -25,7 +25,7 @@ Before upgrading:
 - **Identify breaking changes** — look for "BREAKING", "BC break", major version bumps.
 - **Check deprecation notices** — code using deprecated APIs needs updating.
 - **Review upgrade guides** — many packages provide migration docs.
-- **Check PHP/Node version requirements** — does the new version need a newer runtime?
+- **Check runtime version requirements** — does the new version need a newer PHP / Node / Python / Go / Rust toolchain?
 
 ### 2. Plan
 
@@ -73,23 +73,69 @@ npm install package-name@latest
 npm audit
 ```
 
-### 4. Verify
+#### pip / poetry / uv (Python)
+
+```bash
+# Check outdated packages
+pip list --outdated         # pip
+poetry show --outdated       # poetry
+uv pip list --outdated       # uv
+
+# Upgrade a specific package
+pip install --upgrade package-name
+poetry update package-name
+uv pip install --upgrade package-name
 
-After upgrading, run the full verification pipeline:
+# Check for vulnerabilities
+pip-audit                    # via pip-audit
+safety check                 # via safety
+```
+
+#### go.mod (Go)
 
 ```bash
-# PHP/Laravel
-vendor/bin/phpstan analyse           # Check for type errors
-vendor/bin/rector process            # Auto-fix refactoring
-vendor/bin/ecs check --fix           # Auto-fix code style
-php artisan test                     # Run all tests
-
-# JavaScript
-npm run build     # Check build succeeds
-npm test          # Run all tests
-npm run lint      # Check code style
+# List available updates
+go list -u -m all
+
+# Upgrade a specific module
+go get example.com/pkg@latest
+go get example.com/pkg@v1.2.3
+
+# Tidy after upgrade
+go mod tidy
+
+# Check for known vulnerabilities
+govulncheck ./...
 ```
 
+#### Cargo (Rust)
+
+```bash
+# Check outdated
+cargo outdated               # requires cargo-outdated
+
+# Upgrade
+cargo update -p crate-name
+cargo add crate-name@1.2     # edition-aware add
+
+# Audit
+cargo audit                  # requires cargo-audit
+```
+
+### 4. Verify
+
+After upgrading, run the project's full verification pipeline. The exact commands depend on the stack — resolve via the project's `Taskfile.yml`, `package.json scripts`, `composer.json scripts`, `Makefile`, or the `quality-tools` skill.
+
+| Stack | Type-check | Lint / autofix | Tests |
+|---|---|---|---|
+| PHP / Laravel | `vendor/bin/phpstan analyse` | `vendor/bin/rector process` + `vendor/bin/ecs check --fix` | `php artisan test` (or `vendor/bin/pest`) |
+| TypeScript | `tsc --noEmit` | `eslint --fix` + `prettier --write` | `pnpm test` (or `vitest run`, `jest`) |
+| Python | `mypy` / `pyright` | `ruff check --fix` + `ruff format` | `pytest` |
+| Go | `go vet ./...` | `golangci-lint run --fix` | `go test ./...` |
+| Rust | `cargo check` | `cargo clippy --fix` + `cargo fmt` | `cargo test` |
+
+Re-run the type-checker after any auto-fixer that can rewrite types (Rector for PHP, `eslint --fix` for TS).
+
 ### 5. Document
 
 - Note the upgrade in the commit message: `chore: upgrade vendor/package from 2.x to 3.x`
@@ -100,7 +146,7 @@ npm run lint      # Check code style
 When upgrading multiple packages:
 
 - **Upgrade one at a time** — easier to identify which upgrade broke something.
-- **Exception:** Tightly coupled packages (e.g., `laravel/framework` + `laravel/*`) can be upgraded together.
+- **Exception:** Tightly coupled packages can be upgraded together (e.g., `laravel/framework` + `laravel/*`; `@nestjs/core` + `@nestjs/*`; `react` + `react-dom`; `next` + `@next/*`).
 - **Run tests after each upgrade** — don't batch upgrades and test once at the end.
 
 ## Common pitfalls
@@ -111,7 +157,7 @@ When upgrading multiple packages:
 | Upgrading all packages at once | One package at a time (or tightly coupled groups) |
 | Trusting `composer update` blindly | Use `--dry-run` first, review changes |
 | Ignoring deprecation warnings | Fix deprecations before they become errors |
-| Skipping tests after upgrade | Full test suite + PHPStan after every upgrade |
+| Skipping tests after upgrade | Full test suite + project type-checker (PHPStan / tsc / mypy / `go vet` / `cargo check`) after every upgrade |
 | Lock file conflicts | Coordinate upgrades with the team |
 
 ## Version constraint guidelines
@@ -165,7 +211,7 @@ npm audit
 |---|---|---|
 | **Known CVEs** | `composer audit` / `npm audit` | Direct vulnerabilities |
 | **Maintenance status** | GitHub: last commit, open issues | Abandoned packages are a risk |
-| **Dependency tree** | `composer show -t vendor/pkg` / `npm ls new-package` | Transitive deps may conflict |
+| **Dependency tree** | `composer show -t vendor/pkg` / `npm ls new-package` | Transitive dependencies may conflict |
 | **License compatibility** | `composer licenses` / check `package.json` | Legal compliance |
 | **Bundle size** (npm) | `npx bundlephobia new-package` | Impact on frontend bundle |
 

package/.agent-src/skills/developer-like-execution/SKILL.md

@@ -84,8 +84,8 @@ When UI changes are involved:
 - `rg`, `grep` for text: specific patterns, not full files
 - `head`, `tail`, `cut`, `sort`, `uniq` for narrowing results
 - `--filter`, `--json`, `--format` flags on CLI tools — always use them
-- Laravel: `route:list --json | jq '.[] | select(.uri | test("users"))'`
-- Logs: `rg "request_id=abc123" storage/logs` — never `cat storage/logs/laravel.log`
+- Route lookup — Laravel `php artisan route:list --json | jq '…'`, Rails `bin/rails routes | grep users`, Express `console.log(app._router.stack)`, FastAPI `app.routes`, Symfony `bin/console debug:router`.
+- Logs — `rg "request_id=abc123" <log-dir>` — never `cat <log-file>`. Log dirs by stack: Laravel `storage/logs/`, Rails `log/`, Node `./logs/` or `journalctl`, Python `./logs/` or `journalctl`, Docker `docker compose logs <svc> --since 5m`.
 
 ### Avoid large output by default
 
@@ -156,22 +156,33 @@ If full TDD is not practical: at least write down the expected output before cod
 #### Backend examples
 
 ```bash
-# Laravel route lookup — targeted, not full dump
-php artisan route:list --json | jq '.[] | select(.uri == "api/users") | {method, uri, name, action, middleware}'
-
-# Config/debug
-php artisan config:show app | grep env
+# Route lookup — pick the project's framework
+php artisan route:list --json | jq '.[] | select(.uri == "api/users") | {method, uri, name, action, middleware}'   # Laravel
+bin/console debug:router --format=json | jq '.[] | select(.path == "/api/users")'                                  # Symfony
+bin/rails routes -g users                                                                                          # Rails
+curl -s http://localhost:3000/__routes | jq '.[] | select(.path == "/api/users")'                                  # Express custom-introspection
+curl -s http://localhost:8000/openapi.json | jq '.paths["/api/users"]'                                             # FastAPI
+
+# Config inspection
+php artisan config:show app | grep env       # Laravel
+bin/console debug:config framework            # Symfony
+bin/rails runner 'puts Rails.application.config_for(:database)'  # Rails
 
 # API inspection — extract only what you need
 curl -s http://localhost/api/users | jq '.[0] | {id, email, status}'
 curl -s http://localhost/api/users/1 | jq '{id, name, roles: [.roles[].name]}'
 
-# Logs — scoped by request ID, timestamp, or error type
-rg "request_id=abc123|OrderFailed" storage/logs
-tail -n 200 storage/logs/laravel.log | rg "payment|timeout"
-
-# Database — targeted queries, not full table dumps
-php artisan tinker --execute="User::where('email', 'test@example.com')->first(['id','email','status'])"
+# Recent logs — targeted, not full dump
+tail -n 200 storage/logs/laravel.log | rg "payment|timeout"             # Laravel
+tail -n 200 log/development.log | rg "payment|timeout"                   # Rails
+docker compose logs api --since 5m --no-color | rg "payment|timeout"     # any container stack
+journalctl -u myapp --since "5 min ago" | rg "payment|timeout"           # systemd
+
+# DB-state probe — targeted single record, not full table
+php artisan tinker --execute="User::where('email','x@y')->first(['id','email','status'])"   # Laravel
+bin/rails runner "p User.where(email: 'x@y').first&.slice(:id,:email,:status)"               # Rails
+bin/console doctrine:query:sql "SELECT id,email,status FROM users WHERE email='x@y' LIMIT 1" # Symfony
+psql -d mydb -c "SELECT id,email,status FROM users WHERE email='x@y' LIMIT 1"                 # raw SQL fallback
 ```
 
 #### Debugging with Xdebug
@@ -218,7 +229,7 @@ Never load full output into context when a filter gives you the answer.
 
 Tests are mandatory when behavior changes or bugs are fixed.
 
-Prefer: failing test first → impl → passing test.
+Prefer: failing test first → implementation → passing test.
 
 Test types: unit (isolated logic), feature/integration (behavior), UI (frontend), regression (bugs).
 

package/.agent-src/skills/eloquent/SKILL.md

@@ -15,7 +15,7 @@ Use when creating/modifying Eloquent models, relationships, scopes, or writing d
 
 Do NOT use when:
 - Schema design or query optimization (use `database` skill)
-- Creating migrations only (use `migration-creator` skill)
+- Creating migrations only (use `laravel-migration` skill)
 
 ## Procedure: Create or modify a model
 

package/.agent-src/skills/feature-planning/SKILL.md

@@ -145,7 +145,7 @@ Structural roadmap tasks must include:
 
 1. **Exact file path** — `app/Modules/Auth/Services/LoginService.php`, never *"the login service"*.
 2. **Complete code** — every method body, import, and signature ready to paste; no `// existing code` ellipses, no `…`.
-3. **Exact command** — `php artisan migrate --path=database/migrations/2026_05_09_create_logins.php`, never *"run the migration"*.
+3. **Exact command** — the precise CLI invocation, never *"run the migration"*. Examples: `php artisan migrate --path=database/migrations/2026_05_09_create_logins.php` (Laravel), `bin/console doctrine:migrations:migrate --no-interaction` (Symfony), `bin/rails db:migrate VERSION=20260509…` (Rails), `npx prisma migrate deploy` (Prisma), `alembic upgrade +1` (Python / Alembic), `sqlx migrate run` (Rust).
 4. **Expected output** — what success looks like (`Migrated: 2026_05_09_create_logins`) and the exit code.
 5. **No placeholders** — angle-bracket placeholders, `TODO`, `FIXME`, `tbd`, and `???` are blockers; resolve before the task ships.
 

package/.agent-src/skills/file-editor/SKILL.md

@@ -40,7 +40,7 @@ Relevant settings for this skill:
 
 | Key | Values | Default | Description |
 |---|---|---|---|
-| `personal.ide` | `code`, `phpstorm` | _(empty)_ | CLI command to open files |
+| `personal.ide` | `code`, `cursor`, `windsurf`, `phpstorm`, `webstorm`, `idea`, `goland`, `rubymine`, `pycharm`, `rider`, `subl`, `vim`, `nvim`, `emacs`, `zed` | _(empty)_ | CLI command to open files |
 | `personal.open_edited_files` | `true`, `false` | `false` | Whether to auto-open edited files |
 
 ## Behavior
@@ -62,31 +62,49 @@ cat .agent-settings.yml 2>/dev/null
 After editing one or more files, open them using the `ide` setting.
 **Always jump to the first edited line.** The syntax depends on the IDE:
 
-**PhpStorm** (`personal.ide: phpstorm`):
+**JetBrains IDEs** (`personal.ide: phpstorm` / `webstorm` / `idea` / `pycharm` / `goland` / `rubymine` / `rider`):
 ```bash
-phpstorm --line {line} {file}
+phpstorm --line {line} {file}        # PHP
+webstorm --line {line} {file}        # JS / TS
+idea     --line {line} {file}        # Java / Kotlin / general
+pycharm  --line {line} {file}        # Python
+goland   --line {line} {file}        # Go
 ```
 
-**VS Code** (`personal.ide: code`):
+**VS Code-family** (`personal.ide: code` / `cursor` / `windsurf`):
 ```bash
-code -g {file}:{line}
+code    --goto {file}:{line}
+cursor  --goto {file}:{line}
+windsurf --goto {file}:{line}
 ```
 
-For multiple files, run one command per file:
+**Zed** (`personal.ide: zed`):
 ```bash
-# PhpStorm
-phpstorm --line 42 app/Models/User.php
-phpstorm --line 15 app/Services/UserService.php
+zed {file}:{line}
+```
 
-# VS Code
-code -g app/Models/User.php:42
-code -g app/Services/UserService.php:15
+**Terminal editors** (`personal.ide: vim` / `nvim` / `emacs`):
+```bash
+vim  +{line} {file}
+nvim +{line} {file}
+emacs +{line} {file}
 ```
 
-If the line number is unknown (e.g. new file), omit the line parameter:
+For multiple files, run one command per file:
 ```bash
-phpstorm app/Models/User.php
-code app/Models/User.php
+# JetBrains (PhpStorm / WebStorm / GoLand / PyCharm)
+phpstorm --line 42 src/Services/UserService.php
+webstorm --line 15 src/services/user-service.ts
+goland   --line 27 internal/user/service.go
+pycharm  --line 88 app/services/user_service.py
+
+# VS Code-family
+code     --goto src/services/user-service.ts:15
+cursor   --goto app/services/user_service.py:88
+
+# Open file without jumping to a line
+code     src/services/user-service.ts
+phpstorm src/Services/UserService.php
 ```
 
 ### Rules
@@ -102,8 +120,16 @@ code app/Models/User.php
 
 | IDE | Command | Install |
 |---|---|---|
-| VS Code | `code {file}` | Shell Command: Install 'code' in PATH |
-| PhpStorm | `phpstorm {file}` | JetBrains Toolbox CLI or `Create command-line launcher` in PhpStorm |
+| VS Code         | `code {file}`     | Shell Command: Install 'code' in PATH                                        |
+| Cursor          | `cursor {file}`   | Settings → "Install 'cursor' shell command"                                  |
+| Windsurf        | `windsurf {file}` | Settings → "Install 'windsurf' shell command"                                |
+| Zed             | `zed {file}`      | Settings → "Install CLI" (creates `zed` in PATH)                             |
+| PhpStorm        | `phpstorm {file}` | JetBrains Toolbox CLI or *Tools → Create command-line launcher* in PhpStorm  |
+| WebStorm        | `webstorm {file}` | JetBrains Toolbox CLI or *Tools → Create command-line launcher* in WebStorm  |
+| IntelliJ IDEA   | `idea {file}`     | JetBrains Toolbox CLI or *Tools → Create command-line launcher* in IDEA      |
+| PyCharm         | `pycharm {file}`  | JetBrains Toolbox CLI or *Tools → Create command-line launcher* in PyCharm   |
+| GoLand          | `goland {file}`   | JetBrains Toolbox CLI or *Tools → Create command-line launcher* in GoLand    |
+| Vim / Neovim    | `vim {file}` / `nvim {file}` | Bundled with most distros                                         |
 
 ## Output format
 
@@ -121,8 +147,8 @@ code app/Models/User.php
 ## Gotcha
 
 - Check `.agent-settings.yml` for `personal.open_edited_files` before opening anything — the user may have disabled it.
-- Don't open files during batch operations (e.g., fixing 20 PHPStan errors) — only open when specifically relevant.
-- PHPStorm sometimes locks files when opening — wait briefly before editing the same file.
+- Don't open files during batch operations (e.g., fixing 20 type-checker errors across PHPStan / tsc / mypy / `cargo check`) — only open when specifically relevant.
+- JetBrains IDEs (PhpStorm, WebStorm, IDEA, PyCharm, GoLand, RubyMine, Rider) sometimes briefly lock a file on open — wait a moment before editing the same file.
 
 ## Do NOT
 

package/.agent-src/skills/finishing-a-development-branch/SKILL.md

@@ -61,7 +61,7 @@ Run the full end-of-work gate before presenting any options — see
 
 1. Targeted tests green
 2. Full test suite green
-3. Quality pipeline (PHPStan → Rector dry-run → ECS → PHPStan) green
+3. Quality pipeline green — the project's full sequence (type-checker → auto-fixer dry-run → linter → type-checker; e.g. PHPStan → Rector → ECS → PHPStan for Laravel-PHP, tsc → eslint --fix → eslint → tsc for TS, mypy → ruff --fix → ruff → mypy for Python)
 4. `git status` clean — nothing unstaged, no stray files
 5. Branch is pushed or explicitly marked local-only
 
@@ -102,7 +102,7 @@ a different sub-procedure (steps 5a–5d).
 1. Ensure the branch is up to date with the base →
    [`prepare-for-review`](../../commands/prepare-for-review.md)
 2. Self-review the full diff → [`review-changes`](../../commands/review-changes.md)
-3. Write the PR description → [`create-pr-description`](../../commands/create-pr-description.md)
+3. Write the PR description → [`create-pr-description`](../../commands/create-pr/description-only.md)
 4. Open the PR → [`create-pr`](../../commands/create-pr.md)
 5. Confirm the PR opened green, not red