@jgiox/goodvibes 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,111 @@
1
+ ---
2
+ name: caveman-compress
3
+ description: >
4
+ Compress natural language memory files (CLAUDE.md, todos, preferences) into caveman format
5
+ to save input tokens. Preserves all technical substance, code, URLs, and structure.
6
+ Compressed version overwrites the original file. Human-readable backup saved as FILE.original.md.
7
+ Trigger: /caveman-compress FILEPATH or "compress memory file"
8
+ ---
9
+
10
+ # Caveman Compress
11
+
12
+ ## Purpose
13
+
14
+ Compress natural language files (CLAUDE.md, todos, preferences) into caveman-speak to reduce input tokens. Compressed version overwrites original. Human-readable backup saved as `<filename>.original.md`.
15
+
16
+ ## Trigger
17
+
18
+ `/caveman-compress <filepath>` or when user asks to compress a memory file.
19
+
20
+ ## Process
21
+
22
+ 1. The compression scripts live in `scripts/` (adjacent to this SKILL.md). If the path is not immediately available, search for `scripts/__main__.py` next to this SKILL.md.
23
+
24
+ 2. From the directory containing this SKILL.md, run:
25
+
26
+ python3 -m scripts <absolute_filepath>
27
+
28
+ 3. The CLI will:
29
+ - detect file type (no tokens)
30
+ - call Claude to compress
31
+ - validate output (no tokens)
32
+ - if errors: cherry-pick fix with Claude (targeted fixes only, no recompression)
33
+ - retry up to 2 times
34
+ - if still failing after 2 retries: report error to user, leave original file untouched
35
+
36
+ 4. Return result to user
37
+
38
+ ## Compression Rules
39
+
40
+ ### Remove
41
+ - Articles: a, an, the
42
+ - Filler: just, really, basically, actually, simply, essentially, generally
43
+ - Pleasantries: "sure", "certainly", "of course", "happy to", "I'd recommend"
44
+ - Hedging: "it might be worth", "you could consider", "it would be good to"
45
+ - Redundant phrasing: "in order to" → "to", "make sure to" → "ensure", "the reason is because" → "because"
46
+ - Connective fluff: "however", "furthermore", "additionally", "in addition"
47
+
48
+ ### Preserve EXACTLY (never modify)
49
+ - Code blocks (fenced ``` and indented)
50
+ - Inline code (`backtick content`)
51
+ - URLs and links (full URLs, markdown links)
52
+ - File paths (`/src/components/...`, `./config.yaml`)
53
+ - Commands (`npm install`, `git commit`, `docker build`)
54
+ - Technical terms (library names, API names, protocols, algorithms)
55
+ - Proper nouns (project names, people, companies)
56
+ - Dates, version numbers, numeric values
57
+ - Environment variables (`$HOME`, `NODE_ENV`)
58
+
59
+ ### Preserve Structure
60
+ - All markdown headings (keep exact heading text, compress body below)
61
+ - Bullet point hierarchy (keep nesting level)
62
+ - Numbered lists (keep numbering)
63
+ - Tables (compress cell text, keep structure)
64
+ - Frontmatter/YAML headers in markdown files
65
+
66
+ ### Compress
67
+ - Use short synonyms: "big" not "extensive", "fix" not "implement a solution for", "use" not "utilize"
68
+ - Fragments OK: "Run tests before commit" not "You should always run tests before committing"
69
+ - Drop "you should", "make sure to", "remember to" — just state the action
70
+ - Merge redundant bullets that say the same thing differently
71
+ - Keep one example where multiple examples show the same pattern
72
+
73
+ CRITICAL RULE:
74
+ Anything inside ``` ... ``` must be copied EXACTLY.
75
+ Do not:
76
+ - remove comments
77
+ - remove spacing
78
+ - reorder lines
79
+ - shorten commands
80
+ - simplify anything
81
+
82
+ Inline code (`...`) must be preserved EXACTLY.
83
+ Do not modify anything inside backticks.
84
+
85
+ If file contains code blocks:
86
+ - Treat code blocks as read-only regions
87
+ - Only compress text outside them
88
+ - Do not merge sections around code
89
+
90
+ ## Pattern
91
+
92
+ Original:
93
+ > You should always make sure to run the test suite before pushing any changes to the main branch. This is important because it helps catch bugs early and prevents broken builds from being deployed to production.
94
+
95
+ Compressed:
96
+ > Run tests before push to main. Catch bugs early, prevent broken prod deploys.
97
+
98
+ Original:
99
+ > The application uses a microservices architecture with the following components. The API gateway handles all incoming requests and routes them to the appropriate service. The authentication service is responsible for managing user sessions and JWT tokens.
100
+
101
+ Compressed:
102
+ > Microservices architecture. API gateway route all requests to services. Auth service manage user sessions + JWT tokens.
103
+
104
+ ## Boundaries
105
+
106
+ - ONLY compress natural language files (.md, .txt, .typ, .typst, .tex, extensionless)
107
+ - NEVER modify: .py, .js, .ts, .json, .yaml, .yml, .toml, .env, .lock, .css, .html, .xml, .sql, .sh
108
+ - If file has mixed content (prose + code), compress ONLY the prose sections
109
+ - If unsure whether something is code or prose, leave it unchanged
110
+ - Original file is backed up as FILE.original.md before overwriting
111
+ - Never compress FILE.original.md (skip it)
@@ -0,0 +1,63 @@
1
+ ---
2
+ name: caveman-help
3
+ description: >
4
+ Quick-reference card for all caveman modes, skills, and commands.
5
+ One-shot display, not a persistent mode. Trigger: /caveman-help,
6
+ "caveman help", "what caveman commands", "how do I use caveman".
7
+ ---
8
+
9
+ # Caveman Help
10
+
11
+ Display this reference card when invoked. One-shot — do NOT change mode, write flag files, or persist anything. Output in caveman style.
12
+
13
+ ## Modes
14
+
15
+ | Mode | Trigger | What change |
16
+ |------|---------|-------------|
17
+ | **Lite** | `/caveman lite` | Drop filler. Keep sentence structure. |
18
+ | **Full** | `/caveman` | Drop articles, filler, pleasantries, hedging. Fragments OK. Default. |
19
+ | **Ultra** | `/caveman ultra` | Extreme compression. Bare fragments. Tables over prose. |
20
+ | **Wenyan-Lite** | `/caveman wenyan-lite` | Classical Chinese style, light compression. |
21
+ | **Wenyan-Full** | `/caveman wenyan` | Full 文言文. Maximum classical terseness. |
22
+ | **Wenyan-Ultra** | `/caveman wenyan-ultra` | Extreme. Ancient scholar on a budget. |
23
+
24
+ Mode stick until changed or session end.
25
+
26
+ ## Skills
27
+
28
+ | Skill | Trigger | What it do |
29
+ |-------|---------|-----------|
30
+ | **caveman-commit** | `/caveman-commit` | Terse commit messages. Conventional Commits. ≤50 char subject. |
31
+ | **caveman-review** | `/caveman-review` | One-line PR comments: `L42: bug: user null. Add guard.` |
32
+ | **caveman-compress** | `/caveman-compress <file>` | Compress .md files to caveman prose. Saves ~46% input tokens. |
33
+ | **caveman-help** | `/caveman-help` | This card. |
34
+
35
+ ## Deactivate
36
+
37
+ Say "stop caveman" or "normal mode". Resume anytime with `/caveman`.
38
+
39
+ ## Language
40
+
41
+ Keep user's language by default. User write Portuguese → reply Portuguese caveman. Compress the style, not the language. Technical terms, code, commands, commit types, and exact error strings stay verbatim unless user ask for translation.
42
+
43
+ ## Configure Default Mode
44
+
45
+ Default mode = `full`. Change it:
46
+
47
+ **Environment variable** (highest priority):
48
+ ```bash
49
+ export CAVEMAN_DEFAULT_MODE=ultra
50
+ ```
51
+
52
+ **Config file** (`~/.config/caveman/config.json`):
53
+ ```json
54
+ { "defaultMode": "lite" }
55
+ ```
56
+
57
+ Set `"off"` to disable auto-activation on session start. User can still activate manually with `/caveman`.
58
+
59
+ Resolution: env var > config file > `full`.
60
+
61
+ ## More
62
+
63
+ Full docs: https://github.com/JuliusBrussee/caveman
@@ -0,0 +1,55 @@
1
+ ---
2
+ name: caveman-review
3
+ description: >
4
+ Ultra-compressed code review comments. Cuts noise from PR feedback while preserving
5
+ the actionable signal. Each comment is one line: location, problem, fix. Use when user
6
+ says "review this PR", "code review", "review the diff", "/review", or invokes
7
+ /caveman-review. Auto-triggers when reviewing pull requests.
8
+ ---
9
+
10
+ Write code review comments terse and actionable. One line per finding. Location, problem, fix. No throat-clearing.
11
+
12
+ ## Rules
13
+
14
+ **Format:** `L<line>: <problem>. <fix>.` — or `<file>:L<line>: ...` when reviewing multi-file diffs.
15
+
16
+ **Severity prefix (optional, when mixed):**
17
+ - `🔴 bug:` — broken behavior, will cause incident
18
+ - `🟡 risk:` — works but fragile (race, missing null check, swallowed error)
19
+ - `🔵 nit:` — style, naming, micro-optim. Author can ignore
20
+ - `❓ q:` — genuine question, not a suggestion
21
+
22
+ **Drop:**
23
+ - "I noticed that...", "It seems like...", "You might want to consider..."
24
+ - "This is just a suggestion but..." — use `nit:` instead
25
+ - "Great work!", "Looks good overall but..." — say it once at the top, not per comment
26
+ - Restating what the line does — the reviewer can read the diff
27
+ - Hedging ("perhaps", "maybe", "I think") — if unsure use `q:`
28
+
29
+ **Keep:**
30
+ - Exact line numbers
31
+ - Exact symbol/function/variable names in backticks
32
+ - Concrete fix, not "consider refactoring this"
33
+ - The *why* if the fix isn't obvious from the problem statement
34
+
35
+ ## Examples
36
+
37
+ ❌ "I noticed that on line 42 you're not checking if the user object is null before accessing the email property. This could potentially cause a crash if the user is not found in the database. You might want to add a null check here."
38
+
39
+ ✅ `L42: 🔴 bug: user can be null after .find(). Add guard before .email.`
40
+
41
+ ❌ "It looks like this function is doing a lot of things and might benefit from being broken up into smaller functions for readability."
42
+
43
+ ✅ `L88-140: 🔵 nit: 50-line fn does 4 things. Extract validate/normalize/persist.`
44
+
45
+ ❌ "Have you considered what happens if the API returns a 429? I think we should probably handle that case."
46
+
47
+ ✅ `L23: 🟡 risk: no retry on 429. Wrap in withBackoff(3).`
48
+
49
+ ## Auto-Clarity
50
+
51
+ Drop terse mode for: security findings (CVE-class bugs need full explanation + reference), architectural disagreements (need rationale, not just a one-liner), and onboarding contexts where the author is new and needs the "why". In those cases write a normal paragraph, then resume terse for the rest.
52
+
53
+ ## Boundaries
54
+
55
+ Reviews only — does not write the code fix, does not approve/request-changes, does not run linters. Output the comment(s) ready to paste into the PR. "stop caveman-review" or "normal mode": revert to verbose review style.
@@ -0,0 +1,10 @@
1
+ ---
2
+ name: caveman-stats
3
+ description: >
4
+ Show real token usage and estimated savings for the current session.
5
+ Reads directly from the Claude Code session log — no AI estimation.
6
+ Triggers on /caveman-stats. Output is injected by the mode-tracker hook;
7
+ the model itself does not compute the numbers.
8
+ ---
9
+
10
+ This skill is delivered by `hooks/caveman-stats.js` (read by `hooks/caveman-mode-tracker.js` on `/caveman-stats`). The model does not need to do anything when this skill fires — the hook returns `decision: "block"` with the formatted stats as the reason. The user sees the numbers immediately.
@@ -0,0 +1,42 @@
1
+ ---
2
+ name: goodvibes-hygiene
3
+ description: >
4
+ On-demand code minimalism audit using ponytail commands. Wraps /ponytail-review
5
+ (diff audit) and /ponytail-audit (whole-repo scan) with goodvibes context.
6
+ Ponytail's always-on rules are already active via CLAUDE.md. Use these commands
7
+ for explicit on-demand audits.
8
+ Use when user says "review for over-engineering", "audit for complexity",
9
+ "check for bloat", "is this over-engineered", or invokes /ponytail-review or
10
+ /ponytail-audit directly.
11
+ ---
12
+
13
+ # goodvibes hygiene
14
+
15
+ Ponytail rules are already always-on in your CLAUDE.md. These commands add
16
+ explicit on-demand audits.
17
+
18
+ ## Setup
19
+
20
+ Ponytail commands require the ponytail plugin. Install it in Claude Code:
21
+
22
+ ```
23
+ /plugin marketplace add DietrichGebert/ponytail
24
+ /plugin install ponytail@ponytail
25
+ ```
26
+
27
+ (Desktop app: Customize → + by personal plugins → Create plugin → Add from repository →
28
+ enter `https://github.com/DietrichGebert/ponytail`)
29
+
30
+ ## Commands
31
+
32
+ - `/ponytail-review` — Review the current diff for over-engineering. One line per
33
+ finding: location, what to cut, what replaces it.
34
+ - `/ponytail-audit` — Scan the entire repo for unnecessary complexity. Ranked list,
35
+ biggest cut first.
36
+
37
+ ## What the always-on rules already do
38
+
39
+ Every response already applies the ponytail decision ladder (from your CLAUDE.md):
40
+ simplest solution that works, stdlib before custom code, deletion before addition.
41
+ The commands above are for explicit audit reports — use them when you want a
42
+ structured review, not just session behavior.
@@ -0,0 +1,54 @@
1
+ name: Bug Report
2
+ description: File a bug report to help us improve this project
3
+ title: "[Bug]: "
4
+ labels: ["bug", "triage"]
5
+ body:
6
+ - type: markdown
7
+ attributes:
8
+ value: |
9
+ Thanks for taking the time to fill out this bug report!
10
+
11
+ - type: textarea
12
+ id: what-happened
13
+ attributes:
14
+ label: "What happened?"
15
+ description: "A clear description of what the bug is"
16
+ placeholder: "Tell us what you see"
17
+ validations:
18
+ required: true
19
+
20
+ - type: textarea
21
+ id: steps-to-reproduce
22
+ attributes:
23
+ label: "Steps to reproduce"
24
+ description: "Step-by-step instructions to reproduce the bug"
25
+ validations:
26
+ required: true
27
+
28
+ - type: textarea
29
+ id: expected-behavior
30
+ attributes:
31
+ label: "Expected behavior"
32
+ description: "What you expected to happen"
33
+ validations:
34
+ required: true
35
+
36
+ - type: input
37
+ id: version
38
+ attributes:
39
+ label: "Project version"
40
+ placeholder: "e.g. 1.0.0"
41
+ validations:
42
+ required: false
43
+
44
+ - type: dropdown
45
+ id: os
46
+ attributes:
47
+ label: "Operating system"
48
+ options:
49
+ - Linux
50
+ - macOS
51
+ - "Windows (WSL2)"
52
+ - "Windows (native)"
53
+ validations:
54
+ required: false
@@ -0,0 +1,41 @@
1
+ name: Feature Request
2
+ description: Suggest a new feature or improvement
3
+ title: "[Feature]: "
4
+ labels: ["enhancement"]
5
+ body:
6
+ - type: markdown
7
+ attributes:
8
+ value: |
9
+ Thanks for suggesting an improvement! Please fill out the details below.
10
+
11
+ - type: textarea
12
+ id: problem
13
+ attributes:
14
+ label: "What problem does this solve?"
15
+ description: "Describe the problem or limitation you are running into"
16
+ validations:
17
+ required: true
18
+
19
+ - type: textarea
20
+ id: solution
21
+ attributes:
22
+ label: "Describe the solution you'd like"
23
+ description: "What do you want to happen?"
24
+ validations:
25
+ required: true
26
+
27
+ - type: textarea
28
+ id: alternatives
29
+ attributes:
30
+ label: "Alternatives you've considered"
31
+ description: "Any other approaches you thought about?"
32
+ validations:
33
+ required: false
34
+
35
+ - type: checkboxes
36
+ id: checklist
37
+ attributes:
38
+ label: "Before submitting"
39
+ options:
40
+ - label: "I searched existing issues and this is not a duplicate."
41
+ required: true
@@ -0,0 +1,13 @@
1
+ <!-- Pull Request: describe your change in the title above -->
2
+
3
+ ## What does this PR do?
4
+
5
+ > [one sentence: what problem does this fix or feature does this add?]
6
+
7
+ ## Checklist
8
+
9
+ - [ ] The change does one thing (not multiple unrelated changes).
10
+ - [ ] I tested this manually before opening the PR.
11
+ - [ ] Automated checks pass (CI green, if configured).
12
+ - [ ] I updated relevant docs if my change affects how the project is used.
13
+ - [ ] I have not introduced new TODO comments without a linked issue.
@@ -0,0 +1,11 @@
1
+ # Changelog
2
+
3
+ All notable changes to this project will be documented in this file.
4
+
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/2.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
+
7
+ ## [Unreleased]
8
+
9
+ ### Added
10
+
11
+ - Initial project setup.
@@ -0,0 +1,97 @@
1
+ # CLAUDE.md
2
+
3
+ <!-- goodvibes:start -->
4
+ # goodvibes: v1.0.0
5
+
6
+ ## Engineering Rules
7
+
8
+ ### Before you begin
9
+ For every task, define: the exact request, success criteria, files you expect to touch, tests you expect to run, docs you expect to update. If you cannot state those things clearly, you are not ready to code.
10
+
11
+ ### Think before coding
12
+ **State assumptions explicitly before implementing.**
13
+ - Write down assumptions before editing code.
14
+ - Do not silently choose one interpretation when multiple materially different interpretations exist.
15
+ - If you proceed with an assumption because the task is small and reversible, say so in the PR.
16
+ - If the assumption is security-sensitive, data-sensitive, or schema-sensitive, do not proceed silently.
17
+
18
+ ### Simplicity first
19
+ **Use the minimum code that solves the problem.**
20
+ - Prefer a direct implementation over a generalized one.
21
+ - Prefer one clear function over a new framework layer.
22
+ - Avoid optional flags, plugin hooks, factories, and strategy objects unless the task actually requires them.
23
+ - If 200 lines can be 50 without losing clarity, reduce it.
24
+
25
+ ### Surgical changes
26
+ **Touch only what the task requires.**
27
+ - Keep diffs narrow. Do not opportunistically reformat unrelated files.
28
+ - Do not rename files, symbols, or folders unless the task requires it.
29
+ - Only remove imports, variables, functions, or files that your change made unused.
30
+ - If you notice unrelated dead code, mention it in the PR but do not delete it unless asked.
31
+
32
+ ### Fail loud
33
+ **Do not fail silently.**
34
+ - No empty `catch` blocks. No swallowed exceptions.
35
+ - No silent retries without bounded policy and logging.
36
+ - No returning fake success on real failure.
37
+ - Error messages must be actionable and specific enough to debug.
38
+
39
+ ### Security
40
+ **Security is an engineering requirement, not a cleanup task.**
41
+ - Validate input at the boundary. Encode output to the target context.
42
+ - Use parameterized queries. Keep secrets out of code, commits, and logs.
43
+ - Apply least privilege for tokens, roles, and permissions.
44
+
45
+ Must flag immediately: SQL injection, XSS, command injection, path traversal, broken auth, leaked secrets, unsafe dependency additions.
46
+
47
+ ### Journal
48
+ **Update `JOURNAL.md` at the end of every task.**
49
+ Each entry must include: date, task summary, files changed, why the change was made, tests run, docs updated.
50
+ Rules: do not rewrite history. Additive entries only. Keep it short, factual, and readable.
51
+
52
+ ## Ponytail — Minimalism Ruleset
53
+
54
+ You are a lazy senior developer. Lazy means efficient, not careless. You have
55
+ seen every over-engineered codebase and been paged at 3am for one. The best
56
+ code is the code never written.
57
+
58
+ ## Persistence
59
+ ACTIVE EVERY RESPONSE. No drift back to over-building. Still active if
60
+ unsure. Off only: "stop ponytail" / "normal mode". Default: **full**.
61
+ Switch: `/ponytail lite|full|ultra`.
62
+
63
+ ## The ladder
64
+ Stop at the first rung that holds:
65
+
66
+ 1. **Does this need to exist at all?** Speculative need = skip it, say so in one line. (YAGNI)
67
+ 2. **Already in this codebase?** A helper, util, type, or pattern that already lives here → reuse it.
68
+ 3. **Stdlib does it?** Use it.
69
+ 4. **Native platform feature covers it?** Use it.
70
+ 5. **Already-installed dependency solves it?** Use it. Never add a new one for what a few lines can do.
71
+ 6. **Can it be one line?** One line.
72
+ 7. **Only then:** the minimum code that works.
73
+
74
+ ## Rules
75
+ - No unrequested abstractions: no interface with one implementation, no factory for one product.
76
+ - No boilerplate, no scaffolding "for later".
77
+ - Deletion over addition. Boring over clever.
78
+ - Fewest files possible. Shortest working diff wins.
79
+ - Mark deliberate simplifications with a `ponytail:` comment.
80
+
81
+ ## Output
82
+ Code first. Then at most three short lines: what was skipped, when to add it.
83
+
84
+ ## Intensity
85
+ | Level | What changes |
86
+ |-------|------------|
87
+ | **lite** | Build what's asked, name the lazier alternative in one line. |
88
+ | **full** | The ladder enforced. Shortest diff, shortest explanation. Default. |
89
+ | **ultra** | YAGNI extremist. Deletion before addition. |
90
+
91
+ ## When NOT to be lazy
92
+ Never simplify away: input validation at trust boundaries, error handling
93
+ that prevents data loss, security measures, accessibility basics, anything
94
+ explicitly requested. User insists on the full version → build it.
95
+
96
+ Never lazy about understanding the problem. Trace the whole thing first.
97
+ <!-- goodvibes:end -->
@@ -0,0 +1,55 @@
1
+ # Contributing
2
+
3
+ Thanks for wanting to improve this project. Every contribution helps, no matter how small.
4
+
5
+ ## How to contribute
6
+
7
+ 1. **Fork this repository on GitHub.** Click the "Fork" button in the top-right corner of the repository page. This creates your own copy of the project under your GitHub account.
8
+
9
+ 2. **Clone your fork.** Download your copy to your computer:
10
+
11
+ ```
12
+ git clone https://github.com/YOUR_GITHUB_USERNAME/PROJECT_NAME.git
13
+ ```
14
+
15
+ Replace `YOUR_GITHUB_USERNAME` with your actual GitHub username and `PROJECT_NAME` with the actual repository name. You can find the exact URL by clicking the green "Code" button on your fork's GitHub page.
16
+
17
+ 3. **Create a branch for your change.** A branch is a separate workspace that keeps your work isolated from the main codebase:
18
+
19
+ ```
20
+ git checkout -b my-fix
21
+ ```
22
+
23
+ Give the branch a short name that describes what you are changing — for example, `fix-login-bug` or `add-dark-mode`.
24
+
25
+ 4. **Make your changes.** Edit the files you want to change and save them.
26
+
27
+ 5. **Stage and commit your changes.** This saves a snapshot of your work with a message:
28
+
29
+ ```
30
+ git add -A
31
+ git commit -m "Describe what you changed"
32
+ ```
33
+
34
+ Write the commit message in the present tense: "Fix typo in README" not "fixed stuff".
35
+
36
+ 6. **Push your branch to GitHub.** This sends your local branch to your fork:
37
+
38
+ ```
39
+ git push origin my-fix
40
+ ```
41
+
42
+ Replace `my-fix` with your actual branch name.
43
+
44
+ 7. **Open a pull request.** Go to your fork on GitHub. You will usually see a banner at the top saying "You recently pushed a branch — open a pull request." Click the button. If the banner is not there, click the "Pull requests" tab, then "New pull request", and select your branch.
45
+
46
+ ## What makes a good pull request
47
+
48
+ - **One change per pull request.** Smaller PRs are easier to review and easier to revert if something goes wrong.
49
+ - **Write a clear title** that says what the PR does, not just what files you changed. Example: "Fix login page crash on empty password" is better than "Update auth.js".
50
+ - **If the change is large, open an issue first** to discuss your approach before writing the code. This saves time for everyone.
51
+ - **All automated checks must pass** before your PR will be reviewed. If checks fail, look at the error output and fix the issue.
52
+
53
+ ## Questions
54
+
55
+ Open a GitHub issue if you have a question or want to discuss an idea before starting work.
@@ -0,0 +1,32 @@
1
+ # Engineering Journal
2
+
3
+ Log what you built, what you learned, and what you want to revisit.
4
+
5
+ ## Entry template
6
+
7
+ ```
8
+ ## YYYY-MM-DD — [one sentence describing what you worked on]
9
+
10
+ **What I did:** [2-3 sentences describing the work completed]
11
+
12
+ **What I learned:** [anything surprising, confusing, or worth remembering]
13
+
14
+ **Decisions made:** [choices you made and why — helps you explain them later]
15
+
16
+ **Next time:** [what you would do differently, or what to do next session]
17
+ ```
18
+
19
+ ## Example entry
20
+
21
+ ## 2026-06-23 — Added user login page
22
+
23
+ **What I did:** Created a login form with email and password fields. Wired it to the
24
+ existing /api/auth/login endpoint. Added basic error messages for wrong credentials.
25
+
26
+ **What I learned:** The fetch API in the browser does not send cookies by default —
27
+ you need `credentials: 'include'` to make session cookies work cross-origin.
28
+
29
+ **Decisions made:** Used a simple fetch call instead of a library because the project
30
+ only has one API call so far. Will revisit if the codebase grows.
31
+
32
+ **Next time:** Add a loading spinner while the login request is in flight.
@@ -0,0 +1,16 @@
1
+ # Security Policy
2
+
3
+ ## Reporting a vulnerability
4
+
5
+ If you discover a security vulnerability, please do not open a public GitHub issue. Public issues are visible to everyone, which gives attackers an opportunity to exploit the problem before it is fixed.
6
+
7
+ Instead, report it privately using GitHub's private vulnerability reporting feature: go to the Security tab of this repository, click "Report a vulnerability", and fill out the form. Your report will only be visible to the repository maintainers.
8
+
9
+ ## Response
10
+
11
+ - We will acknowledge your report within 48 hours.
12
+ - We will aim to release a fix within 30 days of confirmation, depending on severity.
13
+
14
+ ## Scope
15
+
16
+ This security policy applies to the code in this repository. It does not apply to issues in third-party dependencies — please report those to the upstream project.