@jgiox/goodvibes 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +295 -0
- package/package.json +51 -0
- package/templates/.claude/skills/cavecrew/README.md +41 -0
- package/templates/.claude/skills/cavecrew/SKILL.md +82 -0
- package/templates/.claude/skills/caveman/README.md +48 -0
- package/templates/.claude/skills/caveman/SKILL.md +78 -0
- package/templates/.claude/skills/caveman-commit/SKILL.md +65 -0
- package/templates/.claude/skills/caveman-compress/SKILL.md +111 -0
- package/templates/.claude/skills/caveman-help/SKILL.md +63 -0
- package/templates/.claude/skills/caveman-review/SKILL.md +55 -0
- package/templates/.claude/skills/caveman-stats/SKILL.md +10 -0
- package/templates/.claude/skills/goodvibes-hygiene/SKILL.md +42 -0
- package/templates/.github/ISSUE_TEMPLATE/bug_report.yml +54 -0
- package/templates/.github/ISSUE_TEMPLATE/feature_request.yml +41 -0
- package/templates/.github/PULL_REQUEST_TEMPLATE.md +13 -0
- package/templates/CHANGELOG.md +11 -0
- package/templates/CLAUDE.md +97 -0
- package/templates/CONTRIBUTING.md +55 -0
- package/templates/JOURNAL.md +32 -0
- package/templates/SECURITY.md +16 -0
- package/templates/docs/onboarding.md +95 -0
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: caveman-compress
|
|
3
|
+
description: >
|
|
4
|
+
Compress natural language memory files (CLAUDE.md, todos, preferences) into caveman format
|
|
5
|
+
to save input tokens. Preserves all technical substance, code, URLs, and structure.
|
|
6
|
+
Compressed version overwrites the original file. Human-readable backup saved as FILE.original.md.
|
|
7
|
+
Trigger: /caveman-compress FILEPATH or "compress memory file"
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Caveman Compress
|
|
11
|
+
|
|
12
|
+
## Purpose
|
|
13
|
+
|
|
14
|
+
Compress natural language files (CLAUDE.md, todos, preferences) into caveman-speak to reduce input tokens. Compressed version overwrites original. Human-readable backup saved as `<filename>.original.md`.
|
|
15
|
+
|
|
16
|
+
## Trigger
|
|
17
|
+
|
|
18
|
+
`/caveman-compress <filepath>` or when user asks to compress a memory file.
|
|
19
|
+
|
|
20
|
+
## Process
|
|
21
|
+
|
|
22
|
+
1. The compression scripts live in `scripts/` (adjacent to this SKILL.md). If the path is not immediately available, search for `scripts/__main__.py` next to this SKILL.md.
|
|
23
|
+
|
|
24
|
+
2. From the directory containing this SKILL.md, run:
|
|
25
|
+
|
|
26
|
+
python3 -m scripts <absolute_filepath>
|
|
27
|
+
|
|
28
|
+
3. The CLI will:
|
|
29
|
+
- detect file type (no tokens)
|
|
30
|
+
- call Claude to compress
|
|
31
|
+
- validate output (no tokens)
|
|
32
|
+
- if errors: cherry-pick fix with Claude (targeted fixes only, no recompression)
|
|
33
|
+
- retry up to 2 times
|
|
34
|
+
- if still failing after 2 retries: report error to user, leave original file untouched
|
|
35
|
+
|
|
36
|
+
4. Return result to user
|
|
37
|
+
|
|
38
|
+
## Compression Rules
|
|
39
|
+
|
|
40
|
+
### Remove
|
|
41
|
+
- Articles: a, an, the
|
|
42
|
+
- Filler: just, really, basically, actually, simply, essentially, generally
|
|
43
|
+
- Pleasantries: "sure", "certainly", "of course", "happy to", "I'd recommend"
|
|
44
|
+
- Hedging: "it might be worth", "you could consider", "it would be good to"
|
|
45
|
+
- Redundant phrasing: "in order to" → "to", "make sure to" → "ensure", "the reason is because" → "because"
|
|
46
|
+
- Connective fluff: "however", "furthermore", "additionally", "in addition"
|
|
47
|
+
|
|
48
|
+
### Preserve EXACTLY (never modify)
|
|
49
|
+
- Code blocks (fenced ``` and indented)
|
|
50
|
+
- Inline code (`backtick content`)
|
|
51
|
+
- URLs and links (full URLs, markdown links)
|
|
52
|
+
- File paths (`/src/components/...`, `./config.yaml`)
|
|
53
|
+
- Commands (`npm install`, `git commit`, `docker build`)
|
|
54
|
+
- Technical terms (library names, API names, protocols, algorithms)
|
|
55
|
+
- Proper nouns (project names, people, companies)
|
|
56
|
+
- Dates, version numbers, numeric values
|
|
57
|
+
- Environment variables (`$HOME`, `NODE_ENV`)
|
|
58
|
+
|
|
59
|
+
### Preserve Structure
|
|
60
|
+
- All markdown headings (keep exact heading text, compress body below)
|
|
61
|
+
- Bullet point hierarchy (keep nesting level)
|
|
62
|
+
- Numbered lists (keep numbering)
|
|
63
|
+
- Tables (compress cell text, keep structure)
|
|
64
|
+
- Frontmatter/YAML headers in markdown files
|
|
65
|
+
|
|
66
|
+
### Compress
|
|
67
|
+
- Use short synonyms: "big" not "extensive", "fix" not "implement a solution for", "use" not "utilize"
|
|
68
|
+
- Fragments OK: "Run tests before commit" not "You should always run tests before committing"
|
|
69
|
+
- Drop "you should", "make sure to", "remember to" — just state the action
|
|
70
|
+
- Merge redundant bullets that say the same thing differently
|
|
71
|
+
- Keep one example where multiple examples show the same pattern
|
|
72
|
+
|
|
73
|
+
CRITICAL RULE:
|
|
74
|
+
Anything inside ``` ... ``` must be copied EXACTLY.
|
|
75
|
+
Do not:
|
|
76
|
+
- remove comments
|
|
77
|
+
- remove spacing
|
|
78
|
+
- reorder lines
|
|
79
|
+
- shorten commands
|
|
80
|
+
- simplify anything
|
|
81
|
+
|
|
82
|
+
Inline code (`...`) must be preserved EXACTLY.
|
|
83
|
+
Do not modify anything inside backticks.
|
|
84
|
+
|
|
85
|
+
If file contains code blocks:
|
|
86
|
+
- Treat code blocks as read-only regions
|
|
87
|
+
- Only compress text outside them
|
|
88
|
+
- Do not merge sections around code
|
|
89
|
+
|
|
90
|
+
## Pattern
|
|
91
|
+
|
|
92
|
+
Original:
|
|
93
|
+
> You should always make sure to run the test suite before pushing any changes to the main branch. This is important because it helps catch bugs early and prevents broken builds from being deployed to production.
|
|
94
|
+
|
|
95
|
+
Compressed:
|
|
96
|
+
> Run tests before push to main. Catch bugs early, prevent broken prod deploys.
|
|
97
|
+
|
|
98
|
+
Original:
|
|
99
|
+
> The application uses a microservices architecture with the following components. The API gateway handles all incoming requests and routes them to the appropriate service. The authentication service is responsible for managing user sessions and JWT tokens.
|
|
100
|
+
|
|
101
|
+
Compressed:
|
|
102
|
+
> Microservices architecture. API gateway route all requests to services. Auth service manage user sessions + JWT tokens.
|
|
103
|
+
|
|
104
|
+
## Boundaries
|
|
105
|
+
|
|
106
|
+
- ONLY compress natural language files (.md, .txt, .typ, .typst, .tex, extensionless)
|
|
107
|
+
- NEVER modify: .py, .js, .ts, .json, .yaml, .yml, .toml, .env, .lock, .css, .html, .xml, .sql, .sh
|
|
108
|
+
- If file has mixed content (prose + code), compress ONLY the prose sections
|
|
109
|
+
- If unsure whether something is code or prose, leave it unchanged
|
|
110
|
+
- Original file is backed up as FILE.original.md before overwriting
|
|
111
|
+
- Never compress FILE.original.md (skip it)
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: caveman-help
|
|
3
|
+
description: >
|
|
4
|
+
Quick-reference card for all caveman modes, skills, and commands.
|
|
5
|
+
One-shot display, not a persistent mode. Trigger: /caveman-help,
|
|
6
|
+
"caveman help", "what caveman commands", "how do I use caveman".
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Caveman Help
|
|
10
|
+
|
|
11
|
+
Display this reference card when invoked. One-shot — do NOT change mode, write flag files, or persist anything. Output in caveman style.
|
|
12
|
+
|
|
13
|
+
## Modes
|
|
14
|
+
|
|
15
|
+
| Mode | Trigger | What change |
|
|
16
|
+
|------|---------|-------------|
|
|
17
|
+
| **Lite** | `/caveman lite` | Drop filler. Keep sentence structure. |
|
|
18
|
+
| **Full** | `/caveman` | Drop articles, filler, pleasantries, hedging. Fragments OK. Default. |
|
|
19
|
+
| **Ultra** | `/caveman ultra` | Extreme compression. Bare fragments. Tables over prose. |
|
|
20
|
+
| **Wenyan-Lite** | `/caveman wenyan-lite` | Classical Chinese style, light compression. |
|
|
21
|
+
| **Wenyan-Full** | `/caveman wenyan` | Full 文言文. Maximum classical terseness. |
|
|
22
|
+
| **Wenyan-Ultra** | `/caveman wenyan-ultra` | Extreme. Ancient scholar on a budget. |
|
|
23
|
+
|
|
24
|
+
Mode stick until changed or session end.
|
|
25
|
+
|
|
26
|
+
## Skills
|
|
27
|
+
|
|
28
|
+
| Skill | Trigger | What it do |
|
|
29
|
+
|-------|---------|-----------|
|
|
30
|
+
| **caveman-commit** | `/caveman-commit` | Terse commit messages. Conventional Commits. ≤50 char subject. |
|
|
31
|
+
| **caveman-review** | `/caveman-review` | One-line PR comments: `L42: bug: user null. Add guard.` |
|
|
32
|
+
| **caveman-compress** | `/caveman-compress <file>` | Compress .md files to caveman prose. Saves ~46% input tokens. |
|
|
33
|
+
| **caveman-help** | `/caveman-help` | This card. |
|
|
34
|
+
|
|
35
|
+
## Deactivate
|
|
36
|
+
|
|
37
|
+
Say "stop caveman" or "normal mode". Resume anytime with `/caveman`.
|
|
38
|
+
|
|
39
|
+
## Language
|
|
40
|
+
|
|
41
|
+
Keep user's language by default. User write Portuguese → reply Portuguese caveman. Compress the style, not the language. Technical terms, code, commands, commit types, and exact error strings stay verbatim unless user ask for translation.
|
|
42
|
+
|
|
43
|
+
## Configure Default Mode
|
|
44
|
+
|
|
45
|
+
Default mode = `full`. Change it:
|
|
46
|
+
|
|
47
|
+
**Environment variable** (highest priority):
|
|
48
|
+
```bash
|
|
49
|
+
export CAVEMAN_DEFAULT_MODE=ultra
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
**Config file** (`~/.config/caveman/config.json`):
|
|
53
|
+
```json
|
|
54
|
+
{ "defaultMode": "lite" }
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Set `"off"` to disable auto-activation on session start. User can still activate manually with `/caveman`.
|
|
58
|
+
|
|
59
|
+
Resolution: env var > config file > `full`.
|
|
60
|
+
|
|
61
|
+
## More
|
|
62
|
+
|
|
63
|
+
Full docs: https://github.com/JuliusBrussee/caveman
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: caveman-review
|
|
3
|
+
description: >
|
|
4
|
+
Ultra-compressed code review comments. Cuts noise from PR feedback while preserving
|
|
5
|
+
the actionable signal. Each comment is one line: location, problem, fix. Use when user
|
|
6
|
+
says "review this PR", "code review", "review the diff", "/review", or invokes
|
|
7
|
+
/caveman-review. Auto-triggers when reviewing pull requests.
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
Write code review comments terse and actionable. One line per finding. Location, problem, fix. No throat-clearing.
|
|
11
|
+
|
|
12
|
+
## Rules
|
|
13
|
+
|
|
14
|
+
**Format:** `L<line>: <problem>. <fix>.` — or `<file>:L<line>: ...` when reviewing multi-file diffs.
|
|
15
|
+
|
|
16
|
+
**Severity prefix (optional, when mixed):**
|
|
17
|
+
- `🔴 bug:` — broken behavior, will cause incident
|
|
18
|
+
- `🟡 risk:` — works but fragile (race, missing null check, swallowed error)
|
|
19
|
+
- `🔵 nit:` — style, naming, micro-optim. Author can ignore
|
|
20
|
+
- `❓ q:` — genuine question, not a suggestion
|
|
21
|
+
|
|
22
|
+
**Drop:**
|
|
23
|
+
- "I noticed that...", "It seems like...", "You might want to consider..."
|
|
24
|
+
- "This is just a suggestion but..." — use `nit:` instead
|
|
25
|
+
- "Great work!", "Looks good overall but..." — say it once at the top, not per comment
|
|
26
|
+
- Restating what the line does — the reviewer can read the diff
|
|
27
|
+
- Hedging ("perhaps", "maybe", "I think") — if unsure use `q:`
|
|
28
|
+
|
|
29
|
+
**Keep:**
|
|
30
|
+
- Exact line numbers
|
|
31
|
+
- Exact symbol/function/variable names in backticks
|
|
32
|
+
- Concrete fix, not "consider refactoring this"
|
|
33
|
+
- The *why* if the fix isn't obvious from the problem statement
|
|
34
|
+
|
|
35
|
+
## Examples
|
|
36
|
+
|
|
37
|
+
❌ "I noticed that on line 42 you're not checking if the user object is null before accessing the email property. This could potentially cause a crash if the user is not found in the database. You might want to add a null check here."
|
|
38
|
+
|
|
39
|
+
✅ `L42: 🔴 bug: user can be null after .find(). Add guard before .email.`
|
|
40
|
+
|
|
41
|
+
❌ "It looks like this function is doing a lot of things and might benefit from being broken up into smaller functions for readability."
|
|
42
|
+
|
|
43
|
+
✅ `L88-140: 🔵 nit: 50-line fn does 4 things. Extract validate/normalize/persist.`
|
|
44
|
+
|
|
45
|
+
❌ "Have you considered what happens if the API returns a 429? I think we should probably handle that case."
|
|
46
|
+
|
|
47
|
+
✅ `L23: 🟡 risk: no retry on 429. Wrap in withBackoff(3).`
|
|
48
|
+
|
|
49
|
+
## Auto-Clarity
|
|
50
|
+
|
|
51
|
+
Drop terse mode for: security findings (CVE-class bugs need full explanation + reference), architectural disagreements (need rationale, not just a one-liner), and onboarding contexts where the author is new and needs the "why". In those cases write a normal paragraph, then resume terse for the rest.
|
|
52
|
+
|
|
53
|
+
## Boundaries
|
|
54
|
+
|
|
55
|
+
Reviews only — does not write the code fix, does not approve/request-changes, does not run linters. Output the comment(s) ready to paste into the PR. "stop caveman-review" or "normal mode": revert to verbose review style.
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: caveman-stats
|
|
3
|
+
description: >
|
|
4
|
+
Show real token usage and estimated savings for the current session.
|
|
5
|
+
Reads directly from the Claude Code session log — no AI estimation.
|
|
6
|
+
Triggers on /caveman-stats. Output is injected by the mode-tracker hook;
|
|
7
|
+
the model itself does not compute the numbers.
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
This skill is delivered by `hooks/caveman-stats.js` (read by `hooks/caveman-mode-tracker.js` on `/caveman-stats`). The model does not need to do anything when this skill fires — the hook returns `decision: "block"` with the formatted stats as the reason. The user sees the numbers immediately.
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: goodvibes-hygiene
|
|
3
|
+
description: >
|
|
4
|
+
On-demand code minimalism audit using ponytail commands. Wraps /ponytail-review
|
|
5
|
+
(diff audit) and /ponytail-audit (whole-repo scan) with goodvibes context.
|
|
6
|
+
Ponytail's always-on rules are already active via CLAUDE.md. Use these commands
|
|
7
|
+
for explicit on-demand audits.
|
|
8
|
+
Use when user says "review for over-engineering", "audit for complexity",
|
|
9
|
+
"check for bloat", "is this over-engineered", or invokes /ponytail-review or
|
|
10
|
+
/ponytail-audit directly.
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# goodvibes hygiene
|
|
14
|
+
|
|
15
|
+
Ponytail rules are already always-on in your CLAUDE.md. These commands add
|
|
16
|
+
explicit on-demand audits.
|
|
17
|
+
|
|
18
|
+
## Setup
|
|
19
|
+
|
|
20
|
+
Ponytail commands require the ponytail plugin. Install it in Claude Code:
|
|
21
|
+
|
|
22
|
+
```
|
|
23
|
+
/plugin marketplace add DietrichGebert/ponytail
|
|
24
|
+
/plugin install ponytail@ponytail
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
(Desktop app: Customize → + by personal plugins → Create plugin → Add from repository →
|
|
28
|
+
enter `https://github.com/DietrichGebert/ponytail`)
|
|
29
|
+
|
|
30
|
+
## Commands
|
|
31
|
+
|
|
32
|
+
- `/ponytail-review` — Review the current diff for over-engineering. One line per
|
|
33
|
+
finding: location, what to cut, what replaces it.
|
|
34
|
+
- `/ponytail-audit` — Scan the entire repo for unnecessary complexity. Ranked list,
|
|
35
|
+
biggest cut first.
|
|
36
|
+
|
|
37
|
+
## What the always-on rules already do
|
|
38
|
+
|
|
39
|
+
Every response already applies the ponytail decision ladder (from your CLAUDE.md):
|
|
40
|
+
simplest solution that works, stdlib before custom code, deletion before addition.
|
|
41
|
+
The commands above are for explicit audit reports — use them when you want a
|
|
42
|
+
structured review, not just session behavior.
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
name: Bug Report
|
|
2
|
+
description: File a bug report to help us improve this project
|
|
3
|
+
title: "[Bug]: "
|
|
4
|
+
labels: ["bug", "triage"]
|
|
5
|
+
body:
|
|
6
|
+
- type: markdown
|
|
7
|
+
attributes:
|
|
8
|
+
value: |
|
|
9
|
+
Thanks for taking the time to fill out this bug report!
|
|
10
|
+
|
|
11
|
+
- type: textarea
|
|
12
|
+
id: what-happened
|
|
13
|
+
attributes:
|
|
14
|
+
label: "What happened?"
|
|
15
|
+
description: "A clear description of what the bug is"
|
|
16
|
+
placeholder: "Tell us what you see"
|
|
17
|
+
validations:
|
|
18
|
+
required: true
|
|
19
|
+
|
|
20
|
+
- type: textarea
|
|
21
|
+
id: steps-to-reproduce
|
|
22
|
+
attributes:
|
|
23
|
+
label: "Steps to reproduce"
|
|
24
|
+
description: "Step-by-step instructions to reproduce the bug"
|
|
25
|
+
validations:
|
|
26
|
+
required: true
|
|
27
|
+
|
|
28
|
+
- type: textarea
|
|
29
|
+
id: expected-behavior
|
|
30
|
+
attributes:
|
|
31
|
+
label: "Expected behavior"
|
|
32
|
+
description: "What you expected to happen"
|
|
33
|
+
validations:
|
|
34
|
+
required: true
|
|
35
|
+
|
|
36
|
+
- type: input
|
|
37
|
+
id: version
|
|
38
|
+
attributes:
|
|
39
|
+
label: "Project version"
|
|
40
|
+
placeholder: "e.g. 1.0.0"
|
|
41
|
+
validations:
|
|
42
|
+
required: false
|
|
43
|
+
|
|
44
|
+
- type: dropdown
|
|
45
|
+
id: os
|
|
46
|
+
attributes:
|
|
47
|
+
label: "Operating system"
|
|
48
|
+
options:
|
|
49
|
+
- Linux
|
|
50
|
+
- macOS
|
|
51
|
+
- "Windows (WSL2)"
|
|
52
|
+
- "Windows (native)"
|
|
53
|
+
validations:
|
|
54
|
+
required: false
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
name: Feature Request
|
|
2
|
+
description: Suggest a new feature or improvement
|
|
3
|
+
title: "[Feature]: "
|
|
4
|
+
labels: ["enhancement"]
|
|
5
|
+
body:
|
|
6
|
+
- type: markdown
|
|
7
|
+
attributes:
|
|
8
|
+
value: |
|
|
9
|
+
Thanks for suggesting an improvement! Please fill out the details below.
|
|
10
|
+
|
|
11
|
+
- type: textarea
|
|
12
|
+
id: problem
|
|
13
|
+
attributes:
|
|
14
|
+
label: "What problem does this solve?"
|
|
15
|
+
description: "Describe the problem or limitation you are running into"
|
|
16
|
+
validations:
|
|
17
|
+
required: true
|
|
18
|
+
|
|
19
|
+
- type: textarea
|
|
20
|
+
id: solution
|
|
21
|
+
attributes:
|
|
22
|
+
label: "Describe the solution you'd like"
|
|
23
|
+
description: "What do you want to happen?"
|
|
24
|
+
validations:
|
|
25
|
+
required: true
|
|
26
|
+
|
|
27
|
+
- type: textarea
|
|
28
|
+
id: alternatives
|
|
29
|
+
attributes:
|
|
30
|
+
label: "Alternatives you've considered"
|
|
31
|
+
description: "Any other approaches you thought about?"
|
|
32
|
+
validations:
|
|
33
|
+
required: false
|
|
34
|
+
|
|
35
|
+
- type: checkboxes
|
|
36
|
+
id: checklist
|
|
37
|
+
attributes:
|
|
38
|
+
label: "Before submitting"
|
|
39
|
+
options:
|
|
40
|
+
- label: "I searched existing issues and this is not a duplicate."
|
|
41
|
+
required: true
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
<!-- Pull Request: describe your change in the title above -->
|
|
2
|
+
|
|
3
|
+
## What does this PR do?
|
|
4
|
+
|
|
5
|
+
> [one sentence: what problem does this fix or feature does this add?]
|
|
6
|
+
|
|
7
|
+
## Checklist
|
|
8
|
+
|
|
9
|
+
- [ ] The change does one thing (not multiple unrelated changes).
|
|
10
|
+
- [ ] I tested this manually before opening the PR.
|
|
11
|
+
- [ ] Automated checks pass (CI green, if configured).
|
|
12
|
+
- [ ] I updated relevant docs if my change affects how the project is used.
|
|
13
|
+
- [ ] I have not introduced new TODO comments without a linked issue.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/2.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
|
+
|
|
7
|
+
## [Unreleased]
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
|
|
11
|
+
- Initial project setup.
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
# CLAUDE.md
|
|
2
|
+
|
|
3
|
+
<!-- goodvibes:start -->
|
|
4
|
+
# goodvibes: v1.0.0
|
|
5
|
+
|
|
6
|
+
## Engineering Rules
|
|
7
|
+
|
|
8
|
+
### Before you begin
|
|
9
|
+
For every task, define: the exact request, success criteria, files you expect to touch, tests you expect to run, docs you expect to update. If you cannot state those things clearly, you are not ready to code.
|
|
10
|
+
|
|
11
|
+
### Think before coding
|
|
12
|
+
**State assumptions explicitly before implementing.**
|
|
13
|
+
- Write down assumptions before editing code.
|
|
14
|
+
- Do not silently choose one interpretation when multiple materially different interpretations exist.
|
|
15
|
+
- If you proceed with an assumption because the task is small and reversible, say so in the PR.
|
|
16
|
+
- If the assumption is security-sensitive, data-sensitive, or schema-sensitive, do not proceed silently.
|
|
17
|
+
|
|
18
|
+
### Simplicity first
|
|
19
|
+
**Use the minimum code that solves the problem.**
|
|
20
|
+
- Prefer a direct implementation over a generalized one.
|
|
21
|
+
- Prefer one clear function over a new framework layer.
|
|
22
|
+
- Avoid optional flags, plugin hooks, factories, and strategy objects unless the task actually requires them.
|
|
23
|
+
- If 200 lines can be 50 without losing clarity, reduce it.
|
|
24
|
+
|
|
25
|
+
### Surgical changes
|
|
26
|
+
**Touch only what the task requires.**
|
|
27
|
+
- Keep diffs narrow. Do not opportunistically reformat unrelated files.
|
|
28
|
+
- Do not rename files, symbols, or folders unless the task requires it.
|
|
29
|
+
- Only remove imports, variables, functions, or files that your change made unused.
|
|
30
|
+
- If you notice unrelated dead code, mention it in the PR but do not delete it unless asked.
|
|
31
|
+
|
|
32
|
+
### Fail loud
|
|
33
|
+
**Do not fail silently.**
|
|
34
|
+
- No empty `catch` blocks. No swallowed exceptions.
|
|
35
|
+
- No silent retries without bounded policy and logging.
|
|
36
|
+
- No returning fake success on real failure.
|
|
37
|
+
- Error messages must be actionable and specific enough to debug.
|
|
38
|
+
|
|
39
|
+
### Security
|
|
40
|
+
**Security is an engineering requirement, not a cleanup task.**
|
|
41
|
+
- Validate input at the boundary. Encode output to the target context.
|
|
42
|
+
- Use parameterized queries. Keep secrets out of code, commits, and logs.
|
|
43
|
+
- Apply least privilege for tokens, roles, and permissions.
|
|
44
|
+
|
|
45
|
+
Must flag immediately: SQL injection, XSS, command injection, path traversal, broken auth, leaked secrets, unsafe dependency additions.
|
|
46
|
+
|
|
47
|
+
### Journal
|
|
48
|
+
**Update `JOURNAL.md` at the end of every task.**
|
|
49
|
+
Each entry must include: date, task summary, files changed, why the change was made, tests run, docs updated.
|
|
50
|
+
Rules: do not rewrite history. Additive entries only. Keep it short, factual, and readable.
|
|
51
|
+
|
|
52
|
+
## Ponytail — Minimalism Ruleset
|
|
53
|
+
|
|
54
|
+
You are a lazy senior developer. Lazy means efficient, not careless. You have
|
|
55
|
+
seen every over-engineered codebase and been paged at 3am for one. The best
|
|
56
|
+
code is the code never written.
|
|
57
|
+
|
|
58
|
+
## Persistence
|
|
59
|
+
ACTIVE EVERY RESPONSE. No drift back to over-building. Still active if
|
|
60
|
+
unsure. Off only: "stop ponytail" / "normal mode". Default: **full**.
|
|
61
|
+
Switch: `/ponytail lite|full|ultra`.
|
|
62
|
+
|
|
63
|
+
## The ladder
|
|
64
|
+
Stop at the first rung that holds:
|
|
65
|
+
|
|
66
|
+
1. **Does this need to exist at all?** Speculative need = skip it, say so in one line. (YAGNI)
|
|
67
|
+
2. **Already in this codebase?** A helper, util, type, or pattern that already lives here → reuse it.
|
|
68
|
+
3. **Stdlib does it?** Use it.
|
|
69
|
+
4. **Native platform feature covers it?** Use it.
|
|
70
|
+
5. **Already-installed dependency solves it?** Use it. Never add a new one for what a few lines can do.
|
|
71
|
+
6. **Can it be one line?** One line.
|
|
72
|
+
7. **Only then:** the minimum code that works.
|
|
73
|
+
|
|
74
|
+
## Rules
|
|
75
|
+
- No unrequested abstractions: no interface with one implementation, no factory for one product.
|
|
76
|
+
- No boilerplate, no scaffolding "for later".
|
|
77
|
+
- Deletion over addition. Boring over clever.
|
|
78
|
+
- Fewest files possible. Shortest working diff wins.
|
|
79
|
+
- Mark deliberate simplifications with a `ponytail:` comment.
|
|
80
|
+
|
|
81
|
+
## Output
|
|
82
|
+
Code first. Then at most three short lines: what was skipped, when to add it.
|
|
83
|
+
|
|
84
|
+
## Intensity
|
|
85
|
+
| Level | What changes |
|
|
86
|
+
|-------|------------|
|
|
87
|
+
| **lite** | Build what's asked, name the lazier alternative in one line. |
|
|
88
|
+
| **full** | The ladder enforced. Shortest diff, shortest explanation. Default. |
|
|
89
|
+
| **ultra** | YAGNI extremist. Deletion before addition. |
|
|
90
|
+
|
|
91
|
+
## When NOT to be lazy
|
|
92
|
+
Never simplify away: input validation at trust boundaries, error handling
|
|
93
|
+
that prevents data loss, security measures, accessibility basics, anything
|
|
94
|
+
explicitly requested. User insists on the full version → build it.
|
|
95
|
+
|
|
96
|
+
Never lazy about understanding the problem. Trace the whole thing first.
|
|
97
|
+
<!-- goodvibes:end -->
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# Contributing
|
|
2
|
+
|
|
3
|
+
Thanks for wanting to improve this project. Every contribution helps, no matter how small.
|
|
4
|
+
|
|
5
|
+
## How to contribute
|
|
6
|
+
|
|
7
|
+
1. **Fork this repository on GitHub.** Click the "Fork" button in the top-right corner of the repository page. This creates your own copy of the project under your GitHub account.
|
|
8
|
+
|
|
9
|
+
2. **Clone your fork.** Download your copy to your computer:
|
|
10
|
+
|
|
11
|
+
```
|
|
12
|
+
git clone https://github.com/YOUR_GITHUB_USERNAME/PROJECT_NAME.git
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
Replace `YOUR_GITHUB_USERNAME` with your actual GitHub username and `PROJECT_NAME` with the actual repository name. You can find the exact URL by clicking the green "Code" button on your fork's GitHub page.
|
|
16
|
+
|
|
17
|
+
3. **Create a branch for your change.** A branch is a separate workspace that keeps your work isolated from the main codebase:
|
|
18
|
+
|
|
19
|
+
```
|
|
20
|
+
git checkout -b my-fix
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
Give the branch a short name that describes what you are changing — for example, `fix-login-bug` or `add-dark-mode`.
|
|
24
|
+
|
|
25
|
+
4. **Make your changes.** Edit the files you want to change and save them.
|
|
26
|
+
|
|
27
|
+
5. **Stage and commit your changes.** This saves a snapshot of your work with a message:
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
git add -A
|
|
31
|
+
git commit -m "Describe what you changed"
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
Write the commit message in the present tense: "Fix typo in README" not "fixed stuff".
|
|
35
|
+
|
|
36
|
+
6. **Push your branch to GitHub.** This sends your local branch to your fork:
|
|
37
|
+
|
|
38
|
+
```
|
|
39
|
+
git push origin my-fix
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
Replace `my-fix` with your actual branch name.
|
|
43
|
+
|
|
44
|
+
7. **Open a pull request.** Go to your fork on GitHub. You will usually see a banner at the top saying "You recently pushed a branch — open a pull request." Click the button. If the banner is not there, click the "Pull requests" tab, then "New pull request", and select your branch.
|
|
45
|
+
|
|
46
|
+
## What makes a good pull request
|
|
47
|
+
|
|
48
|
+
- **One change per pull request.** Smaller PRs are easier to review and easier to revert if something goes wrong.
|
|
49
|
+
- **Write a clear title** that says what the PR does, not just what files you changed. Example: "Fix login page crash on empty password" is better than "Update auth.js".
|
|
50
|
+
- **If the change is large, open an issue first** to discuss your approach before writing the code. This saves time for everyone.
|
|
51
|
+
- **All automated checks must pass** before your PR will be reviewed. If checks fail, look at the error output and fix the issue.
|
|
52
|
+
|
|
53
|
+
## Questions
|
|
54
|
+
|
|
55
|
+
Open a GitHub issue if you have a question or want to discuss an idea before starting work.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Engineering Journal
|
|
2
|
+
|
|
3
|
+
Log what you built, what you learned, and what you want to revisit.
|
|
4
|
+
|
|
5
|
+
## Entry template
|
|
6
|
+
|
|
7
|
+
```
|
|
8
|
+
## YYYY-MM-DD — [one sentence describing what you worked on]
|
|
9
|
+
|
|
10
|
+
**What I did:** [2-3 sentences describing the work completed]
|
|
11
|
+
|
|
12
|
+
**What I learned:** [anything surprising, confusing, or worth remembering]
|
|
13
|
+
|
|
14
|
+
**Decisions made:** [choices you made and why — helps you explain them later]
|
|
15
|
+
|
|
16
|
+
**Next time:** [what you would do differently, or what to do next session]
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
## Example entry
|
|
20
|
+
|
|
21
|
+
## 2026-06-23 — Added user login page
|
|
22
|
+
|
|
23
|
+
**What I did:** Created a login form with email and password fields. Wired it to the
|
|
24
|
+
existing /api/auth/login endpoint. Added basic error messages for wrong credentials.
|
|
25
|
+
|
|
26
|
+
**What I learned:** The fetch API in the browser does not send cookies by default —
|
|
27
|
+
you need `credentials: 'include'` to make session cookies work cross-origin.
|
|
28
|
+
|
|
29
|
+
**Decisions made:** Used a simple fetch call instead of a library because the project
|
|
30
|
+
only has one API call so far. Will revisit if the codebase grows.
|
|
31
|
+
|
|
32
|
+
**Next time:** Add a loading spinner while the login request is in flight.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Reporting a vulnerability
|
|
4
|
+
|
|
5
|
+
If you discover a security vulnerability, please do not open a public GitHub issue. Public issues are visible to everyone, which gives attackers an opportunity to exploit the problem before it is fixed.
|
|
6
|
+
|
|
7
|
+
Instead, report it privately using GitHub's private vulnerability reporting feature: go to the Security tab of this repository, click "Report a vulnerability", and fill out the form. Your report will only be visible to the repository maintainers.
|
|
8
|
+
|
|
9
|
+
## Response
|
|
10
|
+
|
|
11
|
+
- We will acknowledge your report within 48 hours.
|
|
12
|
+
- We will aim to release a fix within 30 days of confirmation, depending on severity.
|
|
13
|
+
|
|
14
|
+
## Scope
|
|
15
|
+
|
|
16
|
+
This security policy applies to the code in this repository. It does not apply to issues in third-party dependencies — please report those to the upstream project.
|