@juho0719/cckit 0.1.1

package/assets/commands/plan.md

@@ -0,0 +1,113 @@
+---
+description: Restate requirements, assess risks, and create step-by-step implementation plan. WAIT for user CONFIRM before touching any code.
+---
+
+# Plan Command
+
+This command invokes the **planner** agent to create a comprehensive implementation plan before writing any code.
+
+## What This Command Does
+
+1. **Restate Requirements** - Clarify what needs to be built
+2. **Identify Risks** - Surface potential issues and blockers
+3. **Create Step Plan** - Break down implementation into phases
+4. **Wait for Confirmation** - MUST receive user approval before proceeding
+
+## When to Use
+
+Use `/plan` when:
+- Starting a new feature
+- Making significant architectural changes
+- Working on complex refactoring
+- Multiple files/components will be affected
+- Requirements are unclear or ambiguous
+
+## How It Works
+
+The planner agent will:
+
+1. **Analyze the request** and restate requirements in clear terms
+2. **Break down into phases** with specific, actionable steps
+3. **Identify dependencies** between components
+4. **Assess risks** and potential blockers
+5. **Estimate complexity** (High/Medium/Low)
+6. **Present the plan** and WAIT for your explicit confirmation
+
+## Example Usage
+
+```
+User: /plan I need to add real-time notifications when markets resolve
+
+Agent (planner):
+# Implementation Plan: Real-Time Market Resolution Notifications
+
+## Requirements Restatement
+- Send notifications to users when markets they're watching resolve
+- Support multiple notification channels (in-app, email, webhook)
+- Ensure notifications are delivered reliably
+- Include market outcome and user's position result
+
+## Implementation Phases
+
+### Phase 1: Database Schema
+- Add notifications table with columns: id, user_id, market_id, type, status, created_at
+- Add user_notification_preferences table for channel preferences
+- Create indexes on user_id and market_id for performance
+
+### Phase 2: Notification Service
+- Create notification service in lib/notifications.ts
+- Implement notification queue using BullMQ/Redis
+- Add retry logic for failed deliveries
+- Create notification templates
+
+### Phase 3: Integration Points
+- Hook into market resolution logic (when status changes to "resolved")
+- Query all users with positions in market
+- Enqueue notifications for each user
+
+### Phase 4: Frontend Components
+- Create NotificationBell component in header
+- Add NotificationList modal
+- Implement real-time updates via Supabase subscriptions
+- Add notification preferences page
+
+## Dependencies
+- Redis (for queue)
+- Email service (SendGrid/Resend)
+- Supabase real-time subscriptions
+
+## Risks
+- HIGH: Email deliverability (SPF/DKIM required)
+- MEDIUM: Performance with 1000+ users per market
+- MEDIUM: Notification spam if markets resolve frequently
+- LOW: Real-time subscription overhead
+
+## Estimated Complexity: MEDIUM
+- Backend: 4-6 hours
+- Frontend: 3-4 hours
+- Testing: 2-3 hours
+- Total: 9-13 hours
+
+**WAITING FOR CONFIRMATION**: Proceed with this plan? (yes/no/modify)
+```
+
+## Important Notes
+
+**CRITICAL**: The planner agent will **NOT** write any code until you explicitly confirm the plan with "yes" or "proceed" or similar affirmative response.
+
+If you want changes, respond with:
+- "modify: [your changes]"
+- "different approach: [alternative]"
+- "skip phase 2 and do phase 3 first"
+
+## Integration with Other Commands
+
+After planning:
+- Use `/tdd` to implement with test-driven development
+- Use `/build-fix` if build errors occur
+- Use `/code-review` to review completed implementation
+
+## Related Agents
+
+This command invokes the `planner` agent located at:
+`~/.claude/agents/planner.md`

package/assets/commands/python-review.md

@@ -0,0 +1,297 @@
+---
+description: Comprehensive Python code review for PEP 8 compliance, type hints, security, and Pythonic idioms. Invokes the python-reviewer agent.
+---
+
+# Python Code Review
+
+This command invokes the **python-reviewer** agent for comprehensive Python-specific code review.
+
+## What This Command Does
+
+1. **Identify Python Changes**: Find modified `.py` files via `git diff`
+2. **Run Static Analysis**: Execute `ruff`, `mypy`, `pylint`, `black --check`
+3. **Security Scan**: Check for SQL injection, command injection, unsafe deserialization
+4. **Type Safety Review**: Analyze type hints and mypy errors
+5. **Pythonic Code Check**: Verify code follows PEP 8 and Python best practices
+6. **Generate Report**: Categorize issues by severity
+
+## When to Use
+
+Use `/python-review` when:
+- After writing or modifying Python code
+- Before committing Python changes
+- Reviewing pull requests with Python code
+- Onboarding to a new Python codebase
+- Learning Pythonic patterns and idioms
+
+## Review Categories
+
+### CRITICAL (Must Fix)
+- SQL/Command injection vulnerabilities
+- Unsafe eval/exec usage
+- Pickle unsafe deserialization
+- Hardcoded credentials
+- YAML unsafe load
+- Bare except clauses hiding errors
+
+### HIGH (Should Fix)
+- Missing type hints on public functions
+- Mutable default arguments
+- Swallowing exceptions silently
+- Not using context managers for resources
+- C-style looping instead of comprehensions
+- Using type() instead of isinstance()
+- Race conditions without locks
+
+### MEDIUM (Consider)
+- PEP 8 formatting violations
+- Missing docstrings on public functions
+- Print statements instead of logging
+- Inefficient string operations
+- Magic numbers without named constants
+- Not using f-strings for formatting
+- Unnecessary list creation
+
+## Automated Checks Run
+
+```bash
+# Type checking
+mypy .
+
+# Linting and formatting
+ruff check .
+black --check .
+isort --check-only .
+
+# Security scanning
+bandit -r .
+
+# Dependency audit
+pip-audit
+safety check
+
+# Testing
+pytest --cov=app --cov-report=term-missing
+```
+
+## Example Usage
+
+```text
+User: /python-review
+
+Agent:
+# Python Code Review Report
+
+## Files Reviewed
+- app/routes/user.py (modified)
+- app/services/auth.py (modified)
+
+## Static Analysis Results
+✓ ruff: No issues
+✓ mypy: No errors
+⚠️ black: 2 files need reformatting
+✓ bandit: No security issues
+
+## Issues Found
+
+[CRITICAL] SQL Injection vulnerability
+File: app/routes/user.py:42
+Issue: User input directly interpolated into SQL query
+```python
+query = f"SELECT * FROM users WHERE id = {user_id}"  # Bad
+```
+Fix: Use parameterized query
+```python
+query = "SELECT * FROM users WHERE id = %s"  # Good
+cursor.execute(query, (user_id,))
+```
+
+[HIGH] Mutable default argument
+File: app/services/auth.py:18
+Issue: Mutable default argument causes shared state
+```python
+def process_items(items=[]):  # Bad
+    items.append("new")
+    return items
+```
+Fix: Use None as default
+```python
+def process_items(items=None):  # Good
+    if items is None:
+        items = []
+    items.append("new")
+    return items
+```
+
+[MEDIUM] Missing type hints
+File: app/services/auth.py:25
+Issue: Public function without type annotations
+```python
+def get_user(user_id):  # Bad
+    return db.find(user_id)
+```
+Fix: Add type hints
+```python
+def get_user(user_id: str) -> Optional[User]:  # Good
+    return db.find(user_id)
+```
+
+[MEDIUM] Not using context manager
+File: app/routes/user.py:55
+Issue: File not closed on exception
+```python
+f = open("config.json")  # Bad
+data = f.read()
+f.close()
+```
+Fix: Use context manager
+```python
+with open("config.json") as f:  # Good
+    data = f.read()
+```
+
+## Summary
+- CRITICAL: 1
+- HIGH: 1
+- MEDIUM: 2
+
+Recommendation: ❌ Block merge until CRITICAL issue is fixed
+
+## Formatting Required
+Run: `black app/routes/user.py app/services/auth.py`
+```
+
+## Approval Criteria
+
+| Status | Condition |
+|--------|-----------|
+| ✅ Approve | No CRITICAL or HIGH issues |
+| ⚠️ Warning | Only MEDIUM issues (merge with caution) |
+| ❌ Block | CRITICAL or HIGH issues found |
+
+## Integration with Other Commands
+
+- Use `/tdd` first to ensure tests pass
+- Use `/code-review` for non-Python specific concerns
+- Use `/python-review` before committing
+- Use `/build-fix` if static analysis tools fail
+
+## Framework-Specific Reviews
+
+### Django Projects
+The reviewer checks for:
+- N+1 query issues (use `select_related` and `prefetch_related`)
+- Missing migrations for model changes
+- Raw SQL usage when ORM could work
+- Missing `transaction.atomic()` for multi-step operations
+
+### FastAPI Projects
+The reviewer checks for:
+- CORS misconfiguration
+- Pydantic models for request validation
+- Response models correctness
+- Proper async/await usage
+- Dependency injection patterns
+
+### Flask Projects
+The reviewer checks for:
+- Context management (app context, request context)
+- Proper error handling
+- Blueprint organization
+- Configuration management
+
+## Related
+
+- Agent: `agents/python-reviewer.md`
+- Skills: `skills/python-patterns/`, `skills/python-testing/`
+
+## Common Fixes
+
+### Add Type Hints
+```python
+# Before
+def calculate(x, y):
+    return x + y
+
+# After
+from typing import Union
+
+def calculate(x: Union[int, float], y: Union[int, float]) -> Union[int, float]:
+    return x + y
+```
+
+### Use Context Managers
+```python
+# Before
+f = open("file.txt")
+data = f.read()
+f.close()
+
+# After
+with open("file.txt") as f:
+    data = f.read()
+```
+
+### Use List Comprehensions
+```python
+# Before
+result = []
+for item in items:
+    if item.active:
+        result.append(item.name)
+
+# After
+result = [item.name for item in items if item.active]
+```
+
+### Fix Mutable Defaults
+```python
+# Before
+def append(value, items=[]):
+    items.append(value)
+    return items
+
+# After
+def append(value, items=None):
+    if items is None:
+        items = []
+    items.append(value)
+    return items
+```
+
+### Use f-strings (Python 3.6+)
+```python
+# Before
+name = "Alice"
+greeting = "Hello, " + name + "!"
+greeting2 = "Hello, {}".format(name)
+
+# After
+greeting = f"Hello, {name}!"
+```
+
+### Fix String Concatenation in Loops
+```python
+# Before
+result = ""
+for item in items:
+    result += str(item)
+
+# After
+result = "".join(str(item) for item in items)
+```
+
+## Python Version Compatibility
+
+The reviewer notes when code uses features from newer Python versions:
+
+| Feature | Minimum Python |
+|---------|----------------|
+| Type hints | 3.5+ |
+| f-strings | 3.6+ |
+| Walrus operator (`:=`) | 3.8+ |
+| Position-only parameters | 3.8+ |
+| Match statements | 3.10+ |
+| Type unions (`x | None`) | 3.10+ |
+
+Ensure your project's `pyproject.toml` or `setup.py` specifies the correct minimum Python version.

package/assets/commands/refactor-clean.md

@@ -0,0 +1,80 @@
+# Refactor Clean
+
+Safely identify and remove dead code with test verification at every step.
+
+## Step 1: Detect Dead Code
+
+Run analysis tools based on project type:
+
+| Tool | What It Finds | Command |
+|------|--------------|---------|
+| knip | Unused exports, files, dependencies | `npx knip` |
+| depcheck | Unused npm dependencies | `npx depcheck` |
+| ts-prune | Unused TypeScript exports | `npx ts-prune` |
+| vulture | Unused Python code | `vulture src/` |
+| deadcode | Unused Go code | `deadcode ./...` |
+| cargo-udeps | Unused Rust dependencies | `cargo +nightly udeps` |
+
+If no tool is available, use Grep to find exports with zero imports:
+```
+# Find exports, then check if they're imported anywhere
+```
+
+## Step 2: Categorize Findings
+
+Sort findings into safety tiers:
+
+| Tier | Examples | Action |
+|------|----------|--------|
+| **SAFE** | Unused utilities, test helpers, internal functions | Delete with confidence |
+| **CAUTION** | Components, API routes, middleware | Verify no dynamic imports or external consumers |
+| **DANGER** | Config files, entry points, type definitions | Investigate before touching |
+
+## Step 3: Safe Deletion Loop
+
+For each SAFE item:
+
+1. **Run full test suite** — Establish baseline (all green)
+2. **Delete the dead code** — Use Edit tool for surgical removal
+3. **Re-run test suite** — Verify nothing broke
+4. **If tests fail** — Immediately revert with `git checkout -- <file>` and skip this item
+5. **If tests pass** — Move to next item
+
+## Step 4: Handle CAUTION Items
+
+Before deleting CAUTION items:
+- Search for dynamic imports: `import()`, `require()`, `__import__`
+- Search for string references: route names, component names in configs
+- Check if exported from a public package API
+- Verify no external consumers (check dependents if published)
+
+## Step 5: Consolidate Duplicates
+
+After removing dead code, look for:
+- Near-duplicate functions (>80% similar) — merge into one
+- Redundant type definitions — consolidate
+- Wrapper functions that add no value — inline them
+- Re-exports that serve no purpose — remove indirection
+
+## Step 6: Summary
+
+Report results:
+
+```
+Dead Code Cleanup
+──────────────────────────────
+Deleted:   12 unused functions
+           3 unused files
+           5 unused dependencies
+Skipped:   2 items (tests failed)
+Saved:     ~450 lines removed
+──────────────────────────────
+All tests passing ✅
+```
+
+## Rules
+
+- **Never delete without running tests first**
+- **One deletion at a time** — Atomic changes make rollback easy
+- **Skip if uncertain** — Better to keep dead code than break production
+- **Don't refactor while cleaning** — Separate concerns (clean first, refactor later)