@malamute/ai-rules 1.0.0 → 1.2.0

package/configs/_shared/.claude/skills/analysis/explore/SKILL.md

@@ -0,0 +1,257 @@
+---
+name: explore
+description: Deep analysis of a repository with detailed documentation
+argument-hint: [path-or-depth]
+---
+
+# Explore Repository Skill
+
+You are now in **deep analysis mode**. Analyze the codebase thoroughly and produce comprehensive documentation.
+
+## Target
+
+If an argument is provided, analyze that path: `$ARGUMENTS`
+If no argument, analyze the current working directory.
+
+## Analysis Process
+
+### Phase 1: Discovery
+
+Gather raw information:
+
+1. **Project Metadata**
+   - `package.json`, `pyproject.toml`, `*.csproj`, `Cargo.toml`, etc.
+   - README files
+   - License
+
+2. **File Structure**
+   - Top-level directories
+   - Key configuration files
+   - Total file count by extension
+
+3. **Git History** (if available)
+   - Number of commits
+   - Contributors count
+   - Most active files
+   - Recent activity
+
+### Phase 2: Technology Stack
+
+Identify all technologies:
+
+| Category | What to Find |
+|----------|--------------|
+| Language(s) | Primary + secondary languages |
+| Framework(s) | Web, API, CLI frameworks |
+| Database | ORM, drivers, migrations |
+| Testing | Test framework, coverage tools |
+| Build | Bundler, compiler, task runner |
+| CI/CD | Pipeline configs |
+| Infrastructure | Docker, K8s, cloud configs |
+| Code Quality | Linters, formatters, type checkers |
+
+### Phase 3: Architecture Analysis
+
+Understand the design:
+
+1. **Architecture Pattern**
+   - Monolith / Microservices / Monorepo
+   - Clean Architecture / Hexagonal / MVC / etc.
+   - Module organization
+
+2. **Entry Points**
+   - Main files
+   - CLI commands
+   - API routes
+   - Event handlers
+
+3. **Data Flow**
+   - How data enters the system
+   - Processing layers
+   - Storage mechanisms
+   - External integrations
+
+4. **Dependencies Graph**
+   - Internal module dependencies
+   - External service integrations
+   - Circular dependency detection
+
+### Phase 4: Code Patterns
+
+Document coding conventions:
+
+1. **Naming Conventions**
+   - File naming patterns
+   - Class/function naming style
+   - Variable conventions
+
+2. **Common Patterns**
+   - Dependency injection
+   - Repository pattern
+   - Factory pattern
+   - Observer/Event patterns
+   - Error handling approach
+
+3. **Testing Strategy**
+   - Test organization
+   - Coverage targets
+   - Mocking approach
+
+### Phase 5: Documentation Review
+
+Assess existing documentation:
+
+- README completeness
+- API documentation
+- Code comments quality
+- Architecture Decision Records (ADRs)
+
+## Output Format
+
+Generate a structured report:
+
+```markdown
+# Repository Analysis: [Project Name]
+
+## Overview
+[2-3 paragraph executive summary]
+
+## Quick Facts
+| Metric | Value |
+|--------|-------|
+| Primary Language | |
+| Framework | |
+| Architecture | |
+| Test Coverage | |
+| Last Updated | |
+| Contributors | |
+
+## Technology Stack
+
+### Core
+- **Language**: [version]
+- **Framework**: [version]
+- **Runtime**: [version]
+
+### Data
+- **Database**:
+- **ORM/Driver**:
+- **Cache**:
+
+### DevOps
+- **CI/CD**:
+- **Container**:
+- **Deployment**:
+
+### Quality
+- **Linter**:
+- **Formatter**:
+- **Type Checker**:
+
+## Architecture
+
+### High-Level Structure
+```
+[ASCII diagram or tree view]
+```
+
+### Key Modules
+| Module | Purpose | Key Files |
+|--------|---------|-----------|
+| | | |
+
+### Data Flow
+[Description of how data moves through the system]
+
+### External Integrations
+| Service | Purpose | Location |
+|---------|---------|----------|
+| | | |
+
+## Code Patterns
+
+### Conventions Used
+- [Pattern 1]: [Where/How]
+- [Pattern 2]: [Where/How]
+
+### Strengths
+- [What's done well]
+
+### Areas for Improvement
+- [Potential improvements]
+
+## Entry Points
+
+| Type | File | Description |
+|------|------|-------------|
+| Main | | |
+| API | | |
+| CLI | | |
+
+## Getting Started
+
+### Prerequisites
+- [Requirement 1]
+- [Requirement 2]
+
+### Setup
+```bash
+[Setup commands]
+```
+
+### Development
+```bash
+[Dev commands]
+```
+
+### Testing
+```bash
+[Test commands]
+```
+
+## File Statistics
+
+| Extension | Count | % of Codebase |
+|-----------|-------|---------------|
+| | | |
+
+## Recommendations
+
+### For New Contributors
+1. [Start here]
+2. [Then explore]
+3. [Key files to understand]
+
+### Technical Debt
+| Issue | Severity | Location |
+|-------|----------|----------|
+| | | |
+```
+
+## Behavior
+
+1. **Be thorough** - Read actual files, don't assume
+2. **Be accurate** - Verify versions and configurations
+3. **Be useful** - Focus on actionable insights
+4. **Be objective** - Note both strengths and weaknesses
+5. **Show evidence** - Include file paths and line references
+
+## Tools to Use
+
+- `Glob` - Find files by pattern
+- `Grep` - Search code content
+- `Read` - Read file contents
+- `Bash` - Run commands (git log, package managers)
+
+## Depth Levels
+
+If user specifies depth:
+- **quick**: Overview + tech stack only
+- **standard**: Full analysis (default)
+- **deep**: Include dependency analysis, security scan, performance patterns
+
+## Exit
+
+After presenting the analysis, ask:
+- "Want me to generate a CLAUDE.md based on this analysis?"
+- "Any specific area you'd like me to explore deeper?"

package/configs/_shared/.claude/skills/analysis/security-audit/SKILL.md

@@ -0,0 +1,184 @@
+---
+name: security-audit
+description: Perform security audit on the codebase and generate recommendations
+argument-hint: "[--focus <area>]"
+---
+
+# Security Audit
+
+Perform a comprehensive security audit of the codebase.
+
+## Usage
+
+- `/security-audit` - Full security audit
+- `/security-audit --focus auth` - Focus on authentication
+- `/security-audit --focus api` - Focus on API security
+- `/security-audit --focus deps` - Focus on dependencies
+- `/security-audit --focus secrets` - Focus on secret detection
+
+## Behavior
+
+1. **Scan Codebase**
+   - Search for common vulnerability patterns
+   - Check dependency versions
+   - Analyze authentication/authorization
+   - Review API endpoints
+   - Check for hardcoded secrets
+
+2. **Generate Report**
+   - Severity ratings (Critical, High, Medium, Low)
+   - Location of issues
+   - Remediation steps
+   - Code examples for fixes
+
+## Audit Categories
+
+### 1. Authentication & Authorization
+
+| Check | What to Look For |
+|-------|------------------|
+| Password Storage | bcrypt/argon2, no plain text |
+| JWT Security | Proper signing, expiration, refresh |
+| Session Management | Secure cookies, CSRF protection |
+| Authorization | Role checks, resource ownership |
+
+### 2. Input Validation
+
+| Check | What to Look For |
+|-------|------------------|
+| SQL Injection | Parameterized queries, ORM usage |
+| XSS | Output encoding, CSP headers |
+| Command Injection | Input sanitization |
+| Path Traversal | Path validation |
+
+### 3. API Security
+
+| Check | What to Look For |
+|-------|------------------|
+| Rate Limiting | Request throttling |
+| CORS | Proper origin restrictions |
+| Headers | Security headers (HSTS, CSP, etc.) |
+| Error Handling | No stack traces in production |
+
+### 4. Secrets Management
+
+| Check | What to Look For |
+|-------|------------------|
+| Hardcoded Secrets | API keys, passwords in code |
+| .env Files | Not committed, proper .gitignore |
+| Config Files | No secrets in config |
+
+### 5. Dependencies
+
+| Check | What to Look For |
+|-------|------------------|
+| Known Vulnerabilities | CVE database check |
+| Outdated Packages | Security patches |
+| License Compliance | Compatible licenses |
+
+## Output Format
+
+```
+# Security Audit Report
+
+**Date:** 2024-01-15
+**Scope:** Full codebase
+**Risk Level:** Medium
+
+## Summary
+
+| Severity | Count |
+|----------|-------|
+| 🔴 Critical | 0 |
+| 🟠 High | 2 |
+| 🟡 Medium | 5 |
+| 🔵 Low | 8 |
+
+## Critical/High Findings
+
+### [HIGH] SQL Injection in User Search
+**File:** src/users/users.service.ts:45
+**Issue:** Raw SQL query with user input
+**Current Code:**
+```typescript
+db.query(`SELECT * FROM users WHERE name = '${name}'`)
+```
+**Remediation:**
+```typescript
+db.query('SELECT * FROM users WHERE name = $1', [name])
+```
+
+### [HIGH] Missing Rate Limiting on Login
+**File:** src/auth/auth.controller.ts
+**Issue:** No rate limiting on /auth/login endpoint
+**Remediation:** Add rate limiting middleware
+
+## Medium Findings
+
+### [MEDIUM] Missing Security Headers
+**Issue:** CSP, X-Frame-Options not set
+**Remediation:** Add helmet middleware
+
+## Low Findings
+
+### [LOW] Verbose Error Messages
+**File:** src/app.module.ts
+**Issue:** Stack traces visible in production
+**Remediation:** Use exception filter
+
+## Recommendations
+
+1. **Immediate:** Fix SQL injection vulnerability
+2. **This Sprint:** Add rate limiting to auth endpoints
+3. **Backlog:** Implement security headers
+4. **Ongoing:** Set up automated dependency scanning
+
+## Commands to Run
+
+```bash
+# Check dependencies
+npm audit
+# or
+pip-audit
+
+# Scan for secrets
+gitleaks detect
+
+# Scan for vulnerabilities
+snyk test
+```
+```
+
+## Patterns to Detect
+
+### SQL Injection
+```javascript
+// Bad
+`SELECT * FROM users WHERE id = ${id}`
+// Good
+'SELECT * FROM users WHERE id = $1', [id]
+```
+
+### XSS
+```javascript
+// Bad
+element.innerHTML = userInput
+// Good
+element.textContent = userInput
+```
+
+### Hardcoded Secrets
+```javascript
+// Bad
+const apiKey = 'sk-1234567890'
+// Good
+const apiKey = process.env.API_KEY
+```
+
+### Insecure Password Storage
+```javascript
+// Bad
+const hash = md5(password)
+// Good
+const hash = await bcrypt.hash(password, 12)
+```

package/configs/_shared/.claude/skills/dev/api-endpoint/SKILL.md

@@ -0,0 +1,126 @@
+---
+name: api-endpoint
+description: Generate a complete REST API endpoint with validation, tests, and documentation
+argument-hint: "<method> <path> [--resource <name>]"
+---
+
+# API Endpoint Generator
+
+Generate a complete, production-ready API endpoint.
+
+## Usage Examples
+
+- `/api-endpoint GET /users` - List users endpoint
+- `/api-endpoint POST /users` - Create user endpoint
+- `/api-endpoint GET /users/:id` - Get user by ID
+- `/api-endpoint PUT /users/:id` - Update user
+- `/api-endpoint DELETE /users/:id` - Delete user
+- `/api-endpoint --resource Order` - Full CRUD for Order resource
+
+## Behavior
+
+1. **Detect Framework**
+   - NestJS → Controller, Service, DTO, Spec
+   - Next.js → Route handler, Zod schema
+   - FastAPI → Router, Pydantic schema
+   - .NET → Controller, Service, Request/Response DTOs
+
+2. **Generate Files**
+
+### For Single Endpoint
+
+| File | Content |
+|------|---------|
+| Route/Controller | HTTP handler with proper decorators |
+| Validation Schema | Input validation (Zod/Pydantic/FluentValidation) |
+| Service Method | Business logic (if applicable) |
+| Test File | Unit and integration tests |
+
+### For Full Resource (--resource)
+
+| File | Content |
+|------|---------|
+| Controller/Router | All CRUD endpoints |
+| DTOs/Schemas | Create, Update, Response, Query schemas |
+| Service | Full CRUD operations |
+| Repository | Database access layer |
+| Tests | Full test coverage |
+
+3. **Include in Generated Code**
+   - Input validation
+   - Error handling (404, 400, 500)
+   - Authentication check (if auth detected)
+   - Pagination (for list endpoints)
+   - OpenAPI documentation
+
+## Output Format
+
+```
+## Files to Create/Modify
+
+### path/to/controller.ts
+<code>
+
+### path/to/dto.ts
+<code>
+
+### path/to/service.ts
+<code>
+
+### path/to/controller.spec.ts
+<code>
+
+## API Documentation
+
+- **Method**: POST
+- **Path**: /api/users
+- **Request Body**: { email, name, password }
+- **Response**: 201 Created
+- **Errors**: 400 Validation Error, 409 Conflict
+```
+
+## Framework-Specific Patterns
+
+### NestJS
+```typescript
+@Controller('users')
+export class UsersController {
+  @Post()
+  @HttpCode(201)
+  async create(@Body() dto: CreateUserDto): Promise<UserResponse> {}
+}
+```
+
+### Next.js (App Router)
+```typescript
+export async function POST(request: Request) {
+  const body = await request.json();
+  const data = schema.parse(body);
+  // ...
+}
+```
+
+### FastAPI
+```python
+@router.post("/", response_model=UserResponse, status_code=201)
+async def create_user(data: UserCreate, db: AsyncSession = Depends(get_db)):
+    pass
+```
+
+### .NET
+```csharp
+[HttpPost]
+[ProducesResponseType(typeof(UserResponse), StatusCodes.Status201Created)]
+public async Task<IActionResult> Create([FromBody] CreateUserRequest request)
+```
+
+## REST Conventions
+
+| Method | Path | Action | Response |
+|--------|------|--------|----------|
+| GET | /resources | List all | 200 + array |
+| POST | /resources | Create | 201 + object |
+| GET | /resources/:id | Get one | 200 + object |
+| PUT | /resources/:id | Replace | 200 + object |
+| PATCH | /resources/:id | Update | 200 + object |
+| DELETE | /resources/:id | Delete | 204 No Content |

package/configs/_shared/.claude/{commands/generate-tests.md → skills/dev/generate-tests/SKILL.md}

@@ -1,3 +1,9 @@
+---
+name: generate-tests
+description: Generate comprehensive tests for a file or function
+argument-hint: <file-path-or-function>
+---
+
 # Generate Tests
 
 Generate tests for: $ARGUMENTS

package/configs/_shared/.claude/{commands/fix-issue.md → skills/git/fix-issue/SKILL.md}

@@ -1,3 +1,9 @@
+---
+name: fix-issue
+description: Analyze and fix a GitHub issue with structured workflow
+argument-hint: <issue-number>
+---
+
 # Fix GitHub Issue
 
 Fix the GitHub issue #$ARGUMENTS

package/configs/_shared/.claude/{commands/review-pr.md → skills/git/review-pr/SKILL.md}

@@ -1,3 +1,9 @@
+---
+name: review-pr
+description: Review a GitHub PR with security, performance, and quality checks
+argument-hint: <pr-number>
+---
+
 # Review Pull Request
 
 Review the GitHub PR #$ARGUMENTS