@react-vault/create-app 0.1.0

package/claude-toolkit/commands/bfsi-doctor.md

@@ -0,0 +1,97 @@
+---
+name: bfsi-doctor
+description: Health check for a BFSI project. Verifies env vars, dep versions, .claude config, hook registration, package consistency, and BFSI-specific gotchas.
+---
+
+# /bfsi-doctor
+
+You are running a health check. Don't delegate — execute the checks directly.
+
+## Checks
+
+Run each check, report status (✅ / ⚠️ / ❌), and remediation for any failures.
+
+### Environment
+
+1. **Node version** — `node --version`. Should be ≥ 20.11.0.
+2. **pnpm version** — `pnpm --version`. Should be ≥ 9.0.0.
+3. **Git** — `git --version`. Any modern git.
+4. **In a project root** — check for `package.json` in `$CLAUDE_PROJECT_DIR`.
+
+### Project config
+
+5. **`.claude/settings.json` exists** and enables the BFSI toolkit plugin.
+6. **`.env.local.sample` exists** with placeholders for VITE\_\* vars.
+7. **`tsconfig.json`** extends `tsconfig.base.json` (or has equivalent strict settings).
+8. **`.eslintrc.cjs`** present (or `eslint.config.js`).
+9. **`.husky/pre-commit`** present and executable.
+10. **`.github/workflows/ci.yml`** present.
+
+### Dependencies
+
+11. **Critical packages installed:**
+
+    - `react`, `react-dom`
+    - `@react-vault/core` (or link: ref to local workspace)
+    - `@react-vault/ui`
+    - One of: `@reduxjs/toolkit` OR `@tanstack/react-query`
+    - `react-hook-form`, `zod`
+    - `react-router-dom`
+    - `react-i18next`
+    - `tailwindcss`, `autoprefixer`, `postcss`
+    - `vitest`, `@testing-library/react`
+
+12. **No duplicate React** — `pnpm why react` should show one version.
+
+### BFSI conventions
+
+13. **`src/features/` exists** (or features live somewhere obvious).
+14. **`src/routes/ProtectedRoute.tsx`** exists.
+15. **i18n setup** — `src/i18n/i18n.ts` exists and `App.tsx` wraps in `I18nextProvider`.
+16. **Audit endpoint configured** — `VITE_AUDIT_ENDPOINT` in `.env.local.sample`.
+17. **Sentry stub configured** — `VITE_SENTRY_DSN` placeholder present.
+
+### Claude toolkit
+
+18. **`/hooks` registered** — at least 8 hooks visible (run via Bash if possible; otherwise describe to user).
+19. **`/plugin` shows `toolkit` enabled.**
+20. **At least 8 skills available** — list via `ls .claude/skills` if user-level, or via `/plugin` for plugin-level.
+
+### Security
+
+21. **No `.env` files committed** — `git ls-files | grep -E '\.env(\..*)?$' | grep -v 'sample\|example'` should be empty.
+22. **No node_modules tracked** — `git ls-files | grep node_modules` should be empty.
+23. **No PEM/key files tracked** — `git ls-files | grep -E '\.(pem|key|p12|pfx)$'` should be empty.
+
+## Output
+
+```markdown
+# /bfsi-doctor health check
+
+## Summary
+
+{count_pass} ✅ {count_warn} ⚠️ {count_fail} ❌
+
+## Failures (must fix)
+
+{for each ❌, with remediation}
+
+## Warnings (recommended fixes)
+
+{for each ⚠️, with rationale}
+
+## All green
+
+{categories that fully passed}
+
+## Next steps
+
+{Top 3 actions ordered by urgency}
+```
+
+## Notes
+
+- Be quiet if everything passes — a short "all green" is fine.
+- For `⚠️` items, explain WHY they matter (not just the fact).
+- For `❌` items, give the EXACT command or file edit to remediate.
+- Don't apply fixes yourself; the user runs them.

package/claude-toolkit/commands/bfsi-review.md

@@ -0,0 +1,46 @@
+---
+name: bfsi-review
+description: Run the full BFSI PR review pipeline — spawns security, code, a11y, PII, and performance reviewers in parallel and synthesises their findings into a merge recommendation.
+argument-hint: [diff-range or --pr <num>]
+---
+
+# /bfsi-review
+
+You are running a full BFSI PR review. Delegate to the `bfsi-pr-reviewer` agent which orchestrates the specialist agents in parallel.
+
+## Workflow
+
+1. **Establish scope.**
+
+   If the user provided `$ARGUMENTS`:
+   - `--pr <num>` → use `gh pr diff <num>` for the scope
+   - A branch name or git revspec → use `git diff <revspec>...HEAD`
+   - File globs → review just those files
+   - Empty → default to `git diff origin/main...HEAD`
+
+2. **Verify we're in a project with the toolkit enabled.**
+
+   Check `.claude/settings.json` for the plugin reference. If missing, tell the user to run from a scaffolded BFSI project root.
+
+3. **Delegate to the orchestrator.**
+
+   Spawn the `bfsi-pr-reviewer` agent with the determined scope. The orchestrator handles all parallel coordination of specialists.
+
+4. **Surface the orchestrator's output to the user verbatim.**
+
+   Don't re-summarise. The orchestrator's output is the final review.
+
+5. **End with a recommendation.**
+
+   The orchestrator's report ends with one of:
+   - ✅ APPROVED
+   - ⚠️ MERGEABLE WITH FOLLOW-UP
+   - ❌ NOT MERGE-READY
+
+   If NOT MERGE-READY, suggest the most relevant skill or agent to address the first critical finding (e.g., "Run `/bfsi-commit` after fixing", or "Use `bfsi-protected-route` skill to add the missing guard").
+
+## Notes
+
+- The pipeline is read-only — no fixes applied.
+- Each specialist may take 30s–2min; the orchestrator runs them in parallel so total time is ≈ the slowest one.
+- The orchestrator de-duplicates findings across specialists, so the synthesis is concise.

package/claude-toolkit/commands/bfsi-scaffold.md

@@ -0,0 +1,47 @@
+---
+name: bfsi-scaffold
+description: Interactive feature / API / form scaffolding for BFSI projects. Routes to the right skill based on what the user wants to create.
+argument-hint: [feature|api|form|route|table] [args]
+---
+
+# /bfsi-scaffold
+
+You are dispatching the user to the right scaffolding skill.
+
+## Workflow
+
+If `$ARGUMENTS` starts with a known kind, route directly:
+
+- `feature <Name>` → invoke skill `bfsi-feature` with `$Name`
+- `api <Method> <Path>` → invoke skill `bfsi-api-endpoint`
+- `form <Name>` → invoke skill `bfsi-form`
+- `route <Path>` → invoke skill `bfsi-protected-route`
+- `table <Name>` → invoke skill `bfsi-data-table`
+- `pii <Field>` → invoke skill `bfsi-pii-field`
+- `i18n <Key>` → invoke skill `bfsi-i18n-key`
+- `audit <Action>` → invoke skill `bfsi-audit-action`
+- `confirm` → invoke skill `bfsi-confirm-modal`
+
+If `$ARGUMENTS` is empty or doesn't match, ask the user which kind:
+
+```
+What would you like to scaffold?
+
+  1. feature  — full feature module (api + containers + components + tests + i18n)
+  2. api      — single API endpoint (RTK Query or TanStack)
+  3. form     — RHF + Zod form with BFSI defaults
+  4. route    — protected route with permission check
+  5. table    — access-controlled data table
+  6. pii      — wrap a field with PIIMaskedDisplay
+  7. i18n     — add an i18n key across all locales
+  8. audit    — wrap an action with audit logging
+  9. confirm  — confirmation modal (with optional MFA)
+
+Type the kind plus any args (e.g. "feature KycVerification").
+```
+
+Then route based on the response.
+
+## Notes
+
+This command is a thin router. The actual scaffolding lives in the dedicated skills, which encapsulate the BFSI conventions for each artefact type.

package/claude-toolkit/hooks/hooks.json

@@ -0,0 +1,181 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "if": "Bash(rm -rf *)",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/block-destructive.sh",
+            "args": [],
+            "statusMessage": "[bfsi] checking destructive shell"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "if": "Bash(git push --force *)",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/block-force-push.sh",
+            "args": [],
+            "statusMessage": "[bfsi] checking force push"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "if": "Bash(git push --force-with-lease *)",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/block-force-push.sh",
+            "args": [],
+            "statusMessage": "[bfsi] checking force push with lease"
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/protect-files.sh",
+            "args": [],
+            "statusMessage": "[bfsi] checking protected files"
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/scan-secrets.sh",
+            "args": [],
+            "statusMessage": "[bfsi] scanning for secret patterns"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/format.sh",
+            "args": [],
+            "async": true,
+            "timeout": 60,
+            "statusMessage": "[bfsi] formatting (async)"
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/lint.sh",
+            "args": [],
+            "async": true,
+            "timeout": 60,
+            "statusMessage": "[bfsi] linting (async)"
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/scan-pii.sh",
+            "args": [],
+            "statusMessage": "[bfsi] scanning for PII patterns"
+          }
+        ]
+      },
+      {
+        "matcher": "Write",
+        "hooks": [
+          {
+            "type": "command",
+            "if": "Write(*.tsx)",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/a11y-check.sh",
+            "args": [],
+            "async": true,
+            "timeout": 120,
+            "statusMessage": "[bfsi] a11y check (async)"
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "matcher": "startup|resume",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/inject-context.sh",
+            "args": [],
+            "statusMessage": "[bfsi] loading project context"
+          }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/audit-prompt.sh",
+            "args": [],
+            "async": true,
+            "timeout": 30
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/verify-clean.sh",
+            "args": [],
+            "async": true,
+            "timeout": 90,
+            "statusMessage": "[bfsi] post-turn verification (async)"
+          }
+        ]
+      },
+      {
+        "hooks": [
+          {
+            "type": "agent",
+            "model": "sonnet",
+            "timeout": 300,
+            "statusMessage": "[bfsi] reviewing diff against project standards",
+            "prompt": "You are a post-turn code-review gate. The user just finished a coding turn. Decide whether the diff is clean enough to stop, or whether to ask the user if they want Claude to fix issues before stopping.\n\n# Step 0 — Skip-list\n\nLook at $ARGUMENTS for the `stop_hook_active` field. If it is `true`, return `{ \"ok\": true }` immediately — Claude is already in a stop-hook loop and we should not stack another round.\n\nRun `git diff --name-only` and `git diff --stat`. If the working tree is clean, or the only changes are to docs (`*.md`, `docs/`, `README*`, `LICENSE`), test fixtures, or `.gitignore`, return `{ \"ok\": true }` — no review needed.\n\n# Step 1 — Classify findings strictly\n\nRead the uncommitted diff (`git diff`) and the relevant skill files under `.claude/skills/` (especially `axios-auth`, `constants-organization`, and whichever data-layer skill exists: `rtk-query-api` or `tanstack-services`). Cross-reference against `CLAUDE.md` at the project root.\n\nClassify every finding strictly by this rubric:\n\n**P0 — CRITICAL (must fix before merge)**:\n- Hardcoded secret/key/token in source\n- PAN / Aadhaar / account# / CVV / OTP / password in `console.*`, `localStorage`, URL params, Sentry/telemetry, error message, or audit metadata\n- `dangerouslySetInnerHTML` without an explicit sanitiser\n- Weak crypto: md5, sha1, `Math.random()` for security, AES-ECB, custom \"scrambling\"\n- Auth token stored anywhere other than `setAuthToken(axios, token)` (no localStorage)\n- API response used without `schema.parse(...)` (no Zod validation)\n- `rm -rf` or destructive shell in source\n- `eval`, `new Function(...)`, `Function(...)` calls\n\n**P1 — HIGH (should fix this PR)**:\n- `any` type in app code (excluding `*.test.*` fixtures)\n- Mutation without audit wrapper: `useMutation` not `useAuditedMutation` (TanStack), or RTK mutation missing `showFailureNotification: true` for sensitive ops\n- `<Route>` without `<ProtectedRoute permission=\"...\">` for non-public routes\n- PII field rendered as `{user.pan}` (or similar) without `<PIIMaskedDisplay>`\n- Inline regex / URL string / RTK tag-type instead of going through `regexConstants.ts` / `urlConstants.ts` / `tagTypes.ts`\n- Missing idempotency-key on a state-changing mutation\n- Form field with `autoComplete=\"on\"` for PII\n- Missing `transformResponse: schema.parse` on an RTK Query endpoint\n\n**P2 — MEDIUM/LOW (track separately, DO NOT prompt for these)**:\n- Naming, style, missing tests, unused vars, magic numbers, file length\n- Comment quality, redundant code, refactor opportunities\n\n# Step 2 — Branch on findings\n\n**If no P0/P1 findings exist**: return `{ \"ok\": true }` and you are done. Do NOT prompt the user.\n\n**If P0 and/or P1 findings exist**: continue to Step 3.\n\n# Step 3 — Show findings + ask the user\n\nFirst, print the findings as a numbered list (one line per finding):\n\n  ```\n  P0/P1 findings in the current diff:\n    1. [P0] file/path.ts:42 — Hardcoded API key (fix: move to env var)\n    2. [P1] file/path.tsx:88 — Missing <PIIMaskedDisplay> on user.pan\n    ...\n  ```\n\nThen use the `AskUserQuestion` tool with EXACTLY this shape:\n\n  question: \"Found N P0/P1 issue(s). What should I do?\"\n  header: \"Auto-review\"\n  multiSelect: false\n  options:\n    - label: \"Fix all now\"\n      description: \"I'll resolve every P0/P1 finding in this turn before stopping.\"\n    - label: \"Fix selected ones\"\n      description: \"Show me a checkbox list of just the P0/P1 findings; I'll fix only what you tick.\"\n    - label: \"Skip — let me handle them\"\n      description: \"Don't touch the code. The findings list above is for your reference.\"\n\nIf user picked \"Fix all now\":\n  Return `{ \"ok\": false, \"reason\": \"Fix the following P0/P1 findings before stopping:\\n\\n<full numbered list including file:line and concrete fix for each>\" }`\n\nIf user picked \"Fix selected ones\":\n  Use AskUserQuestion AGAIN with `multiSelect: true` and one option per finding. Then return `{ \"ok\": false, \"reason\": \"Fix ONLY these selected P0/P1 findings:\\n<the picked subset with file:line and fix>\" }`.\n\nIf user picked \"Skip\":\n  Return `{ \"ok\": true }`. The findings list is already printed; the user has it.\n\n# Hard rules\n\n- Be precise. Cite `file:line` for every finding. Vague findings = unfixable findings.\n- Do not invent findings. If you cannot identify a concrete file:line that violates a rule, do not include it.\n- Never block on P2. Mention them at most once at the end of the printed list, as info.\n- If the AskUserQuestion tool is unavailable in this context, default to printing the findings + returning `{ \"ok\": true }` so the user is not blocked.\n\n$ARGUMENTS"
+          }
+        ]
+      }
+    ],
+    "PreCompact": [
+      {
+        "matcher": "auto|manual",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/save-compliance-context.sh",
+            "args": [],
+            "statusMessage": "[bfsi] snapshotting compliance context"
+          }
+        ]
+      }
+    ]
+  }
+}

package/claude-toolkit/hooks/scripts/a11y-check.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+# Async post-write a11y heuristic for .tsx files.
+# Runs lightweight pattern checks; the full audit lives in bfsi-accessibility-auditor agent.
+set -euo pipefail
+
+INPUT=$(cat)
+FILE_PATH=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // ""')
+
+if [[ -z "$FILE_PATH" ]] || [[ ! -f "$FILE_PATH" ]]; then
+  exit 0
+fi
+
+[[ "$FILE_PATH" == *.tsx ]] || exit 0
+
+declare -a FINDINGS=()
+
+# <img> without alt
+if grep -nE '<img[^>]*>' "$FILE_PATH" | grep -vE 'alt=' >/dev/null 2>&1; then
+  while IFS= read -r line; do
+    FINDINGS+=("$line — <img> without alt attribute")
+  done < <(grep -nE '<img[^>]*>' "$FILE_PATH" | grep -vE 'alt=' | head -3)
+fi
+
+# <button> with empty children and no aria-label
+if grep -nE '<button[^>]*>[[:space:]]*</button>' "$FILE_PATH" >/dev/null 2>&1; then
+  while IFS= read -r line; do
+    if ! printf '%s' "$line" | grep -qE 'aria-label='; then
+      FINDINGS+=("$line — empty <button> without aria-label")
+    fi
+  done < <(grep -nE '<button[^>]*>[[:space:]]*</button>' "$FILE_PATH" | head -3)
+fi
+
+# <div onClick=...> (should be <button>)
+if grep -nE '<div[^>]+onClick=' "$FILE_PATH" >/dev/null 2>&1; then
+  while IFS= read -r line; do
+    if ! printf '%s' "$line" | grep -qE 'role="button"'; then
+      FINDINGS+=("$line — clickable <div> without role='button' (prefer <button>)")
+    fi
+  done < <(grep -nE '<div[^>]+onClick=' "$FILE_PATH" | head -3)
+fi
+
+# outline: none without a focus replacement
+if grep -nE 'outline:[[:space:]]*none' "$FILE_PATH" >/dev/null 2>&1; then
+  while IFS= read -r line; do
+    FINDINGS+=("$line — 'outline: none' removes focus indicator; provide a replacement focus style")
+  done < <(grep -nE 'outline:[[:space:]]*none' "$FILE_PATH" | head -3)
+fi
+
+if [[ ${#FINDINGS[@]} -gt 0 ]]; then
+  CTX="[bfsi-a11y] possible accessibility issues in $(basename "$FILE_PATH"):"
+  for f in "${FINDINGS[@]}"; do
+    CTX="$CTX
+$f"
+  done
+  CTX="$CTX
+
+Run the bfsi-accessibility-auditor agent for a full WCAG 2.1 AA audit."
+  jq -n --arg msg "$CTX" '{
+    systemMessage: $msg
+  }'
+fi
+
+exit 0

package/claude-toolkit/hooks/scripts/audit-prompt.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Opt-in prompt audit log. Enabled when BFSI_AUDIT_PROMPTS=1 is set in the shell env.
+# Per Claude Code spec: async, no decision control.
+set -euo pipefail
+
+# Only run if explicitly enabled
+[[ "${BFSI_AUDIT_PROMPTS:-0}" == "1" ]] || exit 0
+
+INPUT=$(cat)
+PROMPT=$(printf '%s' "$INPUT" | jq -r '.prompt // ""')
+SESSION=$(printf '%s' "$INPUT" | jq -r '.session_id // ""')
+TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+AUDIT_DIR="$PROJECT_DIR/.claude"
+AUDIT_LOG="$AUDIT_DIR/audit.log"
+
+mkdir -p "$AUDIT_DIR"
+
+# Scrub obvious PII patterns from the prompt before logging
+SCRUBBED=$(printf '%s' "$PROMPT" |
+  sed -E 's/[A-Z]{5}[0-9]{4}[A-Z]/<PAN>/g' |
+  sed -E 's/[0-9]{12}/<AADHAAR-ish>/g' |
+  sed -E 's/[6-9][0-9]{9}/<MOBILE>/g' |
+  sed -E 's/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}/<EMAIL>/g'
+)
+
+# Append a JSON line
+jq -n -c \
+  --arg ts "$TIMESTAMP" \
+  --arg session "$SESSION" \
+  --arg prompt "$SCRUBBED" \
+  '{timestamp: $ts, session_id: $session, event: "user_prompt", prompt_scrubbed: $prompt}' \
+  >> "$AUDIT_LOG"
+
+exit 0

package/claude-toolkit/hooks/scripts/block-destructive.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+# Blocks destructive `rm -rf` invocations.
+# Allows `rm -rf node_modules`, `rm -rf dist`, `rm -rf .turbo`, `rm -rf coverage` — known build artefacts.
+# Per Claude Code spec: exit 2 to block; stderr surfaces to Claude.
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // ""')
+
+# Allowed targets (build artefacts only)
+ALLOWED='^rm -rf (\./)?(node_modules|dist|build|coverage|\.turbo|\.next|out|playwright-report|\.cache|\.scratch)(/?$| )'
+
+if [[ -z "$COMMAND" ]]; then
+  exit 0
+fi
+
+if [[ "$COMMAND" =~ $ALLOWED ]]; then
+  exit 0
+fi
+
+if [[ "$COMMAND" =~ rm[[:space:]]+-rf ]]; then
+  cat >&2 <<EOF
+[bfsi] Blocked destructive shell command:
+
+    $COMMAND
+
+The bfsi-claude-toolkit blocks 'rm -rf' except for known build artefacts
+(node_modules, dist, build, coverage, .turbo, .next).
+
+If you need to remove other files:
+  - Use 'rm' (not 'rm -rf') for single files
+  - Use 'rm -r' (no -f) so errors surface
+  - For directories: pass --force per-call with explicit consent
+
+If you genuinely need 'rm -rf <other-path>', edit the file manually outside Claude.
+EOF
+  exit 2
+fi
+
+exit 0

package/claude-toolkit/hooks/scripts/block-force-push.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# Blocks 'git push --force' to protected branches (main, master, staging, production, release/*).
+# `--force-with-lease` is treated identically — both can rewrite history on the remote.
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // ""')
+
+PROTECTED='(main|master|staging|production|release/[^[:space:]]+)'
+
+if [[ "$COMMAND" =~ git[[:space:]]+push[[:space:]]+.*--force(-with-lease)?.*[[:space:]]+($PROTECTED)([[:space:]]|$) ]]; then
+  cat >&2 <<EOF
+[bfsi] Blocked: force push to a protected branch.
+
+    $COMMAND
+
+Force push to main / master / staging / production / release branches is
+blocked by bfsi-claude-toolkit. This protects audit trail integrity (RBI
+Annexure I §12, SOC2 CC7.2).
+
+If the remote needs rewinding, do it manually via:
+  - Git GUI with explicit confirmation
+  - Direct shell outside Claude (you'll see the safeguards)
+  - Reach out to a tech-lead for approval
+EOF
+  exit 2
+fi
+
+# Allow force push to feature branches
+exit 0

package/claude-toolkit/hooks/scripts/format.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+# Async post-write Prettier on the changed file. Best-effort: silent on success,
+# logs to stderr on failure (non-blocking, since async).
+set -euo pipefail
+
+INPUT=$(cat)
+FILE_PATH=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // ""')
+
+if [[ -z "$FILE_PATH" ]] || [[ ! -f "$FILE_PATH" ]]; then
+  exit 0
+fi
+
+# Only run on files Prettier can handle
+case "$FILE_PATH" in
+  *.ts|*.tsx|*.js|*.jsx|*.json|*.md|*.yml|*.yaml|*.css|*.scss|*.html)
+    ;;
+  *)
+    exit 0
+    ;;
+esac
+
+# Resolve project root (closest package.json with prettier)
+ROOT="$(dirname "$FILE_PATH")"
+while [[ "$ROOT" != "/" ]] && [[ ! -f "$ROOT/package.json" ]]; do
+  ROOT="$(dirname "$ROOT")"
+done
+
+if [[ ! -f "$ROOT/package.json" ]]; then
+  exit 0
+fi
+
+# Use the project's prettier if available
+if command -v pnpm >/dev/null 2>&1; then
+  cd "$ROOT" && pnpm exec prettier --write "$FILE_PATH" 2>&1 | tail -5 >&2 || true
+elif command -v npx >/dev/null 2>&1; then
+  cd "$ROOT" && npx prettier --write "$FILE_PATH" 2>&1 | tail -5 >&2 || true
+fi
+
+# Inform Claude on next turn that format ran
+jq -n --arg file "$(basename "$FILE_PATH")" '{
+  systemMessage: ("[bfsi] formatted " + $file)
+}'

package/claude-toolkit/hooks/scripts/inject-context.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+# SessionStart hook: injects project context for Claude.
+# Plain stdout becomes additional context (per Claude Code spec for SessionStart).
+set -euo pipefail
+
+cd "${CLAUDE_PROJECT_DIR:-$(pwd)}" 2>/dev/null || cd "$(pwd)"
+
+# Branch + recent commits
+BRANCH=$(git branch --show-current 2>/dev/null || echo "(not a git repo)")
+RECENT=$(git log --oneline -5 2>/dev/null || echo "(no recent commits)")
+DIRTY=$(git status --short 2>/dev/null | head -10 || echo "")
+
+cat <<EOF
+[bfsi-claude-toolkit] Project context loaded.
+
+Current branch: $BRANCH
+
+Recent commits:
+$RECENT
+
+Uncommitted changes:
+${DIRTY:-(clean working tree)}
+
+BFSI conventions in effect:
+  - All API responses go through Zod parse
+  - All mutations use useAuditedMutation
+  - All routes use <ProtectedRoute permission=...>
+  - PII fields display via <PIIMaskedDisplay>
+  - No card data in HTML inputs (use <PCITokenizedCardInput>)
+  - Tokens in memory, never localStorage
+  - Commits use Conventional Commits with BFSI types (security, compliance, audit)
+
+Available commands: /bfsi-review, /bfsi-scaffold, /bfsi-audit, /bfsi-doctor
+Available skills: /bfsi-feature, /bfsi-form, /bfsi-pii-field, /bfsi-api-endpoint,
+                  /bfsi-compliance-check, /bfsi-commit
+
+Reference skills auto-load on matching prompts:
+  - bfsi-onboarding (how does this project work)
+  - bfsi-encrypt-helper (encryption usage)
+  - bfsi-test-pattern (test patterns)
+  - bfsi-error-message (error handling)
+
+For full toolkit docs: cat packages/claude-toolkit/README.md
+EOF