@the-bearded-bear/claude-craft 8.4.0 → 8.5.0-next.b249d60

package/Dev/scripts/install-common-rules.sh

@@ -846,6 +846,23 @@ main() {
         install_claude_md
     fi
 
+    # Copy AGENTS.md template to target root (idempotent — won't overwrite existing)
+    local agents_template
+    agents_template="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../../.claude/templates/AGENTS.md.template"
+    local agents_target="$target_dir/AGENTS.md"
+    if [[ -f "$agents_template" && ! -f "$agents_target" ]]; then
+        if $dry_run; then
+            log_dry_run "Would create $agents_target from AGENTS.md.template"
+        else
+            cp "$agents_template" "$agents_target"
+            log_success "[install-common-rules] Created $agents_target from template"
+            ((++files_created))
+        fi
+    elif [[ -f "$agents_target" ]]; then
+        log_info "[install-common-rules] AGENTS.md exists at $agents_target (not overwritten)"
+        ((++files_skipped))
+    fi
+
     print_summary
 
     # Exit code

package/bundles/cursor/.cursorrules

@@ -0,0 +1,347 @@
+# Claude Craft — AI-First TDD Framework for Cursor IDE
+# Generated from https://github.com/TheBeardedCTO/claude-craft
+# Version: 8.0.1 | Last updated: 2026-04-17
+
+---
+
+## Core Framework
+
+# Claude-Craft - Multi-Technology Framework
+
+**Version:** 8.5.0 | **Languages:** en, fr, es, de, pt
+
+A comprehensive AI-assisted development framework for Claude Code with 19 technology stacks, 72 agents, 211 commands across 26 namespaces, and BMAD v6 project management.
+
+---
+
+## Supported Technologies (2026)
+
+| Stack | Version | Architecture | Key Patterns |
+|-------|---------|--------------|--------------|
+| **.NET / C#** | 10 LTS / C# 14 | Clean Architecture | CQRS, MediatR (ou alternative), EF Core |
+| **Symfony / PHP** | 8.0 / PHP 8.4+ | Clean Architecture | DDD, Hexagonal, API Platform, JsonStreamer |
+| **Flutter / Dart** | 3.41 / Dart 3.11 | Clean Architecture | BLoC v9, Riverpod 3, Material 3, Impeller |
+| **React** | 19.2 + Compiler 1.0 | Feature-based | Hooks, Zustand, React Query, Server Components |
+| **React Native** | 0.85 (New Architecture) | Feature-based | Navigation 7, Reanimated 4, TurboModules |
+| **Angular** | 20 LTS (ou 21) | Domain-driven | Signals, Standalone, Zoneless, httpResource |
+| **Vue.js** | 3.5+ (3.6 beta Vapor) | Composition API | Pinia, Vitest, TypeScript, Alien Signals |
+| **Laravel** | 13.x / PHP 8.5 | Clean Architecture | Actions, Pest 4, Sanctum, AI SDK, Passkey |
+| **Python** | 3.14+ | Clean Architecture / Hexagonal | FastAPI, async/await, Pydantic, free-threading, JIT |
+| **PHP** | 8.5 (Property Hooks 8.4+) | Clean Architecture | PSR-12, PHPStan Level 10, Pest 4 |
+| **Paperclip** | 2026.403.0 | Two-layer (control plane + adapters) | Node.js 20+, TypeScript, Vitest, PostgreSQL, governance-first |
+
+### Technology Quick Links
+
+| Technology | Reference | Commands |
+|------------|-----------|----------|
+| C# / .NET | `@.claude/references/csharp/` | `/csharp:*` |
+| Symfony / PHP | `@.claude/references/symfony/CLAUDE.md` | `/symfony:*` |
+| Flutter / Dart | `@.claude/references/flutter/CLAUDE.md` | `/flutter:*` |
+| React | `@.claude/references/react/` | `/react:*` |
+| React Native | `@.claude/references/react-native/` | `/reactnative:*` |
+| Angular | `@.claude/references/angular/` | `/angular:*` |
+| Vue.js | `@.claude/references/vuejs/` | `/vuejs:*` |
+| Laravel | `@.claude/references/laravel/` | `/laravel:*` |
+| Python | `@.claude/references/python/` | `/python:*` |
+| PHP | `@.claude/references/php/` | `/php:*` |
+| Paperclip | `@.claude/references/paperclip/` | `/paperclip:*` |
+
+See `@.claude/INDEX.md` for condensed checklists and patterns.
+
+---
+
+## Available Commands (26 namespaces, 211 commands)
+
+Core: `/common:*`, `/workflow:*`, `/team:*`, `/qa:*`, `/uiux:*` | Tech: `/symfony:*`, `/react:*`, `/flutter:*`, `/python:*`, `/angular:*`, `/vuejs:*`, `/laravel:*`, `/reactnative:*`, `/csharp:*`, `/php:*`, `/paperclip:*` | Infra (via `@devops-engineer`): Docker 29.4.3, Coolify v4.0.0 (stable), K8s 1.36.1, OpenTofu 1.12.0, Ansible 2.21.0, FrankenPHP 1.12.1, PgBouncer 1.25.2 (CVE-2026-6664/6667 patched) | Project: `/sprint:*`, `/gate:*`, `/project:*`
+
+Full reference: [Commands](../docs/COMMANDS.md) | [CLI Reference](../docs/CLI-REFERENCE.md)
+
+---
+
+## Available Agents (72 agents)
+
+**Common** (20): `@api-designer`, `@database-architect`, `@devops-engineer`, `@performance-auditor`, `@refactoring-specialist`, `@tdd-coach`, `@uiux-orchestrator`, `@ui-designer`, `@ux-ergonome`, `@accessibility-expert`, `@research-assistant`, `@ralph-conductor`, `@security-auditor`, `@data-analyst`, `@migration-specialist`, `@cost-optimizer`, `@chaos-engineer`, `@devex-engineer`, `@mlops-engineer`, `@observability-engineer` | **Tech Reviewers** (11): `@{symfony,flutter,react,python,angular,laravel,vuejs,reactnative,csharp,php,paperclip}-reviewer` | **Infrastructure** (39): Docker, Coolify, K8s, OpenTofu, Ansible, Hcloud, PgBouncer, FrankenPHP — see [Agents](../docs/AGENTS.md) | **Project** (2): `@product-owner`, `@tech-lead`
+
+Full reference: [Agents](../docs/AGENTS.md)
+
+---
+
+## BMAD v6 Framework
+
+| Track | Setup | Phases | Best For |
+|-------|-------|--------|----------|
+| **Quick Flow** | < 5 min | Implement only | Bug fixes, hotfixes |
+| **Standard** | < 15 min | Plan -> Design -> Implement | New features |
+| **Enterprise** | < 30 min | Analyze -> Plan -> Design -> Implement | Platforms |
+
+**Quality Gates:** PRD >=80% | Tech Spec >=90% | INVEST 6/6 | Sprint Ready 100% | Story DoD 100% | Spec Alignment >=85%
+
+**Status Routing:** `backlog -> ready-for-dev -> in-progress -> review -> done` (any -> `blocked`)
+
+**TDD Phases:** Red -> Green -> Refactor
+
+---
+
+## Ralph Wiggum
+
+Continuous AI loop that runs Claude until task completion: `/common:ralph-run "task"`
+
+**DoD Validators:** `command` | `output_contains` | `file_changed` | `hook` | `human`
+
+## QA Recette
+
+Automated acceptance testing via Chrome. **Golden Rule:** A fixed bug should NEVER reappear.
+
+```bash
+/qa:recette --scope=story --id=US-001      # Test a story
+/qa:recette --scope=sprint --id=Sprint-3    # Test a sprint
+/qa:recette --resume=REC-20260130-143022    # Resume session
+```
+
+**Prerequisites:** Chrome extension v1.0.36+ | Claude Code with `--chrome` or `/chrome`
+
+> BMAD roles (bmad-master, pm, ba, architect, po, sm, dev, qa, qa-recette, ux) are integrated into workflow and sprint commands, not standalone agent files.
+
+---
+
+## Docker Requirement
+
+**Always use Docker for commands to abstract from local environment.**
+
+```bash
+docker compose exec app php bin/console ...
+docker compose exec app ./vendor/bin/phpunit
+```
+
+---
+
+## Skills
+
+`/solid-principles`, `/testing`, `/security`, `/git-workflow`, `/documentation`, `/kiss-dry-yagni`, `/workflow-analysis`, `/parallel-worktrees`, `/atomic-tasks`, `/design-md-convention`, `/architect`, `/debug-methodical`, `/socratic-brainstorm` — loaded on demand from `.claude/skills/`
+
+## AI-First Development (Karpathy)
+
+See `@.claude/rules/23-karpathy-principles.md` — 3 principles: **state assumptions explicitly**, **minimal code (no speculation)**, **surface confusion**. Apply to all LLM-assisted code. Extends rule 05 (KISS/DRY/YAGNI).
+
+## Design System Convention
+
+Projects with UI should include a root `DESIGN.md` file (template: `.claude/templates/DESIGN.md.template`). Skill `design-md-convention` and agents `@ui-designer`/`@ux-ergonome` auto-load it for consistent UI generation.
+
+---
+
+## Documentation
+
+| Document | Description |
+|----------|-------------|
+| [Quickstart](../docs/QUICKSTART.md) | 5-minute getting started |
+| [Prerequisites](../docs/PREREQUISITES.md) | Required dependencies |
+| [CLI Reference](../docs/CLI-REFERENCE.md) | Full CLI documentation |
+| [Commands](../docs/COMMANDS.md) | All commands |
+| [Agents](../docs/AGENTS.md) | All agents |
+| [FAQ](../docs/FAQ.md) | Common questions |
+| [Troubleshooting](../docs/TROUBLESHOOTING.md) | Problem solving |
+
+---
+
+## Quick Start
+
+```bash
+# Install Claude Craft
+npx @the-bearded-bear/claude-craft install . --tech=symfony --lang=en
+
+# Or with Makefile
+make install-symfony TARGET=. RULES_LANG=en
+
+# Start workflow
+/workflow:init
+
+# Use an agent
+@tdd-coach Guide me through TDD for this feature
+
+# Run audit
+/team:audit --sequential
+```
+
+---
+
+## Claude Code Compatibility
+
+**Minimum Version:** 2.1.97 (CVE-2025-59536 patched) | **Recommended:** 2.1.117 — See `@.claude/COMPATIBILITY.md` for full changelog (v2.1.20+).
+
+---
+
+## Best Practices
+
+See `.claude/rules/12-context-management.md` for detailed guidance.
+
+| Practice | Description |
+|----------|-------------|
+| **CLAUDE.md size** | Keep under 200 lines; use `.claude/rules/` for details |
+| **Use `/clear`** | Between unrelated tasks to reset context |
+| **Sub-agents** | Delegate investigations to keep main context clean |
+| **Verification loops** | Always provide tests/expected outputs (2-3x quality improvement) |
+| **Plan Mode** | Invest in planning for complex tasks (> 3 files) |
+| **Parallel worktrees** | Use `git worktree` for concurrent sessions |
+| **Hooks** | CLAUDE.md = suggestions. Hooks = requirements |
+| **`/memory`** | Persistent session learnings across conversations (v2.1.59+) |
+| **Pointers over copies** | Use `@path` references instead of copying code into CLAUDE.md |
+| **Token optimization** | Use `/common:setup-rtk` for 55-65% token savings |
+| **Sub-agent model** | Set `CLAUDE_CODE_SUBAGENT_MODEL=sonnet` for cost savings |
+
+See `.claude/templates/hooks/` for ready-to-use hook templates.
+
+## Quick Reference Index
+
+# Claude-Craft Rules Index
+
+## Stack Overview (2026)
+
+.NET 10 LTS / C# 14 | Symfony 8 / PHP 8.5 | Flutter 3.41 / Dart 3.11 | React 19.2 | Laravel 13 | Python 3.14+
+
+## Architecture Layers
+
+```
+WebAPI/Presentation → Infrastructure → Application → Domain (← INWARD ONLY)
+```
+
+**Domain**: NO external deps, Value Objects, private setters | **Application**: CQRS (MediatR/alternative), DTOs, validation | **Infrastructure**: DB, external services
+
+## Coding Standards
+
+| Element | Convention | Always |
+|---------|-----------|--------|
+| Public | PascalCase | Pass `CancellationToken`, enable nullable |
+| Private | _camelCase | Async suffix: `ProcessAsync` |
+| Params | camelCase | Methods < 20 lines, complexity < 10 |
+
+## SOLID + KISS/DRY/YAGNI
+
+**SRP**: 1 reason to change | **OCP**: Extend via interfaces | **LSP**: Subtypes substitutable | **ISP**: < 5 methods/interface | **DIP**: Depend on abstractions
+
+**KISS**: < 10 complexity | **DRY**: Extract after 3 occurrences | **YAGNI**: Only what's required
+
+## Testing Pyramid
+
+Unit 70% (< 1s) | Integration 20% (< 5s) | E2E 10% (< 30s) — **TDD**: RED → GREEN → REFACTOR
+
+**Stacks**: xUnit/FluentAssertions (C#), Pest 4 (PHP), Vitest 4 (JS/TS), pytest 8 (Python)
+
+## Security Essentials
+
+Server-side validation | Parameterized queries | Secrets in vault | CSP/HSTS headers | `[Authorize(Policy)]`
+
+## Git Workflow
+
+**Conventional Commits**: `<type>(<scope>): <description>` — Types: feat, fix, docs, refactor, perf, test  
+**Branches**: `feature/`, `fix/`, `refactor/`
+
+## Analysis Workflow (Mandatory)
+
+1. Understand request → 2. Read affected files + deps → 3. Document impact/risks → 4. Validate if medium/high impact → 5. TDD first
+
+## Technology References
+
+| Stack | Path | Key Features |
+|-------|------|--------------|
+| **C# / .NET** | `@.claude/references/csharp/` | Extension Members, Span<T>, Clean Architecture |
+| **Symfony / PHP** | `@.claude/references/symfony/CLAUDE.md` | JSON Streamer, ObjectMapper, DDD |
+| **Flutter / Dart** | `@.claude/references/flutter/CLAUDE.md` | WASM, MCP, BLoC v9, Material 3 |
+
+## Base Rules
+
+`workflow-analysis.md` | `solid-principles.md` | `kiss-dry-yagni.md` | `git-workflow.md` | `security.md` | `testing.md` | `documentation.md`
+
+## Tech-Specific Guides
+
+**C#**: architecture, coding-standards, testing, security, tooling, quality-tools, aspire  
+**Symfony**: architecture, coding-standards, quality-tools, json-streamer, object-mapper  
+**Flutter**: coding-standards, wasm, mcp-integration, web-performance-2026
+
+All in `@.claude/references/<tech>/`
+
+## QA Recette Essentials
+
+**Prerequisites**: Chrome extension v1.0.36+ | Claude Code `--chrome` or `/chrome`
+
+```bash
+/qa:recette --scope=story --id=US-001        # Test story
+/qa:recette --resume=REC-xxx                 # Resume session
+/qa:fix --session=REC-xxx --severity=critical # Fix critical bugs
+/qa:regression --check                       # Check Golden Rule
+```
+
+**Golden Rule**: A fixed bug should NEVER reappear → auto-generates regression tests
+
+**Output**: `.recette/` (plans, sessions, regression, metrics, reports)
+
+## LSP Plugins
+
+PHP: `php-lsp` | Python: `pyright-lsp` | TS/JS: `typescript-lsp` | Dart: `dart-analyzer` | C#: `csharp-lsp`
+
+Install: `/plugins install <name>@claude-plugins-official`
+
+> Full docs: `@.claude/COMPATIBILITY.md` | Technology details: `@.claude/references/<tech>/`
+
+## Essential Rules (Condensed)
+
+### SOLID Principles
+SRP | OCP | LSP | ISP | DIP — See full rules in .claude/rules/04-solid-principles.md
+
+### KISS, DRY, YAGNI
+## KISS — Keep It Simple
+
+| Metrique | Cible | Limite |
+|----------|-------|--------|
+| **Cognitive Complexity** (primaire 2026) | < 7 | < 10 |
+| Lignes par methode | < 10 | < 20 |
+| Complexite cyclomatique | < 5 | < 10 |
+| Profondeur d'indentation | 2 | 3 max |
+| Parametres par methode | 3 | 4 max |
+
+> **Cognitive Complexity** (SonarQube, ReSharper) est la metrique dominante 2026 : elle mesure la difficulte humaine de comprehension. Elle prevaut sur la stricte limite de 20 lignes. Source : [Cognitive vs Cyclomatic](https://gilles-fabre.medium.com/what-is-the-difference-between-cyclomatic-complexity-and-cognitive-complexity-a87cef0e2851).
+
+**Regles :** Early returns (guard clauses), pas de else imbrique, nommage explicite, composition > heritage.
+
+## DRY — Don't Repeat Yourself
+
+### Testing
+TDD: RED → GREEN → REFACTOR | Coverage >= 80% | Mutation testing
+
+### Security
+## OWASP Top 10:2025 — Essentiels
+
+| # | Menace | Defense |
+|---|--------|---------|
+| 1 | Broken Access Control (inclut **SSRF** consolide) | Verifier permissions a CHAQUE requete, deny by default |
+| 2 | Cryptographic Failures | TLS 1.3, **Argon2id** (128 MiB RAM, t=3-5, p=1), secrets dans vault |
+| 3 | Injection | Requetes parametrees, validation/sanitization |
+| 4 | Insecure Design | Threat modeling, defense in depth, rate limiting |
+| 5 | Security Misconfiguration | Hardening, erreurs generiques en prod |
+| 6 | **Software Supply Chain Failures** (nouveau 2025) | SLSA 1.0, SBOM (SPDX 3 / CycloneDX), Sigstore keyless signing, reproducible builds |
+| 7 | **Mishandling of Exceptional Conditions** (nouveau 2025) | Logger les erreurs, ne jamais exposer la stack trace en prod |
+
+Sources : [OWASP Top 10:2025](https://owasp.org/Top10/2025/), [Supply Chain 2026](https://kawaldeepsingh.medium.com/practical-software-supply-chain-security-2026-sboms-signing-slsa-reproducible-builds-a-0416cfac32dc).
+
+## Regles non-negociables
+
+### Git Workflow
+Conventional Commits | GitHub Flow | Feature branches < 3 days
+
+
+---
+
+## Full Documentation
+
+For complete documentation, visit: https://claude-craft.dev
+
+For full rules and references:
+- SOLID: .claude/rules/04-solid-principles.md
+- KISS/DRY/YAGNI: .claude/rules/05-kiss-dry-yagni.md
+- Testing: .claude/rules/07-testing.md
+- Security: .claude/rules/11-security.md
+- Git Workflow: .claude/rules/09-git-workflow.md
+- Context Management: .claude/rules/12-context-management.md
+
+**Attribution:** The Bearded CTO / Claude Craft
+**License:** MIT
+**Repository:** https://github.com/TheBeardedCTO/claude-craft

package/bundles/windsurf/.windsurfrules

@@ -0,0 +1,347 @@
+# Claude Craft — AI-First TDD Framework for Windsurf IDE
+# Generated from https://github.com/TheBeardedCTO/claude-craft
+# Version: 8.0.1 | Last updated: 2026-04-17
+
+---
+
+## Core Framework
+
+# Claude-Craft - Multi-Technology Framework
+
+**Version:** 8.5.0 | **Languages:** en, fr, es, de, pt
+
+A comprehensive AI-assisted development framework for Claude Code with 19 technology stacks, 72 agents, 211 commands across 26 namespaces, and BMAD v6 project management.
+
+---
+
+## Supported Technologies (2026)
+
+| Stack | Version | Architecture | Key Patterns |
+|-------|---------|--------------|--------------|
+| **.NET / C#** | 10 LTS / C# 14 | Clean Architecture | CQRS, MediatR (ou alternative), EF Core |
+| **Symfony / PHP** | 8.0 / PHP 8.4+ | Clean Architecture | DDD, Hexagonal, API Platform, JsonStreamer |
+| **Flutter / Dart** | 3.41 / Dart 3.11 | Clean Architecture | BLoC v9, Riverpod 3, Material 3, Impeller |
+| **React** | 19.2 + Compiler 1.0 | Feature-based | Hooks, Zustand, React Query, Server Components |
+| **React Native** | 0.85 (New Architecture) | Feature-based | Navigation 7, Reanimated 4, TurboModules |
+| **Angular** | 20 LTS (ou 21) | Domain-driven | Signals, Standalone, Zoneless, httpResource |
+| **Vue.js** | 3.5+ (3.6 beta Vapor) | Composition API | Pinia, Vitest, TypeScript, Alien Signals |
+| **Laravel** | 13.x / PHP 8.5 | Clean Architecture | Actions, Pest 4, Sanctum, AI SDK, Passkey |
+| **Python** | 3.14+ | Clean Architecture / Hexagonal | FastAPI, async/await, Pydantic, free-threading, JIT |
+| **PHP** | 8.5 (Property Hooks 8.4+) | Clean Architecture | PSR-12, PHPStan Level 10, Pest 4 |
+| **Paperclip** | 2026.403.0 | Two-layer (control plane + adapters) | Node.js 20+, TypeScript, Vitest, PostgreSQL, governance-first |
+
+### Technology Quick Links
+
+| Technology | Reference | Commands |
+|------------|-----------|----------|
+| C# / .NET | `@.claude/references/csharp/` | `/csharp:*` |
+| Symfony / PHP | `@.claude/references/symfony/CLAUDE.md` | `/symfony:*` |
+| Flutter / Dart | `@.claude/references/flutter/CLAUDE.md` | `/flutter:*` |
+| React | `@.claude/references/react/` | `/react:*` |
+| React Native | `@.claude/references/react-native/` | `/reactnative:*` |
+| Angular | `@.claude/references/angular/` | `/angular:*` |
+| Vue.js | `@.claude/references/vuejs/` | `/vuejs:*` |
+| Laravel | `@.claude/references/laravel/` | `/laravel:*` |
+| Python | `@.claude/references/python/` | `/python:*` |
+| PHP | `@.claude/references/php/` | `/php:*` |
+| Paperclip | `@.claude/references/paperclip/` | `/paperclip:*` |
+
+See `@.claude/INDEX.md` for condensed checklists and patterns.
+
+---
+
+## Available Commands (26 namespaces, 211 commands)
+
+Core: `/common:*`, `/workflow:*`, `/team:*`, `/qa:*`, `/uiux:*` | Tech: `/symfony:*`, `/react:*`, `/flutter:*`, `/python:*`, `/angular:*`, `/vuejs:*`, `/laravel:*`, `/reactnative:*`, `/csharp:*`, `/php:*`, `/paperclip:*` | Infra (via `@devops-engineer`): Docker 29.4.3, Coolify v4.0.0 (stable), K8s 1.36.1, OpenTofu 1.12.0, Ansible 2.21.0, FrankenPHP 1.12.1, PgBouncer 1.25.2 (CVE-2026-6664/6667 patched) | Project: `/sprint:*`, `/gate:*`, `/project:*`
+
+Full reference: [Commands](../docs/COMMANDS.md) | [CLI Reference](../docs/CLI-REFERENCE.md)
+
+---
+
+## Available Agents (72 agents)
+
+**Common** (20): `@api-designer`, `@database-architect`, `@devops-engineer`, `@performance-auditor`, `@refactoring-specialist`, `@tdd-coach`, `@uiux-orchestrator`, `@ui-designer`, `@ux-ergonome`, `@accessibility-expert`, `@research-assistant`, `@ralph-conductor`, `@security-auditor`, `@data-analyst`, `@migration-specialist`, `@cost-optimizer`, `@chaos-engineer`, `@devex-engineer`, `@mlops-engineer`, `@observability-engineer` | **Tech Reviewers** (11): `@{symfony,flutter,react,python,angular,laravel,vuejs,reactnative,csharp,php,paperclip}-reviewer` | **Infrastructure** (39): Docker, Coolify, K8s, OpenTofu, Ansible, Hcloud, PgBouncer, FrankenPHP — see [Agents](../docs/AGENTS.md) | **Project** (2): `@product-owner`, `@tech-lead`
+
+Full reference: [Agents](../docs/AGENTS.md)
+
+---
+
+## BMAD v6 Framework
+
+| Track | Setup | Phases | Best For |
+|-------|-------|--------|----------|
+| **Quick Flow** | < 5 min | Implement only | Bug fixes, hotfixes |
+| **Standard** | < 15 min | Plan -> Design -> Implement | New features |
+| **Enterprise** | < 30 min | Analyze -> Plan -> Design -> Implement | Platforms |
+
+**Quality Gates:** PRD >=80% | Tech Spec >=90% | INVEST 6/6 | Sprint Ready 100% | Story DoD 100% | Spec Alignment >=85%
+
+**Status Routing:** `backlog -> ready-for-dev -> in-progress -> review -> done` (any -> `blocked`)
+
+**TDD Phases:** Red -> Green -> Refactor
+
+---
+
+## Ralph Wiggum
+
+Continuous AI loop that runs Claude until task completion: `/common:ralph-run "task"`
+
+**DoD Validators:** `command` | `output_contains` | `file_changed` | `hook` | `human`
+
+## QA Recette
+
+Automated acceptance testing via Chrome. **Golden Rule:** A fixed bug should NEVER reappear.
+
+```bash
+/qa:recette --scope=story --id=US-001      # Test a story
+/qa:recette --scope=sprint --id=Sprint-3    # Test a sprint
+/qa:recette --resume=REC-20260130-143022    # Resume session
+```
+
+**Prerequisites:** Chrome extension v1.0.36+ | Claude Code with `--chrome` or `/chrome`
+
+> BMAD roles (bmad-master, pm, ba, architect, po, sm, dev, qa, qa-recette, ux) are integrated into workflow and sprint commands, not standalone agent files.
+
+---
+
+## Docker Requirement
+
+**Always use Docker for commands to abstract from local environment.**
+
+```bash
+docker compose exec app php bin/console ...
+docker compose exec app ./vendor/bin/phpunit
+```
+
+---
+
+## Skills
+
+`/solid-principles`, `/testing`, `/security`, `/git-workflow`, `/documentation`, `/kiss-dry-yagni`, `/workflow-analysis`, `/parallel-worktrees`, `/atomic-tasks`, `/design-md-convention`, `/architect`, `/debug-methodical`, `/socratic-brainstorm` — loaded on demand from `.claude/skills/`
+
+## AI-First Development (Karpathy)
+
+See `@.claude/rules/23-karpathy-principles.md` — 3 principles: **state assumptions explicitly**, **minimal code (no speculation)**, **surface confusion**. Apply to all LLM-assisted code. Extends rule 05 (KISS/DRY/YAGNI).
+
+## Design System Convention
+
+Projects with UI should include a root `DESIGN.md` file (template: `.claude/templates/DESIGN.md.template`). Skill `design-md-convention` and agents `@ui-designer`/`@ux-ergonome` auto-load it for consistent UI generation.
+
+---
+
+## Documentation
+
+| Document | Description |
+|----------|-------------|
+| [Quickstart](../docs/QUICKSTART.md) | 5-minute getting started |
+| [Prerequisites](../docs/PREREQUISITES.md) | Required dependencies |
+| [CLI Reference](../docs/CLI-REFERENCE.md) | Full CLI documentation |
+| [Commands](../docs/COMMANDS.md) | All commands |
+| [Agents](../docs/AGENTS.md) | All agents |
+| [FAQ](../docs/FAQ.md) | Common questions |
+| [Troubleshooting](../docs/TROUBLESHOOTING.md) | Problem solving |
+
+---
+
+## Quick Start
+
+```bash
+# Install Claude Craft
+npx @the-bearded-bear/claude-craft install . --tech=symfony --lang=en
+
+# Or with Makefile
+make install-symfony TARGET=. RULES_LANG=en
+
+# Start workflow
+/workflow:init
+
+# Use an agent
+@tdd-coach Guide me through TDD for this feature
+
+# Run audit
+/team:audit --sequential
+```
+
+---
+
+## Claude Code Compatibility
+
+**Minimum Version:** 2.1.97 (CVE-2025-59536 patched) | **Recommended:** 2.1.117 — See `@.claude/COMPATIBILITY.md` for full changelog (v2.1.20+).
+
+---
+
+## Best Practices
+
+See `.claude/rules/12-context-management.md` for detailed guidance.
+
+| Practice | Description |
+|----------|-------------|
+| **CLAUDE.md size** | Keep under 200 lines; use `.claude/rules/` for details |
+| **Use `/clear`** | Between unrelated tasks to reset context |
+| **Sub-agents** | Delegate investigations to keep main context clean |
+| **Verification loops** | Always provide tests/expected outputs (2-3x quality improvement) |
+| **Plan Mode** | Invest in planning for complex tasks (> 3 files) |
+| **Parallel worktrees** | Use `git worktree` for concurrent sessions |
+| **Hooks** | CLAUDE.md = suggestions. Hooks = requirements |
+| **`/memory`** | Persistent session learnings across conversations (v2.1.59+) |
+| **Pointers over copies** | Use `@path` references instead of copying code into CLAUDE.md |
+| **Token optimization** | Use `/common:setup-rtk` for 55-65% token savings |
+| **Sub-agent model** | Set `CLAUDE_CODE_SUBAGENT_MODEL=sonnet` for cost savings |
+
+See `.claude/templates/hooks/` for ready-to-use hook templates.
+
+## Quick Reference Index
+
+# Claude-Craft Rules Index
+
+## Stack Overview (2026)
+
+.NET 10 LTS / C# 14 | Symfony 8 / PHP 8.5 | Flutter 3.41 / Dart 3.11 | React 19.2 | Laravel 13 | Python 3.14+
+
+## Architecture Layers
+
+```
+WebAPI/Presentation → Infrastructure → Application → Domain (← INWARD ONLY)
+```
+
+**Domain**: NO external deps, Value Objects, private setters | **Application**: CQRS (MediatR/alternative), DTOs, validation | **Infrastructure**: DB, external services
+
+## Coding Standards
+
+| Element | Convention | Always |
+|---------|-----------|--------|
+| Public | PascalCase | Pass `CancellationToken`, enable nullable |
+| Private | _camelCase | Async suffix: `ProcessAsync` |
+| Params | camelCase | Methods < 20 lines, complexity < 10 |
+
+## SOLID + KISS/DRY/YAGNI
+
+**SRP**: 1 reason to change | **OCP**: Extend via interfaces | **LSP**: Subtypes substitutable | **ISP**: < 5 methods/interface | **DIP**: Depend on abstractions
+
+**KISS**: < 10 complexity | **DRY**: Extract after 3 occurrences | **YAGNI**: Only what's required
+
+## Testing Pyramid
+
+Unit 70% (< 1s) | Integration 20% (< 5s) | E2E 10% (< 30s) — **TDD**: RED → GREEN → REFACTOR
+
+**Stacks**: xUnit/FluentAssertions (C#), Pest 4 (PHP), Vitest 4 (JS/TS), pytest 8 (Python)
+
+## Security Essentials
+
+Server-side validation | Parameterized queries | Secrets in vault | CSP/HSTS headers | `[Authorize(Policy)]`
+
+## Git Workflow
+
+**Conventional Commits**: `<type>(<scope>): <description>` — Types: feat, fix, docs, refactor, perf, test  
+**Branches**: `feature/`, `fix/`, `refactor/`
+
+## Analysis Workflow (Mandatory)
+
+1. Understand request → 2. Read affected files + deps → 3. Document impact/risks → 4. Validate if medium/high impact → 5. TDD first
+
+## Technology References
+
+| Stack | Path | Key Features |
+|-------|------|--------------|
+| **C# / .NET** | `@.claude/references/csharp/` | Extension Members, Span<T>, Clean Architecture |
+| **Symfony / PHP** | `@.claude/references/symfony/CLAUDE.md` | JSON Streamer, ObjectMapper, DDD |
+| **Flutter / Dart** | `@.claude/references/flutter/CLAUDE.md` | WASM, MCP, BLoC v9, Material 3 |
+
+## Base Rules
+
+`workflow-analysis.md` | `solid-principles.md` | `kiss-dry-yagni.md` | `git-workflow.md` | `security.md` | `testing.md` | `documentation.md`
+
+## Tech-Specific Guides
+
+**C#**: architecture, coding-standards, testing, security, tooling, quality-tools, aspire  
+**Symfony**: architecture, coding-standards, quality-tools, json-streamer, object-mapper  
+**Flutter**: coding-standards, wasm, mcp-integration, web-performance-2026
+
+All in `@.claude/references/<tech>/`
+
+## QA Recette Essentials
+
+**Prerequisites**: Chrome extension v1.0.36+ | Claude Code `--chrome` or `/chrome`
+
+```bash
+/qa:recette --scope=story --id=US-001        # Test story
+/qa:recette --resume=REC-xxx                 # Resume session
+/qa:fix --session=REC-xxx --severity=critical # Fix critical bugs
+/qa:regression --check                       # Check Golden Rule
+```
+
+**Golden Rule**: A fixed bug should NEVER reappear → auto-generates regression tests
+
+**Output**: `.recette/` (plans, sessions, regression, metrics, reports)
+
+## LSP Plugins
+
+PHP: `php-lsp` | Python: `pyright-lsp` | TS/JS: `typescript-lsp` | Dart: `dart-analyzer` | C#: `csharp-lsp`
+
+Install: `/plugins install <name>@claude-plugins-official`
+
+> Full docs: `@.claude/COMPATIBILITY.md` | Technology details: `@.claude/references/<tech>/`
+
+## Essential Rules (Condensed)
+
+### SOLID Principles
+SRP | OCP | LSP | ISP | DIP — See full rules in .claude/rules/04-solid-principles.md
+
+### KISS, DRY, YAGNI
+## KISS — Keep It Simple
+
+| Metrique | Cible | Limite |
+|----------|-------|--------|
+| **Cognitive Complexity** (primaire 2026) | < 7 | < 10 |
+| Lignes par methode | < 10 | < 20 |
+| Complexite cyclomatique | < 5 | < 10 |
+| Profondeur d'indentation | 2 | 3 max |
+| Parametres par methode | 3 | 4 max |
+
+> **Cognitive Complexity** (SonarQube, ReSharper) est la metrique dominante 2026 : elle mesure la difficulte humaine de comprehension. Elle prevaut sur la stricte limite de 20 lignes. Source : [Cognitive vs Cyclomatic](https://gilles-fabre.medium.com/what-is-the-difference-between-cyclomatic-complexity-and-cognitive-complexity-a87cef0e2851).
+
+**Regles :** Early returns (guard clauses), pas de else imbrique, nommage explicite, composition > heritage.
+
+## DRY — Don't Repeat Yourself
+
+### Testing
+TDD: RED → GREEN → REFACTOR | Coverage >= 80% | Mutation testing
+
+### Security
+## OWASP Top 10:2025 — Essentiels
+
+| # | Menace | Defense |
+|---|--------|---------|
+| 1 | Broken Access Control (inclut **SSRF** consolide) | Verifier permissions a CHAQUE requete, deny by default |
+| 2 | Cryptographic Failures | TLS 1.3, **Argon2id** (128 MiB RAM, t=3-5, p=1), secrets dans vault |
+| 3 | Injection | Requetes parametrees, validation/sanitization |
+| 4 | Insecure Design | Threat modeling, defense in depth, rate limiting |
+| 5 | Security Misconfiguration | Hardening, erreurs generiques en prod |
+| 6 | **Software Supply Chain Failures** (nouveau 2025) | SLSA 1.0, SBOM (SPDX 3 / CycloneDX), Sigstore keyless signing, reproducible builds |
+| 7 | **Mishandling of Exceptional Conditions** (nouveau 2025) | Logger les erreurs, ne jamais exposer la stack trace en prod |
+
+Sources : [OWASP Top 10:2025](https://owasp.org/Top10/2025/), [Supply Chain 2026](https://kawaldeepsingh.medium.com/practical-software-supply-chain-security-2026-sboms-signing-slsa-reproducible-builds-a-0416cfac32dc).
+
+## Regles non-negociables
+
+### Git Workflow
+Conventional Commits | GitHub Flow | Feature branches < 3 days
+
+
+---
+
+## Full Documentation
+
+For complete documentation, visit: https://claude-craft.dev
+
+For full rules and references:
+- SOLID: .claude/rules/04-solid-principles.md
+- KISS/DRY/YAGNI: .claude/rules/05-kiss-dry-yagni.md
+- Testing: .claude/rules/07-testing.md
+- Security: .claude/rules/11-security.md
+- Git Workflow: .claude/rules/09-git-workflow.md
+- Context Management: .claude/rules/12-context-management.md
+
+**Attribution:** The Bearded CTO / Claude Craft
+**License:** MIT
+**Repository:** https://github.com/TheBeardedCTO/claude-craft

package/cli/index.js

@@ -38,10 +38,8 @@ import { runCheck } from './lib/check.js';
 import { runList } from './lib/list.js';
 import { runDoctor } from './lib/doctor.js';
 import { runUpdate } from './lib/update.js';
-import { runKanban } from './lib/kanban.js';
-
 // Flattener module
-import { flatten as flattenCodebaseFn } from './flattener.js';
+import { flatten as flattenCodebaseFn } from './lib/flattener.js';
 
 // CLI package root
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -205,10 +203,12 @@ class ClaudeCraftCLI {
         await runRalph(this, args.slice(1), options, ctx);
         break;
 
-      case 'kanban':
+      case 'kanban': {
         printBanner(VERSION);
+        const { runKanban } = await import('./lib/kanban.js');
         await runKanban({ targetPath: this.config.targetPath, options });
         break;
+      }
 
       case 'help':
       case '--help':

package/cli/kanban/client/src/App.svelte

@@ -31,6 +31,8 @@
   let sprintLabel = $derived(store.sprint ? `${store.sprint.name} (${store.sprint.sprint_id})` : 'no sprint');
 </script>
 
+<a href="#main" class="skip-link">Skip to main content</a>
+
 <div class="app-shell">
   <aside class="sidebar" aria-label="Navigation">
     <h1>claude-craft</h1>
@@ -104,3 +106,30 @@
     </div>
   {/each}
 </div>
+
+<style>
+  .skip-link {
+    position: absolute;
+    left: -9999px;
+    top: auto;
+    width: 1px;
+    height: 1px;
+    overflow: hidden;
+    background: var(--accent, #7c3aed);
+    color: #fff;
+    padding: 8px 16px;
+    border-radius: 4px;
+    font-size: 14px;
+    font-weight: 600;
+    text-decoration: none;
+    z-index: 9999;
+  }
+  .skip-link:focus {
+    position: absolute;
+    left: 8px;
+    top: 8px;
+    width: auto;
+    height: auto;
+    overflow: visible;
+  }
+</style>

package/cli/kanban/client/src/components/PromptDialog.svelte

@@ -0,0 +1,160 @@
+<script>
+  /**
+   * PromptDialog — accessible replacement for window.prompt().
+   *
+   * Usage:
+   *   <PromptDialog bind:this={promptDialog} />
+   *   const value = await promptDialog.prompt('Enter a reason:');
+   *   // Returns the string entered, or null if cancelled.
+   */
+
+  let dialog = $state(null);
+  let inputEl = $state(null);
+  let message = $state('');
+  let inputValue = $state('');
+  let resolvePromise = null;
+
+  /**
+   * Open the dialog and return a promise that resolves with the entered value
+   * (string) or null when the user cancels.
+   *
+   * @param {string} promptMessage - Label text shown above the input.
+   * @returns {Promise<string|null>}
+   */
+  export function prompt(promptMessage) {
+    message = promptMessage;
+    inputValue = '';
+    dialog.showModal();
+    // Focus the input after the dialog is open (next microtask)
+    Promise.resolve().then(() => inputEl?.focus());
+    return new Promise((resolve) => {
+      resolvePromise = resolve;
+    });
+  }
+
+  function handleClose() {
+    const confirmed = dialog.returnValue === 'confirm';
+    const value = confirmed && inputValue.trim() ? inputValue : null;
+    resolvePromise?.(value);
+    resolvePromise = null;
+  }
+
+  function handleKeydown(e) {
+    // Allow submitting with Enter from within the input
+    if (e.key === 'Enter') {
+      e.preventDefault();
+      dialog.returnValue = 'confirm';
+      dialog.close();
+    }
+  }
+</script>
+
+<dialog
+  bind:this={dialog}
+  aria-labelledby="prompt-dialog-title"
+  aria-modal="true"
+  onclose={handleClose}
+>
+  <form method="dialog">
+    <h2 id="prompt-dialog-title" class="dialog-title">{message}</h2>
+    <input
+      bind:this={inputEl}
+      bind:value={inputValue}
+      type="text"
+      class="dialog-input"
+      aria-label={message}
+      onkeydown={handleKeydown}
+    />
+    <div class="dialog-actions">
+      <button type="submit" value="cancel" class="btn-cancel">Cancel</button>
+      <button
+        type="button"
+        class="btn-confirm"
+        onclick={() => {
+          dialog.returnValue = 'confirm';
+          dialog.close();
+        }}
+      >OK</button>
+    </div>
+  </form>
+</dialog>
+
+<style>
+  dialog {
+    background: var(--bg-elev);
+    border: 1px solid var(--border);
+    border-radius: var(--radius);
+    padding: 24px;
+    min-width: 320px;
+    color: var(--fg);
+    box-shadow: 0 8px 24px rgba(0, 0, 0, 0.4);
+  }
+
+  dialog::backdrop {
+    background: rgba(0, 0, 0, 0.6);
+  }
+
+  .dialog-title {
+    margin: 0 0 14px;
+    font-size: 16px;
+    font-weight: 600;
+  }
+
+  .dialog-input {
+    display: block;
+    width: 100%;
+    box-sizing: border-box;
+    background: var(--bg-sidebar);
+    border: 1px solid var(--border);
+    border-radius: var(--radius);
+    color: var(--fg);
+    padding: 8px 10px;
+    font-size: 14px;
+    margin-bottom: 16px;
+  }
+
+  .dialog-input:focus {
+    outline: 2px solid var(--accent);
+    outline-offset: 1px;
+  }
+
+  .dialog-actions {
+    display: flex;
+    justify-content: flex-end;
+    gap: 8px;
+  }
+
+  .btn-cancel,
+  .btn-confirm {
+    padding: 8px 16px;
+    border-radius: var(--radius);
+    font-size: 14px;
+    cursor: pointer;
+    border: 1px solid var(--border);
+  }
+
+  .btn-cancel {
+    background: var(--bg-sidebar);
+    color: var(--fg-dim);
+  }
+
+  .btn-cancel:hover,
+  .btn-cancel:focus {
+    background: var(--border);
+    outline: 2px solid var(--accent);
+    outline-offset: 1px;
+  }
+
+  .btn-confirm {
+    background: var(--accent);
+    color: var(--accent-fg);
+    border-color: var(--accent);
+  }
+
+  .btn-confirm:hover,
+  .btn-confirm:focus {
+    opacity: 0.9;
+    outline: 2px solid var(--accent);
+    outline-offset: 1px;
+  }
+</style>

package/cli/kanban/client/src/views/KanbanView.svelte

@@ -1,6 +1,9 @@
 <script>
   import { store, patchStatus } from '../lib/store.svelte.js';
   import { onMount } from 'svelte';
+  import PromptDialog from '../components/PromptDialog.svelte';
+
+  let promptDialog = $state(null);
 
   const COLUMNS = [
     { key: 'backlog', label: 'Backlog' },
@@ -54,7 +57,7 @@
     if (!story || story.status === targetStatus) return;
     const body = { status: targetStatus };
     if (targetStatus === 'blocked') {
-      const reason = window.prompt('Blocked reason?');
+      const reason = await promptDialog.prompt('Blocked reason?');
       if (!reason) return;
       body.blocked_reason = reason;
     }
@@ -154,7 +157,7 @@
   async function moveCard(card, targetStatus) {
     const body = { status: targetStatus };
     if (targetStatus === 'blocked') {
-      const reason = window.prompt('Blocked reason?');
+      const reason = await promptDialog.prompt('Blocked reason?');
       if (!reason) {
         showMoveMenu = false;
         return;
@@ -239,6 +242,8 @@
   {/each}
 </div>
 
+<PromptDialog bind:this={promptDialog} />
+
 <!-- Accessibility: keyboard help & live region -->
 <div id="keyboard-help" class="sr-only">
   Use arrow keys to navigate. Alt+M to open move menu. Numbers 1-6 to move to column. Escape to close menu. Enter for details.

package/cli/{flattener.js → lib/flattener.js}

@@ -17,7 +17,7 @@ import fs from 'fs';
 import path from 'path';
 
 // ANSI colors (shared module)
-import c from './lib/colors.js';
+import c from './colors.js';
 
 // Default ignore patterns
 const DEFAULT_IGNORES = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@the-bearded-bear/claude-craft",
-  "version": "8.4.0",
+  "version": "8.5.0-next.b249d60",
   "description": "A comprehensive framework for AI-assisted development with Claude Code. Install standardized rules, agents, and commands for your projects.",
   "type": "module",
   "main": "cli/index.js",
@@ -30,6 +30,7 @@
     "vale:sync": "vale sync",
     "commitlint": "commitlint --edit",
     "prepublishOnly": "node -e \"import{readFileSync}from'node:fs';const p=JSON.parse(readFileSync('./package.json','utf8'));if(!/^\\d+\\.\\d+\\.\\d+(-[a-z0-9.]+)?$/i.test(p.version)){console.error('Invalid version format');process.exit(1)}\"",
+    "metrics:adoption": "node scripts/track-adoption-metrics.mjs",
     "mutation": "stryker run",
     "mutation:ci": "stryker run --reporters progress,json",
     "test:e2e:tools": "cd tests/e2e/tools && docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from e2e-runner"