@vyuhlabs/dxkit 2.5.0 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/CHANGELOG.md +77 -0
  2. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  3. package/dist/analyzers/tools/graphify.js +9 -5
  4. package/dist/analyzers/tools/graphify.js.map +1 -1
  5. package/dist/analyzers/tools/tool-registry.d.ts +19 -1
  6. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  7. package/dist/analyzers/tools/tool-registry.js +25 -0
  8. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  9. package/dist/cli.d.ts.map +1 -1
  10. package/dist/cli.js +38 -1
  11. package/dist/cli.js.map +1 -1
  12. package/dist/doctor.d.ts.map +1 -1
  13. package/dist/doctor.js +18 -11
  14. package/dist/doctor.js.map +1 -1
  15. package/dist/generator.d.ts +1 -1
  16. package/dist/generator.d.ts.map +1 -1
  17. package/dist/generator.js +81 -135
  18. package/dist/generator.js.map +1 -1
  19. package/dist/hooks-cli.d.ts +20 -0
  20. package/dist/hooks-cli.d.ts.map +1 -0
  21. package/dist/hooks-cli.js +145 -0
  22. package/dist/hooks-cli.js.map +1 -0
  23. package/dist/languages/csharp.d.ts.map +1 -1
  24. package/dist/languages/csharp.js +4 -0
  25. package/dist/languages/csharp.js.map +1 -1
  26. package/dist/languages/go.d.ts.map +1 -1
  27. package/dist/languages/go.js +4 -0
  28. package/dist/languages/go.js.map +1 -1
  29. package/dist/languages/index.d.ts +18 -0
  30. package/dist/languages/index.d.ts.map +1 -1
  31. package/dist/languages/index.js +32 -0
  32. package/dist/languages/index.js.map +1 -1
  33. package/dist/languages/java.d.ts.map +1 -1
  34. package/dist/languages/java.js +4 -0
  35. package/dist/languages/java.js.map +1 -1
  36. package/dist/languages/kotlin.d.ts.map +1 -1
  37. package/dist/languages/kotlin.js +9 -0
  38. package/dist/languages/kotlin.js.map +1 -1
  39. package/dist/languages/python.d.ts.map +1 -1
  40. package/dist/languages/python.js +4 -0
  41. package/dist/languages/python.js.map +1 -1
  42. package/dist/languages/ruby.d.ts.map +1 -1
  43. package/dist/languages/ruby.js +4 -0
  44. package/dist/languages/ruby.js.map +1 -1
  45. package/dist/languages/rust.d.ts.map +1 -1
  46. package/dist/languages/rust.js +4 -0
  47. package/dist/languages/rust.js.map +1 -1
  48. package/dist/languages/types.d.ts +27 -0
  49. package/dist/languages/types.d.ts.map +1 -1
  50. package/dist/languages/typescript.d.ts.map +1 -1
  51. package/dist/languages/typescript.js +5 -0
  52. package/dist/languages/typescript.js.map +1 -1
  53. package/dist/ship-installers.d.ts +6 -0
  54. package/dist/ship-installers.d.ts.map +1 -1
  55. package/dist/ship-installers.js +120 -5
  56. package/dist/ship-installers.js.map +1 -1
  57. package/dist/tools-cli.d.ts.map +1 -1
  58. package/dist/tools-cli.js +45 -9
  59. package/dist/tools-cli.js.map +1 -1
  60. package/package.json +1 -1
  61. package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
  62. package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
  63. package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
  64. package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
  65. package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
  66. package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
  67. package/templates/.devcontainer/devcontainer.json +7 -33
  68. package/templates/.devcontainer/post-create.sh +18 -4
  69. package/templates/AGENTS.md.template +137 -0
  70. package/templates/CLAUDE.md.template +16 -111
  71. package/dist/codebase-scanner.d.ts +0 -36
  72. package/dist/codebase-scanner.d.ts.map +0 -1
  73. package/dist/codebase-scanner.js +0 -687
  74. package/dist/codebase-scanner.js.map +0 -1
  75. package/templates/.claude/agents/doc-writer.md +0 -107
  76. package/templates/.claude/agents/knowledge-bot.md +0 -64
  77. package/templates/.claude/agents/onboarding.md +0 -62
  78. package/templates/.claude/agents/quality-reviewer.md +0 -85
  79. package/templates/.claude/agents-available/code-reviewer.md +0 -29
  80. package/templates/.claude/agents-available/codebase-explorer.md +0 -100
  81. package/templates/.claude/agents-available/dashboard-builder.md +0 -433
  82. package/templates/.claude/agents-available/debugger.md +0 -29
  83. package/templates/.claude/agents-available/dependency-mapper.md +0 -80
  84. package/templates/.claude/agents-available/dev-report.md +0 -108
  85. package/templates/.claude/agents-available/doc-writer.md +0 -107
  86. package/templates/.claude/agents-available/feature-builder.md +0 -163
  87. package/templates/.claude/agents-available/feature-planner.md +0 -185
  88. package/templates/.claude/agents-available/health-auditor.md +0 -95
  89. package/templates/.claude/agents-available/hooks-configurator.md +0 -211
  90. package/templates/.claude/agents-available/knowledge-bot.md +0 -62
  91. package/templates/.claude/agents-available/plan-executor.md +0 -133
  92. package/templates/.claude/agents-available/strategic-planner.md +0 -141
  93. package/templates/.claude/agents-available/test-gap-finder.md +0 -67
  94. package/templates/.claude/agents-available/test-writer.md +0 -34
  95. package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
  96. package/templates/.claude/commands/ask.md +0 -7
  97. package/templates/.claude/commands/build-feature.md +0 -26
  98. package/templates/.claude/commands/build.md.template +0 -30
  99. package/templates/.claude/commands/check.md.template +0 -43
  100. package/templates/.claude/commands/dashboard.md +0 -28
  101. package/templates/.claude/commands/deps.md +0 -15
  102. package/templates/.claude/commands/dev-report.md +0 -50
  103. package/templates/.claude/commands/docs.md +0 -21
  104. package/templates/.claude/commands/doctor.md +0 -29
  105. package/templates/.claude/commands/enable-agent.md +0 -12
  106. package/templates/.claude/commands/execute-plan.md +0 -25
  107. package/templates/.claude/commands/explore-codebase.md +0 -12
  108. package/templates/.claude/commands/export-pdf.md +0 -30
  109. package/templates/.claude/commands/feature.md +0 -25
  110. package/templates/.claude/commands/fix-issue.md +0 -12
  111. package/templates/.claude/commands/fix.md.template +0 -32
  112. package/templates/.claude/commands/health.md +0 -58
  113. package/templates/.claude/commands/help.md +0 -36
  114. package/templates/.claude/commands/learn.md +0 -48
  115. package/templates/.claude/commands/onboarding.md +0 -21
  116. package/templates/.claude/commands/plan.md +0 -20
  117. package/templates/.claude/commands/quality.md.template +0 -65
  118. package/templates/.claude/commands/session-end.md +0 -40
  119. package/templates/.claude/commands/session-start.md +0 -30
  120. package/templates/.claude/commands/setup-hooks.md +0 -18
  121. package/templates/.claude/commands/stealth-mode.md +0 -17
  122. package/templates/.claude/commands/test-gaps.md +0 -49
  123. package/templates/.claude/commands/test.md.template +0 -40
  124. package/templates/.claude/commands/vulnerabilities.md +0 -49
  125. package/templates/.claude/skills/build/SKILL.md.template +0 -90
  126. package/templates/.claude/skills/deploy/SKILL.md.template +0 -111
  127. package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
  128. package/templates/.claude/skills/doctor/SKILL.md +0 -31
  129. package/templates/.claude/skills/gcloud/SKILL.md +0 -66
  130. package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
  131. package/templates/.claude/skills/learned/SKILL.md +0 -55
  132. package/templates/.claude/skills/learned/references/conventions.md +0 -11
  133. package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
  134. package/templates/.claude/skills/learned/references/gotchas.md +0 -11
  135. package/templates/.claude/skills/pulumi/SKILL.md +0 -73
  136. package/templates/.claude/skills/quality/SKILL.md.template +0 -89
  137. package/templates/.claude/skills/quality/references/gotchas.md +0 -5
  138. package/templates/.claude/skills/review/SKILL.md.template +0 -74
  139. package/templates/.claude/skills/scaffold/SKILL.md.template +0 -113
  140. package/templates/.claude/skills/secrets/SKILL.md +0 -51
  141. package/templates/.claude/skills/session/SKILL.md +0 -32
  142. package/templates/.claude/skills/test/SKILL.md.template +0 -116
  143. package/templates/.claude/skills/test/references/gotchas.md +0 -5
@@ -1,66 +0,0 @@
1
- ---
2
- name: gcloud
3
- description: Google Cloud Platform operations — gcloud CLI, Cloud Run, GKE, BigQuery, IAM, GCS. Use when asked about GCP, Google Cloud, gcloud commands, or cloud infrastructure.
4
- paths:
5
- - '**/cloudbuild.yaml'
6
- - '**/cloudbuild.yml'
7
- - '**/.gcloudignore'
8
- - '**/app.yaml'
9
- ---
10
-
11
- # Google Cloud (gcloud)
12
-
13
- ## Setup
14
- - **Auth:** `gcloud auth login`
15
- - **Project:** set via `gcloud config set project <id>` or the `GOOGLE_CLOUD_PROJECT` env var
16
- - **SDK:** install from https://cloud.google.com/sdk (devcontainer users get it via the post-create script)
17
-
18
- ## Common Commands
19
-
20
- ### Authentication & Project
21
- ```bash
22
- gcloud auth list # check auth status
23
- gcloud config get-value project # current project
24
- gcloud config set project <PROJECT_ID> # switch project
25
- gcloud projects list # list accessible projects
26
- ```
27
-
28
- ### Services & Resources
29
- ```bash
30
- gcloud services list --enabled # enabled APIs
31
- gcloud run services list # Cloud Run services
32
- gcloud container clusters list # GKE clusters
33
- gcloud sql instances list # Cloud SQL instances
34
- gcloud storage ls # GCS buckets
35
- ```
36
-
37
- ### Logs & Monitoring
38
- ```bash
39
- gcloud logging read "resource.type=cloud_run_revision" --limit=50
40
- gcloud logging read "severity>=ERROR" --limit=20 --format=json
41
- ```
42
-
43
- ## Integration with Secrets
44
-
45
- GCP project ID is typically set as an environment variable:
46
- ```
47
- GOOGLE_CLOUD_PROJECT=my-project-id
48
- ```
49
-
50
- Source it from a secret store (Infisical, Doppler, GitHub Secrets) rather than committing to `.env`.
51
-
52
- ## Security — CRITICAL
53
-
54
- 1. **NEVER output `gcloud auth print-access-token`** — it exposes bearer tokens
55
- 2. **NEVER output or log service account JSON keys**
56
- 3. **NEVER embed credentials in code** — use Workload Identity or Application Default Credentials
57
- 4. Use `gcloud auth application-default login` for local development
58
- 5. In production, use Workload Identity Federation (not service account keys)
59
-
60
- ## Deployment
61
-
62
- See the `deploy` skill for GCP deployment patterns (Cloud Run, GKE).
63
-
64
- ## Gotchas
65
-
66
- See [references/gotchas.md](references/gotchas.md) for GCP-specific issues.
@@ -1,5 +0,0 @@
1
- # Google Cloud Gotchas
2
-
3
- <!-- This file grows over time. Each entry is added during session-end. -->
4
- <!-- Format: date, category, description, resolution -->
5
- <!-- NEVER include secret values, tokens, credentials, or project IDs here -->
@@ -1,55 +0,0 @@
1
- ---
2
- name: learned
3
- description: Project-specific learnings, gotchas, and conventions discovered during development. Check this before starting any task for accumulated team knowledge.
4
- ---
5
-
6
- # Learned Patterns & Gotchas
7
-
8
- This skill accumulates project-specific knowledge over time.
9
- It is updated during session-end checkpoints.
10
-
11
- ## How This Works
12
-
13
- 1. During `/session-end` (or anytime via `/learn`), the conversation is reviewed for learnings
14
- 2. Any new gotchas, patterns, or conventions are appended to the reference files
15
- 3. Over time, this becomes the most valuable skill — real failure points and patterns
16
-
17
- ## Files
18
-
19
- - [references/gotchas.md](references/gotchas.md) - Accumulated gotchas and edge cases (append-only)
20
- - [references/conventions.md](references/conventions.md) - Team conventions discovered during development
21
- - [references/deny-recommendations.md](references/deny-recommendations.md) - Commands that should be added to `.claude/settings.json` deny list (requires human review)
22
-
23
- ## When to Update
24
-
25
- Update these files when you encounter:
26
- - Unexpected behaviors or edge cases
27
- - Workarounds for tool/framework bugs
28
- - Team conventions or patterns that aren't obvious from the code
29
- - Configuration pitfalls
30
- - Deployment or environment-specific issues
31
-
32
- ## When to Create a New Skill
33
-
34
- If a learning is significant enough to warrant its own skill (e.g., a specific API integration, a migration workflow, a caching pattern), create a new directory under `.claude/skills/<name>/` with a `SKILL.md` instead of appending here. This skill (`learned`) is for general cross-cutting knowledge; domain-specific knowledge deserves its own skill.
35
-
36
- ## Format
37
-
38
- ### Gotchas
39
- ```markdown
40
- ## YYYY-MM-DD - Category / Short Title
41
- Description of the issue.
42
- **Resolution:** How it was resolved.
43
- ```
44
-
45
- ### Conventions
46
- ```markdown
47
- ## Category - Convention Name
48
- Description of the convention.
49
- **Rationale:** Why this convention was adopted.
50
- ```
51
-
52
- ## Security
53
-
54
- **NEVER include secret values, tokens, passwords, or API keys in any file under this skill.**
55
- If a gotcha involves credentials, describe the issue generically without exposing actual values.
@@ -1,11 +0,0 @@
1
- # Team Conventions
2
-
3
- <!-- Discovered conventions are added here during session-end. -->
4
- <!-- Format: category, convention, rationale -->
5
- <!-- NEVER include secret values, tokens, or credentials here -->
6
-
7
- <!-- Example:
8
- ## Python - Use App Factory Pattern
9
- All FastAPI applications should use the app factory pattern (create_app function) rather than module-level app instantiation.
10
- **Rationale:** Enables test isolation and configuration flexibility. Adopted after test pollution issues in the auth service.
11
- -->
@@ -1,18 +0,0 @@
1
- # Deny Rule Recommendations
2
-
3
- <!--
4
- This file tracks commands/actions that SHOULD be added to .claude/settings.json deny list.
5
- Claude cannot modify settings.json directly (security boundary).
6
- A developer should periodically review this file and promote entries to settings.json.
7
-
8
- Format:
9
- ## YYYY-MM-DD - Rule
10
- `DenyPattern` — reason this should be blocked
11
- **Context:** what happened that surfaced this need
12
- -->
13
-
14
- <!-- Example:
15
- ## 2025-12-15 - Block database drop
16
- `Bash(dropdb:*)` — accidentally dropped staging database during cleanup
17
- **Context:** Claude ran dropdb instead of truncating tables during test cleanup
18
- -->
@@ -1,11 +0,0 @@
1
- # Project Gotchas
2
-
3
- <!-- This file grows over time. Each entry is added during session-end. -->
4
- <!-- Format: date, category, description, resolution -->
5
- <!-- NEVER include secret values, tokens, or credentials here -->
6
-
7
- <!-- Example:
8
- ## 2025-12-15 - Python / Import Order
9
- ruff's isort rules conflict with local imports when using relative paths in the src/ directory.
10
- **Resolution:** Use absolute imports from package root (e.g., `from mypackage.module import X`).
11
- -->
@@ -1,73 +0,0 @@
1
- ---
2
- name: pulumi
3
- description: Pulumi infrastructure as code — stacks, previews, deployments, config. Use when asked about IaC, Pulumi, cloud resources, infrastructure provisioning, or stack management.
4
- paths:
5
- - 'Pulumi.yaml'
6
- - 'Pulumi.yml'
7
- - 'Pulumi.*.yaml'
8
- - '**/Pulumi.yaml'
9
- - '**/Pulumi.*.yaml'
10
- ---
11
-
12
- # Pulumi (Infrastructure as Code)
13
-
14
- ## Setup
15
- - **Auth:** `pulumi login`
16
- - **SDK:** install from https://www.pulumi.com/docs/install/ (devcontainer users get it via the post-create script)
17
- - **Path:** `~/.pulumi/bin/pulumi`
18
-
19
- ## Core Workflow
20
-
21
- **ALWAYS preview before applying changes:**
22
-
23
- ```bash
24
- # 1. Preview changes (safe, read-only)
25
- pulumi preview
26
-
27
- # 2. Review the diff carefully
28
-
29
- # 3. Apply changes (REQUIRES explicit user confirmation)
30
- pulumi up
31
-
32
- # 4. Check outputs
33
- pulumi stack output
34
- ```
35
-
36
- ## Common Commands
37
-
38
- ### Stack Management
39
- ```bash
40
- pulumi stack ls # list stacks
41
- pulumi stack select <name> # switch stack
42
- pulumi stack output # view outputs
43
- pulumi stack export # export state
44
- ```
45
-
46
- ### Configuration
47
- ```bash
48
- pulumi config # view config
49
- pulumi config set key value # set plain config
50
- pulumi config set --secret key value # set encrypted secret
51
- pulumi config get key # get value
52
- ```
53
-
54
- ### State & History
55
- ```bash
56
- pulumi stack history # deployment history
57
- pulumi state # inspect state
58
- pulumi refresh # sync state with cloud
59
- ```
60
-
61
- ## Security — CRITICAL
62
-
63
- 1. **ALWAYS `pulumi preview` before `pulumi up`** — review the diff
64
- 2. **NEVER run `pulumi destroy` without explicit user confirmation** — it deletes all resources
65
- 3. **Use `pulumi config set --secret`** for sensitive values — never plain-text
66
- 4. **NEVER output `pulumi config get --secret`** values in responses
67
- 5. **State files may contain secrets** — ensure backend is secure (encrypted)
68
- 6. Pulumi passphrase (if using local backend) should be in `.env`, never hardcoded
69
-
70
- ## Integration
71
-
72
- - Secrets from Infisical can be used as Pulumi config values
73
- - GCP project from `.env` (`GOOGLE_CLOUD_PROJECT`) can configure Pulumi GCP provider
@@ -1,89 +0,0 @@
1
- ---
2
- name: quality
3
- description: Run code quality checks, linting, formatting, and auto-fixing. Use when asked to check code quality, fix lint errors, format code, or run pre-commit checks.
4
- ---
5
-
6
- # Code Quality
7
-
8
- Run `/quality` for the full deterministic report (lint + format + slop + duplication metrics).
9
-
10
- {{#IF_PYTHON}}
11
- ## Python
12
-
13
- **Tools**: ruff (lint + format), mypy (types)
14
-
15
- Common fixes:
16
- ```bash
17
- ruff check --fix .
18
- ruff format .
19
- mypy src/
20
- ```
21
-
22
- Key ruff rule groups: pycodestyle (E), pyflakes (F), isort (I), mccabe (C90), bugbear (B).
23
- {{/IF_PYTHON}}
24
-
25
- {{#IF_GO}}
26
- ## Go
27
-
28
- **Tools**: golangci-lint, gofmt, goimports
29
-
30
- Common fixes:
31
- ```bash
32
- gofmt -w .
33
- goimports -w .
34
- golangci-lint run --fix
35
- ```
36
- {{/IF_GO}}
37
-
38
- {{#IF_NODE}}
39
- ## Node.js
40
-
41
- **Tools:** ESLint, Prettier
42
- Common fixes:
43
- ```bash
44
- npx prettier --write .
45
- npx eslint --fix .
46
- ```
47
- {{/IF_NODE}}
48
-
49
- {{#IF_NEXTJS}}
50
- ## Next.js
51
-
52
- **Directory:** `frontend/`
53
- ```bash
54
- cd frontend && npm run lint
55
- cd frontend && npx prettier --write .
56
- cd frontend && npx tsc --noEmit # type check
57
- ```
58
- {{/IF_NEXTJS}}
59
-
60
- {{#IF_RUST}}
61
- ## Rust
62
-
63
- **Tools:** clippy, rustfmt
64
- ```bash
65
- cargo fmt
66
- cargo clippy --fix --allow-dirty
67
- ```
68
- {{/IF_RUST}}
69
-
70
- {{#IF_CSHARP}}
71
- ## C#
72
-
73
- **Tools:** dotnet format, Roslyn Analyzers, StyleCop Analyzers
74
- **Config:** `.editorconfig`, `Directory.Build.props`
75
-
76
- Common fixes:
77
- ```bash
78
- dotnet format # auto-fix formatting
79
- dotnet format --verify-no-changes # CI check (no modifications)
80
- ```
81
- {{/IF_CSHARP}}
82
-
83
- ## Gotchas
84
-
85
- See [references/gotchas.md](references/gotchas.md) for known quality issues.
86
-
87
- ## Security
88
-
89
- Never disable security-related lint rules. If a rule seems wrong, investigate before suppressing.
@@ -1,5 +0,0 @@
1
- # Quality Gotchas
2
-
3
- <!-- This file grows over time. Each entry is added during session-end. -->
4
- <!-- Format: date, category, description, resolution -->
5
- <!-- NEVER include secret values, tokens, or credentials here -->
@@ -1,74 +0,0 @@
1
- ---
2
- name: review
3
- description: Review code for quality, security, and patterns. Use when asked to review code, a PR, check for problems, or audit for security issues.
4
- ---
5
-
6
- # Code Review
7
-
8
- ## Quick check
9
-
10
- Run `/quality` and `/test` first — they cover lint, format, slop, duplication, and test results.
11
-
12
- ## Review Checklist
13
-
14
- ### 1. Quality
15
- - [ ] `/quality` passes
16
- - [ ] Coverage meets threshold ({{COVERAGE_THRESHOLD}}%)
17
- - [ ] No suppressed lint rules without justification
18
-
19
- ### 2. Security
20
- - [ ] No hardcoded secrets, API keys, tokens, or passwords
21
- - [ ] No secrets in commit messages, comments, or logs
22
- - [ ] User input is validated/sanitized at system boundaries
23
- - [ ] No SQL injection, XSS, or command injection vectors
24
- - [ ] Sensitive files are gitignored (`.env`, credentials)
25
-
26
- ### 3. Testing
27
- - [ ] New features have tests
28
- - [ ] Edge cases and error paths tested
29
- - [ ] Tests are deterministic (no timing/order dependencies)
30
-
31
- ### 4. Architecture
32
- - [ ] Follows existing patterns in the codebase
33
- - [ ] Dependencies injected (not imported directly in business logic)
34
- - [ ] Error handling is consistent
35
-
36
- {{#IF_PYTHON}}
37
- ### Python-Specific
38
- - [ ] Type hints on public functions
39
- - [ ] Pydantic models for data validation
40
- - [ ] No bare `except:` — catch specific exceptions
41
- - [ ] Async/await used correctly (no blocking in async context)
42
- {{/IF_PYTHON}}
43
-
44
- {{#IF_GO}}
45
- ### Go-Specific
46
- - [ ] Errors checked and handled (no `_` for errors)
47
- - [ ] Context propagated through call chains
48
- - [ ] Proper resource cleanup (defer for Close/Unlock)
49
- - [ ] Table-driven tests used where appropriate
50
- {{/IF_GO}}
51
-
52
- {{#IF_NEXTJS}}
53
- ### Next.js-Specific
54
- - [ ] Server vs client components used correctly
55
- - [ ] No sensitive data in client components
56
- - [ ] TypeScript strict mode compliance
57
- {{/IF_NEXTJS}}
58
-
59
- {{#IF_CSHARP}}
60
- ### C#-Specific
61
- - [ ] Nullable reference types enabled (`#nullable enable`)
62
- - [ ] Async/await used correctly (no blocking on async with `.Result` or `.Wait()`)
63
- - [ ] IDisposable resources properly disposed (`using` statements)
64
- - [ ] LINQ used appropriately (not in hot paths without reason)
65
- - [ ] Dependency injection used (no `new` for services)
66
- - [ ] No hardcoded connection strings
67
- {{/IF_CSHARP}}
68
-
69
- ## Common Issues
70
- - Missing error handling
71
- - Hardcoded configuration (should use `.env` or config)
72
- - Missing tests for edge cases
73
- - Inconsistent naming conventions
74
- - Overly broad error catching
@@ -1,113 +0,0 @@
1
- ---
2
- name: scaffold
3
- description: Scaffold new code — services, packages, modules, components. Use when asked to create new files, modules, project structure, or boilerplate.
4
- ---
5
-
6
- # Code Scaffolding
7
-
8
- Match existing layout and patterns when adding new code. Read a few neighboring files in the same area before creating new ones — naming, error handling, and test placement should look like the rest of the codebase.
9
-
10
- {{#IF_PYTHON}}
11
- ## Python Structure
12
- ```
13
- services/python/<service-name>/
14
- ├── pyproject.toml
15
- ├── src/
16
- │ ├── __init__.py
17
- │ ├── app.py # Entry point / app factory
18
- │ ├── models.py # Data models (Pydantic)
19
- │ └── routes.py # API endpoints (if web)
20
- └── tests/
21
- ├── __init__.py
22
- └── test_app.py
23
- ```
24
-
25
- **Patterns:**
26
- - FastAPI for web APIs (app factory pattern)
27
- - Pydantic for data validation
28
- - pytest for testing
29
- - See `.template/examples/python-api/` and `.template/examples/python-cli/` for reference
30
- {{/IF_PYTHON}}
31
-
32
- {{#IF_GO}}
33
- ## Go Structure
34
- ```
35
- services/go/<service-name>/
36
- ├── go.mod
37
- ├── main.go # Entry point
38
- ├── handlers.go # HTTP handlers
39
- ├── handlers_test.go # Handler tests
40
- └── internal/ # Private packages
41
- ```
42
-
43
- **Patterns:**
44
- - Standard library `net/http` for HTTP
45
- - `httptest` for handler testing
46
- - See `.template/examples/go-service/` for reference
47
- {{/IF_GO}}
48
-
49
- {{#IF_NEXTJS}}
50
- ## Next.js Structure
51
- ```
52
- frontend/
53
- ├── src/
54
- │ ├── app/ # App Router pages
55
- │ ├── components/ # React components
56
- │ └── lib/ # Utilities
57
- ├── public/ # Static assets
58
- ├── package.json
59
- └── tsconfig.json
60
- ```
61
- {{/IF_NEXTJS}}
62
-
63
- {{#IF_NODE}}
64
- ## Node.js Structure
65
- ```
66
- services/node/<service-name>/
67
- ├── package.json
68
- ├── tsconfig.json
69
- ├── src/
70
- │ └── index.ts
71
- └── tests/
72
- └── index.test.ts
73
- ```
74
- {{/IF_NODE}}
75
-
76
- {{#IF_RUST}}
77
- ## Rust Structure
78
- ```
79
- services/rust/<service-name>/
80
- ├── Cargo.toml
81
- ├── src/
82
- │ ├── main.rs # Binary entry
83
- │ └── lib.rs # Library code
84
- └── tests/
85
- └── integration.rs
86
- ```
87
- {{/IF_RUST}}
88
-
89
- {{#IF_CSHARP}}
90
- ## C# Structure
91
- ```
92
- src/<ProjectName>/
93
- ├── <ProjectName>.csproj
94
- ├── Program.cs
95
- ├── Controllers/ # API controllers
96
- ├── Models/ # Data models
97
- ├── Services/ # Business logic
98
- └── appsettings.json # Configuration
99
- tests/<ProjectName>.Tests/
100
- ├── <ProjectName>.Tests.csproj
101
- └── UnitTests/
102
- ```
103
-
104
- **Patterns:**
105
- - ASP.NET Core for web APIs (minimal APIs or controllers)
106
- - Entity Framework Core for data access
107
- - xUnit + Moq for testing
108
- {{/IF_CSHARP}}
109
-
110
- ## After scaffolding
111
-
112
- 1. Add tests next to the new code (mirroring how the rest of the codebase locates them)
113
- 2. Run `/test` and `/quality` to confirm nothing regressed
@@ -1,51 +0,0 @@
1
- ---
2
- name: secrets
3
- description: Manage secrets via Infisical. Use when asked about secrets, environment variables, API keys, .env configuration, or credential management.
4
- paths:
5
- - '.env'
6
- - '.env.*'
7
- - '**/.env'
8
- - '**/.env.*'
9
- - '.infisical.json'
10
- - '**/.infisical.json'
11
- ---
12
-
13
- # Secrets Management (Infisical)
14
-
15
- ## How it works
16
-
17
- 1. Infisical stores secrets centrally (encrypted, access-controlled)
18
- 2. `infisical run -- <command>` or `infisical export --format=dotenv > .env` pulls them into the local environment
19
- 3. `.env` is gitignored — **never commit secrets**
20
-
21
- ## Configuration
22
-
23
- Authenticate via `infisical login`. Per-project config typically lives in `.infisical.json` (project ID + environment).
24
-
25
- Required environment variables (set during initial project bootstrap):
26
- - `INFISICAL_TOKEN` — auth token (for headless/CI usage)
27
- - `INFISICAL_PROJECT_ID` — project identifier
28
- - `INFISICAL_ENV` — environment (default: `dev`)
29
-
30
- ## Checking configuration
31
-
32
- Look at the variable names without their values:
33
-
34
- ```bash
35
- infisical secrets --plain | cut -d= -f1
36
- ```
37
-
38
- ## Security — CRITICAL
39
-
40
- 1. **NEVER read `.env` directly** — it contains plain-text secrets
41
- 2. **NEVER output secret values** in responses, logs, or commit messages
42
- 3. **NEVER include secrets** in session checkpoints or skill files
43
- 4. **NEVER pass secrets as CLI arguments** — they appear in process lists
44
- 5. **NEVER commit** `.env`, `.env.*`, or `.env.secrets`
45
- 6. If a secret is accidentally exposed, rotate it immediately
46
-
47
- ## Troubleshooting
48
-
49
- - Token expired → re-run `infisical login`
50
- - Pull fails → check the project ID and environment, verify token permissions
51
- - Missing variable → confirm it exists in the right Infisical environment
@@ -1,32 +0,0 @@
1
- ---
2
- name: session
3
- description: Manage AI development sessions — start, checkpoint, commit, push, create PRs. Use when asked about session workflow, checkpoints, or development workflow.
4
- ---
5
-
6
- # Session Management
7
-
8
- ## Workflow
9
-
10
- 1. `/session-start` — review prior checkpoints + plan the session
11
- 2. Work on the task
12
- 3. `/session-end` — capture a checkpoint
13
- 4. Commit + push via git directly
14
-
15
- ## Checkpoints
16
-
17
- - Stored in `.ai/sessions/<developer>/<date>/session-<N>.md` (auto-numbered per day)
18
- - Include: accomplishments (specific, not vague), files changed, decisions, next steps, AI context
19
-
20
- A good checkpoint is specific:
21
- - **Bad**: "worked on the client"
22
- - **Good**: "Implemented PolygonClient with 3 endpoints, added 15 unit tests, all passing"
23
-
24
- ## Skill evolution (during `/session-end`)
25
-
26
- Review the session for learnings and append to:
27
- - `.claude/skills/learned/references/gotchas.md` — surprising behaviors, edge cases
28
- - `.claude/skills/learned/references/conventions.md` — patterns the team converged on
29
-
30
- Create new skills (`.claude/skills/<name>/SKILL.md`) when a distinct domain/workflow emerges.
31
-
32
- **NEVER include secret values in checkpoints or skill files.**