aayushus-skills 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Aayush Mediratta
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,31 @@
+# aayushus-skills
+
+A zero-dependency interactive CLI to install custom AI agent configurations, design system templates, engineering guidelines, and SOPs into any target repository.
+
+## Installation / Usage
+
+Run the following command in your target project directory:
+
+```bash
+npx aayushus-skills
+```
+
+Or to bypass the interactive menu and install everything automatically:
+
+```bash
+npx aayushus-skills all
+```
+
+## Included Components
+
+- **AI Agent Configurations**: Configures `.claudecoderc` (for global rules/prompts), `.windsurfrules`, `.windsurfrules-global`, `CLAUDE.md`, and `.github/copilot-instructions.md`.
+- **Prism Design System**: Copies zero-decision B2B/SaaS design components and styling tokens (CSS/TSX) to `./src/design/` or `./design/`.
+- **Development Guidelines**: Copies standard development docs (API Design, Architecture, Code Quality, Container Guidelines, Performance, Security, etc.) to `./docs/guidelines/`.
+- **Solo Developer AI SOP**: Installs the `Solo-Developer-AI-SOP.md` file in the project root containing guidelines for budget management and AI escalation.
+
+---
+
+## Attribution & Disclaimer
+
+Please note that the design elements, guidelines, and templates included in the Prism Design System are not entirely original works. They have been collected, aggregated, and adapted from various online resources, design frameworks, and community best practices, and subsequently customized and refined to suit specific project requirements and agent workflows.
+

package/Solo Developer AI SOP.md

@@ -0,0 +1,268 @@
+# Solo Developer AI SOP
+
+### Standard Operating Procedure for AI-Assisted Development
+
+_Budget: $20/mo · Stack: Multi-language · Intensity: Heavy (9-hour days)_
+
+---
+
+## Tool Stack
+
+|Tool|Model|Cost|Purpose|
+|---|---|---|---|
+|**Claude Code** (terminal)|Opus 4.6|💰 High — use sparingly|Deep thinking, architecture, hard bugs|
+|**Windsurf** (IDE)|SWE-1.5|🟢 Free|Daily coding, tab autocomplete|
+|**Windsurf** (IDE)|Sonnet 4.6|🟡 Medium|Bridge when SWE-1.5 falls short|
+|**Antigravity** (IDE)|Gemini Flash|🟢 Free|Workhorse — routine work, large context|
+|**Antigravity** (IDE)|Gemini Flash|🟢 Free|Parallel agents, background tasks|
+
+---
+
+## The Golden Rule
+
+> **Never jump straight to Opus.**
+> 
+> The escalation ladder is: **SWE-1.5 → Gemini Flash → Sonnet 4.6 → Opus 4.6**
+> 
+> Most problems resolve at step 1 or 2. Opus is the last rung, not the first. If you reach for Opus out of habit, your monthly budget is gone by Wednesday.
+
+---
+
+## The Decision Gate
+
+Run this before every task:
+
+### Is it mechanical?
+
+_(generate, scaffold, rename, format, document, convert)_ → **Gemini Flash** or **SWE-1.5** — do not open Claude Code.
+
+### Does it require reading a large codebase?
+
+_(many files, orientation, blast radius analysis)_ → **Gemini Flash in Antigravity** — 2M token context, free. Dump the whole codebase.
+
+### Is it ambiguous or complex with real tradeoffs?
+
+- Hard to reverse → **Opus 4.6** (architecture, data model, security design)
+- Reversible → Try **Sonnet 4.6** first. Escalate to Opus only if the answer feels wrong.
+
+### Is it a hard bug with unclear root cause?
+
+→ Try Flash + Sonnet first (30 min). Still stuck? → **Opus 4.6** with a scoped prompt.
+
+---
+
+## 9-Hour Day Structure
+
+```
+09:00 ──────────────────────────────────────────────────────
+  Morning Opus Block                          [Opus 4.6]
+  Attack your hardest problem first.
+  Fresh 5-hour window — don't waste it on easy tasks.
+  Use the prompt you wrote the night before.
+
+10:30 ──────────────────────────────────────────────────────
+  Implementation Block              [SWE-1.5 + Gemini Flash]
+  Execute what Opus designed.
+  Antigravity Manager running background tasks in parallel.
+  Stay in flow — free models keep you there.
+
+13:00 ──────────────────────────────────────────────────────
+  Lunch + Reset Window
+  5-hour Opus window resets at ~14:00 if you started at 09:00.
+  Don't tinker during lunch — save the reset for the afternoon.
+
+14:00 ──────────────────────────────────────────────────────
+  Afternoon Opus Block                        [Opus 4.6]
+  Second hard problem of the day — if one exists.
+  If no hard problem: skip Opus entirely, use Flash/Sonnet.
+
+15:30 ──────────────────────────────────────────────────────
+  Wind-Down Block                   [Gemini Flash + SWE-1.5]
+  Feature work, tests, cleanup, PR prep, docs.
+  Dispatch async tasks to Antigravity Manager.
+  Check on morning background agent results.
+
+17:30 ──────────────────────────────────────────────────────
+  End-of-Day Ritual
+  Update CLAUDE.md with today's decisions.
+  Write tomorrow's Opus prompt while context is fresh.
+  Close all Antigravity agent sessions.
+
+18:00 ──────────────────────────────────────────────────────
+```
+
+---
+
+## Task Routing by Type
+
+### 🟢 Free — Gemini Flash (Antigravity) or SWE-1.5 (Windsurf)
+
+|Task|Best Tool|Notes|
+|---|---|---|
+|New project setup — structure, configs, CI, env|Gemini Flash|Any language|
+|CRUD, endpoints, forms, simple components|SWE-1.5|In Windsurf|
+|Tab autocomplete as you type|SWE-1-mini|Always on in Windsurf|
+|Unit + integration test generation|Gemini Flash|Dispatch and forget|
+|"What does this whole codebase do?"|Gemini Flash|2M context window — best tool for this|
+|Code review — style, consistency, obvious bugs|Gemini Flash|Load full diff in Antigravity|
+|Documentation, README, inline comments, changelogs|Gemini Flash||
+|Exploring a library / summarising docs|Gemini Flash|Antigravity browser agent|
+|Batch migrations — rename, restructure, update imports|Gemini Flash|Antigravity parallel agents|
+|Frontend visual testing / screenshots|Gemini Flash|Antigravity browser agent|
+
+### 🟡 Medium — Sonnet 4.6 (Windsurf)
+
+|Task|When to escalate from Flash/SWE|
+|---|---|
+|Medium refactors, API integration|SWE-1.5 gives a wrong or incomplete answer|
+|State management, data transforms|Needs more reasoning than SWE-1.5 can provide|
+|Cross-file logic changes|More than ~5 files involved|
+
+### 🔴 High — Opus 4.6 (Claude Code terminal)
+
+|Task|Why Opus|Notes|
+|---|---|---|
+|System architecture — services, data flow, tech choices|Hard to reverse, high stakes|Spend budget here|
+|Database schema, API contracts, auth strategy|Foundational decisions||
+|Cross-language design decisions|Ambiguous, multiple valid approaches|Python vs Go, REST vs GraphQL|
+|Hard bug — unclear root cause|Multi-layer reasoning needed|After 30 min of Flash/Sonnet|
+|Ambiguous requirement — high-stakes design|Multiple valid designs, need tradeoff analysis||
+
+---
+
+## Opus 4.6 — Before You Invoke
+
+Before opening Claude Code for an Opus session, check:
+
+- [ ] Have I already tried **Gemini Flash or SWE-1.5** on this? If not, start there.
+- [ ] Is this decision **hard to reverse**? If easily rewritten in 10 min, it doesn't need Opus.
+- [ ] Is the problem **ambiguous** or **complex**? Tedious ≠ complex. Large ≠ complex.
+- [ ] Have I written a **tight, scoped prompt**? "Given X with constraint Y, what's the right approach for Z?" Not "look at my code and tell me what's wrong."
+- [ ] Will I use `/compact` to keep the session lean? Don't carry yesterday's context.
+
+---
+
+## Antigravity — Parallel Agent Workflow
+
+Antigravity's Manager view lets you run multiple agents asynchronously while you work on something else. These all run on Gemini Flash — free.
+
+**Dispatch and forget — check back in 20–30 min:**
+
+- Generate test suite for a module you just finished
+- Explore an unfamiliar library and summarise the API
+- Migrate a naming pattern across all files in a directory
+- Write docs for a module while you code the next one
+- Run browser agent to visually test a UI change
+- Orientation pass on a new codebase before you start work
+
+**How to dispatch effectively:**
+
+1. Give the agent a clear, bounded task with a defined deliverable
+2. Point it at specific files or directories — don't say "look at the whole project"
+3. Specify the output format: "summarise as bullet points", "write as JSDoc", "output as a table"
+4. Move on. Don't babysit it.
+
+---
+
+## Claude Code — Getting the Most from the 44K Window
+
+The 5-hour token window is your most constrained resource. Protect it:
+
+**Before the session:**
+
+- Write your prompt the day before while context is fresh
+- Scope it tightly — one specific problem, not a broad investigation
+- Use Gemini Flash to orient first ("what files are involved in X?"), then bring the specific question to Opus
+
+**During the session:**
+
+- Use `/compact` after each distinct problem — don't accumulate a massive context thread
+- Start a fresh session for each new problem
+- If the session wanders, stop and restart with a tighter prompt
+
+**CLAUDE.md saves you 30–50% of your window:** Every session Claude re-discovers your project from scratch if you don't have one. A good CLAUDE.md means Claude starts with full context and spends the window reasoning, not orienting.
+
+---
+
+## CLAUDE.md Template
+
+Create this file at the root of every project:
+
+```markdown
+# Project: [name]
+
+## What this is
+[One sentence description]
+
+## Stack
+- Frontend: [language/framework]
+- Backend: [language/framework]
+- Database: [type + name]
+- Infrastructure: [cloud/hosting]
+
+## Key files
+- Entry point: [path]
+- Config: [path]
+- Core logic: [path]
+- Tests: [path]
+
+## Conventions
+- Naming: [camelCase / snake_case / PascalCase]
+- Error handling: [pattern — throw vs return, custom errors]
+- Auth: [approach — JWT, sessions, API keys]
+- API style: [REST / GraphQL / RPC]
+
+## Patterns to follow
+- [example: always use repository pattern for DB access]
+- [example: prefer composition over inheritance]
+
+## Patterns to avoid
+- [example: no direct DB queries in route handlers]
+- [example: no global state outside store]
+
+## Architecture decisions
+- [date]: [decision and why — e.g. "2026-04-01: chose PostgreSQL over MongoDB for
+  relational data integrity across user/order/payment tables"]
+- [date]: [decision and why]
+```
+
+**Rules for CLAUDE.md:**
+
+- Update it every time you make a significant architectural decision
+- Keep it under 500 lines — it should be a reference, not a novel
+- When you change a pattern, update the doc the same day
+- Include the _why_ behind decisions, not just the _what_
+
+---
+
+## Multi-Language Context Switching
+
+When switching between languages mid-day:
+
+1. **Don't cold-start Opus on a new language.** Use Gemini Flash first to re-orient — "here's the existing Python backend, I'm now adding a Go service that calls it. Explain how they currently communicate."
+    
+2. **Language boundary bugs → Opus.** When a bug lives at the interface between two languages (serialisation, type mismatches, protocol differences), it's often genuinely complex. This is a legitimate Opus use case.
+    
+3. **Keep per-language context in CLAUDE.md.** If your project spans Python + TypeScript, add a section per language with its own conventions and key files.
+    
+
+---
+
+## Non-Negotiable Rules
+
+1. **CLAUDE.md is mandatory** — every project, always. No exceptions.
+    
+2. **Never use Opus for tasks you can describe as "generate", "write", "rename", "convert", or "document"** — those go to Flash or SWE-1.5.
+    
+3. **Write tomorrow's Opus prompt today** — end every day by crystallising your hardest current problem into a tight question while your brain is still warm.
+    
+4. **Antigravity background = free throughput** — any task that doesn't need your attention right now gets dispatched to Antigravity Manager. You're running a free second developer.
+    
+5. **Escalation ladder always** — SWE-1.5 → Flash → Sonnet → Opus. Never skip steps.
+    
+6. **/compact aggressively** — one session per problem. Don't carry context threads across your whole day.
+    
+
+---
+
+_Last updated: April 2026_

package/agent-config/CLAUDE.md

@@ -0,0 +1,68 @@
+# Project rules for Claude Code
+
+## Skills to load
+This project uses two Claude Code skills. Load them at the start of relevant tasks:
+
+- **Design system**: `@prism-design` — load when building any UI, component, screen, or styling
+- **Architecture + guidelines**: read the relevant file from `04_Resources/Skills/guidelines/` when making architectural decisions, writing security-sensitive code, or optimising performance
+
+## Hard rules (never ask — always follow these)
+
+### Data integrity
+- Every Prisma query on tenant data must filter by `tenantId` (middleware enforces it, but verify)
+- No raw SQL concatenation — `$queryRaw` with tagged templates only, requires ticket to replace
+- Soft deletes only — `deletedAt`, never hard DELETE on tenant data
+- ULIDs for all primary keys — not auto-increment, not UUID
+- Cursor-based pagination only — no offset/limit
+- `tenantId` always comes from the session — never from URL params or request body
+- Unauthorized reads return 404, not 403
+
+### Auth & secrets
+- Argon2id for passwords (`time=3, memory=64MB, parallelism=4`) — never bcrypt
+- Opaque session tokens in Redis — not JWTs for user sessions
+- Secrets in Doppler or AWS Secrets Manager — never in code, never logged
+- Session rotation on: login, logout, MFA, role change
+
+### Input validation
+- Zod validation with `.strict()` on every input boundary (HTTP, queue, file upload)
+- All strings have max length — prevents DoS
+
+### Async & queuing
+- Any work > 1 second uses BullMQ — never block an HTTP handler
+- Outbox pattern for events — never `queue.add()` directly from HTTP handlers
+- Every network call has a timeout (10s internal, 5s fast external, 30s slow, 60s AI)
+- Retries only on 5xx and network errors — never on 4xx
+
+### Logging & observability
+- Structured JSON logs only — `correlationId` + `tenantId` + `userId` on every line
+- No secrets in logs
+- Audit log is append-only — never UPDATE/DELETE audit records
+
+### Code quality
+- TypeScript `strict: true` + `noUncheckedIndexedAccess`
+- Never use `any` — use `unknown` with narrowing
+- No N+1 queries — use Prisma `include/select`
+- Error handling: throw for programming errors, return Result type for expected failures
+- No `console.log` — use the structured logger
+
+## When to read full guidelines
+
+| Task | File to read |
+|---|---|
+| New service, module extraction, DB schema | `guidelines/architecture-guidelines.md` |
+| Auth, file upload, AI integration, external API | `guidelines/security-guidelines.md` |
+| Tests, refactoring, PR review | `guidelines/code-quality-guidelines.md` |
+| Performance, caching, queries | `guidelines/performance-guidelines.md` |
+| ADRs, READMEs, API docs | `guidelines/documentation-guidelines.md` |
+| Any UI work | Load `@prism-design` skill |
+
+## Decisions already made — don't re-open
+
+- DB: Prisma + shared Postgres + `tenantId` column (not schema-per-tenant)
+- Queue: BullMQ on Redis (not Kafka, SQS, or RabbitMQ)
+- Sessions: opaque tokens in Redis (not JWTs)
+- Search: PostgreSQL FTS (until 100k users, then Typesense)
+- API: REST + JSON (not GraphQL)
+- Passwords: Argon2id (bcrypt is deprecated for this use case)
+- IDs: ULIDs (not auto-increment, not UUID v4)
+- Deployment: Fly Machines → ECS → K8s only with dedicated SRE

package/agent-config/README.md

@@ -0,0 +1,89 @@
+# Agent config — setup instructions
+
+Three files in this folder. One per tool. Copy them into each new project.
+
+---
+
+## Windsurf
+
+### Option A — Global (recommended, one-time setup, applies to all projects)
+
+1. Open Windsurf
+2. `Cmd+,` → Settings → search "Rules" → click **"Edit Global Rules"**
+3. Paste the entire contents of `windsurfrules` into the editor
+4. Save
+
+Every Cascade conversation in every workspace will now follow these rules automatically.
+
+### Option B — Per-project (for project-specific additions on top of global)
+
+```bash
+cp windsurfrules /your-project/.windsurfrules
+```
+
+Windsurf reads `.windsurfrules` from the project root automatically — no configuration needed.
+
+**Use both**: set global rules for the universal hard rules, and add project-specific context (repo structure, active sprint focus) in `.windsurfrules`.
+
+---
+
+## VS Code — GitHub Copilot
+
+```bash
+mkdir -p /your-project/.github
+cp copilot-instructions.md /your-project/.github/copilot-instructions.md
+```
+
+Copilot reads `.github/copilot-instructions.md` automatically in Chat and inline completions (VS Code ≥ 1.90). No setting required.
+
+For **user-level instructions** (applies to all projects):
+1. `Cmd+,` → search "Copilot Instructions"
+2. Click **"Edit in settings.json"**
+3. Add:
+```json
+"github.copilot.chat.codeGeneration.instructions": [
+  {
+    "text": "PASTE CONTENTS OF copilot-instructions.md HERE"
+  }
+]
+```
+
+---
+
+## Claude Code
+
+```bash
+cp CLAUDE.md /your-project/CLAUDE.md
+```
+
+Claude Code reads `CLAUDE.md` from the project root automatically at the start of every session.
+
+For **global rules** (applies to all projects):
+```bash
+cp CLAUDE.md ~/.claude/CLAUDE.md
+```
+
+The project-level `CLAUDE.md` is merged with the global one — use global for universal rules, project-level for repo-specific context.
+
+The design system skill (`@prism-design`) is already set up in your Obsidian vault and Claude Code loads it automatically when referenced.
+
+---
+
+## Which file is which
+
+| File | Tool | Where it goes | Scope |
+|---|---|---|---|
+| `windsurfrules` | Windsurf | Windsurf global settings OR `.windsurfrules` in project root | All conversations |
+| `copilot-instructions.md` | VS Code Copilot | `.github/copilot-instructions.md` in project root | Workspace |
+| `CLAUDE.md` | Claude Code | `CLAUDE.md` in project root OR `~/.claude/CLAUDE.md` | Project or global |
+
+---
+
+## Keeping rules in sync
+
+When the guidelines change (new security rule, architectural decision, etc.):
+1. Update the source in `guidelines/` or `design/`
+2. Update the condensed rules in `windsurfrules`, `copilot-instructions.md`, and `CLAUDE.md`
+3. Re-paste into Windsurf global settings if you used Option A
+
+The source of truth is always the full guidelines. These files are distillations.

package/agent-config/copilot-instructions.md

@@ -0,0 +1,51 @@
+# GitHub Copilot workspace instructions
+
+This codebase uses an opinionated stack with hard rules that must never be broken.
+Always follow these. When in doubt, check the full guidelines in the Skills folder.
+
+## Stack
+TypeScript strict + Node.js + Express + Prisma + PostgreSQL + Redis + BullMQ.
+AI service: Python 3.12 + FastAPI. Frontend: Next.js + React + Prism design system.
+
+## Critical rules (catastrophic if missed)
+
+1. **Every Prisma query on tenant data filters by `tenantId`** — the middleware enforces it, but always include it explicitly
+2. **No raw SQL concatenation** — parameterised Prisma queries only; `$queryRaw` requires explicit review
+3. **`tenantId` comes from the session** — never from URL params or request body
+4. **Unauthorized reads return 404** — never 403 (prevents existence leak)
+5. **Soft deletes only** — `deletedAt` timestamp, never hard DELETE on tenant data
+6. **ULIDs for all primary keys** — not auto-increment, not UUID
+7. **Cursor pagination only** — never offset/limit
+8. **Async anything > 1 second** — use BullMQ, never block an HTTP handler
+9. **Argon2id for passwords** (`time=3, memory=64MB, parallelism=4`) — never bcrypt
+10. **Opaque session tokens in Redis** — not JWTs for user sessions
+11. **Zod validation on every input boundary** — with `.strict()`, including max lengths
+12. **Structured JSON logs only** — with `correlationId` + `tenantId` on every line
+13. **Secrets in Doppler/KMS** — never in code, never logged
+14. **No `any` in TypeScript** — use `unknown` with narrowing
+15. **No N+1 queries** — use Prisma `include/select`
+
+## Design system rules
+- Use CSS tokens (`var(--token-name)`) — never hardcode colours, radii, or font names
+- Use components from `components.tsx` — never import Tailwind or shadcn
+- Sparkle star is the only AI glyph — no robots, brains, or lightbulbs
+- Touch targets: 44×44px minimum on mobile
+- Spacing: multiples of 4px only (4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 48, 56, 64)
+
+## Error handling
+- Throw exceptions for programming errors (bugs)
+- Return Result types for expected failures (validation, not-found, rate-limit)
+- Never silence errors — always log or rethrow
+
+## Code style
+- TypeScript `strict: true` + `noUncheckedIndexedAccess`
+- Functions ≤ 80 lines, files ≤ 500 lines
+- No `console.log` — use the structured logger
+- No commented-out code — delete it
+- Boolean variables: `is/has/can/should` prefix
+- No TypeScript `enum` — use string literal unions
+
+## Performance hard caps
+- UI response: ≤ 100ms | API p95: < 300ms | DB indexed lookup: ≤ 10ms
+- JS bundle gzipped: ≤ 170KB | CSS gzipped: ≤ 30KB
+- LCP: ≤ 2.5s | INP: ≤ 200ms | CLS: ≤ 0.1