agent-bober 0.1.0

package/templates/presets/anchor/CLAUDE.md

@@ -0,0 +1,163 @@
+# Solana/Anchor Project Guide
+
+## Architecture
+
+This is a Solana program built with the Anchor framework.
+
+```
+programs/             Anchor programs (Rust)
+  my-program/
+    src/
+      lib.rs          Program entry point, instruction handlers
+      state.rs        Account data structures
+      error.rs        Custom error definitions
+      instructions/   Instruction handler modules
+tests/                TypeScript integration tests
+migrations/           Deployment migration scripts
+Anchor.toml           Anchor project configuration
+Cargo.toml            Rust workspace configuration
+```
+
+## Program Structure
+
+### Account Definitions
+
+Define account data structures using `#[account]`:
+
+```rust
+#[account]
+pub struct GameState {
+    pub authority: Pubkey,
+    pub score: u64,
+    pub bump: u8,
+}
+```
+
+Always include a `bump` field for PDA accounts. Calculate space with `8 (discriminator) + field sizes`.
+
+### Instructions
+
+Define instruction contexts using `#[derive(Accounts)]`:
+
+```rust
+#[derive(Accounts)]
+pub struct Initialize<'info> {
+    #[account(mut)]
+    pub authority: Signer<'info>,
+    #[account(
+        init,
+        payer = authority,
+        space = 8 + GameState::INIT_SPACE,
+        seeds = [b"game", authority.key().as_ref()],
+        bump,
+    )]
+    pub game_state: Account<'info, GameState>,
+    pub system_program: Program<'info, System>,
+}
+```
+
+### PDAs (Program Derived Addresses)
+
+- Use `seeds` and `bump` constraints in account validation.
+- Derive PDAs with meaningful seed combinations (e.g., `[b"user", user_pubkey]`).
+- Store the bump in the account to avoid recomputing it.
+- Use `#[account(seeds = [...], bump = account.bump)]` for subsequent accesses.
+
+### CPIs (Cross-Program Invocations)
+
+Use `CpiContext` for calling other programs:
+
+```rust
+let cpi_ctx = CpiContext::new(
+    ctx.accounts.token_program.to_account_info(),
+    Transfer {
+        from: ctx.accounts.source.to_account_info(),
+        to: ctx.accounts.destination.to_account_info(),
+        authority: ctx.accounts.authority.to_account_info(),
+    },
+);
+token::transfer(cpi_ctx, amount)?;
+```
+
+For CPIs from PDA-owned accounts, use `CpiContext::new_with_signer` with the PDA seeds.
+
+## Commands
+
+```bash
+anchor build              # compile the program
+anchor test               # build and run all tests
+anchor deploy             # deploy to configured cluster
+anchor keys list          # show program keypairs
+cargo clippy -- -D warnings  # lint Rust code
+```
+
+## TypeScript Client
+
+The TypeScript client is auto-generated by Anchor from the IDL.
+
+```typescript
+import * as anchor from "@coral-xyz/anchor";
+import { Program } from "@coral-xyz/anchor";
+import { MyProgram } from "../target/types/my_program";
+
+const program = anchor.workspace.MyProgram as Program<MyProgram>;
+
+// Call an instruction
+await program.methods
+  .initialize()
+  .accounts({
+    authority: wallet.publicKey,
+    gameState: gameStatePda,
+    systemProgram: anchor.web3.SystemProgram.programId,
+  })
+  .rpc();
+
+// Fetch account data
+const state = await program.account.gameState.fetch(gameStatePda);
+```
+
+## Testing
+
+### With Bankrun (Recommended)
+
+Bankrun provides a fast, lightweight test environment:
+
+```typescript
+import { startAnchor } from "solana-bankrun";
+import { BankrunProvider } from "anchor-bankrun";
+
+const context = await startAnchor(".", [], []);
+const provider = new BankrunProvider(context);
+```
+
+### With Local Validator
+
+```typescript
+import * as anchor from "@coral-xyz/anchor";
+
+describe("my-program", () => {
+  anchor.setProvider(anchor.AnchorProvider.env());
+  const program = anchor.workspace.MyProgram;
+
+  it("initializes", async () => {
+    // test code
+  });
+});
+```
+
+### Testing Best Practices
+
+- Test all instruction handlers with valid inputs.
+- Test constraint violations (wrong signer, wrong PDA, insufficient funds).
+- Test edge cases (zero amounts, max values, duplicate operations).
+- Verify account state after each instruction.
+- Test PDA derivation matches expected addresses.
+
+## Coding Conventions
+
+- Use `msg!()` for logging (visible in transaction logs).
+- Define custom errors with `#[error_code]` for meaningful error messages.
+- Use `require!()` and `require_keys_eq!()` for input validation.
+- Keep instruction handlers thin. Extract business logic into helper functions.
+- Use `impl` blocks on account structs for data methods.
+- Follow Rust naming conventions: `snake_case` for functions, `PascalCase` for types.

package/templates/presets/anchor/bober.config.json

@@ -0,0 +1,9 @@
+{
+  "project": { "name": "my-program", "mode": "greenfield", "preset": "anchor" },
+  "evaluator": { "model": "sonnet", "strategies": [
+    { "type": "build", "required": true },
+    { "type": "unit-test", "required": true },
+    { "type": "lint", "required": true }
+  ], "maxIterations": 3 },
+  "commands": { "build": "anchor build", "test": "anchor test", "lint": "cargo clippy -- -D warnings" }
+}

package/templates/presets/api-node/CLAUDE.md

@@ -0,0 +1,153 @@
+# Node.js API Project Guide
+
+## Architecture
+
+This is a Node.js API project using TypeScript.
+
+```
+src/
+  index.ts            Application entry point
+  routes/             Route handlers organized by domain
+  middleware/          Express/Fastify middleware (auth, validation, error handling)
+  services/           Business logic layer
+  models/             Data models / database schemas
+  utils/              Shared utility functions
+  types/              TypeScript type definitions
+tests/                Test files mirroring src/ structure
+```
+
+## Framework Patterns
+
+### Express
+
+```typescript
+import express from "express";
+const app = express();
+
+app.use(express.json());
+app.use("/api/users", userRouter);
+
+app.use(errorHandler); // error middleware last
+```
+
+### NestJS
+
+```typescript
+@Controller("users")
+export class UsersController {
+  constructor(private readonly usersService: UsersService) {}
+
+  @Get()
+  findAll() {
+    return this.usersService.findAll();
+  }
+
+  @Post()
+  create(@Body() dto: CreateUserDto) {
+    return this.usersService.create(dto);
+  }
+}
+```
+
+### Fastify
+
+```typescript
+import Fastify from "fastify";
+const app = Fastify({ logger: true });
+
+app.register(userRoutes, { prefix: "/api/users" });
+```
+
+## Middleware
+
+- **Authentication**: Verify JWTs or session tokens. Return 401 for missing/invalid auth.
+- **Validation**: Validate request bodies and query parameters at the route level. Use Zod, Joi, or class-validator.
+- **Error Handling**: Centralize error handling in a global error middleware. Map known errors to HTTP status codes.
+- **Logging**: Use structured logging (pino, winston). Log request IDs for traceability.
+- **Rate Limiting**: Apply rate limiting to public endpoints.
+- **CORS**: Configure CORS for allowed origins.
+
+## Validation
+
+Use Zod for request validation:
+
+```typescript
+import { z } from "zod";
+
+const CreateUserSchema = z.object({
+  email: z.string().email(),
+  name: z.string().min(1).max(100),
+  role: z.enum(["admin", "user"]).default("user"),
+});
+
+type CreateUserInput = z.infer<typeof CreateUserSchema>;
+```
+
+## Authentication
+
+- Use JWT tokens for stateless auth or sessions for stateful auth.
+- Store secrets in environment variables, never in code.
+- Hash passwords with bcrypt (cost factor >= 12).
+- Implement refresh token rotation for long-lived sessions.
+
+## Database Access
+
+- Use an ORM (Prisma, TypeORM, Drizzle) or query builder (Knex).
+- Run migrations for schema changes. Never modify the database schema manually.
+- Use connection pooling in production.
+- Write repository or service functions for database queries. Do not put raw queries in route handlers.
+
+## Error Handling
+
+Define application-specific error classes:
+
+```typescript
+export class AppError extends Error {
+  constructor(
+    public statusCode: number,
+    message: string,
+    public code?: string,
+  ) {
+    super(message);
+  }
+}
+
+export class NotFoundError extends AppError {
+  constructor(resource: string) {
+    super(404, `${resource} not found`, "NOT_FOUND");
+  }
+}
+```
+
+Return consistent error response shapes:
+
+```json
+{
+  "error": {
+    "code": "NOT_FOUND",
+    "message": "User not found"
+  }
+}
+```
+
+## Testing
+
+```bash
+npm test                  # run all tests
+npm run test:watch        # run tests in watch mode
+npm run test:coverage     # run tests with coverage
+```
+
+- **Unit tests**: Test services and utilities in isolation. Mock database and external dependencies.
+- **Integration tests**: Test routes with supertest. Use a test database or in-memory store.
+- **Test structure**: Mirror the `src/` directory in `tests/`. Name test files `*.test.ts`.
+
+## Coding Conventions
+
+- **TypeScript strict mode** is enabled. No `any` unless absolutely necessary.
+- **ESM only** (`"type": "module"` in package.json). Use `import`/`export`, never `require`.
+- **Async/await** for all asynchronous operations. No raw callbacks.
+- **Environment variables**: Load with `dotenv` or framework-native config. Validate at startup.
+- **File naming**: `kebab-case.ts` for all source files.
+- **Error handling**: Always catch async errors. Use `express-async-errors` or equivalent.
+- **No business logic in route handlers**. Route handlers parse input, call services, and format output.

package/templates/presets/api-node/bober.config.json

@@ -0,0 +1,10 @@
+{
+  "project": { "name": "my-api", "mode": "greenfield", "preset": "api-node" },
+  "evaluator": { "model": "sonnet", "strategies": [
+    { "type": "typecheck", "required": true },
+    { "type": "lint", "required": true },
+    { "type": "unit-test", "required": true },
+    { "type": "api-check", "required": false }
+  ], "maxIterations": 3 },
+  "commands": { "build": "npm run build", "test": "npm test", "lint": "npm run lint", "typecheck": "npx tsc --noEmit", "dev": "npm run dev" }
+}

package/templates/presets/nextjs/CLAUDE.md

@@ -0,0 +1,82 @@
+# Next.js Project Guide
+
+## Architecture
+
+This is a Next.js application using the App Router.
+
+```
+app/                  App Router pages and layouts
+  layout.tsx          Root layout
+  page.tsx            Home page
+  api/                API routes (Route Handlers)
+components/           Shared React components
+lib/                  Utility functions, database clients, helpers
+prisma/               Prisma schema and migrations (if using Prisma)
+public/               Static assets
+```
+
+## App Router Conventions
+
+- **Layouts** (`layout.tsx`): Shared UI that wraps child routes. The root layout is required and must render `<html>` and `<body>`.
+- **Pages** (`page.tsx`): Unique UI for a route. This is what gets rendered at that URL.
+- **Loading** (`loading.tsx`): Loading UI shown while a route segment loads.
+- **Error** (`error.tsx`): Error boundary for a route segment. Must be a Client Component.
+- **Route Handlers** (`route.ts` in `app/api/`): Server-side API endpoints using `GET`, `POST`, etc. exports.
+
+## Server vs Client Components
+
+- Components are **Server Components** by default. They run on the server, can fetch data directly, and cannot use hooks or browser APIs.
+- Add `"use client"` at the top of a file to make it a **Client Component**. Use Client Components only when you need interactivity (hooks, event handlers, browser APIs).
+- Keep Client Components as leaf nodes in the component tree. Push interactive parts to the smallest possible component.
+
+## Server Actions
+
+- Use `"use server"` at the top of a file or inside a function to define Server Actions.
+- Server Actions run on the server and can be called from Client Components via form actions or direct invocation.
+- Use Server Actions for data mutations (create, update, delete). Revalidate data with `revalidatePath` or `revalidateTag` after mutations.
+
+## Data Fetching
+
+- Fetch data in Server Components using `async/await` directly. No need for `useEffect` or client-side fetching for initial data.
+- Use `fetch()` with Next.js caching options: `{ cache: "force-cache" }` (default), `{ cache: "no-store" }`, or `{ next: { revalidate: 60 } }`.
+- For database access, call Prisma or your ORM directly in Server Components.
+
+## Middleware
+
+- `middleware.ts` at the project root intercepts requests before they reach routes.
+- Use middleware for authentication checks, redirects, request rewriting, and header manipulation.
+
+## Testing
+
+- **Unit tests**: Use Vitest with `@testing-library/react` for component tests.
+- **Integration tests**: Test API routes by importing the handler and calling it with mock `Request` objects.
+- **E2E tests**: Use Playwright for full end-to-end testing against the running application.
+
+```bash
+npm test                  # run unit tests
+npm run test:e2e          # run Playwright E2E tests
+```
+
+## Database (Prisma)
+
+If using Prisma:
+
+```bash
+npx prisma generate       # generate client after schema changes
+npx prisma db push        # push schema to database (development)
+npx prisma migrate dev    # create a migration (development)
+```
+
+- Define models in `prisma/schema.prisma`.
+- Import `PrismaClient` from a singleton in `lib/db.ts`.
+- Never import Prisma in Client Components.
+
+## Coding Conventions
+
+- **TypeScript strict mode** is enabled. No `any` unless absolutely necessary.
+- **ESM only**. Use `import`/`export`, never `require`.
+- **Functional components** with hooks. No class components.
+- **Server Components by default**. Only add `"use client"` when interactivity is needed.
+- **File naming**: `kebab-case.ts` for utilities, `PascalCase.tsx` for components.
+- **Error handling**: API routes must return appropriate HTTP status codes. Use `NextResponse.json()` for responses.
+- **Environment variables**: Access server-side env vars directly. Prefix with `NEXT_PUBLIC_` for client-side access.

package/templates/presets/nextjs/bober.config.json

@@ -0,0 +1,14 @@
+{
+  "project": { "name": "my-nextjs-app", "mode": "greenfield", "preset": "nextjs" },
+  "planner": { "maxClarifications": 5, "model": "opus" },
+  "generator": { "model": "sonnet", "maxTurnsPerSprint": 50, "autoCommit": true, "branchPattern": "bober/{feature-name}" },
+  "evaluator": { "model": "sonnet", "strategies": [
+    { "type": "typecheck", "required": true },
+    { "type": "lint", "required": true },
+    { "type": "build", "required": true },
+    { "type": "unit-test", "required": true }
+  ], "maxIterations": 3 },
+  "sprint": { "maxSprints": 10, "requireContracts": true, "sprintSize": "medium" },
+  "pipeline": { "maxIterations": 20, "requireApproval": false, "contextReset": "always" },
+  "commands": { "install": "npm install", "build": "npm run build", "test": "npm test", "lint": "npm run lint", "dev": "npm run dev", "typecheck": "npx tsc --noEmit" }
+}

package/templates/presets/python-api/CLAUDE.md

@@ -0,0 +1,202 @@
+# Python API Project Guide
+
+## Architecture
+
+This is a Python API project.
+
+```
+app/
+  main.py             Application entry point
+  api/
+    routes/           Route handlers organized by domain
+    deps.py           Dependency injection (auth, database sessions)
+  models/             SQLAlchemy/Prisma models
+  schemas/            Pydantic request/response schemas
+  services/           Business logic layer
+  core/
+    config.py         Application settings (pydantic-settings)
+    security.py       Authentication and authorization
+tests/                Test files mirroring app/ structure
+  conftest.py         Shared fixtures
+alembic/              Database migrations (if using Alembic)
+pyproject.toml        Project configuration and dependencies
+```
+
+## FastAPI
+
+### Application Setup
+
+```python
+from fastapi import FastAPI
+
+app = FastAPI(title="My API", version="0.1.0")
+
+app.include_router(users_router, prefix="/api/users", tags=["users"])
+```
+
+### Route Handlers
+
+```python
+from fastapi import APIRouter, Depends, HTTPException, status
+
+router = APIRouter()
+
+@router.get("/", response_model=list[UserResponse])
+async def list_users(db: Session = Depends(get_db)):
+    return await user_service.list_all(db)
+
+@router.post("/", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
+async def create_user(data: CreateUserRequest, db: Session = Depends(get_db)):
+    return await user_service.create(db, data)
+```
+
+### Dependency Injection
+
+Use `Depends()` for shared logic (auth, database sessions, pagination):
+
+```python
+async def get_current_user(token: str = Depends(oauth2_scheme)) -> User:
+    payload = verify_token(token)
+    user = await get_user_by_id(payload.sub)
+    if not user:
+        raise HTTPException(status_code=401, detail="Invalid token")
+    return user
+```
+
+## Django
+
+### URL Configuration
+
+```python
+urlpatterns = [
+    path("api/users/", UserListView.as_view()),
+    path("api/users/<int:pk>/", UserDetailView.as_view()),
+]
+```
+
+### Views (DRF)
+
+```python
+from rest_framework import viewsets
+from .models import User
+from .serializers import UserSerializer
+
+class UserViewSet(viewsets.ModelViewSet):
+    queryset = User.objects.all()
+    serializer_class = UserSerializer
+    permission_classes = [IsAuthenticated]
+```
+
+## Pydantic Models
+
+Define request and response schemas with Pydantic:
+
+```python
+from pydantic import BaseModel, EmailStr
+
+class CreateUserRequest(BaseModel):
+    email: EmailStr
+    name: str
+    role: str = "user"
+
+class UserResponse(BaseModel):
+    id: int
+    email: str
+    name: str
+    role: str
+
+    model_config = ConfigDict(from_attributes=True)
+```
+
+## Database (SQLAlchemy)
+
+```python
+from sqlalchemy import Column, Integer, String
+from app.core.database import Base
+
+class User(Base):
+    __tablename__ = "users"
+
+    id = Column(Integer, primary_key=True, index=True)
+    email = Column(String, unique=True, index=True, nullable=False)
+    name = Column(String, nullable=False)
+    hashed_password = Column(String, nullable=False)
+```
+
+Use Alembic for migrations:
+
+```bash
+alembic revision --autogenerate -m "add users table"
+alembic upgrade head
+```
+
+## Testing
+
+```bash
+pytest                        # run all tests
+pytest -v                     # verbose output
+pytest -x                     # stop on first failure
+pytest --cov=app              # run with coverage
+pytest tests/test_users.py    # run specific test file
+```
+
+### Test Structure
+
+```python
+import pytest
+from httpx import AsyncClient
+from app.main import app
+
+@pytest.fixture
+async def client():
+    async with AsyncClient(app=app, base_url="http://test") as ac:
+        yield ac
+
+@pytest.mark.anyio
+async def test_create_user(client: AsyncClient):
+    response = await client.post("/api/users/", json={
+        "email": "test@example.com",
+        "name": "Test User",
+    })
+    assert response.status_code == 201
+    data = response.json()
+    assert data["email"] == "test@example.com"
+```
+
+### Fixtures
+
+Use `conftest.py` for shared fixtures (database sessions, test clients, factory functions).
+
+## Type Checking
+
+```bash
+mypy .                        # type check entire project
+mypy app/services/            # type check specific directory
+```
+
+Configure in `pyproject.toml`:
+
+```toml
+[tool.mypy]
+strict = true
+plugins = ["pydantic.mypy"]
+```
+
+## Linting
+
+```bash
+ruff check .                  # lint all files
+ruff check --fix .            # auto-fix issues
+ruff format .                 # format code
+```
+
+## Coding Conventions
+
+- **Type hints** on all function signatures. Use `strict` mode in mypy.
+- **Async/await** for all I/O operations (database, HTTP, file system).
+- **Pydantic** for all request/response validation. Never trust raw input.
+- **Dependency injection** for database sessions, auth, and shared services.
+- **Environment variables**: Use `pydantic-settings` for configuration. Validate at startup.
+- **File naming**: `snake_case.py` for all source files.
+- **Error handling**: Raise `HTTPException` with appropriate status codes. Use custom exception handlers for domain errors.
+- **No business logic in route handlers**. Route handlers parse input, call services, and return responses.

package/templates/presets/python-api/bober.config.json

@@ -0,0 +1,9 @@
+{
+  "project": { "name": "my-api", "mode": "greenfield", "preset": "python-api" },
+  "evaluator": { "model": "sonnet", "strategies": [
+    { "type": "lint", "required": true },
+    { "type": "unit-test", "required": true },
+    { "type": "api-check", "required": false }
+  ], "maxIterations": 3 },
+  "commands": { "test": "pytest", "lint": "ruff check .", "typecheck": "mypy ." }
+}