ashlrcode 1.0.0 → 2.1.0

package/prompts/skills/polish.md

@@ -0,0 +1,94 @@
+---
+name: polish
+description: Autonomous polish pipeline -- commit, lint, review, security, fix loop until clean
+trigger: /polish
+---
+
+Autonomous loop: commit, lint/type-check, code review, simplify, security audit, fix, re-commit. Runs until clean or max 3 iterations.
+
+## Step 1 -- Initial Commit
+
+1. Run `git status` and `git diff` to understand all changes
+2. Run `git log -3 --oneline` to match commit message style
+3. Stage related files in logical groups
+4. Generate a commit message using these conventions:
+   - Format: `<type>: <summary>` (feat/fix/refactor/style/docs/test/chore)
+   - Summary: max 50 chars, present tense, no period
+   - Body: explain "why" not "what", wrap at 72 chars
+5. Commit and push to origin
+
+## Step 2 -- Lint + Type-check
+
+1. Check `package.json` for available tooling (eslint, tsc, biome in scripts or devDependencies)
+2. If ESLint available: run `npx eslint --fix` on the changed files only
+3. If TypeScript available: run `npx tsc --noEmit` to surface type errors
+4. If lint/type errors found that couldn't be auto-fixed: fix them manually
+5. If any fixes were made: commit with message `style: fix lint and type errors`
+
+## Step 3 -- Code Review + Simplify (Parallel)
+
+Launch **two agents in parallel**:
+
+**Agent 1: Code Review**
+- Review the diff from the latest commit(s) in this session
+- Focus on: bugs, logic errors, missing edge cases, broken patterns, code quality
+- Only report high-confidence issues that truly matter
+
+**Agent 2: Simplify**
+- Review changed files for clarity, consistency, and maintainability
+- Focus on: unnecessary complexity, dead code, DRY violations, unclear naming
+- Preserve all existing functionality
+
+Collect findings from both agents.
+
+## Step 4 -- Security Audit
+
+Review all changed files for security vulnerabilities:
+
+- **Injection**: unescaped user input, `innerHTML`, `dangerouslySetInnerHTML`, SQL without parameterized queries
+- **Auth/AuthZ**: missing auth checks on API routes, privilege escalation paths
+- **Secrets**: hardcoded API keys, tokens, passwords, connection strings
+- **Validation**: missing input validation at API boundaries, unchecked array access
+- **XSS**: unsanitized output in templates/JSX
+- **CSRF/CORS**: missing or misconfigured protections
+
+## Step 5 -- Apply All Fixes
+
+1. Apply fixes from code review, simplify, and security audit
+2. Re-run lint + type-check to ensure fixes don't introduce new issues
+3. If a build script exists, run `npm run build` to verify compilation
+
+## Step 6 -- Re-commit & Loop
+
+1. If fixes were applied: commit with descriptive message and push
+2. **Loop decision** (max 3 iterations):
+   - If this was iteration 3: stop, report summary
+   - If fixes were made: loop back to Step 3 (skip lint since we just ran it)
+   - If no issues found: stop, report summary
+
+## Final Summary
+
+After the loop completes, output a summary:
+
+```
+## Polish Complete
+
+**Iterations**: X
+**Initial commit**: <hash> -- <message>
+**Review findings fixed**: <count>
+**Simplifications made**: <count>
+**Security issues resolved**: <count>
+**Lint/type fixes**: <count>
+**Final commit**: <hash> -- <message>
+```
+
+## Important Rules
+
+- Do NOT ask for user confirmation between steps -- run autonomously
+- Do NOT skip steps -- every iteration must include review + simplify + security
+- Do NOT make cosmetic-only changes that don't improve the code meaningfully
+- Do NOT touch files outside the current changeset unless fixing a bug found during review
+- If `npm run build` or lint fails after fixes, debug and resolve before re-committing
+- Always push after each commit
+
+{{args}}

package/prompts/skills/pr.md

@@ -0,0 +1,30 @@
+---
+name: pr
+description: Create a pull request on GitHub
+trigger: /pr
+---
+
+Create a pull request for the current branch. Follow these steps:
+
+1. Run `git status`, `git diff`, and `git log --oneline -10` to understand all changes
+2. Check if the branch tracks a remote: `git rev-parse --abbrev-ref --symbolic-full-name @{u}`
+3. If not tracking, push with: `git push -u origin $(git branch --show-current)`
+4. Analyze ALL commits on this branch (not just the latest)
+5. Create the PR:
+
+```bash
+gh pr create --title "concise title under 70 chars" --body "$(cat <<'EOF'
+## Summary
+- bullet point 1
+- bullet point 2
+
+## Test plan
+- [ ] test item 1
+- [ ] test item 2
+EOF
+)"
+```
+
+6. Return the PR URL when done.
+
+{{args}}

package/prompts/skills/refactor.md

@@ -0,0 +1,26 @@
+---
+name: refactor
+description: Refactor code for clarity without changing behavior
+trigger: /refactor
+---
+
+Refactor the specified code for improved clarity and maintainability.
+
+Rules:
+1. **Never change behavior** — refactoring must be behavior-preserving
+2. Read all affected code first to understand the full picture
+3. Make changes incrementally — one improvement at a time
+4. Verify after each change that nothing is broken
+5. Common refactoring targets:
+   - Extract repeated patterns (only if 3+ occurrences)
+   - Simplify complex conditionals
+   - Improve naming for clarity
+   - Remove dead code
+   - Reduce nesting depth
+6. Do NOT:
+   - Add unnecessary abstractions
+   - Change public APIs without discussion
+   - "Improve" code that's already clear
+   - Add comments to self-documenting code
+
+{{args}}

package/prompts/skills/resume-branch.md

@@ -0,0 +1,27 @@
+---
+name: resume-branch
+description: Switch branches with full context restoration from Entire.io
+trigger: /resume-branch
+---
+
+Switch to an existing branch and restore AI session context from Entire.io.
+
+**Branch:** {{args}}
+
+## Steps
+
+1. Run `entire resume {{args}}` to switch to the branch and restore session context
+2. If the branch doesn't exist locally, Entire will prompt to fetch from origin
+3. After resume, run `entire explain --short` to show a summary of recent checkpoints on this branch
+4. Run `git log --oneline -10` to see recent commits
+5. Summarize the state of work on this branch:
+   - What was previously accomplished (from checkpoints)
+   - What commits exist
+   - What files were recently modified
+   - Any unfinished work or next steps visible from context
+
+## Notes
+
+- This replaces a plain `git checkout` -- it also restores the Entire session log
+- If no checkpoints exist on the branch, fall back to `git checkout {{args}}` and summarize from git log
+- Works across all Ashlar projects

package/prompts/skills/review.md

@@ -0,0 +1,27 @@
+---
+name: review
+description: Review code for bugs, quality, and security issues
+trigger: /review
+---
+
+Review the code changes for bugs, logic errors, security vulnerabilities, and quality issues. Focus on what actually matters.
+
+## Steps:
+1. Run `git diff` to see all current changes (or `git diff HEAD~1` for the last commit)
+2. Read each changed file to understand context
+3. Review for:
+   - **Bugs**: Logic errors, off-by-one, null/undefined handling, race conditions
+   - **Security**: Injection risks, credential exposure, unsafe operations
+   - **Quality**: Unclear code, missing error handling at boundaries, complexity
+   - **Conventions**: Does it match existing patterns in the codebase?
+
+## Output format:
+For each issue found, report:
+- File and line number
+- Severity: critical / warning / suggestion
+- Description of the issue
+- Recommended fix
+
+Only report issues you're confident about. Don't flag style preferences or minor nits.
+
+{{args}}

package/prompts/skills/ship.md

@@ -0,0 +1,32 @@
+---
+name: ship
+description: Start ProductAgent — autonomous product-building mode that finds and fixes issues
+trigger: /ship
+---
+
+Start the **ProductAgent** — an autonomous agent that works toward a product goal.
+
+Unlike KAIROS (which does tasks you give it), ProductAgent **finds its own work** by:
+1. Scanning the codebase against your goal
+2. Identifying bugs, missing features, quality gaps, security issues
+3. Prioritizing by user impact (critical → high → medium → low)
+4. Executing each fix with sub-agents (small items directly, large items via coordinator)
+5. Verifying every change automatically
+6. Optionally auto-committing verified changes
+
+## Usage
+```
+/ship Make ashlrcode production-ready for paying users
+/ship Ensure all tools work correctly and have proper error handling
+/ship Add comprehensive test coverage for all agent modules
+/ship stop
+```
+
+## Safety
+- Skips complex changes when you're away (terminal unfocused)
+- Respects cost budget (--max-cost)
+- Verifies every change before moving on
+- Max 20 items per session (configurable)
+- You can /ship stop at any time
+
+{{args}}

package/prompts/skills/simplify.md

@@ -0,0 +1,25 @@
+---
+name: simplify
+description: Simplify and refine code for clarity and maintainability
+trigger: /simplify
+---
+
+Review recently changed code and simplify it. Focus on:
+
+1. **Identify changed files**: Run `git diff --name-only` to find recently modified files
+2. **Read each file** and look for:
+   - Unnecessary abstractions that can be inlined
+   - Overly complex logic that can be simplified
+   - Redundant error handling or validation
+   - Dead code or unused imports
+   - Repeated patterns that should be extracted (only if 3+ occurrences)
+3. **Apply simplifications** using Edit tool
+4. **Verify** the code still compiles/runs after changes
+
+Rules:
+- Don't change behavior, only improve clarity
+- Don't add comments to explain simple code
+- Don't introduce new abstractions unless they reduce total code
+- Preserve all existing functionality
+
+{{args}}

package/prompts/skills/test.md

@@ -0,0 +1,19 @@
+---
+name: test
+description: Run tests and fix any failures
+trigger: /test
+---
+
+Run the project's test suite and fix any failures.
+
+Steps:
+1. Look for test configuration: package.json scripts, bun test, jest, vitest, pytest, etc.
+2. Run the test command
+3. If tests fail:
+   - Read the failing test to understand what's expected
+   - Read the source code being tested
+   - Fix the source code (not the test) unless the test is clearly wrong
+   - Re-run tests to verify the fix
+4. Report results: total tests, passed, failed, skipped
+
+{{args}}

package/prompts/skills/verify.md

@@ -0,0 +1,17 @@
+---
+name: verify
+description: Run verification agent to validate recent code changes
+trigger: /verify
+---
+
+Run the Verify tool to spawn a verification sub-agent that checks recent code changes for correctness.
+
+The verification agent will:
+1. Read the git diff and all modified files
+2. Check for syntax errors, logic bugs, missing imports, type mismatches
+3. Report PASS or FAIL with specific issues (file, line, severity)
+
+Use after making non-trivial changes to validate they work correctly.
+This is the feature that "doubles completion rates" — catching bugs before they ship.
+
+{{args}}

package/prompts/skills/weekly-plan.md

@@ -0,0 +1,63 @@
+---
+name: weekly-plan
+description: Weekly progress review and priority setting across projects
+trigger: /weekly-plan
+---
+
+Weekly planning session to review progress and set priorities.
+
+## Steps
+
+1. **Aggregate Last Week's Completions**
+   - Find notes with `status: completed` modified in last 7 days
+   - Summarize GSD phases completed
+   - Count features shipped, bugs fixed per project
+
+2. **Show Carried-Over Items**
+   - Find items that were planned but not completed
+   - Identify stale inbox items (> 7 days old)
+
+3. **Cross-Project Resource Analysis**
+   - Show current allocation between projects
+   - Identify conflicts (same person, same week)
+
+4. **This Week's Priorities**
+   - Pull from GSD roadmaps
+   - Suggest 3-5 key objectives
+   - Ask for approval or edits
+
+5. **Update Weekly Review Note**
+   - Create/update `07-Dashboards/Weekly-Review.md` with:
+     - Week's objectives
+     - Key decisions made
+     - Metrics (if tracked)
+
+## Output Format
+
+```
+Weekly Planning - Week of [Date]
+
+--- LAST WEEK ---
+[completed items per project]
+
+--- CARRIED OVER ---
+[unfinished items and stale inbox]
+
+--- THIS WEEK ---
+Primary Focus: [project]
+1. Objective one
+2. Objective two
+3. Objective three
+
+--- TEAM ---
+[team member]: [Project A] (X%), [Project B] (Y%)
+
+Confirm this week's plan? (y/n)
+```
+
+## Notes
+- Run at start of week (Monday morning)
+- Save decisions to `02-Projects/*/Decisions/`
+- Update GSD STATE.md files if priorities change
+
+{{args}}