autoworkflow 3.1.5 → 3.5.0

package/.claude/settings.json

@@ -18,6 +18,30 @@
         ]
       }
     ],
+    "PreToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "./.claude/hooks/pre-edit.sh",
+            "timeout": 5,
+            "statusMessage": "Checking plan approval..."
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "./.claude/hooks/pre-tool-router.sh \"$TOOL_INPUT\"",
+            "timeout": 300,
+            "statusMessage": "Checking workflow gates..."
+          }
+        ]
+      }
+    ],
     "PostToolUse": [
       {
         "matcher": "Write|Edit",
@@ -29,17 +53,15 @@
             "statusMessage": "Running verification..."
           }
         ]
-      }
-    ],
-    "PreToolUse": [
+      },
       {
         "matcher": "Bash",
         "hooks": [
           {
             "type": "command",
-            "command": "./.claude/hooks/pre-tool-router.sh \"$TOOL_INPUT\"",
-            "timeout": 300,
-            "statusMessage": "Checking workflow gates..."
+            "command": "./.claude/hooks/post-bash-router.sh \"$TOOL_INPUT\"",
+            "timeout": 30,
+            "statusMessage": "Checking post-command actions..."
           }
         ]
       }
@@ -56,6 +78,18 @@
     "ANALYZE → PLAN → CONFIRM → IMPLEMENT → VERIFY → AUDIT → COMMIT → UPDATE",
     "```",
     "",
+    "### Skill Loading (CRITICAL)",
+    "When executing ANY command from .claude/commands/:",
+    "1. Read the command's YAML frontmatter",
+    "2. Check for `skills_required` array",
+    "3. For EACH skill listed, READ the file from `.claude/skills/` BEFORE executing",
+    "4. Apply the knowledge from skills during command execution",
+    "",
+    "Example: `/audit` has `skills_required: [security.md, code-review.md]`",
+    "→ Read `.claude/skills/security.md` first",
+    "→ Read `.claude/skills/code-review.md` second",
+    "→ THEN execute the audit with this knowledge loaded",
+    "",
     "### Auto-Triggers (Hooks enforce these)",
     "1. **SESSION START**: If instructions/BLUEPRINT.md missing → AUTO-RUN audit (no permission needed)",
     "2. **AFTER CODE CHANGES**: Run `npm run verify` automatically. Fix errors until passing (max 10 iterations)",

package/.claude/settings.local.json

@@ -11,7 +11,9 @@
       "Bash(npm run typecheck:*)",
       "Bash(git add:*)",
       "Bash(git commit -m \"$\\(cat <<''EOF''\nfeat\\(hooks\\): implement full auto-trigger system with blocking gates\n\n- Add 7 new hook scripts for workflow automation:\n  - session-check.sh: Init, blueprint check, task classification\n  - post-edit.sh: Auto-verify with loop tracking \\(max 10 iterations\\)\n  - pre-tool-router.sh: Route Bash commands to appropriate checks\n  - pre-commit-check.sh: All 7 gate checks with blocking \\(exit 1\\)\n  - phase-transition.sh: State management and gate enforcement\n  - audit-runner.sh: UI enforcement + circular dependency checks\n  - blueprint-generator.sh: Auto-scan project structure\n\n- Pre-commit gate now checks:\n  - TypeScript errors\n  - ESLint warnings\n  - TODO/FIXME comments\n  - console.log statements\n  - Orphan features \\(UI enforcement\\)\n  - Circular dependencies\n  - Conventional commit format\n\n- State tracking in .claude/.autoworkflow/:\n  - phase, task-type, verify-iteration, audit-iteration\n  - verify-status, audit-status, plan-approved\n\n- Updated CLAUDE.md files with:\n  - Slash commands table\n  - Hook files reference\n  - Hook integration section\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")",
-      "Bash(git commit:*)"
+      "Bash(git commit:*)",
+      "Bash(unzip:*)",
+      "Bash(node:*)"
     ]
   }
 }

package/.claude/skills/actix.md

@@ -0,0 +1,337 @@
+# Actix Web Skill
+
+## Application Setup
+\`\`\`rust
+use actix_web::{web, App, HttpServer, middleware};
+use actix_cors::Cors;
+
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    // Initialize logging
+    env_logger::init_from_env(env_logger::Env::default().default_filter_or("info"));
+
+    // Create shared state
+    let db_pool = create_pool().await.expect("Failed to create pool");
+    let app_state = web::Data::new(AppState { db: db_pool });
+
+    HttpServer::new(move || {
+        // Configure CORS
+        let cors = Cors::default()
+            .allow_any_origin()
+            .allowed_methods(vec!["GET", "POST", "PUT", "DELETE"])
+            .allowed_headers(vec!["Authorization", "Content-Type"])
+            .max_age(3600);
+
+        App::new()
+            .app_data(app_state.clone())
+            .wrap(middleware::Logger::default())
+            .wrap(middleware::Compress::default())
+            .wrap(cors)
+            .configure(configure_routes)
+    })
+    .bind("127.0.0.1:8080")?
+    .run()
+    .await
+}
+
+fn configure_routes(cfg: &mut web::ServiceConfig) {
+    cfg.service(
+        web::scope("/api/v1")
+            .service(
+                web::scope("/auth")
+                    .route("/login", web::post().to(login))
+                    .route("/register", web::post().to(register))
+            )
+            .service(
+                web::scope("/users")
+                    .wrap(AuthMiddleware)
+                    .route("", web::get().to(list_users))
+                    .route("", web::post().to(create_user))
+                    .route("/{id}", web::get().to(get_user))
+                    .route("/{id}", web::put().to(update_user))
+                    .route("/{id}", web::delete().to(delete_user))
+            )
+    );
+}
+\`\`\`
+
+## Shared State
+\`\`\`rust
+use sqlx::PgPool;
+
+pub struct AppState {
+    pub db: PgPool,
+    pub config: AppConfig,
+}
+
+// Access in handlers
+async fn get_user(
+    state: web::Data<AppState>,
+    path: web::Path<String>,
+) -> Result<HttpResponse, AppError> {
+    let id = path.into_inner();
+    let user = sqlx::query_as!(User, "SELECT * FROM users WHERE id = $1", id)
+        .fetch_optional(&state.db)
+        .await?
+        .ok_or(AppError::NotFound)?;
+
+    Ok(HttpResponse::Ok().json(user))
+}
+\`\`\`
+
+## Request Extractors
+\`\`\`rust
+use actix_web::{web, HttpResponse};
+use serde::Deserialize;
+use validator::Validate;
+
+// JSON body
+#[derive(Deserialize, Validate)]
+pub struct CreateUserRequest {
+    #[validate(email)]
+    pub email: String,
+    #[validate(length(min = 2, max = 100))]
+    pub name: String,
+    #[validate(length(min = 8))]
+    pub password: String,
+}
+
+async fn create_user(
+    state: web::Data<AppState>,
+    body: web::Json<CreateUserRequest>,
+) -> Result<HttpResponse, AppError> {
+    // Validate request
+    body.validate().map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let user = User::new(body.email.clone(), body.name.clone(), &body.password)?;
+    // ... save user
+
+    Ok(HttpResponse::Created().json(user))
+}
+
+// Query parameters
+#[derive(Deserialize)]
+pub struct PaginationQuery {
+    #[serde(default = "default_page")]
+    pub page: u32,
+    #[serde(default = "default_per_page")]
+    pub per_page: u32,
+}
+
+fn default_page() -> u32 { 1 }
+fn default_per_page() -> u32 { 20 }
+
+async fn list_users(
+    state: web::Data<AppState>,
+    query: web::Query<PaginationQuery>,
+) -> Result<HttpResponse, AppError> {
+    let offset = (query.page - 1) * query.per_page;
+    let users = sqlx::query_as!(User,
+        "SELECT * FROM users LIMIT $1 OFFSET $2",
+        query.per_page as i64,
+        offset as i64
+    )
+    .fetch_all(&state.db)
+    .await?;
+
+    Ok(HttpResponse::Ok().json(users))
+}
+
+// Path parameters
+async fn get_user(path: web::Path<(String,)>) -> Result<HttpResponse, AppError> {
+    let (id,) = path.into_inner();
+    // ...
+}
+
+// Multiple path params
+async fn get_post_comment(
+    path: web::Path<(String, String)>,
+) -> Result<HttpResponse, AppError> {
+    let (post_id, comment_id) = path.into_inner();
+    // ...
+}
+\`\`\`
+
+## Custom Middleware
+\`\`\`rust
+use actix_web::{dev::{ServiceRequest, ServiceResponse, Transform, Service}, Error, HttpMessage};
+use futures::future::{ok, Ready, LocalBoxFuture};
+use std::rc::Rc;
+
+pub struct AuthMiddleware;
+
+impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type Transform = AuthMiddlewareService<S>;
+    type InitError = ();
+    type Future = Ready<Result<Self::Transform, Self::InitError>>;
+
+    fn new_transform(&self, service: S) -> Self::Future {
+        ok(AuthMiddlewareService {
+            service: Rc::new(service),
+        })
+    }
+}
+
+pub struct AuthMiddlewareService<S> {
+    service: Rc<S>,
+}
+
+impl<S, B> Service<ServiceRequest> for AuthMiddlewareService<S>
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+
+    fn poll_ready(&self, ctx: &mut core::task::Context<'_>) -> std::task::Poll<Result<(), Self::Error>> {
+        self.service.poll_ready(ctx)
+    }
+
+    fn call(&self, req: ServiceRequest) -> Self::Future {
+        let service = Rc::clone(&self.service);
+
+        Box::pin(async move {
+            // Extract and validate token
+            let auth_header = req.headers()
+                .get("Authorization")
+                .and_then(|h| h.to_str().ok());
+
+            let token = match auth_header {
+                Some(h) if h.starts_with("Bearer ") => &h[7..],
+                _ => return Err(AppError::Unauthorized.into()),
+            };
+
+            let claims = validate_token(token)
+                .map_err(|_| AppError::Unauthorized)?;
+
+            // Store claims in request extensions
+            req.extensions_mut().insert(claims);
+
+            service.call(req).await
+        })
+    }
+}
+
+// Access auth data in handler
+async fn protected_handler(req: HttpRequest) -> Result<HttpResponse, AppError> {
+    let claims = req.extensions().get::<Claims>()
+        .ok_or(AppError::Unauthorized)?;
+
+    println!("User ID: {}", claims.user_id);
+    Ok(HttpResponse::Ok().finish())
+}
+\`\`\`
+
+## Error Handling
+\`\`\`rust
+use actix_web::{HttpResponse, ResponseError, http::StatusCode};
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum AppError {
+    #[error("Resource not found")]
+    NotFound,
+
+    #[error("Unauthorized")]
+    Unauthorized,
+
+    #[error("Validation error: {0}")]
+    Validation(String),
+
+    #[error("Database error")]
+    Database(#[from] sqlx::Error),
+
+    #[error("Internal error")]
+    Internal(String),
+}
+
+impl ResponseError for AppError {
+    fn status_code(&self) -> StatusCode {
+        match self {
+            AppError::NotFound => StatusCode::NOT_FOUND,
+            AppError::Unauthorized => StatusCode::UNAUTHORIZED,
+            AppError::Validation(_) => StatusCode::BAD_REQUEST,
+            AppError::Database(_) | AppError::Internal(_) => StatusCode::INTERNAL_SERVER_ERROR,
+        }
+    }
+
+    fn error_response(&self) -> HttpResponse {
+        let status = self.status_code();
+        let message = match self {
+            AppError::Database(_) | AppError::Internal(_) => "Internal server error".to_string(),
+            _ => self.to_string(),
+        };
+
+        HttpResponse::build(status).json(serde_json::json!({
+            "error": message
+        }))
+    }
+}
+\`\`\`
+
+## Testing
+\`\`\`rust
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use actix_web::{test, App};
+
+    #[actix_web::test]
+    async fn test_create_user() {
+        let app = test::init_service(
+            App::new()
+                .app_data(web::Data::new(create_test_state().await))
+                .configure(configure_routes)
+        ).await;
+
+        let req = test::TestRequest::post()
+            .uri("/api/v1/users")
+            .set_json(serde_json::json!({
+                "email": "test@example.com",
+                "name": "Test User",
+                "password": "password123"
+            }))
+            .to_request();
+
+        let resp = test::call_service(&app, req).await;
+        assert_eq!(resp.status(), StatusCode::CREATED);
+    }
+
+    #[actix_web::test]
+    async fn test_get_user_not_found() {
+        let app = test::init_service(
+            App::new()
+                .app_data(web::Data::new(create_test_state().await))
+                .configure(configure_routes)
+        ).await;
+
+        let req = test::TestRequest::get()
+            .uri("/api/v1/users/nonexistent")
+            .to_request();
+
+        let resp = test::call_service(&app, req).await;
+        assert_eq!(resp.status(), StatusCode::NOT_FOUND);
+    }
+}
+\`\`\`
+
+## ✅ DO
+- Use \`web::Data<T>\` for shared application state
+- Implement \`ResponseError\` for custom error types
+- Use extractors (\`web::Json\`, \`web::Query\`, \`web::Path\`)
+- Configure routes in separate function with \`ServiceConfig\`
+- Use \`#[actix_web::test]\` for async tests
+
+## ❌ DON'T
+- Don't clone \`web::Data\` unnecessarily (it's already \`Arc\`)
+- Don't block the async runtime with sync operations
+- Don't expose internal error details to clients
+- Don't forget to handle all error cases in \`ResponseError\`