npm - bastard-framework - Versions diffs - 1.0.0 - Mend

bastard-framework 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,36 @@
+# Changelog
+All notable changes to BASTARD will be documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/),
+and this project adheres to [Semantic Versioning](https://semver.org/).
+## [1.0.0] - 2026-04-02
+### Added
+- 8-round gated pipeline with persistent state machine (`.bastard/state.json`)
+- AI Slop detector with 9 pattern matchers: blue-purple gradients, 3-column icon grids, generic CTAs, floating blobs, single font families, oversized heroes, gradient text, generic section flows, card grid layouts
+- Design token compliance scorer (validates CSS custom properties, typography hierarchy, spacing system)
+- Combined `audit` command with merge verdict (Slop A + Design >= B required)
+- All audit commands (`slop`, `score`, `audit`) work on ANY project without `bastard init`
+- Claude Code guard hooks via `bastard hooks install`:
+  - Blocks source code writes before Round 5
+  - Blocks CSS/styling before Round 2 gate passes
+  - Blocks task files before Round 4
+  - Blocks `git add .` and `git add -A` (per-file staging only)
+  - Blocks direct commits to main/master
+- Content validation schemas for PRD, Personas, Acceptance Criteria, Design, Architecture, ADRs, Threat Model, Security Review
+- Parent framework installer: `bastard parents install` for all 7 frameworks (always-latest)
+- Round workflow engine with framework-aware step-by-step guidance and fallbacks
+- Prompt generator for copy-paste into Claude Code (`bastard prompt`)
+- 4 Claude Code sub-agents: security-reviewer, design-auditor, acceptance-checker, adr-writer
+- 9 document templates scaffolded on `bastard init`
+- `bastard init --install-parents --with-hooks` for all-in-one setup
+- GitHub Actions CI pipeline (Node 20 + 22, typecheck, build, test)
+- 29 tests across 4 suites (state, slop, schemas, guard)
+### Fixed
+- ReDoS vulnerability in floating-shapes pattern detector
+- Guard using absolute paths for file classification (caused false matches when project was inside a `/tests/` directory)
+- Schema validation counting template boilerplate as real content
+- `require()` calls replaced with ESM imports throughout

package/CLAUDE.md ADDED Viewed

@@ -0,0 +1,416 @@
+# CLAUDE.md — BASTARD
+> Tu travailles sur **BASTARD** — un meta-framework open-source né de sept pères
+> différents et qui n'en respecte aucun.
+> Ce fichier est ta bible. Lis-le avant chaque session. Sans exception.
+---
+## Ce qu'est BASTARD
+**B**uild **A**ny **S**aaS **T**hrough **A**gent **R**oles & **D**iscipline.
+BASTARD est un meta-framework qui vole le meilleur de chaque framework de
+l'ecosysteme Claude Code et les assemble en un pipeline de production capable
+de sortir des SaaS serieux. Il n'a pas de pere legitime. Il a sept geniteurs.
+Il est meilleur que chacun d'eux.
+Il ne remplace aucun des frameworks qu'il orchestre. Il leur dit quand parler
+et quand se taire.
+**Principe fondateur :** chaque framework a une zone de genie et une zone
+d'ignorance. BASTARD cable les zones de genie en sequence et ignore le reste.
+> "Born from many. Better than all."
+---
+## Les sept geniteurs
+| ID      | Framework          | Ce qu'il apporte a BASTARD            | Install                             |
+|---------|--------------------|---------------------------------------|-------------------------------------|
+| `bmad`  | BMAD Method        | Vision produit, PRD, Architecture     | `npx bmad-method install`           |
+| `gsd`   | Get Shit Done      | Context engineering, wave execution   | `npx gsd@latest install`            |
+| `gstack`| gstack (Garry Tan) | Design system, QA browser, livraison  | `git clone garrytan/gstack`         |
+| `super` | SuperClaude        | Cognitive personas, token efficiency  | `./install.sh` (repo clone)         |
+| `tob`   | Trail of Bits      | Security review, threat modeling      | `npx skills add trailofbits/skills` |
+| `turbo` | TurboDocx FD       | Frontend design anti-AI-slop          | `npx skills add turbodocx/frontend-design` |
+| `taskm` | TaskMaster         | Task decomposition, dependency graph  | `npx task-master-ai@latest`         |
+---
+## Le pipeline en 8 rounds
+### Round 1 — Vision & Product `[bmad]`
+**Objectif :** transformer une idee en PRD actionnable. Zero code avant ca.
+```
+/bmad-analyst    -> brief -> personas, pain points, jobs-to-be-done
+/bmad-pm         -> PRD structure avec user stories et criteres d'acceptance
+```
+**Outputs :**
+- `docs/product/PRD.md`
+- `docs/product/PERSONAS.md`
+- `docs/product/ACCEPTANCE_CRITERIA.md`
+**BASTARD CLI :** `bastard run 1` | `bastard gate 1` | `bastard approve 1` | `bastard next`
+**Gate :** PRD valide par l'humain. Pas de gate, pas de Round 2.
+---
+### Round 2 — Design System & UX `[gstack + turbo]`
+**Objectif :** poser l'identite visuelle avant de toucher au CSS.
+```
+/design-consultation    -> design system from scratch -> DESIGN.md
+/design-shotgun         -> 3 variantes visuelles -> comparison board interactif
+[turbo frontend-design] -> 4 dimensions (purpose, tone, constraints, diff)
+```
+**Ce qui est interdit dans BASTARD :**
+- Layouts 3 colonnes avec icones generiques
+- Hero sections avec gradient bleu-violet
+- Un seul font pour tout le site
+- Merger avec un AI Slop Score inferieur a A
+**Outputs :**
+- `docs/design/DESIGN.md` (design tokens, typography scale, spacing system)
+- `docs/design/mockups/` (variantes approuvees)
+**BASTARD CLI :** `bastard run 2` | `bastard gate 2` | `bastard approve 2` | `bastard next`
+**Gate :** DESIGN.md signe par l'humain. Le CSS n'existe pas avant ca.
+---
+### Round 3 — Architecture `[bmad + super]`
+**Objectif :** les decisions techniques ecrites avant d'etre codees.
+```
+/bmad-architect         -> ADRs, schema d'infra, choix de stack
+--persona-architect     -> analyse trade-offs, detecte over-engineering et YAGNI
+```
+**Format ADR — non negociable :**
+```markdown
+# ADR-XXX: [Titre de la decision]
+## Statut : Propose | Accepte | Rejete | Supersede
+## Contexte : [Pourquoi cette decision est necessaire]
+## Options considerees : [Liste des alternatives]
+## Decision : [Ce qu'on a choisi et pourquoi]
+## Consequences : [Trade-offs acceptes]
+```
+**Outputs :**
+- `docs/architecture/ARCHITECTURE.md`
+- `docs/architecture/ADR/ADR-001.md`, `ADR-002.md`, ...
+- `docs/architecture/schema-db.md`
+- `docs/architecture/api-contracts.md`
+**BASTARD CLI :** `bastard run 3` | `bastard gate 3` | `bastard approve 3` | `bastard next`
+**Gate :** architecture et ADRs valides. Pas de fondation, pas de maison.
+---
+### Round 4 — Decomposition & Planification `[taskm + gsd]`
+**Objectif :** transformer l'architecture en taches executables sans ambiguite.
+```
+task-master parse-prd   -> ingere PRD + archi -> graphe de taches pondere
+task-master analyze     -> complexity scores, dependances, ordre d'execution
+/gsd:discuss            -> tuer toutes les ambiguites -> CONTEXT.md
+/gsd:plan               -> plans detailles par wave
+```
+**Regles de decoupage :**
+- Une tache = une responsabilite = un commit atomique
+- Taches bloquantes -> Wave 1 (sequentiel)
+- Taches independantes -> Wave 2+ (parallelisable)
+- Aucune tache > 2h estimee. Si c'est le cas, elle se decoupe.
+**Outputs :**
+- `.planning/phases/` (structure GSD)
+- `tasks/` (TaskMaster task files)
+- `docs/planning/CONTEXT.md`
+**BASTARD CLI :** `bastard run 4` | `bastard gate 4` | `bastard next`
+---
+### Round 5 — Execution du Code `[gsd + super]`
+**Objectif :** builder sans context rot, avec le bon cerveau au bon moment.
+```
+/gsd:execute            -> wave-based execution, sous-contextes frais, commits atomiques
+--persona-backend       -> APIs, services, logique metier
+--persona-frontend      -> composants UI, state management
+--persona-performance   -> queries DB, algorithmes critiques
+```
+**Regles d'execution :**
+- `/clear` ou `/compact` entre chaque phase majeure
+- Contexte principal : jamais au-dessus de 40%
+- Chaque tache terminee = commit immediat, message conventionnel
+- Format commit : `type(scope): description` — feat, fix, docs, refactor, test
+- Interdit : `git add .` — staged au niveau fichier uniquement
+**Regles de code :**
+- TypeScript strict mode, toujours
+- Tests ecrits avant l'implementation (TDD, pas de debat la-dessus)
+- Coverage minimum 80% sur la logique metier
+- Zero `any` sans commentaire justificatif
+- Zero secret hardcode — variables d'environnement, point
+**BASTARD CLI :** `bastard run 5` | `bastard gate 5` | `bastard next`
+---
+### Round 6 — Securite `[tob + super]`
+**Objectif :** la securite est integree au build, pas ajoutee apres livraison.
+```
+/threat-modeling        -> STRIDE methodology, DREAD/CVSS scoring
+/security-review        -> OWASP Top 10, auth, crypto, input validation
+--persona-security      -> s'active automatiquement sur auth/sessions/tokens
+```
+**Checklist avant tout merge touchant auth ou paiement :**
+- [ ] Inputs valides et sanitises cote serveur
+- [ ] Authentification et autorisation separees
+- [ ] Zero secret dans le code ou les logs
+- [ ] Queries DB parametrees — pas de string interpolation
+- [ ] Headers de securite en place (CSP, HSTS, X-Frame-Options)
+- [ ] Rate limiting sur les endpoints publics
+- [ ] Logs d'audit sur les actions sensibles
+**Outputs :**
+- `docs/security/THREAT_MODEL.md`
+- `docs/security/SECURITY_REVIEW.md`
+**BASTARD CLI :** `bastard run 6` | `bastard gate 6` | `bastard next`
+---
+### Round 7 — QA & Tests `[gstack]`
+**Objectif :** verifier que ce qu'on a bati marche vraiment dans un vrai browser.
+```
+/qa                     -> analyse le diff, teste les routes affectees, genere les tests de regression
+/design-review [URL]    -> audit visuel 80 points — Design Score + AI Slop Score
+```
+**Standards :**
+- Chaque bug corrige = test de regression immediat, sans exception
+- Design Score minimum : B pour merger sur main
+- AI Slop Score : A obligatoire — en dessous, on refactorise
+- Tests E2E sur les flows critiques : auth, onboarding, core feature, paiement
+**Outputs :**
+- Rapport QA dans la PR
+- Design Score before/after documente
+- Couverture de tests a jour
+**BASTARD CLI :** `bastard run 7` | `bastard slop` | `bastard score` | `bastard gate 7` | `bastard approve 7` | `bastard next`
+---
+### Round 8 — Review & Livraison `[gstack + gsd]`
+**Objectif :** shipper ce qu'on avait prevu de shipper, ni plus ni moins.
+```
+/plan-eng-review        -> architecture, data flow, edge cases, failure modes
+/review                 -> adversarial review (Claude + Codex — deux regards independants)
+/ship                   -> scope drift detection, sync main, tests complets, PR
+/gsd:verify             -> verification contre les ACCEPTANCE_CRITERIA.md du Round 1
+```
+**La boucle fermee de BASTARD :**
+`/gsd:verify` compare le code livre aux criteres d'acceptance definis en Round 1.
+Si un critere n'est pas satisfait -> tache marquee incomplete -> retour Round 5.
+C'est la seule garantie reelle que ce qui etait demande a ete livre.
+**BASTARD CLI :** `bastard run 8` | `bastard audit` | `bastard gate 8` | `bastard approve 8` | `bastard next`
+**Un SaaS sort de BASTARD quand tous les criteres du Round 1 sont verts.**
+---
+## Structure du repository
+```
+.
+├── CLAUDE.md                     <- ce fichier. Lu avant chaque session.
+├── README.md                     <- "Born from many. Better than all."
+├── CONTRIBUTING.md               <- comment contribuer a BASTARD
+├── LICENSE                       <- MIT
+│
+├── docs/
+│   ├── product/
+│   │   ├── PRD.md
+│   │   ├── PERSONAS.md
+│   │   └── ACCEPTANCE_CRITERIA.md
+│   ├── design/
+│   │   ├── DESIGN.md
+│   │   └── mockups/
+│   ├── architecture/
+│   │   ├── ARCHITECTURE.md
+│   │   └── ADR/
+│   ├── security/
+│   │   ├── THREAT_MODEL.md
+│   │   └── SECURITY_REVIEW.md
+│   └── planning/
+│       └── CONTEXT.md
+│
+├── .planning/                    <- GSD phases (versionne en git)
+├── tasks/                        <- TaskMaster task files
+│
+├── src/                          <- code source
+├── tests/                        <- tests unitaires et E2E
+│
+└── .claude/
+    ├── skills/                   <- gstack - TurboDocx FD - Trail of Bits
+    └── agents/                   <- sous-agents definis ci-dessous
+```
+---
+## Sous-agents
+Disponibles dans `.claude/agents/`. Delegue-leur les taches isolees pour
+garder le contexte principal propre.
+### `security-reviewer`
+```yaml
+name: security-reviewer
+description: Reviews code for security vulnerabilities — OWASP + Trail of Bits methodology. Called on every PR touching auth, sessions, payments, or user data.
+tools: Read, Grep, Glob
+model: opus
+```
+### `design-auditor`
+```yaml
+name: design-auditor
+description: Audits UI components against DESIGN.md tokens and the AI Slop blacklist. Refuses to pass anything with generic 3-column grids or blue-purple gradients.
+tools: Read, Glob, Bash
+model: sonnet
+```
+### `acceptance-checker`
+```yaml
+name: acceptance-checker
+description: Verifies implemented features against ACCEPTANCE_CRITERIA.md from Round 1. Returns PASS or FAIL with specific criteria references.
+tools: Read, Grep, Glob, Bash
+model: sonnet
+```
+### `adr-writer`
+```yaml
+name: adr-writer
+description: Documents architecture decisions in ADR format. Called every time a significant technical choice is made.
+tools: Read, Write
+model: sonnet
+```
+---
+## Regles permanentes
+### Git
+- Branches : `feat/`, `fix/`, `docs/`, `refactor/`, `security/`
+- Jamais de commit direct sur `main`
+- PR obligatoire — description avec lien vers la tache TaskMaster concernee
+- Squash merge uniquement
+### Modeles
+- **Sonnet 4.6** — rounds 4, 5, 7, 8 (vitesse)
+- **Opus 4.6** — rounds 1, 3, 6 (profondeur)
+- **Haiku 4.5** — formatting, renommage, migrations mecaniques
+### Contexte
+- `/compact` des que l'utilisation depasse 60%
+- `/clear` entre deux rounds differents
+- Sous-agents pour toutes les taches read-heavy
+### Communication
+- Toujours indiquer le round courant en debut de reponse : `[Round X — Titre]`
+- Toujours terminer par la prochaine action concrete
+- Une ambiguite detectee = une question posee, pas dix
+- Zero decision architecturale sans ADR correspondant
+### Ce que BASTARD ne fait jamais
+- Coder avant un PRD valide
+- Toucher au CSS avant que DESIGN.md soit approuve
+- Merger du code auth ou paiement sans `/security-review`
+- Hardcoder des secrets, meme "temporairement"
+- Considerer le Round 8 termine si `acceptance-checker` retourne FAIL
+---
+## Commandes de demarrage
+> **Deux couches de commandes :**
+> - `bastard <cmd>` — le pipeline CLI (state, gates, audit, orchestration)
+> - `/slash-commands` — les commandes des parent frameworks (bmad, gsd, gstack, etc.)
+>
+> BASTARD orchestre les slash commands. Tu utilises `bastard run` pour savoir
+> quels slash commands lancer a chaque round.
+### Nouveau projet from scratch
+```bash
+bastard init "mon-saas"
+bastard parents install
+bastard hooks install
+bastard run                    # affiche le workflow Round 1
+/bmad-analyst "Decris ton idee en quelques phrases"
+```
+### Reprendre une session en cours
+```bash
+bastard status                 # ou est-on dans le pipeline ?
+bastard run                    # quoi faire maintenant ?
+```
+### Auditer une feature existante
+```bash
+bastard audit src/             # AI Slop + Design Score (marche sans init)
+bastard slop src/              # slop detection seule
+bastard score src/             # design token compliance seule
+```
+### Livrer proprement
+```bash
+bastard gate                   # verifier la gate du round courant
+bastard approve <N>            # approbation humaine
+bastard next                   # avancer au round suivant
+```
+---
+## Standards de sortie
+Un SaaS est considere pret a deployer quand il passe ces gates :
+| Metrique                    | Minimum requis            |
+|-----------------------------|---------------------------|
+| Couverture de tests         | >= 80%                    |
+| Design Score                | >= B                      |
+| AI Slop Score               | A                         |
+| Vulnerabilites OWASP        | 0 critique - 0 high       |
+| Acceptance Criteria         | 100% verts                |
+| ADRs                        | 1 par decision majeure    |
+| Contexte en fin de session  | <= 40%                    |
+---
+*BASTARD — Born from many. Better than all. — MIT License*

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 BASTARD Contributors
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,171 @@
+[![npm version](https://img.shields.io/npm/v/bastard-framework)](https://www.npmjs.com/package/bastard-framework)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+# BASTARD
+> **The guardrails between your favorite Claude Code frameworks.**
+Every framework tells Claude what to do. BASTARD is the only one that tells Claude what it **cannot** do.
+## Try It Now (No Setup Needed)
+Score any project for AI slop — no install, no init, no commitment:
+```bash
+npx bastard-framework audit .
+```
+## The Problem
+The Claude Code ecosystem has amazing frameworks: BMAD for PRDs, gstack for design, GSD for execution, TaskMaster for planning. But **nobody enforces the transitions**. You write a beautiful PRD with BMAD, then ignore it when coding. You skip security review. You ship with generic AI-generated UI.
+BASTARD wires the genius zones of 7 frameworks into a gated pipeline where you literally cannot code before a PRD is approved, cannot style before a design system exists, and cannot ship before acceptance criteria are verified.
+## Quick Start
+```bash
+# Initialize a BASTARD project (scaffolds templates + state machine)
+npx bastard-framework init my-saas
+# Install all 7 parent frameworks (always fetches latest)
+bastard parents install
+# Install Claude Code hooks (blocks code writes before Round 5)
+bastard hooks install
+# See your pipeline
+bastard status
+# Start working — Round 1 workflow with step-by-step guidance
+bastard run
+```
+## The Pipeline
+```
+Round 1  Vision & Product     [bmad]           PRD, personas, acceptance criteria
+Round 2  Design System & UX   [gstack + turbo] Design tokens, mockups, slop-free UI
+Round 3  Architecture         [bmad + super]   ADRs, infra schema, API contracts
+Round 4  Decomposition        [taskm + gsd]    Task graph, waves, context docs
+Round 5  Code Execution       [gsd + super]    Wave execution, atomic commits, TDD
+Round 6  Security             [tob + super]    STRIDE, OWASP, crypto review
+Round 7  QA & Tests           [gstack]         Browser QA, design score, regression
+Round 8  Review & Ship        [gstack + gsd]   Adversarial review, acceptance verify
+```
+Each round has a **gate**. The gate must pass before you advance. No exceptions.
+## What Makes BASTARD Different
+### Hard Gates, Not Suggestions
+```bash
+bastard gate              # Run automated checks (content validation, not just file existence)
+bastard approve 1         # Human sign-off
+bastard next              # Advance — BLOCKED if gate fails
+```
+### Claude Code Guard Hooks
+Once installed, Claude Code **physically cannot** write source code before Round 5:
+```
+$ echo '{"tool_name":"Write","tool_input":{"file_path":"src/app.ts"}}' | bastard guard
+BASTARD: No source code before Round 5 (currently Round 1).
+Complete Rounds 1-4 first: product vision → design → architecture → planning.
+```
+### AI Slop Detection
+9 pattern detectors that catch the telltale signs of AI-generated UI:
+```bash
+bastard slop src/         # Scan for slop patterns
+bastard score src/        # Check design token compliance
+bastard audit src/        # Combined report with merge verdict
+```
+Detected patterns: blue-purple gradients, 3-column icon grids, generic CTAs, floating blobs, single font families, oversized heroes, gradient text, generic section flows, card grid layouts.
+### Content Validation
+Templates aren't enough. BASTARD checks that documents have **real content**, not just empty headers:
+```bash
+bastard validate prd      # PRD has 100+ chars in Problem section? User stories in proper format?
+bastard validate design   # Design tokens defined with CSS custom properties?
+bastard validate          # All documents at once
+```
+## The Seven Parents
+| Framework | What BASTARD Uses It For | Rounds |
+|-----------|------------------------|--------|
+| [BMAD Method](https://github.com/bmad-code-org/BMAD-METHOD) | Product vision, PRD, Architecture | 1, 3 |
+| [Get Shit Done](https://github.com/gsd-build/get-shit-done) | Context engineering, wave execution | 4, 5, 8 |
+| [gstack](https://github.com/garrytan/gstack) | Design system, QA, shipping | 2, 7, 8 |
+| [SuperClaude](https://github.com/SuperClaude-Org/SuperClaude_Framework) | Cognitive personas, token efficiency | 3, 5, 6 |
+| [Trail of Bits](https://github.com/trailofbits/skills) | Security review, threat modeling | 6 |
+| [TurboDocx FD](https://github.com/turbodocx/frontend-design) | Frontend design, anti-AI-slop | 2 |
+| [TaskMaster](https://github.com/eyaltoledano/claude-task-master) | Task decomposition, dependency graphs | 4 |
+BASTARD doesn't replace any of them. It tells them when to speak and when to shut up.
+```bash
+bastard parents           # See which are installed
+bastard parents install   # Install all (always latest)
+bastard parents install --force  # Update all to latest
+```
+## All Commands
+| Command | Description |
+|---------|------------|
+| `bastard init [name]` | Scaffold project + templates + state machine |
+| `bastard status` | Visual pipeline with round/gate status |
+| `bastard run [round]` | Step-by-step workflow with framework guidance |
+| `bastard prompt [round]` | Generate copy-pasteable prompt for a round |
+| `bastard gate [round]` | Run automated gate checks |
+| `bastard validate [doc]` | Deep content validation |
+| `bastard approve <N>` | Human sign-off on a round |
+| `bastard next` | Advance to next round (blocked if gate fails) |
+| `bastard round <N>` | Jump to a round (with warnings) |
+| `bastard parents` | Show installed/missing parent frameworks |
+| `bastard parents install` | Install all parents (latest versions) |
+| `bastard hooks install` | Install Claude Code guard hooks |
+| `bastard hooks remove` | Remove guard hooks |
+| `bastard slop [path]` | AI Slop detection (works on any project) |
+| `bastard score [path]` | Design token compliance (works on any project) |
+| `bastard audit [path]` | Combined slop + design report |
+| `bastard history` | Action audit trail |
+| `bastard reset` | Reset pipeline (keeps files) |
+## Standards
+A SaaS exits BASTARD when all gates pass:
+| Metric | Minimum |
+|--------|---------|
+| Test coverage | >= 80% |
+| Design Score | >= B |
+| AI Slop Score | A |
+| OWASP vulnerabilities | 0 critical, 0 high |
+| Acceptance criteria | 100% green |
+| ADRs | 1 per major decision |
+## Philosophy
+**Principle:** Every framework has a zone of genius and a zone of ignorance. BASTARD wires the genius zones in sequence and ignores the rest.
+- No code before a validated PRD (Round 1 gate)
+- No CSS before an approved design system (Round 2 gate)
+- No merge on auth/payment without security review (Round 6)
+- No ship without acceptance verification (Round 8 closes the loop back to Round 1)
+## License
+MIT
+---
+*Born from many. Better than all.*