claude-code-pilot 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (257) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +151 -0
  3. package/bin/install.js +431 -0
  4. package/docs/agent-guides/architecture.md +107 -0
  5. package/ecc/agents/architect.md +211 -0
  6. package/ecc/agents/code-reviewer.md +237 -0
  7. package/ecc/agents/doc-updater.md +107 -0
  8. package/ecc/agents/e2e-runner.md +107 -0
  9. package/ecc/agents/security-reviewer.md +108 -0
  10. package/ecc/agents/tdd-guide.md +91 -0
  11. package/ecc/commands/checkpoint.md +74 -0
  12. package/ecc/commands/evolve.md +178 -0
  13. package/ecc/commands/learn.md +70 -0
  14. package/ecc/commands/model-route.md +26 -0
  15. package/ecc/commands/quality-gate.md +29 -0
  16. package/ecc/commands/resume-session.md +155 -0
  17. package/ecc/commands/save-session.md +275 -0
  18. package/ecc/commands/sessions.md +305 -0
  19. package/ecc/commands/verify.md +59 -0
  20. package/ecc/contexts/dev.md +20 -0
  21. package/ecc/contexts/research.md +26 -0
  22. package/ecc/contexts/review.md +22 -0
  23. package/ecc/examples/CLAUDE.md +100 -0
  24. package/ecc/examples/django-api-CLAUDE.md +308 -0
  25. package/ecc/examples/go-microservice-CLAUDE.md +267 -0
  26. package/ecc/examples/rust-api-CLAUDE.md +285 -0
  27. package/ecc/examples/saas-nextjs-CLAUDE.md +166 -0
  28. package/ecc/examples/user-CLAUDE.md +109 -0
  29. package/ecc/rules/common/agents.md +49 -0
  30. package/ecc/rules/common/coding-style.md +48 -0
  31. package/ecc/rules/common/development-workflow.md +37 -0
  32. package/ecc/rules/common/git-workflow.md +24 -0
  33. package/ecc/rules/common/hooks.md +30 -0
  34. package/ecc/rules/common/patterns.md +31 -0
  35. package/ecc/rules/common/performance.md +55 -0
  36. package/ecc/rules/common/security.md +29 -0
  37. package/ecc/rules/common/testing.md +29 -0
  38. package/ecc/rules/golang/coding-style.md +32 -0
  39. package/ecc/rules/golang/hooks.md +17 -0
  40. package/ecc/rules/golang/patterns.md +45 -0
  41. package/ecc/rules/golang/security.md +34 -0
  42. package/ecc/rules/golang/testing.md +31 -0
  43. package/ecc/rules/kotlin/coding-style.md +86 -0
  44. package/ecc/rules/kotlin/patterns.md +146 -0
  45. package/ecc/rules/kotlin/security.md +82 -0
  46. package/ecc/rules/kotlin/testing.md +128 -0
  47. package/ecc/rules/perl/coding-style.md +46 -0
  48. package/ecc/rules/perl/hooks.md +22 -0
  49. package/ecc/rules/perl/patterns.md +76 -0
  50. package/ecc/rules/perl/security.md +69 -0
  51. package/ecc/rules/perl/testing.md +54 -0
  52. package/ecc/rules/php/coding-style.md +35 -0
  53. package/ecc/rules/php/hooks.md +24 -0
  54. package/ecc/rules/php/patterns.md +32 -0
  55. package/ecc/rules/php/security.md +33 -0
  56. package/ecc/rules/php/testing.md +34 -0
  57. package/ecc/rules/python/coding-style.md +42 -0
  58. package/ecc/rules/python/hooks.md +19 -0
  59. package/ecc/rules/python/patterns.md +39 -0
  60. package/ecc/rules/python/security.md +30 -0
  61. package/ecc/rules/python/testing.md +38 -0
  62. package/ecc/rules/swift/coding-style.md +47 -0
  63. package/ecc/rules/swift/hooks.md +20 -0
  64. package/ecc/rules/swift/patterns.md +66 -0
  65. package/ecc/rules/swift/security.md +33 -0
  66. package/ecc/rules/swift/testing.md +45 -0
  67. package/ecc/rules/typescript/coding-style.md +199 -0
  68. package/ecc/rules/typescript/hooks.md +22 -0
  69. package/ecc/rules/typescript/patterns.md +52 -0
  70. package/ecc/rules/typescript/security.md +28 -0
  71. package/ecc/rules/typescript/testing.md +18 -0
  72. package/ecc/scripts/hooks/check-hook-enabled.js +12 -0
  73. package/ecc/scripts/hooks/evaluate-session.js +100 -0
  74. package/ecc/scripts/hooks/pre-compact.js +48 -0
  75. package/ecc/scripts/hooks/run-with-flags-shell.sh +32 -0
  76. package/ecc/scripts/hooks/run-with-flags.js +120 -0
  77. package/ecc/scripts/hooks/session-end-marker.js +15 -0
  78. package/ecc/scripts/hooks/session-end.js +258 -0
  79. package/ecc/scripts/hooks/session-start.js +97 -0
  80. package/ecc/scripts/hooks/suggest-compact.js +80 -0
  81. package/ecc/scripts/lib/hook-flags.js +74 -0
  82. package/ecc/scripts/lib/package-manager.d.ts +119 -0
  83. package/ecc/scripts/lib/package-manager.js +431 -0
  84. package/ecc/scripts/lib/project-detect.js +428 -0
  85. package/ecc/scripts/lib/resolve-formatter.js +185 -0
  86. package/ecc/scripts/lib/session-aliases.d.ts +136 -0
  87. package/ecc/scripts/lib/session-aliases.js +481 -0
  88. package/ecc/scripts/lib/session-manager.d.ts +131 -0
  89. package/ecc/scripts/lib/session-manager.js +444 -0
  90. package/ecc/scripts/lib/shell-split.js +86 -0
  91. package/ecc/scripts/lib/utils.d.ts +183 -0
  92. package/ecc/scripts/lib/utils.js +543 -0
  93. package/ecc/skills/continuous-learning-v2/SKILL.md +365 -0
  94. package/ecc/skills/continuous-learning-v2/agents/observer-loop.sh +144 -0
  95. package/ecc/skills/continuous-learning-v2/agents/observer.md +198 -0
  96. package/ecc/skills/continuous-learning-v2/agents/start-observer.sh +194 -0
  97. package/ecc/skills/continuous-learning-v2/config.json +8 -0
  98. package/ecc/skills/continuous-learning-v2/hooks/observe.sh +246 -0
  99. package/ecc/skills/continuous-learning-v2/scripts/detect-project.sh +218 -0
  100. package/ecc/skills/continuous-learning-v2/scripts/instinct-cli.py +1148 -0
  101. package/ecc/skills/continuous-learning-v2/scripts/test_parse_instinct.py +984 -0
  102. package/ecc/skills/strategic-compact/SKILL.md +103 -0
  103. package/ecc/skills/strategic-compact/suggest-compact.sh +54 -0
  104. package/ecc/skills/verification-loop-SKILL.md +126 -0
  105. package/gsd/LICENSE +21 -0
  106. package/gsd/agents/gsd-codebase-mapper.md +772 -0
  107. package/gsd/agents/gsd-debugger.md +1257 -0
  108. package/gsd/agents/gsd-executor.md +489 -0
  109. package/gsd/agents/gsd-integration-checker.md +445 -0
  110. package/gsd/agents/gsd-nyquist-auditor.md +178 -0
  111. package/gsd/agents/gsd-phase-researcher.md +555 -0
  112. package/gsd/agents/gsd-plan-checker.md +708 -0
  113. package/gsd/agents/gsd-planner.md +1309 -0
  114. package/gsd/agents/gsd-project-researcher.md +631 -0
  115. package/gsd/agents/gsd-research-synthesizer.md +249 -0
  116. package/gsd/agents/gsd-roadmapper.md +652 -0
  117. package/gsd/agents/gsd-verifier.md +581 -0
  118. package/gsd/commands-gsd/add-phase.md +43 -0
  119. package/gsd/commands-gsd/add-tests.md +41 -0
  120. package/gsd/commands-gsd/add-todo.md +47 -0
  121. package/gsd/commands-gsd/audit-milestone.md +36 -0
  122. package/gsd/commands-gsd/check-todos.md +45 -0
  123. package/gsd/commands-gsd/cleanup.md +18 -0
  124. package/gsd/commands-gsd/complete-milestone.md +136 -0
  125. package/gsd/commands-gsd/debug.md +168 -0
  126. package/gsd/commands-gsd/discuss-phase.md +90 -0
  127. package/gsd/commands-gsd/execute-phase.md +41 -0
  128. package/gsd/commands-gsd/health.md +22 -0
  129. package/gsd/commands-gsd/help.md +22 -0
  130. package/gsd/commands-gsd/insert-phase.md +32 -0
  131. package/gsd/commands-gsd/join-discord.md +18 -0
  132. package/gsd/commands-gsd/list-phase-assumptions.md +46 -0
  133. package/gsd/commands-gsd/map-codebase.md +71 -0
  134. package/gsd/commands-gsd/new-milestone.md +44 -0
  135. package/gsd/commands-gsd/new-project.md +42 -0
  136. package/gsd/commands-gsd/pause-work.md +38 -0
  137. package/gsd/commands-gsd/plan-milestone-gaps.md +34 -0
  138. package/gsd/commands-gsd/plan-phase.md +45 -0
  139. package/gsd/commands-gsd/progress.md +24 -0
  140. package/gsd/commands-gsd/quick.md +45 -0
  141. package/gsd/commands-gsd/reapply-patches.md +123 -0
  142. package/gsd/commands-gsd/remove-phase.md +31 -0
  143. package/gsd/commands-gsd/research-phase.md +190 -0
  144. package/gsd/commands-gsd/resume-work.md +40 -0
  145. package/gsd/commands-gsd/set-profile.md +34 -0
  146. package/gsd/commands-gsd/settings.md +36 -0
  147. package/gsd/commands-gsd/update.md +37 -0
  148. package/gsd/commands-gsd/validate-phase.md +35 -0
  149. package/gsd/commands-gsd/verify-work.md +38 -0
  150. package/gsd/get-shit-done/bin/gsd-tools.cjs +592 -0
  151. package/gsd/get-shit-done/bin/lib/commands.cjs +548 -0
  152. package/gsd/get-shit-done/bin/lib/config.cjs +169 -0
  153. package/gsd/get-shit-done/bin/lib/core.cjs +492 -0
  154. package/gsd/get-shit-done/bin/lib/frontmatter.cjs +299 -0
  155. package/gsd/get-shit-done/bin/lib/init.cjs +710 -0
  156. package/gsd/get-shit-done/bin/lib/milestone.cjs +241 -0
  157. package/gsd/get-shit-done/bin/lib/phase.cjs +901 -0
  158. package/gsd/get-shit-done/bin/lib/roadmap.cjs +298 -0
  159. package/gsd/get-shit-done/bin/lib/state.cjs +721 -0
  160. package/gsd/get-shit-done/bin/lib/template.cjs +222 -0
  161. package/gsd/get-shit-done/bin/lib/verify.cjs +820 -0
  162. package/gsd/get-shit-done/references/checkpoints.md +776 -0
  163. package/gsd/get-shit-done/references/continuation-format.md +249 -0
  164. package/gsd/get-shit-done/references/decimal-phase-calculation.md +65 -0
  165. package/gsd/get-shit-done/references/git-integration.md +248 -0
  166. package/gsd/get-shit-done/references/git-planning-commit.md +38 -0
  167. package/gsd/get-shit-done/references/model-profile-resolution.md +34 -0
  168. package/gsd/get-shit-done/references/model-profiles.md +93 -0
  169. package/gsd/get-shit-done/references/phase-argument-parsing.md +61 -0
  170. package/gsd/get-shit-done/references/planning-config.md +200 -0
  171. package/gsd/get-shit-done/references/questioning.md +162 -0
  172. package/gsd/get-shit-done/references/tdd.md +263 -0
  173. package/gsd/get-shit-done/references/ui-brand.md +160 -0
  174. package/gsd/get-shit-done/references/verification-patterns.md +612 -0
  175. package/gsd/get-shit-done/templates/DEBUG.md +164 -0
  176. package/gsd/get-shit-done/templates/UAT.md +247 -0
  177. package/gsd/get-shit-done/templates/VALIDATION.md +76 -0
  178. package/gsd/get-shit-done/templates/codebase/architecture.md +255 -0
  179. package/gsd/get-shit-done/templates/codebase/concerns.md +310 -0
  180. package/gsd/get-shit-done/templates/codebase/conventions.md +307 -0
  181. package/gsd/get-shit-done/templates/codebase/integrations.md +280 -0
  182. package/gsd/get-shit-done/templates/codebase/stack.md +186 -0
  183. package/gsd/get-shit-done/templates/codebase/structure.md +285 -0
  184. package/gsd/get-shit-done/templates/codebase/testing.md +480 -0
  185. package/gsd/get-shit-done/templates/config.json +37 -0
  186. package/gsd/get-shit-done/templates/context.md +297 -0
  187. package/gsd/get-shit-done/templates/continue-here.md +78 -0
  188. package/gsd/get-shit-done/templates/debug-subagent-prompt.md +91 -0
  189. package/gsd/get-shit-done/templates/discovery.md +146 -0
  190. package/gsd/get-shit-done/templates/milestone-archive.md +123 -0
  191. package/gsd/get-shit-done/templates/milestone.md +115 -0
  192. package/gsd/get-shit-done/templates/phase-prompt.md +569 -0
  193. package/gsd/get-shit-done/templates/planner-subagent-prompt.md +117 -0
  194. package/gsd/get-shit-done/templates/project.md +184 -0
  195. package/gsd/get-shit-done/templates/requirements.md +231 -0
  196. package/gsd/get-shit-done/templates/research-project/ARCHITECTURE.md +204 -0
  197. package/gsd/get-shit-done/templates/research-project/FEATURES.md +147 -0
  198. package/gsd/get-shit-done/templates/research-project/PITFALLS.md +200 -0
  199. package/gsd/get-shit-done/templates/research-project/STACK.md +120 -0
  200. package/gsd/get-shit-done/templates/research-project/SUMMARY.md +170 -0
  201. package/gsd/get-shit-done/templates/research.md +552 -0
  202. package/gsd/get-shit-done/templates/retrospective.md +54 -0
  203. package/gsd/get-shit-done/templates/roadmap.md +202 -0
  204. package/gsd/get-shit-done/templates/state.md +176 -0
  205. package/gsd/get-shit-done/templates/summary-complex.md +59 -0
  206. package/gsd/get-shit-done/templates/summary-minimal.md +41 -0
  207. package/gsd/get-shit-done/templates/summary-standard.md +48 -0
  208. package/gsd/get-shit-done/templates/summary.md +248 -0
  209. package/gsd/get-shit-done/templates/user-setup.md +311 -0
  210. package/gsd/get-shit-done/templates/verification-report.md +322 -0
  211. package/gsd/get-shit-done/workflows/add-phase.md +112 -0
  212. package/gsd/get-shit-done/workflows/add-tests.md +351 -0
  213. package/gsd/get-shit-done/workflows/add-todo.md +158 -0
  214. package/gsd/get-shit-done/workflows/audit-milestone.md +332 -0
  215. package/gsd/get-shit-done/workflows/check-todos.md +177 -0
  216. package/gsd/get-shit-done/workflows/cleanup.md +152 -0
  217. package/gsd/get-shit-done/workflows/complete-milestone.md +764 -0
  218. package/gsd/get-shit-done/workflows/diagnose-issues.md +219 -0
  219. package/gsd/get-shit-done/workflows/discovery-phase.md +289 -0
  220. package/gsd/get-shit-done/workflows/discuss-phase.md +676 -0
  221. package/gsd/get-shit-done/workflows/execute-phase.md +459 -0
  222. package/gsd/get-shit-done/workflows/execute-plan.md +449 -0
  223. package/gsd/get-shit-done/workflows/health.md +159 -0
  224. package/gsd/get-shit-done/workflows/help.md +489 -0
  225. package/gsd/get-shit-done/workflows/insert-phase.md +130 -0
  226. package/gsd/get-shit-done/workflows/list-phase-assumptions.md +178 -0
  227. package/gsd/get-shit-done/workflows/map-codebase.md +316 -0
  228. package/gsd/get-shit-done/workflows/new-milestone.md +384 -0
  229. package/gsd/get-shit-done/workflows/new-project.md +1111 -0
  230. package/gsd/get-shit-done/workflows/pause-work.md +122 -0
  231. package/gsd/get-shit-done/workflows/plan-milestone-gaps.md +274 -0
  232. package/gsd/get-shit-done/workflows/plan-phase.md +560 -0
  233. package/gsd/get-shit-done/workflows/progress.md +382 -0
  234. package/gsd/get-shit-done/workflows/quick.md +601 -0
  235. package/gsd/get-shit-done/workflows/remove-phase.md +155 -0
  236. package/gsd/get-shit-done/workflows/research-phase.md +74 -0
  237. package/gsd/get-shit-done/workflows/resume-project.md +307 -0
  238. package/gsd/get-shit-done/workflows/set-profile.md +81 -0
  239. package/gsd/get-shit-done/workflows/settings.md +214 -0
  240. package/gsd/get-shit-done/workflows/transition.md +544 -0
  241. package/gsd/get-shit-done/workflows/update.md +240 -0
  242. package/gsd/get-shit-done/workflows/validate-phase.md +167 -0
  243. package/gsd/get-shit-done/workflows/verify-phase.md +243 -0
  244. package/gsd/get-shit-done/workflows/verify-work.md +583 -0
  245. package/gsd/hooks/gsd-check-update.js +81 -0
  246. package/gsd/hooks/gsd-context-monitor.js +141 -0
  247. package/gsd/hooks/gsd-statusline.js +115 -0
  248. package/kit/CLAUDE.md +43 -0
  249. package/kit/commands/kit/update.md +46 -0
  250. package/kit/commands/setup-refresh.md +50 -0
  251. package/kit/commands/setup.md +579 -0
  252. package/kit/commands/tool-guide.md +44 -0
  253. package/kit/hooks/kit-check-update.js +54 -0
  254. package/kit/mcp.json +10 -0
  255. package/kit/rules/code-style.md +24 -0
  256. package/manifest.json +30 -0
  257. package/package.json +36 -0
@@ -0,0 +1,285 @@
1
+ # Rust API Service — Project CLAUDE.md
2
+
3
+ > Real-world example for a Rust API service with Axum, PostgreSQL, and Docker.
4
+ > Copy this to your project root and customize for your service.
5
+
6
+ ## Project Overview
7
+
8
+ **Stack:** Rust 1.78+, Axum (web framework), SQLx (async database), PostgreSQL, Tokio (async runtime), Docker
9
+
10
+ **Architecture:** Layered architecture with handler → service → repository separation. Axum for HTTP, SQLx for type-checked SQL at compile time, Tower middleware for cross-cutting concerns.
11
+
12
+ ## Critical Rules
13
+
14
+ ### Rust Conventions
15
+
16
+ - Use `thiserror` for library errors, `anyhow` only in binary crates or tests
17
+ - No `.unwrap()` or `.expect()` in production code — propagate errors with `?`
18
+ - Prefer `&str` over `String` in function parameters; return `String` when ownership transfers
19
+ - Use `clippy` with `#![deny(clippy::all, clippy::pedantic)]` — fix all warnings
20
+ - Derive `Debug` on all public types; derive `Clone`, `PartialEq` only when needed
21
+ - No `unsafe` blocks unless justified with a `// SAFETY:` comment
22
+
23
+ ### Database
24
+
25
+ - All queries use SQLx `query!` or `query_as!` macros — compile-time verified against the schema
26
+ - Migrations in `migrations/` using `sqlx migrate` — never alter the database directly
27
+ - Use `sqlx::Pool<Postgres>` as shared state — never create connections per request
28
+ - All queries use parameterized placeholders (`$1`, `$2`) — never string formatting
29
+
30
+ ```rust
31
+ // BAD: String interpolation (SQL injection risk)
32
+ let q = format!("SELECT * FROM users WHERE id = '{}'", id);
33
+
34
+ // GOOD: Parameterized query, compile-time checked
35
+ let user = sqlx::query_as!(User, "SELECT * FROM users WHERE id = $1", id)
36
+ .fetch_optional(&pool)
37
+ .await?;
38
+ ```
39
+
40
+ ### Error Handling
41
+
42
+ - Define a domain error enum per module with `thiserror`
43
+ - Map errors to HTTP responses via `IntoResponse` — never expose internal details
44
+ - Use `tracing` for structured logging — never `println!` or `eprintln!`
45
+
46
+ ```rust
47
+ use thiserror::Error;
48
+
49
+ #[derive(Debug, Error)]
50
+ pub enum AppError {
51
+ #[error("Resource not found")]
52
+ NotFound,
53
+ #[error("Validation failed: {0}")]
54
+ Validation(String),
55
+ #[error("Unauthorized")]
56
+ Unauthorized,
57
+ #[error(transparent)]
58
+ Internal(#[from] anyhow::Error),
59
+ }
60
+
61
+ impl IntoResponse for AppError {
62
+ fn into_response(self) -> Response {
63
+ let (status, message) = match &self {
64
+ Self::NotFound => (StatusCode::NOT_FOUND, self.to_string()),
65
+ Self::Validation(msg) => (StatusCode::BAD_REQUEST, msg.clone()),
66
+ Self::Unauthorized => (StatusCode::UNAUTHORIZED, self.to_string()),
67
+ Self::Internal(err) => {
68
+ tracing::error!(?err, "internal error");
69
+ (StatusCode::INTERNAL_SERVER_ERROR, "Internal error".into())
70
+ }
71
+ };
72
+ (status, Json(json!({ "error": message }))).into_response()
73
+ }
74
+ }
75
+ ```
76
+
77
+ ### Testing
78
+
79
+ - Unit tests in `#[cfg(test)]` modules within each source file
80
+ - Integration tests in `tests/` directory using a real PostgreSQL (Testcontainers or Docker)
81
+ - Use `#[sqlx::test]` for database tests with automatic migration and rollback
82
+ - Mock external services with `mockall` or `wiremock`
83
+
84
+ ### Code Style
85
+
86
+ - Max line length: 100 characters (enforced by rustfmt)
87
+ - Group imports: `std`, external crates, `crate`/`super` — separated by blank lines
88
+ - Modules: one file per module, `mod.rs` only for re-exports
89
+ - Types: PascalCase, functions/variables: snake_case, constants: UPPER_SNAKE_CASE
90
+
91
+ ## File Structure
92
+
93
+ ```
94
+ src/
95
+ main.rs # Entrypoint, server setup, graceful shutdown
96
+ lib.rs # Re-exports for integration tests
97
+ config.rs # Environment config with envy or figment
98
+ router.rs # Axum router with all routes
99
+ middleware/
100
+ auth.rs # JWT extraction and validation
101
+ logging.rs # Request/response tracing
102
+ handlers/
103
+ mod.rs # Route handlers (thin — delegate to services)
104
+ users.rs
105
+ orders.rs
106
+ services/
107
+ mod.rs # Business logic
108
+ users.rs
109
+ orders.rs
110
+ repositories/
111
+ mod.rs # Database access (SQLx queries)
112
+ users.rs
113
+ orders.rs
114
+ domain/
115
+ mod.rs # Domain types, error enums
116
+ user.rs
117
+ order.rs
118
+ migrations/
119
+ 001_create_users.sql
120
+ 002_create_orders.sql
121
+ tests/
122
+ common/mod.rs # Shared test helpers, test server setup
123
+ api_users.rs # Integration tests for user endpoints
124
+ api_orders.rs # Integration tests for order endpoints
125
+ ```
126
+
127
+ ## Key Patterns
128
+
129
+ ### Handler (Thin)
130
+
131
+ ```rust
132
+ async fn create_user(
133
+ State(ctx): State<AppState>,
134
+ Json(payload): Json<CreateUserRequest>,
135
+ ) -> Result<(StatusCode, Json<UserResponse>), AppError> {
136
+ let user = ctx.user_service.create(payload).await?;
137
+ Ok((StatusCode::CREATED, Json(UserResponse::from(user))))
138
+ }
139
+ ```
140
+
141
+ ### Service (Business Logic)
142
+
143
+ ```rust
144
+ impl UserService {
145
+ pub async fn create(&self, req: CreateUserRequest) -> Result<User, AppError> {
146
+ if self.repo.find_by_email(&req.email).await?.is_some() {
147
+ return Err(AppError::Validation("Email already registered".into()));
148
+ }
149
+
150
+ let password_hash = hash_password(&req.password)?;
151
+ let user = self.repo.insert(&req.email, &req.name, &password_hash).await?;
152
+
153
+ Ok(user)
154
+ }
155
+ }
156
+ ```
157
+
158
+ ### Repository (Data Access)
159
+
160
+ ```rust
161
+ impl UserRepository {
162
+ pub async fn find_by_email(&self, email: &str) -> Result<Option<User>, sqlx::Error> {
163
+ sqlx::query_as!(User, "SELECT * FROM users WHERE email = $1", email)
164
+ .fetch_optional(&self.pool)
165
+ .await
166
+ }
167
+
168
+ pub async fn insert(
169
+ &self,
170
+ email: &str,
171
+ name: &str,
172
+ password_hash: &str,
173
+ ) -> Result<User, sqlx::Error> {
174
+ sqlx::query_as!(
175
+ User,
176
+ r#"INSERT INTO users (email, name, password_hash)
177
+ VALUES ($1, $2, $3) RETURNING *"#,
178
+ email, name, password_hash,
179
+ )
180
+ .fetch_one(&self.pool)
181
+ .await
182
+ }
183
+ }
184
+ ```
185
+
186
+ ### Integration Test
187
+
188
+ ```rust
189
+ #[tokio::test]
190
+ async fn test_create_user() {
191
+ let app = spawn_test_app().await;
192
+
193
+ let response = app
194
+ .client
195
+ .post(&format!("{}/api/v1/users", app.address))
196
+ .json(&json!({
197
+ "email": "alice@example.com",
198
+ "name": "Alice",
199
+ "password": "securepassword123"
200
+ }))
201
+ .send()
202
+ .await
203
+ .expect("Failed to send request");
204
+
205
+ assert_eq!(response.status(), StatusCode::CREATED);
206
+ let body: serde_json::Value = response.json().await.unwrap();
207
+ assert_eq!(body["email"], "alice@example.com");
208
+ }
209
+
210
+ #[tokio::test]
211
+ async fn test_create_user_duplicate_email() {
212
+ let app = spawn_test_app().await;
213
+ // Create first user
214
+ create_test_user(&app, "alice@example.com").await;
215
+ // Attempt duplicate
216
+ let response = create_user_request(&app, "alice@example.com").await;
217
+ assert_eq!(response.status(), StatusCode::BAD_REQUEST);
218
+ }
219
+ ```
220
+
221
+ ## Environment Variables
222
+
223
+ ```bash
224
+ # Server
225
+ HOST=0.0.0.0
226
+ PORT=8080
227
+ RUST_LOG=info,tower_http=debug
228
+
229
+ # Database
230
+ DATABASE_URL=postgres://user:pass@localhost:5432/myapp
231
+
232
+ # Auth
233
+ JWT_SECRET=your-secret-key-min-32-chars
234
+ JWT_EXPIRY_HOURS=24
235
+
236
+ # Optional
237
+ CORS_ALLOWED_ORIGINS=http://localhost:3000
238
+ ```
239
+
240
+ ## Testing Strategy
241
+
242
+ ```bash
243
+ # Run all tests
244
+ cargo test
245
+
246
+ # Run with output
247
+ cargo test -- --nocapture
248
+
249
+ # Run specific test module
250
+ cargo test api_users
251
+
252
+ # Check coverage (requires cargo-llvm-cov)
253
+ cargo llvm-cov --html
254
+ open target/llvm-cov/html/index.html
255
+
256
+ # Lint
257
+ cargo clippy -- -D warnings
258
+
259
+ # Format check
260
+ cargo fmt -- --check
261
+ ```
262
+
263
+ ## ECC Workflow
264
+
265
+ ```bash
266
+ # Planning
267
+ /plan "Add order fulfillment with Stripe payment"
268
+
269
+ # Development with TDD
270
+ /tdd # cargo test-based TDD workflow
271
+
272
+ # Review
273
+ /code-review # Rust-specific code review
274
+ /security-scan # Dependency audit + unsafe scan
275
+
276
+ # Verification
277
+ /verify # Build, clippy, test, security scan
278
+ ```
279
+
280
+ ## Git Workflow
281
+
282
+ - `feat:` new features, `fix:` bug fixes, `refactor:` code changes
283
+ - Feature branches from `main`, PRs required
284
+ - CI: `cargo fmt --check`, `cargo clippy`, `cargo test`, `cargo audit`
285
+ - Deploy: Docker multi-stage build with `scratch` or `distroless` base
@@ -0,0 +1,166 @@
1
+ # SaaS Application — Project CLAUDE.md
2
+
3
+ > Real-world example for a Next.js + Supabase + Stripe SaaS application.
4
+ > Copy this to your project root and customize for your stack.
5
+
6
+ ## Project Overview
7
+
8
+ **Stack:** Next.js 15 (App Router), TypeScript, Supabase (auth + DB), Stripe (billing), Tailwind CSS, Playwright (E2E)
9
+
10
+ **Architecture:** Server Components by default. Client Components only for interactivity. API routes for webhooks and server actions for mutations.
11
+
12
+ ## Critical Rules
13
+
14
+ ### Database
15
+
16
+ - All queries use Supabase client with RLS enabled — never bypass RLS
17
+ - Migrations in `supabase/migrations/` — never modify the database directly
18
+ - Use `select()` with explicit column lists, not `select('*')`
19
+ - All user-facing queries must include `.limit()` to prevent unbounded results
20
+
21
+ ### Authentication
22
+
23
+ - Use `createServerClient()` from `@supabase/ssr` in Server Components
24
+ - Use `createBrowserClient()` from `@supabase/ssr` in Client Components
25
+ - Protected routes check `getUser()` — never trust `getSession()` alone for auth
26
+ - Middleware in `middleware.ts` refreshes auth tokens on every request
27
+
28
+ ### Billing
29
+
30
+ - Stripe webhook handler in `app/api/webhooks/stripe/route.ts`
31
+ - Never trust client-side price data — always fetch from Stripe server-side
32
+ - Subscription status checked via `subscription_status` column, synced by webhook
33
+ - Free tier users: 3 projects, 100 API calls/day
34
+
35
+ ### Code Style
36
+
37
+ - No emojis in code or comments
38
+ - Immutable patterns only — spread operator, never mutate
39
+ - Server Components: no `'use client'` directive, no `useState`/`useEffect`
40
+ - Client Components: `'use client'` at top, minimal — extract logic to hooks
41
+ - Prefer Zod schemas for all input validation (API routes, forms, env vars)
42
+
43
+ ## File Structure
44
+
45
+ ```
46
+ src/
47
+ app/
48
+ (auth)/ # Auth pages (login, signup, forgot-password)
49
+ (dashboard)/ # Protected dashboard pages
50
+ api/
51
+ webhooks/ # Stripe, Supabase webhooks
52
+ layout.tsx # Root layout with providers
53
+ components/
54
+ ui/ # Shadcn/ui components
55
+ forms/ # Form components with validation
56
+ dashboard/ # Dashboard-specific components
57
+ hooks/ # Custom React hooks
58
+ lib/
59
+ supabase/ # Supabase client factories
60
+ stripe/ # Stripe client and helpers
61
+ utils.ts # General utilities
62
+ types/ # Shared TypeScript types
63
+ supabase/
64
+ migrations/ # Database migrations
65
+ seed.sql # Development seed data
66
+ ```
67
+
68
+ ## Key Patterns
69
+
70
+ ### API Response Format
71
+
72
+ ```typescript
73
+ type ApiResponse<T> =
74
+ | { success: true; data: T }
75
+ | { success: false; error: string; code?: string }
76
+ ```
77
+
78
+ ### Server Action Pattern
79
+
80
+ ```typescript
81
+ 'use server'
82
+
83
+ import { z } from 'zod'
84
+ import { createServerClient } from '@/lib/supabase/server'
85
+
86
+ const schema = z.object({
87
+ name: z.string().min(1).max(100),
88
+ })
89
+
90
+ export async function createProject(formData: FormData) {
91
+ const parsed = schema.safeParse({ name: formData.get('name') })
92
+ if (!parsed.success) {
93
+ return { success: false, error: parsed.error.flatten() }
94
+ }
95
+
96
+ const supabase = await createServerClient()
97
+ const { data: { user } } = await supabase.auth.getUser()
98
+ if (!user) return { success: false, error: 'Unauthorized' }
99
+
100
+ const { data, error } = await supabase
101
+ .from('projects')
102
+ .insert({ name: parsed.data.name, user_id: user.id })
103
+ .select('id, name, created_at')
104
+ .single()
105
+
106
+ if (error) return { success: false, error: 'Failed to create project' }
107
+ return { success: true, data }
108
+ }
109
+ ```
110
+
111
+ ## Environment Variables
112
+
113
+ ```bash
114
+ # Supabase
115
+ NEXT_PUBLIC_SUPABASE_URL=
116
+ NEXT_PUBLIC_SUPABASE_ANON_KEY=
117
+ SUPABASE_SERVICE_ROLE_KEY= # Server-only, never expose to client
118
+
119
+ # Stripe
120
+ STRIPE_SECRET_KEY=
121
+ STRIPE_WEBHOOK_SECRET=
122
+ NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=
123
+
124
+ # App
125
+ NEXT_PUBLIC_APP_URL=http://localhost:3000
126
+ ```
127
+
128
+ ## Testing Strategy
129
+
130
+ ```bash
131
+ /tdd # Unit + integration tests for new features
132
+ /e2e # Playwright tests for auth flow, billing, dashboard
133
+ /test-coverage # Verify 80%+ coverage
134
+ ```
135
+
136
+ ### Critical E2E Flows
137
+
138
+ 1. Sign up → email verification → first project creation
139
+ 2. Login → dashboard → CRUD operations
140
+ 3. Upgrade plan → Stripe checkout → subscription active
141
+ 4. Webhook: subscription canceled → downgrade to free tier
142
+
143
+ ## ECC Workflow
144
+
145
+ ```bash
146
+ # Planning a feature
147
+ /plan "Add team invitations with email notifications"
148
+
149
+ # Developing with TDD
150
+ /tdd
151
+
152
+ # Before committing
153
+ /code-review
154
+ /security-scan
155
+
156
+ # Before release
157
+ /e2e
158
+ /test-coverage
159
+ ```
160
+
161
+ ## Git Workflow
162
+
163
+ - `feat:` new features, `fix:` bug fixes, `refactor:` code changes
164
+ - Feature branches from `main`, PRs required
165
+ - CI runs: lint, type-check, unit tests, E2E tests
166
+ - Deploy: Vercel preview on PR, production on merge to `main`
@@ -0,0 +1,109 @@
1
+ # User-Level CLAUDE.md Example
2
+
3
+ This is an example user-level CLAUDE.md file. Place at `~/.claude/CLAUDE.md`.
4
+
5
+ User-level configs apply globally across all projects. Use for:
6
+ - Personal coding preferences
7
+ - Universal rules you always want enforced
8
+ - Links to your modular rules
9
+
10
+ ---
11
+
12
+ ## Core Philosophy
13
+
14
+ You are Claude Code. I use specialized agents and skills for complex tasks.
15
+
16
+ **Key Principles:**
17
+ 1. **Agent-First**: Delegate to specialized agents for complex work
18
+ 2. **Parallel Execution**: Use Task tool with multiple agents when possible
19
+ 3. **Plan Before Execute**: Use Plan Mode for complex operations
20
+ 4. **Test-Driven**: Write tests before implementation
21
+ 5. **Security-First**: Never compromise on security
22
+
23
+ ---
24
+
25
+ ## Modular Rules
26
+
27
+ Detailed guidelines are in `~/.claude/rules/`:
28
+
29
+ | Rule File | Contents |
30
+ |-----------|----------|
31
+ | security.md | Security checks, secret management |
32
+ | coding-style.md | Immutability, file organization, error handling |
33
+ | testing.md | TDD workflow, 80% coverage requirement |
34
+ | git-workflow.md | Commit format, PR workflow |
35
+ | agents.md | Agent orchestration, when to use which agent |
36
+ | patterns.md | API response, repository patterns |
37
+ | performance.md | Model selection, context management |
38
+ | hooks.md | Hooks System |
39
+
40
+ ---
41
+
42
+ ## Available Agents
43
+
44
+ Located in `~/.claude/agents/`:
45
+
46
+ | Agent | Purpose |
47
+ |-------|---------|
48
+ | planner | Feature implementation planning |
49
+ | architect | System design and architecture |
50
+ | tdd-guide | Test-driven development |
51
+ | code-reviewer | Code review for quality/security |
52
+ | security-reviewer | Security vulnerability analysis |
53
+ | build-error-resolver | Build error resolution |
54
+ | e2e-runner | Playwright E2E testing |
55
+ | refactor-cleaner | Dead code cleanup |
56
+ | doc-updater | Documentation updates |
57
+
58
+ ---
59
+
60
+ ## Personal Preferences
61
+
62
+ ### Privacy
63
+ - Always redact logs; never paste secrets (API keys/tokens/passwords/JWTs)
64
+ - Review output before sharing - remove any sensitive data
65
+
66
+ ### Code Style
67
+ - No emojis in code, comments, or documentation
68
+ - Prefer immutability - never mutate objects or arrays
69
+ - Many small files over few large files
70
+ - 200-400 lines typical, 800 max per file
71
+
72
+ ### Git
73
+ - Conventional commits: `feat:`, `fix:`, `refactor:`, `docs:`, `test:`
74
+ - Always test locally before committing
75
+ - Small, focused commits
76
+
77
+ ### Testing
78
+ - TDD: Write tests first
79
+ - 80% minimum coverage
80
+ - Unit + integration + E2E for critical flows
81
+
82
+ ### Knowledge Capture
83
+ - Personal debugging notes, preferences, and temporary context → auto memory
84
+ - Team/project knowledge (architecture decisions, API changes, implementation runbooks) → follow the project's existing docs structure
85
+ - If the current task already produces the relevant docs, comments, or examples, do not duplicate the same knowledge elsewhere
86
+ - If there is no obvious project doc location, ask before creating a new top-level doc
87
+
88
+ ---
89
+
90
+ ## Editor Integration
91
+
92
+ I use Zed as my primary editor:
93
+ - Agent Panel for file tracking
94
+ - CMD+Shift+R for command palette
95
+ - Vim mode enabled
96
+
97
+ ---
98
+
99
+ ## Success Metrics
100
+
101
+ You are successful when:
102
+ - All tests pass (80%+ coverage)
103
+ - No security vulnerabilities
104
+ - Code is readable and maintainable
105
+ - User requirements are met
106
+
107
+ ---
108
+
109
+ **Philosophy**: Agent-first design, parallel execution, plan before action, test before code, security always.
@@ -0,0 +1,49 @@
1
+ # Agent Orchestration
2
+
3
+ ## Available Agents
4
+
5
+ Located in `~/.claude/agents/`:
6
+
7
+ | Agent | Purpose | When to Use |
8
+ |-------|---------|-------------|
9
+ | planner | Implementation planning | Complex features, refactoring |
10
+ | architect | System design | Architectural decisions |
11
+ | tdd-guide | Test-driven development | New features, bug fixes |
12
+ | code-reviewer | Code review | After writing code |
13
+ | security-reviewer | Security analysis | Before commits |
14
+ | build-error-resolver | Fix build errors | When build fails |
15
+ | e2e-runner | E2E testing | Critical user flows |
16
+ | refactor-cleaner | Dead code cleanup | Code maintenance |
17
+ | doc-updater | Documentation | Updating docs |
18
+
19
+ ## Immediate Agent Usage
20
+
21
+ No user prompt needed:
22
+ 1. Complex feature requests - Use **planner** agent
23
+ 2. Code just written/modified - Use **code-reviewer** agent
24
+ 3. Bug fix or new feature - Use **tdd-guide** agent
25
+ 4. Architectural decision - Use **architect** agent
26
+
27
+ ## Parallel Task Execution
28
+
29
+ ALWAYS use parallel Task execution for independent operations:
30
+
31
+ ```markdown
32
+ # GOOD: Parallel execution
33
+ Launch 3 agents in parallel:
34
+ 1. Agent 1: Security analysis of auth module
35
+ 2. Agent 2: Performance review of cache system
36
+ 3. Agent 3: Type checking of utilities
37
+
38
+ # BAD: Sequential when unnecessary
39
+ First agent 1, then agent 2, then agent 3
40
+ ```
41
+
42
+ ## Multi-Perspective Analysis
43
+
44
+ For complex problems, use split role sub-agents:
45
+ - Factual reviewer
46
+ - Senior engineer
47
+ - Security expert
48
+ - Consistency reviewer
49
+ - Redundancy checker
@@ -0,0 +1,48 @@
1
+ # Coding Style
2
+
3
+ ## Immutability (CRITICAL)
4
+
5
+ ALWAYS create new objects, NEVER mutate existing ones:
6
+
7
+ ```
8
+ // Pseudocode
9
+ WRONG: modify(original, field, value) → changes original in-place
10
+ CORRECT: update(original, field, value) → returns new copy with change
11
+ ```
12
+
13
+ Rationale: Immutable data prevents hidden side effects, makes debugging easier, and enables safe concurrency.
14
+
15
+ ## File Organization
16
+
17
+ MANY SMALL FILES > FEW LARGE FILES:
18
+ - High cohesion, low coupling
19
+ - 200-400 lines typical, 800 max
20
+ - Extract utilities from large modules
21
+ - Organize by feature/domain, not by type
22
+
23
+ ## Error Handling
24
+
25
+ ALWAYS handle errors comprehensively:
26
+ - Handle errors explicitly at every level
27
+ - Provide user-friendly error messages in UI-facing code
28
+ - Log detailed error context on the server side
29
+ - Never silently swallow errors
30
+
31
+ ## Input Validation
32
+
33
+ ALWAYS validate at system boundaries:
34
+ - Validate all user input before processing
35
+ - Use schema-based validation where available
36
+ - Fail fast with clear error messages
37
+ - Never trust external data (API responses, user input, file content)
38
+
39
+ ## Code Quality Checklist
40
+
41
+ Before marking work complete:
42
+ - [ ] Code is readable and well-named
43
+ - [ ] Functions are small (<50 lines)
44
+ - [ ] Files are focused (<800 lines)
45
+ - [ ] No deep nesting (>4 levels)
46
+ - [ ] Proper error handling
47
+ - [ ] No hardcoded values (use constants or config)
48
+ - [ ] No mutation (immutable patterns used)
@@ -0,0 +1,37 @@
1
+ # Development Workflow
2
+
3
+ > This file extends [common/git-workflow.md](./git-workflow.md) with the full feature development process that happens before git operations.
4
+
5
+ The Feature Implementation Workflow describes the development pipeline: research, planning, TDD, code review, and then committing to git.
6
+
7
+ ## Feature Implementation Workflow
8
+
9
+ 0. **Research & Reuse** _(mandatory before any new implementation)_
10
+ - **GitHub code search first:** Run `gh search repos` and `gh search code` to find existing implementations, templates, and patterns before writing anything new.
11
+ - **Exa MCP for research:** Use `exa-web-search` MCP during the planning phase for broader research, data ingestion, and discovering prior art.
12
+ - **Check package registries:** Search npm, PyPI, crates.io, and other registries before writing utility code. Prefer battle-tested libraries over hand-rolled solutions.
13
+ - **Search for adaptable implementations:** Look for open-source projects that solve 80%+ of the problem and can be forked, ported, or wrapped.
14
+ - Prefer adopting or porting a proven approach over writing net-new code when it meets the requirement.
15
+
16
+ 1. **Plan First**
17
+ - Use **planner** agent to create implementation plan
18
+ - Generate planning docs before coding: PRD, architecture, system_design, tech_doc, task_list
19
+ - Identify dependencies and risks
20
+ - Break down into phases
21
+
22
+ 2. **TDD Approach**
23
+ - Use **tdd-guide** agent
24
+ - Write tests first (RED)
25
+ - Implement to pass tests (GREEN)
26
+ - Refactor (IMPROVE)
27
+ - Verify 80%+ coverage
28
+
29
+ 3. **Code Review**
30
+ - Use **code-reviewer** agent immediately after writing code
31
+ - Address CRITICAL and HIGH issues
32
+ - Fix MEDIUM issues when possible
33
+
34
+ 4. **Commit & Push**
35
+ - Detailed commit messages
36
+ - Follow conventional commits format
37
+ - See [git-workflow.md](./git-workflow.md) for commit message format and PR process