claude-code-pilot 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (257) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +151 -0
  3. package/bin/install.js +431 -0
  4. package/docs/agent-guides/architecture.md +107 -0
  5. package/ecc/agents/architect.md +211 -0
  6. package/ecc/agents/code-reviewer.md +237 -0
  7. package/ecc/agents/doc-updater.md +107 -0
  8. package/ecc/agents/e2e-runner.md +107 -0
  9. package/ecc/agents/security-reviewer.md +108 -0
  10. package/ecc/agents/tdd-guide.md +91 -0
  11. package/ecc/commands/checkpoint.md +74 -0
  12. package/ecc/commands/evolve.md +178 -0
  13. package/ecc/commands/learn.md +70 -0
  14. package/ecc/commands/model-route.md +26 -0
  15. package/ecc/commands/quality-gate.md +29 -0
  16. package/ecc/commands/resume-session.md +155 -0
  17. package/ecc/commands/save-session.md +275 -0
  18. package/ecc/commands/sessions.md +305 -0
  19. package/ecc/commands/verify.md +59 -0
  20. package/ecc/contexts/dev.md +20 -0
  21. package/ecc/contexts/research.md +26 -0
  22. package/ecc/contexts/review.md +22 -0
  23. package/ecc/examples/CLAUDE.md +100 -0
  24. package/ecc/examples/django-api-CLAUDE.md +308 -0
  25. package/ecc/examples/go-microservice-CLAUDE.md +267 -0
  26. package/ecc/examples/rust-api-CLAUDE.md +285 -0
  27. package/ecc/examples/saas-nextjs-CLAUDE.md +166 -0
  28. package/ecc/examples/user-CLAUDE.md +109 -0
  29. package/ecc/rules/common/agents.md +49 -0
  30. package/ecc/rules/common/coding-style.md +48 -0
  31. package/ecc/rules/common/development-workflow.md +37 -0
  32. package/ecc/rules/common/git-workflow.md +24 -0
  33. package/ecc/rules/common/hooks.md +30 -0
  34. package/ecc/rules/common/patterns.md +31 -0
  35. package/ecc/rules/common/performance.md +55 -0
  36. package/ecc/rules/common/security.md +29 -0
  37. package/ecc/rules/common/testing.md +29 -0
  38. package/ecc/rules/golang/coding-style.md +32 -0
  39. package/ecc/rules/golang/hooks.md +17 -0
  40. package/ecc/rules/golang/patterns.md +45 -0
  41. package/ecc/rules/golang/security.md +34 -0
  42. package/ecc/rules/golang/testing.md +31 -0
  43. package/ecc/rules/kotlin/coding-style.md +86 -0
  44. package/ecc/rules/kotlin/patterns.md +146 -0
  45. package/ecc/rules/kotlin/security.md +82 -0
  46. package/ecc/rules/kotlin/testing.md +128 -0
  47. package/ecc/rules/perl/coding-style.md +46 -0
  48. package/ecc/rules/perl/hooks.md +22 -0
  49. package/ecc/rules/perl/patterns.md +76 -0
  50. package/ecc/rules/perl/security.md +69 -0
  51. package/ecc/rules/perl/testing.md +54 -0
  52. package/ecc/rules/php/coding-style.md +35 -0
  53. package/ecc/rules/php/hooks.md +24 -0
  54. package/ecc/rules/php/patterns.md +32 -0
  55. package/ecc/rules/php/security.md +33 -0
  56. package/ecc/rules/php/testing.md +34 -0
  57. package/ecc/rules/python/coding-style.md +42 -0
  58. package/ecc/rules/python/hooks.md +19 -0
  59. package/ecc/rules/python/patterns.md +39 -0
  60. package/ecc/rules/python/security.md +30 -0
  61. package/ecc/rules/python/testing.md +38 -0
  62. package/ecc/rules/swift/coding-style.md +47 -0
  63. package/ecc/rules/swift/hooks.md +20 -0
  64. package/ecc/rules/swift/patterns.md +66 -0
  65. package/ecc/rules/swift/security.md +33 -0
  66. package/ecc/rules/swift/testing.md +45 -0
  67. package/ecc/rules/typescript/coding-style.md +199 -0
  68. package/ecc/rules/typescript/hooks.md +22 -0
  69. package/ecc/rules/typescript/patterns.md +52 -0
  70. package/ecc/rules/typescript/security.md +28 -0
  71. package/ecc/rules/typescript/testing.md +18 -0
  72. package/ecc/scripts/hooks/check-hook-enabled.js +12 -0
  73. package/ecc/scripts/hooks/evaluate-session.js +100 -0
  74. package/ecc/scripts/hooks/pre-compact.js +48 -0
  75. package/ecc/scripts/hooks/run-with-flags-shell.sh +32 -0
  76. package/ecc/scripts/hooks/run-with-flags.js +120 -0
  77. package/ecc/scripts/hooks/session-end-marker.js +15 -0
  78. package/ecc/scripts/hooks/session-end.js +258 -0
  79. package/ecc/scripts/hooks/session-start.js +97 -0
  80. package/ecc/scripts/hooks/suggest-compact.js +80 -0
  81. package/ecc/scripts/lib/hook-flags.js +74 -0
  82. package/ecc/scripts/lib/package-manager.d.ts +119 -0
  83. package/ecc/scripts/lib/package-manager.js +431 -0
  84. package/ecc/scripts/lib/project-detect.js +428 -0
  85. package/ecc/scripts/lib/resolve-formatter.js +185 -0
  86. package/ecc/scripts/lib/session-aliases.d.ts +136 -0
  87. package/ecc/scripts/lib/session-aliases.js +481 -0
  88. package/ecc/scripts/lib/session-manager.d.ts +131 -0
  89. package/ecc/scripts/lib/session-manager.js +444 -0
  90. package/ecc/scripts/lib/shell-split.js +86 -0
  91. package/ecc/scripts/lib/utils.d.ts +183 -0
  92. package/ecc/scripts/lib/utils.js +543 -0
  93. package/ecc/skills/continuous-learning-v2/SKILL.md +365 -0
  94. package/ecc/skills/continuous-learning-v2/agents/observer-loop.sh +144 -0
  95. package/ecc/skills/continuous-learning-v2/agents/observer.md +198 -0
  96. package/ecc/skills/continuous-learning-v2/agents/start-observer.sh +194 -0
  97. package/ecc/skills/continuous-learning-v2/config.json +8 -0
  98. package/ecc/skills/continuous-learning-v2/hooks/observe.sh +246 -0
  99. package/ecc/skills/continuous-learning-v2/scripts/detect-project.sh +218 -0
  100. package/ecc/skills/continuous-learning-v2/scripts/instinct-cli.py +1148 -0
  101. package/ecc/skills/continuous-learning-v2/scripts/test_parse_instinct.py +984 -0
  102. package/ecc/skills/strategic-compact/SKILL.md +103 -0
  103. package/ecc/skills/strategic-compact/suggest-compact.sh +54 -0
  104. package/ecc/skills/verification-loop-SKILL.md +126 -0
  105. package/gsd/LICENSE +21 -0
  106. package/gsd/agents/gsd-codebase-mapper.md +772 -0
  107. package/gsd/agents/gsd-debugger.md +1257 -0
  108. package/gsd/agents/gsd-executor.md +489 -0
  109. package/gsd/agents/gsd-integration-checker.md +445 -0
  110. package/gsd/agents/gsd-nyquist-auditor.md +178 -0
  111. package/gsd/agents/gsd-phase-researcher.md +555 -0
  112. package/gsd/agents/gsd-plan-checker.md +708 -0
  113. package/gsd/agents/gsd-planner.md +1309 -0
  114. package/gsd/agents/gsd-project-researcher.md +631 -0
  115. package/gsd/agents/gsd-research-synthesizer.md +249 -0
  116. package/gsd/agents/gsd-roadmapper.md +652 -0
  117. package/gsd/agents/gsd-verifier.md +581 -0
  118. package/gsd/commands-gsd/add-phase.md +43 -0
  119. package/gsd/commands-gsd/add-tests.md +41 -0
  120. package/gsd/commands-gsd/add-todo.md +47 -0
  121. package/gsd/commands-gsd/audit-milestone.md +36 -0
  122. package/gsd/commands-gsd/check-todos.md +45 -0
  123. package/gsd/commands-gsd/cleanup.md +18 -0
  124. package/gsd/commands-gsd/complete-milestone.md +136 -0
  125. package/gsd/commands-gsd/debug.md +168 -0
  126. package/gsd/commands-gsd/discuss-phase.md +90 -0
  127. package/gsd/commands-gsd/execute-phase.md +41 -0
  128. package/gsd/commands-gsd/health.md +22 -0
  129. package/gsd/commands-gsd/help.md +22 -0
  130. package/gsd/commands-gsd/insert-phase.md +32 -0
  131. package/gsd/commands-gsd/join-discord.md +18 -0
  132. package/gsd/commands-gsd/list-phase-assumptions.md +46 -0
  133. package/gsd/commands-gsd/map-codebase.md +71 -0
  134. package/gsd/commands-gsd/new-milestone.md +44 -0
  135. package/gsd/commands-gsd/new-project.md +42 -0
  136. package/gsd/commands-gsd/pause-work.md +38 -0
  137. package/gsd/commands-gsd/plan-milestone-gaps.md +34 -0
  138. package/gsd/commands-gsd/plan-phase.md +45 -0
  139. package/gsd/commands-gsd/progress.md +24 -0
  140. package/gsd/commands-gsd/quick.md +45 -0
  141. package/gsd/commands-gsd/reapply-patches.md +123 -0
  142. package/gsd/commands-gsd/remove-phase.md +31 -0
  143. package/gsd/commands-gsd/research-phase.md +190 -0
  144. package/gsd/commands-gsd/resume-work.md +40 -0
  145. package/gsd/commands-gsd/set-profile.md +34 -0
  146. package/gsd/commands-gsd/settings.md +36 -0
  147. package/gsd/commands-gsd/update.md +37 -0
  148. package/gsd/commands-gsd/validate-phase.md +35 -0
  149. package/gsd/commands-gsd/verify-work.md +38 -0
  150. package/gsd/get-shit-done/bin/gsd-tools.cjs +592 -0
  151. package/gsd/get-shit-done/bin/lib/commands.cjs +548 -0
  152. package/gsd/get-shit-done/bin/lib/config.cjs +169 -0
  153. package/gsd/get-shit-done/bin/lib/core.cjs +492 -0
  154. package/gsd/get-shit-done/bin/lib/frontmatter.cjs +299 -0
  155. package/gsd/get-shit-done/bin/lib/init.cjs +710 -0
  156. package/gsd/get-shit-done/bin/lib/milestone.cjs +241 -0
  157. package/gsd/get-shit-done/bin/lib/phase.cjs +901 -0
  158. package/gsd/get-shit-done/bin/lib/roadmap.cjs +298 -0
  159. package/gsd/get-shit-done/bin/lib/state.cjs +721 -0
  160. package/gsd/get-shit-done/bin/lib/template.cjs +222 -0
  161. package/gsd/get-shit-done/bin/lib/verify.cjs +820 -0
  162. package/gsd/get-shit-done/references/checkpoints.md +776 -0
  163. package/gsd/get-shit-done/references/continuation-format.md +249 -0
  164. package/gsd/get-shit-done/references/decimal-phase-calculation.md +65 -0
  165. package/gsd/get-shit-done/references/git-integration.md +248 -0
  166. package/gsd/get-shit-done/references/git-planning-commit.md +38 -0
  167. package/gsd/get-shit-done/references/model-profile-resolution.md +34 -0
  168. package/gsd/get-shit-done/references/model-profiles.md +93 -0
  169. package/gsd/get-shit-done/references/phase-argument-parsing.md +61 -0
  170. package/gsd/get-shit-done/references/planning-config.md +200 -0
  171. package/gsd/get-shit-done/references/questioning.md +162 -0
  172. package/gsd/get-shit-done/references/tdd.md +263 -0
  173. package/gsd/get-shit-done/references/ui-brand.md +160 -0
  174. package/gsd/get-shit-done/references/verification-patterns.md +612 -0
  175. package/gsd/get-shit-done/templates/DEBUG.md +164 -0
  176. package/gsd/get-shit-done/templates/UAT.md +247 -0
  177. package/gsd/get-shit-done/templates/VALIDATION.md +76 -0
  178. package/gsd/get-shit-done/templates/codebase/architecture.md +255 -0
  179. package/gsd/get-shit-done/templates/codebase/concerns.md +310 -0
  180. package/gsd/get-shit-done/templates/codebase/conventions.md +307 -0
  181. package/gsd/get-shit-done/templates/codebase/integrations.md +280 -0
  182. package/gsd/get-shit-done/templates/codebase/stack.md +186 -0
  183. package/gsd/get-shit-done/templates/codebase/structure.md +285 -0
  184. package/gsd/get-shit-done/templates/codebase/testing.md +480 -0
  185. package/gsd/get-shit-done/templates/config.json +37 -0
  186. package/gsd/get-shit-done/templates/context.md +297 -0
  187. package/gsd/get-shit-done/templates/continue-here.md +78 -0
  188. package/gsd/get-shit-done/templates/debug-subagent-prompt.md +91 -0
  189. package/gsd/get-shit-done/templates/discovery.md +146 -0
  190. package/gsd/get-shit-done/templates/milestone-archive.md +123 -0
  191. package/gsd/get-shit-done/templates/milestone.md +115 -0
  192. package/gsd/get-shit-done/templates/phase-prompt.md +569 -0
  193. package/gsd/get-shit-done/templates/planner-subagent-prompt.md +117 -0
  194. package/gsd/get-shit-done/templates/project.md +184 -0
  195. package/gsd/get-shit-done/templates/requirements.md +231 -0
  196. package/gsd/get-shit-done/templates/research-project/ARCHITECTURE.md +204 -0
  197. package/gsd/get-shit-done/templates/research-project/FEATURES.md +147 -0
  198. package/gsd/get-shit-done/templates/research-project/PITFALLS.md +200 -0
  199. package/gsd/get-shit-done/templates/research-project/STACK.md +120 -0
  200. package/gsd/get-shit-done/templates/research-project/SUMMARY.md +170 -0
  201. package/gsd/get-shit-done/templates/research.md +552 -0
  202. package/gsd/get-shit-done/templates/retrospective.md +54 -0
  203. package/gsd/get-shit-done/templates/roadmap.md +202 -0
  204. package/gsd/get-shit-done/templates/state.md +176 -0
  205. package/gsd/get-shit-done/templates/summary-complex.md +59 -0
  206. package/gsd/get-shit-done/templates/summary-minimal.md +41 -0
  207. package/gsd/get-shit-done/templates/summary-standard.md +48 -0
  208. package/gsd/get-shit-done/templates/summary.md +248 -0
  209. package/gsd/get-shit-done/templates/user-setup.md +311 -0
  210. package/gsd/get-shit-done/templates/verification-report.md +322 -0
  211. package/gsd/get-shit-done/workflows/add-phase.md +112 -0
  212. package/gsd/get-shit-done/workflows/add-tests.md +351 -0
  213. package/gsd/get-shit-done/workflows/add-todo.md +158 -0
  214. package/gsd/get-shit-done/workflows/audit-milestone.md +332 -0
  215. package/gsd/get-shit-done/workflows/check-todos.md +177 -0
  216. package/gsd/get-shit-done/workflows/cleanup.md +152 -0
  217. package/gsd/get-shit-done/workflows/complete-milestone.md +764 -0
  218. package/gsd/get-shit-done/workflows/diagnose-issues.md +219 -0
  219. package/gsd/get-shit-done/workflows/discovery-phase.md +289 -0
  220. package/gsd/get-shit-done/workflows/discuss-phase.md +676 -0
  221. package/gsd/get-shit-done/workflows/execute-phase.md +459 -0
  222. package/gsd/get-shit-done/workflows/execute-plan.md +449 -0
  223. package/gsd/get-shit-done/workflows/health.md +159 -0
  224. package/gsd/get-shit-done/workflows/help.md +489 -0
  225. package/gsd/get-shit-done/workflows/insert-phase.md +130 -0
  226. package/gsd/get-shit-done/workflows/list-phase-assumptions.md +178 -0
  227. package/gsd/get-shit-done/workflows/map-codebase.md +316 -0
  228. package/gsd/get-shit-done/workflows/new-milestone.md +384 -0
  229. package/gsd/get-shit-done/workflows/new-project.md +1111 -0
  230. package/gsd/get-shit-done/workflows/pause-work.md +122 -0
  231. package/gsd/get-shit-done/workflows/plan-milestone-gaps.md +274 -0
  232. package/gsd/get-shit-done/workflows/plan-phase.md +560 -0
  233. package/gsd/get-shit-done/workflows/progress.md +382 -0
  234. package/gsd/get-shit-done/workflows/quick.md +601 -0
  235. package/gsd/get-shit-done/workflows/remove-phase.md +155 -0
  236. package/gsd/get-shit-done/workflows/research-phase.md +74 -0
  237. package/gsd/get-shit-done/workflows/resume-project.md +307 -0
  238. package/gsd/get-shit-done/workflows/set-profile.md +81 -0
  239. package/gsd/get-shit-done/workflows/settings.md +214 -0
  240. package/gsd/get-shit-done/workflows/transition.md +544 -0
  241. package/gsd/get-shit-done/workflows/update.md +240 -0
  242. package/gsd/get-shit-done/workflows/validate-phase.md +167 -0
  243. package/gsd/get-shit-done/workflows/verify-phase.md +243 -0
  244. package/gsd/get-shit-done/workflows/verify-work.md +583 -0
  245. package/gsd/hooks/gsd-check-update.js +81 -0
  246. package/gsd/hooks/gsd-context-monitor.js +141 -0
  247. package/gsd/hooks/gsd-statusline.js +115 -0
  248. package/kit/CLAUDE.md +43 -0
  249. package/kit/commands/kit/update.md +46 -0
  250. package/kit/commands/setup-refresh.md +50 -0
  251. package/kit/commands/setup.md +579 -0
  252. package/kit/commands/tool-guide.md +44 -0
  253. package/kit/hooks/kit-check-update.js +54 -0
  254. package/kit/mcp.json +10 -0
  255. package/kit/rules/code-style.md +24 -0
  256. package/manifest.json +30 -0
  257. package/package.json +36 -0
@@ -0,0 +1,24 @@
1
+ # Git Workflow
2
+
3
+ ## Commit Message Format
4
+ ```
5
+ <type>: <description>
6
+
7
+ <optional body>
8
+ ```
9
+
10
+ Types: feat, fix, refactor, docs, test, chore, perf, ci
11
+
12
+ Note: Attribution disabled globally via ~/.claude/settings.json.
13
+
14
+ ## Pull Request Workflow
15
+
16
+ When creating PRs:
17
+ 1. Analyze full commit history (not just latest commit)
18
+ 2. Use `git diff [base-branch]...HEAD` to see all changes
19
+ 3. Draft comprehensive PR summary
20
+ 4. Include test plan with TODOs
21
+ 5. Push with `-u` flag if new branch
22
+
23
+ > For the full development process (planning, TDD, code review) before git operations,
24
+ > see [development-workflow.md](./development-workflow.md).
@@ -0,0 +1,30 @@
1
+ # Hooks System
2
+
3
+ ## Hook Types
4
+
5
+ - **PreToolUse**: Before tool execution (validation, parameter modification)
6
+ - **PostToolUse**: After tool execution (auto-format, checks)
7
+ - **Stop**: When session ends (final verification)
8
+
9
+ ## Auto-Accept Permissions
10
+
11
+ Use with caution:
12
+ - Enable for trusted, well-defined plans
13
+ - Disable for exploratory work
14
+ - Never use dangerously-skip-permissions flag
15
+ - Configure `allowedTools` in `~/.claude.json` instead
16
+
17
+ ## TodoWrite Best Practices
18
+
19
+ Use TodoWrite tool to:
20
+ - Track progress on multi-step tasks
21
+ - Verify understanding of instructions
22
+ - Enable real-time steering
23
+ - Show granular implementation steps
24
+
25
+ Todo list reveals:
26
+ - Out of order steps
27
+ - Missing items
28
+ - Extra unnecessary items
29
+ - Wrong granularity
30
+ - Misinterpreted requirements
@@ -0,0 +1,31 @@
1
+ # Common Patterns
2
+
3
+ ## Skeleton Projects
4
+
5
+ When implementing new functionality:
6
+ 1. Search for battle-tested skeleton projects
7
+ 2. Use parallel agents to evaluate options:
8
+ - Security assessment
9
+ - Extensibility analysis
10
+ - Relevance scoring
11
+ - Implementation planning
12
+ 3. Clone best match as foundation
13
+ 4. Iterate within proven structure
14
+
15
+ ## Design Patterns
16
+
17
+ ### Repository Pattern
18
+
19
+ Encapsulate data access behind a consistent interface:
20
+ - Define standard operations: findAll, findById, create, update, delete
21
+ - Concrete implementations handle storage details (database, API, file, etc.)
22
+ - Business logic depends on the abstract interface, not the storage mechanism
23
+ - Enables easy swapping of data sources and simplifies testing with mocks
24
+
25
+ ### API Response Format
26
+
27
+ Use a consistent envelope for all API responses:
28
+ - Include a success/status indicator
29
+ - Include the data payload (nullable on error)
30
+ - Include an error message field (nullable on success)
31
+ - Include metadata for paginated responses (total, page, limit)
@@ -0,0 +1,55 @@
1
+ # Performance Optimization
2
+
3
+ ## Model Selection Strategy
4
+
5
+ **Haiku 4.5** (90% of Sonnet capability, 3x cost savings):
6
+ - Lightweight agents with frequent invocation
7
+ - Pair programming and code generation
8
+ - Worker agents in multi-agent systems
9
+
10
+ **Sonnet 4.6** (Best coding model):
11
+ - Main development work
12
+ - Orchestrating multi-agent workflows
13
+ - Complex coding tasks
14
+
15
+ **Opus 4.5** (Deepest reasoning):
16
+ - Complex architectural decisions
17
+ - Maximum reasoning requirements
18
+ - Research and analysis tasks
19
+
20
+ ## Context Window Management
21
+
22
+ Avoid last 20% of context window for:
23
+ - Large-scale refactoring
24
+ - Feature implementation spanning multiple files
25
+ - Debugging complex interactions
26
+
27
+ Lower context sensitivity tasks:
28
+ - Single-file edits
29
+ - Independent utility creation
30
+ - Documentation updates
31
+ - Simple bug fixes
32
+
33
+ ## Extended Thinking + Plan Mode
34
+
35
+ Extended thinking is enabled by default, reserving up to 31,999 tokens for internal reasoning.
36
+
37
+ Control extended thinking via:
38
+ - **Toggle**: Option+T (macOS) / Alt+T (Windows/Linux)
39
+ - **Config**: Set `alwaysThinkingEnabled` in `~/.claude/settings.json`
40
+ - **Budget cap**: `export MAX_THINKING_TOKENS=10000`
41
+ - **Verbose mode**: Ctrl+O to see thinking output
42
+
43
+ For complex tasks requiring deep reasoning:
44
+ 1. Ensure extended thinking is enabled (on by default)
45
+ 2. Enable **Plan Mode** for structured approach
46
+ 3. Use multiple critique rounds for thorough analysis
47
+ 4. Use split role sub-agents for diverse perspectives
48
+
49
+ ## Build Troubleshooting
50
+
51
+ If build fails:
52
+ 1. Use **build-error-resolver** agent
53
+ 2. Analyze error messages
54
+ 3. Fix incrementally
55
+ 4. Verify after each fix
@@ -0,0 +1,29 @@
1
+ # Security Guidelines
2
+
3
+ ## Mandatory Security Checks
4
+
5
+ Before ANY commit:
6
+ - [ ] No hardcoded secrets (API keys, passwords, tokens)
7
+ - [ ] All user inputs validated
8
+ - [ ] SQL injection prevention (parameterized queries)
9
+ - [ ] XSS prevention (sanitized HTML)
10
+ - [ ] CSRF protection enabled
11
+ - [ ] Authentication/authorization verified
12
+ - [ ] Rate limiting on all endpoints
13
+ - [ ] Error messages don't leak sensitive data
14
+
15
+ ## Secret Management
16
+
17
+ - NEVER hardcode secrets in source code
18
+ - ALWAYS use environment variables or a secret manager
19
+ - Validate that required secrets are present at startup
20
+ - Rotate any secrets that may have been exposed
21
+
22
+ ## Security Response Protocol
23
+
24
+ If security issue found:
25
+ 1. STOP immediately
26
+ 2. Use **security-reviewer** agent
27
+ 3. Fix CRITICAL issues before continuing
28
+ 4. Rotate any exposed secrets
29
+ 5. Review entire codebase for similar issues
@@ -0,0 +1,29 @@
1
+ # Testing Requirements
2
+
3
+ ## Minimum Test Coverage: 80%
4
+
5
+ Test Types (ALL required):
6
+ 1. **Unit Tests** - Individual functions, utilities, components
7
+ 2. **Integration Tests** - API endpoints, database operations
8
+ 3. **E2E Tests** - Critical user flows (framework chosen per language)
9
+
10
+ ## Test-Driven Development
11
+
12
+ MANDATORY workflow:
13
+ 1. Write test first (RED)
14
+ 2. Run test - it should FAIL
15
+ 3. Write minimal implementation (GREEN)
16
+ 4. Run test - it should PASS
17
+ 5. Refactor (IMPROVE)
18
+ 6. Verify coverage (80%+)
19
+
20
+ ## Troubleshooting Test Failures
21
+
22
+ 1. Use **tdd-guide** agent
23
+ 2. Check test isolation
24
+ 3. Verify mocks are correct
25
+ 4. Fix implementation, not tests (unless tests are wrong)
26
+
27
+ ## Agent Support
28
+
29
+ - **tdd-guide** - Use PROACTIVELY for new features, enforces write-tests-first
@@ -0,0 +1,32 @@
1
+ ---
2
+ paths:
3
+ - "**/*.go"
4
+ - "**/go.mod"
5
+ - "**/go.sum"
6
+ ---
7
+ # Go Coding Style
8
+
9
+ > This file extends [common/coding-style.md](../common/coding-style.md) with Go specific content.
10
+
11
+ ## Formatting
12
+
13
+ - **gofmt** and **goimports** are mandatory — no style debates
14
+
15
+ ## Design Principles
16
+
17
+ - Accept interfaces, return structs
18
+ - Keep interfaces small (1-3 methods)
19
+
20
+ ## Error Handling
21
+
22
+ Always wrap errors with context:
23
+
24
+ ```go
25
+ if err != nil {
26
+ return fmt.Errorf("failed to create user: %w", err)
27
+ }
28
+ ```
29
+
30
+ ## Reference
31
+
32
+ See skill: `golang-patterns` for comprehensive Go idioms and patterns.
@@ -0,0 +1,17 @@
1
+ ---
2
+ paths:
3
+ - "**/*.go"
4
+ - "**/go.mod"
5
+ - "**/go.sum"
6
+ ---
7
+ # Go Hooks
8
+
9
+ > This file extends [common/hooks.md](../common/hooks.md) with Go specific content.
10
+
11
+ ## PostToolUse Hooks
12
+
13
+ Configure in `~/.claude/settings.json`:
14
+
15
+ - **gofmt/goimports**: Auto-format `.go` files after edit
16
+ - **go vet**: Run static analysis after editing `.go` files
17
+ - **staticcheck**: Run extended static checks on modified packages
@@ -0,0 +1,45 @@
1
+ ---
2
+ paths:
3
+ - "**/*.go"
4
+ - "**/go.mod"
5
+ - "**/go.sum"
6
+ ---
7
+ # Go Patterns
8
+
9
+ > This file extends [common/patterns.md](../common/patterns.md) with Go specific content.
10
+
11
+ ## Functional Options
12
+
13
+ ```go
14
+ type Option func(*Server)
15
+
16
+ func WithPort(port int) Option {
17
+ return func(s *Server) { s.port = port }
18
+ }
19
+
20
+ func NewServer(opts ...Option) *Server {
21
+ s := &Server{port: 8080}
22
+ for _, opt := range opts {
23
+ opt(s)
24
+ }
25
+ return s
26
+ }
27
+ ```
28
+
29
+ ## Small Interfaces
30
+
31
+ Define interfaces where they are used, not where they are implemented.
32
+
33
+ ## Dependency Injection
34
+
35
+ Use constructor functions to inject dependencies:
36
+
37
+ ```go
38
+ func NewUserService(repo UserRepository, logger Logger) *UserService {
39
+ return &UserService{repo: repo, logger: logger}
40
+ }
41
+ ```
42
+
43
+ ## Reference
44
+
45
+ See skill: `golang-patterns` for comprehensive Go patterns including concurrency, error handling, and package organization.
@@ -0,0 +1,34 @@
1
+ ---
2
+ paths:
3
+ - "**/*.go"
4
+ - "**/go.mod"
5
+ - "**/go.sum"
6
+ ---
7
+ # Go Security
8
+
9
+ > This file extends [common/security.md](../common/security.md) with Go specific content.
10
+
11
+ ## Secret Management
12
+
13
+ ```go
14
+ apiKey := os.Getenv("OPENAI_API_KEY")
15
+ if apiKey == "" {
16
+ log.Fatal("OPENAI_API_KEY not configured")
17
+ }
18
+ ```
19
+
20
+ ## Security Scanning
21
+
22
+ - Use **gosec** for static security analysis:
23
+ ```bash
24
+ gosec ./...
25
+ ```
26
+
27
+ ## Context & Timeouts
28
+
29
+ Always use `context.Context` for timeout control:
30
+
31
+ ```go
32
+ ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
33
+ defer cancel()
34
+ ```
@@ -0,0 +1,31 @@
1
+ ---
2
+ paths:
3
+ - "**/*.go"
4
+ - "**/go.mod"
5
+ - "**/go.sum"
6
+ ---
7
+ # Go Testing
8
+
9
+ > This file extends [common/testing.md](../common/testing.md) with Go specific content.
10
+
11
+ ## Framework
12
+
13
+ Use the standard `go test` with **table-driven tests**.
14
+
15
+ ## Race Detection
16
+
17
+ Always run with the `-race` flag:
18
+
19
+ ```bash
20
+ go test -race ./...
21
+ ```
22
+
23
+ ## Coverage
24
+
25
+ ```bash
26
+ go test -cover ./...
27
+ ```
28
+
29
+ ## Reference
30
+
31
+ See skill: `golang-testing` for detailed Go testing patterns and helpers.
@@ -0,0 +1,86 @@
1
+ ---
2
+ paths:
3
+ - "**/*.kt"
4
+ - "**/*.kts"
5
+ ---
6
+ # Kotlin Coding Style
7
+
8
+ > This file extends [common/coding-style.md](../common/coding-style.md) with Kotlin-specific content.
9
+
10
+ ## Formatting
11
+
12
+ - **ktlint** or **Detekt** for style enforcement
13
+ - Official Kotlin code style (`kotlin.code.style=official` in `gradle.properties`)
14
+
15
+ ## Immutability
16
+
17
+ - Prefer `val` over `var` — default to `val` and only use `var` when mutation is required
18
+ - Use `data class` for value types; use immutable collections (`List`, `Map`, `Set`) in public APIs
19
+ - Copy-on-write for state updates: `state.copy(field = newValue)`
20
+
21
+ ## Naming
22
+
23
+ Follow Kotlin conventions:
24
+ - `camelCase` for functions and properties
25
+ - `PascalCase` for classes, interfaces, objects, and type aliases
26
+ - `SCREAMING_SNAKE_CASE` for constants (`const val` or `@JvmStatic`)
27
+ - Prefix interfaces with behavior, not `I`: `Clickable` not `IClickable`
28
+
29
+ ## Null Safety
30
+
31
+ - Never use `!!` — prefer `?.`, `?:`, `requireNotNull()`, or `checkNotNull()`
32
+ - Use `?.let {}` for scoped null-safe operations
33
+ - Return nullable types from functions that can legitimately have no result
34
+
35
+ ```kotlin
36
+ // BAD
37
+ val name = user!!.name
38
+
39
+ // GOOD
40
+ val name = user?.name ?: "Unknown"
41
+ val name = requireNotNull(user) { "User must be set before accessing name" }.name
42
+ ```
43
+
44
+ ## Sealed Types
45
+
46
+ Use sealed classes/interfaces to model closed state hierarchies:
47
+
48
+ ```kotlin
49
+ sealed interface UiState<out T> {
50
+ data object Loading : UiState<Nothing>
51
+ data class Success<T>(val data: T) : UiState<T>
52
+ data class Error(val message: String) : UiState<Nothing>
53
+ }
54
+ ```
55
+
56
+ Always use exhaustive `when` with sealed types — no `else` branch.
57
+
58
+ ## Extension Functions
59
+
60
+ Use extension functions for utility operations, but keep them discoverable:
61
+ - Place in a file named after the receiver type (`StringExt.kt`, `FlowExt.kt`)
62
+ - Keep scope limited — don't add extensions to `Any` or overly generic types
63
+
64
+ ## Scope Functions
65
+
66
+ Use the right scope function:
67
+ - `let` — null check + transform: `user?.let { greet(it) }`
68
+ - `run` — compute a result using receiver: `service.run { fetch(config) }`
69
+ - `apply` — configure an object: `builder.apply { timeout = 30 }`
70
+ - `also` — side effects: `result.also { log(it) }`
71
+ - Avoid deep nesting of scope functions (max 2 levels)
72
+
73
+ ## Error Handling
74
+
75
+ - Use `Result<T>` or custom sealed types
76
+ - Use `runCatching {}` for wrapping throwable code
77
+ - Never catch `CancellationException` — always rethrow it
78
+ - Avoid `try-catch` for control flow
79
+
80
+ ```kotlin
81
+ // BAD — using exceptions for control flow
82
+ val user = try { repository.getUser(id) } catch (e: NotFoundException) { null }
83
+
84
+ // GOOD — nullable return
85
+ val user: User? = repository.findUser(id)
86
+ ```
@@ -0,0 +1,146 @@
1
+ ---
2
+ paths:
3
+ - "**/*.kt"
4
+ - "**/*.kts"
5
+ ---
6
+ # Kotlin Patterns
7
+
8
+ > This file extends [common/patterns.md](../common/patterns.md) with Kotlin and Android/KMP-specific content.
9
+
10
+ ## Dependency Injection
11
+
12
+ Prefer constructor injection. Use Koin (KMP) or Hilt (Android-only):
13
+
14
+ ```kotlin
15
+ // Koin — declare modules
16
+ val dataModule = module {
17
+ single<ItemRepository> { ItemRepositoryImpl(get(), get()) }
18
+ factory { GetItemsUseCase(get()) }
19
+ viewModelOf(::ItemListViewModel)
20
+ }
21
+
22
+ // Hilt — annotations
23
+ @HiltViewModel
24
+ class ItemListViewModel @Inject constructor(
25
+ private val getItems: GetItemsUseCase
26
+ ) : ViewModel()
27
+ ```
28
+
29
+ ## ViewModel Pattern
30
+
31
+ Single state object, event sink, one-way data flow:
32
+
33
+ ```kotlin
34
+ data class ScreenState(
35
+ val items: List<Item> = emptyList(),
36
+ val isLoading: Boolean = false
37
+ )
38
+
39
+ class ScreenViewModel(private val useCase: GetItemsUseCase) : ViewModel() {
40
+ private val _state = MutableStateFlow(ScreenState())
41
+ val state = _state.asStateFlow()
42
+
43
+ fun onEvent(event: ScreenEvent) {
44
+ when (event) {
45
+ is ScreenEvent.Load -> load()
46
+ is ScreenEvent.Delete -> delete(event.id)
47
+ }
48
+ }
49
+ }
50
+ ```
51
+
52
+ ## Repository Pattern
53
+
54
+ - `suspend` functions return `Result<T>` or custom error type
55
+ - `Flow` for reactive streams
56
+ - Coordinate local + remote data sources
57
+
58
+ ```kotlin
59
+ interface ItemRepository {
60
+ suspend fun getById(id: String): Result<Item>
61
+ suspend fun getAll(): Result<List<Item>>
62
+ fun observeAll(): Flow<List<Item>>
63
+ }
64
+ ```
65
+
66
+ ## UseCase Pattern
67
+
68
+ Single responsibility, `operator fun invoke`:
69
+
70
+ ```kotlin
71
+ class GetItemUseCase(private val repository: ItemRepository) {
72
+ suspend operator fun invoke(id: String): Result<Item> {
73
+ return repository.getById(id)
74
+ }
75
+ }
76
+
77
+ class GetItemsUseCase(private val repository: ItemRepository) {
78
+ suspend operator fun invoke(): Result<List<Item>> {
79
+ return repository.getAll()
80
+ }
81
+ }
82
+ ```
83
+
84
+ ## expect/actual (KMP)
85
+
86
+ Use for platform-specific implementations:
87
+
88
+ ```kotlin
89
+ // commonMain
90
+ expect fun platformName(): String
91
+ expect class SecureStorage {
92
+ fun save(key: String, value: String)
93
+ fun get(key: String): String?
94
+ }
95
+
96
+ // androidMain
97
+ actual fun platformName(): String = "Android"
98
+ actual class SecureStorage {
99
+ actual fun save(key: String, value: String) { /* EncryptedSharedPreferences */ }
100
+ actual fun get(key: String): String? = null /* ... */
101
+ }
102
+
103
+ // iosMain
104
+ actual fun platformName(): String = "iOS"
105
+ actual class SecureStorage {
106
+ actual fun save(key: String, value: String) { /* Keychain */ }
107
+ actual fun get(key: String): String? = null /* ... */
108
+ }
109
+ ```
110
+
111
+ ## Coroutine Patterns
112
+
113
+ - Use `viewModelScope` in ViewModels, `coroutineScope` for structured child work
114
+ - Use `stateIn(viewModelScope, SharingStarted.WhileSubscribed(5_000), initialValue)` for StateFlow from cold Flows
115
+ - Use `supervisorScope` when child failures should be independent
116
+
117
+ ## Builder Pattern with DSL
118
+
119
+ ```kotlin
120
+ class HttpClientConfig {
121
+ var baseUrl: String = ""
122
+ var timeout: Long = 30_000
123
+ private val interceptors = mutableListOf<Interceptor>()
124
+
125
+ fun interceptor(block: () -> Interceptor) {
126
+ interceptors.add(block())
127
+ }
128
+ }
129
+
130
+ fun httpClient(block: HttpClientConfig.() -> Unit): HttpClient {
131
+ val config = HttpClientConfig().apply(block)
132
+ return HttpClient(config)
133
+ }
134
+
135
+ // Usage
136
+ val client = httpClient {
137
+ baseUrl = "https://api.example.com"
138
+ timeout = 15_000
139
+ interceptor { AuthInterceptor(tokenProvider) }
140
+ }
141
+ ```
142
+
143
+ ## References
144
+
145
+ See skill: `kotlin-coroutines-flows` for detailed coroutine patterns.
146
+ See skill: `android-clean-architecture` for module and layer patterns.
@@ -0,0 +1,82 @@
1
+ ---
2
+ paths:
3
+ - "**/*.kt"
4
+ - "**/*.kts"
5
+ ---
6
+ # Kotlin Security
7
+
8
+ > This file extends [common/security.md](../common/security.md) with Kotlin and Android/KMP-specific content.
9
+
10
+ ## Secrets Management
11
+
12
+ - Never hardcode API keys, tokens, or credentials in source code
13
+ - Use `local.properties` (git-ignored) for local development secrets
14
+ - Use `BuildConfig` fields generated from CI secrets for release builds
15
+ - Use `EncryptedSharedPreferences` (Android) or Keychain (iOS) for runtime secret storage
16
+
17
+ ```kotlin
18
+ // BAD
19
+ val apiKey = "sk-abc123..."
20
+
21
+ // GOOD — from BuildConfig (generated at build time)
22
+ val apiKey = BuildConfig.API_KEY
23
+
24
+ // GOOD — from secure storage at runtime
25
+ val token = secureStorage.get("auth_token")
26
+ ```
27
+
28
+ ## Network Security
29
+
30
+ - Use HTTPS exclusively — configure `network_security_config.xml` to block cleartext
31
+ - Pin certificates for sensitive endpoints using OkHttp `CertificatePinner` or Ktor equivalent
32
+ - Set timeouts on all HTTP clients — never leave defaults (which may be infinite)
33
+ - Validate and sanitize all server responses before use
34
+
35
+ ```xml
36
+ <!-- res/xml/network_security_config.xml -->
37
+ <network-security-config>
38
+ <base-config cleartextTrafficPermitted="false" />
39
+ </network-security-config>
40
+ ```
41
+
42
+ ## Input Validation
43
+
44
+ - Validate all user input before processing or sending to API
45
+ - Use parameterized queries for Room/SQLDelight — never concatenate user input into SQL
46
+ - Sanitize file paths from user input to prevent path traversal
47
+
48
+ ```kotlin
49
+ // BAD — SQL injection
50
+ @Query("SELECT * FROM items WHERE name = '$input'")
51
+
52
+ // GOOD — parameterized
53
+ @Query("SELECT * FROM items WHERE name = :input")
54
+ fun findByName(input: String): List<ItemEntity>
55
+ ```
56
+
57
+ ## Data Protection
58
+
59
+ - Use `EncryptedSharedPreferences` for sensitive key-value data on Android
60
+ - Use `@Serializable` with explicit field names — don't leak internal property names
61
+ - Clear sensitive data from memory when no longer needed
62
+ - Use `@Keep` or ProGuard rules for serialized classes to prevent name mangling
63
+
64
+ ## Authentication
65
+
66
+ - Store tokens in secure storage, not in plain SharedPreferences
67
+ - Implement token refresh with proper 401/403 handling
68
+ - Clear all auth state on logout (tokens, cached user data, cookies)
69
+ - Use biometric authentication (`BiometricPrompt`) for sensitive operations
70
+
71
+ ## ProGuard / R8
72
+
73
+ - Keep rules for all serialized models (`@Serializable`, Gson, Moshi)
74
+ - Keep rules for reflection-based libraries (Koin, Retrofit)
75
+ - Test release builds — obfuscation can break serialization silently
76
+
77
+ ## WebView Security
78
+
79
+ - Disable JavaScript unless explicitly needed: `settings.javaScriptEnabled = false`
80
+ - Validate URLs before loading in WebView
81
+ - Never expose `@JavascriptInterface` methods that access sensitive data
82
+ - Use `WebViewClient.shouldOverrideUrlLoading()` to control navigation