claude-code-pilot 3.1.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (198) hide show
  1. package/CHANGELOG.md +57 -0
  2. package/README.md +16 -11
  3. package/bin/install.js +127 -11
  4. package/manifest.json +20 -1
  5. package/package.json +4 -3
  6. package/src/agents/a11y-architect.md +141 -0
  7. package/src/agents/code-architect.md +71 -0
  8. package/src/agents/code-explorer.md +69 -0
  9. package/src/agents/code-simplifier.md +47 -0
  10. package/src/agents/comment-analyzer.md +45 -0
  11. package/src/agents/csharp-reviewer.md +101 -0
  12. package/src/agents/dart-build-resolver.md +201 -0
  13. package/src/agents/django-build-resolver.md +252 -0
  14. package/src/agents/django-reviewer.md +169 -0
  15. package/src/agents/fastapi-reviewer.md +79 -0
  16. package/src/agents/fsharp-reviewer.md +109 -0
  17. package/src/agents/pr-test-analyzer.md +45 -0
  18. package/src/agents/silent-failure-hunter.md +50 -0
  19. package/src/agents/swift-build-resolver.md +170 -0
  20. package/src/agents/swift-reviewer.md +116 -0
  21. package/src/agents/type-design-analyzer.md +41 -0
  22. package/src/available-rules/README.md +3 -1
  23. package/src/available-rules/dart/coding-style.md +159 -0
  24. package/src/available-rules/dart/hooks.md +66 -0
  25. package/src/available-rules/dart/patterns.md +261 -0
  26. package/src/available-rules/dart/security.md +135 -0
  27. package/src/available-rules/dart/testing.md +215 -0
  28. package/src/available-rules/web/coding-style.md +105 -0
  29. package/src/available-rules/web/design-quality.md +72 -0
  30. package/src/available-rules/web/hooks.md +129 -0
  31. package/src/available-rules/web/patterns.md +88 -0
  32. package/src/available-rules/web/performance.md +73 -0
  33. package/src/available-rules/web/security.md +66 -0
  34. package/src/available-rules/web/testing.md +64 -0
  35. package/src/commands/ccp/ai-integration-phase.md +36 -0
  36. package/src/commands/ccp/audit-fix.md +33 -0
  37. package/src/commands/ccp/code-review-fix.md +52 -0
  38. package/src/commands/ccp/cost-report.md +107 -0
  39. package/src/commands/ccp/eval-review.md +32 -0
  40. package/src/commands/ccp/extract_learnings.md +22 -0
  41. package/src/commands/ccp/import.md +37 -0
  42. package/src/commands/ccp/ingest-docs.md +42 -0
  43. package/src/commands/ccp/intel.md +179 -0
  44. package/src/commands/ccp/mvp-phase.md +45 -0
  45. package/src/commands/ccp/plan-prd.md +160 -0
  46. package/src/commands/ccp/plan-review-convergence.md +58 -0
  47. package/src/commands/ccp/pr-ecc.md +184 -0
  48. package/src/commands/ccp/scan.md +26 -0
  49. package/src/commands/ccp/security-scan.md +74 -0
  50. package/src/commands/ccp/sketch-wrap-up.md +31 -0
  51. package/src/commands/ccp/sketch.md +54 -0
  52. package/src/commands/ccp/spec-phase.md +62 -0
  53. package/src/commands/ccp/spike-wrap-up.md +31 -0
  54. package/src/commands/ccp/spike.md +51 -0
  55. package/src/commands/ccp/ultraplan-phase.md +33 -0
  56. package/src/hooks/ccp-bash-hook-dispatcher.js +96 -0
  57. package/src/hooks/ccp-context-monitor.js +23 -0
  58. package/src/hooks/ccp-doc-file-warning.js +93 -0
  59. package/src/hooks/ccp-pre-bash-dispatcher.js +24 -0
  60. package/src/hooks/ccp-read-injection-scanner.js +152 -0
  61. package/src/hooks/ccp-write-gateguard.js +868 -0
  62. package/src/hooks/kit-check-update.js +59 -7
  63. package/src/hooks/run-with-flags-shell.sh +1 -0
  64. package/src/hooks/run-with-flags.js +48 -1
  65. package/src/hooks/session-end.js +88 -1
  66. package/src/lib/hook-flags.js +14 -0
  67. package/src/lib/project-detect.js +0 -2
  68. package/src/lib/shell-substitution.js +499 -0
  69. package/src/pilot/references/agent-contracts.md +79 -0
  70. package/src/pilot/references/ai-evals.md +156 -0
  71. package/src/pilot/references/ai-frameworks.md +186 -0
  72. package/src/pilot/references/doc-conflict-engine.md +91 -0
  73. package/src/pilot/references/execute-mvp-tdd.md +81 -0
  74. package/src/pilot/references/gate-prompts.md +100 -0
  75. package/src/pilot/references/gates.md +70 -0
  76. package/src/pilot/references/mandatory-initial-read.md +2 -0
  77. package/src/pilot/references/mvp-concepts.md +49 -0
  78. package/src/pilot/references/planner-graphify-auto-update.md +67 -0
  79. package/src/pilot/references/planner-human-verify-mode.md +57 -0
  80. package/src/pilot/references/planner-mvp-mode.md +53 -0
  81. package/src/pilot/references/project-skills-discovery.md +19 -0
  82. package/src/pilot/references/revision-loop.md +97 -0
  83. package/src/pilot/references/skeleton-template.md +48 -0
  84. package/src/pilot/references/sketch-interactivity.md +41 -0
  85. package/src/pilot/references/sketch-theme-system.md +94 -0
  86. package/src/pilot/references/sketch-tooling.md +45 -0
  87. package/src/pilot/references/sketch-variant-patterns.md +81 -0
  88. package/src/pilot/references/spidr-splitting.md +69 -0
  89. package/src/pilot/references/thinking-models-debug.md +44 -0
  90. package/src/pilot/references/thinking-models-execution.md +50 -0
  91. package/src/pilot/references/thinking-models-planning.md +62 -0
  92. package/src/pilot/references/thinking-models-research.md +50 -0
  93. package/src/pilot/references/thinking-models-verification.md +55 -0
  94. package/src/pilot/references/user-story-template.md +58 -0
  95. package/src/pilot/references/verify-mvp-mode.md +85 -0
  96. package/src/pilot/references/worktree-path-safety.md +89 -0
  97. package/src/pilot/templates/AI-SPEC.md +246 -0
  98. package/src/pilot/templates/spec.md +307 -0
  99. package/src/pilot/workflows/ai-integration-phase.md +284 -0
  100. package/src/pilot/workflows/audit-fix.md +175 -0
  101. package/src/pilot/workflows/code-review-fix.md +497 -0
  102. package/src/pilot/workflows/eval-review.md +155 -0
  103. package/src/pilot/workflows/extract_learnings.md +242 -0
  104. package/src/pilot/workflows/help.md +5 -0
  105. package/src/pilot/workflows/import.md +246 -0
  106. package/src/pilot/workflows/ingest-docs.md +328 -0
  107. package/src/pilot/workflows/mvp-phase.md +199 -0
  108. package/src/pilot/workflows/plan-review-convergence.md +329 -0
  109. package/src/pilot/workflows/scan.md +102 -0
  110. package/src/pilot/workflows/sketch-wrap-up.md +285 -0
  111. package/src/pilot/workflows/sketch.md +360 -0
  112. package/src/pilot/workflows/spec-phase.md +262 -0
  113. package/src/pilot/workflows/spike-wrap-up.md +306 -0
  114. package/src/pilot/workflows/spike.md +452 -0
  115. package/src/pilot/workflows/ultraplan-phase.md +189 -0
  116. package/src/skills/accessibility/SKILL.md +146 -0
  117. package/src/skills/agent-architecture-audit/SKILL.md +256 -0
  118. package/src/skills/agent-eval/SKILL.md +145 -0
  119. package/src/skills/agent-harness-design/SKILL.md +73 -0
  120. package/src/skills/agent-introspection-debugging/SKILL.md +153 -0
  121. package/src/skills/android-clean-architecture/SKILL.md +339 -0
  122. package/src/skills/angular-developer/SKILL.md +154 -0
  123. package/src/skills/angular-developer/references/angular-animations.md +160 -0
  124. package/src/skills/angular-developer/references/angular-aria.md +410 -0
  125. package/src/skills/angular-developer/references/cli.md +86 -0
  126. package/src/skills/angular-developer/references/component-harnesses.md +59 -0
  127. package/src/skills/angular-developer/references/component-styling.md +91 -0
  128. package/src/skills/angular-developer/references/components.md +117 -0
  129. package/src/skills/angular-developer/references/creating-services.md +97 -0
  130. package/src/skills/angular-developer/references/data-resolvers.md +69 -0
  131. package/src/skills/angular-developer/references/define-routes.md +67 -0
  132. package/src/skills/angular-developer/references/defining-providers.md +72 -0
  133. package/src/skills/angular-developer/references/di-fundamentals.md +120 -0
  134. package/src/skills/angular-developer/references/e2e-testing.md +56 -0
  135. package/src/skills/angular-developer/references/effects.md +83 -0
  136. package/src/skills/angular-developer/references/hierarchical-injectors.md +43 -0
  137. package/src/skills/angular-developer/references/host-elements.md +80 -0
  138. package/src/skills/angular-developer/references/injection-context.md +63 -0
  139. package/src/skills/angular-developer/references/inputs.md +101 -0
  140. package/src/skills/angular-developer/references/linked-signal.md +59 -0
  141. package/src/skills/angular-developer/references/loading-strategies.md +61 -0
  142. package/src/skills/angular-developer/references/mcp.md +108 -0
  143. package/src/skills/angular-developer/references/navigate-to-routes.md +69 -0
  144. package/src/skills/angular-developer/references/outputs.md +86 -0
  145. package/src/skills/angular-developer/references/reactive-forms.md +122 -0
  146. package/src/skills/angular-developer/references/rendering-strategies.md +44 -0
  147. package/src/skills/angular-developer/references/resource.md +77 -0
  148. package/src/skills/angular-developer/references/route-animations.md +56 -0
  149. package/src/skills/angular-developer/references/route-guards.md +52 -0
  150. package/src/skills/angular-developer/references/router-lifecycle.md +45 -0
  151. package/src/skills/angular-developer/references/router-testing.md +87 -0
  152. package/src/skills/angular-developer/references/show-routes-with-outlets.md +68 -0
  153. package/src/skills/angular-developer/references/signal-forms.md +795 -0
  154. package/src/skills/angular-developer/references/signals-overview.md +94 -0
  155. package/src/skills/angular-developer/references/tailwind-css.md +69 -0
  156. package/src/skills/angular-developer/references/template-driven-forms.md +114 -0
  157. package/src/skills/angular-developer/references/testing-fundamentals.md +65 -0
  158. package/src/skills/api-connector-builder/SKILL.md +120 -0
  159. package/src/skills/code-tour/SKILL.md +236 -0
  160. package/src/skills/compose-multiplatform-patterns/SKILL.md +299 -0
  161. package/src/skills/csharp-testing/SKILL.md +321 -0
  162. package/src/skills/dart-flutter-patterns/SKILL.md +563 -0
  163. package/src/skills/dashboard-builder/SKILL.md +108 -0
  164. package/src/skills/dotnet-patterns/SKILL.md +321 -0
  165. package/src/skills/error-handling/SKILL.md +376 -0
  166. package/src/skills/fastapi-patterns/SKILL.md +327 -0
  167. package/src/skills/flox-environments/SKILL.md +496 -0
  168. package/src/skills/frontend-design/SKILL.md +145 -0
  169. package/src/skills/frontend-slides/SKILL.md +184 -0
  170. package/src/skills/frontend-slides/STYLE_PRESETS.md +330 -0
  171. package/src/skills/fsharp-testing/SKILL.md +280 -0
  172. package/src/skills/gateguard/SKILL.md +121 -0
  173. package/src/skills/github-ops/SKILL.md +144 -0
  174. package/src/skills/hookify-rules/SKILL.md +128 -0
  175. package/src/skills/ios-icon-gen/SKILL.md +157 -0
  176. package/src/skills/ios-icon-gen/scripts/generate_icons.swift +258 -0
  177. package/src/skills/ios-icon-gen/scripts/iconify_gen.sh +235 -0
  178. package/src/skills/knowledge-ops/SKILL.md +154 -0
  179. package/src/skills/liquid-glass-design/SKILL.md +279 -0
  180. package/src/skills/make-interfaces-feel-better/SKILL.md +151 -0
  181. package/src/skills/mysql-patterns/SKILL.md +412 -0
  182. package/src/skills/nestjs-patterns/SKILL.md +230 -0
  183. package/src/skills/plan-orchestrate/SKILL.md +220 -0
  184. package/src/skills/prisma-patterns/SKILL.md +371 -0
  185. package/src/skills/production-audit/SKILL.md +206 -0
  186. package/src/skills/security-bounty-hunter/SKILL.md +99 -0
  187. package/src/skills/security-scan/references/agentshield-policy-exception/candidate-playbook.md +49 -0
  188. package/src/skills/security-scan/references/agentshield-policy-exception/report.json +35 -0
  189. package/src/skills/security-scan/references/agentshield-policy-exception/scenario.json +62 -0
  190. package/src/skills/security-scan/references/agentshield-policy-exception/trace.json +45 -0
  191. package/src/skills/security-scan/references/agentshield-policy-exception/verifier-result.json +35 -0
  192. package/src/skills/swift-actor-persistence/SKILL.md +143 -0
  193. package/src/skills/swift-protocol-di-testing/SKILL.md +190 -0
  194. package/src/skills/swiftui-patterns/SKILL.md +259 -0
  195. package/src/skills/terminal-ops/SKILL.md +109 -0
  196. package/src/skills/ui-demo/SKILL.md +465 -0
  197. package/src/skills/vite-patterns/SKILL.md +449 -0
  198. package/src/skills/windows-desktop-e2e/SKILL.md +887 -0
@@ -0,0 +1,280 @@
1
+ ---
2
+ name: fsharp-testing
3
+ description: F# testing patterns with xUnit, FsUnit, Unquote, FsCheck property-based testing, integration tests, and test organization best practices.
4
+ origin: ECC
5
+ ---
6
+
7
+ # F# Testing Patterns
8
+
9
+ Comprehensive testing patterns for F# applications using xUnit, FsUnit, Unquote, FsCheck, and modern .NET testing practices.
10
+
11
+ ## When to Activate
12
+
13
+ - Writing new tests for F# code
14
+ - Reviewing test quality and coverage
15
+ - Setting up test infrastructure for F# projects
16
+ - Debugging flaky or slow tests
17
+
18
+ ## Test Framework Stack
19
+
20
+ | Tool | Purpose |
21
+ |---|---|
22
+ | **xUnit** | Test framework (standard .NET ecosystem choice) |
23
+ | **FsUnit.xUnit** | F#-friendly assertion syntax for xUnit |
24
+ | **Unquote** | Assertion library using F# quotations for clear failure messages |
25
+ | **FsCheck.xUnit** | Property-based testing integrated with xUnit |
26
+ | **NSubstitute** | Mocking .NET dependencies |
27
+ | **Testcontainers** | Real infrastructure in integration tests |
28
+ | **WebApplicationFactory** | ASP.NET Core integration tests |
29
+
30
+ ## Unit Tests with xUnit + FsUnit
31
+
32
+ ### Basic Test Structure
33
+
34
+ ```fsharp
35
+ module OrderServiceTests
36
+
37
+ open Xunit
38
+ open FsUnit.Xunit
39
+
40
+ [<Fact>]
41
+ let ``create sets status to Pending`` () =
42
+ let order = Order.create "cust-1" [ validItem ]
43
+ order.Status |> should equal Pending
44
+
45
+ [<Fact>]
46
+ let ``confirm changes status to Confirmed`` () =
47
+ let order = Order.create "cust-1" [ validItem ]
48
+ let confirmed = Order.confirm order
49
+ confirmed.Status |> should be (ofCase <@ Confirmed @>)
50
+ ```
51
+
52
+ ### Assertions with Unquote
53
+
54
+ Unquote uses F# quotations so failure messages show the full expression that failed, not just "expected X got Y".
55
+
56
+ ```fsharp
57
+ module OrderValidationTests
58
+
59
+ open Xunit
60
+ open Swensen.Unquote
61
+
62
+ [<Fact>]
63
+ let ``PlaceOrder returns success when request is valid`` () =
64
+ let request = { CustomerId = "cust-123"; Items = [ validItem ] }
65
+ let result = OrderService.placeOrder request
66
+ test <@ Result.isOk result @>
67
+
68
+ [<Fact>]
69
+ let ``order total sums item prices`` () =
70
+ let items = [ { Sku = "A"; Quantity = 2; Price = 10m }
71
+ { Sku = "B"; Quantity = 1; Price = 5m } ]
72
+ let total = Order.calculateTotal items
73
+ test <@ total = 25m @>
74
+
75
+ [<Fact>]
76
+ let ``validated email rejects empty input`` () =
77
+ let result = ValidatedEmail.create ""
78
+ test <@ Result.isError result @>
79
+ ```
80
+
81
+ ### Async Tests
82
+
83
+ ```fsharp
84
+ [<Fact>]
85
+ let ``PlaceOrder returns success when request is valid`` () = task {
86
+ let deps = createTestDeps ()
87
+ let request = { CustomerId = "cust-123"; Items = [ validItem ] }
88
+
89
+ let! result = OrderService.placeOrder deps request
90
+
91
+ test <@ Result.isOk result @>
92
+ }
93
+
94
+ [<Fact>]
95
+ let ``PlaceOrder returns error when items are empty`` () = task {
96
+ let deps = createTestDeps ()
97
+ let request = { CustomerId = "cust-123"; Items = [] }
98
+
99
+ let! result = OrderService.placeOrder deps request
100
+
101
+ test <@ Result.isError result @>
102
+ }
103
+ ```
104
+
105
+ ### Parameterized Tests with Theory
106
+
107
+ ```fsharp
108
+ [<Theory>]
109
+ [<InlineData("")>]
110
+ [<InlineData(" ")>]
111
+ let ``PlaceOrder rejects empty customer ID`` (customerId: string) =
112
+ let request = { CustomerId = customerId; Items = [ validItem ] }
113
+ let result = OrderService.placeOrder request
114
+ result |> should be (ofCase <@ Error @>)
115
+
116
+ [<Theory>]
117
+ [<InlineData("", false)>]
118
+ [<InlineData("a", false)>]
119
+ [<InlineData("user@example.com", true)>]
120
+ [<InlineData("user+tag@example.co.uk", true)>]
121
+ let ``IsValidEmail returns expected result`` (email: string, expected: bool) =
122
+ test <@ EmailValidator.isValid email = expected @>
123
+ ```
124
+
125
+ ## Property-Based Testing with FsCheck
126
+
127
+ ### Using FsCheck.xUnit
128
+
129
+ ```fsharp
130
+ open FsCheck
131
+ open FsCheck.Xunit
132
+
133
+ [<Property>]
134
+ let ``order total is always non-negative`` (items: NonEmptyList<PositiveInt * decimal>) =
135
+ let orderItems =
136
+ items.Get
137
+ |> List.map (fun (qty, price) ->
138
+ { Sku = "SKU"; Quantity = qty.Get; Price = abs price })
139
+ let total = Order.calculateTotal orderItems
140
+ total >= 0m
141
+
142
+ [<Property>]
143
+ let ``serialization roundtrips`` (order: Order) =
144
+ let json = JsonSerializer.Serialize order
145
+ let deserialized = JsonSerializer.Deserialize<Order> json
146
+ deserialized = order
147
+ ```
148
+
149
+ ### Custom Generators
150
+
151
+ ```fsharp
152
+ type OrderGenerators =
153
+ static member ValidEmail () =
154
+ gen {
155
+ let! user = Gen.elements [ "alice"; "bob"; "carol" ]
156
+ let! domain = Gen.elements [ "example.com"; "test.org" ]
157
+ return $"{user}@{domain}"
158
+ }
159
+ |> Arb.fromGen
160
+
161
+ [<Property(Arbitrary = [| typeof<OrderGenerators> |])>]
162
+ let ``valid emails pass validation`` (email: string) =
163
+ EmailValidator.isValid email
164
+ ```
165
+
166
+ ## Mocking Dependencies
167
+
168
+ ### Function Stubs (Preferred)
169
+
170
+ ```fsharp
171
+ let createTestDeps () =
172
+ let mutable savedOrders = []
173
+ { FindOrder = fun id -> task { return Map.tryFind id testData }
174
+ SaveOrder = fun order -> task { savedOrders <- order :: savedOrders }
175
+ SendNotification = fun _ -> Task.CompletedTask }
176
+
177
+ [<Fact>]
178
+ let ``PlaceOrder saves the confirmed order`` () = task {
179
+ let mutable saved = []
180
+ let deps =
181
+ { createTestDeps () with
182
+ SaveOrder = fun order -> task { saved <- order :: saved } }
183
+
184
+ let! _ = OrderService.placeOrder deps validRequest
185
+
186
+ test <@ saved.Length = 1 @>
187
+ }
188
+ ```
189
+
190
+ ### NSubstitute for .NET Interfaces
191
+
192
+ ```fsharp
193
+ open NSubstitute
194
+
195
+ [<Fact>]
196
+ let ``calls repository with correct ID`` () = task {
197
+ let repo = Substitute.For<IOrderRepository>()
198
+ repo.FindByIdAsync(Arg.Any<Guid>(), Arg.Any<CancellationToken>())
199
+ .Returns(Task.FromResult(Some testOrder))
200
+
201
+ let service = OrderService(repo)
202
+ let! _ = service.GetOrder(testOrder.Id, CancellationToken.None)
203
+
204
+ do! repo.Received(1).FindByIdAsync(testOrder.Id, Arg.Any<CancellationToken>())
205
+ }
206
+ ```
207
+
208
+ ## ASP.NET Core Integration Tests
209
+
210
+ ```fsharp
211
+ type OrderApiTests (factory: WebApplicationFactory<Program>) =
212
+ interface IClassFixture<WebApplicationFactory<Program>>
213
+
214
+ let client =
215
+ factory.WithWebHostBuilder(fun builder ->
216
+ builder.ConfigureServices(fun services ->
217
+ services.RemoveAll<DbContextOptions<AppDbContext>>() |> ignore
218
+ services.AddDbContext<AppDbContext>(fun options ->
219
+ options.UseInMemoryDatabase("TestDb") |> ignore) |> ignore))
220
+ .CreateClient()
221
+
222
+ [<Fact>]
223
+ member _.``GET order returns 404 when not found`` () = task {
224
+ let! response = client.GetAsync($"/api/orders/{Guid.NewGuid()}")
225
+ test <@ response.StatusCode = HttpStatusCode.NotFound @>
226
+ }
227
+ ```
228
+
229
+ ## Test Organization
230
+
231
+ ```
232
+ tests/
233
+ MyApp.Tests/
234
+ Unit/
235
+ OrderServiceTests.fs
236
+ PaymentServiceTests.fs
237
+ Integration/
238
+ OrderApiTests.fs
239
+ OrderRepositoryTests.fs
240
+ Properties/
241
+ OrderPropertyTests.fs
242
+ Helpers/
243
+ TestData.fs
244
+ TestDeps.fs
245
+ ```
246
+
247
+ ## Common Anti-Patterns
248
+
249
+ | Anti-Pattern | Fix |
250
+ |---|---|
251
+ | Testing implementation details | Test behavior and outcomes |
252
+ | Mutable shared test state | Fresh state per test |
253
+ | `Thread.Sleep` in async tests | Use `Task.Delay` with timeout, or polling helpers |
254
+ | Asserting on `sprintf` output | Assert on typed values and pattern matches |
255
+ | Ignoring `CancellationToken` | Always pass and verify cancellation |
256
+ | Skipping property-based tests | Use FsCheck for any function with clear invariants |
257
+
258
+ ## Related Skills
259
+
260
+ - `dotnet-patterns` - Idiomatic .NET patterns, dependency injection, and architecture
261
+ - `csharp-testing` - C# testing patterns (shared infrastructure like WebApplicationFactory and Testcontainers applies to F# too)
262
+
263
+ ## Running Tests
264
+
265
+ ```bash
266
+ # Run all tests
267
+ dotnet test
268
+
269
+ # Run with coverage
270
+ dotnet test --collect:"XPlat Code Coverage"
271
+
272
+ # Run specific project
273
+ dotnet test tests/MyApp.Tests/
274
+
275
+ # Filter by test name
276
+ dotnet test --filter "FullyQualifiedName~OrderService"
277
+
278
+ # Watch mode during development
279
+ dotnet watch test --project tests/MyApp.Tests/
280
+ ```
@@ -0,0 +1,121 @@
1
+ ---
2
+ name: gateguard
3
+ description: Fact-forcing gate that blocks Edit/Write/Bash (including MultiEdit) and demands concrete investigation (importers, data schemas, user instruction) before allowing the action. Measurably improves output quality by +2.25 points vs ungated agents.
4
+ origin: community
5
+ ---
6
+
7
+ # GateGuard — Fact-Forcing Pre-Action Gate
8
+
9
+ A PreToolUse hook that forces Claude to investigate before editing. Instead of self-evaluation ("are you sure?"), it demands concrete facts. The act of investigation creates awareness that self-evaluation never did.
10
+
11
+ ## When to Activate
12
+
13
+ - Working on any codebase where file edits affect multiple modules
14
+ - Projects with data files that have specific schemas or date formats
15
+ - Teams where AI-generated code must match existing patterns
16
+ - Any workflow where Claude tends to guess instead of investigating
17
+
18
+ ## Core Concept
19
+
20
+ LLM self-evaluation doesn't work. Ask "did you violate any policies?" and the answer is always "no." This is verified experimentally.
21
+
22
+ But asking "list every file that imports this module" forces the LLM to run Grep and Read. The investigation itself creates context that changes the output.
23
+
24
+ **Three-stage gate:**
25
+
26
+ ```
27
+ 1. DENY — block the first Edit/Write/Bash attempt
28
+ 2. FORCE — tell the model exactly which facts to gather
29
+ 3. ALLOW — permit retry after facts are presented
30
+ ```
31
+
32
+ No competitor does all three. Most stop at deny.
33
+
34
+ ## Evidence
35
+
36
+ Two independent A/B tests, identical agents, same task:
37
+
38
+ | Task | Gated | Ungated | Gap |
39
+ | --- | --- | --- | --- |
40
+ | Analytics module | 8.0/10 | 6.5/10 | +1.5 |
41
+ | Webhook validator | 10.0/10 | 7.0/10 | +3.0 |
42
+ | **Average** | **9.0** | **6.75** | **+2.25** |
43
+
44
+ Both agents produce code that runs and passes tests. The difference is design depth.
45
+
46
+ ## Gate Types
47
+
48
+ ### Edit / MultiEdit Gate (first edit per file)
49
+
50
+ MultiEdit is handled identically — each file in the batch is gated individually.
51
+
52
+ ```
53
+ Before editing {file_path}, present these facts:
54
+
55
+ 1. List ALL files that import/require this file (use Grep)
56
+ 2. List the public functions/classes affected by this change
57
+ 3. If this file reads/writes data files, show field names, structure,
58
+ and date format (use redacted or synthetic values, not raw production data)
59
+ 4. Quote the user's current instruction verbatim
60
+ ```
61
+
62
+ ### Write Gate (first new file creation)
63
+
64
+ ```
65
+ Before creating {file_path}, present these facts:
66
+
67
+ 1. Name the file(s) and line(s) that will call this new file
68
+ 2. Confirm no existing file serves the same purpose (use Glob)
69
+ 3. If this file reads/writes data files, show field names, structure,
70
+ and date format (use redacted or synthetic values, not raw production data)
71
+ 4. Quote the user's current instruction verbatim
72
+ ```
73
+
74
+ ### Destructive Bash Gate (every destructive command)
75
+
76
+ Triggers on: `rm -rf`, `git reset --hard`, `git push --force`, `drop table`, etc.
77
+
78
+ ```
79
+ 1. List all files/data this command will modify or delete
80
+ 2. Write a one-line rollback procedure
81
+ 3. Quote the user's current instruction verbatim
82
+ ```
83
+
84
+ ### Routine Bash Gate (once per session)
85
+
86
+ ```
87
+ 1. The current user request in one sentence
88
+ 2. What this specific command verifies or produces
89
+ ```
90
+
91
+ ## Quick Start
92
+
93
+ ### Option A: Use the ECC hook (zero install)
94
+
95
+ The hook at `scripts/hooks/gateguard-fact-force.js` is included in this plugin. Enable it via hooks.json.
96
+
97
+ ### Option B: Full package with config
98
+
99
+ ```bash
100
+ pip install gateguard-ai
101
+ gateguard init
102
+ ```
103
+
104
+ This adds `.gateguard.yml` for per-project configuration (custom messages, ignore paths, gate toggles).
105
+
106
+ ## Anti-Patterns
107
+
108
+ - **Don't use self-evaluation instead.** "Are you sure?" always gets "yes." This is experimentally verified.
109
+ - **Don't skip the data schema check.** Both A/B test agents assumed ISO-8601 dates when real data used `%Y/%m/%d %H:%M`. Checking data structure (with redacted values) prevents this entire class of bugs.
110
+ - **Don't gate every single Bash command.** Routine bash gates once per session. Destructive bash gates every time. This balance avoids slowdown while catching real risks.
111
+
112
+ ## Best Practices
113
+
114
+ - Let the gate fire naturally. Don't try to pre-answer the gate questions — the investigation itself is what improves quality.
115
+ - Customize gate messages for your domain. If your project has specific conventions, add them to the gate prompts.
116
+ - Use `.gateguard.yml` to ignore paths like `.venv/`, `node_modules/`, `.git/`.
117
+
118
+ ## Related Skills
119
+
120
+ - `safety-guard` — Runtime safety checks (complementary, not overlapping)
121
+ - `code-reviewer` — Post-edit review (GateGuard is pre-edit investigation)
@@ -0,0 +1,144 @@
1
+ ---
2
+ name: github-ops
3
+ description: GitHub repository operations, automation, and management. Issue triage, PR management, CI/CD operations, release management, and security monitoring using the gh CLI. Use when the user wants to manage GitHub issues, PRs, CI status, releases, contributors, stale items, or any GitHub operational task beyond simple git commands.
4
+ origin: ECC
5
+ ---
6
+
7
+ # GitHub Operations
8
+
9
+ Manage GitHub repositories with a focus on community health, CI reliability, and contributor experience.
10
+
11
+ ## When to Activate
12
+
13
+ - Triaging issues (classifying, labeling, responding, deduplicating)
14
+ - Managing PRs (review status, CI checks, stale PRs, merge readiness)
15
+ - Debugging CI/CD failures
16
+ - Preparing releases and changelogs
17
+ - Monitoring Dependabot and security alerts
18
+ - Managing contributor experience on open-source projects
19
+ - User says "check GitHub", "triage issues", "review PRs", "merge", "release", "CI is broken"
20
+
21
+ ## Tool Requirements
22
+
23
+ - **gh CLI** for all GitHub API operations
24
+ - Repository access configured via `gh auth login`
25
+
26
+ ## Issue Triage
27
+
28
+ Classify each issue by type and priority:
29
+
30
+ **Types:** bug, feature-request, question, documentation, enhancement, duplicate, invalid, good-first-issue
31
+
32
+ **Priority:** critical (breaking/security), high (significant impact), medium (nice to have), low (cosmetic)
33
+
34
+ ### Triage Workflow
35
+
36
+ 1. Read the issue title, body, and comments
37
+ 2. Check if it duplicates an existing issue (search by keywords)
38
+ 3. Apply appropriate labels via `gh issue edit --add-label`
39
+ 4. For questions: draft and post a helpful response
40
+ 5. For bugs needing more info: ask for reproduction steps
41
+ 6. For good first issues: add `good-first-issue` label
42
+ 7. For duplicates: comment with link to original, add `duplicate` label
43
+
44
+ ```bash
45
+ # Search for potential duplicates
46
+ gh issue list --search "keyword" --state all --limit 20
47
+
48
+ # Add labels
49
+ gh issue edit <number> --add-label "bug,high-priority"
50
+
51
+ # Comment on issue
52
+ gh issue comment <number> --body "Thanks for reporting. Could you share reproduction steps?"
53
+ ```
54
+
55
+ ## PR Management
56
+
57
+ ### Review Checklist
58
+
59
+ 1. Check CI status: `gh pr checks <number>`
60
+ 2. Check if mergeable: `gh pr view <number> --json mergeable`
61
+ 3. Check age and last activity
62
+ 4. Flag PRs >5 days with no review
63
+ 5. For community PRs: ensure they have tests and follow conventions
64
+
65
+ ### Stale Policy
66
+
67
+ - Issues with no activity in 14+ days: add `stale` label, comment asking for update
68
+ - PRs with no activity in 7+ days: comment asking if still active
69
+ - Auto-close stale issues after 30 days with no response (add `closed-stale` label)
70
+
71
+ ```bash
72
+ # Find stale issues (no activity in 14+ days)
73
+ gh issue list --label "stale" --state open
74
+
75
+ # Find PRs with no recent activity
76
+ gh pr list --json number,title,updatedAt --jq '.[] | select(.updatedAt < "2026-03-01")'
77
+ ```
78
+
79
+ ## CI/CD Operations
80
+
81
+ When CI fails:
82
+
83
+ 1. Check the workflow run: `gh run view <run-id> --log-failed`
84
+ 2. Identify the failing step
85
+ 3. Check if it is a flaky test vs real failure
86
+ 4. For real failures: identify the root cause and suggest a fix
87
+ 5. For flaky tests: note the pattern for future investigation
88
+
89
+ ```bash
90
+ # List recent failed runs
91
+ gh run list --status failure --limit 10
92
+
93
+ # View failed run logs
94
+ gh run view <run-id> --log-failed
95
+
96
+ # Re-run a failed workflow
97
+ gh run rerun <run-id> --failed
98
+ ```
99
+
100
+ ## Release Management
101
+
102
+ When preparing a release:
103
+
104
+ 1. Check all CI is green on main
105
+ 2. Review unreleased changes: `gh pr list --state merged --base main`
106
+ 3. Generate changelog from PR titles
107
+ 4. Create release: `gh release create`
108
+
109
+ ```bash
110
+ # List merged PRs since last release
111
+ gh pr list --state merged --base main --search "merged:>2026-03-01"
112
+
113
+ # Create a release
114
+ gh release create v1.2.0 --title "v1.2.0" --generate-notes
115
+
116
+ # Create a pre-release
117
+ gh release create v1.3.0-rc1 --prerelease --title "v1.3.0 Release Candidate 1"
118
+ ```
119
+
120
+ ## Security Monitoring
121
+
122
+ ```bash
123
+ # Check Dependabot alerts
124
+ gh api repos/{owner}/{repo}/dependabot/alerts --jq '.[].security_advisory.summary'
125
+
126
+ # Check secret scanning alerts
127
+ gh api repos/{owner}/{repo}/secret-scanning/alerts --jq '.[].state'
128
+
129
+ # Review and auto-merge safe dependency bumps
130
+ gh pr list --label "dependencies" --json number,title
131
+ ```
132
+
133
+ - Review and auto-merge safe dependency bumps
134
+ - Flag any critical/high severity alerts immediately
135
+ - Check for new Dependabot alerts weekly at minimum
136
+
137
+ ## Quality Gate
138
+
139
+ Before completing any GitHub operations task:
140
+ - all issues triaged have appropriate labels
141
+ - no PRs older than 7 days without a review or comment
142
+ - CI failures have been investigated (not just re-run)
143
+ - releases include accurate changelogs
144
+ - security alerts are acknowledged and tracked
@@ -0,0 +1,128 @@
1
+ ---
2
+ name: hookify-rules
3
+ description: This skill should be used when the user asks to create a hookify rule, write a hook rule, configure hookify, add a hookify rule, or needs guidance on hookify rule syntax and patterns.
4
+ ---
5
+
6
+ # Writing Hookify Rules
7
+
8
+ ## Overview
9
+
10
+ Hookify rules are markdown files with YAML frontmatter that define patterns to watch for and messages to show when those patterns match. Rules are stored in `.claude/hookify.{rule-name}.local.md` files.
11
+
12
+ ## Rule File Format
13
+
14
+ ### Basic Structure
15
+
16
+ ```markdown
17
+ ---
18
+ name: rule-identifier
19
+ enabled: true
20
+ event: bash|file|stop|prompt|all
21
+ pattern: regex-pattern-here
22
+ ---
23
+
24
+ Message to show Claude when this rule triggers.
25
+ Can include markdown formatting, warnings, suggestions, etc.
26
+ ```
27
+
28
+ ### Frontmatter Fields
29
+
30
+ | Field | Required | Values | Description |
31
+ |-------|----------|--------|-------------|
32
+ | name | Yes | kebab-case string | Unique identifier (verb-first: warn-*, block-*, require-*) |
33
+ | enabled | Yes | true/false | Toggle without deleting |
34
+ | event | Yes | bash/file/stop/prompt/all | Which hook event triggers this |
35
+ | action | No | warn/block | warn (default) shows message; block prevents operation |
36
+ | pattern | Yes* | regex string | Pattern to match (*or use conditions for complex rules) |
37
+
38
+ ### Advanced Format (Multiple Conditions)
39
+
40
+ ```markdown
41
+ ---
42
+ name: warn-env-api-keys
43
+ enabled: true
44
+ event: file
45
+ conditions:
46
+ - field: file_path
47
+ operator: regex_match
48
+ pattern: \.env$
49
+ - field: new_text
50
+ operator: contains
51
+ pattern: API_KEY
52
+ ---
53
+
54
+ You're adding an API key to a .env file. Ensure this file is in .gitignore!
55
+ ```
56
+
57
+ **Condition fields by event:**
58
+ - bash: `command`
59
+ - file: `file_path`, `new_text`, `old_text`, `content`
60
+ - prompt: `user_prompt`
61
+
62
+ **Operators:** `regex_match`, `contains`, `equals`, `not_contains`, `starts_with`, `ends_with`
63
+
64
+ All conditions must match for rule to trigger.
65
+
66
+ ## Event Type Guide
67
+
68
+ ### bash Events
69
+ Match Bash command patterns:
70
+ - Dangerous commands: `rm\s+-rf`, `dd\s+if=`, `mkfs`
71
+ - Privilege escalation: `sudo\s+`, `su\s+`
72
+ - Permission issues: `chmod\s+777`
73
+
74
+ ### file Events
75
+ Match Edit/Write/MultiEdit operations:
76
+ - Debug code: `console\.log\(`, `debugger`
77
+ - Security risks: `eval\(`, `innerHTML\s*=`
78
+ - Sensitive files: `\.env$`, `credentials`, `\.pem$`
79
+
80
+ ### stop Events
81
+ Completion checks and reminders. Pattern `.*` matches always.
82
+
83
+ ### prompt Events
84
+ Match user prompt content for workflow enforcement.
85
+
86
+ ## Pattern Writing Tips
87
+
88
+ ### Regex Basics
89
+ - Escape special chars: `.` to `\.`, `(` to `\(`
90
+ - `\s` whitespace, `\d` digit, `\w` word char
91
+ - `+` one or more, `*` zero or more, `?` optional
92
+ - `|` OR operator
93
+
94
+ ### Common Pitfalls
95
+ - **Too broad**: `log` matches "login", "dialog" — use `console\.log\(`
96
+ - **Too specific**: `rm -rf /tmp` — use `rm\s+-rf`
97
+ - **YAML escaping**: Use unquoted patterns; quoted strings need `\\s`
98
+
99
+ ### Testing
100
+ ```bash
101
+ python3 -c "import re; print(re.search(r'your_pattern', 'test text'))"
102
+ ```
103
+
104
+ ## File Organization
105
+
106
+ - **Location**: `.claude/` directory in project root
107
+ - **Naming**: `.claude/hookify.{descriptive-name}.local.md`
108
+ - **Gitignore**: Add `.claude/*.local.md` to `.gitignore`
109
+
110
+ ## Commands
111
+
112
+ - `/hookify [description]` - Create new rules (auto-analyzes conversation if no args)
113
+ - `/hookify-list` - View all rules in table format
114
+ - `/hookify-configure` - Toggle rules on/off interactively
115
+ - `/hookify-help` - Full documentation
116
+
117
+ ## Quick Reference
118
+
119
+ Minimum viable rule:
120
+ ```markdown
121
+ ---
122
+ name: my-rule
123
+ enabled: true
124
+ event: bash
125
+ pattern: dangerous_command
126
+ ---
127
+ Warning message here
128
+ ```