npm - claude-dev-env - Versions diffs - 1.38.0 → 1.39.0 - Mend

claude-dev-env 1.38.0 → 1.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

package/CLAUDE.md +10 -36
package/_shared/pr-loop/audit-reply-template.md +147 -0
package/_shared/pr-loop/fix-protocol.md +25 -4
package/_shared/pr-loop/gh-payloads.md +37 -50
package/_shared/pr-loop/scripts/code_rules_gate.py +0 -60
package/_shared/pr-loop/scripts/config/post_audit_thread_constants.py +189 -0
package/_shared/pr-loop/scripts/post_audit_thread.py +947 -0
package/_shared/pr-loop/scripts/tests/test_code_rules_gate.py +0 -19
package/_shared/pr-loop/scripts/tests/test_post_audit_thread.py +923 -0
package/_shared/pr-loop/scripts/tests/test_post_audit_thread_constants.py +127 -0
package/_shared/pr-loop/state-schema.md +1 -1
package/agents/clean-coder.md +2 -2
package/bin/install.mjs +6 -7
package/bin/install.test.mjs +8 -0
package/commands/doc-gist.md +16 -0
package/commands/plan.md +0 -2
package/commands/review-plan.md +1 -1
package/docs/CODE_RULES.md +122 -2
package/hooks/blocking/bot_mention_comment_blocker.py +75 -0
package/hooks/blocking/code_rules_enforcer.py +1236 -161
package/hooks/blocking/convergence_gate_blocker.py +130 -0
package/hooks/blocking/destructive_command_blocker.py +74 -0
package/hooks/blocking/gh_body_arg_blocker.py +30 -0
package/hooks/blocking/md_to_html_blocker.py +119 -0
package/hooks/blocking/test_bot_mention_comment_blocker.py +131 -0
package/hooks/blocking/test_code_rules_enforcer.py +21 -0
package/hooks/blocking/test_code_rules_enforcer_any_exempt_files.py +70 -0
package/hooks/blocking/test_code_rules_enforcer_any_imports_and_cast.py +92 -0
package/hooks/blocking/test_code_rules_enforcer_banned_import_alias.py +143 -0
package/hooks/blocking/test_code_rules_enforcer_banned_prefixes.py +152 -0
package/hooks/blocking/test_code_rules_enforcer_bare_except.py +120 -0
package/hooks/blocking/test_code_rules_enforcer_boundary_types.py +175 -0
package/hooks/blocking/test_code_rules_enforcer_cap_meta.py +0 -1
package/hooks/blocking/test_code_rules_enforcer_collection_prefix.py +50 -0
package/hooks/blocking/test_code_rules_enforcer_docstring_format.py +255 -0
package/hooks/blocking/test_code_rules_enforcer_inline_tuple_string_magic.py +130 -0
package/hooks/blocking/test_code_rules_enforcer_stub_implementations.py +141 -0
package/hooks/blocking/test_code_rules_enforcer_test_branching.py +143 -0
package/hooks/blocking/test_code_rules_enforcer_thin_wrapper_files.py +169 -0
package/hooks/blocking/test_code_rules_enforcer_todo_markers.py +99 -0
package/hooks/blocking/test_code_rules_enforcer_typed_dict_pairs.py +141 -0
package/hooks/blocking/test_code_rules_enforcer_unused_imports.py +158 -0
package/hooks/blocking/test_convergence_gate_blocker.py +63 -0
package/hooks/blocking/test_destructive_command_blocker.py +146 -0
package/hooks/blocking/test_destructive_command_blocker_no_verify.py +102 -0
package/hooks/blocking/test_gh_body_arg_blocker.py +45 -0
package/hooks/blocking/test_md_to_html_blocker.py +317 -0
package/hooks/config/any_type_config.py +7 -0
package/hooks/config/banned_identifiers_constants.py +11 -0
package/hooks/config/blocking_check_limits.py +38 -0
package/hooks/config/bot_mention_comment_blocker_constants.py +20 -0
package/hooks/config/code_rules_enforcer_constants.py +53 -0
package/hooks/config/convergence_branch_constants.py +9 -0
package/hooks/config/doc_gist_auto_publish_constants.py +18 -0
package/hooks/config/html_companion_constants.py +20 -0
package/hooks/config/inline_tuple_string_magic_constants.py +22 -0
package/hooks/config/test_banned_identifiers_constants.py +17 -0
package/hooks/hooks.json +28 -20
package/hooks/pyproject.toml +69 -0
package/hooks/validators/mypy_integration.py +47 -1
package/hooks/validators/run_all_validators.py +3 -3
package/hooks/validators/test_mypy_integration.py +50 -1
package/hooks/workflow/doc_gist_auto_publish.py +144 -0
package/hooks/workflow/md_to_html_companion.py +365 -0
package/hooks/workflow/test_doc_gist_auto_publish.py +117 -0
package/hooks/workflow/test_md_to_html_companion.py +452 -0
package/package.json +1 -1
package/rules/gh-body-file.md +2 -0
package/scripts/Install-SweepEmptyDirs.ps1 +111 -0
package/scripts/check.ps1 +106 -0
package/scripts/config/timing.py +11 -0
package/scripts/sweep_empty_dirs.py +138 -0
package/scripts/sync_to_cursor/rules.py +1 -1
package/scripts/test_sweep_empty_dirs.py +183 -0
package/skills/_shared/pr-loop/prompts/pr-consistency-audit.xml +323 -0
package/skills/_shared/pr-loop/scripts/_cli_utils.py +22 -0
package/skills/_shared/pr-loop/scripts/_path_resolver.py +165 -0
package/skills/_shared/pr-loop/scripts/_xml_utils.py +20 -0
package/skills/_shared/pr-loop/scripts/build_audit_prompt.py +182 -0
package/skills/_shared/pr-loop/scripts/build_fix_prompt.py +185 -0
package/skills/_shared/pr-loop/scripts/config/__init__.py +0 -0
package/skills/_shared/pr-loop/scripts/config/path_resolver_constants.py +78 -0
package/skills/_shared/pr-loop/scripts/init_loop_state.py +135 -0
package/skills/_shared/pr-loop/scripts/teardown_worktrees.py +175 -0
package/skills/_shared/pr-loop/scripts/write_audit_outcomes.py +182 -0
package/skills/_shared/pr-loop/scripts/write_fix_outcomes.py +206 -0
package/skills/bugteam/CONSTRAINTS.md +21 -22
package/skills/bugteam/EXAMPLES.md +3 -3
package/skills/bugteam/PROMPTS.md +227 -67
package/skills/bugteam/SKILL.md +114 -455
package/skills/bugteam/reference/README.md +1 -1
package/skills/bugteam/reference/audit-and-teammates.md +112 -39
package/skills/bugteam/reference/audit-contract.md +4 -22
package/skills/bugteam/reference/copilot-gap-analysis.md +8 -5
package/skills/bugteam/reference/design-rationale.md +2 -2
package/skills/bugteam/reference/github-pr-reviews.md +50 -57
package/skills/bugteam/reference/obstacles/audit-assign-ids.md +13 -0
package/skills/bugteam/reference/obstacles/audit-capture-excerpts.md +13 -0
package/skills/bugteam/reference/obstacles/audit-walk-categories.md +13 -0
package/skills/bugteam/reference/obstacles/audit-write-xml.md +13 -0
package/skills/bugteam/reference/obstacles/fix-append-summary.md +13 -0
package/skills/bugteam/reference/obstacles/fix-apply-fixes.md +13 -0
package/skills/bugteam/reference/obstacles/fix-git-add-commit.md +13 -0
package/skills/bugteam/reference/obstacles/fix-git-push.md +13 -0
package/skills/bugteam/reference/obstacles/fix-post-reply.md +13 -0
package/skills/bugteam/reference/obstacles/fix-publish-summary.md +13 -0
package/skills/bugteam/reference/obstacles/fix-py-compile.md +13 -0
package/skills/bugteam/reference/obstacles/fix-read-files.md +13 -0
package/skills/bugteam/reference/obstacles/fix-resolve-thread.md +13 -0
package/skills/bugteam/reference/obstacles/fix-test-suite.md +13 -0
package/skills/bugteam/reference/obstacles/fix-violation-count.md +13 -0
package/skills/bugteam/reference/obstacles/fix-write-xml.md +13 -0
package/skills/bugteam/reference/team-setup.md +106 -9
package/skills/bugteam/reference/teardown-publish-permissions.md +39 -8
package/skills/bugteam/scripts/README.md +60 -0
package/skills/bugteam/scripts/_claude_permissions_common.py +358 -0
package/skills/bugteam/scripts/bugteam_code_rules_gate.py +976 -0
package/skills/bugteam/scripts/bugteam_fix_hookspath.py +375 -0
package/skills/bugteam/scripts/bugteam_preflight.py +294 -0
package/skills/bugteam/scripts/config/bugteam_code_rules_gate_constants.py +25 -0
package/skills/bugteam/scripts/config/bugteam_fix_hookspath_constants.py +26 -0
package/skills/bugteam/scripts/config/bugteam_preflight_constants.py +35 -0
package/skills/bugteam/scripts/config/claude_permissions_common_constants.py +20 -0
package/skills/bugteam/scripts/config/probe_code_rules_enforcer_check_constants.py +12 -0
package/skills/bugteam/scripts/config/windows_safe_rmtree_constants.py +7 -0
package/skills/bugteam/scripts/grant_project_claude_permissions.py +175 -0
package/skills/bugteam/scripts/probe_code_rules_enforcer_check.py +107 -0
package/skills/bugteam/scripts/revoke_project_claude_permissions.py +220 -0
package/skills/bugteam/scripts/test__claude_permissions_common.py +112 -0
package/skills/bugteam/scripts/test_bugteam_code_rules_gate.py +400 -0
package/skills/bugteam/scripts/test_bugteam_fix_hookspath.py +384 -0
package/skills/bugteam/scripts/test_bugteam_preflight.py +268 -0
package/skills/bugteam/scripts/test_claude_permissions_common.py +195 -0
package/skills/bugteam/scripts/test_grant_project_claude_permissions.py +55 -0
package/skills/bugteam/scripts/test_probe_code_rules_enforcer_check.py +76 -0
package/skills/bugteam/scripts/test_revoke_project_claude_permissions.py +55 -0
package/skills/bugteam/scripts/test_windows_safe_rmtree.py +108 -0
package/skills/bugteam/scripts/windows_safe_rmtree.py +100 -0
package/skills/bugteam/test_skill_additions.py +1 -11
package/skills/code/SKILL.md +176 -0
package/skills/doc-gist/SKILL.md +99 -0
package/skills/doc-gist/references/examples/01-exploration-code-approaches.html +453 -0
package/skills/doc-gist/references/examples/02-exploration-visual-designs.html +515 -0
package/skills/doc-gist/references/examples/03-code-review-pr.html +638 -0
package/skills/doc-gist/references/examples/04-code-understanding.html +491 -0
package/skills/doc-gist/references/examples/05-design-system.html +629 -0
package/skills/doc-gist/references/examples/06-component-variants.html +605 -0
package/skills/doc-gist/references/examples/07-prototype-animation.html +455 -0
package/skills/doc-gist/references/examples/08-prototype-interaction.html +396 -0
package/skills/doc-gist/references/examples/09-slide-deck.html +592 -0
package/skills/doc-gist/references/examples/10-svg-illustrations.html +492 -0
package/skills/doc-gist/references/examples/11-status-report.html +528 -0
package/skills/doc-gist/references/examples/12-incident-report.html +596 -0
package/skills/doc-gist/references/examples/13-flowchart-diagram.html +395 -0
package/skills/doc-gist/references/examples/14-research-feature-explainer.html +381 -0
package/skills/doc-gist/references/examples/15-research-concept-explainer.html +368 -0
package/skills/doc-gist/references/examples/16-implementation-plan.html +702 -0
package/skills/doc-gist/references/examples/17-pr-writeup.html +595 -0
package/skills/doc-gist/references/examples/18-editor-triage-board.html +573 -0
package/skills/doc-gist/references/examples/19-editor-feature-flags.html +663 -0
package/skills/doc-gist/references/examples/20-editor-prompt-tuner.html +722 -0
package/skills/doc-gist/references/examples/README.md +5 -0
package/skills/doc-gist/scripts/config/__init__.py +0 -0
package/skills/doc-gist/scripts/config/gist_upload_constants.py +16 -0
package/skills/doc-gist/scripts/gist_upload.py +177 -0
package/skills/doc-gist/scripts/test_gist_upload.py +51 -0
package/skills/findbugs/SKILL.md +68 -2
package/skills/monitor-open-prs/SKILL.md +13 -32
package/skills/monitor-open-prs/test_skill_contract.py +0 -11
package/skills/pr-consistency-audit/SKILL.md +112 -0
package/skills/pr-consistency-audit/reference/detection-rules.md +96 -0
package/skills/pr-consistency-audit/reference/illustrations.md +78 -0
package/skills/pr-converge/SKILL.md +227 -23
package/skills/pr-converge/config/__init__.py +0 -0
package/skills/pr-converge/config/constants.py +62 -0
package/skills/pr-converge/reference/convergence-gates.md +138 -44
package/skills/pr-converge/reference/examples.md +43 -11
package/skills/pr-converge/reference/fix-protocol.md +6 -5
package/skills/pr-converge/reference/ground-rules.md +5 -3
package/skills/pr-converge/reference/multi-pr-orchestration.md +44 -19
package/skills/pr-converge/reference/obstacles/fix-post-replies.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-publish-summary.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-push.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-read-filelines.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-reset-state.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-resolve-threads.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-spawn-clean-coder.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-stage-commit.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-trigger-bugbot.md +13 -0
package/skills/pr-converge/reference/obstacles/fix-write-test.md +13 -0
package/skills/pr-converge/reference/per-tick.md +90 -31
package/skills/pr-converge/reference/state-schema.md +22 -1
package/skills/pr-converge/reference/stop-conditions.md +9 -7
package/skills/pr-converge/scripts/README.md +34 -46
package/skills/pr-converge/scripts/check_bugbot_ci.py +174 -0
package/skills/pr-converge/scripts/check_convergence.py +497 -0
package/skills/pr-converge/scripts/check_pending_reviews.py +154 -0
package/skills/pr-converge/scripts/config/pr_converge_constants.py +118 -0
package/skills/pr-converge/scripts/fetch_copilot_reviews.py +134 -0
package/skills/pr-converge/scripts/post_fix_reply.py +168 -0
package/skills/pr-converge/workflows/schedule-wakeup-loop.md +5 -12
package/skills/qbug/SKILL.md +132 -27
package/skills/session-log/SKILL.md +216 -114
package/skills/session-tidy/SKILL.md +1 -1
package/skills/skill-builder/SKILL.md +138 -56
package/skills/skill-builder/references/delegation-map.md +72 -113
package/skills/skill-builder/references/progressive-disclosure.md +122 -0
package/skills/skill-builder/references/self-audit-checklist.md +92 -0
package/skills/skill-builder/references/skill-types.md +228 -0
package/skills/skill-builder/references/thariq-x-post-skills.json +33 -0
package/skills/skill-builder/templates/gap-analysis.md +15 -8
package/skills/skill-builder/workflows/improve-skill.md +86 -57
package/skills/skill-builder/workflows/new-skill.md +80 -168
package/skills/skill-builder/workflows/polish-skill.md +78 -54
package/skills/structure-prompt/SKILL.md +50 -0
package/skills/structure-prompt/reference/adversarial-tuning.md +62 -0
package/skills/structure-prompt/reference/block-classification.md +27 -0
package/skills/structure-prompt/reference/canonical-case.md +48 -0
package/skills/structure-prompt/reference/citation-depth.md +70 -0
package/skills/structure-prompt/reference/cleanup.md +33 -0
package/skills/structure-prompt/reference/constraints.md +33 -0
package/skills/structure-prompt/reference/directives.md +37 -0
package/skills/structure-prompt/reference/examples.md +72 -0
package/skills/structure-prompt/reference/instantiation.md +51 -0
package/skills/structure-prompt/reference/output-contract.md +72 -0
package/skills/structure-prompt/reference/per-category.md +23 -0
package/skills/structure-prompt/reference/persona.md +38 -0
package/skills/structure-prompt/reference/research.md +33 -0
package/skills/structure-prompt/reference/structure.md +28 -0
package/agents/code-standards-agent.md +0 -93
package/agents/groq-coder.md +0 -113
package/agents/plan-executor.md +0 -226
package/agents/project-docs-analyzer.md +0 -53
package/agents/project-structure-organizer-agent.md +0 -72
package/agents/skill-to-agent-converter.md +0 -370
package/agents/skill-writer-agent.md +0 -470
package/agents/user-docs-writer.md +0 -67
package/agents/workflow-visual-documenter.md +0 -82
package/commands/readability-review.md +0 -20
package/hooks/mypy.ini +0 -2
package/hooks/notification/attention_needed_notify.py +0 -71
package/hooks/notification/claude_notification_handler.py +0 -67
package/hooks/notification/notification_utils.py +0 -267
package/hooks/notification/subagent_complete_notify.py +0 -381
package/hooks/notification/test_attention_needed_notify.py +0 -47
package/hooks/notification/test_claude_notification_handler.py +0 -54
package/hooks/notification/test_notification_utils.py +0 -91
package/hooks/notification/test_subagent_complete_notify.py +0 -79
package/scripts/config/groq_bugteam_config.py +0 -230
package/scripts/config/test_groq_bugteam_config.py +0 -83
package/scripts/config/test_spec_implementer_prompt.py +0 -32
package/scripts/groq_bugteam.README.md +0 -131
package/scripts/groq_bugteam.py +0 -647
package/scripts/groq_bugteam_dotenv.py +0 -40
package/scripts/groq_bugteam_spec.py +0 -226
package/scripts/test_groq_bugteam.py +0 -529
package/scripts/test_groq_bugteam_apply_fix_from_spec.py +0 -426
package/scripts/test_groq_bugteam_dotenv.py +0 -66
package/scripts/test_groq_bugteam_spec.py +0 -338
package/skills/bugteam/SKILL_EVALS.md +0 -309
package/skills/dream/SKILL.md +0 -118
package/skills/ingest/SKILL.md +0 -40
package/skills/npm-creator/SKILL.md +0 -187
package/skills/readability-review/SKILL.md +0 -127
package/skills/resume-review/SKILL.md +0 -261
package/skills/rule-audit/SKILL.md +0 -307
package/skills/rule-creator/SKILL.md +0 -150
package/skills/searching-obsidian-vault/SKILL.md +0 -131
package/skills/skill-writer/REFERENCE.md +0 -284
package/skills/skill-writer/SKILL.md +0 -222
package/skills/tdd-team/SKILL.md +0 -128

package/skills/doc-gist/references/examples/14-research-feature-explainer.html ADDED Viewed

@@ -0,0 +1,381 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>How rate limiting works in birchline/api</title>
+<style>
+  :root {
+    --ivory:   #FAF9F5;
+    --slate:   #141413;
+    --clay:    #D97757;
+    --oat:     #E3DACC;
+    --olive:   #788C5D;
+    --gray-150:#F0EEE6;
+    --gray-300:#D1CFC5;
+    --gray-500:#87867F;
+    --gray-700:#3D3D3A;
+    --serif: ui-serif, Georgia, "Times New Roman", serif;
+    --sans:  system-ui, -apple-system, "Segoe UI", Roboto, sans-serif;
+    --mono:  ui-monospace, "SF Mono", Menlo, Consolas, monospace;
+  }
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    background: var(--ivory);
+    color: var(--gray-700);
+    font-family: var(--sans);
+    font-size: 15px;
+    line-height: 1.65;
+    -webkit-font-smoothing: antialiased;
+    padding: 56px 24px 120px;
+  }
+  .page {
+    max-width: 1100px;
+    margin: 0 auto;
+    display: grid;
+    grid-template-columns: 200px minmax(0, 1fr);
+    gap: 48px;
+  }
+  @media (max-width: 920px) { .page { grid-template-columns: 1fr; } nav { display: none; } }
+  /* ── nav ──────────────────────────────── */
+  nav {
+    position: sticky;
+    top: 32px;
+    align-self: start;
+    font-size: 13px;
+  }
+  nav .label {
+    font-family: var(--mono);
+    font-size: 10px;
+    letter-spacing: 0.1em;
+    text-transform: uppercase;
+    color: var(--gray-500);
+    margin-bottom: 12px;
+  }
+  nav a {
+    display: block;
+    padding: 5px 0 5px 12px;
+    border-left: 2px solid var(--gray-300);
+    color: var(--gray-700);
+    text-decoration: none;
+  }
+  nav a:hover { color: var(--slate); border-color: var(--slate); }
+  nav a.l2 { padding-left: 24px; font-size: 12.5px; color: var(--gray-500); }
+  nav .files {
+    margin-top: 28px;
+    border-top: 1px solid var(--gray-300);
+    padding-top: 16px;
+  }
+  nav .files code {
+    display: block;
+    font-family: var(--mono);
+    font-size: 11px;
+    color: var(--gray-500);
+    padding: 3px 0;
+  }
+  /* ── header ───────────────────────────── */
+  header { margin-bottom: 12px; }
+  .eyebrow {
+    font-family: var(--mono);
+    font-size: 11px;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+    color: var(--gray-500);
+    margin-bottom: 10px;
+  }
+  h1 {
+    font-family: var(--serif);
+    font-weight: 500;
+    font-size: 32px;
+    color: var(--slate);
+    letter-spacing: -0.01em;
+    margin-bottom: 14px;
+  }
+  .tldr {
+    border: 1.5px solid var(--gray-300);
+    border-left: 3px solid var(--clay);
+    border-radius: 10px;
+    background: #fff;
+    padding: 16px 18px;
+    margin-bottom: 8px;
+  }
+  .tldr b { color: var(--slate); }
+  h2 {
+    font-family: var(--serif);
+    font-weight: 500;
+    font-size: 22px;
+    color: var(--slate);
+    margin: 40px 0 14px;
+    scroll-margin-top: 24px;
+  }
+  p { margin-bottom: 12px; max-width: 680px; }
+  code { font-family: var(--mono); font-size: 13px; }
+  /* ── collapsible ─────────────────────── */
+  details {
+    border: 1.5px solid var(--gray-300);
+    border-radius: 10px;
+    background: #fff;
+    margin: 14px 0;
+    overflow: hidden;
+  }
+  summary {
+    list-style: none;
+    cursor: pointer;
+    padding: 14px 16px;
+    font-family: var(--serif);
+    font-size: 16px;
+    color: var(--slate);
+    display: flex;
+    align-items: baseline;
+    gap: 10px;
+  }
+  summary::-webkit-details-marker { display: none; }
+  summary::before {
+    content: "▸";
+    color: var(--clay);
+    font-family: var(--sans);
+    font-size: 12px;
+    transition: transform 120ms;
+  }
+  details[open] summary::before { transform: rotate(90deg); }
+  summary .where {
+    font-family: var(--mono);
+    font-size: 11px;
+    color: var(--gray-500);
+    margin-left: auto;
+  }
+  details .body { padding: 0 16px 16px; }
+  details .body p { font-size: 14px; }
+  /* ── tabs ─────────────────────────────── */
+  .tabs {
+    border: 1.5px solid var(--gray-300);
+    border-radius: 10px;
+    background: #fff;
+    margin: 16px 0 8px;
+    overflow: hidden;
+  }
+  .tabbar {
+    display: flex;
+    border-bottom: 1px solid var(--gray-300);
+    background: var(--gray-150);
+  }
+  .tabbar button {
+    appearance: none;
+    border: none;
+    background: none;
+    font-family: var(--mono);
+    font-size: 12px;
+    color: var(--gray-500);
+    padding: 10px 16px;
+    cursor: pointer;
+    border-right: 1px solid var(--gray-300);
+  }
+  .tabbar button.on {
+    background: #fff;
+    color: var(--slate);
+    border-bottom: 2px solid var(--clay);
+    margin-bottom: -1px;
+  }
+  .tabs pre {
+    display: none;
+    margin: 0;
+    padding: 16px 18px;
+    font-family: var(--mono);
+    font-size: 12.5px;
+    line-height: 1.6;
+    color: var(--slate);
+    overflow-x: auto;
+  }
+  .tabs pre.on { display: block; }
+  .hl { color: var(--clay); }
+  .cm { color: var(--gray-500); }
+  /* ── callout ──────────────────────────── */
+  .callout {
+    display: flex;
+    gap: 12px;
+    border: 1.5px solid var(--oat);
+    background: rgba(227,218,204,0.35);
+    border-radius: 10px;
+    padding: 14px 16px;
+    margin: 18px 0;
+    font-size: 14px;
+  }
+  .callout .ico { color: var(--clay); font-weight: 600; }
+  /* ── faq ──────────────────────────────── */
+  dl.faq { margin-top: 8px; }
+  dl.faq dt {
+    font-family: var(--serif);
+    font-size: 16px;
+    color: var(--slate);
+    margin-top: 18px;
+  }
+  dl.faq dd { font-size: 14px; margin: 4px 0 0; max-width: 640px; }
+</style>
+</head>
+<body>
+<div class="page">
+  <!-- ── side nav ── -->
+  <nav>
+    <div class="label">On this page</div>
+    <a href="#tldr">TL;DR</a>
+    <a href="#path">Request path</a>
+    <a href="#path" class="l2">1. Identify</a>
+    <a href="#path" class="l2">2. Bucket lookup</a>
+    <a href="#path" class="l2">3. Consume</a>
+    <a href="#path" class="l2">4. Reject</a>
+    <a href="#config">Configuring a route</a>
+    <a href="#gotchas">Gotchas</a>
+    <a href="#faq">FAQ</a>
+    <div class="files">
+      <div class="label">Files read</div>
+      <code>middleware/ratelimit.ts</code>
+      <code>lib/tokenBucket.ts</code>
+      <code>config/limits.yaml</code>
+      <code>routes/*.ts</code>
+    </div>
+  </nav>
+  <!-- ── main ── -->
+  <main>
+    <header>
+      <div class="eyebrow">Research &amp; Learning · feature summary</div>
+      <h1>How rate limiting works in <code>birchline/api</code></h1>
+      <div class="tldr" id="tldr">
+        <b>TL;DR</b> — Every request passes through <code>rateLimit()</code> middleware, which resolves the
+        caller to a <em>bucket key</em>, fetches a token-bucket from Redis, and either consumes one token or
+        returns <code>429</code>. Limits are declared per-route in <code>config/limits.yaml</code>; routes
+        without an entry inherit the <code>default</code> tier (100 req/min per API key).
+      </div>
+    </header>
+    <h2 id="path">The request path, step by step</h2>
+    <p>Expand each step to see what runs and where it lives. The whole path is ~40 lines and adds about
+      0.4&nbsp;ms p50 to every request.</p>
+    <details open>
+      <summary>1 · Identify the caller <span class="where">middleware/ratelimit.ts:21</span></summary>
+      <div class="body">
+        <p>The middleware first reduces the request to a <code>bucketKey</code>: API key if an
+          <code>Authorization</code> header is present, otherwise the client IP (via the
+          <code>x-forwarded-for</code> chain, trusting only our own LB). Anonymous IP traffic gets a much
+          lower default tier.</p>
+      </div>
+    </details>
+    <details>
+      <summary>2 · Look up the bucket <span class="where">lib/tokenBucket.ts:9</span></summary>
+      <div class="body">
+        <p>The route name plus bucket key map to a Redis hash (<code>rl:{route}:{key}</code>) holding
+          <code>tokens</code> and <code>updatedAt</code>. If the key is missing it's created lazily at full
+          capacity — there's no warm-up.</p>
+      </div>
+    </details>
+    <details>
+      <summary>3 · Refill and consume <span class="where">lib/tokenBucket.ts:31</span></summary>
+      <div class="body">
+        <p>Refill is computed from elapsed time (<code>rate × Δt</code>, capped at <code>burst</code>), then
+          one token is subtracted. The whole read-modify-write runs as a single Lua script so concurrent
+          requests can't double-spend.</p>
+      </div>
+    </details>
+    <details>
+      <summary>4 · Reject when empty <span class="where">middleware/ratelimit.ts:48</span></summary>
+      <div class="body">
+        <p>If the script returns <code>tokens &lt; 0</code> the middleware short-circuits with
+          <code>429 Too Many Requests</code> and sets <code>Retry-After</code> to the seconds until one token
+          refills. Successful responses always carry <code>X-RateLimit-Remaining</code>.</p>
+      </div>
+    </details>
+    <h2 id="config">Configuring a limit on your route</h2>
+    <p>You don't touch the middleware. Add an entry to <code>config/limits.yaml</code> keyed by route name,
+      and (optionally) tag the route so the middleware can find it.</p>
+    <div class="tabs" data-tabs>
+      <div class="tabbar">
+        <button class="on" data-t="0">limits.yaml</button>
+        <button data-t="1">route.ts</button>
+        <button data-t="2">client response</button>
+      </div>
+<pre class="on"><span class="cm"># config/limits.yaml</span>
+default:
+  rate: 100/min
+  burst: 120
+<span class="hl">search.query</span>:
+  rate: 20/min
+  burst: 40
+  key: api_key        <span class="cm"># or: ip</span></pre>
+<pre><span class="cm">// routes/search.ts</span>
+router.post(
+  "/search",
+  <span class="hl">rateLimit("search.query")</span>,
+  handler,
+);</pre>
+<pre>HTTP/1.1 429 Too Many Requests
+Retry-After: 17
+X-RateLimit-Limit: 20
+X-RateLimit-Remaining: 0
+{ "error": "rate_limited", "retry_after": 17 }</pre>
+    </div>
+    <div class="callout">
+      <span class="ico">★</span>
+      <div>If you only need the default tier, you don't need a YAML entry at all — just wrap the handler in
+        <code>rateLimit()</code> with no argument. The route name is inferred from the path.</div>
+    </div>
+    <h2 id="gotchas">Gotchas worth knowing</h2>
+    <ul style="padding-left:20px; max-width:680px;">
+      <li style="margin-bottom:8px;"><b>Limits are per-process in dev.</b> The Redis client falls back to an
+        in-memory map when <code>REDIS_URL</code> is unset, so local testing won't reflect real cluster
+        behaviour.</li>
+      <li style="margin-bottom:8px;"><b>Burst ≠ rate.</b> <code>burst</code> is the bucket capacity; a caller
+        idle for a minute can fire <code>burst</code> requests instantly even if <code>rate</code> is low.</li>
+      <li><b>Streaming responses count once.</b> The token is consumed at request start; a 30-second SSE
+        stream still costs one token.</li>
+    </ul>
+    <h2 id="faq">FAQ</h2>
+    <dl class="faq">
+      <dt>How do I exempt internal traffic?</dt>
+      <dd>Set <code>x-birchline-internal: 1</code> from the caller; the middleware checks it against the
+        mTLS peer name and skips the bucket entirely.</dd>
+      <dt>Where do I see who's getting limited?</dt>
+      <dd>Every <code>429</code> emits a <code>ratelimit.rejected</code> metric tagged with route and key
+        type. There's a Grafana panel under <em>API → Health</em>.</dd>
+      <dt>Can a single user have a higher limit?</dt>
+      <dd>Yes — add their API key under <code>overrides:</code> in the YAML. Overrides are reloaded without
+        a deploy.</dd>
+    </dl>
+  </main>
+</div>
+<script>
+document.querySelectorAll("[data-tabs]").forEach(box => {
+  const btns = box.querySelectorAll("button");
+  const panes = box.querySelectorAll("pre");
+  btns.forEach(b => b.addEventListener("click", () => {
+    btns.forEach(x => x.classList.remove("on"));
+    panes.forEach(x => x.classList.remove("on"));
+    b.classList.add("on");
+    panes[+b.dataset.t].classList.add("on");
+  }));
+});
+</script>
+</body>
+</html>