claude-git-hooks 2.4.0 → 2.4.1

package/CHANGELOG.md

@@ -5,6 +5,33 @@ Todos los cambios notables en este proyecto se documentarán en este archivo.
 El formato está basado en [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 y este proyecto adhiere a [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.4.1] - 2025-11-19
+
+### 🐛 Fixed
+
+- **Git Bash Windows Support** - Claude hooks now works correctly on Git Bash in Windows
+  - **What changed**:
+    - `--skip-auth` now skips both Claude CLI verification AND authentication (previously only auth)
+    - Windows detection now tries native Claude first, WSL as fallback
+    - `spawn()` now uses `shell: true` to resolve `.cmd`/`.bat` executables
+  - **Why**:
+    - Installation with `--skip-auth` was failing before copying `.md` files and presets
+    - Code assumed Claude must always run via WSL on Windows, ignoring native installations
+    - Git Bash runs Node.js natively on Windows, not in WSL
+    - `spawn()` without shell couldn't find Windows batch files
+  - **Files updated**:
+    - `bin/claude-hooks:512-518` - Skip auth now skips Claude CLI check
+    - `bin/claude-hooks:532-544` - Native Windows Claude detection
+    - `lib/utils/claude-client.js:75-115` - Smart platform detection with fallback
+    - `lib/utils/claude-client.js:145-148` - Added `shell: true` for Windows compatibility
+  - **Impact**: Git Bash users on Windows can now use native Claude (via npm/NVM) instead of requiring WSL
+
+### 🎯 User Experience
+
+- **Installation**: `claude-hooks install --skip-auth` now completes successfully, installing all templates and presets
+- **NVM Compatibility**: Works with Claude CLI installed via npm in current Node version (NVM managed)
+- **Flexible Setup**: Automatically detects and uses best available Claude CLI method (native Windows or WSL)
+
 ## [2.4.0] - 2025-11-17
 
 ### ⚠️ BREAKING CHANGES

package/README.md

@@ -102,6 +102,10 @@ git commit --no-verify -m "hotfix: corrección urgente"
 git commit --amend
 ```
 
+## 📆 Próximos Desarrollos
+
+Toda idea es bienvenida, aunque parezca espantosa. Si hay bugs, incluirlos también. Dónde? en https://github.com/mscope-S-L/git-hooks/issues/new.
+
 ### ⚠️ Exclusión de Código del Análisis (EXPERIMENTAL/BROKEN)
 
 ```java
@@ -155,14 +159,14 @@ EOF
 
 #### 🎯 Presets Disponibles
 
-| Preset        | Extensiones de Archivo                                                     | Caso de Uso      | Tech Stack                   |
-| ------------- | -------------------------------------------------------------------------- | ---------------- | ---------------------------- |
-| **backend**   | `.java`, `.xml`, `.yml`, `.yaml`                                           | APIs Spring Boot | Spring Boot, JPA, SQL Server |
-| **frontend**  | `.js`, `.jsx`, `.ts`, `.tsx`, `.css`, `.scss`, `.html`                     | Apps React       | React, Redux, Material-UI    |
-| **fullstack** | Todos backend + frontend                                                   | Apps full-stack  | Spring Boot + React          |
-| **database**  | `.sql`                                                                     | Scripts de BD    | SQL Server, T-SQL            |
-| **ai**        | `.js`, `.json`, `.md`, `.sh`                                               | Herramientas CLI | Node.js, Claude API          |
-| **default**   | `.js`, `.sh`, `.py`, `.rb`, `.pl`, `.sql`, `.yaml`, `.json`, `.xml`, `.md` | Propósito general| Lenguajes mixtos             |
+| Preset        | Extensiones de Archivo                                                     | Caso de Uso       | Tech Stack                   |
+| ------------- | -------------------------------------------------------------------------- | ----------------- | ---------------------------- |
+| **backend**   | `.java`, `.xml`, `.yml`, `.yaml`                                           | APIs Spring Boot  | Spring Boot, JPA, SQL Server |
+| **frontend**  | `.js`, `.jsx`, `.ts`, `.tsx`, `.css`, `.scss`, `.html`                     | Apps React        | React, Redux, Material-UI    |
+| **fullstack** | Todos backend + frontend                                                   | Apps full-stack   | Spring Boot + React          |
+| **database**  | `.sql`                                                                     | Scripts de BD     | SQL Server, T-SQL            |
+| **ai**        | `.js`, `.json`, `.md`, `.sh`                                               | Herramientas CLI  | Node.js, Claude API          |
+| **default**   | `.js`, `.sh`, `.py`, `.rb`, `.pl`, `.sql`, `.yaml`, `.json`, `.xml`, `.md` | Propósito general | Lenguajes mixtos             |
 
 ---
 
@@ -421,9 +425,6 @@ Durante la instalación, Claude Hooks actualiza automáticamente tu `.gitignore`
 ```gitignore
 # Claude Git Hooks
 .claude/
-debug-claude-response.json
-claude_resolution_prompt.md
-.claude-pr-analysis.json
 ```
 
 Esto asegura que:
@@ -616,34 +617,36 @@ claude-git-hooks/
 
 #### Core Utilities
 
-| Module | Purpose | Key Exports | Usage Context |
-|--------|---------|-------------|---------------|
-| **`config.js`** | Centralized configuration management | `getConfig()`, `defaults` | Priority merging: defaults < user < preset |
-| **`logger.js`** | Structured logging with debug support | `info()`, `warning()`, `error()`, `debug()` | Console output with context tracking |
-| **`git-operations.js`** | Git command abstractions | `getRepoRoot()`, `getStagedFiles()`, `getDiff()` | Safe git operations with error handling |
-| **`file-utils.js`** | File system operations | `ensureDir()`, `writeFile()` | Repo-root-relative path handling |
-| **`claude-client.js`** | Claude CLI integration | `analyzeCode()`, `analyzeCodeParallel()` | Prompt execution with timeout/retry |
-| **`prompt-builder.js`** | Template-based prompts | `buildAnalysisPrompt()`, `loadTemplate()` | Dynamic prompt construction from .md files |
-| **`preset-loader.js`** | Preset system | `loadPreset()`, `listPresets()`, `loadTemplate()` | Metadata, config, template loading |
-| **`resolution-prompt.js`** | Issue resolution prompts | `generateResolutionPrompt()` | AI-friendly error remediation prompts |
-| **`installation-diagnostics.js`** | Installation error diagnostics | `formatError()`, `getInstallationDiagnostics()` | Installation error formatting with remediation |
-| **`claude-diagnostics.js`** | Claude CLI error diagnostics | `detectClaudeError()`, `formatClaudeError()` | Rate limit, auth, network error detection |
+| Module                            | Purpose                               | Key Exports                                       | Usage Context                                  |
+| --------------------------------- | ------------------------------------- | ------------------------------------------------- | ---------------------------------------------- |
+| **`config.js`**                   | Centralized configuration management  | `getConfig()`, `defaults`                         | Priority merging: defaults < user < preset     |
+| **`logger.js`**                   | Structured logging with debug support | `info()`, `warning()`, `error()`, `debug()`       | Console output with context tracking           |
+| **`git-operations.js`**           | Git command abstractions              | `getRepoRoot()`, `getStagedFiles()`, `getDiff()`  | Safe git operations with error handling        |
+| **`file-utils.js`**               | File system operations                | `ensureDir()`, `writeFile()`                      | Repo-root-relative path handling               |
+| **`claude-client.js`**            | Claude CLI integration                | `analyzeCode()`, `analyzeCodeParallel()`          | Prompt execution with timeout/retry            |
+| **`prompt-builder.js`**           | Template-based prompts                | `buildAnalysisPrompt()`, `loadTemplate()`         | Dynamic prompt construction from .md files     |
+| **`preset-loader.js`**            | Preset system                         | `loadPreset()`, `listPresets()`, `loadTemplate()` | Metadata, config, template loading             |
+| **`resolution-prompt.js`**        | Issue resolution prompts              | `generateResolutionPrompt()`                      | AI-friendly error remediation prompts          |
+| **`installation-diagnostics.js`** | Installation error diagnostics        | `formatError()`, `getInstallationDiagnostics()`   | Installation error formatting with remediation |
+| **`claude-diagnostics.js`**       | Claude CLI error diagnostics          | `detectClaudeError()`, `formatClaudeError()`      | Rate limit, auth, network error detection      |
 
 #### Using Utilities in Other Claude Instances
 
 **Example: Check installation health**
+
 ```javascript
 import { formatError } from './lib/utils/installation-diagnostics.js';
 
 try {
-  // ... operation that may fail
+    // ... operation that may fail
 } catch (error) {
-  console.error(formatError('Operation failed', ['Additional context line']));
-  process.exit(1);
+    console.error(formatError('Operation failed', ['Additional context line']));
+    process.exit(1);
 }
 ```
 
 **Example: Load configuration**
+
 ```javascript
 import { getConfig } from './lib/config.js';
 
@@ -652,6 +655,7 @@ const maxFiles = config.analysis.maxFiles;
 ```
 
 **Example: Execute git operations**
+
 ```javascript
 import { getRepoRoot, getStagedFiles } from './lib/utils/git-operations.js';
 
@@ -660,13 +664,14 @@ const files = getStagedFiles({ extensions: ['.js', '.ts'] });
 ```
 
 **Example: Build custom prompts**
+
 ```javascript
 import { buildAnalysisPrompt } from './lib/utils/prompt-builder.js';
 
 const prompt = await buildAnalysisPrompt({
-  templateName: 'CUSTOM_PROMPT.md',
-  files: filesData,
-  metadata: { REPO_NAME: 'my-repo' }
+    templateName: 'CUSTOM_PROMPT.md',
+    files: filesData,
+    metadata: { REPO_NAME: 'my-repo' }
 });
 ```
 

package/bin/claude-hooks

@@ -509,14 +509,12 @@ async function checkAndInstallDependencies(sudoPassword = null, skipAuth = false
 
   // v2.0.0+: Unix tools (sed, awk, grep, etc.) no longer needed (pure Node.js implementation)
 
-  // Check and install Claude CLI
-  await checkAndInstallClaude();
-
-  // Check Claude authentication (if not skipped)
+  // Check and install Claude CLI (skip if --skip-auth)
   if (!skipAuth) {
+    await checkAndInstallClaude();
     await checkClaudeAuth();
   } else {
-    warning('Skipping Claude authentication verification (--skip-auth)');
+    warning('Skipping Claude CLI verification and authentication (--skip-auth)');
   }
 
   // Clear password from memory
@@ -530,9 +528,19 @@ function isWindows() {
 }
 
 // Get Claude command based on platform
-// Why: On Windows, Claude CLI runs in WSL, so we need 'wsl claude'
+// Why: On Windows, try native Claude first, then WSL as fallback
 function getClaudeCommand() {
-  return isWindows() ? 'wsl claude' : 'claude';
+  if (isWindows()) {
+    // Try native Windows Claude first
+    try {
+      execSync('claude --version', { stdio: 'ignore', timeout: 3000 });
+      return 'claude';
+    } catch (e) {
+      // Fallback to WSL
+      return 'wsl claude';
+    }
+  }
+  return 'claude';
 }
 
 // Check if we need to install dependencies
@@ -1310,7 +1318,7 @@ async function updateConfig(propertyPath, value, options = {}) {
     fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
 
     // Show success message
-    const message = successMessage ? successMessage(value) : 'Configuration updated';
+    const message = successMessage ? await successMessage(value) : 'Configuration updated';
     success(message);
     info(`Configuration saved to ${configPath}`);
   } catch (err) {

package/lib/utils/claude-client.js

@@ -67,22 +67,49 @@ const isWSLAvailable = () => {
 
 /**
  * Get Claude command configuration for current platform
- * Why: On Windows, Claude CLI runs in WSL, so we need 'wsl' as command and 'claude' as arg
+ * Why: On Windows, try native Claude first, then WSL as fallback
  *
  * @returns {Object} { command, args } - Command and base arguments
- * @throws {ClaudeClientError} If Windows without WSL
+ * @throws {ClaudeClientError} If Claude not available on any method
  */
 const getClaudeCommand = () => {
     if (isWindows()) {
-        if (!isWSLAvailable()) {
-            throw new ClaudeClientError('WSL is required on Windows but not found', {
-                context: {
-                    platform: 'Windows',
-                    suggestion: 'Install WSL: https://docs.microsoft.com/en-us/windows/wsl/install'
-                }
-            });
+        // Try native Windows Claude first (e.g., installed via npm/scoop/choco)
+        try {
+            execSync('claude --version', { stdio: 'ignore', timeout: 3000 });
+            logger.debug('claude-client - getClaudeCommand', 'Using native Windows Claude CLI');
+            return { command: 'claude', args: [] };
+        } catch (nativeError) {
+            logger.debug('claude-client - getClaudeCommand', 'Native Claude not found, trying WSL');
+
+            // Fallback to WSL
+            if (!isWSLAvailable()) {
+                throw new ClaudeClientError('Claude CLI not found. Install Claude CLI natively on Windows or via WSL', {
+                    context: {
+                        platform: 'Windows',
+                        suggestions: [
+                            'Native Windows: npm install -g @anthropic-ai/claude-cli',
+                            'WSL: wsl --install, then install Claude in WSL'
+                        ]
+                    }
+                });
+            }
+
+            // Check if Claude is available in WSL
+            try {
+                execSync('wsl claude --version', { stdio: 'ignore', timeout: 5000 });
+                logger.debug('claude-client - getClaudeCommand', 'Using WSL Claude CLI');
+                return { command: 'wsl', args: ['claude'] };
+            } catch (wslError) {
+                throw new ClaudeClientError('Claude CLI not found in Windows or WSL', {
+                    context: {
+                        platform: 'Windows',
+                        nativeError: nativeError.message,
+                        wslError: wslError.message
+                    }
+                });
+            }
         }
-        return { command: 'wsl', args: ['claude'] };
     }
     return { command: 'claude', args: [] };
 };
@@ -114,8 +141,10 @@ const executeClaude = (prompt, { timeout = 120000 } = {}) => {
 
         // Why: Use spawn instead of exec to handle large prompts and responses
         // spawn streams data, exec buffers everything in memory
+        // shell: true needed on Windows to resolve .cmd/.bat executables
         const claude = spawn(command, args, {
-            stdio: ['pipe', 'pipe', 'pipe'] // stdin, stdout, stderr
+            stdio: ['pipe', 'pipe', 'pipe'], // stdin, stdout, stderr
+            shell: true // Required for Windows to find .cmd/.bat files
         });
 
         let stdout = '';

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "claude-git-hooks",
-    "version": "2.4.0",
+    "version": "2.4.1",
     "description": "Git hooks with Claude CLI for code analysis and automatic commit messages",
     "type": "module",
     "bin": {

package/templates/config.example.json

@@ -1,41 +1,41 @@
-{
-    "preset": "ai",
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 30,
-        "timeout": 180000,
-        "contextLines": 3,
-        "ignoreExtensions": []
-    },
-    "commitMessage": {
-        "autoKeyword": "auto",
-        "timeout": 180000
-    },
-    "subagents": {
-        "enabled": false,
-        "model": "haiku",
-        "batchSize": 1
-    },
-    "templates": {
-        "baseDir": ".claude",
-        "analysis": "CLAUDE_ANALYSIS_PROMPT_SONAR.md",
-        "guidelines": "CLAUDE_PRE_COMMIT_SONAR.md",
-        "commitMessage": "COMMIT_MESSAGE.md",
-        "analyzeDiff": "ANALYZE_DIFF.md",
-        "resolution": "CLAUDE_RESOLUTION_PROMPT.md",
-        "subagentInstruction": "SUBAGENT_INSTRUCTION.md"
-    },
-    "output": {
-        "outputDir": ".claude/out",
-        "debugFile": ".claude/out/debug-claude-response.json",
-        "resolutionFile": ".claude/out/claude_resolution_prompt.md",
-        "prAnalysisFile": ".claude/out/pr-analysis.json"
-    },
-    "system": {
-        "debug": false,
-        "wslCheckTimeout": 3000
-    },
-    "git": {
-        "diffFilter": "ACM"
-    }
-}
+{
+    "preset": "ai",
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 30,
+        "timeout": 180000,
+        "contextLines": 3,
+        "ignoreExtensions": []
+    },
+    "commitMessage": {
+        "autoKeyword": "auto",
+        "timeout": 180000
+    },
+    "subagents": {
+        "enabled": false,
+        "model": "haiku",
+        "batchSize": 1
+    },
+    "templates": {
+        "baseDir": ".claude",
+        "analysis": "CLAUDE_ANALYSIS_PROMPT_SONAR.md",
+        "guidelines": "CLAUDE_PRE_COMMIT_SONAR.md",
+        "commitMessage": "COMMIT_MESSAGE.md",
+        "analyzeDiff": "ANALYZE_DIFF.md",
+        "resolution": "CLAUDE_RESOLUTION_PROMPT.md",
+        "subagentInstruction": "SUBAGENT_INSTRUCTION.md"
+    },
+    "output": {
+        "outputDir": ".claude/out",
+        "debugFile": ".claude/out/debug-claude-response.json",
+        "resolutionFile": ".claude/out/claude_resolution_prompt.md",
+        "prAnalysisFile": ".claude/out/pr-analysis.json"
+    },
+    "system": {
+        "debug": false,
+        "wslCheckTimeout": 3000
+    },
+    "git": {
+        "diffFilter": "ACM"
+    }
+}

package/templates/presets/ai/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}

package/templates/presets/ai/preset.json

@@ -1,42 +1,37 @@
 {
-  "name": "ai",
-  "displayName": "AI/CLI (Node.js + Claude)",
-  "description": "Node.js CLI tools with Claude API integration",
-  "version": "1.0.0",
+    "name": "ai",
+    "displayName": "AI/CLI (Node.js + Claude)",
+    "description": "Node.js CLI tools with Claude API integration",
+    "version": "1.0.0",
 
-  "techStack": [
-    "Node.js",
-    "ES Modules",
-    "Claude API",
-    "CLI tools",
-    "Git hooks",
-    "Bash scripting",
-    "Markdown templates"
-  ],
+    "techStack": [
+        "Node.js",
+        "ES Modules",
+        "Claude API",
+        "CLI tools",
+        "Git hooks",
+        "Bash scripting",
+        "Markdown templates"
+    ],
 
-  "fileExtensions": [
-    ".js",
-    ".json",
-    ".md",
-    ".sh"
-  ],
+    "fileExtensions": [".js", ".json", ".md", ".sh"],
 
-  "focusAreas": [
-    "Claude API usage and best practices",
-    "Prompt engineering quality",
-    "CLI user experience",
-    "Error handling and logging",
-    "Git operations safety",
-    "Cross-platform compatibility",
-    "Token usage optimization",
-    "Security (API keys, secrets)"
-  ],
+    "focusAreas": [
+        "Claude API usage and best practices",
+        "Prompt engineering quality",
+        "CLI user experience",
+        "Error handling and logging",
+        "Git operations safety",
+        "Cross-platform compatibility",
+        "Token usage optimization",
+        "Security (API keys, secrets)"
+    ],
 
-  "templates": {
-    "analysis": "ANALYSIS_PROMPT.md",
-    "guidelines": "PRE_COMMIT_GUIDELINES.md",
-    "commitMessage": "../shared/COMMIT_MESSAGE.md",
-    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
-    "resolution": "../shared/RESOLUTION_PROMPT.md"
-  }
+    "templates": {
+        "analysis": "ANALYSIS_PROMPT.md",
+        "guidelines": "PRE_COMMIT_GUIDELINES.md",
+        "commitMessage": "../shared/COMMIT_MESSAGE.md",
+        "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+        "resolution": "../shared/RESOLUTION_PROMPT.md"
+    }
 }

package/templates/presets/backend/ANALYSIS_PROMPT.md

@@ -13,32 +13,35 @@ Perform a comprehensive code quality analysis focusing on these areas:
 ## Analysis Guidelines
 
 1. **Security First**: Check for OWASP Top 10 vulnerabilities, especially:
-   - SQL injection risks
-   - Authentication/authorization flaws
-   - Sensitive data exposure
-   - XML external entities (XXE)
-   - Insecure deserialization
+    - SQL injection risks
+    - Authentication/authorization flaws
+    - Sensitive data exposure
+    - XML external entities (XXE)
+    - Insecure deserialization
 
 2. **Spring Boot Best Practices**:
-   - Proper use of `@Transactional`
-   - Correct exception handling
-   - Appropriate use of DTOs vs Entities
-   - Proper dependency injection
-   - Configuration management
+    - Proper use of `@Transactional`
+    - Correct exception handling
+    - Appropriate use of DTOs vs Entities
+    - Proper dependency injection // Si intelligence -> recomendar @RequiredArgsConstructor || Si Automation -> recomendar @Autowired
+    - Configuration management
 
 3. **JPA/Hibernate**:
-   - N+1 query problems
-   - Lazy loading issues
-   - Proper use of relationships
-   - Query optimization
-   - Transaction boundaries
+    - N+1 query problems
+    - Lazy loading issues
+    - Proper use of relationships
+    - Query optimization
+    - Transaction boundaries
 
 4. **Code Quality**:
-   - SOLID principles
-   - DRY violations
-   - Proper error handling
-   - Logging best practices
-   - Test coverage
+    - SOLID principles
+    - DRY violations
+    - Proper error handling
+    - Logging should be like so
+        - debug: regular flow, operations details
+        - info: important business events
+        - warn: anomalies and manageable errors
+        - error: exceptions and errors
 
 ## Output Format
 
@@ -48,14 +51,6 @@ Respond with a valid JSON following the SonarQube format:
 {
   "QUALITY_GATE": "PASSED|FAILED",
   "approved": true|false,
-  "metrics": {
-    "reliability": "A|B|C|D|E",
-    "security": "A|B|C|D|E",
-    "maintainability": "A|B|C|D|E",
-    "coverage": 0-100,
-    "duplications": 0-100,
-    "complexity": "number"
-  },
   "issues": {
     "blocker": 0,
     "critical": 0,

package/templates/presets/backend/PRE_COMMIT_GUIDELINES.md

@@ -3,45 +3,63 @@
 ## Spring Boot Standards
 
 ### Controllers
-- Use proper HTTP methods and status codes
+
+- Use proper HTTP methods
+- Endpoints should handle entities as substantives
+- Make sure Response Codes include: [200, 201, 204, 400, 401, 403, 404, 409, 422, 500, 503] (if non-compliant classify as BLOCKER)
 - Validate input with `@Valid`
 - Handle exceptions with `@ExceptionHandler`
 - Keep controllers thin - business logic in services
 - Use DTOs for API contracts
 
 ### Services
+
 - Use `@Transactional` appropriately
 - Handle exceptions properly
 - Keep methods focused and small
 - Avoid business logic in controllers or repositories
 
 ### Repositories
+
 - Extend appropriate Spring Data interfaces
 - Use method naming conventions for queries
 - Optimize queries with `@Query` when needed
 - Avoid N+1 problems with `@EntityGraph`
 
 ### Entities
+
 - Use Lombok annotations appropriately
 - Define proper relationships (`@OneToMany`, `@ManyToOne`, etc.)
 - Use `@Version` for optimistic locking
 - Never expose entities in API - use DTOs
 
+### Mappers
+
+- Use Mapstruct for all mapping (If non-compliant, classify as MINOR)
+- Mappers should not have logic (If non-compliant, classify as MAJOR)
+
+### Logging
+
+- Recommend @Slf4j annotation in Lombok (If non-compliant, classify as MINOR)
+
 ## Security Requirements
 
 ### Authentication & Authorization
+
 - Never hardcode credentials
 - Use Spring Security properly
 - Validate JWT tokens correctly
 - Check permissions before operations
 
 ### Data Validation
+
 - Validate all user input
 - Use parameterized queries (JPA does this by default)
 - Sanitize data before logging
 - Never trust client-side validation alone
 
 ### SQL Injection Prevention
+
 - Always use JPA/JPQL or prepared statements
 - Never concatenate SQL strings
 - Be careful with native queries
@@ -50,35 +68,55 @@
 ## Performance
 
 ### Database
+
 - Use pagination for large result sets
 - Optimize queries with proper indexes
 - Avoid loading unnecessary data
 - Use projections when you don't need full entities
 
 ### Threading
+
 - Be careful with `@Async` methods
 - Use proper thread pool configuration
 - Avoid blocking operations in async methods
 - Handle exceptions in async methods
 
 ### Caching
+
 - Use `@Cacheable` appropriately
 - Clear caches when data changes
 - Don't cache sensitive data without encryption
 
 ## Testing
 
-- Write unit tests for business logic
+### Unit Tests
+
+- Unit tests should use exclusively JUnit 5, and specific annotations @SpringBootTest, @MockBean, @Test
 - Use `@DataJpaTest` for repository tests
 - Use `@WebMvcTest` for controller tests
 - Mock external dependencies
 - Aim for 80%+ coverage on new code
 
+### Integration Tests
+
+- Use `@SpringBootTest` with real application context
+- Test complete request-response flows
+- Verify database transactions and rollbacks
+- Test API endpoint integration with all layers
+- Use `@Transactional` with `@Rollback` for test data cleanup
+
+### Security Tests
+
+- Test authentication and authorization scenarios
+- Verify access control for protected endpoints
+- Test with invalid/expired tokens
+- Validate input sanitization and XSS prevention
+- Test SQL injection prevention with malicious input
+
 ## Common Issues to Avoid
 
 ❌ Returning entities from controllers
 ❌ Missing `@Transactional` on write operations
-❌ N+1 query problems
 ❌ Hardcoded secrets or credentials
 ❌ Catching and ignoring exceptions
 ❌ Missing input validation

package/templates/presets/backend/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}

package/templates/presets/database/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 8,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 2
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 8,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 2
+    }
+}

package/templates/presets/default/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}

package/templates/presets/frontend/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}

package/templates/presets/fullstack/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 15,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 4
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 15,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 4
+    }
+}