claude-toolkit 0.1.9 → 0.1.12

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 0.1.12 (2026-04-05)
+
+- docs: update skills and docs to 2026 best practices
+
+## 0.1.11 (2026-04-05)
+
+- refactor: rename skill folders to match ct- prefixed skill names
+
+## 0.1.10 (2026-04-05)
+
+- chore: update typescript to ^6.0.2 and require bun >=1.3.0
+
 ## 0.1.9 (2026-04-04)
 
 - docs: add Zod/Valibot runtime validation section to SolidJS data fetching

package/core/skills/{testing-patterns → ct-testing-patterns}/SKILL.md

@@ -38,6 +38,35 @@ New required fields update the factory once, not every test.
 - Keep mocks minimal -- only methods your code calls. Reset between tests.
 - Verify mocks match the real API. Update when APIs change.
 
+## Property-Based Testing
+
+When a function has a contract ("for all valid inputs X, property Y holds"), use property-based tests to verify it across generated inputs instead of hand-picked examples:
+
+```
+// Instead of testing 3-4 specific inputs:
+test("sort is idempotent", () => {
+  fc.assert(fc.property(fc.array(fc.integer()), (arr) => {
+    const sorted = mySort(arr);
+    expect(mySort(sorted)).toEqual(sorted);
+  }));
+});
+```
+
+Good candidates: serialization round-trips, math properties, parsers, encoding/decoding, sorting invariants.
+
+## Bun Test Runner
+
+Bun includes a built-in test runner. Use `bun test` for projects on the Bun runtime:
+
+```
+bun test                    # run all *.test.ts files
+bun test --watch            # re-run on changes
+bun test --coverage         # with code coverage
+bun test path/to/file.test.ts  # single file
+```
+
+Bun supports `describe`, `it`/`test`, `expect`, lifecycle hooks, and snapshot testing out of the box with no additional dependencies.
+
 ## Test Pyramid
 
 Many unit tests (fast, focused) > some integration tests (multi-component) > few E2E tests (full flow).

package/core/skills/{typescript-conventions → ct-typescript-conventions}/SKILL.md

@@ -40,6 +40,47 @@ type AsyncState<T> =
   | { status: "error"; error: Error };
 ```
 
+## `satisfies` Operator
+
+Validate a value matches a type without widening it. Preserves the narrowest inferred type while ensuring conformance.
+
+```typescript
+type Route = { path: string; children?: Route[] };
+
+const routes = {
+  home: { path: "/" },
+  user: { path: "/user/:id", children: [{ path: "settings" }] },
+} satisfies Record<string, Route>;
+
+// routes.home.path is still "/" (literal), not string
+```
+
+## `const` Type Parameters
+
+Infer literal types from arguments without requiring callers to write `as const`:
+
+```typescript
+function createConfig<const T extends readonly string[]>(names: T): Record<T[number], boolean> {
+  return Object.fromEntries(names.map(n => [n, false])) as Record<T[number], boolean>;
+}
+
+// result type: Record<"debug" | "verbose", boolean> -- not Record<string, boolean>
+const flags = createConfig(["debug", "verbose"]);
+```
+
+## Template Literal Types
+
+Build precise string types from unions:
+
+```typescript
+type EventName = "click" | "focus" | "blur";
+type Handler = `on${Capitalize<EventName>}`; // "onClick" | "onFocus" | "onBlur"
+
+type Locale = "en" | "fr" | "ja";
+type Currency = "USD" | "EUR" | "JPY";
+type PriceKey = `price:${Locale}:${Currency}`; // 9 valid combinations
+```
+
 ## Generic Constraints
 
 ```typescript

package/core/skills/{verification-before-completion → ct-verification-before-completion}/SKILL.md

@@ -31,12 +31,22 @@ Do not assume edge cases work because the happy path works.
 - Verify consumers of changed APIs/schemas still work.
 - Smoke test the running application if applicable.
 
+## Security Check
+
+Before completing work that touches dependencies, inputs, or external data:
+
+- **Dependency audit** -- Run `bun audit` or `npm audit` and resolve critical/high vulnerabilities.
+- **Input validation** -- Verify user-facing inputs are validated at system boundaries (no SQL injection, XSS, command injection).
+- **Secret exposure** -- Confirm no secrets, API keys, or credentials in committed code or logs.
+
 ## Evidence Format
 
 ```
 ## Completed: [task name]
 - Tests: X passing (Y new, Z existing) -- [command output]
 - Types: tsc --noEmit: 0 errors
+- Lint: 0 violations
+- Security: audit clean, no exposed secrets
 - Manual: [endpoint/action]: [status/result]
 - Edge cases: [what was verified]
 ```

package/docs/skills/systematic-debugging.md

@@ -3,7 +3,7 @@
 > Four-phase methodology for diagnosing and fixing bugs efficiently without guesswork.
 
 **Type:** Core Skill (always included)
-**Source:** [`core/skills/systematic-debugging/SKILL.md`](../core/skills/systematic-debugging/SKILL.md)
+**Source:** [`core/skills/ct-systematic-debugging/SKILL.md`](../core/skills/ct-systematic-debugging/SKILL.md)
 
 ## Overview
 

package/docs/skills/testing-patterns.md

@@ -3,7 +3,7 @@
 > Generic test-driven development practices and patterns applicable to any language or test framework.
 
 **Type:** Core Skill (always included)
-**Source:** [`core/skills/testing-patterns/SKILL.md`](../core/skills/testing-patterns/SKILL.md)
+**Source:** [`core/skills/ct-testing-patterns/SKILL.md`](../core/skills/ct-testing-patterns/SKILL.md)
 
 ## Overview
 
@@ -71,6 +71,35 @@ const admin = getMockUser({ role: "admin" });
 
 The ratio should be roughly pyramid-shaped: many unit tests, some integration tests, few E2E tests.
 
+## Property-Based Testing
+
+When a function has a contract ("for all valid inputs X, property Y holds"), use property-based tests to verify across generated inputs instead of hand-picked examples:
+
+```typescript
+// Instead of testing 3-4 specific inputs:
+test("sort is idempotent", () => {
+  fc.assert(fc.property(fc.array(fc.integer()), (arr) => {
+    const sorted = mySort(arr);
+    expect(mySort(sorted)).toEqual(sorted);
+  }));
+});
+```
+
+Good candidates: serialization round-trips, math properties, parsers, encoding/decoding, sorting invariants.
+
+## Bun Test Runner
+
+Bun includes a built-in test runner with no additional dependencies:
+
+```bash
+bun test                       # run all *.test.ts files
+bun test --watch               # re-run on changes
+bun test --coverage            # with code coverage
+bun test path/to/file.test.ts  # single file
+```
+
+Supports `describe`, `it`/`test`, `expect`, lifecycle hooks, and snapshot testing out of the box.
+
 ## Anti-patterns
 
 | Anti-pattern | Description |

package/docs/skills/typescript-conventions.md

@@ -3,7 +3,7 @@
 > Strict TypeScript patterns for type safety, readability, and maintainable codebases.
 
 **Type:** Core Skill (always included)
-**Source:** [`core/skills/typescript-conventions/SKILL.md`](../core/skills/typescript-conventions/SKILL.md)
+**Source:** [`core/skills/ct-typescript-conventions/SKILL.md`](../core/skills/ct-typescript-conventions/SKILL.md)
 
 ## Overview
 
@@ -94,6 +94,47 @@ type AsyncState<T> =
   | { status: "error"; error: Error };
 ```
 
+### `satisfies` Operator
+
+Validate a value conforms to a type without widening its inferred type:
+
+```typescript
+type Route = { path: string; children?: Route[] };
+
+const routes = {
+  home: { path: "/" },
+  user: { path: "/user/:id", children: [{ path: "settings" }] },
+} satisfies Record<string, Route>;
+
+// routes.home.path is "/" (literal), not string
+```
+
+### `const` Type Parameters
+
+Infer literal types from arguments without requiring callers to write `as const`:
+
+```typescript
+function createConfig<const T extends readonly string[]>(names: T): Record<T[number], boolean> {
+  return Object.fromEntries(names.map(n => [n, false])) as Record<T[number], boolean>;
+}
+
+// result: Record<"debug" | "verbose", boolean>
+const flags = createConfig(["debug", "verbose"]);
+```
+
+### Template Literal Types
+
+Build precise string types from unions:
+
+```typescript
+type EventName = "click" | "focus" | "blur";
+type Handler = `on${Capitalize<EventName>}`; // "onClick" | "onFocus" | "onBlur"
+
+type Locale = "en" | "fr" | "ja";
+type Currency = "USD" | "EUR" | "JPY";
+type PriceKey = `price:${Locale}:${Currency}`; // 9 valid combinations
+```
+
 ### Generic Constraints
 
 Use `extends` to constrain generics, documenting expectations and catching misuse:

package/docs/skills/verification-before-completion.md

@@ -3,7 +3,7 @@
 > Evidence-based completion claims -- never say "done" without proof that the work is correct.
 
 **Type:** Core Skill (always included)
-**Source:** [`core/skills/verification-before-completion/SKILL.md`](../core/skills/verification-before-completion/SKILL.md)
+**Source:** [`core/skills/ct-verification-before-completion/SKILL.md`](../core/skills/ct-verification-before-completion/SKILL.md)
 
 ## Overview
 
@@ -46,7 +46,15 @@ Test boundaries and unusual inputs explicitly:
 - **Concurrent access** -- simultaneous requests or operations
 - **Error paths** -- network failures, database errors, permission denied
 
-### 6. Regression Check
+### 6. Security Check
+
+Before completing work that touches dependencies, inputs, or external data:
+
+- **Dependency audit** -- Run `bun audit` or `npm audit` and resolve critical/high vulnerabilities
+- **Input validation** -- Verify user-facing inputs are validated at system boundaries (no SQL injection, XSS, command injection)
+- **Secret exposure** -- Confirm no secrets, API keys, or credentials in committed code or logs
+
+### 7. Regression Check
 
 - Run related tests, not just the tests you wrote
 - Check integration points if you changed a shared utility, API contract, or database schema
@@ -66,6 +74,10 @@ When reporting completion, include concrete evidence:
 ### Type check
 - `tsc --noEmit`: 0 errors
 
+### Security
+- `bun audit`: 0 vulnerabilities
+- No secrets in committed files
+
 ### Manual verification
 - POST /api/auth/login with valid credentials: 200 + JWT token
 - POST /api/auth/login with wrong password: 401 + error message

package/docs/stacks/cloudflare-d1-kv.md

@@ -3,7 +3,7 @@
 > Cloudflare D1 SQL database and KV cache patterns.
 
 **Type:** Stack Skill (requires `cloudflare` stack)
-**Source:** [`stacks/cloudflare/skills/cloudflare-d1-kv/SKILL.md`](../stacks/cloudflare/skills/cloudflare-d1-kv/SKILL.md)
+**Source:** [`stacks/cloudflare/skills/ct-cloudflare-d1-kv/SKILL.md`](../stacks/cloudflare/skills/ct-cloudflare-d1-kv/SKILL.md)
 **Directory Mappings:** `src/db/`, `migrations/`
 **File Extensions:** `.sql`
 
@@ -98,6 +98,40 @@ cache:feed:{userId}:page:{pageNum}
 
 Invalidate on write operations by deleting the corresponding cache key after updating D1.
 
+## Hyperdrive (External Database Acceleration)
+
+Hyperdrive accelerates connections to external PostgreSQL/MySQL databases from Workers by maintaining regional connection pools close to your database, eliminating per-request TCP/TLS handshake overhead.
+
+### Setup
+
+```toml
+# wrangler.toml
+[[hyperdrive]]
+binding = "HYPERDRIVE"
+id = "<hyperdrive-config-id>"
+```
+
+```typescript
+// Access the connection string in your Worker
+const sql = env.HYPERDRIVE.connectionString;
+// Pass to your Postgres/MySQL client (e.g., node-postgres, drizzle)
+```
+
+### When to Use
+
+| Scenario | Use |
+|---|---|
+| Simple data, edge-native | **D1** (serverless SQLite) |
+| Read-heavy caching layer | **KV** (eventually consistent) |
+| Full relational DB (Postgres/MySQL) | **Hyperdrive** + external DB |
+
+### Key Points
+
+- Always use Hyperdrive when connecting to external databases from Workers
+- Caches common read queries automatically, reducing origin load
+- Connection pool size is configurable per Hyperdrive config (minimum 5 connections)
+- Understands read vs write queries for intelligent caching
+
 ## Anti-patterns
 
 | Anti-pattern | Why it's wrong |

package/docs/stacks/i18n-typesafe.md

@@ -3,7 +3,7 @@
 > Typesafe-i18n internationalization patterns for SolidJS.
 
 **Type:** Stack Skill (requires `i18n-typesafe` stack)
-**Source:** [`stacks/i18n-typesafe/skills/i18n-typesafe/SKILL.md`](../stacks/i18n-typesafe/skills/i18n-typesafe/SKILL.md)
+**Source:** [`stacks/i18n-typesafe/skills/ct-i18n-typesafe/SKILL.md`](../stacks/i18n-typesafe/skills/ct-i18n-typesafe/SKILL.md)
 **Directory Mappings:** `src/locales/`, `src/i18n/`
 
 ## Overview

package/docs/stacks/protobuf-contracts.md

@@ -3,7 +3,7 @@
 > Protocol Buffer definitions and code generation for frontend/backend contracts.
 
 **Type:** Stack Skill (requires `protobuf` stack)
-**Source:** [`stacks/protobuf/skills/protobuf-contracts/SKILL.md`](../stacks/protobuf/skills/protobuf-contracts/SKILL.md)
+**Source:** [`stacks/protobuf/skills/ct-protobuf-contracts/SKILL.md`](../stacks/protobuf/skills/ct-protobuf-contracts/SKILL.md)
 **Directory Mappings:** `proto/`
 **File Extensions:** `.proto`
 

package/docs/stacks/rust-wasm-patterns.md

@@ -3,7 +3,7 @@
 > Rust WASM patterns for Cloudflare Workers with worker-rs.
 
 **Type:** Stack Skill (requires `rust-wasm` stack)
-**Source:** [`stacks/rust-wasm/skills/rust-wasm-patterns/SKILL.md`](../stacks/rust-wasm/skills/rust-wasm-patterns/SKILL.md)
+**Source:** [`stacks/rust-wasm/skills/ct-rust-wasm-patterns/SKILL.md`](../stacks/rust-wasm/skills/ct-rust-wasm-patterns/SKILL.md)
 **Directory Mappings:** `worker/`, `worker/src/`
 **File Extensions:** `.rs`, `.toml`
 
@@ -88,7 +88,7 @@ Use `#[derive(Serialize, Deserialize)]` for request/response types. Parse reques
 crate-type = ["cdylib"]
 
 [dependencies]
-worker = "0.4"
+worker = "0.5"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 console_error_panic_hook = "0.1"

package/docs/stacks/solidjs-patterns.md

@@ -3,7 +3,7 @@
 > SolidJS reactivity, signals, effects, and component patterns.
 
 **Type:** Stack Skill (requires `solidjs` stack)
-**Source:** [`stacks/solidjs/skills/solidjs-patterns/SKILL.md`](../stacks/solidjs/skills/solidjs-patterns/SKILL.md)
+**Source:** [`stacks/solidjs/skills/ct-solidjs-patterns/SKILL.md`](../stacks/solidjs/skills/ct-solidjs-patterns/SKILL.md)
 **Directory Mappings:** `src/components/`, `src/hooks/`, `src/pages/`
 **File Extensions:** `.tsx`, `.jsx`
 

package/docs/stacks/vanilla-extract-patterns.md

@@ -3,7 +3,7 @@
 > Type-safe CSS with vanilla-extract, sprinkles, and recipes.
 
 **Type:** Stack Skill (requires `vanilla-extract` stack)
-**Source:** [`stacks/vanilla-extract/skills/vanilla-extract-patterns/SKILL.md`](../stacks/vanilla-extract/skills/vanilla-extract-patterns/SKILL.md)
+**Source:** [`stacks/vanilla-extract/skills/ct-vanilla-extract-patterns/SKILL.md`](../stacks/vanilla-extract/skills/ct-vanilla-extract-patterns/SKILL.md)
 **Directory Mappings:** `src/styles/`, `src/theme/`
 **File Extensions:** `.css.ts`
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "claude-toolkit",
-	"version": "0.1.9",
+	"version": "0.1.12",
 	"description": "Reusable Claude Code configuration toolkit with stack-specific connectors",
 	"type": "module",
 	"bin": {
@@ -49,10 +49,10 @@
 		"@types/bun": "latest",
 		"husky": "^9.1.7",
 		"lint-staged": "^16.4.0",
-		"typescript": "^5.8.0"
+		"typescript": "^6.0.2"
 	},
 	"engines": {
-		"bun": ">=1.0.0"
+		"bun": ">=1.3.0"
 	},
 	"module": "src/index.ts"
 }

package/stacks/cloudflare/skills/{cloudflare-d1-kv → ct-cloudflare-d1-kv}/SKILL.md

@@ -74,6 +74,28 @@ Colon-separated hierarchical: `user:{id}`, `user:{id}:profile`, `cache:feed:{uid
 | Config | 5min | Needs fast propagation |
 | Public listings | 15min | Freshness vs load balance |
 
+## Hyperdrive (External Database Acceleration)
+
+Hyperdrive accelerates connections to external PostgreSQL/MySQL databases from Workers by maintaining regional connection pools. Use it when D1 is insufficient and you need a full relational database.
+
+```toml
+# wrangler.toml
+[[hyperdrive]]
+binding = "HYPERDRIVE"
+id = "<hyperdrive-config-id>"
+```
+
+```typescript
+const sql = env.HYPERDRIVE.connectionString;
+// Pass to your Postgres/MySQL client (e.g., node-postgres, drizzle)
+```
+
+Key points:
+- Eliminates per-request TCP/TLS handshake overhead.
+- Caches common read queries automatically.
+- Always use Hyperdrive for external database connections from Workers.
+- Connection pool size is configurable per Hyperdrive config.
+
 ## Anti-Patterns
 
 1. **Unbounded queries** -- Always LIMIT. D1 has 5MB response cap.