claudekit-cli 1.3.0 → 1.4.1

package/.github/workflows/claude-code-review.yml

@@ -0,0 +1,57 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request and provide feedback on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Performance considerations
+            - Security concerns
+            - Test coverage
+
+            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
+
+            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+

package/.github/workflows/claude.yml

@@ -0,0 +1,50 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
+

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [1.4.1](https://github.com/mrgoonie/claudekit-cli/compare/v1.4.0...v1.4.1) (2025-10-21)
+
+
+### Bug Fixes
+
+* handle protected files during merge ([fe90767](https://github.com/mrgoonie/claudekit-cli/commit/fe907670932fc5b39521586ef798f73cd1130180))
+
+# [1.4.0](https://github.com/mrgoonie/claudekit-cli/compare/v1.3.0...v1.4.0) (2025-10-21)
+
+
+### Features
+
+* add --exclude flag to new and update commands ([8a0d7a0](https://github.com/mrgoonie/claudekit-cli/commit/8a0d7a00de70823d4fecac26d4c7e82c4df2ab0f))
+
 # [1.3.0](https://github.com/mrgoonie/claudekit-cli/compare/v1.2.2...v1.3.0) (2025-10-21)
 
 

package/README.md

@@ -79,6 +79,12 @@ ck new --dir my-project --kit engineer
 
 # Specific version
 ck new --kit engineer --version v1.0.0
+
+# With exclude patterns
+ck new --kit engineer --exclude "*.log" --exclude "temp/**"
+
+# Multiple patterns
+ck new --exclude "*.log" --exclude "*.tmp" --exclude "cache/**"
 ```
 
 ### Update Existing Project
@@ -94,6 +100,9 @@ ck update --kit engineer
 
 # Specific version
 ck update --kit engineer --version v1.0.0
+
+# With exclude patterns
+ck update --exclude "local-config/**" --exclude "*.local"
 ```
 
 ### List Available Versions
@@ -204,6 +213,95 @@ The following file patterns are protected and will not be overwritten during upd
 - `node_modules/**`, `.git/**`
 - `dist/**`, `build/**`
 
+## Excluding Files
+
+Use the `--exclude` flag to skip specific files or directories during download and extraction. This is useful for:
+
+- Excluding temporary or cache directories
+- Skipping log files or debug output
+- Omitting files you want to manage manually
+- Avoiding unnecessary large files
+
+### Basic Usage
+
+```bash
+# Exclude log files
+ck new --exclude "*.log"
+
+# Exclude multiple patterns
+ck new --exclude "*.log" --exclude "temp/**" --exclude "cache/**"
+
+# Common exclude patterns for updates
+ck update --exclude "node_modules/**" --exclude "dist/**" --exclude ".env.*"
+```
+
+### Supported Glob Patterns
+
+The `--exclude` flag accepts standard glob patterns:
+
+- `*` - Match any characters except `/` (e.g., `*.log` matches all log files)
+- `**` - Match any characters including `/` (e.g., `temp/**` matches all files in temp directory)
+- `?` - Match single character (e.g., `file?.txt` matches `file1.txt`, `file2.txt`)
+- `[abc]` - Match characters in brackets (e.g., `[Tt]emp` matches `Temp` or `temp`)
+- `{a,b}` - Match alternatives (e.g., `*.{log,tmp}` matches `*.log` and `*.tmp`)
+
+### Common Exclude Patterns
+
+```bash
+# Exclude all log files
+--exclude "*.log" --exclude "**/*.log"
+
+# Exclude temporary directories
+--exclude "tmp/**" --exclude "temp/**" --exclude ".tmp/**"
+
+# Exclude cache directories
+--exclude "cache/**" --exclude ".cache/**" --exclude "**/.cache/**"
+
+# Exclude build artifacts
+--exclude "dist/**" --exclude "build/**" --exclude "out/**"
+
+# Exclude local configuration
+--exclude "*.local" --exclude "local/**" --exclude ".env.local"
+
+# Exclude IDE/editor files
+--exclude ".vscode/**" --exclude ".idea/**" --exclude "*.swp"
+```
+
+### Important Notes
+
+**Additive Behavior:**
+- User exclude patterns are ADDED to the default protected patterns
+- They do not replace the built-in protections
+- All patterns work together to determine which files to skip
+
+**Security Restrictions:**
+- Absolute paths (starting with `/`) are not allowed
+- Path traversal patterns (containing `..`) are not allowed
+- Patterns must be between 1-500 characters
+- These restrictions prevent accidental or malicious file system access
+
+**Pattern Matching:**
+- Patterns are case-sensitive on Linux/macOS
+- Patterns are case-insensitive on Windows
+- Patterns are applied during both extraction and merge phases
+- Excluded files are never written to disk, saving time and space
+
+**Examples of Invalid Patterns:**
+
+```bash
+# ❌ Absolute paths not allowed
+ck new --exclude "/etc/passwd"
+
+# ❌ Path traversal not allowed
+ck new --exclude "../../secret"
+
+# ❌ Empty patterns not allowed
+ck new --exclude ""
+
+# ✅ Correct way to exclude root-level files
+ck new --exclude "secret.txt" --exclude "config.local.json"
+```
+
 ### Custom .claude Files
 
 When updating a project, the CLI automatically preserves your custom `.claude/` files that don't exist in the new release package. This allows you to maintain:

package/dist/index.js

@@ -6400,6 +6400,66 @@ class CAC extends EventEmitter {
   }
 }
 var cac = (name = "") => new CAC(name);
+// package.json
+var package_default = {
+  name: "claudekit-cli",
+  version: "1.4.0",
+  description: "CLI tool for bootstrapping and updating ClaudeKit projects",
+  type: "module",
+  bin: {
+    ck: "./dist/index.js"
+  },
+  scripts: {
+    dev: "bun run src/index.ts >> logs.txt 2>&1",
+    build: "bun build src/index.ts --outdir dist --target node --external keytar --external @octokit/rest >> logs.txt 2>&1",
+    compile: "bun build src/index.ts --compile --outfile ck >> logs.txt 2>&1",
+    test: "bun test >> logs.txt 2>&1",
+    "test:watch": "bun test --watch >> logs.txt 2>&1",
+    lint: "biome check . >> logs.txt 2>&1",
+    format: "biome format --write . >> logs.txt 2>&1",
+    typecheck: "tsc --noEmit >> logs.txt 2>&1"
+  },
+  keywords: [
+    "cli",
+    "claudekit",
+    "boilerplate",
+    "bootstrap",
+    "template"
+  ],
+  author: "ClaudeKit",
+  license: "MIT",
+  engines: {
+    bun: ">=1.0.0"
+  },
+  dependencies: {
+    "@clack/prompts": "^0.7.0",
+    "@octokit/rest": "^22.0.0",
+    cac: "^6.7.14",
+    "cli-progress": "^3.12.0",
+    "extract-zip": "^2.0.1",
+    "fs-extra": "^11.2.0",
+    ignore: "^5.3.2",
+    keytar: "^7.9.0",
+    ora: "^9.0.0",
+    picocolors: "^1.1.1",
+    tar: "^7.4.3",
+    tmp: "^0.2.3",
+    zod: "^3.23.8"
+  },
+  devDependencies: {
+    "@biomejs/biome": "^1.9.4",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/git": "^10.0.1",
+    "@types/bun": "latest",
+    "@types/cli-progress": "^3.11.6",
+    "@types/fs-extra": "^11.0.4",
+    "@types/node": "^22.10.1",
+    "@types/tar": "^6.1.13",
+    "@types/tmp": "^0.2.6",
+    "semantic-release": "^24.2.0",
+    typescript: "^5.7.2"
+  }
+};
 
 // src/commands/new.ts
 var import_fs_extra2 = __toESM(require_lib(), 1);
@@ -10922,16 +10982,19 @@ var coerce = {
 var NEVER = INVALID;
 // src/types.ts
 var KitType = exports_external.enum(["engineer", "marketing"]);
+var ExcludePatternSchema = exports_external.string().trim().min(1, "Exclude pattern cannot be empty").max(500, "Exclude pattern too long").refine((val) => !val.startsWith("/"), "Absolute paths not allowed in exclude patterns").refine((val) => !val.includes(".."), "Path traversal not allowed in exclude patterns");
 var NewCommandOptionsSchema = exports_external.object({
   dir: exports_external.string().default("."),
   kit: KitType.optional(),
   version: exports_external.string().optional(),
-  force: exports_external.boolean().default(false)
+  force: exports_external.boolean().default(false),
+  exclude: exports_external.array(ExcludePatternSchema).optional().default([])
 });
 var UpdateCommandOptionsSchema = exports_external.object({
   dir: exports_external.string().default("."),
   kit: KitType.optional(),
-  version: exports_external.string().optional()
+  version: exports_external.string().optional(),
+  exclude: exports_external.array(ExcludePatternSchema).optional().default([])
 });
 var VersionCommandOptionsSchema = exports_external.object({
   kit: KitType.optional(),
@@ -10993,6 +11056,10 @@ var PROTECTED_PATTERNS = [
   "*.key",
   "*.pem",
   "*.p12",
+  ".gitignore",
+  ".repomixignore",
+  ".mcp.json",
+  "CLAUDE.md",
   "node_modules/**",
   ".git/**",
   "dist/**",
@@ -21213,9 +21280,37 @@ class DownloadManager {
     "*.log"
   ];
   totalExtractedSize = 0;
+  ig;
+  userExcludePatterns = [];
+  constructor() {
+    this.ig = import_ignore.default().add(DownloadManager.EXCLUDE_PATTERNS);
+  }
+  setExcludePatterns(patterns) {
+    this.userExcludePatterns = patterns;
+    this.ig = import_ignore.default().add([...DownloadManager.EXCLUDE_PATTERNS, ...this.userExcludePatterns]);
+    if (patterns.length > 0) {
+      logger.info(`Added ${patterns.length} custom exclude pattern(s)`);
+      patterns.forEach((p) => logger.debug(`  - ${p}`));
+    }
+  }
   shouldExclude(filePath) {
-    const ig = import_ignore.default().add(DownloadManager.EXCLUDE_PATTERNS);
-    return ig.ignores(filePath);
+    return this.ig.ignores(filePath);
+  }
+  decodeFilePath(path8) {
+    if (!path8.includes("%")) {
+      return path8;
+    }
+    try {
+      if (/%[0-9A-F]{2}/i.test(path8)) {
+        const decoded = decodeURIComponent(path8);
+        logger.debug(`Decoded path: ${path8} -> ${decoded}`);
+        return decoded;
+      }
+      return path8;
+    } catch (error2) {
+      logger.warning(`Failed to decode path "${path8}": ${error2 instanceof Error ? error2.message : "Unknown error"}`);
+      return path8;
+    }
   }
   isPathSafe(basePath, targetPath) {
     const resolvedBase = resolve(basePath);
@@ -21368,22 +21463,23 @@ class DownloadManager {
         cwd: tempExtractDir,
         strip: 0,
         filter: (path8) => {
-          const shouldInclude = !this.shouldExclude(path8);
+          const decodedPath = this.decodeFilePath(path8);
+          const shouldInclude = !this.shouldExclude(decodedPath);
           if (!shouldInclude) {
-            logger.debug(`Excluding: ${path8}`);
+            logger.debug(`Excluding: ${decodedPath}`);
           }
           return shouldInclude;
         }
       });
       logger.debug(`Extracted TAR.GZ to temp: ${tempExtractDir}`);
-      const entries = await readdir(tempExtractDir);
+      const entries = await readdir(tempExtractDir, { encoding: "utf8" });
       logger.debug(`Root entries: ${entries.join(", ")}`);
       if (entries.length === 1) {
         const rootEntry = entries[0];
         const rootPath = pathJoin(tempExtractDir, rootEntry);
         const rootStat = await stat(rootPath);
         if (rootStat.isDirectory()) {
-          const rootContents = await readdir(rootPath);
+          const rootContents = await readdir(rootPath, { encoding: "utf8" });
           logger.debug(`Root directory '${rootEntry}' contains: ${rootContents.join(", ")}`);
           const isWrapper = this.isWrapperDirectory(rootEntry);
           logger.debug(`Is wrapper directory: ${isWrapper}`);
@@ -21424,14 +21520,14 @@ class DownloadManager {
     try {
       await import_extract_zip.default(archivePath, { dir: tempExtractDir });
       logger.debug(`Extracted ZIP to temp: ${tempExtractDir}`);
-      const entries = await readdir(tempExtractDir);
+      const entries = await readdir(tempExtractDir, { encoding: "utf8" });
       logger.debug(`Root entries: ${entries.join(", ")}`);
       if (entries.length === 1) {
         const rootEntry = entries[0];
         const rootPath = pathJoin(tempExtractDir, rootEntry);
         const rootStat = await stat(rootPath);
         if (rootStat.isDirectory()) {
-          const rootContents = await readdir(rootPath);
+          const rootContents = await readdir(rootPath, { encoding: "utf8" });
           logger.debug(`Root directory '${rootEntry}' contains: ${rootContents.join(", ")}`);
           const isWrapper = this.isWrapperDirectory(rootEntry);
           logger.debug(`Is wrapper directory: ${isWrapper}`);
@@ -21463,7 +21559,7 @@ class DownloadManager {
     const { readdir, stat, mkdir: mkdirPromise, copyFile } = await import("node:fs/promises");
     const { join: pathJoin, relative: relative2 } = await import("node:path");
     await mkdirPromise(destDir, { recursive: true });
-    const entries = await readdir(sourceDir);
+    const entries = await readdir(sourceDir, { encoding: "utf8" });
     for (const entry of entries) {
       const sourcePath = pathJoin(sourceDir, entry);
       const destPath = pathJoin(destDir, entry);
@@ -21489,7 +21585,7 @@ class DownloadManager {
     const { readdir, stat, mkdir: mkdirPromise, copyFile } = await import("node:fs/promises");
     const { join: pathJoin, relative: relative2 } = await import("node:path");
     await mkdirPromise(destDir, { recursive: true });
-    const entries = await readdir(sourceDir);
+    const entries = await readdir(sourceDir, { encoding: "utf8" });
     for (const entry of entries) {
       const sourcePath = pathJoin(sourceDir, entry);
       const destPath = pathJoin(destDir, entry);
@@ -21525,7 +21621,7 @@ class DownloadManager {
     const { join: pathJoin } = await import("node:path");
     const { constants: constants2 } = await import("node:fs");
     try {
-      const entries = await readdir(extractDir);
+      const entries = await readdir(extractDir, { encoding: "utf8" });
       logger.debug(`Extracted files: ${entries.join(", ")}`);
       if (entries.length === 0) {
         throw new ExtractionError("Extraction resulted in no files");
@@ -21736,11 +21832,12 @@ class FileMerger {
     const files = await this.getFiles(sourceDir);
     for (const file of files) {
       const relativePath = relative2(sourceDir, file);
-      if (this.ig.ignores(relativePath)) {
-        continue;
-      }
       const destPath = join4(destDir, relativePath);
       if (await import_fs_extra.pathExists(destPath)) {
+        if (this.ig.ignores(relativePath)) {
+          logger.debug(`Protected file exists but won't be overwritten: ${relativePath}`);
+          continue;
+        }
         conflicts.push(relativePath);
       }
     }
@@ -21752,12 +21849,12 @@ class FileMerger {
     let skippedCount = 0;
     for (const file of files) {
       const relativePath = relative2(sourceDir, file);
-      if (this.ig.ignores(relativePath)) {
-        logger.debug(`Skipping protected file: ${relativePath}`);
+      const destPath = join4(destDir, relativePath);
+      if (this.ig.ignores(relativePath) && await import_fs_extra.pathExists(destPath)) {
+        logger.debug(`Skipping protected file (exists in destination): ${relativePath}`);
         skippedCount++;
         continue;
       }
-      const destPath = join4(destDir, relativePath);
       await import_fs_extra.copy(file, destPath, { overwrite: true });
       copiedCount++;
     }
@@ -21765,7 +21862,7 @@ class FileMerger {
   }
   async getFiles(dir) {
     const files = [];
-    const entries = await import_fs_extra.readdir(dir);
+    const entries = await import_fs_extra.readdir(dir, { encoding: "utf8" });
     for (const entry of entries) {
       const fullPath = join4(dir, entry);
       const stats = await import_fs_extra.stat(fullPath);
@@ -21950,6 +22047,9 @@ async function newCommand(options) {
     logger.info(`Download source: ${downloadInfo.type}`);
     logger.debug(`Download URL: ${downloadInfo.url}`);
     const downloadManager = new DownloadManager;
+    if (validOptions.exclude && validOptions.exclude.length > 0) {
+      downloadManager.setExcludePatterns(validOptions.exclude);
+    }
     const tempDir = await downloadManager.createTempDir();
     const { token } = await AuthManager.getToken();
     let archivePath;
@@ -21985,6 +22085,9 @@ async function newCommand(options) {
     await downloadManager.extractArchive(archivePath, extractDir);
     await downloadManager.validateExtraction(extractDir);
     const merger = new FileMerger;
+    if (validOptions.exclude && validOptions.exclude.length > 0) {
+      merger.addIgnorePatterns(validOptions.exclude);
+    }
     await merger.merge(extractDir, resolvedDir, true);
     prompts.outro(`✨ Project created successfully at ${resolvedDir}`);
     prompts.note(`cd ${targetDir !== "." ? targetDir : "into the directory"}
@@ -22011,7 +22114,7 @@ class FileScanner {
       return files;
     }
     try {
-      const entries = await import_fs_extra3.readdir(dirPath);
+      const entries = await import_fs_extra3.readdir(dirPath, { encoding: "utf8" });
       for (const entry of entries) {
         const fullPath = join5(dirPath, entry);
         if (!FileScanner.isSafePath(basePath, fullPath)) {
@@ -22107,6 +22210,9 @@ async function updateCommand(options) {
     logger.info(`Download source: ${downloadInfo.type}`);
     logger.debug(`Download URL: ${downloadInfo.url}`);
     const downloadManager = new DownloadManager;
+    if (validOptions.exclude && validOptions.exclude.length > 0) {
+      downloadManager.setExcludePatterns(validOptions.exclude);
+    }
     const tempDir = await downloadManager.createTempDir();
     const { token } = await AuthManager.getToken();
     let archivePath;
@@ -22148,6 +22254,9 @@ async function updateCommand(options) {
       merger.addIgnorePatterns(customClaudeFiles);
       logger.success(`Protected ${customClaudeFiles.length} custom .claude file(s)`);
     }
+    if (validOptions.exclude && validOptions.exclude.length > 0) {
+      merger.addIgnorePatterns(validOptions.exclude);
+    }
     await merger.merge(extractDir, resolvedDir, false);
     prompts.outro(`✨ Project updated successfully at ${resolvedDir}`);
     const protectedNote = customClaudeFiles.length > 0 ? `Your project has been updated with the latest version.
@@ -22354,10 +22463,6 @@ class Logger2 {
   }
 }
 var logger2 = new Logger2;
-// src/version.json
-var version_default = {
-  version: "1.2.1"
-};
 
 // src/index.ts
 if (process.stdout.setEncoding) {
@@ -22366,14 +22471,20 @@ if (process.stdout.setEncoding) {
 if (process.stderr.setEncoding) {
   process.stderr.setEncoding("utf8");
 }
-var packageVersion = version_default.version;
+var packageVersion = package_default.version;
 var cli = cac("ck");
 cli.option("--verbose, -v", "Enable verbose logging for debugging");
 cli.option("--log-file <path>", "Write logs to file");
-cli.command("new", "Bootstrap a new ClaudeKit project").option("--dir <dir>", "Target directory (default: .)").option("--kit <kit>", "Kit to use (engineer, marketing)").option("--version <version>", "Specific version to download (default: latest)").option("--force", "Overwrite existing files without confirmation").action(async (options) => {
+cli.command("new", "Bootstrap a new ClaudeKit project").option("--dir <dir>", "Target directory (default: .)").option("--kit <kit>", "Kit to use (engineer, marketing)").option("--version <version>", "Specific version to download (default: latest)").option("--force", "Overwrite existing files without confirmation").option("--exclude <pattern>", "Exclude files matching glob pattern (can be used multiple times)").action(async (options) => {
+  if (options.exclude && !Array.isArray(options.exclude)) {
+    options.exclude = [options.exclude];
+  }
   await newCommand(options);
 });
-cli.command("update", "Update existing ClaudeKit project").option("--dir <dir>", "Target directory (default: .)").option("--kit <kit>", "Kit to use (engineer, marketing)").option("--version <version>", "Specific version to download (default: latest)").action(async (options) => {
+cli.command("update", "Update existing ClaudeKit project").option("--dir <dir>", "Target directory (default: .)").option("--kit <kit>", "Kit to use (engineer, marketing)").option("--version <version>", "Specific version to download (default: latest)").option("--exclude <pattern>", "Exclude files matching glob pattern (can be used multiple times)").action(async (options) => {
+  if (options.exclude && !Array.isArray(options.exclude)) {
+    options.exclude = [options.exclude];
+  }
   await updateCommand(options);
 });
 cli.command("versions", "List available versions of ClaudeKit repositories").option("--kit <kit>", "Filter by specific kit (engineer, marketing)").option("--limit <limit>", "Number of releases to show (default: 30)").option("--all", "Show all releases including prereleases").action(async (options) => {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "claudekit-cli",
-	"version": "1.3.0",
+	"version": "1.4.1",
 	"description": "CLI tool for bootstrapping and updating ClaudeKit projects",
 	"type": "module",
 	"bin": {

package/src/commands/new.ts

@@ -110,6 +110,12 @@ export async function newCommand(options: NewCommandOptions): Promise<void> {
 
 		// Download asset
 		const downloadManager = new DownloadManager();
+
+		// Apply user exclude patterns if provided
+		if (validOptions.exclude && validOptions.exclude.length > 0) {
+			downloadManager.setExcludePatterns(validOptions.exclude);
+		}
+
 		const tempDir = await downloadManager.createTempDir();
 
 		// Get authentication token for API requests
@@ -157,6 +163,12 @@ export async function newCommand(options: NewCommandOptions): Promise<void> {
 
 		// Copy files to target directory
 		const merger = new FileMerger();
+
+		// Apply user exclude patterns if provided
+		if (validOptions.exclude && validOptions.exclude.length > 0) {
+			merger.addIgnorePatterns(validOptions.exclude);
+		}
+
 		await merger.merge(extractDir, resolvedDir, true); // Skip confirmation for new projects
 
 		prompts.outro(`✨ Project created successfully at ${resolvedDir}`);

package/src/commands/update.ts

@@ -83,6 +83,12 @@ export async function updateCommand(options: UpdateCommandOptions): Promise<void
 
 		// Download asset
 		const downloadManager = new DownloadManager();
+
+		// Apply user exclude patterns if provided
+		if (validOptions.exclude && validOptions.exclude.length > 0) {
+			downloadManager.setExcludePatterns(validOptions.exclude);
+		}
+
 		const tempDir = await downloadManager.createTempDir();
 
 		// Get authentication token for API requests
@@ -141,6 +147,11 @@ export async function updateCommand(options: UpdateCommandOptions): Promise<void
 			logger.success(`Protected ${customClaudeFiles.length} custom .claude file(s)`);
 		}
 
+		// Apply user exclude patterns if provided
+		if (validOptions.exclude && validOptions.exclude.length > 0) {
+			merger.addIgnorePatterns(validOptions.exclude);
+		}
+
 		await merger.merge(extractDir, resolvedDir, false); // Show confirmation for updates
 
 		prompts.outro(`✨ Project updated successfully at ${resolvedDir}`);

package/src/index.ts

@@ -1,11 +1,11 @@
 #!/usr/bin/env bun
 
 import { cac } from "cac";
+import packageInfo from "../package.json" assert { type: "json" };
 import { newCommand } from "./commands/new.js";
 import { updateCommand } from "./commands/update.js";
 import { versionCommand } from "./commands/version.js";
 import { logger } from "./utils/logger.js";
-import versionInfo from "./version.json" assert { type: "json" };
 
 // Set proper output encoding to prevent unicode rendering issues
 if (process.stdout.setEncoding) {
@@ -15,7 +15,7 @@ if (process.stderr.setEncoding) {
 	process.stderr.setEncoding("utf8");
 }
 
-const packageVersion = versionInfo.version;
+const packageVersion = packageInfo.version;
 
 const cli = cac("ck");
 
@@ -30,7 +30,12 @@ cli
 	.option("--kit <kit>", "Kit to use (engineer, marketing)")
 	.option("--version <version>", "Specific version to download (default: latest)")
 	.option("--force", "Overwrite existing files without confirmation")
+	.option("--exclude <pattern>", "Exclude files matching glob pattern (can be used multiple times)")
 	.action(async (options) => {
+		// Normalize exclude to always be an array (CAC may pass string for single value)
+		if (options.exclude && !Array.isArray(options.exclude)) {
+			options.exclude = [options.exclude];
+		}
 		await newCommand(options);
 	});
 
@@ -40,7 +45,12 @@ cli
 	.option("--dir <dir>", "Target directory (default: .)")
 	.option("--kit <kit>", "Kit to use (engineer, marketing)")
 	.option("--version <version>", "Specific version to download (default: latest)")
+	.option("--exclude <pattern>", "Exclude files matching glob pattern (can be used multiple times)")
 	.action(async (options) => {
+		// Normalize exclude to always be an array (CAC may pass string for single value)
+		if (options.exclude && !Array.isArray(options.exclude)) {
+			options.exclude = [options.exclude];
+		}
 		await updateCommand(options);
 	});
 

package/src/lib/download.ts

@@ -41,12 +41,78 @@ export class DownloadManager {
 	 */
 	private totalExtractedSize = 0;
 
+	/**
+	 * Instance-level ignore object with combined default and user patterns
+	 */
+	private ig: ReturnType<typeof ignore>;
+
+	/**
+	 * Store user-defined exclude patterns
+	 */
+	private userExcludePatterns: string[] = [];
+
+	/**
+	 * Initialize DownloadManager with default exclude patterns
+	 */
+	constructor() {
+		// Initialize ignore with default patterns
+		this.ig = ignore().add(DownloadManager.EXCLUDE_PATTERNS);
+	}
+
+	/**
+	 * Set additional user-defined exclude patterns
+	 * These are added to (not replace) the default EXCLUDE_PATTERNS
+	 */
+	setExcludePatterns(patterns: string[]): void {
+		this.userExcludePatterns = patterns;
+		// Reinitialize ignore with both default and user patterns
+		this.ig = ignore().add([...DownloadManager.EXCLUDE_PATTERNS, ...this.userExcludePatterns]);
+
+		if (patterns.length > 0) {
+			logger.info(`Added ${patterns.length} custom exclude pattern(s)`);
+			patterns.forEach((p) => logger.debug(`  - ${p}`));
+		}
+	}
+
 	/**
 	 * Check if file path should be excluded
+	 * Uses instance-level ignore with both default and user patterns
 	 */
 	private shouldExclude(filePath: string): boolean {
-		const ig = ignore().add(DownloadManager.EXCLUDE_PATTERNS);
-		return ig.ignores(filePath);
+		return this.ig.ignores(filePath);
+	}
+
+	/**
+	 * Decode percent-encoded file paths to handle Mojibake issues
+	 *
+	 * GitHub tarballs may contain percent-encoded paths (e.g., %20 for space, %C3%A9 for é)
+	 * that need to be decoded to prevent character encoding corruption.
+	 *
+	 * @param path - File path that may contain URL-encoded characters
+	 * @returns Decoded path, or original path if decoding fails
+	 * @private
+	 */
+	private decodeFilePath(path: string): string {
+		// Early exit for non-encoded paths (performance optimization)
+		if (!path.includes("%")) {
+			return path;
+		}
+
+		try {
+			// Only decode if path contains valid percent-encoding pattern (%XX)
+			if (/%[0-9A-F]{2}/i.test(path)) {
+				const decoded = decodeURIComponent(path);
+				logger.debug(`Decoded path: ${path} -> ${decoded}`);
+				return decoded;
+			}
+			return path;
+		} catch (error) {
+			// If decoding fails (malformed encoding), return original path
+			logger.warning(
+				`Failed to decode path "${path}": ${error instanceof Error ? error.message : "Unknown error"}`,
+			);
+			return path;
+		}
 	}
 
 	/**
@@ -301,10 +367,12 @@ export class DownloadManager {
 				cwd: tempExtractDir,
 				strip: 0, // Don't strip yet - we'll decide based on wrapper detection
 				filter: (path: string) => {
+					// Decode percent-encoded paths from GitHub tarballs
+					const decodedPath = this.decodeFilePath(path);
 					// Exclude unwanted files
-					const shouldInclude = !this.shouldExclude(path);
+					const shouldInclude = !this.shouldExclude(decodedPath);
 					if (!shouldInclude) {
-						logger.debug(`Excluding: ${path}`);
+						logger.debug(`Excluding: ${decodedPath}`);
 					}
 					return shouldInclude;
 				},
@@ -313,7 +381,7 @@ export class DownloadManager {
 			logger.debug(`Extracted TAR.GZ to temp: ${tempExtractDir}`);
 
 			// Apply same wrapper detection logic as zip
-			const entries = await readdir(tempExtractDir);
+			const entries = await readdir(tempExtractDir, { encoding: "utf8" });
 			logger.debug(`Root entries: ${entries.join(", ")}`);
 
 			if (entries.length === 1) {
@@ -323,7 +391,7 @@ export class DownloadManager {
 
 				if (rootStat.isDirectory()) {
 					// Check contents of root directory
-					const rootContents = await readdir(rootPath);
+					const rootContents = await readdir(rootPath, { encoding: "utf8" });
 					logger.debug(`Root directory '${rootEntry}' contains: ${rootContents.join(", ")}`);
 
 					// Only strip if root is a version/release wrapper
@@ -397,7 +465,7 @@ export class DownloadManager {
 			logger.debug(`Extracted ZIP to temp: ${tempExtractDir}`);
 
 			// Find the root directory in the zip (if any)
-			const entries = await readdir(tempExtractDir);
+			const entries = await readdir(tempExtractDir, { encoding: "utf8" });
 			logger.debug(`Root entries: ${entries.join(", ")}`);
 
 			// If there's a single root directory, check if it's a wrapper
@@ -408,7 +476,7 @@ export class DownloadManager {
 
 				if (rootStat.isDirectory()) {
 					// Check contents of root directory
-					const rootContents = await readdir(rootPath);
+					const rootContents = await readdir(rootPath, { encoding: "utf8" });
 					logger.debug(`Root directory '${rootEntry}' contains: ${rootContents.join(", ")}`);
 
 					// Only strip if root is a version/release wrapper
@@ -459,7 +527,7 @@ export class DownloadManager {
 
 		await mkdirPromise(destDir, { recursive: true });
 
-		const entries = await readdir(sourceDir);
+		const entries = await readdir(sourceDir, { encoding: "utf8" });
 
 		for (const entry of entries) {
 			const sourcePath = pathJoin(sourceDir, entry);
@@ -501,7 +569,7 @@ export class DownloadManager {
 
 		await mkdirPromise(destDir, { recursive: true });
 
-		const entries = await readdir(sourceDir);
+		const entries = await readdir(sourceDir, { encoding: "utf8" });
 
 		for (const entry of entries) {
 			const sourcePath = pathJoin(sourceDir, entry);
@@ -558,7 +626,7 @@ export class DownloadManager {
 
 		try {
 			// Check if extract directory exists and is not empty
-			const entries = await readdir(extractDir);
+			const entries = await readdir(extractDir, { encoding: "utf8" });
 			logger.debug(`Extracted files: ${entries.join(", ")}`);
 
 			if (entries.length === 0) {

package/src/lib/merge.ts

@@ -37,6 +37,7 @@ export class FileMerger {
 
 	/**
 	 * Detect files that will be overwritten
+	 * Protected files that exist in destination are not considered conflicts (they won't be overwritten)
 	 */
 	private async detectConflicts(sourceDir: string, destDir: string): Promise<string[]> {
 		const conflicts: string[] = [];
@@ -44,14 +45,15 @@ export class FileMerger {
 
 		for (const file of files) {
 			const relativePath = relative(sourceDir, file);
-
-			// Skip protected files
-			if (this.ig.ignores(relativePath)) {
-				continue;
-			}
-
 			const destPath = join(destDir, relativePath);
+
+			// Check if file exists in destination
 			if (await pathExists(destPath)) {
+				// Protected files won't be overwritten, so they're not conflicts
+				if (this.ig.ignores(relativePath)) {
+					logger.debug(`Protected file exists but won't be overwritten: ${relativePath}`);
+					continue;
+				}
 				conflicts.push(relativePath);
 			}
 		}
@@ -69,15 +71,16 @@ export class FileMerger {
 
 		for (const file of files) {
 			const relativePath = relative(sourceDir, file);
+			const destPath = join(destDir, relativePath);
 
-			// Skip protected files
-			if (this.ig.ignores(relativePath)) {
-				logger.debug(`Skipping protected file: ${relativePath}`);
+			// Skip protected files ONLY if they already exist in destination
+			// This allows new protected files to be added, but prevents overwriting existing ones
+			if (this.ig.ignores(relativePath) && (await pathExists(destPath))) {
+				logger.debug(`Skipping protected file (exists in destination): ${relativePath}`);
 				skippedCount++;
 				continue;
 			}
 
-			const destPath = join(destDir, relativePath);
 			await copy(file, destPath, { overwrite: true });
 			copiedCount++;
 		}
@@ -90,7 +93,7 @@ export class FileMerger {
 	 */
 	private async getFiles(dir: string): Promise<string[]> {
 		const files: string[] = [];
-		const entries = await readdir(dir);
+		const entries = await readdir(dir, { encoding: "utf8" });
 
 		for (const entry of entries) {
 			const fullPath = join(dir, entry);

package/src/types.ts

@@ -4,12 +4,22 @@ import { z } from "zod";
 export const KitType = z.enum(["engineer", "marketing"]);
 export type KitType = z.infer<typeof KitType>;
 
+// Exclude pattern validation schema
+export const ExcludePatternSchema = z
+	.string()
+	.trim()
+	.min(1, "Exclude pattern cannot be empty")
+	.max(500, "Exclude pattern too long")
+	.refine((val) => !val.startsWith("/"), "Absolute paths not allowed in exclude patterns")
+	.refine((val) => !val.includes(".."), "Path traversal not allowed in exclude patterns");
+
 // Command options schemas
 export const NewCommandOptionsSchema = z.object({
 	dir: z.string().default("."),
 	kit: KitType.optional(),
 	version: z.string().optional(),
 	force: z.boolean().default(false),
+	exclude: z.array(ExcludePatternSchema).optional().default([]),
 });
 export type NewCommandOptions = z.infer<typeof NewCommandOptionsSchema>;
 
@@ -17,6 +27,7 @@ export const UpdateCommandOptionsSchema = z.object({
 	dir: z.string().default("."),
 	kit: KitType.optional(),
 	version: z.string().optional(),
+	exclude: z.array(ExcludePatternSchema).optional().default([]),
 });
 export type UpdateCommandOptions = z.infer<typeof UpdateCommandOptionsSchema>;
 
@@ -94,12 +105,19 @@ export const AVAILABLE_KITS: Record<KitType, KitConfig> = {
 
 // Protected file patterns (files to skip during update)
 export const PROTECTED_PATTERNS = [
+	// Environment and secrets
 	".env",
 	".env.local",
 	".env.*.local",
 	"*.key",
 	"*.pem",
 	"*.p12",
+	// User configuration files (only skip if they exist)
+	".gitignore",
+	".repomixignore",
+	".mcp.json",
+	"CLAUDE.md",
+	// Dependencies and build artifacts
 	"node_modules/**",
 	".git/**",
 	"dist/**",

package/src/utils/file-scanner.ts

@@ -29,7 +29,7 @@ export class FileScanner {
 		}
 
 		try {
-			const entries = await readdir(dirPath);
+			const entries = await readdir(dirPath, { encoding: "utf8" });
 
 			for (const entry of entries) {
 				const fullPath = join(dirPath, entry);

package/tests/lib/merge.test.ts

@@ -62,26 +62,60 @@ describe("FileMerger", () => {
 			expect(existsSync(join(testDestDir, "readme.md"))).toBe(true);
 		});
 
-		test("should skip protected files like .env", async () => {
-			// Create test files including protected ones
+		test("should skip protected files like .env if they exist in destination", async () => {
+			// Create test files in source
+			await writeFile(join(testSourceDir, "normal.txt"), "normal");
+			await writeFile(join(testSourceDir, ".env"), "NEW_SECRET=new_value");
+
+			// Create existing .env in destination
+			await writeFile(join(testDestDir, ".env"), "OLD_SECRET=old_value");
+
+			await merger.merge(testSourceDir, testDestDir, true);
+
+			// Verify normal file was copied
+			expect(existsSync(join(testDestDir, "normal.txt"))).toBe(true);
+
+			// Verify .env was NOT overwritten (still has old value)
+			const envContent = await Bun.file(join(testDestDir, ".env")).text();
+			expect(envContent).toBe("OLD_SECRET=old_value");
+		});
+
+		test("should copy protected files like .env if they don't exist in destination", async () => {
+			// Create test files in source
 			await writeFile(join(testSourceDir, "normal.txt"), "normal");
 			await writeFile(join(testSourceDir, ".env"), "SECRET=value");
 
 			await merger.merge(testSourceDir, testDestDir, true);
 
-			// Verify normal file was copied but .env was not
+			// Verify both files were copied (no existing .env to protect)
 			expect(existsSync(join(testDestDir, "normal.txt"))).toBe(true);
-			expect(existsSync(join(testDestDir, ".env"))).toBe(false);
+			expect(existsSync(join(testDestDir, ".env"))).toBe(true);
 		});
 
-		test("should skip protected patterns like *.key", async () => {
+		test("should skip protected patterns like *.key if they exist in destination", async () => {
+			await writeFile(join(testSourceDir, "normal.txt"), "normal");
+			await writeFile(join(testSourceDir, "private.key"), "new key data");
+
+			// Create existing key file in destination
+			await writeFile(join(testDestDir, "private.key"), "old key data");
+
+			await merger.merge(testSourceDir, testDestDir, true);
+
+			expect(existsSync(join(testDestDir, "normal.txt"))).toBe(true);
+
+			// Verify key file was NOT overwritten
+			const keyContent = await Bun.file(join(testDestDir, "private.key")).text();
+			expect(keyContent).toBe("old key data");
+		});
+
+		test("should copy protected patterns like *.key if they don't exist in destination", async () => {
 			await writeFile(join(testSourceDir, "normal.txt"), "normal");
 			await writeFile(join(testSourceDir, "private.key"), "key data");
 
 			await merger.merge(testSourceDir, testDestDir, true);
 
 			expect(existsSync(join(testDestDir, "normal.txt"))).toBe(true);
-			expect(existsSync(join(testDestDir, "private.key"))).toBe(false);
+			expect(existsSync(join(testDestDir, "private.key"))).toBe(true);
 		});
 
 		test("should handle nested directories", async () => {
@@ -123,7 +157,25 @@ describe("FileMerger", () => {
 			expect(existsSync(join(testDestDir, specialFileName))).toBe(true);
 		});
 
-		test("should skip custom ignore patterns", async () => {
+		test("should skip custom ignore patterns if they exist in destination", async () => {
+			merger.addIgnorePatterns(["custom-*"]);
+
+			await writeFile(join(testSourceDir, "normal.txt"), "normal");
+			await writeFile(join(testSourceDir, "custom-ignore.txt"), "new content");
+
+			// Create existing file in destination
+			await writeFile(join(testDestDir, "custom-ignore.txt"), "old content");
+
+			await merger.merge(testSourceDir, testDestDir, true);
+
+			expect(existsSync(join(testDestDir, "normal.txt"))).toBe(true);
+
+			// Verify custom file was NOT overwritten
+			const customContent = await Bun.file(join(testDestDir, "custom-ignore.txt")).text();
+			expect(customContent).toBe("old content");
+		});
+
+		test("should copy custom ignore patterns if they don't exist in destination", async () => {
 			merger.addIgnorePatterns(["custom-*"]);
 
 			await writeFile(join(testSourceDir, "normal.txt"), "normal");
@@ -132,7 +184,7 @@ describe("FileMerger", () => {
 			await merger.merge(testSourceDir, testDestDir, true);
 
 			expect(existsSync(join(testDestDir, "normal.txt"))).toBe(true);
-			expect(existsSync(join(testDestDir, "custom-ignore.txt"))).toBe(false);
+			expect(existsSync(join(testDestDir, "custom-ignore.txt"))).toBe(true);
 		});
 	});
 

package/tests/types.test.ts

@@ -5,6 +5,7 @@ import {
 	ClaudeKitError,
 	ConfigSchema,
 	DownloadError,
+	ExcludePatternSchema,
 	ExtractionError,
 	GitHubError,
 	GitHubReleaseAssetSchema,
@@ -29,6 +30,44 @@ describe("Types and Schemas", () => {
 		});
 	});
 
+	describe("ExcludePatternSchema", () => {
+		test("should accept valid glob patterns", () => {
+			const validPatterns = ["*.log", "**/*.tmp", "temp/**", "logs/*.txt", "cache/**/*"];
+			validPatterns.forEach((pattern) => {
+				expect(() => ExcludePatternSchema.parse(pattern)).not.toThrow();
+			});
+		});
+
+		test("should reject absolute paths", () => {
+			expect(() => ExcludePatternSchema.parse("/etc/passwd")).toThrow("Absolute paths not allowed");
+			expect(() => ExcludePatternSchema.parse("/var/log/**")).toThrow("Absolute paths not allowed");
+		});
+
+		test("should reject path traversal", () => {
+			expect(() => ExcludePatternSchema.parse("../../etc/passwd")).toThrow(
+				"Path traversal not allowed",
+			);
+			expect(() => ExcludePatternSchema.parse("../../../secret")).toThrow(
+				"Path traversal not allowed",
+			);
+		});
+
+		test("should reject empty patterns", () => {
+			expect(() => ExcludePatternSchema.parse("")).toThrow("Exclude pattern cannot be empty");
+			expect(() => ExcludePatternSchema.parse("   ")).toThrow("Exclude pattern cannot be empty");
+		});
+
+		test("should reject overly long patterns", () => {
+			const longPattern = "a".repeat(501);
+			expect(() => ExcludePatternSchema.parse(longPattern)).toThrow("Exclude pattern too long");
+		});
+
+		test("should trim whitespace", () => {
+			const result = ExcludePatternSchema.parse("  *.log  ");
+			expect(result).toBe("*.log");
+		});
+	});
+
 	describe("NewCommandOptionsSchema", () => {
 		test("should validate correct options", () => {
 			const result = NewCommandOptionsSchema.parse({
@@ -46,6 +85,7 @@ describe("Types and Schemas", () => {
 			expect(result.dir).toBe(".");
 			expect(result.kit).toBeUndefined();
 			expect(result.version).toBeUndefined();
+			expect(result.exclude).toEqual([]);
 		});
 
 		test("should accept optional fields", () => {
@@ -53,6 +93,23 @@ describe("Types and Schemas", () => {
 			expect(result.dir).toBe("./custom");
 			expect(result.kit).toBeUndefined();
 		});
+
+		test("should validate exclude patterns", () => {
+			const result = NewCommandOptionsSchema.parse({
+				dir: "./test",
+				exclude: ["*.log", "temp/**"],
+			});
+			expect(result.exclude).toEqual(["*.log", "temp/**"]);
+		});
+
+		test("should reject invalid exclude patterns", () => {
+			expect(() =>
+				NewCommandOptionsSchema.parse({
+					dir: "./test",
+					exclude: ["/etc/passwd"],
+				}),
+			).toThrow();
+		});
 	});
 
 	describe("UpdateCommandOptionsSchema", () => {
@@ -70,6 +127,24 @@ describe("Types and Schemas", () => {
 		test("should use default values", () => {
 			const result = UpdateCommandOptionsSchema.parse({});
 			expect(result.dir).toBe(".");
+			expect(result.exclude).toEqual([]);
+		});
+
+		test("should validate exclude patterns", () => {
+			const result = UpdateCommandOptionsSchema.parse({
+				dir: "./test",
+				exclude: ["*.log", "**/*.tmp"],
+			});
+			expect(result.exclude).toEqual(["*.log", "**/*.tmp"]);
+		});
+
+		test("should reject invalid exclude patterns", () => {
+			expect(() =>
+				UpdateCommandOptionsSchema.parse({
+					dir: "./test",
+					exclude: ["../../../etc"],
+				}),
+			).toThrow();
 		});
 	});
 

package/test-integration/demo/.mcp.json

@@ -1,13 +0,0 @@
-{
-	"mcpServers": {
-		"human": {
-			"command": "npx",
-			"args": ["-y", "@goonnguyen/human-mcp@latest"],
-			"env": {
-				"GOOGLE_GEMINI_API_KEY": "",
-				"TRANSPORT_TYPE": "stdio",
-				"LOG_LEVEL": "info"
-			}
-		}
-	}
-}

package/test-integration/demo/.repomixignore

@@ -1,15 +0,0 @@
-docs/*
-plans/*
-assets/*
-dist/*
-coverage/*
-build/*
-ios/*
-android/*
-
-.claude/*
-.serena/*
-.pnpm-store/*
-.github/*
-.dart_tool/*
-.idea/*

package/test-integration/demo/CLAUDE.md

@@ -1,34 +0,0 @@
-# CLAUDE.md
-
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
-
-## Role & Responsibilities
-
-Your role is to analyze user requirements, delegate tasks to appropriate sub-agents, and ensure cohesive delivery of features that meet specifications and architectural standards.
-
-## Workflows
-
-- Primary workflow: `./.claude/workflows/primary-workflow.md`
-- Development rules: `./.claude/workflows/development-rules.md`
-- Orchestration protocols: `./.claude/workflows/orchestration-protocol.md`
-- Documentation management: `./.claude/workflows/documentation-management.md`
-
-**IMPORTANT:** You must follow strictly the development rules in `./.claude/workflows/development-rules.md` file.
-**IMPORTANT:** Before you plan or proceed any implementation, always read the `./README.md` file first to get context.
-**IMPORTANT:** Sacrifice grammar for the sake of concision when writing reports.
-**IMPORTANT:** In reports, list any unresolved questions at the end, if any.
-
-## Documentation Management
-
-We keep all important docs in `./docs` folder and keep updating them, structure like below:
-
-```
-./docs
-├── project-overview-pdr.md
-├── code-standards.md
-├── codebase-summary.md
-├── design-guidelines.md
-├── deployment-guide.md
-├── system-architecture.md
-└── project-roadmap.md
-```