claudeos-core 1.3.0 → 1.4.0

package/pass-prompts/templates/node-nextjs/pass3.md

@@ -17,6 +17,13 @@ If a standard defines a specific pattern (e.g., import path, file naming, API us
 the corresponding rule MUST use the same pattern. Before generating each rule file,
 verify it is consistent with the related standard file.
 
+CRITICAL — Code Example Accuracy:
+ALL code examples in rules and standards MUST use EXACT method names, class names,
+and signatures from pass2-merged.json analysis data.
+Do NOT paraphrase, rename, or infer API names.
+If a method signature is not captured in the analysis data,
+write "See corresponding standard for exact API" instead of guessing.
+
 CRITICAL — CLAUDE.md Reference Table Completeness:
 The reference table in CLAUDE.md MUST list ALL generated standard files, not just core.
 Include all frontend-ui, backend-api, security-db, infra, and verification standards.
@@ -55,19 +62,32 @@ Generation targets:
    - Key rules summary table
 
 3. .claude/rules/ (active domains only)
-   - Every rule file MUST include `paths: ["**/*"]` in YAML frontmatter — this ensures Claude Code always loads the rule regardless of which file is being edited
    - Write the full rule content directly in each file (self-contained, no external references)
    - Include 5-15 lines of key rules with concrete examples
    - Do NOT use @import — it is not a Claude Code feature and does not work
-   - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a mandatory rule file that instructs Claude Code to Read the standard documents before coding. Structure it as:
+   - Each rule file MUST end with a `## Reference` section linking to the corresponding standard file(s):
+     ```
+     ## Reference
+     > For detailed patterns and examples, Read: claudeos-core/standard/20.frontend-ui/01.component-patterns.md
+     ```
+   - `paths:` frontmatter per rule category:
+     - `00.core/*` rules: `paths: ["**/*"]` — always loaded (architecture, naming are universally needed)
+     - `10.backend/*` rules: `paths: ["**/*"]` — always loaded (backend rules needed for any source editing)
+     - `20.frontend/*` rules: `paths: ["**/*"]` — always loaded (frontend rules needed for any source editing)
+     - `30.security-db/*` rules: `paths: ["**/*"]` — always loaded (cross-cutting concerns)
+     - `40.infra/*` rules: `paths: ["**/*.json", "**/*.env*", "**/next.config.*", "**/Dockerfile*", "**/*.yml", "**/*.yaml"]` — loaded only for config/infra files
+     - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]` — loaded only when editing claudeos-core files
+   - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a directory of all standard files. This is NOT a "read all" instruction. Claude should Read ONLY the standards relevant to the current task. Structure it as:
      ```
      ---
      paths:
        - "**/*"
      ---
-     # Required Standard Documents
-     Before writing or modifying code, you MUST Read the relevant standard files below using the Read tool.
-     ## Core (always read)
+     # Standard Documents Directory
+     Below is the complete list of standard files. Read ONLY the ones relevant to your current task — do NOT read all files.
+     Each rule file in .claude/rules/ links to its corresponding standard in the ## Reference section. Follow those links first.
+     This directory is for discovering standards that have no corresponding rule file.
+     ## Core
      - claudeos-core/standard/00.core/01.project-overview.md
      - claudeos-core/standard/00.core/02.architecture.md
      - claudeos-core/standard/00.core/03.naming-conventions.md

package/pass-prompts/templates/python-django/pass1.md

@@ -89,7 +89,7 @@ Analysis items (per domain):
     - Security issues (SQL Injection, missing authorization, CSRF)
     - Performance issues (unnecessary queries, memory)
 
-Do not create files. Analysis only.
+Do not create or modify source files. Analysis only.
 Save results to claudeos-core/generated/pass1-{{PASS_NUM}}.json in the following format:
 
 {

package/pass-prompts/templates/python-django/pass3.md

@@ -16,6 +16,13 @@ If a standard defines a specific pattern (e.g., import path, file naming, API us
 the corresponding rule MUST use the same pattern. Before generating each rule file,
 verify it is consistent with the related standard file.
 
+CRITICAL — Code Example Accuracy:
+ALL code examples in rules and standards MUST use EXACT method names, class names,
+and signatures from pass2-merged.json analysis data.
+Do NOT paraphrase, rename, or infer API names.
+If a method signature is not captured in the analysis data,
+write "See corresponding standard for exact API" instead of guessing.
+
 CRITICAL — CLAUDE.md Reference Table Completeness:
 The reference table in CLAUDE.md MUST list ALL generated standard files, not just core.
 Include all backend-api, security-db, infra, and verification standards.
@@ -56,19 +63,31 @@ Generation targets:
    - Key rules summary table
 
 3. .claude/rules/ (active domains only)
-   - Every rule file MUST include `paths: ["**/*"]` in YAML frontmatter — this ensures Claude Code always loads the rule regardless of which file is being edited
    - Write the full rule content directly in each file (self-contained, no external references)
    - Include 5-15 lines of key rules with concrete examples
    - Do NOT use @import — it is not a Claude Code feature and does not work
-   - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a mandatory rule file that instructs Claude Code to Read the standard documents before coding. Structure it as:
+   - Each rule file MUST end with a `## Reference` section linking to the corresponding standard file(s):
+     ```
+     ## Reference
+     > For detailed patterns and examples, Read: claudeos-core/standard/10.backend-api/01.view-patterns.md
+     ```
+   - `paths:` frontmatter per rule category:
+     - `00.core/*` rules: `paths: ["**/*"]` — always loaded (architecture, naming are universally needed)
+     - `10.backend/*` rules: `paths: ["**/*"]` — always loaded (backend rules needed for any source editing)
+     - `30.security-db/*` rules: `paths: ["**/*"]` — always loaded (cross-cutting concerns)
+     - `40.infra/*` rules: `paths: ["**/*"]` — always loaded (Django settings are .py files, so infra paths cannot be scoped separately)
+     - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]` — loaded only when editing claudeos-core files
+   - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a directory of all standard files. This is NOT a "read all" instruction. Claude should Read ONLY the standards relevant to the current task. Structure it as:
      ```
      ---
      paths:
        - "**/*"
      ---
-     # Required Standard Documents
-     Before writing or modifying code, you MUST Read the relevant standard files below using the Read tool.
-     ## Core (always read)
+     # Standard Documents Directory
+     Below is the complete list of standard files. Read ONLY the ones relevant to your current task — do NOT read all files.
+     Each rule file in .claude/rules/ links to its corresponding standard in the ## Reference section. Follow those links first.
+     This directory is for discovering standards that have no corresponding rule file.
+     ## Core
      - claudeos-core/standard/00.core/01.project-overview.md
      - claudeos-core/standard/00.core/02.architecture.md
      - claudeos-core/standard/00.core/03.naming-conventions.md

package/pass-prompts/templates/python-fastapi/pass1.md

@@ -93,7 +93,7 @@ Analysis items (per domain):
     - Security issues (injection, missing authorization)
     - Performance issues (blocking I/O, N+1)
 
-Do not create files. Analysis only.
+Do not create or modify source files. Analysis only.
 Save results to claudeos-core/generated/pass1-{{PASS_NUM}}.json in the following format:
 
 {

package/pass-prompts/templates/python-fastapi/pass3.md

@@ -16,6 +16,13 @@ If a standard defines a specific pattern (e.g., import path, file naming, API us
 the corresponding rule MUST use the same pattern. Before generating each rule file,
 verify it is consistent with the related standard file.
 
+CRITICAL — Code Example Accuracy:
+ALL code examples in rules and standards MUST use EXACT method names, class names,
+and signatures from pass2-merged.json analysis data.
+Do NOT paraphrase, rename, or infer API names.
+If a method signature is not captured in the analysis data,
+write "See corresponding standard for exact API" instead of guessing.
+
 CRITICAL — CLAUDE.md Reference Table Completeness:
 The reference table in CLAUDE.md MUST list ALL generated standard files, not just core.
 Include all backend-api, security-db, infra, and verification standards.
@@ -56,19 +63,31 @@ Generation targets:
    - Key rules summary table
 
 3. .claude/rules/ (active domains only)
-   - Every rule file MUST include `paths: ["**/*"]` in YAML frontmatter — this ensures Claude Code always loads the rule regardless of which file is being edited
    - Write the full rule content directly in each file (self-contained, no external references)
    - Include 5-15 lines of key rules with concrete examples
    - Do NOT use @import — it is not a Claude Code feature and does not work
-   - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a mandatory rule file that instructs Claude Code to Read the standard documents before coding. Structure it as:
+   - Each rule file MUST end with a `## Reference` section linking to the corresponding standard file(s):
+     ```
+     ## Reference
+     > For detailed patterns and examples, Read: claudeos-core/standard/10.backend-api/01.router-endpoint-patterns.md
+     ```
+   - `paths:` frontmatter per rule category:
+     - `00.core/*` rules: `paths: ["**/*"]` — always loaded (architecture, naming are universally needed)
+     - `10.backend/*` rules: `paths: ["**/*"]` — always loaded (backend rules needed for any source editing)
+     - `30.security-db/*` rules: `paths: ["**/*"]` — always loaded (cross-cutting concerns)
+     - `40.infra/*` rules: `paths: ["**/*.toml", "**/*.env*", "**/config/**", "**/Dockerfile*", "**/*.yml", "**/*.yaml"]` — loaded only for config/infra files
+     - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]` — loaded only when editing claudeos-core files
+   - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a directory of all standard files. This is NOT a "read all" instruction. Claude should Read ONLY the standards relevant to the current task. Structure it as:
      ```
      ---
      paths:
        - "**/*"
      ---
-     # Required Standard Documents
-     Before writing or modifying code, you MUST Read the relevant standard files below using the Read tool.
-     ## Core (always read)
+     # Standard Documents Directory
+     Below is the complete list of standard files. Read ONLY the ones relevant to your current task — do NOT read all files.
+     Each rule file in .claude/rules/ links to its corresponding standard in the ## Reference section. Follow those links first.
+     This directory is for discovering standards that have no corresponding rule file.
+     ## Core
      - claudeos-core/standard/00.core/01.project-overview.md
      - claudeos-core/standard/00.core/02.architecture.md
      - claudeos-core/standard/00.core/03.naming-conventions.md

package/plan-installer/domain-grouper.js

@@ -47,28 +47,21 @@ function determineActiveDomains(stack) {
 function selectTemplates(stack) {
   const templates = { backend: null, frontend: null };
 
-  // Backend template
+  // Backend template (requires a backend framework; language-only fallback skipped for pure frontend projects)
   if (stack.language === "kotlin") templates.backend = "kotlin-spring";
   else if (stack.language === "java") templates.backend = "java-spring";
   else if (stack.framework === "express" || stack.framework === "nestjs") templates.backend = "node-express";
   else if (stack.framework === "django") templates.backend = "python-django";
   else if (stack.framework === "fastapi" || stack.framework === "flask") templates.backend = "python-fastapi";
-  else if (stack.language === "typescript" || stack.language === "javascript") templates.backend = "node-express";
-  else if (stack.language === "python") templates.backend = "python-fastapi";
+  else if ((stack.language === "typescript" || stack.language === "javascript") && stack.framework) templates.backend = "node-express";
+  else if (stack.language === "python" && stack.framework) templates.backend = "python-fastapi";
 
   // Frontend template
   if (stack.frontend === "nextjs" || stack.frontend === "react" || stack.frontend === "vue") {
     templates.frontend = "node-nextjs";
   }
 
-  // Pure frontend project with no backend
-  if (!templates.backend && templates.frontend) {
-    templates.backend = null;
-  }
-
   return templates;
 }
 
-// ─── Dynamic prompt generation (multi-stack) ──────────────────────
-
 module.exports = { splitDomainGroups, determineActiveDomains, selectTemplates };

package/plan-installer/prompt-generator.js

@@ -56,11 +56,6 @@ function generatePrompts(templates, lang, templatesDir, generatedDir) {
     }
   }
 
-  if (primaryTemplate) {
-    const body = readTemplate(primaryTemplate, "pass1");
-    if (body) writeFileSafe(path.join(generatedDir, "pass1-prompt.md"), header + body);
-  }
-
   if (primaryTemplate) {
     const body = readTemplate(primaryTemplate, "pass2");
     if (body) {

package/plan-installer/stack-detector.js

@@ -186,9 +186,9 @@ async function detectStack(ROOT) {
       else if (deps.react) { stack.frontend = "react"; stack.detected.push("react"); stack.frontendVersion = deps.react.replace(/[^0-9.]/g, ""); }
       else if (deps.vue) { stack.frontend = "vue"; stack.detected.push("vue"); stack.frontendVersion = deps.vue.replace(/[^0-9.]/g, ""); }
 
-      // Backend framework
+      // Backend framework (NestJS checked first — more specific than express, which NestJS includes as a dependency)
+      if (deps["@nestjs/core"] && !stack.framework) { stack.framework = "nestjs"; stack.detected.push("nestjs"); stack.frameworkVersion = deps["@nestjs/core"].replace(/[^0-9.]/g, ""); }
       if (deps.express && !stack.framework) { stack.framework = "express"; stack.detected.push("express"); }
-      if (deps["@nestjs/core"]) { stack.framework = "nestjs"; stack.detected.push("nestjs"); stack.frameworkVersion = deps["@nestjs/core"].replace(/[^0-9.]/g, ""); }
 
       // ORM
       if ((deps["@prisma/client"] || deps.prisma) && !stack.orm) { stack.orm = "prisma"; stack.detected.push("prisma"); }

package/plan-installer/structure-scanner.js

@@ -413,7 +413,7 @@ async function scanStructure(stack, ROOT) {
     for (const dir of allDirs) {
       const name = path.basename(dir);
       if (skipPages.includes(name) || name.startsWith("(") || name.startsWith("[") || name.startsWith("_") || name.startsWith(".")) continue;
-      const files = await glob(`${dir}**/*.{tsx,jsx,ts,js}`, { cwd: ROOT });
+      const files = await glob(`${dir}**/*.{tsx,jsx,ts,js,vue}`, { cwd: ROOT });
       if (files.length > 0) {
         const pages = files.filter(f => /page\.|index\./.test(f)).length;
         const layouts = files.filter(f => /layout\./.test(f)).length;
@@ -434,7 +434,7 @@ async function scanStructure(stack, ROOT) {
       for (const dir of fsdDirs) {
         const name = path.basename(dir);
         if (["ui", "common", "shared", "lib", "config", "index"].includes(name)) continue;
-        const files = await glob(`${dir}**/*.{tsx,jsx,ts,js}`, { cwd: ROOT, ignore: ["**/*.spec.*", "**/*.test.*", "**/*.stories.*"] });
+        const files = await glob(`${dir}**/*.{tsx,jsx,ts,js,vue}`, { cwd: ROOT, ignore: ["**/*.spec.*", "**/*.test.*", "**/*.stories.*"] });
         if (files.length > 0) {
           const uiFiles = files.filter(f => /\bui\b/.test(f)).length;
           const modelFiles = files.filter(f => /model|store|hook/.test(f)).length;
@@ -448,14 +448,15 @@ async function scanStructure(stack, ROOT) {
     for (const dir of compDirs) {
       const name = path.basename(dir);
       if (["ui", "common", "shared", "layout", "icons"].includes(name)) continue;
-      const files = await glob(`${dir}**/*.{tsx,jsx}`, { cwd: ROOT });
+      const files = await glob(`${dir}**/*.{tsx,jsx,vue}`, { cwd: ROOT });
       if (files.length >= 2) {
         frontendDomains.push({ name: `comp-${name}`, type: "frontend", components: files.length, totalFiles: files.length });
       }
     }
 
-    // ── Fallback: extract domains directly from page.tsx/index.tsx locations when scanners return 0 ──
+    // ── Fallback: extract domains when primary scanners return 0 ──
     if (frontendDomains.length === 0) {
+      // Fallback A: Next.js page.tsx / client.tsx based detection
       const pageFiles = await glob("**/page.{tsx,jsx}", { cwd: ROOT, ignore: ["**/node_modules/**", "**/.next/**"] });
       const domainSet = {};
       const skipNames = ["app", "src", "pages", "api", "_app", "_document"];
@@ -473,7 +474,6 @@ async function scanStructure(stack, ROOT) {
           }
         }
       }
-      // Count client.tsx as well
       const clientFiles = await glob("**/client.{tsx,jsx}", { cwd: ROOT, ignore: ["**/node_modules/**", "**/.next/**"] });
       for (const f of clientFiles) {
         const parts = f.replace(/\\/g, "/").split("/");
@@ -494,9 +494,9 @@ async function scanStructure(stack, ROOT) {
         });
       }
 
-      // Also scan widgets/features/entities directly (glob fallback)
+      // Fallback B: FSD widgets/features/entities
       for (const layer of ["widgets", "features", "entities"]) {
-        const layerFiles = await glob(`**/${layer}/*/**/*.{tsx,jsx,ts,js}`, { cwd: ROOT, ignore: ["**/node_modules/**", "**/.next/**", "**/*.spec.*", "**/*.test.*"] });
+        const layerFiles = await glob(`**/${layer}/*/**/*.{tsx,jsx,ts,js,vue}`, { cwd: ROOT, ignore: ["**/node_modules/**", "**/.next/**", "**/*.spec.*", "**/*.test.*"] });
         const layerDomains = {};
         for (const f of layerFiles) {
           const parts = f.replace(/\\/g, "/").split("/");
@@ -513,6 +513,57 @@ async function scanStructure(stack, ROOT) {
           frontendDomains.push({ name: `${layer}/${name}`, type: "frontend", totalFiles: count });
         }
       }
+
+      // Fallback C: Deep components/**/components/*/ detection (React/CRA/Vite projects)
+      // Scans for components/ directories at any depth (e.g., src/desktop/app/components/order/)
+      if (frontendDomains.length === 0) {
+        const deepCompDirs = await glob("**/components/*/", { cwd: ROOT, ignore: ["**/node_modules/**", "**/.next/**", "**/build/**", "**/dist/**", "**/.git/**", "**/vendor/**", "**/__pycache__/**", "**/coverage/**"] });
+        const deepDomains = {};
+        const skipDomainNames = ["ui", "common", "shared", "layout", "layouts", "icons", "assets", "config", "utils", "lib", "error", "footer", "header", "inputs", "template"];
+        for (const dir of deepCompDirs) {
+          const name = path.basename(dir.replace(/\/$/, ""));
+          if (skipDomainNames.includes(name) || name.startsWith("_") || name.startsWith(".")) continue;
+          const files = await glob(`${dir.replace(/\\/g, "/")}**/*.{tsx,jsx,ts,js,vue}`, { cwd: ROOT, ignore: ["**/*.spec.*", "**/*.test.*", "**/*.stories.*"] });
+          if (files.length >= 2) {
+            if (!deepDomains[name]) deepDomains[name] = { components: 0, totalFiles: 0 };
+            deepDomains[name].components += files.length;
+            deepDomains[name].totalFiles += files.length;
+          }
+        }
+        for (const [name, data] of Object.entries(deepDomains)) {
+          frontendDomains.push({ name, type: "frontend", components: data.components, totalFiles: data.totalFiles });
+        }
+      }
+
+      // Fallback D: views/screens/containers/pages/routes deep detection
+      // Covers: Vue (views/), React Native (screens/), legacy React (containers/),
+      //         CRA/Vite (pages/ at any depth), React Router (routes/)
+      if (frontendDomains.length === 0) {
+        const domainDirPatterns = ["views", "screens", "containers", "pages", "routes", "modules", "domains"];
+        const deepDirDomains = {};
+        const skipDirNames = ["api", "auth", "_app", "_document", "index", "ui", "common", "shared",
+          "layout", "layouts", "lib", "config", "utils", "assets", "hooks", "store", "types",
+          "constants", "helpers", "services", "middleware", "interceptors", "guards", "decorators"];
+
+        for (const pattern of domainDirPatterns) {
+          const dirs = await glob(`**/${pattern}/*/`, { cwd: ROOT, ignore: ["**/node_modules/**", "**/.next/**", "**/build/**", "**/dist/**", "**/.git/**", "**/vendor/**", "**/__pycache__/**", "**/coverage/**"] });
+          for (const dir of dirs) {
+            const name = path.basename(dir.replace(/\/$/, ""));
+            if (skipDirNames.includes(name) || name.startsWith("_") || name.startsWith(".") || name.startsWith("(") || name.startsWith("[")) continue;
+            const files = await glob(`${dir.replace(/\\/g, "/")}**/*.{tsx,jsx,ts,js,vue}`, { cwd: ROOT, ignore: ["**/*.spec.*", "**/*.test.*", "**/*.stories.*"] });
+            if (files.length >= 2) {
+              if (!deepDirDomains[name]) deepDirDomains[name] = { components: 0, pages: 0, totalFiles: 0, sources: [] };
+              const tsx = files.filter(f => /\.(tsx|jsx|vue)$/.test(f)).length;
+              deepDirDomains[name].components += tsx;
+              deepDirDomains[name].totalFiles += files.length;
+              if (!deepDirDomains[name].sources.includes(pattern)) deepDirDomains[name].sources.push(pattern);
+            }
+          }
+        }
+        for (const [name, data] of Object.entries(deepDirDomains)) {
+          frontendDomains.push({ name, type: "frontend", components: data.components, totalFiles: data.totalFiles, sources: data.sources });
+        }
+      }
     }
   }
 

package/plan-validator/index.js

@@ -173,8 +173,10 @@ async function main() {
       total++;
       const abs = path.join(ROOT, b.path);
 
-      // Block path traversal attempts
-      if (!path.resolve(abs).startsWith(path.resolve(ROOT) + path.sep)) {
+      // Block path traversal attempts (allow files at ROOT level and below)
+      const resolvedAbs = path.resolve(abs);
+      const resolvedRoot = path.resolve(ROOT);
+      if (resolvedAbs !== resolvedRoot && !resolvedAbs.startsWith(resolvedRoot + path.sep)) {
         console.log(`     ⚠️  SKIPPED: ${b.path} (path traversal blocked)`);
         continue;
       }

package/sync-checker/index.js

@@ -81,8 +81,10 @@ async function main() {
   console.log("  [2/2] Plan → Disk...");
   for (const m of sm.mappings) {
     const abs = path.join(ROOT, m.sourcePath);
-    // Skip path traversal attempts
-    if (!path.resolve(abs).startsWith(path.resolve(ROOT) + path.sep)) continue;
+    // Skip path traversal attempts (allow files at ROOT level and below)
+    const resolvedAbs = path.resolve(abs);
+    const resolvedRoot = path.resolve(ROOT);
+    if (resolvedAbs !== resolvedRoot && !resolvedAbs.startsWith(resolvedRoot + path.sep)) continue;
     if (!fs.existsSync(abs)) {
       issues.orphan.push({ path: m.sourcePath, plan: m.planFile });
     }