claudeos-core 2.1.1 → 2.3.0

package/pass-prompts/templates/python-flask/pass1.md

@@ -1,119 +1,119 @@
-Read claudeos-core/generated/project-analysis.json and
-perform a deep analysis of the following domains only: {{DOMAIN_GROUP}}
-
-For each domain, select one representative file per layer, read its code, and analyze it.
-Prioritize files with the richest patterns.
-
-Analysis items (per domain):
-
-1. Route/Blueprint Patterns
-   - Blueprint structure (Blueprint registration, url_prefix, naming)
-   - Route decorators (@app.route, @bp.route with methods)
-   - URL patterns and naming conventions
-   - View function structure (function-based vs class-based MethodView)
-   - Request handling (request.args, request.form, request.json, request.files)
-   - Response patterns (jsonify, make_response, Response, redirect, abort)
-   - If a custom response wrapper exists, record its EXACT function/class name, EXACT import path
-   - **Response wrapping layer (CRITICAL)**: Which layer formats the response?
-     Does the route handler call it directly, or does a service layer return formatted data?
-   - Error handling (errorhandler, abort, custom exception classes)
-   - Authentication (flask-login, flask-jwt-extended, custom decorators)
-   - API documentation (flask-restx, flask-smorest, flasgger)
-   - Pagination patterns
-
-2. Data Model Patterns
-   - ORM (SQLAlchemy, Flask-SQLAlchemy, Peewee)
-   - Model structure (db.Model, relationships, mixins)
-   - Serialization (marshmallow, flask-marshmallow, manual to_dict)
-   - Form validation (WTForms, Flask-WTF, manual)
-   - Request/Response schema separation
-   - Enum/constant management
-
-3. Data Access Patterns
-   - Session management (db.session, scoped_session)
-   - Repository/DAO pattern vs direct model queries
-   - Migration (Flask-Migrate / Alembic)
-   - Query optimization (eager loading, lazy loading)
-   - Connection management (pool, teardown_appcontext)
-   - Transaction management
-
-4. Application Structure Patterns
-   - Application factory (create_app)
-   - Configuration (app.config, from_object, from_envvar)
-   - Extension initialization (db.init_app, login_manager.init_app)
-   - Context (application context, request context, g, current_app)
-   - Before/after request hooks (before_request, after_request, teardown_request)
-   - Import paths: record EXACT import conventions
-   - Utility function locations: record EXACT module paths
-
-5. Configuration/Environment Patterns
-   - Environment variable management (python-dotenv, os.environ)
-   - Config classes (DevelopmentConfig, ProductionConfig)
-   - Per-environment branching
-   - Secret management (SECRET_KEY, database URL)
-
-6. Logging Patterns
-   - Logger usage (app.logger, structlog, loguru, logging)
-   - Log level policy
-   - Request/response logging
-   - Error logging
-
-7. Testing Patterns
-   - Test framework (pytest, unittest)
-   - Test client (app.test_client, pytest fixtures)
-   - Application factory testing (create_app with test config)
-   - Fixture management (conftest, client fixture)
-   - DB test strategy (test DB, SQLite in-memory, transaction rollback)
-   - Mocking (unittest.mock, pytest-mock, responses)
-
-8. Domain-Specific Patterns
-   - Template rendering (Jinja2, render_template) vs JSON API
-   - File upload (request.files, werkzeug FileStorage)
-   - Background tasks (Celery, RQ, APScheduler)
-   - WebSocket (Flask-SocketIO)
-   - External API integration (requests, httpx)
-   - Caching (Flask-Caching, Redis)
-   - Session management (server-side, Flask-Session)
-   - CSRF protection (Flask-WTF CSRFProtect)
-
-9. Anti-patterns / Inconsistencies
-   - Circular imports
-   - Missing application factory
-   - Global state misuse
-   - Missing error handlers
-   - Security issues (injection, missing CSRF, debug mode in production)
-   - Performance issues (blocking I/O, N+1 queries)
-
-Do not create or modify source files. Analysis only.
-Save results to claudeos-core/generated/pass1-{{PASS_NUM}}.json in the following format:
-
-{
-  "analyzedAt": "ISO timestamp",
-  "passNum": {{PASS_NUM}},
-  "domains": ["auth", "users", "orders", "products"],
-  "analysisPerDomain": {
-    "users": {
-      "representativeFiles": {
-        "routes": "app/users/routes.py",
-        "models": "app/users/models.py",
-        "forms": "app/users/forms.py",
-        "services": "app/users/services.py"
-      },
-      "patterns": {
-        "routes": { ... },
-        "models": { ... },
-        "dataAccess": { ... },
-        "appStructure": { ... },
-        "config": { ... },
-        "logging": { ... },
-        "testing": { ... }
-      },
-      "specialPatterns": [],
-      "antiPatterns": []
-    }
-  },
-  "crossDomainCommon": {
-    "description": "Patterns commonly used across domains in this group",
-    "patterns": []
-  }
-}
+Read claudeos-core/generated/project-analysis.json and
+perform a deep analysis of the following domains only: {{DOMAIN_GROUP}}
+
+For each domain, select one representative file per layer, read its code, and analyze it.
+Prioritize files with the richest patterns.
+
+Analysis items (per domain):
+
+1. Route/Blueprint Patterns
+   - Blueprint structure (Blueprint registration, url_prefix, naming)
+   - Route decorators (@app.route, @bp.route with methods)
+   - URL patterns and naming conventions
+   - View function structure (function-based vs class-based MethodView)
+   - Request handling (request.args, request.form, request.json, request.files)
+   - Response patterns (jsonify, make_response, Response, redirect, abort)
+   - If a custom response wrapper exists, record its EXACT function/class name, EXACT import path
+   - **Response wrapping layer (CRITICAL)**: Which layer formats the response?
+     Does the route handler call it directly, or does a service layer return formatted data?
+   - Error handling (errorhandler, abort, custom exception classes)
+   - Authentication (flask-login, flask-jwt-extended, custom decorators)
+   - API documentation (flask-restx, flask-smorest, flasgger)
+   - Pagination patterns
+
+2. Data Model Patterns
+   - ORM (SQLAlchemy, Flask-SQLAlchemy, Peewee)
+   - Model structure (db.Model, relationships, mixins)
+   - Serialization (marshmallow, flask-marshmallow, manual to_dict)
+   - Form validation (WTForms, Flask-WTF, manual)
+   - Request/Response schema separation
+   - Enum/constant management
+
+3. Data Access Patterns
+   - Session management (db.session, scoped_session)
+   - Repository/DAO pattern vs direct model queries
+   - Migration (Flask-Migrate / Alembic)
+   - Query optimization (eager loading, lazy loading)
+   - Connection management (pool, teardown_appcontext)
+   - Transaction management
+
+4. Application Structure Patterns
+   - Application factory (create_app)
+   - Configuration (app.config, from_object, from_envvar)
+   - Extension initialization (db.init_app, login_manager.init_app)
+   - Context (application context, request context, g, current_app)
+   - Before/after request hooks (before_request, after_request, teardown_request)
+   - Import paths: record EXACT import conventions
+   - Utility function locations: record EXACT module paths
+
+5. Configuration/Environment Patterns
+   - Environment variable management (python-dotenv, os.environ)
+   - Config classes (DevelopmentConfig, ProductionConfig)
+   - Per-environment branching
+   - Secret management (SECRET_KEY, database URL)
+
+6. Logging Patterns
+   - Logger usage (app.logger, structlog, loguru, logging)
+   - Log level policy
+   - Request/response logging
+   - Error logging
+
+7. Testing Patterns
+   - Test framework (pytest, unittest)
+   - Test client (app.test_client, pytest fixtures)
+   - Application factory testing (create_app with test config)
+   - Fixture management (conftest, client fixture)
+   - DB test strategy (test DB, SQLite in-memory, transaction rollback)
+   - Mocking (unittest.mock, pytest-mock, responses)
+
+8. Domain-Specific Patterns
+   - Template rendering (Jinja2, render_template) vs JSON API
+   - File upload (request.files, werkzeug FileStorage)
+   - Background tasks (Celery, RQ, APScheduler)
+   - WebSocket (Flask-SocketIO)
+   - External API integration (requests, httpx)
+   - Caching (Flask-Caching, Redis)
+   - Session management (server-side, Flask-Session)
+   - CSRF protection (Flask-WTF CSRFProtect)
+
+9. Anti-patterns / Inconsistencies
+   - Circular imports
+   - Missing application factory
+   - Global state misuse
+   - Missing error handlers
+   - Security issues (injection, missing CSRF, debug mode in production)
+   - Performance issues (blocking I/O, N+1 queries)
+
+Do not create or modify source files. Analysis only.
+Save results to claudeos-core/generated/pass1-{{PASS_NUM}}.json in the following format:
+
+{
+  "analyzedAt": "ISO timestamp",
+  "passNum": {{PASS_NUM}},
+  "domains": ["auth", "users", "orders", "products"],
+  "analysisPerDomain": {
+    "users": {
+      "representativeFiles": {
+        "routes": "app/users/routes.py",
+        "models": "app/users/models.py",
+        "forms": "app/users/forms.py",
+        "services": "app/users/services.py"
+      },
+      "patterns": {
+        "routes": { ... },
+        "models": { ... },
+        "dataAccess": { ... },
+        "appStructure": { ... },
+        "config": { ... },
+        "logging": { ... },
+        "testing": { ... }
+      },
+      "specialPatterns": [],
+      "antiPatterns": []
+    }
+  },
+  "crossDomainCommon": {
+    "description": "Patterns commonly used across domains in this group",
+    "patterns": []
+  }
+}

package/pass-prompts/templates/python-flask/pass2.md

@@ -1,85 +1,85 @@
-Read all pass1-*.json files from the claudeos-core/generated/ directory and
-merge all domain analysis results into a single unified report.
-
-Merge items:
-
-1. Universal Patterns (shared by 100% of all domains)
-   - Route/Blueprint style (decorators, response format, status codes)
-   - **Response flow**: Which layer wraps the response? (route handler vs service layer)
-     Record the definitive answer. If an orchestration layer exists, describe it.
-   - Model/serialization conventions (SQLAlchemy, marshmallow)
-   - Data access patterns (session management, queries)
-   - Application factory structure (create_app, extensions)
-   - Error handling patterns
-   - Before/after request hooks
-
-2. Majority Patterns (shared by 50%+ of domains)
-   - Specify which domains share them
-
-3. Domain-Specific Patterns (unique to a single domain)
-   - File upload: which domain
-   - WebSocket: which domain
-   - Background tasks: which domain
-   - External API: which domain
-   - Caching: which domain
-   - Template rendering: which domain
-
-4. Anti-pattern Summary
-   - Consolidate all inconsistencies found across domains
-   - Classify by severity (CRITICAL / HIGH / MEDIUM / LOW)
-
-5. Naming Conventions Summary
-   - Module/package naming (snake_case)
-   - Blueprint naming conventions
-   - Model/schema naming conventions
-   - Route URL patterns
-   - File structure conventions
-
-6. Common Models/Utilities List
-   - Base model mixins with EXACT import paths
-   - Shared utility functions with EXACT module paths
-   - Constants/Enum management with EXACT locations
-   - Extension instances (db, login_manager, etc.)
-
-7. Security/Authentication Patterns
-   - Authentication method (flask-login, flask-jwt-extended, custom)
-   - Authorization decorators (login_required, custom)
-   - CSRF protection
-   - CORS configuration
-   - Environment variable management
-
-8. Database Patterns
-   - Table naming (__tablename__)
-   - Migration strategy (Flask-Migrate)
-   - Seed data management
-   - Audit fields (created_at, updated_at)
-   - Relationship patterns
-   - Index/constraints
-
-9. Testing Strategy Summary
-   - Test coverage level
-   - Test classification system (unit/integration/E2E)
-   - Test client setup (app.test_client)
-   - Fixture/Factory strategy
-   - Mocking strategy
-   - DB test strategy
-
-10. Logging/Monitoring Strategy
-    - Logger standard (app.logger vs custom)
-    - Log level policy
-    - Request/response logging
-
-11. Performance Patterns
-    - Caching strategy (Flask-Caching)
-    - Connection pool configuration
-    - Query optimization
-    - Static file serving
-
-12. Code Quality Tools
-    - Lint/Format tools (ruff, black, isort, mypy, flake8)
-    - Pre-commit hooks
-    - Type Checking (mypy, pyright)
-    - CI integration status
-
-Do not generate code. Merge only.
-Save results to claudeos-core/generated/pass2-merged.json.
+Read all pass1-*.json files from the claudeos-core/generated/ directory and
+merge all domain analysis results into a single unified report.
+
+Merge items:
+
+1. Universal Patterns (shared by 100% of all domains)
+   - Route/Blueprint style (decorators, response format, status codes)
+   - **Response flow**: Which layer wraps the response? (route handler vs service layer)
+     Record the definitive answer. If an orchestration layer exists, describe it.
+   - Model/serialization conventions (SQLAlchemy, marshmallow)
+   - Data access patterns (session management, queries)
+   - Application factory structure (create_app, extensions)
+   - Error handling patterns
+   - Before/after request hooks
+
+2. Majority Patterns (shared by 50%+ of domains)
+   - Specify which domains share them
+
+3. Domain-Specific Patterns (unique to a single domain)
+   - File upload: which domain
+   - WebSocket: which domain
+   - Background tasks: which domain
+   - External API: which domain
+   - Caching: which domain
+   - Template rendering: which domain
+
+4. Anti-pattern Summary
+   - Consolidate all inconsistencies found across domains
+   - Classify by severity (CRITICAL / HIGH / MEDIUM / LOW)
+
+5. Naming Conventions Summary
+   - Module/package naming (snake_case)
+   - Blueprint naming conventions
+   - Model/schema naming conventions
+   - Route URL patterns
+   - File structure conventions
+
+6. Common Models/Utilities List
+   - Base model mixins with EXACT import paths
+   - Shared utility functions with EXACT module paths
+   - Constants/Enum management with EXACT locations
+   - Extension instances (db, login_manager, etc.)
+
+7. Security/Authentication Patterns
+   - Authentication method (flask-login, flask-jwt-extended, custom)
+   - Authorization decorators (login_required, custom)
+   - CSRF protection
+   - CORS configuration
+   - Environment variable management
+
+8. Database Patterns
+   - Table naming (__tablename__)
+   - Migration strategy (Flask-Migrate)
+   - Seed data management
+   - Audit fields (created_at, updated_at)
+   - Relationship patterns
+   - Index/constraints
+
+9. Testing Strategy Summary
+   - Test coverage level
+   - Test classification system (unit/integration/E2E)
+   - Test client setup (app.test_client)
+   - Fixture/Factory strategy
+   - Mocking strategy
+   - DB test strategy
+
+10. Logging/Monitoring Strategy
+    - Logger standard (app.logger vs custom)
+    - Log level policy
+    - Request/response logging
+
+11. Performance Patterns
+    - Caching strategy (Flask-Caching)
+    - Connection pool configuration
+    - Query optimization
+    - Static file serving
+
+12. Code Quality Tools
+    - Lint/Format tools (ruff, black, isort, mypy, flake8)
+    - Pre-commit hooks
+    - Type Checking (mypy, pyright)
+    - CI integration status
+
+Do not generate code. Merge only.
+Save results to claudeos-core/generated/pass2-merged.json.

package/pass-prompts/templates/python-flask/pass3.md

@@ -22,17 +22,30 @@ Determine from pass2-merged.json which layer (route handler vs service layer) fo
 the response. This MUST be identical across architecture.md, route-patterns.md,
 and all rules files.
 
-CRITICAL — CLAUDE.md Reference Table Completeness:
-The reference table in CLAUDE.md MUST list ALL generated standard files.
-
 Generation targets:
 
 1. CLAUDE.md (project root)
-   - Role definition (based on detected stack — Flask)
-   - Build & Run Commands (pip/poetry, flask run, gunicorn, docker)
-   - Core architecture diagram (application factory, Blueprint structure)
-   - Module structure
-   - Standard/Skills/Guide reference table
+
+   Follow the scaffold EXACTLY:
+   → `pass-prompts/templates/common/claude-md-scaffold.md`
+
+   The scaffold enforces an 8-section deterministic structure:
+   1. Role Definition → 2. Project Overview → 3. Build & Run Commands →
+   4. Core Architecture → 5. Directory Structure → 6. Standard / Rules / Skills Reference →
+   7. DO NOT Read → 8. Common Rules & Memory (L4)
+
+   All section titles, order, and formats are FIXED by the scaffold.
+   Content within each section adapts to this project based on pass2-merged.json.
+   The scaffold's validation checklist MUST pass.
+
+   Stack-specific hints for this project (Python Flask):
+   - Project type for Section 1 PROJECT_CONTEXT: "Lightweight Web Application" or "REST API Server"
+     (reflect the application factory pattern and Blueprint structure)
+   - Architecture diagram (Section 4): application factory → Blueprint → route → service,
+     request lifecycle
+   - Section 3 commands: pip/poetry install, flask run (dev), gunicorn (production), docker
+   - Module structure: reflect in Section 5 tree (blueprints/, models/, services/)
+   - Detect SQLAlchemy/marshmallow/WTForms and reflect in Section 2
 
 2. claudeos-core/standard/ (active domains only)
    - 00.core/01.project-overview.md — Stack, modules, server info
@@ -64,14 +77,19 @@ Generation targets:
      - `00.core/*` rules: `paths: ["**/*"]`
      - `10.backend/*` rules: `paths: ["**/*"]`
      - `30.security-db/*` rules: `paths: ["**/*"]`
-     - `40.infra/*` rules: `paths: ["**/*.json", "**/*.env*", "**/*.cfg", "**/Dockerfile*", "**/*.yml", "**/*.yaml"]`
+     - `40.infra/01.environment-config-rules.md` paths: `["**/.env*", "**/config.py", "**/config/**", "**/*.cfg", "**/*.toml"]` — env / Flask config
+     - `40.infra/02.logging-monitoring-rules.md` paths: `["**/*.py"]` — source code where logs live
+     - `40.infra/03.cicd-deployment-rules.md` paths: `["**/*.yml", "**/*.yaml", "**/Dockerfile*", "**/*.py"]` — CI / deploy config + source
      - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]`
+     - `60.memory/*` rules: forward reference — Pass 4 will generate 4 files (01.decision-log, 02.failure-patterns, 03.compaction, 04.auto-rule-update), each with file-specific `paths`. Pass 3 must STILL list ```.claude/rules/60.memory/*``` as a row in CLAUDE.md Section 6 Rules table so developers/Claude see the category exists.
    - MUST generate `.claude/rules/00.core/00.standard-reference.md` — directory of all standard files
 
-4. .claude/rules/50.sync/ (3 sync rules)
-   - 01.standard-sync.md
-   - 02.rules-sync.md
-   - 03.skills-sync.md
+4. .claude/rules/50.sync/ (2 sync rules)
+   - 01.doc-sync.md — Bidirectional standard ↔ rules sync reminder (both directions in ONE rule).
+     Do NOT generate a separate 02.rules-sync.md mirror file — redundant.
+     Express the mapping as a naming convention (standard/<N>.<dir>/<M>.<n>.md ↔
+     .claude/rules/<N>.<dir>/<M>.<n>-rules.md), NOT a hardcoded file-to-file table.
+   - 02.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
 
 5. claudeos-core/skills/ (active domains only)
    - 10.backend-crud/01.scaffold-crud-feature.md (orchestrator)

package/pass-prompts/templates/vue-nuxt/pass3.md

@@ -17,17 +17,31 @@ CRITICAL — Code Example Accuracy:
 ALL code examples MUST use EXACT method names, class names, and signatures from pass2-merged.json.
 Do NOT paraphrase, rename, or infer API names.
 
-CRITICAL — CLAUDE.md Reference Table Completeness:
-The reference table in CLAUDE.md MUST list ALL generated standard files.
-
 Generation targets:
 
 1. CLAUDE.md (project root)
-   - Role definition (Vue/Nuxt frontend developer)
-   - Build & Run Commands (use ONLY the detected packageManager)
-   - Core architecture diagram
-   - Directory structure description
-   - Standard/Skills/Guide reference table
+
+   Follow the scaffold EXACTLY:
+   → `pass-prompts/templates/common/claude-md-scaffold.md`
+
+   The scaffold enforces an 8-section deterministic structure:
+   1. Role Definition → 2. Project Overview → 3. Build & Run Commands →
+   4. Core Architecture → 5. Directory Structure → 6. Standard / Rules / Skills Reference →
+   7. DO NOT Read → 8. Common Rules & Memory (L4)
+
+   All section titles, order, and formats are FIXED by the scaffold.
+   Content within each section adapts to this project based on pass2-merged.json.
+   The scaffold's validation checklist MUST pass.
+
+   Stack-specific hints for this project (Vue / Nuxt):
+   - Project type for Section 1 PROJECT_CONTEXT: when Nuxt is detected, "Full-stack Web Application"
+     or "SSR/SSG-based SPA"; when pure Vue is detected, "Vue SPA"
+   - Architecture diagram (Section 4): component hierarchy, data flow (useFetch/useAsyncData),
+     Nuxt projects include a Nitro server layer
+   - Use ONLY the detected packageManager in Section 3
+   - Directory structure (Section 5): Nuxt uses auto-routing-based pages/,
+     Vue uses an explicit router-config file structure
+   - Detect the state-management approach (Pinia vs Composables) and reflect in Section 4 Core Patterns
 
 2. claudeos-core/standard/ (active domains only)
    - 00.core/01.project-overview.md — Stack, routing approach, deployment environment
@@ -61,14 +75,19 @@ Generation targets:
      - `10.backend/*` rules: `paths: ["**/*"]`
      - `20.frontend/*` rules: `paths: ["**/*"]`
      - `30.security-db/*` rules: `paths: ["**/*"]`
-     - `40.infra/*` rules: `paths: ["**/*.json", "**/*.env*", "**/nuxt.config.*", "**/vite.config.*", "**/Dockerfile*", "**/*.yml", "**/*.yaml"]`
+     - `40.infra/01.environment-config-rules.md` paths: `["**/.env*", "**/nuxt.config.*", "**/vite.config.*", "**/*.json"]` — env / Nuxt/Vite config
+     - `40.infra/02.logging-monitoring-rules.md` paths: `["**/*.ts", "**/*.tsx", "**/*.vue", "**/*.js"]` — source code (including SFC) where logs live
+     - `40.infra/03.cicd-deployment-rules.md` paths: `["**/*.yml", "**/*.yaml", "**/Dockerfile*", "**/*.ts", "**/*.vue"]` — CI config + source
      - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]`
+     - `60.memory/*` rules: forward reference — Pass 4 will generate 4 files (01.decision-log, 02.failure-patterns, 03.compaction, 04.auto-rule-update), each with file-specific `paths`. Pass 3 must STILL list ```.claude/rules/60.memory/*``` as a row in CLAUDE.md Section 6 Rules table so developers/Claude see the category exists.
    - MUST generate `.claude/rules/00.core/00.standard-reference.md` — directory of all standard files
 
-4. .claude/rules/50.sync/ (3 sync rules)
-   - 01.standard-sync.md
-   - 02.rules-sync.md
-   - 03.skills-sync.md
+4. .claude/rules/50.sync/ (2 sync rules)
+   - 01.doc-sync.md — Bidirectional standard ↔ rules sync reminder (both directions in ONE rule).
+     Do NOT generate a separate 02.rules-sync.md mirror file — redundant.
+     Express the mapping as a naming convention (standard/<N>.<dir>/<M>.<n>.md ↔
+     .claude/rules/<N>.<dir>/<M>.<n>-rules.md), NOT a hardcoded file-to-file table.
+   - 02.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
 
 5. claudeos-core/skills/ (active domains only)
    - 20.frontend-page/01.scaffold-page-feature.md (orchestrator)