compact-agent 1.1.0

package/resources/ecc/rules/common-git-workflow.md

@@ -0,0 +1,28 @@
+---
+description: "Git workflow: conventional commits, PR process"
+alwaysApply: true
+---
+# Git Workflow
+
+## Commit Message Format
+```
+<type>: <description>
+
+<optional body>
+```
+
+Types: feat, fix, refactor, docs, test, chore, perf, ci
+
+Note: Attribution disabled globally via ~/.claude/settings.json.
+
+## Pull Request Workflow
+
+When creating PRs:
+1. Analyze full commit history (not just latest commit)
+2. Use `git diff [base-branch]...HEAD` to see all changes
+3. Draft comprehensive PR summary
+4. Include test plan with TODOs
+5. Push with `-u` flag if new branch
+
+> For the full development process (planning, TDD, code review) before git operations,
+> see the development workflow rule.

package/resources/ecc/rules/common-hooks.md

@@ -0,0 +1,34 @@
+---
+description: "Hooks system: types, auto-accept permissions, TodoWrite best practices"
+alwaysApply: true
+---
+# Hooks System
+
+## Hook Types
+
+- **PreToolUse**: Before tool execution (validation, parameter modification)
+- **PostToolUse**: After tool execution (auto-format, checks)
+- **Stop**: When session ends (final verification)
+
+## Auto-Accept Permissions
+
+Use with caution:
+- Enable for trusted, well-defined plans
+- Disable for exploratory work
+- Never use dangerously-skip-permissions flag
+- Configure `allowedTools` in `~/.claude.json` instead
+
+## TodoWrite Best Practices
+
+Use TodoWrite tool to:
+- Track progress on multi-step tasks
+- Verify understanding of instructions
+- Enable real-time steering
+- Show granular implementation steps
+
+Todo list reveals:
+- Out of order steps
+- Missing items
+- Extra unnecessary items
+- Wrong granularity
+- Misinterpreted requirements

package/resources/ecc/rules/common-patterns.md

@@ -0,0 +1,35 @@
+---
+description: "Common patterns: repository, API response, skeleton projects"
+alwaysApply: true
+---
+# Common Patterns
+
+## Skeleton Projects
+
+When implementing new functionality:
+1. Search for battle-tested skeleton projects
+2. Use parallel agents to evaluate options:
+   - Security assessment
+   - Extensibility analysis
+   - Relevance scoring
+   - Implementation planning
+3. Clone best match as foundation
+4. Iterate within proven structure
+
+## Design Patterns
+
+### Repository Pattern
+
+Encapsulate data access behind a consistent interface:
+- Define standard operations: findAll, findById, create, update, delete
+- Concrete implementations handle storage details (database, API, file, etc.)
+- Business logic depends on the abstract interface, not the storage mechanism
+- Enables easy swapping of data sources and simplifies testing with mocks
+
+### API Response Format
+
+Use a consistent envelope for all API responses:
+- Include a success/status indicator
+- Include the data payload (nullable on error)
+- Include an error message field (nullable on success)
+- Include metadata for paginated responses (total, page, limit)

package/resources/ecc/rules/common-performance.md

@@ -0,0 +1,59 @@
+---
+description: "Performance: model selection, context management, build troubleshooting"
+alwaysApply: true
+---
+# Performance Optimization
+
+## Model Selection Strategy
+
+**Haiku 4.5** (90% of Sonnet capability, 3x cost savings):
+- Lightweight agents with frequent invocation
+- Pair programming and code generation
+- Worker agents in multi-agent systems
+
+**Sonnet 4.6** (Best coding model):
+- Main development work
+- Orchestrating multi-agent workflows
+- Complex coding tasks
+
+**Opus 4.5** (Deepest reasoning):
+- Complex architectural decisions
+- Maximum reasoning requirements
+- Research and analysis tasks
+
+## Context Window Management
+
+Avoid last 20% of context window for:
+- Large-scale refactoring
+- Feature implementation spanning multiple files
+- Debugging complex interactions
+
+Lower context sensitivity tasks:
+- Single-file edits
+- Independent utility creation
+- Documentation updates
+- Simple bug fixes
+
+## Extended Thinking + Plan Mode
+
+Extended thinking is enabled by default, reserving up to 31,999 tokens for internal reasoning.
+
+Control extended thinking via:
+- **Toggle**: Option+T (macOS) / Alt+T (Windows/Linux)
+- **Config**: Set `alwaysThinkingEnabled` in `~/.claude/settings.json`
+- **Budget cap**: `export MAX_THINKING_TOKENS=10000`
+- **Verbose mode**: Ctrl+O to see thinking output
+
+For complex tasks requiring deep reasoning:
+1. Ensure extended thinking is enabled (on by default)
+2. Enable **Plan Mode** for structured approach
+3. Use multiple critique rounds for thorough analysis
+4. Use split role sub-agents for diverse perspectives
+
+## Build Troubleshooting
+
+If build fails:
+1. Use **build-error-resolver** agent
+2. Analyze error messages
+3. Fix incrementally
+4. Verify after each fix

package/resources/ecc/rules/common-security.md

@@ -0,0 +1,33 @@
+---
+description: "Security: mandatory checks, secret management, response protocol"
+alwaysApply: true
+---
+# Security Guidelines
+
+## Mandatory Security Checks
+
+Before ANY commit:
+- [ ] No hardcoded secrets (API keys, passwords, tokens)
+- [ ] All user inputs validated
+- [ ] SQL injection prevention (parameterized queries)
+- [ ] XSS prevention (sanitized HTML)
+- [ ] CSRF protection enabled
+- [ ] Authentication/authorization verified
+- [ ] Rate limiting on all endpoints
+- [ ] Error messages don't leak sensitive data
+
+## Secret Management
+
+- NEVER hardcode secrets in source code
+- ALWAYS use environment variables or a secret manager
+- Validate that required secrets are present at startup
+- Rotate any secrets that may have been exposed
+
+## Security Response Protocol
+
+If security issue found:
+1. STOP immediately
+2. Use **security-reviewer** agent
+3. Fix CRITICAL issues before continuing
+4. Rotate any exposed secrets
+5. Review entire codebase for similar issues

package/resources/ecc/rules/common-testing.md

@@ -0,0 +1,33 @@
+---
+description: "Testing requirements: 80% coverage, TDD workflow, test types"
+alwaysApply: true
+---
+# Testing Requirements
+
+## Minimum Test Coverage: 80%
+
+Test Types (ALL required):
+1. **Unit Tests** - Individual functions, utilities, components
+2. **Integration Tests** - API endpoints, database operations
+3. **E2E Tests** - Critical user flows (framework chosen per language)
+
+## Test-Driven Development
+
+MANDATORY workflow:
+1. Write test first (RED)
+2. Run test - it should FAIL
+3. Write minimal implementation (GREEN)
+4. Run test - it should PASS
+5. Refactor (IMPROVE)
+6. Verify coverage (80%+)
+
+## Troubleshooting Test Failures
+
+1. Use **tdd-guide** agent
+2. Check test isolation
+3. Verify mocks are correct
+4. Fix implementation, not tests (unless tests are wrong)
+
+## Agent Support
+
+- **tdd-guide** - Use PROACTIVELY for new features, enforces write-tests-first

package/resources/ecc/rules/golang-coding-style.md

@@ -0,0 +1,31 @@
+---
+description: "Go coding style extending common rules"
+globs: ["**/*.go", "**/go.mod", "**/go.sum"]
+alwaysApply: false
+---
+# Go Coding Style
+
+> This file extends the common coding style rule with Go specific content.
+
+## Formatting
+
+- **gofmt** and **goimports** are mandatory -- no style debates
+
+## Design Principles
+
+- Accept interfaces, return structs
+- Keep interfaces small (1-3 methods)
+
+## Error Handling
+
+Always wrap errors with context:
+
+```go
+if err != nil {
+    return fmt.Errorf("failed to create user: %w", err)
+}
+```
+
+## Reference
+
+See skill: `golang-patterns` for comprehensive Go idioms and patterns.

package/resources/ecc/rules/golang-hooks.md

@@ -0,0 +1,16 @@
+---
+description: "Go hooks extending common rules"
+globs: ["**/*.go", "**/go.mod", "**/go.sum"]
+alwaysApply: false
+---
+# Go Hooks
+
+> This file extends the common hooks rule with Go specific content.
+
+## PostToolUse Hooks
+
+Configure in `~/.claude/settings.json`:
+
+- **gofmt/goimports**: Auto-format `.go` files after edit
+- **go vet**: Run static analysis after editing `.go` files
+- **staticcheck**: Run extended static checks on modified packages

package/resources/ecc/rules/golang-patterns.md

@@ -0,0 +1,44 @@
+---
+description: "Go patterns extending common rules"
+globs: ["**/*.go", "**/go.mod", "**/go.sum"]
+alwaysApply: false
+---
+# Go Patterns
+
+> This file extends the common patterns rule with Go specific content.
+
+## Functional Options
+
+```go
+type Option func(*Server)
+
+func WithPort(port int) Option {
+    return func(s *Server) { s.port = port }
+}
+
+func NewServer(opts ...Option) *Server {
+    s := &Server{port: 8080}
+    for _, opt := range opts {
+        opt(s)
+    }
+    return s
+}
+```
+
+## Small Interfaces
+
+Define interfaces where they are used, not where they are implemented.
+
+## Dependency Injection
+
+Use constructor functions to inject dependencies:
+
+```go
+func NewUserService(repo UserRepository, logger Logger) *UserService {
+    return &UserService{repo: repo, logger: logger}
+}
+```
+
+## Reference
+
+See skill: `golang-patterns` for comprehensive Go patterns including concurrency, error handling, and package organization.

package/resources/ecc/rules/golang-security.md

@@ -0,0 +1,33 @@
+---
+description: "Go security extending common rules"
+globs: ["**/*.go", "**/go.mod", "**/go.sum"]
+alwaysApply: false
+---
+# Go Security
+
+> This file extends the common security rule with Go specific content.
+
+## Secret Management
+
+```go
+apiKey := os.Getenv("OPENAI_API_KEY")
+if apiKey == "" {
+    log.Fatal("OPENAI_API_KEY not configured")
+}
+```
+
+## Security Scanning
+
+- Use **gosec** for static security analysis:
+  ```bash
+  gosec ./...
+  ```
+
+## Context & Timeouts
+
+Always use `context.Context` for timeout control:
+
+```go
+ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
+defer cancel()
+```

package/resources/ecc/rules/golang-testing.md

@@ -0,0 +1,30 @@
+---
+description: "Go testing extending common rules"
+globs: ["**/*.go", "**/go.mod", "**/go.sum"]
+alwaysApply: false
+---
+# Go Testing
+
+> This file extends the common testing rule with Go specific content.
+
+## Framework
+
+Use the standard `go test` with **table-driven tests**.
+
+## Race Detection
+
+Always run with the `-race` flag:
+
+```bash
+go test -race ./...
+```
+
+## Coverage
+
+```bash
+go test -cover ./...
+```
+
+## Reference
+
+See skill: `golang-testing` for detailed Go testing patterns and helpers.

package/resources/ecc/rules/kotlin-coding-style.md

@@ -0,0 +1,39 @@
+---
+description: "Kotlin coding style extending common rules"
+globs: ["**/*.kt", "**/*.kts", "**/build.gradle.kts"]
+alwaysApply: false
+---
+# Kotlin Coding Style
+
+> This file extends the common coding style rule with Kotlin-specific content.
+
+## Formatting
+
+- Auto-formatting via **ktfmt** or **ktlint** (configured in `kotlin-hooks.md`)
+- Use trailing commas in multiline declarations
+
+## Immutability
+
+The global immutability requirement is enforced in the common coding style rule.
+For Kotlin specifically:
+
+- Prefer `val` over `var`
+- Use immutable collection types (`List`, `Map`, `Set`)
+- Use `data class` with `copy()` for immutable updates
+
+## Null Safety
+
+- Avoid `!!` -- use `?.`, `?:`, `require`, or `checkNotNull`
+- Handle platform types explicitly at Java interop boundaries
+
+## Expression Bodies
+
+Prefer expression bodies for single-expression functions:
+
+```kotlin
+fun isAdult(age: Int): Boolean = age >= 18
+```
+
+## Reference
+
+See skill: `kotlin-patterns` for comprehensive Kotlin idioms and patterns.

package/resources/ecc/rules/kotlin-hooks.md

@@ -0,0 +1,16 @@
+---
+description: "Kotlin hooks extending common rules"
+globs: ["**/*.kt", "**/*.kts", "**/build.gradle.kts"]
+alwaysApply: false
+---
+# Kotlin Hooks
+
+> This file extends the common hooks rule with Kotlin-specific content.
+
+## PostToolUse Hooks
+
+Configure in `~/.claude/settings.json`:
+
+- **ktfmt/ktlint**: Auto-format `.kt` and `.kts` files after edit
+- **detekt**: Run static analysis after editing Kotlin files
+- **./gradlew build**: Verify compilation after changes

package/resources/ecc/rules/kotlin-patterns.md

@@ -0,0 +1,50 @@
+---
+description: "Kotlin patterns extending common rules"
+globs: ["**/*.kt", "**/*.kts", "**/build.gradle.kts"]
+alwaysApply: false
+---
+# Kotlin Patterns
+
+> This file extends the common patterns rule with Kotlin-specific content.
+
+## Sealed Classes
+
+Use sealed classes/interfaces for exhaustive type hierarchies:
+
+```kotlin
+sealed class Result<out T> {
+    data class Success<T>(val data: T) : Result<T>()
+    data class Failure(val error: AppError) : Result<Nothing>()
+}
+```
+
+## Extension Functions
+
+Add behavior without inheritance, scoped to where they're used:
+
+```kotlin
+fun String.toSlug(): String =
+    lowercase().replace(Regex("[^a-z0-9\\s-]"), "").replace(Regex("\\s+"), "-")
+```
+
+## Scope Functions
+
+- `let`: Transform nullable or scoped result
+- `apply`: Configure an object
+- `also`: Side effects
+- Avoid nesting scope functions
+
+## Dependency Injection
+
+Use Koin for DI in Ktor projects:
+
+```kotlin
+val appModule = module {
+    single<UserRepository> { ExposedUserRepository(get()) }
+    single { UserService(get()) }
+}
+```
+
+## Reference
+
+See skill: `kotlin-patterns` for comprehensive Kotlin patterns including coroutines, DSL builders, and delegation.

package/resources/ecc/rules/kotlin-security.md

@@ -0,0 +1,58 @@
+---
+description: "Kotlin security extending common rules"
+globs: ["**/*.kt", "**/*.kts", "**/build.gradle.kts"]
+alwaysApply: false
+---
+# Kotlin Security
+
+> This file extends the common security rule with Kotlin-specific content.
+
+## Secret Management
+
+```kotlin
+val apiKey = System.getenv("API_KEY")
+    ?: throw IllegalStateException("API_KEY not configured")
+```
+
+## SQL Injection Prevention
+
+Always use Exposed's parameterized queries:
+
+```kotlin
+// Good: Parameterized via Exposed DSL
+UsersTable.selectAll().where { UsersTable.email eq email }
+
+// Bad: String interpolation in raw SQL
+exec("SELECT * FROM users WHERE email = '$email'")
+```
+
+## Authentication
+
+Use Ktor's Auth plugin with JWT:
+
+```kotlin
+install(Authentication) {
+    jwt("jwt") {
+        verifier(
+            JWT.require(Algorithm.HMAC256(secret))
+                .withAudience(audience)
+                .withIssuer(issuer)
+                .build()
+        )
+        validate { credential ->
+            val payload = credential.payload
+            if (payload.audience.contains(audience) &&
+                payload.issuer == issuer &&
+                payload.subject != null) {
+                JWTPrincipal(payload)
+            } else {
+                null
+            }
+        }
+    }
+}
+```
+
+## Null Safety as Security
+
+Kotlin's type system prevents null-related vulnerabilities -- avoid `!!` to maintain this guarantee.

package/resources/ecc/rules/kotlin-testing.md

@@ -0,0 +1,38 @@
+---
+description: "Kotlin testing extending common rules"
+globs: ["**/*.kt", "**/*.kts", "**/build.gradle.kts"]
+alwaysApply: false
+---
+# Kotlin Testing
+
+> This file extends the common testing rule with Kotlin-specific content.
+
+## Framework
+
+Use **Kotest** with spec styles (StringSpec, FunSpec, BehaviorSpec) and **MockK** for mocking.
+
+## Coroutine Testing
+
+Use `runTest` from `kotlinx-coroutines-test`:
+
+```kotlin
+test("async operation completes") {
+    runTest {
+        val result = service.fetchData()
+        result.shouldNotBeEmpty()
+    }
+}
+```
+
+## Coverage
+
+Use **Kover** for coverage reporting:
+
+```bash
+./gradlew koverHtmlReport
+./gradlew koverVerify
+```
+
+## Reference
+
+See skill: `kotlin-testing` for detailed Kotest patterns, MockK usage, and property-based testing.

package/resources/ecc/rules/php-coding-style.md

@@ -0,0 +1,25 @@
+---
+description: "PHP coding style extending common rules"
+globs: ["**/*.php", "**/composer.json"]
+alwaysApply: false
+---
+# PHP Coding Style
+
+> This file extends the common coding style rule with PHP specific content.
+
+## Standards
+
+- Follow **PSR-12** formatting and naming conventions.
+- Prefer `declare(strict_types=1);` in application code.
+- Use scalar type hints, return types, and typed properties everywhere new code permits.
+
+## Immutability
+
+- Prefer immutable DTOs and value objects for data crossing service boundaries.
+- Use `readonly` properties or immutable constructors for request/response payloads where possible.
+- Keep arrays for simple maps; promote business-critical structures into explicit classes.
+
+## Formatting
+
+- Use **PHP-CS-Fixer** or **Laravel Pint** for formatting.
+- Use **PHPStan** or **Psalm** for static analysis.

package/resources/ecc/rules/php-hooks.md

@@ -0,0 +1,21 @@
+---
+description: "PHP hooks extending common rules"
+globs: ["**/*.php", "**/composer.json", "**/phpstan.neon", "**/phpstan.neon.dist", "**/psalm.xml"]
+alwaysApply: false
+---
+# PHP Hooks
+
+> This file extends the common hooks rule with PHP specific content.
+
+## PostToolUse Hooks
+
+Configure in `~/.claude/settings.json`:
+
+- **Pint / PHP-CS-Fixer**: Auto-format edited `.php` files.
+- **PHPStan / Psalm**: Run static analysis after PHP edits in typed codebases.
+- **PHPUnit / Pest**: Run targeted tests for touched files or modules when edits affect behavior.
+
+## Warnings
+
+- Warn on `var_dump`, `dd`, `dump`, or `die()` left in edited files.
+- Warn when edited PHP files add raw SQL or disable CSRF/session protections.

package/resources/ecc/rules/php-patterns.md

@@ -0,0 +1,23 @@
+---
+description: "PHP patterns extending common rules"
+globs: ["**/*.php", "**/composer.json"]
+alwaysApply: false
+---
+# PHP Patterns
+
+> This file extends the common patterns rule with PHP specific content.
+
+## Thin Controllers, Explicit Services
+
+- Keep controllers focused on transport: auth, validation, serialization, status codes.
+- Move business rules into application/domain services that are easy to test without HTTP bootstrapping.
+
+## DTOs and Value Objects
+
+- Replace shape-heavy associative arrays with DTOs for requests, commands, and external API payloads.
+- Use value objects for money, identifiers, and constrained concepts.
+
+## Dependency Injection
+
+- Depend on interfaces or narrow service contracts, not framework globals.
+- Pass collaborators through constructors so services are testable without service-locator lookups.

package/resources/ecc/rules/php-security.md

@@ -0,0 +1,24 @@
+---
+description: "PHP security extending common rules"
+globs: ["**/*.php", "**/composer.lock", "**/composer.json"]
+alwaysApply: false
+---
+# PHP Security
+
+> This file extends the common security rule with PHP specific content.
+
+## Database Safety
+
+- Use prepared statements (`PDO`, Doctrine, Eloquent query builder) for all dynamic queries.
+- Scope ORM mass-assignment carefully and whitelist writable fields.
+
+## Secrets and Dependencies
+
+- Load secrets from environment variables or a secret manager, never from committed config files.
+- Run `composer audit` in CI and review package trust before adding dependencies.
+
+## Auth and Session Safety
+
+- Use `password_hash()` / `password_verify()` for password storage.
+- Regenerate session identifiers after authentication and privilege changes.
+- Enforce CSRF protection on state-changing web requests.