create-bashi-starter 1.0.0

package/template/.claude/project/RUN_POLICY.md

@@ -0,0 +1,59 @@
+# Run Policy
+
+> Defines execution boundaries for the orchestrator.
+
+---
+
+## Default Mode
+
+Semi-Autonomous
+
+---
+
+## Cycle Limits
+
+| Mode | Cycles per /run-project |
+|------|------------------------|
+| Safe | 0 (proposal only) |
+| Semi-Autonomous | 1 |
+| Autonomous | 5 |
+
+---
+
+## Stop Conditions
+
+The orchestrator must stop immediately if any of the following occur:
+
+1. The user says stop.
+2. The current task becomes Blocked.
+3. A single file modification exceeds 500 lines.
+4. The Next Task Queue becomes empty.
+5. A required artifact is missing and cannot be created safely.
+6. Consecutive failure limit reached (default 3).
+
+---
+
+## Circuit Breakers
+
+| Breaker | Default | Description |
+|---------|---------|-------------|
+| Consecutive Failure Limit | 3 | Stop if 3 tasks in a row are Blocked or rolled back. |
+
+---
+
+## Review Gates
+
+| Task Type | Review |
+|-----------|--------|
+| Frontend code | Orchestrator suggests code review after build tasks |
+| Planning | Orchestrator self-reviews task titles for clarity |
+
+---
+
+## Execution Rule
+
+After every cycle the orchestrator must:
+
+1. Update `.claude/project/STATE.md`
+2. Print an Execution Summary
+3. Evaluate stop conditions before starting the next cycle

package/template/.claude/project/STATE.md

@@ -0,0 +1,57 @@
+# Project State
+
+## Current Mode
+Semi-Autonomous
+
+### Mode Reference
+| Mode | Behavior |
+|------|----------|
+| **Safe** | No file modifications. Only propose actions and print what would happen. |
+| **Semi-Autonomous** | Execute one task, then pause for human review. (Default) |
+| **Autonomous** | Execute tasks continuously. Enforce verification gates. Stop after 5 tasks per run cycle. |
+
+## Current Phase
+Not Started
+
+## Active Task
+- ID: —
+- Description: —
+- Owner Agent: —
+- Started: —
+- Status: —
+
+## Definition of Done
+- [ ] (populated per task)
+
+## Inputs / Context Used
+- (none yet)
+
+## Outputs Produced
+- (none yet)
+
+## Files Modified (Last Task)
+- (none yet)
+
+## Blockers / Risks
+- (none)
+
+## Next Task Queue
+
+| # | Task | Priority | Skill |
+|---|------|----------|-------|
+| — | — | — | — |
+
+## Run Cycle
+- Current Cycle: 0
+- Max Cycles This Run: 1
+- Last Run Status: Idle
+- Consecutive Failures: 0
+- Run Type: Standard
+
+## Session Lock
+- Session Started: —
+- Last Activity: —
+- Checkpointed: No
+
+## Completed Tasks Log
+- (none yet)

package/template/.claude/project/knowledge/DECISIONS.md

@@ -0,0 +1,21 @@
+# Decisions Log
+
+> Architectural and design decisions for the project. Append-only. Never delete -- mark as Superseded.
+
+---
+
+## Entry Template
+
+```
+### DEC-XXXX: [Decision Title]
+
+- **Status:** Active | Superseded by DEC-XXXX
+- **Date:** YYYY-MM-DD
+- **Context:** [Why this decision was needed]
+- **Decision:** [What was decided]
+- **Consequences:** [What this means for the project]
+```
+
+---
+
+*(No decisions logged yet.)*

package/template/.claude/project/knowledge/GLOSSARY.md

@@ -0,0 +1,21 @@
+# Glossary
+
+> One definition per term, written for beginners. Used by all agents to keep language consistent.
+
+---
+
+- **Syntax Wall** -- The invisible barrier that has historically prevented people without programming skills from turning their ideas into software. AI lowers this wall but does not remove it entirely.
+
+- **Orchestrator** -- The person who coordinates the work. You direct AI agents through a structured workflow to build software.
+
+- **Agent** -- A specialized AI role designed to handle one type of task well. Examples: a builder agent that writes code, a reviewer agent that checks quality.
+
+- **Skill** -- A packaged workflow that bundles steps, review gates, and a definition of done into a single reusable operation.
+
+- **Event** -- A signal that something happened in the project. Events trigger follow-up actions automatically.
+
+- **State** -- The current snapshot of the project: what's done, what's in progress, what's next. Keeping state in a file prevents the system from losing track between sessions.
+
+- **SDLC** -- Software Development Life Cycle. The structured process for building software: plan, design, build, test, deploy, maintain.
+
+- **PRD** -- Product Requirements Document. A written description of what you want to build, who it's for, and what it should do.

package/template/.claude/project/knowledge/OPEN_QUESTIONS.md

@@ -0,0 +1,21 @@
+# Open Questions
+
+> Unresolved questions that affect future work. Update status when resolved.
+
+---
+
+## Entry Template
+
+```
+### OQ-XXXX: [Question]
+
+- **Date:** YYYY-MM-DD
+- **Source:** [Where this question came from]
+- **Context:** [Why it matters]
+- **Status:** Open | Resolved
+- **Resolution:** [Answer, if resolved]
+```
+
+---
+
+*(No open questions yet.)*

package/template/.claude/rules/context-policy.md

@@ -0,0 +1,47 @@
+# Context Conservation Policy
+
+> Prevent context window waste by keeping large artifacts in files, not chat.
+
+---
+
+## Rules
+
+### 1. Summarize, Don't Reproduce
+
+Reference file paths instead of echoing content.
+
+**Do:** "PRD written to `docs/PRD.md` with 5 user stories."
+**Don't:** Print the entire PRD in chat.
+
+### 2. Write Artifacts to Files
+
+| Artifact Type | Location |
+|---------------|----------|
+| Documentation | `docs/` |
+| Decisions | `.claude/project/knowledge/DECISIONS.md` |
+| Glossary terms | `.claude/project/knowledge/GLOSSARY.md` |
+| Open questions | `.claude/project/knowledge/OPEN_QUESTIONS.md` |
+| Task status | `.claude/project/STATE.md` |
+| Event records | `.claude/project/EVENTS.md` |
+
+### 3. Persist Decisions
+
+Every architectural or design decision must be written to DECISIONS.md. Decisions stated only in chat are at risk of loss.
+
+### 4. Update System State
+
+After every unit of work:
+- STATE.md -- update active task status, outputs, files modified
+- EVENTS.md -- update event processing status
+
+### 5. Chat Budget
+
+Chat output per task cycle should stay under 200 words. Include only:
+- Task completed (ID + one-line description)
+- Files changed (list of paths)
+- Decisions made (one-line each)
+- Next task (ID + one-line description)
+
+### 6. Lazy Context Loading
+
+Do not preemptively read all files. Load only what the current task requires.

package/template/.claude/rules/orchestration-routing.md

@@ -0,0 +1,39 @@
+# Orchestration Routing Rules
+
+> Maps task types to primary and review agents. Used when no skill trigger matches in REGISTRY.md.
+
+---
+
+## Task Routing Table
+
+| Task Type | Primary Agent | Review Agent | Notes |
+|-----------|--------------|--------------|-------|
+| Product Vision / Scope | orchestrator | -- | PRD creation (SKL-0004) |
+| Planning / Task Breakdown | orchestrator | -- | PRD to tasks (SKL-0003) |
+| UI / Frontend | builder | reviewer | Web UI components, pages, styling (SKL-0005) |
+| Deployment / Ship | builder | -- | Ship workflow (SKL-0021) |
+| Review / Quality | reviewer | -- | Code review (SKL-0016) |
+
+---
+
+## Recommended Workflow
+
+```
+/capture-idea --> /run-project (planning) --> /run-project (execution) --> /save
+```
+
+| Phase | Command | Purpose |
+|-------|---------|---------|
+| Idea capture | `/capture-idea` | Record the idea and emit IDEA_CAPTURED event |
+| Planning | `/run-project` | Process event, generate PRD, create task queue |
+| Execution | `/run-project` | Execute tasks from the queue (repeat as needed) |
+| Save | `/save` | Persist all progress for session continuity |
+
+---
+
+## Fallback Rule
+
+If a task type is not listed above:
+1. Assign to Orchestrator as primary.
+2. Log a warning: "No routing rule for task type."
+3. Proceed with best-effort execution.

package/template/.claude/rules/user-consent.md

@@ -0,0 +1,12 @@
+# User Consent for Choices
+
+> Never auto-select a value when the procedure says to ask the user.
+
+When a command procedure includes a choice:
+
+1. Present the options exactly as listed.
+2. **STOP and wait for the user's answer.** Do not continue. Do not write files. Do not say "For now I'll proceed with..."
+3. Never infer, assume, or pre-fill a selection.
+4. **Recommending is fine. Proceeding is not.** You may say "I'd recommend X because..." but you must end with the question and wait.
+
+**Exception:** If the procedure explicitly allows inference, inference is permitted. This rule only applies when the procedure says to ask.

package/template/.claude/settings.json

@@ -0,0 +1,51 @@
+{
+  "permissions": {
+    "allow": [
+      "Read",
+      "Edit",
+      "Write",
+      "Bash",
+      "Glob",
+      "Grep"
+    ],
+    "deny": [
+      "Bash(git push --force*)",
+      "Bash(git reset --hard*)",
+      "Bash(rm -rf*)",
+      "Bash(DROP TABLE*)"
+    ]
+  },
+  "hooks": {
+    "SessionStart": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/session-start.sh"
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/pre-bash-firewall.sh \"$TOOL_INPUT\""
+          }
+        ]
+      },
+      {
+        "matcher": "Write|Edit|MultiEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/pre-write-secrets-scan.sh \"$TOOL_INPUT\""
+          }
+        ]
+      }
+    ]
+  }
+}

package/template/.claude/skills/REGISTRY.md

@@ -0,0 +1,23 @@
+# Skills Registry
+
+> Skills are discovered automatically from SKILL.md files in subfolders.
+
+---
+
+## Skills Index
+
+| Skill ID | Name | Version | Owner | Folder | Triggers |
+|----------|------|---------|-------|--------|----------|
+| SKL-0001 | Plan From Idea | 1.0 | orchestrator | `.claude/skills/plan-from-idea/` | IDEA_CAPTURED |
+| SKL-0003 | PRD to Tasks | 1.0 | orchestrator | `.claude/skills/prd-to-tasks/` | PRD_UPDATED |
+| SKL-0004 | PRD Writing | 2.0 | orchestrator | `.claude/skills/prd-writing/` | PRD_CREATION_REQUESTED |
+| SKL-0005 | Frontend Development | 2.0 | builder | `.claude/skills/frontend-dev/` | FRONTEND_TASK_READY |
+| SKL-0016 | Code Review | 2.0 | reviewer | `.claude/skills/code-review/` | CODE_REVIEW_REQUESTED |
+| SKL-0021 | Deployment & Ship | 3.0 | builder | `.claude/skills/deployment/` | DEPLOYMENT_REQUESTED, SHIP_REQUESTED |
+
+---
+
+## Stats
+
+- **Skills:** 6
+- **Last Refreshed:** 2026-04-04

package/template/.claude/skills/code-review/SKILL.md

@@ -0,0 +1,251 @@
+---
+id: SKL-0016
+name: Code Review
+description: |
+  Review code for correctness, maintainability, and best practices. Uses a
+  structured two-pass review (CRITICAL then INFORMATIONAL) with interactive
+  issue resolution. Includes scope challenge, failure mode analysis, and
+  TODOS.md cross-reference. Use this skill when a code review is requested
+  on new or modified code.
+version: 2.0
+owner: reviewer
+triggers:
+  - CODE_REVIEW_REQUESTED
+inputs:
+  - Target files (from active task or event)
+  - .claude/project/STATE.md
+  - .claude/project/knowledge/DECISIONS.md
+  - TODOS.md (if exists)
+  - Existing project source files
+outputs:
+  - Review summary (CRITICAL / INFORMATIONAL findings)
+  - Verdict (APPROVED / NEEDS WORK)
+  - .claude/project/STATE.md (updated)
+tags:
+  - review
+  - quality
+  - code
+---
+
+# Skill: Code Review
+
+## Metadata
+
+| Field | Value |
+|-------|-------|
+| **Skill ID** | SKL-0016 |
+| **Version** | 2.0 |
+| **Owner** | reviewer |
+| **Inputs** | Target files, STATE.md, DECISIONS.md, TODOS.md |
+| **Outputs** | Review summary, verdict, STATE.md updated |
+| **Triggers** | `CODE_REVIEW_REQUESTED` |
+
+---
+
+## Purpose
+
+Review code for quality, security, and correctness using a structured two-pass approach. Read-only analysis by default --- only modifies files if the user explicitly chooses to fix an issue. Produces actionable findings categorized by severity.
+
+---
+
+## Cognitive Mode
+
+**Paranoid Staff Engineer.** You are looking for the bugs that pass CI, the security holes that look like features, the edge cases that only surface in production at 2am. Be thorough. Be skeptical. Be kind in delivery.
+
+---
+
+## Procedure
+
+### Step 0 --- Scope Challenge
+
+Before reviewing any code, answer these questions:
+
+1. **What changed?** Get the diff: `git diff origin/main --stat` and `git diff origin/main` for the full diff. If reviewing specific files rather than a branch diff, read those files.
+2. **What existing code already handles this concern?** Check if the new code duplicates existing patterns. Flag any unnecessary rebuilding.
+3. **Read DECISIONS.md** --- understand naming patterns, architecture choices, and conventions the code should follow.
+4. **Read TODOS.md** (if exists) --- does this change address any open TODOs? Does it create work that should become a TODO?
+
+---
+
+### Step 1 --- Review Checklist
+
+Apply the following checklist categories during the review. Items listed under "DO NOT Flag" in DECISIONS.md (if any) should be skipped.
+
+**Security:**
+- No hardcoded secrets, API keys, or credentials
+- No SQL injection, XSS, or command injection vectors
+- Input validation on all user-provided data
+- Authentication and authorization checks in place
+- Sensitive data not logged or exposed in error messages
+
+**Data Safety:**
+- Database operations use transactions where needed
+- No silent data loss (deletes, overwrites without confirmation)
+- Migrations are reversible
+- Backup/rollback path exists for destructive operations
+
+**Code Quality:**
+- Functions do one thing and are named clearly
+- No dead code or commented-out blocks
+- Error handling is explicit (no swallowed exceptions)
+- Dependencies are necessary and up to date
+- No duplicated logic that should be extracted
+
+**Testing:**
+- New code paths have corresponding tests
+- Edge cases are covered (null, empty, boundary values)
+- Tests are deterministic (no flaky reliance on timing or external state)
+
+**Performance:**
+- No N+1 queries or unbounded loops
+- Large data sets are paginated
+- Expensive operations are cached or debounced where appropriate
+
+---
+
+### Step 2 --- Read the Full Diff
+
+Read the complete diff before making any comments. This prevents flagging issues that are already addressed elsewhere in the same change.
+
+---
+
+### Step 3 --- Two-Pass Review
+
+Apply the checklist against the diff in two passes:
+
+#### Pass 1 --- CRITICAL (Must Fix)
+- Security vulnerabilities
+- Data safety issues
+- Trust boundary violations
+
+For each CRITICAL finding:
+- State the problem: `file:line` + one-line description
+- Explain the risk: what could go wrong in production
+- Recommend a fix: specific, actionable
+
+#### Pass 2 --- INFORMATIONAL (Should Fix / Consider)
+- Logic & edge cases
+- Code quality
+- Consistency
+- Test gaps
+- Performance
+
+For each INFORMATIONAL finding:
+- State the problem: `file:line` + one-line description
+- Suggest improvement: one-line recommendation
+
+**Be terse.** One line problem, one line fix. No preamble.
+
+---
+
+### Step 4 --- Failure Mode Analysis
+
+For each new codepath introduced in the diff:
+
+1. Describe one realistic way it could fail in production (timeout, null reference, race condition, stale data, etc.)
+2. Check whether:
+   - A test covers that failure
+   - Error handling exists for it
+   - The user would see a clear error or a silent failure
+
+If any failure mode has **no test AND no error handling AND would be silent**, flag it as a **CRITICAL GAP**.
+
+---
+
+### Step 5 --- Output Findings
+
+**Always output ALL findings** --- both critical and informational.
+
+Format the output as:
+
+```
+## Code Review: [N] issues ([X] critical, [Y] informational)
+
+### CRITICAL
+1. [file:line] --- [problem] -> [fix]
+2. ...
+
+### INFORMATIONAL
+1. [file:line] --- [problem] -> [suggestion]
+2. ...
+
+### Failure Modes
+[codepath] --- [failure scenario] --- [covered? / gap?]
+
+### TODOS Cross-Reference
+- Addresses: [TODO items this change completes]
+- Creates: [new work that should become a TODO]
+```
+
+**If CRITICAL issues found:** For EACH critical issue, present it individually with:
+- The problem and recommended fix
+- Options: A) Fix it now, B) Acknowledge and proceed, C) False positive --- skip
+- If the user chooses A (fix), apply the fix. This is the ONLY case where this skill modifies files.
+
+**If only informational issues found:** Output findings. No further action needed.
+
+**If no issues found:** Output `Code Review: No issues found.`
+
+---
+
+### Step 6 --- Unresolved Decisions
+
+If any critical issue was presented but the user did not respond or interrupted, list it under "Unresolved decisions that may surface later." Never silently default.
+
+---
+
+### Step 7 --- Issue Verdict
+
+- Default verdict is **NEEDS WORK**. The code must earn approval.
+- To issue **APPROVED**, cite evidence for each:
+  - Zero CRITICAL issues (or all fixed/acknowledged)
+  - Code works per requirements
+  - Edge cases handled
+  - All Definition of Done items satisfied
+- If any item lacks evidence, verdict remains **NEEDS WORK** with specific, actionable feedback.
+
+---
+
+### Step 8 --- Update STATE.md
+
+Write review summary and verdict to STATE.md.
+
+---
+
+## Constraints
+
+- Read-only by default --- only modifies files if user explicitly chooses "Fix it now"
+- Never approves code without actually reading it
+- Always reads the full diff before commenting --- do not flag issues already addressed in the diff
+- Never commits, pushes, or creates PRs --- review only
+- Respect suppressions --- do not flag items listed in the suppressions section of DECISIONS.md
+
+---
+
+## Primary Agent
+
+reviewer
+
+---
+
+## Definition of Done
+
+- [ ] Scope challenge completed (Step 0)
+- [ ] Checklist applied
+- [ ] Full diff read before any comments
+- [ ] Pass 1 (CRITICAL) completed
+- [ ] Pass 2 (INFORMATIONAL) completed
+- [ ] Failure mode analysis completed
+- [ ] TODOS.md cross-referenced (if exists)
+- [ ] All findings categorized and output
+- [ ] Critical issues presented individually for user decision
+- [ ] Verdict issued with evidence
+- [ ] STATE.md updated with review summary
+
+## Output Contract
+
+| Field | Value |
+|-------|-------|
+| **Artifacts** | Review summary with verdict (`APPROVED` or `NEEDS WORK`), categorized findings (CRITICAL / INFORMATIONAL) |
+| **State Update** | `.claude/project/STATE.md` --- mark task complete, log files modified |
+| **Handoff Event** | `TASK_COMPLETED` or `REWORK_REQUESTED` (depends on verdict) |