create-skit 0.1.0

package/modules/ai-dx/module.json

@@ -0,0 +1,14 @@
+{
+  "name": "ai-dx",
+  "kind": "developer-experience",
+  "description": "Shared AI agent baseline: AGENTS.md and ARCHITECTURE.md for all tools.",
+  "dependsOn": ["quality-baseline"],
+  "conflictsWith": [],
+  "replaces": [],
+  "template": {
+    "copyFiles": [
+      "AGENTS.md",
+      "ARCHITECTURE.md"
+    ]
+  }
+}

package/modules/ai-dx-claude/files/CLAUDE.md

@@ -0,0 +1,8 @@
+@AGENTS.md
+
+## Claude Code
+
+- Use `/compact` when context gets long
+- Workflow: explore → plan → code → verify → commit
+- Run `pnpm typecheck && pnpm lint:fix` after every change set
+- Prefer reading existing code before generating — patterns are consistent

package/modules/ai-dx-claude/module.json

@@ -0,0 +1,13 @@
+{
+  "name": "ai-dx-claude",
+  "kind": "developer-experience",
+  "description": "Claude Code configuration: CLAUDE.md with project-specific workflow.",
+  "dependsOn": ["ai-dx"],
+  "conflictsWith": [],
+  "replaces": [],
+  "template": {
+    "copyFiles": [
+      "CLAUDE.md"
+    ]
+  }
+}

package/modules/ai-dx-cursor/files/.cursor/rules/auth.mdc

@@ -0,0 +1,53 @@
+---
+description: Better Auth patterns for authentication and session management
+globs: src/lib/auth*, src/app/sign-*/**
+alwaysApply: false
+---
+
+# Authentication (Better Auth)
+
+## Server-side Session
+
+```ts
+import { getSession } from "@/lib/auth-session";
+
+const session = await getSession();
+// session is { user, session } | null
+if (!session) {
+  redirect("/sign-in");
+}
+```
+
+## Client-side Auth
+
+```tsx
+"use client";
+
+import { authClient } from "@/lib/auth-client";
+
+// Sign in
+await authClient.signIn.email({ email, password });
+
+// Sign out
+await authClient.signOut();
+
+// Get session (client hook)
+const { data: session } = authClient.useSession();
+```
+
+## Config
+
+- Server config: `src/lib/auth.ts` (server-only, uses Drizzle adapter)
+- Client config: `src/lib/auth-client.ts`
+- Auth schema: `src/db/schema/auth.ts` (auto-generated via `pnpm auth:generate`)
+- API handler: `src/app/api/auth/[...all]/route.ts`
+
+## Route Protection
+
+`proxy.ts` checks for session cookies and redirects unauthenticated users. Protected routes are listed in the matcher config there.
+
+## Adding Social Providers
+
+1. Add provider config in `src/lib/auth.ts`
+2. Add env vars in `src/lib/env.ts`
+3. Add UI button in the auth form component

package/modules/ai-dx-cursor/files/.cursor/rules/database.mdc

@@ -0,0 +1,48 @@
+---
+description: Drizzle ORM database patterns and migration workflow
+globs: src/db/**
+alwaysApply: false
+---
+
+# Database (Drizzle ORM + PostgreSQL)
+
+## Connection
+
+`src/db/index.ts` exports `db`. It is `server-only` — never import in client components.
+
+## Schema
+
+Define tables in `src/db/schema/`, re-export from `src/db/schema/index.ts`.
+
+```ts
+import { pgTable, text, timestamp, uuid } from "drizzle-orm/pg-core";
+
+export const widgets = pgTable("widgets", {
+  id: uuid("id").primaryKey().defaultRandom(),
+  name: text("name").notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true }).defaultNow().notNull()
+});
+```
+
+## Queries
+
+```ts
+import { db } from "@/db";
+import { widgets } from "@/db/schema";
+import { eq } from "drizzle-orm";
+
+const all = await db.select().from(widgets);
+const one = await db.select().from(widgets).where(eq(widgets.id, id));
+await db.insert(widgets).values({ name: "New" });
+```
+
+## Migration Workflow
+
+1. Edit or create schema files
+2. `pnpm db:generate` — creates SQL migration
+3. `pnpm db:migrate` — applies to database
+4. `pnpm db:push` — alternative: push without migration files (dev only)
+
+## Seeds
+
+Add seed logic in `src/db/seeds/index.ts`, run with `pnpm db:seed`.

package/modules/ai-dx-cursor/files/.cursor/rules/env.mdc

@@ -0,0 +1,43 @@
+---
+description: Environment variable validation with Zod
+globs: src/lib/env.ts, .env*
+alwaysApply: false
+---
+
+# Environment Variables
+
+All env access goes through `src/lib/env.ts`. Direct `process.env` is banned by ESLint in every other file.
+
+## How It Works
+
+1. Zod schema validates every variable at runtime
+2. `readRequiredValue()` provides safe build-time defaults so `next build` succeeds without real secrets
+3. Lazy singleton — parsed once, cached
+4. Proxy export — `env.MY_VAR` reads lazily
+
+## Adding a New Variable
+
+1. Add Zod field to `envSchema`:
+   ```ts
+   MY_VAR: z.string().min(1).optional(),
+   ```
+
+2. Add to `parseEnv()`:
+   ```ts
+   MY_VAR: process.env.MY_VAR,
+   ```
+
+3. Add default to `.env.example`:
+   ```
+   MY_VAR=example_value
+   ```
+
+## Usage
+
+```ts
+import { env } from "@/lib/env";
+
+const url = env.DATABASE_URL;
+```
+
+Never do `process.env.DATABASE_URL` — ESLint will error.

package/modules/ai-dx-cursor/files/.cursor/rules/nextjs.mdc

@@ -0,0 +1,58 @@
+---
+description: Next.js App Router patterns and conventions
+globs: src/**/*.tsx, src/**/*.ts
+alwaysApply: false
+---
+
+# Next.js Patterns
+
+Read bundled docs at `node_modules/next/dist/docs/` before writing Next.js code.
+
+## Server Components (default)
+
+```tsx
+import { getSession } from "@/lib/auth-session";
+
+export default async function Page() {
+  const session = await getSession();
+  return <main>{/* render with session data */}</main>;
+}
+```
+
+## Client Components (opt-in)
+
+Only when hooks, event handlers, or browser APIs are needed:
+
+```tsx
+"use client";
+
+import { useState } from "react";
+
+export function Counter() {
+  const [count, setCount] = useState(0);
+  return <button onClick={() => setCount(count + 1)}>{count}</button>;
+}
+```
+
+## API Routes
+
+```tsx
+import { NextResponse } from "next/server";
+
+export async function POST(request: Request) {
+  const body = await request.json();
+  return NextResponse.json({ ok: true });
+}
+```
+
+## Route Protection
+
+`proxy.ts` handles auth redirects at the edge. To protect a new route, add it to both the condition and the matcher array in that file.
+
+## Metadata
+
+Use the `metadata` export in `layout.tsx` or `page.tsx`:
+
+```tsx
+export const metadata = { title: "Page Title" };
+```

package/modules/ai-dx-cursor/files/.cursor/rules/project.mdc

@@ -0,0 +1,33 @@
+---
+description: Project-wide conventions for this Launchframe-generated app
+globs:
+alwaysApply: true
+---
+
+# Project Conventions
+
+## Stack
+
+Next.js 16 · React 19 · TypeScript 5.9 (strict) · Drizzle ORM · Better Auth · Vitest · Playwright
+
+## Style
+
+- Double quotes, semicolons, no trailing commas, 88-char line width (Prettier)
+- `type` imports: `import { type Foo }` — enforced by ESLint
+- Path alias: `@/*` maps to `./src/*`
+- Import order: builtin → external → internal (`@/**`) → relative (enforced, auto-fixable)
+
+## Rules
+
+- Server components by default. Only add `"use client"` when hooks or browser APIs are required.
+- Keep route files (`page.tsx`) thin — delegate logic to `src/lib/`.
+- All env access goes through `src/lib/env.ts`. Direct `process.env` is banned by ESLint everywhere else.
+- Run `pnpm typecheck && pnpm lint:fix` after changes.
+
+## Where to Look
+
+- Routes: `src/app/`
+- Business logic: `src/lib/`
+- Database: `src/db/`
+- Tests: `src/**/*.test.{ts,tsx}` (unit), `tests/e2e/` (e2e)
+- Middleware: `proxy.ts`

package/modules/ai-dx-cursor/files/.cursor/rules/testing.mdc

@@ -0,0 +1,55 @@
+---
+description: Vitest unit tests and Playwright E2E test conventions
+globs: src/**/*.test.*, tests/**
+alwaysApply: false
+---
+
+# Testing
+
+## Unit Tests (Vitest)
+
+Location: `src/**/*.test.{ts,tsx}` — colocated next to the file they test.
+
+```ts
+import { describe, it, expect } from "vitest";
+
+describe("myFunction", () => {
+  it("returns expected value", () => {
+    expect(myFunction("input")).toBe("output");
+  });
+});
+```
+
+For React components, use `@testing-library/react`:
+
+```tsx
+import { render, screen } from "@testing-library/react";
+
+it("renders heading", () => {
+  render(<MyComponent />);
+  expect(screen.getByRole("heading")).toHaveTextContent("Title");
+});
+```
+
+Run: `pnpm test` (single run) or `pnpm test:watch` (watch mode).
+
+## E2E Tests (Playwright)
+
+Location: `tests/e2e/*.spec.ts`
+
+```ts
+import { test, expect } from "@playwright/test";
+
+test("home page loads", async ({ page }) => {
+  await page.goto("/");
+  await expect(page.getByRole("heading")).toBeVisible();
+});
+```
+
+Run: `pnpm test:e2e` (headless) or `pnpm test:e2e:headed` (with browser).
+
+Playwright auto-starts the dev server via `playwright.config.ts`.
+
+## Pre-commit
+
+The Husky pre-commit hook runs `pnpm lint-staged && pnpm typecheck`. Tests run on pre-push.

package/modules/ai-dx-cursor/module.json

@@ -0,0 +1,18 @@
+{
+  "name": "ai-dx-cursor",
+  "kind": "developer-experience",
+  "description": "Cursor IDE rules: modular .mdc files auto-activated by file pattern.",
+  "dependsOn": ["ai-dx"],
+  "conflictsWith": [],
+  "replaces": [],
+  "template": {
+    "copyFiles": [
+      ".cursor/rules/project.mdc",
+      ".cursor/rules/nextjs.mdc",
+      ".cursor/rules/database.mdc",
+      ".cursor/rules/auth.mdc",
+      ".cursor/rules/testing.mdc",
+      ".cursor/rules/env.mdc"
+    ]
+  }
+}

package/modules/ai-dx-gemini/files/.gemini/GEMINI.md

@@ -0,0 +1,5 @@
+# Gemini Code Assist
+
+Check for the presence of `AGENTS.md` in the project root for full project conventions, tech stack, commands, and code patterns.
+
+There is also an `ARCHITECTURE.md` with directory structure and request flow documentation.

package/modules/ai-dx-gemini/module.json

@@ -0,0 +1,13 @@
+{
+  "name": "ai-dx-gemini",
+  "kind": "developer-experience",
+  "description": "Gemini Code Assist configuration: .gemini/GEMINI.md pointing to shared AGENTS.md.",
+  "dependsOn": ["ai-dx"],
+  "conflictsWith": [],
+  "replaces": [],
+  "template": {
+    "copyFiles": [
+      ".gemini/GEMINI.md"
+    ]
+  }
+}

package/modules/auth-core/module.json

@@ -0,0 +1,8 @@
+{
+  "name": "auth-core",
+  "kind": "auth",
+  "description": "Better Auth baseline with protected routes and auth pages.",
+  "dependsOn": ["quality-baseline", "testing-baseline"],
+  "conflictsWith": [],
+  "replaces": []
+}

package/modules/auth-github/module.json

@@ -0,0 +1,20 @@
+{
+  "name": "auth-github",
+  "kind": "auth",
+  "description": "GitHub OAuth provider for Better Auth.",
+  "dependsOn": ["auth-core"],
+  "conflictsWith": [],
+  "replaces": [],
+  "template": {
+    "tokenReplacements": {
+      "__AUTH_PROVIDER_ENV_EXAMPLE__": "GITHUB_CLIENT_ID=github_oauth_client_id\nGITHUB_CLIENT_SECRET=github_oauth_client_secret",
+      "__AUTH_PROVIDER_ENV_SCHEMA__": "  GITHUB_CLIENT_ID: z.string().min(1).optional(),\n  GITHUB_CLIENT_SECRET: z.string().min(1).optional(),",
+      "__AUTH_PROVIDER_ENV_VALUES__": "    GITHUB_CLIENT_ID: process.env.GITHUB_CLIENT_ID,\n    GITHUB_CLIENT_SECRET: process.env.GITHUB_CLIENT_SECRET,",
+      "__AUTH_SOCIAL_PROVIDERS_BLOCK__": ",\n  socialProviders: {\n    github: {\n      clientId: env.GITHUB_CLIENT_ID ?? \"\",\n      clientSecret: env.GITHUB_CLIENT_SECRET ?? \"\"\n    }\n  }",
+      "__AUTH_SOCIAL_BUTTON_HANDLER__": "\n  async function handleGithubSignIn() {\n    setIsPending(true);\n    setError(null);\n\n    try {\n      const result = await authClient.signIn.social({\n        provider: \"github\",\n        callbackURL: \"/dashboard\"\n      });\n\n      if (result.error) {\n        setError(result.error.message ?? \"GitHub sign-in failed.\");\n      }\n    } catch {\n      setError(\"GitHub sign-in failed.\");\n    } finally {\n      setIsPending(false);\n    }\n  }\n",
+      "__AUTH_SOCIAL_BUTTON__": "\n      <div className=\"auth-separator\" aria-hidden=\"true\">\n        <span>or continue with</span>\n      </div>\n\n      <button\n        type=\"button\"\n        className=\"auth-social-button\"\n        onClick={() => {\n          void handleGithubSignIn();\n        }}\n        disabled={isPending}\n      >\n        {isPending ? \"Working...\" : \"Continue with GitHub\"}\n      </button>",
+      "__AUTH_SOCIAL_TEST_ASSERTION__": "\n    expect(screen.getByRole(\"button\", { name: /continue with github/i })).toBeTruthy();",
+      "__AUTH_LLMS_EXTRA__": ", GitHub OAuth"
+    }
+  }
+}

package/modules/billing-polar/module.json

@@ -0,0 +1,20 @@
+{
+  "name": "billing-polar",
+  "kind": "billing",
+  "description": "Polar billing provider integration.",
+  "dependsOn": ["auth-core"],
+  "conflictsWith": [],
+  "replaces": [],
+  "template": {
+    "billingProviders": ["polar"],
+    "billing": {
+      "imports": [
+        "import { PolarBillingProvider } from \"./providers/polar\";"
+      ],
+      "factories": [
+        "  polar: () => new PolarBillingProvider(),"
+      ],
+      "polarWebhookRouteBody": "  const provider = getBillingProvider(\"polar\");\n  const rawBody = await request.text();\n\n  await provider.handleWebhook({\n    headers: request.headers,\n    rawBody\n  });\n\n  return Response.json({ received: true });"
+    }
+  }
+}

package/modules/billing-stripe/module.json

@@ -0,0 +1,23 @@
+{
+  "name": "billing-stripe",
+  "kind": "billing",
+  "description": "Stripe billing provider integration.",
+  "dependsOn": ["auth-core"],
+  "conflictsWith": [],
+  "replaces": [],
+  "template": {
+    "billingProviders": ["stripe"],
+    "packageDependencies": [
+      "    \"stripe\": \"18.5.0\","
+    ],
+    "billing": {
+      "imports": [
+        "import { StripeBillingProvider } from \"./providers/stripe\";"
+      ],
+      "factories": [
+        "  stripe: () => new StripeBillingProvider(),"
+      ],
+      "stripeWebhookRouteBody": "  const provider = getBillingProvider(\"stripe\");\n  const rawBody = await request.text();\n\n  await provider.handleWebhook({\n    headers: request.headers,\n    rawBody\n  });\n\n  return Response.json({ received: true });"
+    }
+  }
+}