create-xani-agentic-app 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (563) hide show
  1. package/README.md +237 -0
  2. package/index.js +219 -0
  3. package/package.json +46 -0
  4. package/template/.agents/skills/ai-sdk/SKILL.md +78 -0
  5. package/template/.agents/skills/ai-sdk/references/ai-gateway.md +66 -0
  6. package/template/.agents/skills/ai-sdk/references/common-errors.md +443 -0
  7. package/template/.agents/skills/ai-sdk/references/devtools.md +52 -0
  8. package/template/.agents/skills/ai-sdk/references/type-safe-agents.md +204 -0
  9. package/template/.agents/skills/better-auth-best-practices/SKILL.md +175 -0
  10. package/template/.agents/skills/checkpoint/SKILL.md +82 -0
  11. package/template/.agents/skills/create-spec/SKILL.md +132 -0
  12. package/template/.agents/skills/create-spec/references/action-required-template.md +53 -0
  13. package/template/.agents/skills/create-spec/references/readme-template.md +53 -0
  14. package/template/.agents/skills/create-spec/references/requirements-template.md +54 -0
  15. package/template/.agents/skills/create-spec/references/task-template.md +79 -0
  16. package/template/.agents/skills/find-skills/SKILL.md +142 -0
  17. package/template/.agents/skills/frontend-design/LICENSE.txt +177 -0
  18. package/template/.agents/skills/frontend-design/SKILL.md +42 -0
  19. package/template/.agents/skills/implement-feature/SKILL.md +189 -0
  20. package/template/.agents/skills/implement-feature/references/coder-prompt-template.md +46 -0
  21. package/template/.agents/skills/implement-feature/references/fix-prompt-template.md +38 -0
  22. package/template/.agents/skills/implement-feature/references/review-prompt-template.md +50 -0
  23. package/template/.agents/skills/mcp-builder/LICENSE.txt +202 -0
  24. package/template/.agents/skills/mcp-builder/SKILL.md +236 -0
  25. package/template/.agents/skills/mcp-builder/reference/evaluation.md +602 -0
  26. package/template/.agents/skills/mcp-builder/reference/mcp_best_practices.md +249 -0
  27. package/template/.agents/skills/mcp-builder/reference/node_mcp_server.md +970 -0
  28. package/template/.agents/skills/mcp-builder/reference/python_mcp_server.md +719 -0
  29. package/template/.agents/skills/mcp-builder/scripts/connections.py +151 -0
  30. package/template/.agents/skills/mcp-builder/scripts/evaluation.py +373 -0
  31. package/template/.agents/skills/mcp-builder/scripts/example_evaluation.xml +22 -0
  32. package/template/.agents/skills/mcp-builder/scripts/requirements.txt +2 -0
  33. package/template/.agents/skills/nextjs/SKILL.md +434 -0
  34. package/template/.agents/skills/nextjs/overlay.yaml +284 -0
  35. package/template/.agents/skills/nextjs/references/app-router-files.md +94 -0
  36. package/template/.agents/skills/nextjs/references/async-patterns.md +87 -0
  37. package/template/.agents/skills/nextjs/references/bundling.md +180 -0
  38. package/template/.agents/skills/nextjs/references/data-patterns.md +297 -0
  39. package/template/.agents/skills/nextjs/references/debug-tricks.md +105 -0
  40. package/template/.agents/skills/nextjs/references/directives.md +73 -0
  41. package/template/.agents/skills/nextjs/references/error-handling.md +227 -0
  42. package/template/.agents/skills/nextjs/references/file-conventions.md +140 -0
  43. package/template/.agents/skills/nextjs/references/font.md +245 -0
  44. package/template/.agents/skills/nextjs/references/functions.md +108 -0
  45. package/template/.agents/skills/nextjs/references/hydration-error.md +91 -0
  46. package/template/.agents/skills/nextjs/references/image.md +173 -0
  47. package/template/.agents/skills/nextjs/references/metadata.md +301 -0
  48. package/template/.agents/skills/nextjs/references/parallel-routes.md +287 -0
  49. package/template/.agents/skills/nextjs/references/route-handlers.md +146 -0
  50. package/template/.agents/skills/nextjs/references/rsc-boundaries.md +159 -0
  51. package/template/.agents/skills/nextjs/references/runtime-selection.md +39 -0
  52. package/template/.agents/skills/nextjs/references/scripts.md +141 -0
  53. package/template/.agents/skills/nextjs/references/self-hosting.md +371 -0
  54. package/template/.agents/skills/nextjs/references/suspense-boundaries.md +67 -0
  55. package/template/.agents/skills/nextjs/upstream/SKILL.md +153 -0
  56. package/template/.agents/skills/nextjs/upstream/references/app-router-files.md +94 -0
  57. package/template/.agents/skills/nextjs/upstream/references/async-patterns.md +87 -0
  58. package/template/.agents/skills/nextjs/upstream/references/bundling.md +180 -0
  59. package/template/.agents/skills/nextjs/upstream/references/data-patterns.md +297 -0
  60. package/template/.agents/skills/nextjs/upstream/references/debug-tricks.md +105 -0
  61. package/template/.agents/skills/nextjs/upstream/references/directives.md +73 -0
  62. package/template/.agents/skills/nextjs/upstream/references/error-handling.md +227 -0
  63. package/template/.agents/skills/nextjs/upstream/references/file-conventions.md +140 -0
  64. package/template/.agents/skills/nextjs/upstream/references/font.md +245 -0
  65. package/template/.agents/skills/nextjs/upstream/references/functions.md +108 -0
  66. package/template/.agents/skills/nextjs/upstream/references/hydration-error.md +91 -0
  67. package/template/.agents/skills/nextjs/upstream/references/image.md +173 -0
  68. package/template/.agents/skills/nextjs/upstream/references/metadata.md +301 -0
  69. package/template/.agents/skills/nextjs/upstream/references/parallel-routes.md +287 -0
  70. package/template/.agents/skills/nextjs/upstream/references/route-handlers.md +146 -0
  71. package/template/.agents/skills/nextjs/upstream/references/rsc-boundaries.md +159 -0
  72. package/template/.agents/skills/nextjs/upstream/references/runtime-selection.md +39 -0
  73. package/template/.agents/skills/nextjs/upstream/references/scripts.md +141 -0
  74. package/template/.agents/skills/nextjs/upstream/references/self-hosting.md +371 -0
  75. package/template/.agents/skills/nextjs/upstream/references/suspense-boundaries.md +67 -0
  76. package/template/.agents/skills/playwright-cli/SKILL.md +344 -0
  77. package/template/.agents/skills/playwright-cli/references/element-attributes.md +23 -0
  78. package/template/.agents/skills/playwright-cli/references/playwright-tests.md +39 -0
  79. package/template/.agents/skills/playwright-cli/references/request-mocking.md +87 -0
  80. package/template/.agents/skills/playwright-cli/references/running-code.md +231 -0
  81. package/template/.agents/skills/playwright-cli/references/session-management.md +169 -0
  82. package/template/.agents/skills/playwright-cli/references/storage-state.md +275 -0
  83. package/template/.agents/skills/playwright-cli/references/test-generation.md +88 -0
  84. package/template/.agents/skills/playwright-cli/references/tracing.md +139 -0
  85. package/template/.agents/skills/playwright-cli/references/video-recording.md +143 -0
  86. package/template/.agents/skills/review-pr/SKILL.md +97 -0
  87. package/template/.agents/skills/security-scanner/SKILL.md +157 -0
  88. package/template/.agents/skills/security-scanner/references/A01-broken-access-control.md +136 -0
  89. package/template/.agents/skills/security-scanner/references/A02-security-misconfiguration.md +130 -0
  90. package/template/.agents/skills/security-scanner/references/A03-software-supply-chain-failures.md +117 -0
  91. package/template/.agents/skills/security-scanner/references/A04-cryptographic-failures.md +141 -0
  92. package/template/.agents/skills/security-scanner/references/A05-injection.md +155 -0
  93. package/template/.agents/skills/security-scanner/references/A06-insecure-design.md +145 -0
  94. package/template/.agents/skills/security-scanner/references/A07-authentication-failures.md +150 -0
  95. package/template/.agents/skills/security-scanner/references/A08-software-data-integrity-failures.md +132 -0
  96. package/template/.agents/skills/security-scanner/references/A09-security-logging-alerting-failures.md +130 -0
  97. package/template/.agents/skills/security-scanner/references/A10-mishandling-exceptional-conditions.md +154 -0
  98. package/template/.agents/skills/security-scanner/references/report-template.md +148 -0
  99. package/template/.agents/skills/shadcn/SKILL.md +246 -0
  100. package/template/.agents/skills/shadcn/agents/openai.yml +5 -0
  101. package/template/.agents/skills/shadcn/assets/shadcn-small.png +0 -0
  102. package/template/.agents/skills/shadcn/assets/shadcn.png +0 -0
  103. package/template/.agents/skills/shadcn/cli.md +276 -0
  104. package/template/.agents/skills/shadcn/customization.md +209 -0
  105. package/template/.agents/skills/shadcn/evals/evals.json +47 -0
  106. package/template/.agents/skills/shadcn/mcp.md +94 -0
  107. package/template/.agents/skills/shadcn/rules/base-vs-radix.md +306 -0
  108. package/template/.agents/skills/shadcn/rules/composition.md +195 -0
  109. package/template/.agents/skills/shadcn/rules/forms.md +192 -0
  110. package/template/.agents/skills/shadcn/rules/icons.md +101 -0
  111. package/template/.agents/skills/shadcn/rules/styling.md +162 -0
  112. package/template/.agents/skills/ship-it/SKILL.md +174 -0
  113. package/template/.agents/skills/skill-creator/LICENSE.txt +202 -0
  114. package/template/.agents/skills/skill-creator/SKILL.md +485 -0
  115. package/template/.agents/skills/skill-creator/agents/analyzer.md +274 -0
  116. package/template/.agents/skills/skill-creator/agents/comparator.md +202 -0
  117. package/template/.agents/skills/skill-creator/agents/grader.md +223 -0
  118. package/template/.agents/skills/skill-creator/assets/eval_review.html +146 -0
  119. package/template/.agents/skills/skill-creator/eval-viewer/generate_review.py +471 -0
  120. package/template/.agents/skills/skill-creator/eval-viewer/viewer.html +1325 -0
  121. package/template/.agents/skills/skill-creator/references/schemas.md +430 -0
  122. package/template/.agents/skills/skill-creator/scripts/__init__.py +0 -0
  123. package/template/.agents/skills/skill-creator/scripts/aggregate_benchmark.py +401 -0
  124. package/template/.agents/skills/skill-creator/scripts/generate_report.py +326 -0
  125. package/template/.agents/skills/skill-creator/scripts/improve_description.py +247 -0
  126. package/template/.agents/skills/skill-creator/scripts/package_skill.py +136 -0
  127. package/template/.agents/skills/skill-creator/scripts/quick_validate.py +103 -0
  128. package/template/.agents/skills/skill-creator/scripts/run_eval.py +310 -0
  129. package/template/.agents/skills/skill-creator/scripts/run_loop.py +328 -0
  130. package/template/.agents/skills/skill-creator/scripts/utils.py +47 -0
  131. package/template/.agents/skills/vercel-react-best-practices/AGENTS.md +3750 -0
  132. package/template/.agents/skills/vercel-react-best-practices/README.md +123 -0
  133. package/template/.agents/skills/vercel-react-best-practices/SKILL.md +148 -0
  134. package/template/.agents/skills/vercel-react-best-practices/rules/_sections.md +46 -0
  135. package/template/.agents/skills/vercel-react-best-practices/rules/_template.md +28 -0
  136. package/template/.agents/skills/vercel-react-best-practices/rules/advanced-effect-event-deps.md +56 -0
  137. package/template/.agents/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -0
  138. package/template/.agents/skills/vercel-react-best-practices/rules/advanced-init-once.md +42 -0
  139. package/template/.agents/skills/vercel-react-best-practices/rules/advanced-use-latest.md +39 -0
  140. package/template/.agents/skills/vercel-react-best-practices/rules/async-api-routes.md +38 -0
  141. package/template/.agents/skills/vercel-react-best-practices/rules/async-cheap-condition-before-await.md +37 -0
  142. package/template/.agents/skills/vercel-react-best-practices/rules/async-defer-await.md +82 -0
  143. package/template/.agents/skills/vercel-react-best-practices/rules/async-dependencies.md +51 -0
  144. package/template/.agents/skills/vercel-react-best-practices/rules/async-parallel.md +28 -0
  145. package/template/.agents/skills/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -0
  146. package/template/.agents/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md +60 -0
  147. package/template/.agents/skills/vercel-react-best-practices/rules/bundle-conditional.md +31 -0
  148. package/template/.agents/skills/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -0
  149. package/template/.agents/skills/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -0
  150. package/template/.agents/skills/vercel-react-best-practices/rules/bundle-preload.md +50 -0
  151. package/template/.agents/skills/vercel-react-best-practices/rules/client-event-listeners.md +74 -0
  152. package/template/.agents/skills/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -0
  153. package/template/.agents/skills/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -0
  154. package/template/.agents/skills/vercel-react-best-practices/rules/client-swr-dedup.md +56 -0
  155. package/template/.agents/skills/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -0
  156. package/template/.agents/skills/vercel-react-best-practices/rules/js-cache-function-results.md +80 -0
  157. package/template/.agents/skills/vercel-react-best-practices/rules/js-cache-property-access.md +28 -0
  158. package/template/.agents/skills/vercel-react-best-practices/rules/js-cache-storage.md +70 -0
  159. package/template/.agents/skills/vercel-react-best-practices/rules/js-combine-iterations.md +32 -0
  160. package/template/.agents/skills/vercel-react-best-practices/rules/js-early-exit.md +50 -0
  161. package/template/.agents/skills/vercel-react-best-practices/rules/js-flatmap-filter.md +60 -0
  162. package/template/.agents/skills/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -0
  163. package/template/.agents/skills/vercel-react-best-practices/rules/js-index-maps.md +37 -0
  164. package/template/.agents/skills/vercel-react-best-practices/rules/js-length-check-first.md +49 -0
  165. package/template/.agents/skills/vercel-react-best-practices/rules/js-min-max-loop.md +82 -0
  166. package/template/.agents/skills/vercel-react-best-practices/rules/js-request-idle-callback.md +105 -0
  167. package/template/.agents/skills/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -0
  168. package/template/.agents/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -0
  169. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-activity.md +26 -0
  170. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
  171. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -0
  172. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -0
  173. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -0
  174. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
  175. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -0
  176. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-resource-hints.md +85 -0
  177. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-script-defer-async.md +68 -0
  178. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -0
  179. package/template/.agents/skills/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -0
  180. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -0
  181. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-dependencies.md +45 -0
  182. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -0
  183. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-derived-state.md +29 -0
  184. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -0
  185. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -0
  186. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -0
  187. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-memo.md +44 -0
  188. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -0
  189. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-no-inline-components.md +82 -0
  190. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -0
  191. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-split-combined-hooks.md +64 -0
  192. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-transitions.md +40 -0
  193. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-use-deferred-value.md +59 -0
  194. package/template/.agents/skills/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -0
  195. package/template/.agents/skills/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -0
  196. package/template/.agents/skills/vercel-react-best-practices/rules/server-auth-actions.md +96 -0
  197. package/template/.agents/skills/vercel-react-best-practices/rules/server-cache-lru.md +41 -0
  198. package/template/.agents/skills/vercel-react-best-practices/rules/server-cache-react.md +76 -0
  199. package/template/.agents/skills/vercel-react-best-practices/rules/server-dedup-props.md +65 -0
  200. package/template/.agents/skills/vercel-react-best-practices/rules/server-hoist-static-io.md +149 -0
  201. package/template/.agents/skills/vercel-react-best-practices/rules/server-no-shared-module-state.md +50 -0
  202. package/template/.agents/skills/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -0
  203. package/template/.agents/skills/vercel-react-best-practices/rules/server-parallel-nested-fetching.md +34 -0
  204. package/template/.agents/skills/vercel-react-best-practices/rules/server-serialization.md +38 -0
  205. package/template/.agents/skills/web-design-guidelines/SKILL.md +39 -0
  206. package/template/.claude/agents/better-auth-expert.md +189 -0
  207. package/template/.claude/agents/code-review.md +147 -0
  208. package/template/.claude/agents/coder.md +139 -0
  209. package/template/.claude/agents/deep-dive.md +133 -0
  210. package/template/.claude/agents/polar-payments-expert.md +140 -0
  211. package/template/.claude/agents/security-scanner.md +214 -0
  212. package/template/.claude/settings.local.json +15 -0
  213. package/template/.claude/skills/ai-sdk/SKILL.md +78 -0
  214. package/template/.claude/skills/ai-sdk/references/ai-gateway.md +66 -0
  215. package/template/.claude/skills/ai-sdk/references/common-errors.md +443 -0
  216. package/template/.claude/skills/ai-sdk/references/devtools.md +52 -0
  217. package/template/.claude/skills/ai-sdk/references/type-safe-agents.md +204 -0
  218. package/template/.claude/skills/better-auth-best-practices/SKILL.md +175 -0
  219. package/template/.claude/skills/caveman/SKILL.md +49 -0
  220. package/template/.claude/skills/checkpoint/SKILL.md +82 -0
  221. package/template/.claude/skills/create-spec/SKILL.md +132 -0
  222. package/template/.claude/skills/create-spec/references/action-required-template.md +53 -0
  223. package/template/.claude/skills/create-spec/references/readme-template.md +53 -0
  224. package/template/.claude/skills/create-spec/references/requirements-template.md +54 -0
  225. package/template/.claude/skills/create-spec/references/task-template.md +79 -0
  226. package/template/.claude/skills/d3-visualization/SKILL.md +62 -0
  227. package/template/.claude/skills/find-skills/SKILL.md +142 -0
  228. package/template/.claude/skills/frontend-design/LICENSE.txt +177 -0
  229. package/template/.claude/skills/frontend-design/SKILL.md +42 -0
  230. package/template/.claude/skills/grill-me/SKILL.md +10 -0
  231. package/template/.claude/skills/grill-with-docs/ADR-FORMAT.md +47 -0
  232. package/template/.claude/skills/grill-with-docs/CONTEXT-FORMAT.md +63 -0
  233. package/template/.claude/skills/grill-with-docs/SKILL.md +88 -0
  234. package/template/.claude/skills/gsap-core/SKILL.md +267 -0
  235. package/template/.claude/skills/implement-feature/SKILL.md +189 -0
  236. package/template/.claude/skills/implement-feature/references/coder-prompt-template.md +46 -0
  237. package/template/.claude/skills/implement-feature/references/fix-prompt-template.md +38 -0
  238. package/template/.claude/skills/implement-feature/references/review-prompt-template.md +50 -0
  239. package/template/.claude/skills/mcp-builder/LICENSE.txt +202 -0
  240. package/template/.claude/skills/mcp-builder/SKILL.md +236 -0
  241. package/template/.claude/skills/mcp-builder/reference/evaluation.md +602 -0
  242. package/template/.claude/skills/mcp-builder/reference/mcp_best_practices.md +249 -0
  243. package/template/.claude/skills/mcp-builder/reference/node_mcp_server.md +970 -0
  244. package/template/.claude/skills/mcp-builder/reference/python_mcp_server.md +719 -0
  245. package/template/.claude/skills/mcp-builder/scripts/connections.py +151 -0
  246. package/template/.claude/skills/mcp-builder/scripts/evaluation.py +373 -0
  247. package/template/.claude/skills/mcp-builder/scripts/example_evaluation.xml +22 -0
  248. package/template/.claude/skills/mcp-builder/scripts/requirements.txt +2 -0
  249. package/template/.claude/skills/nextjs/SKILL.md +434 -0
  250. package/template/.claude/skills/nextjs/overlay.yaml +284 -0
  251. package/template/.claude/skills/nextjs/references/app-router-files.md +94 -0
  252. package/template/.claude/skills/nextjs/references/async-patterns.md +87 -0
  253. package/template/.claude/skills/nextjs/references/bundling.md +180 -0
  254. package/template/.claude/skills/nextjs/references/data-patterns.md +297 -0
  255. package/template/.claude/skills/nextjs/references/debug-tricks.md +105 -0
  256. package/template/.claude/skills/nextjs/references/directives.md +73 -0
  257. package/template/.claude/skills/nextjs/references/error-handling.md +227 -0
  258. package/template/.claude/skills/nextjs/references/file-conventions.md +140 -0
  259. package/template/.claude/skills/nextjs/references/font.md +245 -0
  260. package/template/.claude/skills/nextjs/references/functions.md +108 -0
  261. package/template/.claude/skills/nextjs/references/hydration-error.md +91 -0
  262. package/template/.claude/skills/nextjs/references/image.md +173 -0
  263. package/template/.claude/skills/nextjs/references/metadata.md +301 -0
  264. package/template/.claude/skills/nextjs/references/parallel-routes.md +287 -0
  265. package/template/.claude/skills/nextjs/references/route-handlers.md +146 -0
  266. package/template/.claude/skills/nextjs/references/rsc-boundaries.md +159 -0
  267. package/template/.claude/skills/nextjs/references/runtime-selection.md +39 -0
  268. package/template/.claude/skills/nextjs/references/scripts.md +141 -0
  269. package/template/.claude/skills/nextjs/references/self-hosting.md +371 -0
  270. package/template/.claude/skills/nextjs/references/suspense-boundaries.md +67 -0
  271. package/template/.claude/skills/nextjs/upstream/SKILL.md +153 -0
  272. package/template/.claude/skills/nextjs/upstream/references/app-router-files.md +94 -0
  273. package/template/.claude/skills/nextjs/upstream/references/async-patterns.md +87 -0
  274. package/template/.claude/skills/nextjs/upstream/references/bundling.md +180 -0
  275. package/template/.claude/skills/nextjs/upstream/references/data-patterns.md +297 -0
  276. package/template/.claude/skills/nextjs/upstream/references/debug-tricks.md +105 -0
  277. package/template/.claude/skills/nextjs/upstream/references/directives.md +73 -0
  278. package/template/.claude/skills/nextjs/upstream/references/error-handling.md +227 -0
  279. package/template/.claude/skills/nextjs/upstream/references/file-conventions.md +140 -0
  280. package/template/.claude/skills/nextjs/upstream/references/font.md +245 -0
  281. package/template/.claude/skills/nextjs/upstream/references/functions.md +108 -0
  282. package/template/.claude/skills/nextjs/upstream/references/hydration-error.md +91 -0
  283. package/template/.claude/skills/nextjs/upstream/references/image.md +173 -0
  284. package/template/.claude/skills/nextjs/upstream/references/metadata.md +301 -0
  285. package/template/.claude/skills/nextjs/upstream/references/parallel-routes.md +287 -0
  286. package/template/.claude/skills/nextjs/upstream/references/route-handlers.md +146 -0
  287. package/template/.claude/skills/nextjs/upstream/references/rsc-boundaries.md +159 -0
  288. package/template/.claude/skills/nextjs/upstream/references/runtime-selection.md +39 -0
  289. package/template/.claude/skills/nextjs/upstream/references/scripts.md +141 -0
  290. package/template/.claude/skills/nextjs/upstream/references/self-hosting.md +371 -0
  291. package/template/.claude/skills/nextjs/upstream/references/suspense-boundaries.md +67 -0
  292. package/template/.claude/skills/playwright-cli/SKILL.md +344 -0
  293. package/template/.claude/skills/playwright-cli/references/element-attributes.md +23 -0
  294. package/template/.claude/skills/playwright-cli/references/playwright-tests.md +39 -0
  295. package/template/.claude/skills/playwright-cli/references/request-mocking.md +87 -0
  296. package/template/.claude/skills/playwright-cli/references/running-code.md +231 -0
  297. package/template/.claude/skills/playwright-cli/references/session-management.md +169 -0
  298. package/template/.claude/skills/playwright-cli/references/storage-state.md +275 -0
  299. package/template/.claude/skills/playwright-cli/references/test-generation.md +88 -0
  300. package/template/.claude/skills/playwright-cli/references/tracing.md +139 -0
  301. package/template/.claude/skills/playwright-cli/references/video-recording.md +143 -0
  302. package/template/.claude/skills/react-three-fiber/SKILL.md +180 -0
  303. package/template/.claude/skills/remotion/SKILL.md +43 -0
  304. package/template/.claude/skills/review-pr/SKILL.md +97 -0
  305. package/template/.claude/skills/security-scanner/SKILL.md +157 -0
  306. package/template/.claude/skills/security-scanner/references/A01-broken-access-control.md +136 -0
  307. package/template/.claude/skills/security-scanner/references/A02-security-misconfiguration.md +130 -0
  308. package/template/.claude/skills/security-scanner/references/A03-software-supply-chain-failures.md +117 -0
  309. package/template/.claude/skills/security-scanner/references/A04-cryptographic-failures.md +141 -0
  310. package/template/.claude/skills/security-scanner/references/A05-injection.md +155 -0
  311. package/template/.claude/skills/security-scanner/references/A06-insecure-design.md +145 -0
  312. package/template/.claude/skills/security-scanner/references/A07-authentication-failures.md +150 -0
  313. package/template/.claude/skills/security-scanner/references/A08-software-data-integrity-failures.md +132 -0
  314. package/template/.claude/skills/security-scanner/references/A09-security-logging-alerting-failures.md +130 -0
  315. package/template/.claude/skills/security-scanner/references/A10-mishandling-exceptional-conditions.md +154 -0
  316. package/template/.claude/skills/security-scanner/references/report-template.md +148 -0
  317. package/template/.claude/skills/shadcn/SKILL.md +246 -0
  318. package/template/.claude/skills/shadcn/agents/openai.yml +5 -0
  319. package/template/.claude/skills/shadcn/assets/shadcn-small.png +0 -0
  320. package/template/.claude/skills/shadcn/assets/shadcn.png +0 -0
  321. package/template/.claude/skills/shadcn/cli.md +276 -0
  322. package/template/.claude/skills/shadcn/customization.md +209 -0
  323. package/template/.claude/skills/shadcn/evals/evals.json +47 -0
  324. package/template/.claude/skills/shadcn/mcp.md +94 -0
  325. package/template/.claude/skills/shadcn/rules/base-vs-radix.md +306 -0
  326. package/template/.claude/skills/shadcn/rules/composition.md +195 -0
  327. package/template/.claude/skills/shadcn/rules/forms.md +192 -0
  328. package/template/.claude/skills/shadcn/rules/icons.md +101 -0
  329. package/template/.claude/skills/shadcn/rules/styling.md +162 -0
  330. package/template/.claude/skills/ship-it/SKILL.md +174 -0
  331. package/template/.claude/skills/skill-creator/LICENSE.txt +202 -0
  332. package/template/.claude/skills/skill-creator/SKILL.md +485 -0
  333. package/template/.claude/skills/skill-creator/agents/analyzer.md +274 -0
  334. package/template/.claude/skills/skill-creator/agents/comparator.md +202 -0
  335. package/template/.claude/skills/skill-creator/agents/grader.md +223 -0
  336. package/template/.claude/skills/skill-creator/assets/eval_review.html +146 -0
  337. package/template/.claude/skills/skill-creator/eval-viewer/generate_review.py +471 -0
  338. package/template/.claude/skills/skill-creator/eval-viewer/viewer.html +1325 -0
  339. package/template/.claude/skills/skill-creator/references/schemas.md +430 -0
  340. package/template/.claude/skills/skill-creator/scripts/__init__.py +0 -0
  341. package/template/.claude/skills/skill-creator/scripts/aggregate_benchmark.py +401 -0
  342. package/template/.claude/skills/skill-creator/scripts/generate_report.py +326 -0
  343. package/template/.claude/skills/skill-creator/scripts/improve_description.py +247 -0
  344. package/template/.claude/skills/skill-creator/scripts/package_skill.py +136 -0
  345. package/template/.claude/skills/skill-creator/scripts/quick_validate.py +103 -0
  346. package/template/.claude/skills/skill-creator/scripts/run_eval.py +310 -0
  347. package/template/.claude/skills/skill-creator/scripts/run_loop.py +328 -0
  348. package/template/.claude/skills/skill-creator/scripts/utils.py +47 -0
  349. package/template/.claude/skills/svelte/SKILL.md +284 -0
  350. package/template/.claude/skills/tdd/SKILL.md +109 -0
  351. package/template/.claude/skills/tdd/deep-modules.md +33 -0
  352. package/template/.claude/skills/tdd/interface-design.md +31 -0
  353. package/template/.claude/skills/tdd/mocking.md +59 -0
  354. package/template/.claude/skills/tdd/refactoring.md +10 -0
  355. package/template/.claude/skills/tdd/tests.md +61 -0
  356. package/template/.claude/skills/threejs/SKILL.md +43 -0
  357. package/template/.claude/skills/to-issues/SKILL.md +83 -0
  358. package/template/.claude/skills/to-prd/SKILL.md +76 -0
  359. package/template/.claude/skills/vercel-react-best-practices/AGENTS.md +3750 -0
  360. package/template/.claude/skills/vercel-react-best-practices/README.md +123 -0
  361. package/template/.claude/skills/vercel-react-best-practices/SKILL.md +148 -0
  362. package/template/.claude/skills/vercel-react-best-practices/rules/_sections.md +46 -0
  363. package/template/.claude/skills/vercel-react-best-practices/rules/_template.md +28 -0
  364. package/template/.claude/skills/vercel-react-best-practices/rules/advanced-effect-event-deps.md +56 -0
  365. package/template/.claude/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md +55 -0
  366. package/template/.claude/skills/vercel-react-best-practices/rules/advanced-init-once.md +42 -0
  367. package/template/.claude/skills/vercel-react-best-practices/rules/advanced-use-latest.md +39 -0
  368. package/template/.claude/skills/vercel-react-best-practices/rules/async-api-routes.md +38 -0
  369. package/template/.claude/skills/vercel-react-best-practices/rules/async-cheap-condition-before-await.md +37 -0
  370. package/template/.claude/skills/vercel-react-best-practices/rules/async-defer-await.md +82 -0
  371. package/template/.claude/skills/vercel-react-best-practices/rules/async-dependencies.md +51 -0
  372. package/template/.claude/skills/vercel-react-best-practices/rules/async-parallel.md +28 -0
  373. package/template/.claude/skills/vercel-react-best-practices/rules/async-suspense-boundaries.md +99 -0
  374. package/template/.claude/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md +60 -0
  375. package/template/.claude/skills/vercel-react-best-practices/rules/bundle-conditional.md +31 -0
  376. package/template/.claude/skills/vercel-react-best-practices/rules/bundle-defer-third-party.md +49 -0
  377. package/template/.claude/skills/vercel-react-best-practices/rules/bundle-dynamic-imports.md +35 -0
  378. package/template/.claude/skills/vercel-react-best-practices/rules/bundle-preload.md +50 -0
  379. package/template/.claude/skills/vercel-react-best-practices/rules/client-event-listeners.md +74 -0
  380. package/template/.claude/skills/vercel-react-best-practices/rules/client-localstorage-schema.md +71 -0
  381. package/template/.claude/skills/vercel-react-best-practices/rules/client-passive-event-listeners.md +48 -0
  382. package/template/.claude/skills/vercel-react-best-practices/rules/client-swr-dedup.md +56 -0
  383. package/template/.claude/skills/vercel-react-best-practices/rules/js-batch-dom-css.md +107 -0
  384. package/template/.claude/skills/vercel-react-best-practices/rules/js-cache-function-results.md +80 -0
  385. package/template/.claude/skills/vercel-react-best-practices/rules/js-cache-property-access.md +28 -0
  386. package/template/.claude/skills/vercel-react-best-practices/rules/js-cache-storage.md +70 -0
  387. package/template/.claude/skills/vercel-react-best-practices/rules/js-combine-iterations.md +32 -0
  388. package/template/.claude/skills/vercel-react-best-practices/rules/js-early-exit.md +50 -0
  389. package/template/.claude/skills/vercel-react-best-practices/rules/js-flatmap-filter.md +60 -0
  390. package/template/.claude/skills/vercel-react-best-practices/rules/js-hoist-regexp.md +45 -0
  391. package/template/.claude/skills/vercel-react-best-practices/rules/js-index-maps.md +37 -0
  392. package/template/.claude/skills/vercel-react-best-practices/rules/js-length-check-first.md +49 -0
  393. package/template/.claude/skills/vercel-react-best-practices/rules/js-min-max-loop.md +82 -0
  394. package/template/.claude/skills/vercel-react-best-practices/rules/js-request-idle-callback.md +105 -0
  395. package/template/.claude/skills/vercel-react-best-practices/rules/js-set-map-lookups.md +24 -0
  396. package/template/.claude/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md +57 -0
  397. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-activity.md +26 -0
  398. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
  399. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-conditional-render.md +40 -0
  400. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-content-visibility.md +38 -0
  401. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md +46 -0
  402. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
  403. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -0
  404. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-resource-hints.md +85 -0
  405. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-script-defer-async.md +68 -0
  406. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-svg-precision.md +28 -0
  407. package/template/.claude/skills/vercel-react-best-practices/rules/rendering-usetransition-loading.md +75 -0
  408. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-defer-reads.md +39 -0
  409. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-dependencies.md +45 -0
  410. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-derived-state-no-effect.md +40 -0
  411. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-derived-state.md +29 -0
  412. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md +74 -0
  413. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md +58 -0
  414. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-memo-with-default-value.md +38 -0
  415. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-memo.md +44 -0
  416. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-move-effect-to-event.md +45 -0
  417. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-no-inline-components.md +82 -0
  418. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -0
  419. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-split-combined-hooks.md +64 -0
  420. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-transitions.md +40 -0
  421. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-use-deferred-value.md +59 -0
  422. package/template/.claude/skills/vercel-react-best-practices/rules/rerender-use-ref-transient-values.md +73 -0
  423. package/template/.claude/skills/vercel-react-best-practices/rules/server-after-nonblocking.md +73 -0
  424. package/template/.claude/skills/vercel-react-best-practices/rules/server-auth-actions.md +96 -0
  425. package/template/.claude/skills/vercel-react-best-practices/rules/server-cache-lru.md +41 -0
  426. package/template/.claude/skills/vercel-react-best-practices/rules/server-cache-react.md +76 -0
  427. package/template/.claude/skills/vercel-react-best-practices/rules/server-dedup-props.md +65 -0
  428. package/template/.claude/skills/vercel-react-best-practices/rules/server-hoist-static-io.md +149 -0
  429. package/template/.claude/skills/vercel-react-best-practices/rules/server-no-shared-module-state.md +50 -0
  430. package/template/.claude/skills/vercel-react-best-practices/rules/server-parallel-fetching.md +83 -0
  431. package/template/.claude/skills/vercel-react-best-practices/rules/server-parallel-nested-fetching.md +34 -0
  432. package/template/.claude/skills/vercel-react-best-practices/rules/server-serialization.md +38 -0
  433. package/template/.claude/skills/video-downloader/SKILL.md +42 -0
  434. package/template/.claude/skills/web-design-guidelines/SKILL.md +39 -0
  435. package/template/.claude/skills/webgpu-threejs-tsl/REFERENCE.md +371 -0
  436. package/template/.claude/skills/webgpu-threejs-tsl/SKILL.md +93 -0
  437. package/template/.claude/skills/webgpu-threejs-tsl/docs/compute-shaders.md +578 -0
  438. package/template/.claude/skills/webgpu-threejs-tsl/docs/core-concepts.md +497 -0
  439. package/template/.claude/skills/webgpu-threejs-tsl/docs/device-loss.md +359 -0
  440. package/template/.claude/skills/webgpu-threejs-tsl/docs/limits-and-features.md +133 -0
  441. package/template/.claude/skills/webgpu-threejs-tsl/docs/materials.md +353 -0
  442. package/template/.claude/skills/webgpu-threejs-tsl/docs/post-processing.md +515 -0
  443. package/template/.claude/skills/webgpu-threejs-tsl/docs/wgsl-integration.md +324 -0
  444. package/template/.claude/skills/webgpu-threejs-tsl/examples/basic-setup.js +87 -0
  445. package/template/.claude/skills/webgpu-threejs-tsl/examples/custom-material.js +170 -0
  446. package/template/.claude/skills/webgpu-threejs-tsl/examples/earth-shader.js +292 -0
  447. package/template/.claude/skills/webgpu-threejs-tsl/examples/particle-system.js +259 -0
  448. package/template/.claude/skills/webgpu-threejs-tsl/examples/post-processing.js +199 -0
  449. package/template/.claude/skills/webgpu-threejs-tsl/templates/compute-shader.js +343 -0
  450. package/template/.claude/skills/webgpu-threejs-tsl/templates/webgpu-project.js +276 -0
  451. package/template/.claude/skills/zoom-out/SKILL.md +7 -0
  452. package/template/.mcp.json +5 -0
  453. package/template/.nvmrc +1 -0
  454. package/template/.prettierignore +25 -0
  455. package/template/.prettierrc +11 -0
  456. package/template/.vscode/settings.json +1 -0
  457. package/template/.vscode/tasks.json.example +85 -0
  458. package/template/AGENTS.md +37 -0
  459. package/template/CLAUDE.md +75 -0
  460. package/template/CONTEXT.md +29 -0
  461. package/template/DESIGN.md +451 -0
  462. package/template/README.md +394 -0
  463. package/template/_gitignore +48 -0
  464. package/template/components.json +21 -0
  465. package/template/docker-compose.yml +9 -0
  466. package/template/docs/business/starter-prompt.md +94 -0
  467. package/template/docs/technical/ai/streaming.md +520 -0
  468. package/template/docs/technical/ai/structured-data.md +409 -0
  469. package/template/docs/technical/betterauth/polar.md +476 -0
  470. package/template/docs/technical/react-markdown.md +123 -0
  471. package/template/drizzle/0000_chilly_the_phantom.sql +50 -0
  472. package/template/drizzle/0001_last_warpath.sql +5 -0
  473. package/template/drizzle/meta/0000_snapshot.json +326 -0
  474. package/template/drizzle/meta/0001_snapshot.json +410 -0
  475. package/template/drizzle/meta/_journal.json +20 -0
  476. package/template/drizzle.config.ts +10 -0
  477. package/template/env.example +26 -0
  478. package/template/eslint.config.mjs +75 -0
  479. package/template/next-env.d.ts +6 -0
  480. package/template/next.config.ts +57 -0
  481. package/template/package.json +79 -0
  482. package/template/postcss.config.mjs +5 -0
  483. package/template/public/file.svg +1 -0
  484. package/template/public/globe.svg +1 -0
  485. package/template/public/next.svg +1 -0
  486. package/template/public/vercel.svg +1 -0
  487. package/template/public/window.svg +1 -0
  488. package/template/scripts/setup.ts +277 -0
  489. package/template/skills-lock.json +61 -0
  490. package/template/specs/ui-polish-responsive/README.md +59 -0
  491. package/template/specs/ui-polish-responsive/action-required.md +3 -0
  492. package/template/specs/ui-polish-responsive/requirements.md +53 -0
  493. package/template/specs/ui-polish-responsive/tasks/task-01-globals-css.md +144 -0
  494. package/template/specs/ui-polish-responsive/tasks/task-02-layout.md +66 -0
  495. package/template/specs/ui-polish-responsive/tasks/task-03-site-header.md +79 -0
  496. package/template/specs/ui-polish-responsive/tasks/task-04-site-footer.md +63 -0
  497. package/template/specs/ui-polish-responsive/tasks/task-05-home-page.md +215 -0
  498. package/template/specs/ui-polish-responsive/tasks/task-06-dashboard.md +222 -0
  499. package/template/specs/ui-polish-responsive/tasks/task-07-chat-page.md +225 -0
  500. package/template/specs/ui-polish-responsive/tasks/task-08-profile-page.md +192 -0
  501. package/template/specs/ui-polish-responsive/tasks/task-09-auth-pages.md +97 -0
  502. package/template/specs/ui-polish-responsive/tasks/task-10-setup-checklist.md +120 -0
  503. package/template/specs/ui-polish-responsive/tasks/task-11-starter-prompt-modal.md +87 -0
  504. package/template/src/app/(auth)/forgot-password/page.tsx +35 -0
  505. package/template/src/app/(auth)/layout.tsx +7 -0
  506. package/template/src/app/(auth)/login/page.tsx +44 -0
  507. package/template/src/app/(auth)/register/page.tsx +33 -0
  508. package/template/src/app/(auth)/reset-password/page.tsx +36 -0
  509. package/template/src/app/api/auth/[...all]/route.ts +4 -0
  510. package/template/src/app/api/chat/route.ts +80 -0
  511. package/template/src/app/api/diagnostics/route.ts +162 -0
  512. package/template/src/app/chat/error.tsx +46 -0
  513. package/template/src/app/chat/loading.tsx +42 -0
  514. package/template/src/app/chat/page.tsx +348 -0
  515. package/template/src/app/dashboard/loading.tsx +63 -0
  516. package/template/src/app/dashboard/page.tsx +79 -0
  517. package/template/src/app/error.tsx +44 -0
  518. package/template/src/app/favicon.ico +0 -0
  519. package/template/src/app/globals.css +175 -0
  520. package/template/src/app/layout.tsx +108 -0
  521. package/template/src/app/manifest.ts +21 -0
  522. package/template/src/app/not-found.tsx +28 -0
  523. package/template/src/app/page.tsx +152 -0
  524. package/template/src/app/profile/page.tsx +416 -0
  525. package/template/src/app/robots.ts +16 -0
  526. package/template/src/app/sitemap.ts +26 -0
  527. package/template/src/components/auth/forgot-password-form.tsx +83 -0
  528. package/template/src/components/auth/reset-password-form.tsx +107 -0
  529. package/template/src/components/auth/sign-in-button.tsx +97 -0
  530. package/template/src/components/auth/sign-out-button.tsx +31 -0
  531. package/template/src/components/auth/sign-up-form.tsx +121 -0
  532. package/template/src/components/auth/user-profile.tsx +91 -0
  533. package/template/src/components/setup-checklist.tsx +180 -0
  534. package/template/src/components/site-footer.tsx +24 -0
  535. package/template/src/components/site-header.tsx +46 -0
  536. package/template/src/components/starter-prompt-modal.tsx +202 -0
  537. package/template/src/components/theme-provider.tsx +11 -0
  538. package/template/src/components/ui/avatar.tsx +52 -0
  539. package/template/src/components/ui/badge.tsx +35 -0
  540. package/template/src/components/ui/button.tsx +58 -0
  541. package/template/src/components/ui/card.tsx +78 -0
  542. package/template/src/components/ui/dialog.tsx +142 -0
  543. package/template/src/components/ui/dropdown-menu.tsx +256 -0
  544. package/template/src/components/ui/github-stars.tsx +53 -0
  545. package/template/src/components/ui/input.tsx +20 -0
  546. package/template/src/components/ui/label.tsx +23 -0
  547. package/template/src/components/ui/mode-toggle.tsx +38 -0
  548. package/template/src/components/ui/separator.tsx +23 -0
  549. package/template/src/components/ui/skeleton.tsx +13 -0
  550. package/template/src/components/ui/sonner.tsx +42 -0
  551. package/template/src/components/ui/spinner.tsx +21 -0
  552. package/template/src/components/ui/textarea.tsx +17 -0
  553. package/template/src/hooks/use-diagnostics.ts +86 -0
  554. package/template/src/lib/auth-client.ts +16 -0
  555. package/template/src/lib/auth.ts +25 -0
  556. package/template/src/lib/db.ts +12 -0
  557. package/template/src/lib/env.ts +117 -0
  558. package/template/src/lib/schema.ts +82 -0
  559. package/template/src/lib/session.ts +48 -0
  560. package/template/src/lib/storage.ts +225 -0
  561. package/template/src/lib/utils.ts +6 -0
  562. package/template/src/proxy.ts +25 -0
  563. package/template/tsconfig.json +48 -0
package/template/.agents/skills/security-scanner/references/A10-mishandling-exceptional-conditions.md ADDED
@@ -0,0 +1,154 @@
1
+ # A10:2025 — Mishandling of Exceptional Conditions
2
+
3
+ ## Overview
4
+
5
+ Mishandling of Exceptional Conditions is #10 in OWASP Top 10:2025 — a newly introduced category. It covers 24 CWEs with 769,581 total occurrences and 3,416 CVEs. This category addresses deficiencies in error management: programs that fail to prevent, detect, or respond to unusual and unpredictable situations. These failures threaten confidentiality (info disclosure), availability (denial of service), and integrity (data corruption).
6
+
7
+ ## Key CWEs
8
+
9
+ - **CWE-209**: Generation of Error Message Containing Sensitive Information
10
+ - **CWE-234**: Failure to Handle Missing Parameter
11
+ - **CWE-274**: Improper Handling of Insufficient Privileges
12
+ - **CWE-280**: Improper Handling of Insufficient Permissions
13
+ - **CWE-476**: NULL Pointer Dereference
14
+ - **CWE-636**: Not Failing Securely (Fail-Open)
15
+ - **CWE-252**: Unchecked Return Value
16
+ - **CWE-754**: Improper Check for Unusual or Exceptional Conditions
17
+ - **CWE-755**: Improper Handling of Exceptional Conditions
18
+
19
+ ## What to Look For
20
+
21
+ ### General Patterns
22
+ - Empty catch blocks that swallow errors silently
23
+ - Generic error handling that hides root causes
24
+ - Missing error handling on async operations (unhandled promise rejections)
25
+ - Error responses that expose stack traces, SQL queries, or internal paths to users
26
+ - Fail-open patterns: errors cause the system to grant access instead of denying it
27
+ - Unchecked return values from security-critical functions
28
+ - Missing error handling on file I/O, network calls, database operations
29
+ - Partial transaction failures without rollback
30
+ - Resource leaks when exceptions occur (file handles, DB connections, memory)
31
+ - Missing global/unhandled exception handlers
32
+ - Inconsistent error handling across the application
33
+
34
+ ### Grep Patterns
35
+
36
+ ```
37
+ # Empty catch blocks
38
+ catch\s*\([^)]*\)\s*\{\s*\}|catch\s*\(\s*\)\s*:|except\s*:.*pass
39
+ catch.*\{\s*\/\/|catch.*\{\s*\n\s*\}
40
+
41
+ # Stack trace / internal info exposure
42
+ err\.stack|error\.stack|e\.getStackTrace|traceback
43
+ err\.message|error\.message|e\.getMessage
44
+ res\.json.*err|response.*stack|render.*error
45
+
46
+ # Fail-open patterns
47
+ catch.*return true|catch.*allow|catch.*grant|catch.*next\(\)
48
+ catch.*continue|on_error.*pass|rescue.*true
49
+
50
+ # Unhandled async
51
+ \.then\((?!.*\.catch)|async.*(?!try)
52
+ unhandledRejection|uncaughtException
53
+
54
+ # Unchecked returns
55
+ =\s*(await\s+)?.*\(.*\)\s*;?\s*$(?!.*if|.*\?|.*throw|.*return)
56
+
57
+ # Resource cleanup
58
+ finally|dispose|close|cleanup|release
59
+ try.*open|try.*connect|try.*acquire
60
+ ```
61
+
62
+ ### JavaScript / TypeScript / Node.js
63
+ - `catch (e) {}` — empty catch block, error silently swallowed
64
+ - `catch (e) { return res.json({ error: e.message, stack: e.stack }) }` — info disclosure
65
+ - Missing `.catch()` on Promises or missing try/catch around `await`
66
+ - Express error middleware missing or exposing internals
67
+ - `process.on('uncaughtException')` handler missing
68
+ - Database/file operations without try/catch in async handlers
69
+
70
+ ### Python (Django/Flask)
71
+ - `except: pass` or `except Exception: pass` — swallowing all errors
72
+ - `traceback.format_exc()` returned in HTTP response
73
+ - Missing `finally` blocks for resource cleanup
74
+ - Django `DEBUG = True` in production exposing full tracebacks
75
+
76
+ ### Java (Spring)
77
+ - Empty catch blocks: `catch (Exception e) {}`
78
+ - `e.printStackTrace()` in production code
79
+ - Missing `@ControllerAdvice` global exception handler
80
+ - `@ExceptionHandler` returning `e.getMessage()` to client
81
+
82
+ ## Prevention Measures
83
+
84
+ 1. Catch and handle errors at their point of origin with meaningful responses
85
+ 2. Provide user-friendly error messages — never expose internal details
86
+ 3. Log all errors with sufficient context for debugging
87
+ 4. Use global exception handlers as a safety net for unhandled errors
88
+ 5. Roll back transactions completely on failure — no partial state
89
+ 6. Apply rate limiting and resource quotas to prevent resource exhaustion
90
+ 7. Implement proper resource cleanup in `finally` blocks
91
+ 8. Default to deny (fail-closed) — never grant access on error
92
+ 9. Conduct stress testing and penetration testing to find edge cases
93
+ 10. Aggregate repeated identical errors as statistics to prevent log flooding
94
+
95
+ ## Example Attack Scenarios
96
+
97
+ **Scenario 1 — Denial of Service:** File upload exception leaves resources unreleased. Repeated uploads exhaust system resources, causing downtime until restart.
98
+
99
+ **Scenario 2 — Information Disclosure:** Database error message exposes table names, column names, and query structure. Attacker uses this to craft targeted SQL injection attacks.
100
+
101
+ **Scenario 3 — Financial Transaction Compromise:** Network interruption during multi-step transfer. Missing rollback allows attacker to drain accounts or create duplicate transfers.
102
+
103
+ ## Fix Examples
104
+
105
+ **Before (empty catch + info disclosure):**
106
+ ```typescript
107
+ try {
108
+ const results = db.all(query);
109
+ return Response.json(results);
110
+ } catch (e) {
111
+ return Response.json({ error: e.message, sql: query, stack: e.stack });
112
+ }
113
+ ```
114
+
115
+ **After (proper error handling):**
116
+ ```typescript
117
+ try {
118
+ const results = db.all(query);
119
+ return Response.json(results);
120
+ } catch (e) {
121
+ logger.error('Database query failed', { error: e.message, query, stack: e.stack });
122
+ return Response.json({ error: 'An internal error occurred' }, { status: 500 });
123
+ }
124
+ ```
125
+
126
+ **Before (fail-open):**
127
+ ```typescript
128
+ try {
129
+ const isAuthorized = await checkPermission(user, resource);
130
+ if (!isAuthorized) return deny();
131
+ } catch (e) {
132
+ // Auth service is down, let them through
133
+ }
134
+ return allow();
135
+ ```
136
+
137
+ **After (fail-closed):**
138
+ ```typescript
139
+ try {
140
+ const isAuthorized = await checkPermission(user, resource);
141
+ if (!isAuthorized) return deny();
142
+ return allow();
143
+ } catch (e) {
144
+ logger.error('Authorization check failed', { user: user.id, resource, error: e.message });
145
+ return deny(); // Default to deny on error
146
+ }
147
+ ```
148
+
149
+ ## References
150
+
151
+ - [OWASP A10:2025](https://owasp.org/Top10/2025/A10_2025-Mishandling_of_Exceptional_Conditions/)
152
+ - OWASP Error Handling Cheat Sheet
153
+ - OWASP Logging Cheat Sheet
154
+ - OWASP ASVS V16.5 Error Handling
package/template/.agents/skills/security-scanner/references/report-template.md ADDED
@@ -0,0 +1,148 @@
1
+ # Security Audit Report
2
+
3
+ **Project:** [PROJECT_NAME]
4
+ **Date:** [YYYY-MM-DD]
5
+ **Auditor:** Claude Code Security Scanner
6
+ **Framework:** OWASP Top 10:2025
7
+ **Scope:** [LIST_OF_DIRECTORIES_AND_FILES_ANALYZED]
8
+ **Technology Stack:** [LANGUAGES_FRAMEWORKS_DETECTED]
9
+
10
+ ---
11
+
12
+ ## Executive Summary
13
+
14
+ [2-3 paragraph overview: what was analyzed, key risk areas found, overall risk posture, most urgent items to address]
15
+
16
+ **Overall Risk Score:** [SCORE] ([Low/Moderate/High/Critical] Risk)
17
+
18
+ | Severity | Count |
19
+ |----------|-------|
20
+ | Critical | [X] |
21
+ | High | [X] |
22
+ | Medium | [X] |
23
+ | Low | [X] |
24
+ | Info | [X] |
25
+ | **Total**| **[X]** |
26
+
27
+ ---
28
+
29
+ ## Findings
30
+
31
+ ### A01:2025 — Broken Access Control
32
+
33
+ [If findings exist, list each one using the format below. If no findings, write: "No issues identified. Checked: [list what was checked]."]
34
+
35
+ #### [SEVERITY] [Finding Title]
36
+ - **File:** `[path/to/file.ext]`
37
+ - **Line(s):** [XX-YY]
38
+ - **CWE:** [CWE-XXX: Name]
39
+ - **Description:** [What the vulnerability is and why it matters]
40
+ - **Evidence:**
41
+ ```[language]
42
+ // vulnerable code snippet from the actual codebase
43
+ ```
44
+ - **Recommendation:**
45
+ ```[language]
46
+ // fixed code snippet showing the remediation
47
+ ```
48
+
49
+ ---
50
+
51
+ ### A02:2025 — Security Misconfiguration
52
+
53
+ [Same format as above]
54
+
55
+ ---
56
+
57
+ ### A03:2025 — Software Supply Chain Failures
58
+
59
+ [Same format as above]
60
+
61
+ ---
62
+
63
+ ### A04:2025 — Cryptographic Failures
64
+
65
+ [Same format as above]
66
+
67
+ ---
68
+
69
+ ### A05:2025 — Injection
70
+
71
+ [Same format as above]
72
+
73
+ ---
74
+
75
+ ### A06:2025 — Insecure Design
76
+
77
+ [Same format as above]
78
+
79
+ ---
80
+
81
+ ### A07:2025 — Authentication Failures
82
+
83
+ [Same format as above]
84
+
85
+ ---
86
+
87
+ ### A08:2025 — Software or Data Integrity Failures
88
+
89
+ [Same format as above]
90
+
91
+ ---
92
+
93
+ ### A09:2025 — Security Logging and Alerting Failures
94
+
95
+ [Same format as above]
96
+
97
+ ---
98
+
99
+ ### A10:2025 — Mishandling of Exceptional Conditions
100
+
101
+ [Same format as above]
102
+
103
+ ---
104
+
105
+ ## Risk Score Breakdown
106
+
107
+ Scoring: Critical = 10 pts, High = 7 pts, Medium = 4 pts, Low = 2 pts, Info = 0 pts.
108
+
109
+ | Category | Critical | High | Medium | Low | Info | Points |
110
+ |----------|----------|------|--------|-----|------|--------|
111
+ | A01 — Broken Access Control | [X] | [X] | [X] | [X] | [X] | [XX] |
112
+ | A02 — Security Misconfiguration | [X] | [X] | [X] | [X] | [X] | [XX] |
113
+ | A03 — Supply Chain Failures | [X] | [X] | [X] | [X] | [X] | [XX] |
114
+ | A04 — Cryptographic Failures | [X] | [X] | [X] | [X] | [X] | [XX] |
115
+ | A05 — Injection | [X] | [X] | [X] | [X] | [X] | [XX] |
116
+ | A06 — Insecure Design | [X] | [X] | [X] | [X] | [X] | [XX] |
117
+ | A07 — Authentication Failures | [X] | [X] | [X] | [X] | [X] | [XX] |
118
+ | A08 — Data Integrity Failures | [X] | [X] | [X] | [X] | [X] | [XX] |
119
+ | A09 — Logging & Alerting Failures | [X] | [X] | [X] | [X] | [X] | [XX] |
120
+ | A10 — Exceptional Conditions | [X] | [X] | [X] | [X] | [X] | [XX] |
121
+ | **Total** | | | | | | **[XX]** |
122
+
123
+ **Risk Rating:** 0-10 = Low | 11-30 = Moderate | 31-60 = High | 61+ = Critical
124
+
125
+ ---
126
+
127
+ ## Remediation Priority
128
+
129
+ [Ordered list of the most critical items to fix first, with brief rationale]
130
+
131
+ 1. **[Most critical finding]** — [why this is urgent and what to do]
132
+ 2. **[Second most critical]** — [why and what]
133
+ 3. **[Third most critical]** — [why and what]
134
+ [Continue as needed...]
135
+
136
+ ---
137
+
138
+ ## Methodology
139
+
140
+ This audit was performed using static analysis against the OWASP Top 10:2025 framework. Each category was evaluated using pattern-matching (grep), code review (file reading), dependency analysis, and configuration inspection. The analysis covered source code, configuration files, dependency manifests, and environment settings.
141
+
142
+ **Limitations:** This is a static analysis — it does not include dynamic/runtime testing, penetration testing, or network-level analysis. Some vulnerabilities may only be discoverable through dynamic testing.
143
+
144
+ ## References
145
+
146
+ - [OWASP Top 10:2025](https://owasp.org/Top10/2025/)
147
+ - [OWASP Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/)
148
+ - [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/)
package/template/.agents/skills/shadcn/SKILL.md ADDED
@@ -0,0 +1,246 @@
1
+ ---
2
+ name: shadcn
3
+ description: Manages shadcn components and projects — adding, searching, fixing, debugging, styling, and composing UI. Provides project context, component docs, and usage examples. Applies when working with shadcn/ui, component registries, presets, --preset codes, or any project with a components.json file. Also triggers for "shadcn init", "create an app with --preset", or "switch to --preset".
4
+ user-invocable: false
5
+ allowed-tools: Bash(npx shadcn@latest *), Bash(pnpm dlx shadcn@latest *), Bash(bunx --bun shadcn@latest *)
6
+ ---
7
+
8
+ # shadcn/ui
9
+
10
+ A framework for building ui, components and design systems. Components are added as source code to the user's project via the CLI.
11
+
12
+ > **IMPORTANT:** Run all CLI commands using the project's package runner: `npx shadcn@latest`, `pnpm dlx shadcn@latest`, or `bunx --bun shadcn@latest` — based on the project's `packageManager`. Examples below use `npx shadcn@latest` but substitute the correct runner for the project.
13
+
14
+ ## Current Project Context
15
+
16
+ ```json
17
+ !`npx shadcn@latest info --json`
18
+ ```
19
+
20
+ The JSON above contains the project config and installed components. Use `npx shadcn@latest docs <component>` to get documentation and example URLs for any component.
21
+
22
+ ## Principles
23
+
24
+ 1. **Use existing components first.** Use `npx shadcn@latest search` to check registries before writing custom UI. Check community registries too.
25
+ 2. **Compose, don't reinvent.** Settings page = Tabs + Card + form controls. Dashboard = Sidebar + Card + Chart + Table.
26
+ 3. **Use built-in variants before custom styles.** `variant="outline"`, `size="sm"`, etc.
27
+ 4. **Use semantic colors.** `bg-primary`, `text-muted-foreground` — never raw values like `bg-blue-500`.
28
+
29
+ ## Critical Rules
30
+
31
+ These rules are **always enforced**. Each links to a file with Incorrect/Correct code pairs.
32
+
33
+ ### Styling & Tailwind → [styling.md](./rules/styling.md)
34
+
35
+ - **`className` for layout, not styling.** Never override component colors or typography.
36
+ - **No `space-x-*` or `space-y-*`.** Use `flex` with `gap-*`. For vertical stacks, `flex flex-col gap-*`.
37
+ - **Use `size-*` when width and height are equal.** `size-10` not `w-10 h-10`.
38
+ - **Use `truncate` shorthand.** Not `overflow-hidden text-ellipsis whitespace-nowrap`.
39
+ - **No manual `dark:` color overrides.** Use semantic tokens (`bg-background`, `text-muted-foreground`).
40
+ - **Use `cn()` for conditional classes.** Don't write manual template literal ternaries.
41
+ - **No manual `z-index` on overlay components.** Dialog, Sheet, Popover, etc. handle their own stacking.
42
+
43
+ ### Forms & Inputs → [forms.md](./rules/forms.md)
44
+
45
+ - **Forms use `FieldGroup` + `Field`.** Never use raw `div` with `space-y-*` or `grid gap-*` for form layout.
46
+ - **`InputGroup` uses `InputGroupInput`/`InputGroupTextarea`.** Never raw `Input`/`Textarea` inside `InputGroup`.
47
+ - **Buttons inside inputs use `InputGroup` + `InputGroupAddon`.**
48
+ - **Option sets (2–7 choices) use `ToggleGroup`.** Don't loop `Button` with manual active state.
49
+ - **`FieldSet` + `FieldLegend` for grouping related checkboxes/radios.** Don't use a `div` with a heading.
50
+ - **Field validation uses `data-invalid` + `aria-invalid`.** `data-invalid` on `Field`, `aria-invalid` on the control. For disabled: `data-disabled` on `Field`, `disabled` on the control.
51
+
52
+ ### Component Structure → [composition.md](./rules/composition.md)
53
+
54
+ - **Items always inside their Group.** `SelectItem` → `SelectGroup`. `DropdownMenuItem` → `DropdownMenuGroup`. `CommandItem` → `CommandGroup`.
55
+ - **Use `asChild` (radix) or `render` (base) for custom triggers.** Check `base` field from `npx shadcn@latest info`. → [base-vs-radix.md](./rules/base-vs-radix.md)
56
+ - **Dialog, Sheet, and Drawer always need a Title.** `DialogTitle`, `SheetTitle`, `DrawerTitle` required for accessibility. Use `className="sr-only"` if visually hidden.
57
+ - **Use full Card composition.** `CardHeader`/`CardTitle`/`CardDescription`/`CardContent`/`CardFooter`. Don't dump everything in `CardContent`.
58
+ - **Button has no `isPending`/`isLoading`.** Compose with `Spinner` + `data-icon` + `disabled`.
59
+ - **`TabsTrigger` must be inside `TabsList`.** Never render triggers directly in `Tabs`.
60
+ - **`Avatar` always needs `AvatarFallback`.** For when the image fails to load.
61
+
62
+ ### Use Components, Not Custom Markup → [composition.md](./rules/composition.md)
63
+
64
+ - **Use existing components before custom markup.** Check if a component exists before writing a styled `div`.
65
+ - **Callouts use `Alert`.** Don't build custom styled divs.
66
+ - **Empty states use `Empty`.** Don't build custom empty state markup.
67
+ - **Toast via `sonner`.** Use `toast()` from `sonner`.
68
+ - **Use `Separator`** instead of `<hr>` or `<div className="border-t">`.
69
+ - **Use `Skeleton`** for loading placeholders. No custom `animate-pulse` divs.
70
+ - **Use `Badge`** instead of custom styled spans.
71
+
72
+ ### Icons → [icons.md](./rules/icons.md)
73
+
74
+ - **Icons in `Button` use `data-icon`.** `data-icon="inline-start"` or `data-icon="inline-end"` on the icon.
75
+ - **No sizing classes on icons inside components.** Components handle icon sizing via CSS. No `size-4` or `w-4 h-4`.
76
+ - **Pass icons as objects, not string keys.** `icon={CheckIcon}`, not a string lookup.
77
+
78
+ ### CLI
79
+
80
+ - **Never decode or fetch preset codes manually.** Pass them directly to `npx shadcn@latest apply --preset <code>` for existing projects, or `npx shadcn@latest init --preset <code>` when initializing.
81
+
82
+ ## Key Patterns
83
+
84
+ These are the most common patterns that differentiate correct shadcn/ui code. For edge cases, see the linked rule files above.
85
+
86
+ ```tsx
87
+ // Form layout: FieldGroup + Field, not div + Label.
88
+ <FieldGroup>
89
+ <Field>
90
+ <FieldLabel htmlFor="email">Email</FieldLabel>
91
+ <Input id="email" />
92
+ </Field>
93
+ </FieldGroup>
94
+
95
+ // Validation: data-invalid on Field, aria-invalid on the control.
96
+ <Field data-invalid>
97
+ <FieldLabel>Email</FieldLabel>
98
+ <Input aria-invalid />
99
+ <FieldDescription>Invalid email.</FieldDescription>
100
+ </Field>
101
+
102
+ // Icons in buttons: data-icon, no sizing classes.
103
+ <Button>
104
+ <SearchIcon data-icon="inline-start" />
105
+ Search
106
+ </Button>
107
+
108
+ // Spacing: gap-*, not space-y-*.
109
+ <div className="flex flex-col gap-4"> // correct
110
+ <div className="space-y-4"> // wrong
111
+
112
+ // Equal dimensions: size-*, not w-* h-*.
113
+ <Avatar className="size-10"> // correct
114
+ <Avatar className="w-10 h-10"> // wrong
115
+
116
+ // Status colors: Badge variants or semantic tokens, not raw colors.
117
+ <Badge variant="secondary">+20.1%</Badge> // correct
118
+ <span className="text-emerald-600">+20.1%</span> // wrong
119
+ ```
120
+
121
+ ## Component Selection
122
+
123
+ | Need | Use |
124
+ | -------------------------- | --------------------------------------------------------------------------------------------------- |
125
+ | Button/action | `Button` with appropriate variant |
126
+ | Form inputs | `Input`, `Select`, `Combobox`, `Switch`, `Checkbox`, `RadioGroup`, `Textarea`, `InputOTP`, `Slider` |
127
+ | Toggle between 2–5 options | `ToggleGroup` + `ToggleGroupItem` |
128
+ | Data display | `Table`, `Card`, `Badge`, `Avatar` |
129
+ | Navigation | `Sidebar`, `NavigationMenu`, `Breadcrumb`, `Tabs`, `Pagination` |
130
+ | Overlays | `Dialog` (modal), `Sheet` (side panel), `Drawer` (bottom sheet), `AlertDialog` (confirmation) |
131
+ | Feedback | `sonner` (toast), `Alert`, `Progress`, `Skeleton`, `Spinner` |
132
+ | Command palette | `Command` inside `Dialog` |
133
+ | Charts | `Chart` (wraps Recharts) |
134
+ | Layout | `Card`, `Separator`, `Resizable`, `ScrollArea`, `Accordion`, `Collapsible` |
135
+ | Empty states | `Empty` |
136
+ | Menus | `DropdownMenu`, `ContextMenu`, `Menubar` |
137
+ | Tooltips/info | `Tooltip`, `HoverCard`, `Popover` |
138
+
139
+ ## Key Fields
140
+
141
+ The injected project context contains these key fields:
142
+
143
+ - **`aliases`** → use the actual alias prefix for imports (e.g. `@/`, `~/`), never hardcode.
144
+ - **`isRSC`** → when `true`, components using `useState`, `useEffect`, event handlers, or browser APIs need `"use client"` at the top of the file. Always reference this field when advising on the directive.
145
+ - **`tailwindVersion`** → `"v4"` uses `@theme inline` blocks; `"v3"` uses `tailwind.config.js`.
146
+ - **`tailwindCssFile`** → the global CSS file where custom CSS variables are defined. Always edit this file, never create a new one.
147
+ - **`style`** → component visual treatment (e.g. `nova`, `vega`).
148
+ - **`base`** → primitive library (`radix` or `base`). Affects component APIs and available props.
149
+ - **`iconLibrary`** → determines icon imports. Use `lucide-react` for `lucide`, `@tabler/icons-react` for `tabler`, etc. Never assume `lucide-react`.
150
+ - **`resolvedPaths`** → exact file-system destinations for components, utils, hooks, etc.
151
+ - **`framework`** → routing and file conventions (e.g. Next.js App Router vs Vite SPA).
152
+ - **`packageManager`** → use this for any non-shadcn dependency installs (e.g. `pnpm add date-fns` vs `npm install date-fns`).
153
+
154
+ See [cli.md — `info` command](./cli.md) for the full field reference.
155
+
156
+ ## Component Docs, Examples, and Usage
157
+
158
+ Run `npx shadcn@latest docs <component>` to get the URLs for a component's documentation, examples, and API reference. Fetch these URLs to get the actual content.
159
+
160
+ ```bash
161
+ npx shadcn@latest docs button dialog select
162
+ ```
163
+
164
+ **When creating, fixing, debugging, or using a component, always run `npx shadcn@latest docs` and fetch the URLs first.** This ensures you're working with the correct API and usage patterns rather than guessing.
165
+
166
+ ## Workflow
167
+
168
+ 1. **Get project context** — already injected above. Run `npx shadcn@latest info` again if you need to refresh.
169
+ 2. **Check installed components first** — before running `add`, always check the `components` list from project context or list the `resolvedPaths.ui` directory. Don't import components that haven't been added, and don't re-add ones already installed.
170
+ 3. **Find components** — `npx shadcn@latest search`.
171
+ 4. **Get docs and examples** — run `npx shadcn@latest docs <component>` to get URLs, then fetch them. Use `npx shadcn@latest view` to browse registry items you haven't installed. To preview changes to installed components, use `npx shadcn@latest add --diff`.
172
+ 5. **Install or update** — `npx shadcn@latest add`. When updating existing components, use `--dry-run` and `--diff` to preview changes first (see [Updating Components](#updating-components) below).
173
+ 6. **Fix imports in third-party components** — After adding components from community registries (e.g. `@bundui`, `@magicui`), check the added non-UI files for hardcoded import paths like `@/components/ui/...`. These won't match the project's actual aliases. Use `npx shadcn@latest info` to get the correct `ui` alias (e.g. `@workspace/ui/components`) and rewrite the imports accordingly. The CLI rewrites imports for its own UI files, but third-party registry components may use default paths that don't match the project.
174
+ 7. **Review added components** — After adding a component or block from any registry, **always read the added files and verify they are correct**. Check for missing sub-components (e.g. `SelectItem` without `SelectGroup`), missing imports, incorrect composition, or violations of the [Critical Rules](#critical-rules). Also replace any icon imports with the project's `iconLibrary` from the project context (e.g. if the registry item uses `lucide-react` but the project uses `hugeicons`, swap the imports and icon names accordingly). Fix all issues before moving on.
175
+ 8. **Registry must be explicit** — When the user asks to add a block or component, **do not guess the registry**. If no registry is specified (e.g. user says "add a login block" without specifying `@shadcn`, `@tailark`, etc.), ask which registry to use. Never default to a registry on behalf of the user.
176
+ 9. **Switching presets** — Ask the user first: **overwrite**, **merge**, or **skip**?
177
+ - **Overwrite**: `npx shadcn@latest apply --preset <code>`. Overwrites detected components, fonts, and CSS variables.
178
+ - **Merge**: `npx shadcn@latest init --preset <code> --force --no-reinstall`, then run `npx shadcn@latest info` to list installed components, then for each installed component use `--dry-run` and `--diff` to [smart merge](#updating-components) it individually.
179
+ - **Skip**: `npx shadcn@latest init --preset <code> --force --no-reinstall`. Only updates config and CSS, leaves components as-is.
180
+ - **Important**: Always run preset commands inside the user's project directory. `apply` only works in an existing project with a `components.json` file. The CLI automatically preserves the current base (`base` vs `radix`) from `components.json`. If you must use a scratch/temp directory (e.g. for `--dry-run` comparisons), pass `--base <current-base>` explicitly — preset codes do not encode the base.
181
+
182
+ ## Updating Components
183
+
184
+ When the user asks to update a component from upstream while keeping their local changes, use `--dry-run` and `--diff` to intelligently merge. **NEVER fetch raw files from GitHub manually — always use the CLI.**
185
+
186
+ 1. Run `npx shadcn@latest add <component> --dry-run` to see all files that would be affected.
187
+ 2. For each file, run `npx shadcn@latest add <component> --diff <file>` to see what changed upstream vs local.
188
+ 3. Decide per file based on the diff:
189
+ - No local changes → safe to overwrite.
190
+ - Has local changes → read the local file, analyze the diff, and apply upstream updates while preserving local modifications.
191
+ - User says "just update everything" → use `--overwrite`, but confirm first.
192
+ 4. **Never use `--overwrite` without the user's explicit approval.**
193
+
194
+ ## Quick Reference
195
+
196
+ ```bash
197
+ # Create a new project.
198
+ npx shadcn@latest init --name my-app --preset base-nova
199
+ npx shadcn@latest init --name my-app --preset a2r6bw --template vite
200
+
201
+ # Create a monorepo project.
202
+ npx shadcn@latest init --name my-app --preset base-nova --monorepo
203
+ npx shadcn@latest init --name my-app --preset base-nova --template next --monorepo
204
+
205
+ # Initialize existing project.
206
+ npx shadcn@latest init --preset base-nova
207
+ npx shadcn@latest init --defaults # shortcut: --template=next --preset=nova (base style implied)
208
+
209
+ # Apply a preset to an existing project.
210
+ npx shadcn@latest apply --preset a2r6bw
211
+ npx shadcn@latest apply a2r6bw
212
+
213
+ # Add components.
214
+ npx shadcn@latest add button card dialog
215
+ npx shadcn@latest add @magicui/shimmer-button
216
+ npx shadcn@latest add --all
217
+
218
+ # Preview changes before adding/updating.
219
+ npx shadcn@latest add button --dry-run
220
+ npx shadcn@latest add button --diff button.tsx
221
+ npx shadcn@latest add @acme/form --view button.tsx
222
+
223
+ # Search registries.
224
+ npx shadcn@latest search @shadcn -q "sidebar"
225
+ npx shadcn@latest search @tailark -q "stats"
226
+
227
+ # Get component docs and example URLs.
228
+ npx shadcn@latest docs button dialog select
229
+
230
+ # View registry item details (for items not yet installed).
231
+ npx shadcn@latest view @shadcn/button
232
+ ```
233
+
234
+ **Named presets:** `nova`, `vega`, `maia`, `lyra`, `mira`, `luma`
235
+ **Templates:** `next`, `vite`, `start`, `react-router`, `astro` (all support `--monorepo`) and `laravel` (not supported for monorepo)
236
+ **Preset codes:** Version-prefixed base62 strings (e.g. `a2r6bw` or `b0`), from [ui.shadcn.com](https://ui.shadcn.com).
237
+
238
+ ## Detailed References
239
+
240
+ - [rules/forms.md](./rules/forms.md) — FieldGroup, Field, InputGroup, ToggleGroup, FieldSet, validation states
241
+ - [rules/composition.md](./rules/composition.md) — Groups, overlays, Card, Tabs, Avatar, Alert, Empty, Toast, Separator, Skeleton, Badge, Button loading
242
+ - [rules/icons.md](./rules/icons.md) — data-icon, icon sizing, passing icons as objects
243
+ - [rules/styling.md](./rules/styling.md) — Semantic colors, variants, className, spacing, size, truncate, dark mode, cn(), z-index
244
+ - [rules/base-vs-radix.md](./rules/base-vs-radix.md) — asChild vs render, Select, ToggleGroup, Slider, Accordion
245
+ - [cli.md](./cli.md) — Commands, flags, presets, templates
246
+ - [customization.md](./customization.md) — Theming, CSS variables, extending components
package/template/.agents/skills/shadcn/agents/openai.yml ADDED
@@ -0,0 +1,5 @@
1
+ interface:
2
+ display_name: "shadcn/ui"
3
+ short_description: "Manages shadcn/ui components — adding, searching, fixing, debugging, styling, and composing UI."
4
+ icon_small: "./assets/shadcn-small.png"
5
+ icon_large: "./assets/shadcn.png"