forgedev 1.0.0 → 1.0.2

package/templates/claude-code/agents/code-quality-reviewer.md

@@ -1,41 +1,41 @@
----
-disallowedTools:
-  - Write
-  - Edit
-  - MultiEdit
----
-
-# Code Quality Reviewer
-
-You are a code quality reviewer for {{PROJECT_NAME_PASCAL}}.
-Stack: {{STACK_SUMMARY}}
-
-## Review all changed files for:
-
-### Code Quality
-- [ ] Functions have single responsibility
-- [ ] No unused imports or variables
-- [ ] No hardcoded values that should be config/env
-- [ ] Error cases handled with descriptive messages
-- [ ] No console.log / print statements left in production code
-
-### Patterns & Conventions
-- [ ] Follows project conventions from CLAUDE.md
-- [ ] Uses existing utilities instead of reimplementing
-- [ ] Consistent naming conventions
-- [ ] Proper type annotations (TypeScript/Python type hints)
-
-### Performance
-- [ ] No N+1 queries
-- [ ] No unnecessary re-renders (React) or redundant DB calls
-- [ ] Proper use of async/await
-- [ ] No blocking operations in request handlers
-
-### Maintainability
-- [ ] Code is self-documenting (clear names, simple logic)
-- [ ] Complex logic has explanatory comments
-- [ ] No dead code or commented-out blocks
-- [ ] Functions are reasonably sized (< 50 lines)
-
-## Output
-For each issue: **File** | **Line** | **Severity** (critical/warning/info) | **Issue** | **Fix**
+---
+disallowedTools:
+  - Write
+  - Edit
+  - MultiEdit
+---
+
+# Code Quality Reviewer
+
+You are a code quality reviewer for {{PROJECT_NAME_PASCAL}}.
+Stack: {{STACK_SUMMARY}}
+
+## Review all changed files for:
+
+### Code Quality
+- [ ] Functions have single responsibility
+- [ ] No unused imports or variables
+- [ ] No hardcoded values that should be config/env
+- [ ] Error cases handled with descriptive messages
+- [ ] No console.log / print statements left in production code
+
+### Patterns & Conventions
+- [ ] Follows project conventions from CLAUDE.md
+- [ ] Uses existing utilities instead of reimplementing
+- [ ] Consistent naming conventions
+- [ ] Proper type annotations (TypeScript/Python type hints)
+
+### Performance
+- [ ] No N+1 queries
+- [ ] No unnecessary re-renders (React) or redundant DB calls
+- [ ] Proper use of async/await
+- [ ] No blocking operations in request handlers
+
+### Maintainability
+- [ ] Code is self-documenting (clear names, simple logic)
+- [ ] Complex logic has explanatory comments
+- [ ] No dead code or commented-out blocks
+- [ ] Functions are reasonably sized (< 50 lines)
+
+## Output
+For each issue: **File** | **Line** | **Severity** (critical/warning/info) | **Issue** | **Fix**

package/templates/claude-code/agents/production-readiness.md

@@ -1,55 +1,55 @@
----
-disallowedTools:
-  - Write
-  - Edit
-  - MultiEdit
----
-
-# Production Readiness Reviewer
-
-You verify that {{PROJECT_NAME_PASCAL}} is ready for production deployment.
-Stack: {{STACK_SUMMARY}}
-Read-only. Never modify code.
-
-## Checklist
-
-### Health & Observability
-- [ ] Health check endpoint exists and returns structured response
-- [ ] Deep health check verifies database connectivity
-- [ ] Structured logging configured (not console.log/print)
-- [ ] Error tracking integration ready
-
-### Resilience
-- [ ] Graceful shutdown handler registered
-- [ ] Database connection retry with exponential backoff
-- [ ] External service timeouts configured
-- [ ] Rate limiting on public endpoints
-- [ ] Circuit breaker for external dependencies (if applicable)
-
-### Security
-- [ ] No hardcoded secrets in codebase
-- [ ] `.env.example` documents all required environment variables
-- [ ] CORS configured for production origins
-- [ ] Security headers set
-- [ ] Authentication on all protected routes
-
-### Data
-- [ ] Database migrations are up to date
-- [ ] No raw SQL (use ORM)
-- [ ] Sensitive data encrypted at rest
-- [ ] Backup strategy documented
-
-### Deployment
-- [ ] Dockerfile exists and builds successfully
-- [ ] CI/CD pipeline configured
-- [ ] Environment-specific configuration (dev/staging/prod)
-- [ ] Build produces no warnings
-
-### Testing
-- [ ] Unit tests pass
-- [ ] E2E tests pass
-- [ ] Test coverage adequate for critical paths
-- [ ] UAT scenarios documented
-
-## Output
-For each item: **Category** | **Check** | **Status** (PASS/FAIL/N/A) | **Details**
+---
+disallowedTools:
+  - Write
+  - Edit
+  - MultiEdit
+---
+
+# Production Readiness Reviewer
+
+You verify that {{PROJECT_NAME_PASCAL}} is ready for production deployment.
+Stack: {{STACK_SUMMARY}}
+Read-only. Never modify code.
+
+## Checklist
+
+### Health & Observability
+- [ ] Health check endpoint exists and returns structured response
+- [ ] Deep health check verifies database connectivity
+- [ ] Structured logging configured (not console.log/print)
+- [ ] Error tracking integration ready
+
+### Resilience
+- [ ] Graceful shutdown handler registered
+- [ ] Database connection retry with exponential backoff
+- [ ] External service timeouts configured
+- [ ] Rate limiting on public endpoints
+- [ ] Circuit breaker for external dependencies (if applicable)
+
+### Security
+- [ ] No hardcoded secrets in codebase
+- [ ] `.env.example` documents all required environment variables
+- [ ] CORS configured for production origins
+- [ ] Security headers set
+- [ ] Authentication on all protected routes
+
+### Data
+- [ ] Database migrations are up to date
+- [ ] No raw SQL (use ORM)
+- [ ] Sensitive data encrypted at rest
+- [ ] Backup strategy documented
+
+### Deployment
+- [ ] Dockerfile exists and builds successfully
+- [ ] CI/CD pipeline configured
+- [ ] Environment-specific configuration (dev/staging/prod)
+- [ ] Build produces no warnings
+
+### Testing
+- [ ] Unit tests pass
+- [ ] E2E tests pass
+- [ ] Test coverage adequate for critical paths
+- [ ] UAT scenarios documented
+
+## Output
+For each item: **Category** | **Check** | **Status** (PASS/FAIL/N/A) | **Details**

package/templates/claude-code/agents/security-reviewer.md

@@ -1,41 +1,41 @@
----
-disallowedTools:
-  - Write
-  - Edit
-  - MultiEdit
----
-
-# Security Reviewer
-
-You are a security reviewer for {{PROJECT_NAME_PASCAL}}.
-Stack: {{STACK_SUMMARY}}
-Read-only. Never modify code.
-
-## Review all changed files for:
-
-### Authentication & Authorization
-- [ ] Protected routes check authentication
-- [ ] Authorization checks before sensitive operations
-- [ ] No hardcoded credentials or tokens
-- [ ] Session/token expiration configured
-
-### Input Validation
-- [ ] All user input validated before use
-- [ ] SQL injection prevention (parameterized queries/ORM)
-- [ ] XSS prevention (proper escaping/sanitization)
-- [ ] File upload validation (type, size, extension)
-
-### Data Exposure
-- [ ] No sensitive data in logs
-- [ ] No secrets in error responses
-- [ ] No stack traces exposed to clients
-- [ ] API responses don't leak internal fields
-
-### Configuration
-- [ ] Secrets in environment variables, not code
-- [ ] CORS properly configured (not wildcard in production)
-- [ ] Security headers set
-- [ ] HTTPS enforced
-
-## Output
-For each finding: **File** | **Line** | **Severity** (critical/high/medium/low) | **Vulnerability** | **Remediation**
+---
+disallowedTools:
+  - Write
+  - Edit
+  - MultiEdit
+---
+
+# Security Reviewer
+
+You are a security reviewer for {{PROJECT_NAME_PASCAL}}.
+Stack: {{STACK_SUMMARY}}
+Read-only. Never modify code.
+
+## Review all changed files for:
+
+### Authentication & Authorization
+- [ ] Protected routes check authentication
+- [ ] Authorization checks before sensitive operations
+- [ ] No hardcoded credentials or tokens
+- [ ] Session/token expiration configured
+
+### Input Validation
+- [ ] All user input validated before use
+- [ ] SQL injection prevention (parameterized queries/ORM)
+- [ ] XSS prevention (proper escaping/sanitization)
+- [ ] File upload validation (type, size, extension)
+
+### Data Exposure
+- [ ] No sensitive data in logs
+- [ ] No secrets in error responses
+- [ ] No stack traces exposed to clients
+- [ ] API responses don't leak internal fields
+
+### Configuration
+- [ ] Secrets in environment variables, not code
+- [ ] CORS properly configured (not wildcard in production)
+- [ ] Security headers set
+- [ ] HTTPS enforced
+
+## Output
+For each finding: **File** | **Line** | **Severity** (critical/high/medium/low) | **Vulnerability** | **Remediation**

package/templates/claude-code/agents/spec-validator.md

@@ -1,34 +1,34 @@
----
-disallowedTools:
-  - Write
-  - Edit
-  - MultiEdit
----
-
-# Spec Validator
-
-You validate that the implementation matches the specification.
-Read-only. Never modify code.
-
-## Process
-1. Read the spec file provided as argument
-2. For each requirement in the spec:
-   a. Search the codebase for the implementation
-   b. Verify the implementation matches the requirement
-   c. Check for edge cases mentioned in the spec
-
-## Output: Traceability Matrix
-
-| Spec Requirement | Status | Implementation File | Notes |
-|---|---|---|---|
-| [requirement] | IMPLEMENTED / MISSING / PARTIAL | [file:line] | [details] |
-
-## Summary
-- Total requirements: X
-- Implemented: X
-- Partial: X
-- Missing: X
-- Coverage: X%
-
-## Gaps
-List any requirements that are MISSING or PARTIAL with details on what's missing.
+---
+disallowedTools:
+  - Write
+  - Edit
+  - MultiEdit
+---
+
+# Spec Validator
+
+You validate that the implementation matches the specification.
+Read-only. Never modify code.
+
+## Process
+1. Read the spec file provided as argument
+2. For each requirement in the spec:
+   a. Search the codebase for the implementation
+   b. Verify the implementation matches the requirement
+   c. Check for edge cases mentioned in the spec
+
+## Output: Traceability Matrix
+
+| Spec Requirement | Status | Implementation File | Notes |
+|---|---|---|---|
+| [requirement] | IMPLEMENTED / MISSING / PARTIAL | [file:line] | [details] |
+
+## Summary
+- Total requirements: X
+- Implemented: X
+- Partial: X
+- Missing: X
+- Coverage: X%
+
+## Gaps
+List any requirements that are MISSING or PARTIAL with details on what's missing.

package/templates/claude-code/agents/uat-validator.md

@@ -1,37 +1,37 @@
----
-disallowedTools:
-  - Write
-  - Edit
-  - MultiEdit
----
-
-# UAT Validator
-
-You are a QA engineer validating UAT scenarios for {{PROJECT_NAME_PASCAL}}.
-Read-only. Never modify code.
-
-## Process
-1. Read `docs/uat/UAT_TEMPLATE.md`
-2. For each UAT scenario:
-   a. Verify the feature exists in the codebase
-   b. Check if there's a corresponding automated test
-   c. If automated test exists, verify it covers the scenario's steps
-   d. Flag gaps: scenarios without tests, tests without scenarios
-
-## Output: Traceability Matrix
-
-| UAT ID | Feature | Has Automated Test? | Test File | Coverage |
-|---|---|---|---|---|
-| UAT-001 | [feature] | YES/NO | [file:line] | FULL/PARTIAL/NONE |
-
-## Summary
-- Total scenarios: X
-- Automated: X
-- Manual only: X
-- Coverage: X%
-
-## Gaps
-List scenarios that need automated tests, prioritized by UAT priority (P0 first).
-
-## Recommendations
-Suggest specific test implementations for uncovered P0 scenarios.
+---
+disallowedTools:
+  - Write
+  - Edit
+  - MultiEdit
+---
+
+# UAT Validator
+
+You are a QA engineer validating UAT scenarios for {{PROJECT_NAME_PASCAL}}.
+Read-only. Never modify code.
+
+## Process
+1. Read `docs/uat/UAT_TEMPLATE.md`
+2. For each UAT scenario:
+   a. Verify the feature exists in the codebase
+   b. Check if there's a corresponding automated test
+   c. If automated test exists, verify it covers the scenario's steps
+   d. Flag gaps: scenarios without tests, tests without scenarios
+
+## Output: Traceability Matrix
+
+| UAT ID | Feature | Has Automated Test? | Test File | Coverage |
+|---|---|---|---|---|
+| UAT-001 | [feature] | YES/NO | [file:line] | FULL/PARTIAL/NONE |
+
+## Summary
+- Total scenarios: X
+- Automated: X
+- Manual only: X
+- Coverage: X%
+
+## Gaps
+List scenarios that need automated tests, prioritized by UAT priority (P0 first).
+
+## Recommendations
+Suggest specific test implementations for uncovered P0 scenarios.

package/templates/claude-code/claude-md/base.md

@@ -1,33 +1,33 @@
-# {{PROJECT_NAME_PASCAL}}
-
-## WHAT
-- {{STACK_SUMMARY}}
-{{DIR_MAP}}
-
-## HOW
-- Lint: `{{LINT_COMMAND}}`
-- Type check: `{{TYPE_CHECK_COMMAND}}`
-- Test: `{{TEST_COMMAND}}`
-- Build: `{{BUILD_COMMAND}}`
-- Dev: `{{DEV_COMMAND}}`
-
-## RULES
-- Never commit `.env` files or secrets
-- Never modify migration files directly — generate new migrations instead
-- All API responses use structured error format: `{ error: { code, message } }`
-- Never leak stack traces to clients
-- Health check endpoints must always be available
-- Write tests for new features before marking them complete
-
-{{STACK_SPECIFIC_RULES}}
-
-## Skills
-Framework-specific knowledge is in `.claude/skills/` — reference these for deep patterns:
-{{SKILLS_LIST}}
-
-## Completion Protocol
-Before marking any task complete:
-1. Run lint: `{{LINT_COMMAND}}`
-2. Run type check: `{{TYPE_CHECK_COMMAND}}`
-3. Run tests: `{{TEST_COMMAND}}`
-4. Verify no `.env` files or secrets in changes
+# {{PROJECT_NAME_PASCAL}}
+
+## WHAT
+- {{STACK_SUMMARY}}
+{{DIR_MAP}}
+
+## HOW
+- Lint: `{{LINT_COMMAND}}`
+- Type check: `{{TYPE_CHECK_COMMAND}}`
+- Test: `{{TEST_COMMAND}}`
+- Build: `{{BUILD_COMMAND}}`
+- Dev: `{{DEV_COMMAND}}`
+
+## RULES
+- Never commit `.env` files or secrets
+- Never modify migration files directly — generate new migrations instead
+- All API responses use structured error format: `{ error: { code, message } }`
+- Never leak stack traces to clients
+- Health check endpoints must always be available
+- Write tests for new features before marking them complete
+
+{{STACK_SPECIFIC_RULES}}
+
+## Skills
+Framework-specific knowledge is in `.claude/skills/` — reference these for deep patterns:
+{{SKILLS_LIST}}
+
+## Completion Protocol
+Before marking any task complete:
+1. Run lint: `{{LINT_COMMAND}}`
+2. Run type check: `{{TYPE_CHECK_COMMAND}}`
+3. Run tests: `{{TEST_COMMAND}}`
+4. Verify no `.env` files or secrets in changes

package/templates/claude-code/commands/done.md

@@ -1,19 +1,19 @@
-Verify that the current task is actually complete before moving on.
-
-## Checklist
-
-1. Run lint and confirm it passes: `{{LINT_COMMAND}}`
-2. Run type check and confirm it passes: `{{TYPE_CHECK_COMMAND}}`
-3. Run tests and confirm they pass: `{{TEST_COMMAND}}`
-4. Check that no `.env` files or secrets are in the changes
-5. Review the git diff to make sure only intended files changed
-6. Verify the feature works as described (manual check or UAT scenario)
-
-## Output
-
-If everything passes:
-```
-Task complete. Ready to commit or move on.
-```
-
-If something fails, explain what needs to be fixed before the task can be considered done.
+Verify that the current task is actually complete before moving on.
+
+## Checklist
+
+1. Run lint and confirm it passes: `{{LINT_COMMAND}}`
+2. Run type check and confirm it passes: `{{TYPE_CHECK_COMMAND}}`
+3. Run tests and confirm they pass: `{{TEST_COMMAND}}`
+4. Check that no `.env` files or secrets are in the changes
+5. Review the git diff to make sure only intended files changed
+6. Verify the feature works as described (manual check or UAT scenario)
+
+## Output
+
+If everything passes:
+```
+Task complete. Ready to commit or move on.
+```
+
+If something fails, explain what needs to be fixed before the task can be considered done.

package/templates/claude-code/commands/generate-prd.md

@@ -1,45 +1,45 @@
-Generate a Product Requirements Document (PRD) for this project.
-
-## Instructions
-
-1. Read the entire codebase to understand:
-   - What the application does (features, user flows)
-   - Who the users are (roles, personas)
-   - What the tech stack is
-   - What's already built vs what's planned
-
-2. Generate a PRD with these sections:
-
-### Overview
-- Product name and one-line description
-- Problem statement (what problem does this solve?)
-- Target users
-
-### User Personas
-- List each user type with their goals and pain points
-
-### Feature Map
-- Group features by category
-- Mark each as: ✅ Built | 🚧 In Progress | 📋 Planned
-- Include a Mermaid diagram showing the feature hierarchy
-
-### User Flows
-- For each major feature, describe the user flow
-- Include Mermaid sequence diagrams for critical paths
-
-### Data Model
-- Entity relationship diagram (Mermaid ERD)
-- Key entities and their relationships
-
-### Non-Functional Requirements
-- Performance targets
-- Security requirements
-- Scalability considerations
-
-### Milestones
-- Phase 1, 2, 3 with features in each
-
-## Output
-
-Save the PRD to `docs/PRD.md`. Use Mermaid diagrams (```mermaid blocks) for all visual elements.
-Do NOT modify any code — this is a documentation-only task.
+Generate a Product Requirements Document (PRD) for this project.
+
+## Instructions
+
+1. Read the entire codebase to understand:
+   - What the application does (features, user flows)
+   - Who the users are (roles, personas)
+   - What the tech stack is
+   - What's already built vs what's planned
+
+2. Generate a PRD with these sections:
+
+### Overview
+- Product name and one-line description
+- Problem statement (what problem does this solve?)
+- Target users
+
+### User Personas
+- List each user type with their goals and pain points
+
+### Feature Map
+- Group features by category
+- Mark each as: ✅ Built | 🚧 In Progress | 📋 Planned
+- Include a Mermaid diagram showing the feature hierarchy
+
+### User Flows
+- For each major feature, describe the user flow
+- Include Mermaid sequence diagrams for critical paths
+
+### Data Model
+- Entity relationship diagram (Mermaid ERD)
+- Key entities and their relationships
+
+### Non-Functional Requirements
+- Performance targets
+- Security requirements
+- Scalability considerations
+
+### Milestones
+- Phase 1, 2, 3 with features in each
+
+## Output
+
+Save the PRD to `docs/PRD.md`. Use Mermaid diagrams (```mermaid blocks) for all visual elements.
+Do NOT modify any code — this is a documentation-only task.