forgedev 1.2.0 → 1.3.0

package/src/chainproof-bridge.js

@@ -0,0 +1,330 @@
+/**
+ * ChainProof bridge - pure Node.js trust chain operations.
+ * Uses node:crypto for Ed25519 + SHA-256, no Python dependency needed.
+ * All operations are file-based, reading and writing to .chainproof/.
+ */
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { createHash, generateKeyPairSync, sign, verify, randomUUID } from 'node:crypto';
+
+// --- Crypto primitives (interoperable with chainproof/core/crypto.py) ---
+
+export function hashContent(content) {
+  return createHash('sha256').update(content, 'utf-8').digest('hex');
+}
+
+export function buildSignablePayload(entry) {
+  // Length-prefixed using UTF-8 byte length for cross-language interop.
+  // JS .length and Python len() diverge on emoji; Buffer.byteLength is stable.
+  const fields = [
+    entry.prevHash,
+    entry.contentHash,
+    entry.timestamp,
+    entry.entryType,
+    entry.sessionId,
+  ];
+  return fields.map((f) => {
+    const s = String(f ?? '');
+    return `${Buffer.byteLength(s, 'utf-8')}:${s}`;
+  }).join(':');
+}
+
+export function signEntry(payload, privateKeyPem) {
+  const signature = sign(null, Buffer.from(payload, 'utf-8'), privateKeyPem);
+  return signature.toString('base64');
+}
+
+export function verifySignature(payload, signatureB64, publicKeyPem) {
+  try {
+    return verify(
+      null,
+      Buffer.from(payload, 'utf-8'),
+      publicKeyPem,
+      Buffer.from(signatureB64, 'base64')
+    );
+  } catch {
+    // Invalid key or malformed signature
+    return false;
+  }
+}
+
+export function computeChainHash(prevHash, contentHash) {
+  return createHash('sha256')
+    .update(prevHash + contentHash, 'utf-8')
+    .digest('hex');
+}
+
+export function generateKeypair() {
+  const { publicKey, privateKey } = generateKeyPairSync('ed25519', {
+    publicKeyEncoding: { type: 'spki', format: 'pem' },
+    privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+  });
+  return { publicKey, privateKey };
+}
+
+// --- High-level chain operations ---
+
+const GENESIS_HASH = '0'.repeat(64);
+
+export function initChainproof(projectDir) {
+  const cpDir = path.join(projectDir, '.chainproof');
+  const keysDir = path.join(cpDir, 'keys');
+
+  fs.mkdirSync(cpDir, { recursive: true });
+  fs.mkdirSync(keysDir, { recursive: true });
+
+  // Config — merge with any template-composed config (from templates/chainproof/)
+  const configPath = path.join(cpDir, 'config.json');
+  const projectName = path.basename(projectDir);
+  const defaults = {
+    version: '1.0.0',
+    projectName,
+    hashAlgorithm: 'sha256',
+    signatureAlgorithm: 'ed25519',
+    createdAt: new Date().toISOString(),
+  };
+
+  if (fs.existsSync(configPath)) {
+    // Template already composed a config — merge our defaults under it
+    try {
+      const existing = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+      const merged = { ...defaults, ...existing, createdAt: existing.createdAt || defaults.createdAt };
+      fs.writeFileSync(configPath, JSON.stringify(merged, null, 2) + '\n', 'utf-8');
+    } catch {
+      // Corrupted config, overwrite with defaults
+      fs.writeFileSync(configPath, JSON.stringify(defaults, null, 2) + '\n', 'utf-8');
+    }
+  } else {
+    fs.writeFileSync(configPath, JSON.stringify(defaults, null, 2) + '\n', 'utf-8');
+  }
+
+  // Chain — only create if missing
+  const chainPath = path.join(cpDir, 'chain.json');
+  if (!fs.existsSync(chainPath)) {
+    fs.writeFileSync(
+      chainPath,
+      JSON.stringify({ entries: [], currentHash: GENESIS_HASH }, null, 2) + '\n',
+      'utf-8'
+    );
+  }
+
+  // Artifacts — only create if missing
+  const artifactsPath = path.join(cpDir, 'artifacts.json');
+  if (!fs.existsSync(artifactsPath)) {
+    fs.writeFileSync(
+      artifactsPath,
+      JSON.stringify({ artifacts: [] }, null, 2) + '\n',
+      'utf-8'
+    );
+  }
+
+  // Generate keypair only if missing
+  const privateKeyPath = path.join(keysDir, 'private.pem');
+  const publicKeyPath = path.join(keysDir, 'public.pem');
+  if (!fs.existsSync(privateKeyPath) || !fs.existsSync(publicKeyPath)) {
+    const { publicKey, privateKey } = generateKeypair();
+    fs.writeFileSync(privateKeyPath, privateKey, { encoding: 'utf-8', mode: 0o600 });
+    fs.writeFileSync(publicKeyPath, publicKey, 'utf-8');
+  }
+
+  // Gitignore for keys
+  const gitignorePath = path.join(cpDir, '.gitignore');
+  if (!fs.existsSync(gitignorePath)) {
+    fs.writeFileSync(gitignorePath, 'keys/\n', 'utf-8');
+  }
+}
+
+export function recordDecision(projectDir, entry) {
+  if (!entry || typeof entry.content !== 'string') {
+    throw new Error('entry.content must be a non-empty string');
+  }
+  if (entry.content.length > 1_048_576) {
+    throw new Error('entry.content exceeds 1MB limit');
+  }
+
+  const cpDir = path.join(projectDir, '.chainproof');
+  const chainPath = path.join(cpDir, 'chain.json');
+
+  let chain;
+  try {
+    chain = JSON.parse(fs.readFileSync(chainPath, 'utf-8'));
+  } catch (err) {
+    throw new Error(`Failed to read chain.json: ${err.message}`, { cause: err });
+  }
+
+  const contentHash = hashContent(entry.content);
+  const prevHash = chain.currentHash;
+  const chainHash = computeChainHash(prevHash, contentHash);
+  const timestamp = new Date().toISOString();
+  const entryType = entry.entryType || 'decision';
+  const sessionId = entry.sessionId || 'default';
+
+  // Build the full entry before signing so all metadata is covered
+  const nllEntry = {
+    id: randomUUID(),
+    timestamp,
+    entryType,
+    content: entry.content,
+    contentHash,
+    prevHash,
+    chainHash,
+    signature: null,
+    sessionId,
+  };
+
+  // Sign the full canonical payload (not just content)
+  const privateKeyPath = path.join(cpDir, 'keys', 'private.pem');
+  if (fs.existsSync(privateKeyPath)) {
+    const privateKey = fs.readFileSync(privateKeyPath, 'utf-8');
+    const payload = buildSignablePayload(nllEntry);
+    nllEntry.signature = signEntry(payload, privateKey);
+  }
+
+  chain.entries.push(nllEntry);
+  chain.currentHash = chainHash;
+
+  // Atomic write: write to temp file first, then rename
+  const tmpPath = chainPath + '.tmp';
+  fs.writeFileSync(tmpPath, JSON.stringify(chain, null, 2) + '\n', 'utf-8');
+  fs.renameSync(tmpPath, chainPath);
+
+  return nllEntry;
+}
+
+export function recordCodeArtifact(projectDir, artifact) {
+  const cpDir = path.join(projectDir, '.chainproof');
+  const artifactsPath = path.join(cpDir, 'artifacts.json');
+
+  let data;
+  try {
+    data = JSON.parse(fs.readFileSync(artifactsPath, 'utf-8'));
+  } catch (err) {
+    throw new Error(`Failed to read artifacts.json: ${err.message}`, { cause: err });
+  }
+
+  const record = {
+    id: randomUUID(),
+    timestamp: new Date().toISOString(),
+    filePath: artifact.filePath,
+    contentHash: artifact.contentHash || hashContent(artifact.content || ''),
+    language: artifact.language || null,
+    generator: artifact.generator || null,
+    promptHash: artifact.promptHash || null,
+    nllEntryId: artifact.nllEntryId || null,
+  };
+
+  data.artifacts.push(record);
+
+  // Atomic write: write to temp file first, then rename
+  const tmpPath = artifactsPath + '.tmp';
+  fs.writeFileSync(tmpPath, JSON.stringify(data, null, 2) + '\n', 'utf-8');
+  fs.renameSync(tmpPath, artifactsPath);
+
+  return record;
+}
+
+export function verifyChain(projectDir) {
+  const cpDir = path.join(projectDir, '.chainproof');
+  const chainPath = path.join(cpDir, 'chain.json');
+
+  if (!fs.existsSync(chainPath)) {
+    return { valid: false, errors: ['chain.json not found'] };
+  }
+
+  const chain = JSON.parse(fs.readFileSync(chainPath, 'utf-8'));
+  const errors = [];
+  let expectedHash = GENESIS_HASH;
+
+  for (let i = 0; i < chain.entries.length; i++) {
+    const entry = chain.entries[i];
+
+    // Verify prev_hash links correctly
+    if (entry.prevHash !== expectedHash) {
+      errors.push(
+        `Entry ${i}: prevHash mismatch (expected ${expectedHash.slice(0, 8)}..., got ${entry.prevHash.slice(0, 8)}...)`
+      );
+    }
+
+    // Verify content hash
+    const actualContentHash = hashContent(entry.content);
+    if (entry.contentHash !== actualContentHash) {
+      errors.push(`Entry ${i}: contentHash mismatch (content was tampered)`);
+    }
+
+    // Verify chain hash
+    const actualChainHash = computeChainHash(entry.prevHash, entry.contentHash);
+    if (entry.chainHash !== actualChainHash) {
+      errors.push(`Entry ${i}: chainHash mismatch`);
+    }
+
+    // Verify signature covers full payload (not just content)
+    if (entry.signature) {
+      const publicKeyPath = path.join(cpDir, 'keys', 'public.pem');
+      if (fs.existsSync(publicKeyPath)) {
+        const publicKey = fs.readFileSync(publicKeyPath, 'utf-8');
+        const payload = buildSignablePayload(entry);
+        if (!verifySignature(payload, entry.signature, publicKey)) {
+          errors.push(`Entry ${i}: invalid signature`);
+        }
+      }
+    }
+
+    expectedHash = entry.chainHash;
+  }
+
+  // Verify current hash matches last entry
+  if (chain.entries.length > 0 && chain.currentHash !== expectedHash) {
+    errors.push('currentHash does not match last entry chainHash');
+  }
+
+  return { valid: errors.length === 0, errors };
+}
+
+export function getChainStatus(projectDir) {
+  const cpDir = path.join(projectDir, '.chainproof');
+  const chainPath = path.join(cpDir, 'chain.json');
+  const configPath = path.join(cpDir, 'config.json');
+
+  if (!fs.existsSync(cpDir)) {
+    return { initialized: false };
+  }
+
+  let chain;
+  try {
+    chain = JSON.parse(fs.readFileSync(chainPath, 'utf-8'));
+  } catch (err) {
+    throw new Error(`Failed to read chain.json: ${err.message}`, { cause: err });
+  }
+  let config = {};
+  if (fs.existsSync(configPath)) {
+    try {
+      config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+    } catch (err) {
+      throw new Error(`Failed to read config.json: ${err.message}`, { cause: err });
+    }
+  }
+
+  const artifactsPath = path.join(cpDir, 'artifacts.json');
+  let artifacts = { artifacts: [] };
+  if (fs.existsSync(artifactsPath)) {
+    try {
+      artifacts = JSON.parse(fs.readFileSync(artifactsPath, 'utf-8'));
+    } catch (err) {
+      throw new Error(`Failed to read artifacts.json: ${err.message}`, { cause: err });
+    }
+  }
+
+  const unsignedCount = chain.entries.filter((e) => !e.signature).length;
+
+  return {
+    initialized: true,
+    projectName: config.projectName || path.basename(projectDir),
+    entryCount: chain.entries.length,
+    artifactCount: artifacts.artifacts.length,
+    currentHash: chain.currentHash,
+    unsignedEntries: unsignedCount,
+    createdAt: config.createdAt || null,
+    lastEntry: chain.entries.length > 0 ? chain.entries[chain.entries.length - 1].timestamp : null,
+  };
+}

package/src/ci-mode.js

@@ -0,0 +1,85 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import chalk from 'chalk';
+import { log } from './utils.js';
+import { scanProject, detectStack } from './scanner.js';
+import { runAllChecks } from './doctor-checks.js';
+import { generateReport } from './doctor-prompts.js';
+
+export async function runCI(projectDir) {
+  const resolvedDir = path.resolve(projectDir);
+
+  if (!fs.existsSync(resolvedDir)) {
+    log.error(`Directory not found: ${resolvedDir}`);
+    process.exit(1);
+  }
+
+  console.log('');
+  log.info('  DevForge CI  Automated project health check');
+  console.log('');
+
+  // Scan project
+  const scan = scanProject(resolvedDir);
+  const stack = detectStack(resolvedDir, scan);
+  log.dim(`  Stack: ${stack || 'unknown'}`);
+
+  // Run all checks
+  const issues = runAllChecks(resolvedDir, scan);
+
+  const critical = issues.filter(i => i.severity === 'critical');
+  const warnings = issues.filter(i => i.severity === 'warning');
+  const info = issues.filter(i => i.severity === 'info');
+
+  // Output results
+  console.log('');
+  if (critical.length > 0) {
+    log.error(`  CRITICAL: ${critical.length} issue${critical.length > 1 ? 's' : ''}`);
+    for (const issue of critical) {
+      console.error(`    - ${issue.title}`);
+      if (issue.files?.length) {
+        for (const detail of issue.files.slice(0, 5)) {
+          console.error(chalk.dim(`      ${detail}`));
+        }
+        if (issue.files.length > 5) {
+          console.error(chalk.dim(`      ... and ${issue.files.length - 5} more`));
+        }
+      }
+    }
+  }
+
+  if (warnings.length > 0) {
+    log.warn(`  WARNINGS: ${warnings.length} issue${warnings.length > 1 ? 's' : ''}`);
+    for (const issue of warnings) {
+      console.error(`    - ${issue.title}`);
+    }
+  }
+
+  if (info.length > 0) {
+    log.dim(`  INFO: ${info.length} suggestion${info.length > 1 ? 's' : ''}`);
+  }
+
+  if (critical.length === 0 && warnings.length === 0) {
+    log.success('  All checks passed!');
+  }
+
+  // Save report if docs/ exists
+  const docsDir = path.join(resolvedDir, 'docs');
+  if (fs.existsSync(docsDir)) {
+    const reportPath = path.join(docsDir, 'ci-report.md');
+    const projectName = path.basename(resolvedDir);
+    const report = generateReport(issues, projectName);
+    fs.writeFileSync(reportPath, report, 'utf-8');
+    log.dim(`  Report saved to docs/ci-report.md`);
+  }
+
+  console.log('');
+
+  // Summary line for CI parsers
+  const total = issues.length;
+  console.log(`DevForge CI: ${critical.length} critical, ${warnings.length} warnings, ${info.length} info (${total} total)`);
+
+  // Exit with error code if critical issues found
+  if (critical.length > 0) {
+    process.exit(1);
+  }
+}

package/src/claude-configurator.js

@@ -1,6 +1,6 @@
 import fs from 'node:fs';
 import path from 'node:path';
-import { ROOT_DIR, ensureDir, writeFile, readTemplate, replaceVars, log } from './utils.js';
+import { ROOT_DIR, ensureDir, writeFile, readTemplate, replaceVars, getStackCommands } from './utils.js';
 
 const CLAUDE_TEMPLATES_DIR = path.join(ROOT_DIR, 'templates', 'claude-code');
 const DOCS_DIR = path.join(ROOT_DIR, 'docs');
@@ -16,6 +16,15 @@ export async function generateClaudeConfig(outputDir, stackConfig, options = {})
   generateAgents(outputDir, stackConfig, vars);
   generateCommands(outputDir, stackConfig, vars);
   copyPromptLibrary(outputDir);
+  stampVersion(outputDir);
+}
+
+function stampVersion(outputDir) {
+  const pkg = JSON.parse(fs.readFileSync(path.join(ROOT_DIR, 'package.json'), 'utf-8'));
+  writeFile(path.join(outputDir, '.claude', '.devforge-version'), JSON.stringify({
+    version: pkg.version,
+    generatedAt: new Date().toISOString(),
+  }, null, 2) + '\n');
 }
 
 function buildClaudeVars(config) {
@@ -24,68 +33,76 @@ function buildClaudeVars(config) {
     PROJECT_NAME_PASCAL: config.projectName.split('-').map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(''),
   };
 
+  // Commands vary by stack (shared with composer)
+  Object.assign(vars, getStackCommands(config.stackId));
+
   if (config.stackId === 'nextjs-fullstack') {
     vars.STACK_SUMMARY = 'Next.js 15 (App Router) + TypeScript + Tailwind CSS + Prisma + PostgreSQL';
-    vars.LINT_COMMAND = 'npx eslint .';
-    vars.TYPE_CHECK_COMMAND = 'npx tsc --noEmit';
-    vars.TEST_COMMAND = 'npx vitest run';
-    vars.BUILD_COMMAND = 'npm run build';
-    vars.DEV_COMMAND = 'npm run dev';
-    vars.DIR_MAP = `- src/app/ — Next.js App Router pages and API routes
-- src/lib/ — Shared utilities, database client, error handling
-- src/components/ — React components
-- prisma/ — Database schema and migrations
-- e2e/ — Playwright E2E tests`;
+    vars.DIR_MAP = `- src/app/ - Next.js App Router pages and API routes
+- src/lib/ - Shared utilities, database client, error handling
+- src/components/ - React components
+- prisma/ - Database schema and migrations
+- e2e/ - Playwright E2E tests`;
   } else if (config.stackId === 'fastapi-backend') {
     vars.STACK_SUMMARY = 'FastAPI + Python + SQLAlchemy 2.0 + PostgreSQL + Alembic';
-    vars.LINT_COMMAND = 'ruff check .';
-    vars.TYPE_CHECK_COMMAND = 'pyright';
-    vars.TEST_COMMAND = 'pytest';
-    vars.BUILD_COMMAND = 'docker build -t app .';
-    vars.DEV_COMMAND = 'uvicorn app.main:app --reload';
-    vars.DIR_MAP = `- backend/app/ — FastAPI application
-- backend/app/api/ — API route handlers
-- backend/app/core/ — Config, security, error handling
-- backend/app/db/ — Database session and models
-- backend/app/models/ — SQLAlchemy models
-- backend/app/schemas/ — Pydantic schemas
-- backend/tests/ — Pytest tests
-- backend/alembic/ — Database migrations`;
+    vars.DIR_MAP = `- backend/app/ - FastAPI application
+- backend/app/api/ - API route handlers
+- backend/app/core/ - Config, security, error handling
+- backend/app/db/ - Database session and models
+- backend/app/models/ - SQLAlchemy models
+- backend/app/schemas/ - Pydantic schemas
+- backend/tests/ - Pytest tests
+- backend/alembic/ - Database migrations`;
   } else if (config.stackId === 'polyglot-fullstack') {
     vars.STACK_SUMMARY = 'Next.js 15 (frontend) + FastAPI (backend) + PostgreSQL';
-    vars.LINT_COMMAND = 'cd frontend && npx eslint . && cd ../backend && ruff check .';
-    vars.TYPE_CHECK_COMMAND = 'cd frontend && npx tsc --noEmit';
-    vars.TEST_COMMAND = 'cd frontend && npx vitest run && cd ../backend && pytest';
-    vars.BUILD_COMMAND = 'docker compose build';
-    vars.DEV_COMMAND = 'docker compose up';
-    vars.DIR_MAP = `- frontend/ — Next.js 15 App Router application
-- frontend/src/app/ — Pages and API routes
-- frontend/src/lib/ — Shared utilities
-- backend/ — FastAPI application
-- backend/app/api/ — API route handlers
-- backend/app/core/ — Config, security, error handling
-- backend/app/db/ — Database session and models
-- e2e/ — Playwright E2E tests`;
+    vars.DIR_MAP = `- frontend/ - Next.js 15 App Router application
+- frontend/src/app/ - Pages and API routes
+- frontend/src/lib/ - Shared utilities
+- backend/ - FastAPI application
+- backend/app/api/ - API route handlers
+- backend/app/core/ - Config, security, error handling
+- backend/app/db/ - Database session and models
+- e2e/ - Playwright E2E tests`;
+  } else if (config.stackId === 'react-express') {
+    vars.STACK_SUMMARY = 'React (Vite) + Express + TypeScript + Prisma + PostgreSQL';
+    vars.DIR_MAP = `- frontend/ - React (Vite) SPA
+- frontend/src/ - React components and pages
+- backend/ - Express API server
+- backend/src/ - Express routes and middleware
+- backend/src/routes/ - API route handlers
+- backend/prisma/ - Database schema and migrations`;
+  } else if (config.stackId === 'remix-fullstack') {
+    vars.STACK_SUMMARY = 'Remix + Vite + TypeScript + Tailwind CSS + Prisma + PostgreSQL';
+    vars.DIR_MAP = `- app/ - Remix application
+- app/routes/ - File-based routes and API resource routes
+- app/routes/api.health.ts - Health check endpoint
+- prisma/ - Database schema and migrations`;
+  } else if (config.stackId === 'hono-api') {
+    vars.STACK_SUMMARY = 'Hono + TypeScript + Prisma + PostgreSQL';
+    vars.DIR_MAP = `- src/ - Hono application
+- src/routes/ - API route handlers
+- src/routes/health.ts - Health check endpoints
+- prisma/ - Database schema and migrations`;
   }
 
   // Build skills list for CLAUDE.md reference
   const skillsList = [
-    '- `@.claude/skills/git-workflow/` — Git branching, commits, and PR workflow',
-    '- `@.claude/skills/testing-patterns/` — Test pyramid, AAA pattern, mocking strategies',
+    '- `@.claude/skills/git-workflow/`: Git branching, commits, and PR workflow',
+    '- `@.claude/skills/testing-patterns/`: Test pyramid, AAA pattern, mocking strategies',
   ];
   if (config.frontend?.framework === 'nextjs') {
-    skillsList.push('- `@.claude/skills/nextjs/` — Next.js patterns and conventions');
-    skillsList.push('- `@.claude/skills/security-web/` — Frontend security practices');
+    skillsList.push('- `@.claude/skills/nextjs/`: Next.js patterns and conventions');
+    skillsList.push('- `@.claude/skills/security-web/`: Frontend security practices');
   }
   if (config.backend?.framework === 'fastapi') {
-    skillsList.push('- `@.claude/skills/fastapi/` — FastAPI patterns and conventions');
-    skillsList.push('- `@.claude/skills/security-api/` — API security practices');
+    skillsList.push('- `@.claude/skills/fastapi/`: FastAPI patterns and conventions');
+    skillsList.push('- `@.claude/skills/security-api/`: API security practices');
   }
   if (config.testing?.e2e === 'playwright') {
-    skillsList.push('- `@.claude/skills/playwright/` — E2E testing patterns');
+    skillsList.push('- `@.claude/skills/playwright/`: E2E testing patterns');
   }
   if (config.ai) {
-    skillsList.push('- `@.claude/skills/ai-prompts/` — AI/LLM prompt patterns');
+    skillsList.push('- `@.claude/skills/ai-prompts/`: AI/LLM prompt patterns');
   }
   vars.SKILLS_LIST = skillsList.length > 0 ? skillsList.join('\n') : '- (none generated)';
 
@@ -105,6 +122,12 @@ function generateClaudeMd(outputDir, config, vars) {
     stackSection = readTemplate(path.join(CLAUDE_TEMPLATES_DIR, 'claude-md', 'fastapi.md'));
   } else if (config.stackId === 'polyglot-fullstack') {
     stackSection = readTemplate(path.join(CLAUDE_TEMPLATES_DIR, 'claude-md', 'fullstack.md'));
+  } else if (config.stackId === 'react-express') {
+    stackSection = readTemplate(path.join(CLAUDE_TEMPLATES_DIR, 'claude-md', 'fullstack.md'));
+  } else if (config.stackId === 'remix-fullstack') {
+    stackSection = readTemplate(path.join(CLAUDE_TEMPLATES_DIR, 'claude-md', 'remix.md'));
+  } else if (config.stackId === 'hono-api') {
+    stackSection = readTemplate(path.join(CLAUDE_TEMPLATES_DIR, 'claude-md', 'hono.md'));
   }
 
   content = content.replace('{{STACK_SPECIFIC_RULES}}', stackSection);
@@ -115,9 +138,9 @@ function generateClaudeMd(outputDir, config, vars) {
 
 function generateHooks(outputDir, config, options = {}) {
   let hookFile;
-  let scriptFiles = ['guard-protected-files.mjs'];
+  const scriptFiles = ['guard-protected-files.mjs', 'code-hygiene.mjs', 'pre-commit-gate.mjs'];
 
-  if (config.stackId === 'nextjs-fullstack') {
+  if (config.stackId === 'nextjs-fullstack' || config.stackId === 'remix-fullstack' || config.stackId === 'hono-api') {
     hookFile = 'typescript.json';
     scriptFiles.push('autofix-typescript.mjs');
   } else if (config.stackId === 'fastapi-backend') {
@@ -126,6 +149,9 @@ function generateHooks(outputDir, config, options = {}) {
   } else if (config.stackId === 'polyglot-fullstack') {
     hookFile = 'polyglot.json';
     scriptFiles.push('autofix-polyglot.mjs');
+  } else if (config.stackId === 'react-express') {
+    hookFile = 'typescript.json';
+    scriptFiles.push('autofix-typescript.mjs');
   }
 
   const settingsPath = path.join(outputDir, '.claude', 'settings.json');
@@ -178,7 +204,7 @@ function deepMergeSettings(existing, incoming) {
 }
 
 function generateSkills(outputDir, config) {
-  // Universal skills — always included
+  // Universal skills, always included
   const skillsToInclude = ['git-workflow', 'testing-patterns'];
 
   if (config.frontend?.framework === 'nextjs') {
@@ -227,6 +253,10 @@ function generateAgents(outputDir, config, vars) {
     'loop-operator.md',
     'harness-optimizer.md',
     'product-strategist.md',
+    'prompt-auditor.md',
+    'frontend-builder.md',
+    'enforcement-gate.md',
+    'deep-reviewer.md',
   ];
 
   for (const agent of agents) {
@@ -245,7 +275,6 @@ function generateCommands(outputDir, config, vars) {
     'workflows.md',
     'status.md',
     'next.md',
-    'done.md',
     'verify-all.md',
     'audit-spec.md',
     'audit-wiring.md',
@@ -257,11 +286,19 @@ function generateCommands(outputDir, config, vars) {
     'optimize-claude-md.md',
     'plan.md',
     'build-fix.md',
+    'fix-loop.md',
     'code-review.md',
     'tdd.md',
     'save-session.md',
     'resume-session.md',
     'full-audit.md',
+    'verify-intent.md',
+    'build-ui.md',
+    'help.md',
+    'live-uat.md',
+    'simplify.md',
+    'generate-sdd.md',
+    'product-strategist.md',
   ];
 
   for (const cmd of commands) {