repofence 0.1.8 → 0.2.1

package/README.md

@@ -14,13 +14,15 @@ npm install -g repofence
 # 1. Purchase a license and get your token
 repofence auth --web
 
-# 2. Initialize spec files + install Cursor AI commands
+# 2. Initialize spec files + install assistant assets (Cursor by default)
 repofence init
 
 # 3. Auto-populate specs from your codebase
 repofence reverse
 ```
 
+Brownfield tip: run `repofence reverse` first after `init` so your spec layer reflects the current codebase before any AI-driven changes.
+
 ## Commands
 
 ### `repofence auth`
@@ -39,12 +41,14 @@ Get your license at [repofence.com](https://repofence.com).
 
 ---
 
-### `repofence init`
+### `repofence init [ide]`
 
-Initialize spec files in the current project and install Cursor AI command packs into `~/.cursor/commands/`.
+Initialize spec files in the current project and install assistant assets.
 
 ```bash
-repofence init
+repofence init                # defaults to Cursor
+repofence init cursor
+repofence init claude
 ```
 
 **Requires**: a valid token saved via `repofence auth`.
@@ -57,9 +61,11 @@ Creates in your project:
 | `spec/CORE_FLOWS.md` | Critical user and system flows |
 | `spec/BOUNDARIES.md` | Architectural boundaries and constraints |
 | `spec/AI_RULES.md` | Rules for AI agents working on the codebase |
-| `spec/IDE_CURSOR.md` | Cursor IDE integration guide |
+| `spec/IDE_CURSOR.md` or `spec/IDE_CLAUDE.md` | Assistant-specific integration guide |
 
-Also installs Cursor AI commands globally (`~/.cursor/commands/`) that you can use with `/repofence.*` in any Cursor chat.
+Install targets:
+- `cursor`: installs `/repofence.*` command files in `~/.cursor/commands/`
+- `claude`: installs repofence skills in `~/.claude/skills/` and creates project files `CLAUDE.md` + `.claude/rules/sdd-core.md`
 
 **Options**:
 
@@ -89,6 +95,8 @@ Detects:
 
 Updates `spec/SYSTEM_OVERVIEW.md`, `spec/CORE_FLOWS.md`, `spec/BOUNDARIES.md`, and `spec/AI_RULES.md` with what it finds, preserving sections you've already customized.
 
+For brownfield projects this is the most important command to run early.
+
 **Options**:
 
 | Flag | Description |
@@ -99,12 +107,14 @@ Updates `spec/SYSTEM_OVERVIEW.md`, `spec/CORE_FLOWS.md`, `spec/BOUNDARIES.md`, a
 
 ---
 
-### `repofence status`
+### `repofence status [ide]`
 
-Show the status of your local token and installed pack.
+Show the status of your local token and installed pack manifests.
 
 ```bash
-repofence status
+repofence status        # shows cursor + claude
+repofence status cursor
+repofence status claude
 ```
 
 ---
@@ -113,11 +123,12 @@ repofence status
 
 ```
 repofence auth --web          # one-time: purchase license + get token
-repofence init                # per project: create spec files + install AI commands
-repofence reverse             # per project: auto-fill specs from code
+repofence init claude         # or: repofence init cursor
+repofence reverse             # critical for brownfield: auto-fill specs from code
 ```
 
-After running `init`, open any project in Cursor and type `/repofence.help` in the chat to see all available AI commands.
+After running `init cursor`, open Cursor and type `/repofence.help`.
+After running `init claude`, open Claude Code and type `/repofence-reverse`.
 
 ## Global Options
 
@@ -144,6 +155,12 @@ Deploy (e.g. **Railway**): see [`backend/README.md`](backend/README.md) and root
 
 Step-by-step: **[docs/RELEASE.md](docs/RELEASE.md)** (`npm version`, `npm publish`). The published package only includes **`dist/`**; the HTTP API in `backend/` is deployed separately.
 
+## Claude rollout docs
+
+- [docs/CLAUDE-ASSET-CONTRACT.md](docs/CLAUDE-ASSET-CONTRACT.md)
+- [docs/CLAUDE-SKILL-MAPPING.md](docs/CLAUDE-SKILL-MAPPING.md)
+- [docs/CLAUDE-GA-CHECKLIST.md](docs/CLAUDE-GA-CHECKLIST.md)
+
 ## Environment variables
 
 | Variable | Description |
@@ -151,6 +168,7 @@ Step-by-step: **[docs/RELEASE.md](docs/RELEASE.md)** (`npm version`, `npm publis
 | `REPOFENCE_API_BASE_URL` | API host for the CLI (`auth`, `init`). Default normalizes to `…/api`. |
 | `REPOFENCE_MOCK` | Set to `1` for mock API responses (no network). |
 | `REPOFENCE_PACK_ID` | Pack id for `repofence init` (default: `core`). |
+| `REPOFENCE_CLAUDE_PACK_ID` | Optional pack id override for `repofence init claude` (falls back to `REPOFENCE_PACK_ID`). |
 | `REPOFENCE_PUBLIC_KEY` | Optional. PEM or base64 public key to verify signed packs. If unset, the CLI uses its built-in public key. |
 
 ## Requirements

package/dist/cli.js

@@ -56,6 +56,7 @@ const init_1 = require("./commands/init");
 const reverse_1 = require("./commands/reverse");
 const auth_1 = require("./commands/auth");
 const status_1 = require("./commands/status");
+const targets_1 = require("./core/targets");
 const program = new commander_1.Command();
 program
     .name('repofence')
@@ -69,18 +70,19 @@ program
 program
     .command('init')
     .description('Initialize spec files in the current directory')
-    .argument('[ide]', 'IDE type (currently only "cursor" is supported)', 'cursor')
+    .argument('[ide]', 'IDE target: cursor | claude', 'cursor')
     .option('-f, --force', 'overwrite existing files')
     .option('--name <name>', 'override project name detection')
     .action(async (ide = 'cursor', options) => {
-    if (ide && ide !== 'cursor') {
-        console.error(chalk_1.default.red(`❌ Error: Unsupported IDE "${ide}". Only "cursor" is supported.`));
+    if (!(0, targets_1.isIdeTarget)(ide)) {
+        console.error(chalk_1.default.red(`❌ Error: Unsupported IDE "${ide}". Supported: "cursor", "claude".`));
         process.exit(1);
     }
     const cwd = process.cwd();
     const globalOpts = program.opts();
     try {
         await (0, init_1.initCommand)(cwd, {
+            ide,
             force: options.force || false,
             dryRun: globalOpts.dryRun || false,
             verbose: globalOpts.verbose || false,
@@ -117,9 +119,9 @@ program
 // Auth command
 program
     .command('auth')
-    .description('Autentica el CLI con token emitido por la web repofence')
-    .option('--token <token>', 'Token emitido por la web repofence')
-    .option('--web', 'Abrir la web de login/pago y obtener token manualmente')
+    .description('Authenticate the CLI with a token from repofence.com')
+    .option('--token <token>', 'Token from repofence.com (after purchase)')
+    .option('--web', 'Open login/checkout in the browser to get a token')
     .action(async (options) => {
     const cwd = process.cwd();
     try {
@@ -134,11 +136,16 @@ program
 // Status command
 program
     .command('status')
-    .description('Show local token status and installed pack manifest')
-    .action(async () => {
+    .description('Show local token status and installed pack manifest(s)')
+    .argument('[ide]', 'Status target: cursor | claude | all', 'all')
+    .action(async (ide = 'all') => {
+    if (ide !== 'all' && !(0, targets_1.isIdeTarget)(ide)) {
+        console.error(chalk_1.default.red(`❌ Error: Unsupported status target "${ide}". Supported: "cursor", "claude", "all".`));
+        process.exit(1);
+    }
     const cwd = process.cwd();
     try {
-        await (0, status_1.statusCommand)(cwd);
+        await (0, status_1.statusCommand)(cwd, { ide });
     }
     catch (error) {
         const errorMessage = error instanceof Error ? error.message : String(error);

package/dist/commands/auth.js

@@ -36,10 +36,10 @@ const authCommand = async (_cwd, options) => {
     }
     const token = options.token ?? (await promptToken());
     if (!token) {
-        throw new Error('No se proporcionó token; vuelve a intentarlo con --token <valor>.');
+        throw new Error('No token provided; try again with --token <value>.');
     }
     await (0, auth_1.saveToken)(token);
-    console.log(chalk_1.default.green(`✅ Token guardado en ${auth_1.tokenPath}`));
+    console.log(chalk_1.default.green(`✅ Token saved to ${auth_1.tokenPath}`));
 };
 exports.authCommand = authCommand;
 //# sourceMappingURL=auth.js.map

package/dist/commands/init.js

@@ -39,21 +39,26 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.initCommand = initCommand;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const os = __importStar(require("os"));
 const chalk_1 = __importDefault(require("chalk"));
 const templates_1 = require("../core/templates");
 const api_client_1 = require("../core/api-client");
 const auth_1 = require("../core/auth");
 const pack_manager_1 = require("../core/pack-manager");
-const SPEC_FILES = [
+const targets_1 = require("../core/targets");
+const BASE_SPEC_FILES = [
     'SYSTEM_OVERVIEW.md',
     'CORE_FLOWS.md',
     'BOUNDARIES.md',
     'AI_RULES.md',
-    'IDE_CURSOR.md',
+];
+const CLAUDE_PROJECT_FILES = [
+    { relPath: 'CLAUDE.md', template: 'CLAUDE.md' },
+    { relPath: path.join('.claude', 'rules', 'sdd-core.md'), template: 'CLAUDE_RULES_SDD.md' },
 ];
 async function initCommand(cwd, options) {
-    const { force = false, dryRun = false, verbose = false, name } = options;
+    const { ide, force = false, dryRun = false, verbose = false, name } = options;
+    const profile = (0, targets_1.getTargetProfile)(ide);
+    const specFiles = [...BASE_SPEC_FILES, profile.specGuideTemplate];
     // Show banner
     console.log('\n' + chalk_1.default.bold('='.repeat(60)));
     console.log(chalk_1.default.bold('Repofence CLI (packs)'));
@@ -68,7 +73,7 @@ async function initCommand(cwd, options) {
         console.log(`📦 Project name: ${projectName}`);
     }
     console.log(`Project: ${cwd}`);
-    console.log(`Installing for: Cursor\n`);
+    console.log(`Installing for: ${profile.displayName}\n`);
     // Create spec directory
     const specDir = path.join(cwd, 'spec');
     if (!dryRun) {
@@ -90,7 +95,7 @@ async function initCommand(cwd, options) {
     // Process each template file
     const createdFiles = [];
     const skippedFiles = [];
-    for (const fileName of SPEC_FILES) {
+    for (const fileName of specFiles) {
         const filePath = path.join(specDir, fileName);
         const fileExists = fs.existsSync(filePath);
         if (fileExists && !force) {
@@ -124,9 +129,33 @@ async function initCommand(cwd, options) {
             process.exit(1);
         }
     }
+    // Claude-only project-level files
+    if (ide === 'claude') {
+        for (const file of CLAUDE_PROJECT_FILES) {
+            const filePath = path.join(cwd, file.relPath);
+            const fileExists = fs.existsSync(filePath);
+            if (fileExists && !force) {
+                skippedFiles.push(file.relPath);
+                continue;
+            }
+            const template = (0, templates_1.loadTemplate)(file.template);
+            const rendered = (0, templates_1.renderTemplate)(template, context);
+            if (dryRun) {
+                console.log(`\n[DRY RUN] Would create: ${filePath}`);
+            }
+            else {
+                fs.mkdirSync(path.dirname(filePath), { recursive: true });
+                fs.writeFileSync(filePath, rendered, 'utf-8');
+                createdFiles.push(file.relPath);
+                if (verbose) {
+                    console.log(chalk_1.default.green(`✓ Created: ${file.relPath}`));
+                }
+            }
+        }
+    }
     // Download and install repofence pack
     let packInstalled = false;
-    const packId = process.env.REPOFENCE_PACK_ID || 'core';
+    const packId = (0, targets_1.getPackIdForTarget)(ide);
     if (!dryRun) {
         const token = await (0, auth_1.readToken)();
         if (!token) {
@@ -156,40 +185,38 @@ async function initCommand(cwd, options) {
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);
-            console.error(chalk_1.default.red(`❌ Error al descargar pack "${packId}" (${resolvedBase}): ${message}`));
+            console.error(chalk_1.default.red(`❌ Failed to download pack "${packId}" (${resolvedBase}): ${message}`));
             throw error;
         }
         const isValid = await (0, pack_manager_1.validateSignature)(pack);
         if (!isValid) {
-            throw new Error('La firma del pack no es válida.');
+            throw new Error('Invalid pack signature.');
         }
-        await (0, pack_manager_1.installPack)(pack, { force, verbose });
+        await (0, pack_manager_1.installPack)(pack, { force, verbose, target: ide }, profile.installBaseDir);
         packInstalled = true;
         if (verbose) {
-            console.log(chalk_1.default.green(`✓ Pack "${pack.packId}" instalado`));
+            console.log(chalk_1.default.green(`✓ Pack "${pack.packId}" installed`));
         }
     }
     else {
-        const homeDir = os.homedir();
-        console.log(`[DRY RUN] Would download pack "${packId}" and install into: ${path.join(homeDir, '.cursor/commands/')}`);
+        console.log(`[DRY RUN] Would download pack "${packId}" and install into: ${profile.installBaseDir}`);
     }
     // Print summary
     if (!dryRun) {
-        printSummary(createdFiles, skippedFiles, force, packInstalled);
+        printSummary(createdFiles, skippedFiles, force, packInstalled, ide);
     }
     else {
         console.log(`\n[DRY RUN] Would create ${createdFiles.length} file(s), skip ${skippedFiles.length} file(s) and install pack "${packId}"`);
     }
 }
-function printSummary(createdFiles, skippedFiles, force, packInstalled) {
-    const homeDir = os.homedir();
-    const cursorDir = path.join(homeDir, '.cursor');
+function printSummary(createdFiles, skippedFiles, force, packInstalled, ide) {
+    const profile = (0, targets_1.getTargetProfile)(ide);
     console.log('\n' + chalk_1.default.bold('='.repeat(60)));
     console.log(chalk_1.default.green.bold('✨ Installation successful!'));
     console.log(chalk_1.default.bold('='.repeat(60)));
     if (packInstalled) {
         console.log('\n📊 Repofence pack:');
-        console.log(`   • Installed at: ${path.join(cursorDir, 'commands')}`);
+        console.log(`   • Installed at: ${profile.installBaseDir}`);
     }
     console.log('\n' + chalk_1.default.dim('─'.repeat(60)));
     console.log(chalk_1.default.bold('What was installed:'));
@@ -203,21 +230,35 @@ function printSummary(createdFiles, skippedFiles, force, packInstalled) {
         });
     }
     // Pack installation
-    if (packInstalled) {
+    if (packInstalled && ide === 'cursor') {
         console.log('\n  Cursor (GLOBAL at ~/.cursor/):');
-        console.log(`  • ~/.cursor/commands/   repofence commands`);
+        console.log('  • ~/.cursor/commands/   repofence commands');
+    }
+    if (packInstalled && ide === 'claude') {
+        console.log('\n  Claude Code (GLOBAL at ~/.claude/):');
+        console.log('  • ~/.claude/skills/     repofence skills');
     }
     console.log('\n' + chalk_1.default.dim('─'.repeat(60)));
     console.log(chalk_1.default.cyan.bold('Next Steps - Read Carefully!'));
     console.log(chalk_1.default.dim('─'.repeat(60)));
-    console.log(chalk_1.default.green('\n✓ Installation complete. The /repofence.* commands are available in Cursor.\n'));
-    console.log(chalk_1.default.yellow.bold('IMPORTANT:') + ' These commands run ' + chalk_1.default.green.bold('INSIDE CURSOR'));
-    console.log('           ' + chalk_1.default.dim('(not in this terminal)') + '\n');
-    console.log('  1. Open any project in Cursor');
-    console.log('  2. Start a chat with the AI assistant');
-    console.log('  3. In the chat window, type: ' + chalk_1.default.cyan('/repofence.help'));
-    console.log('  4. Use pack commands such as: ' + chalk_1.default.cyan('/repofence.read-specs'));
-    console.log(chalk_1.default.yellow('\nRemember:') + ' /repofence.* commands are used in the Cursor chat, not in bash.');
+    if (ide === 'cursor') {
+        console.log(chalk_1.default.green('\n✓ Installation complete. The /repofence.* commands are available in Cursor.\n'));
+        console.log(chalk_1.default.yellow.bold('IMPORTANT:') + ' These commands run ' + chalk_1.default.green.bold('INSIDE CURSOR'));
+        console.log('           ' + chalk_1.default.dim('(not in this terminal)') + '\n');
+        console.log('  1. Open any project in Cursor');
+        console.log('  2. Start a chat with the AI assistant');
+        console.log('  3. In the chat window, type: ' + chalk_1.default.cyan('/repofence.help'));
+        console.log('  4. Use pack commands such as: ' + chalk_1.default.cyan('/repofence.read-specs'));
+        console.log(chalk_1.default.yellow('\nRemember:') + ' /repofence.* commands are used in the Cursor chat, not in bash.');
+    }
+    else {
+        console.log(chalk_1.default.green('\n✓ Installation complete. The repofence skills are available in Claude Code.\n'));
+        console.log(chalk_1.default.yellow.bold('IMPORTANT:') + ' These skills run ' + chalk_1.default.green.bold('INSIDE CLAUDE CODE'));
+        console.log('           ' + chalk_1.default.dim('(not in this terminal)') + '\n');
+        console.log('  1. Open Claude Code in any project');
+        console.log('  2. Type: ' + chalk_1.default.cyan('/repofence-reverse'));
+        console.log('  3. Continue with: ' + chalk_1.default.cyan('/repofence-plan') + ' and ' + chalk_1.default.cyan('/repofence-build'));
+    }
     console.log(chalk_1.default.dim('─'.repeat(60)) + '\n');
 }
 //# sourceMappingURL=init.js.map

package/dist/commands/reverse.js

@@ -142,13 +142,27 @@ async function reverseCommand(cwd, options) {
     }
     // Print summary
     if (!dryRun) {
-        printSummary(updatedFiles, skippedFiles, scanResult, force);
+        printSummary(updatedFiles, skippedFiles, scanResult, force, specDir);
     }
     else {
         console.log(`\n[DRY RUN] Would update ${updatedFiles.length} file(s), skip ${skippedFiles.length} file(s)`);
     }
 }
-function printSummary(updatedFiles, skippedFiles, scanResult, force) {
+function getIdeGuideLine(specDir) {
+    const cursorGuide = fs.existsSync(path.join(specDir, 'IDE_CURSOR.md'));
+    const claudeGuide = fs.existsSync(path.join(specDir, 'IDE_CLAUDE.md'));
+    if (claudeGuide && !cursorGuide) {
+        return '   4. Use these specs with Claude Code (see /spec/IDE_CLAUDE.md)';
+    }
+    if (cursorGuide && !claudeGuide) {
+        return '   4. Use these specs with Cursor AI (see /spec/IDE_CURSOR.md)';
+    }
+    if (claudeGuide && cursorGuide) {
+        return '   4. Use the guide that matches your target: /spec/IDE_CLAUDE.md or /spec/IDE_CURSOR.md';
+    }
+    return '   4. Add an IDE guide in /spec/ (IDE_CLAUDE.md or IDE_CURSOR.md)';
+}
+function printSummary(updatedFiles, skippedFiles, scanResult, force, specDir) {
     console.log('\n' + chalk_1.default.bold('='.repeat(60)));
     console.log(chalk_1.default.green.bold('✨ Reverse engineering complete!'));
     console.log(chalk_1.default.bold('='.repeat(60)));
@@ -177,7 +191,7 @@ function printSummary(updatedFiles, skippedFiles, scanResult, force) {
     console.log('   1. Review the updated spec files in /spec/');
     console.log('   2. Fill in any UNKNOWN sections with actual details');
     console.log('   3. Customize flows and boundaries as needed');
-    console.log('   4. Use these specs with Cursor AI (see /spec/IDE_CURSOR.md)');
+    console.log(getIdeGuideLine(specDir));
     console.log('');
 }
 //# sourceMappingURL=reverse.js.map

package/dist/commands/status.js

@@ -7,25 +7,38 @@ exports.statusCommand = void 0;
 const chalk_1 = __importDefault(require("chalk"));
 const auth_1 = require("../core/auth");
 const pack_manager_1 = require("../core/pack-manager");
-const statusCommand = async (cwd) => {
+const targets_1 = require("../core/targets");
+const printManifest = async (target) => {
+    const profile = (0, targets_1.getTargetProfile)(target);
+    const manifest = await (0, pack_manager_1.readManifest)(profile.installBaseDir);
+    console.log(chalk_1.default.bold(`\n[${profile.displayName}]`));
+    if (!manifest) {
+        console.log(chalk_1.default.yellow(`⚠️  No pack manifest found at ${(0, pack_manager_1.manifestFilePath)(profile.installBaseDir)}`));
+        return;
+    }
+    console.log(chalk_1.default.cyan(`Pack: ${manifest.pack_id} v${manifest.pack_version}`));
+    console.log(chalk_1.default.cyan(`Installed: ${manifest.installed_at}`));
+    console.log(chalk_1.default.cyan(`Expires: ${manifest.expires_at ?? 'never'}`));
+    console.log(chalk_1.default.cyan(`Artifacts:`));
+    manifest.commands.forEach((cmd) => console.log(`  - ${cmd}`));
+    console.log(chalk_1.default.gray(`Manifest: ${(0, pack_manager_1.manifestFilePath)(profile.installBaseDir)}`));
+};
+const statusCommand = async (cwd, options = {}) => {
+    void cwd;
+    const target = options.ide || 'all';
     const token = await (0, auth_1.readToken)();
-    const manifest = await (0, pack_manager_1.readManifest)();
     if (token) {
-        console.log(chalk_1.default.green(`✅ Token presente (${auth_1.tokenPath})`));
+        console.log(chalk_1.default.green(`✅ Token present (${auth_1.tokenPath})`));
     }
     else {
-        console.log(chalk_1.default.yellow('⚠️  Token no configurado. Ejecuta `repofence auth --token <valor>`'));
+        console.log(chalk_1.default.yellow('⚠️  No token configured. Run `repofence auth --token <value>`'));
     }
-    if (!manifest) {
-        console.log(chalk_1.default.yellow('⚠️  No se encontró manifest de pack en .cursor/commands/.repofence-manifest.json'));
+    if (target === 'all') {
+        await printManifest('cursor');
+        await printManifest('claude');
         return;
     }
-    console.log(chalk_1.default.cyan(`Pack: ${manifest.pack_id} v${manifest.pack_version}`));
-    console.log(chalk_1.default.cyan(`Instalado: ${manifest.installed_at}`));
-    console.log(chalk_1.default.cyan(`Expira: ${manifest.expires_at ?? 'sin expirar'}`));
-    console.log(chalk_1.default.cyan(`Comandos:`));
-    manifest.commands.forEach((cmd) => console.log(`  - ${cmd}`));
-    console.log(chalk_1.default.gray(`Manifest: ${(0, pack_manager_1.manifestFilePath)()}`));
+    await printManifest(target);
 };
 exports.statusCommand = statusCommand;
 //# sourceMappingURL=status.js.map

package/dist/core/api-client.js

@@ -21,16 +21,16 @@ const DEMO_PACK = {
     files: [
         {
             path: 'repofence-spec.md',
-            contentBase64: Buffer.from('# repofence spec (demo)\n\n_TODO: contenido del pack_\n').toString('base64'),
+            contentBase64: Buffer.from('# repofence spec (demo)\n\n_TODO: pack content_\n').toString('base64'),
         },
         {
             path: 'repofence-plan.md',
-            contentBase64: Buffer.from('# repofence plan (demo)\n\n_TODO: contenido del pack_\n').toString('base64'),
+            contentBase64: Buffer.from('# repofence plan (demo)\n\n_TODO: pack content_\n').toString('base64'),
         },
     ],
 };
 const notImplemented = () => {
-    throw new Error('API client no implementado. Usa REPOFENCE_MOCK=1 para datos dummy.');
+    throw new Error('API client not implemented. Set REPOFENCE_MOCK=1 for dummy data.');
 };
 /**
  * Production hosts expose routes under `/api/v1/...`.

package/dist/core/auth.js

@@ -16,7 +16,7 @@ exports.tokenPath = tokenFile;
 const saveToken = async (token) => {
     const normalized = token.trim();
     if (!normalized) {
-        throw new Error('Token vacío; provee un token válido.');
+        throw new Error('Empty token; provide a valid token.');
     }
     await ensureDir();
     await promises_1.default.writeFile(tokenFile, normalized, { mode: 0o600 });

package/dist/core/pack-manager.js

@@ -49,84 +49,226 @@ const sha256Base64 = (buf) => crypto_1.default.createHash('sha256').update(buf).
 const downloadBuffer = async (url) => {
     const res = await fetch(url);
     if (!res.ok) {
-        throw new Error(`Descarga fallida (${res.status}) ${res.statusText}`);
+        throw new Error(`Download failed (${res.status}) ${res.statusText}`);
     }
     const arrayBuffer = await res.arrayBuffer();
     return Buffer.from(arrayBuffer);
 };
+const listFilesRecursive = async (root, relative = '.') => {
+    const dir = path_1.default.join(root, relative);
+    const entries = await promises_1.default.readdir(dir, { withFileTypes: true });
+    const files = [];
+    for (const entry of entries) {
+        const rel = path_1.default.join(relative, entry.name);
+        if (entry.isDirectory()) {
+            files.push(...(await listFilesRecursive(root, rel)));
+        }
+        else if (entry.isFile()) {
+            files.push(rel);
+        }
+    }
+    return files;
+};
+const toSkillName = (commandPath) => {
+    const base = path_1.default.basename(commandPath, '.md');
+    if (base.startsWith('repofence.')) {
+        return `repofence-${base.slice('repofence.'.length)}`;
+    }
+    return base.replace(/[._]/g, '-');
+};
+const extractDescription = (markdown) => {
+    const match = markdown.match(/\*\*Description\*\*:\s*(.+)/);
+    if (match?.[1])
+        return match[1].trim();
+    const firstSentence = markdown.split('\n').find((line) => line.trim() && !line.startsWith('#'));
+    return (firstSentence || 'Repofence workflow skill').replace(/^[-*]\s*/, '').trim();
+};
+const stripCursorCommandHeader = (markdown) => {
+    const lines = markdown.split('\n');
+    const filtered = [];
+    let skipUntilAfterVersion = false;
+    for (const line of lines) {
+        if (line.startsWith('# Command: /')) {
+            skipUntilAfterVersion = true;
+            continue;
+        }
+        if (skipUntilAfterVersion && line.startsWith('**Version**:')) {
+            continue;
+        }
+        if (skipUntilAfterVersion && line.startsWith('**Description**:')) {
+            continue;
+        }
+        if (skipUntilAfterVersion && line.trim() === '---') {
+            skipUntilAfterVersion = false;
+            continue;
+        }
+        filtered.push(line);
+    }
+    return filtered.join('\n').trimStart();
+};
+const adaptBodyForClaude = (markdown) => {
+    return markdown
+        .replace(/\/repofence\./g, '/repofence-')
+        .replace(/\/spec\/IDE_CURSOR\.md/g, '/spec/IDE_CLAUDE.md')
+        .replace(/Cursor chat/gi, 'Claude Code chat')
+        .replace(/Cursor AI/gi, 'Claude Code');
+};
+const toClaudeSkillMarkdown = (commandPath, markdown) => {
+    const skillName = toSkillName(commandPath);
+    const description = extractDescription(markdown);
+    const hasSideEffects = skillName.includes('build') ||
+        skillName.includes('update') ||
+        skillName.includes('finish') ||
+        skillName.includes('start') ||
+        skillName.includes('reverse');
+    const frontmatter = [
+        '---',
+        `name: ${skillName}`,
+        `description: ${description}`,
+        ...(hasSideEffects ? ['disable-model-invocation: true'] : []),
+        '---',
+        '',
+    ].join('\n');
+    const body = adaptBodyForClaude(stripCursorCommandHeader(markdown));
+    return { skillName, content: `${frontmatter}${body}\n` };
+};
 const installFromArchive = async (pack, options, baseDir) => {
+    const target = options.target || 'cursor';
     const dir = commandsDir(baseDir);
     await promises_1.default.mkdir(dir, { recursive: true });
     const archiveUrl = pack.archiveUrl;
-    // Descargar manifest y recalcular hash (robustez)
+    // Download manifest and recalculate hash (robustness)
     let manifestHashCalculated = undefined;
     if (pack.manifestUrl) {
         const manifestBuf = await downloadBuffer(pack.manifestUrl);
         manifestHashCalculated = sha256Base64(manifestBuf);
         if (pack.manifestHash && pack.manifestHash !== manifestHashCalculated) {
-            throw new Error(`Hash de manifest inválido. Esperado ${pack.manifestHash} obtenido ${manifestHashCalculated}`);
+            throw new Error(`Invalid manifest hash. Expected ${pack.manifestHash}, got ${manifestHashCalculated}`);
         }
     }
     const archiveBuf = await downloadBuffer(archiveUrl);
     if (pack.archiveHash) {
         const hash = sha256Base64(archiveBuf);
         if (hash !== pack.archiveHash) {
-            throw new Error(`Hash de archive inválido. Esperado ${pack.archiveHash} obtenido ${hash}`);
+            throw new Error(`Invalid archive hash. Expected ${pack.archiveHash}, got ${hash}`);
         }
     }
-    // Extraer lista de archivos y luego extraer contenido
+    // List files, then extract archive contents
     const tmpDir = await promises_1.default.mkdtemp(path_1.default.join(os_1.default.tmpdir(), 'repofence-archive-'));
     const archivePath = path_1.default.join(tmpDir, 'pack.tar.gz');
+    const extractedPath = path_1.default.join(tmpDir, 'extracted');
+    await promises_1.default.mkdir(extractedPath, { recursive: true });
     await promises_1.default.writeFile(archivePath, archiveBuf);
-    const extractedFiles = [];
-    await tar_1.default.t({
-        file: archivePath,
-        onentry: (entry) => {
-            if (entry.type === 'File') {
-                extractedFiles.push(entry.path);
-            }
-        },
-    });
-    // Validación de firma (manifestHash ya viene en el pack; archiveHash validada arriba)
+    // Signature validation (manifestHash from pack; archiveHash validated above)
     await (0, exports.validateSignature)({
         ...pack,
         manifestHash: pack.manifestHash || manifestHashCalculated,
     });
     await tar_1.default.x({
         file: archivePath,
-        cwd: dir,
+        cwd: extractedPath,
     });
+    const manifest = target === 'claude'
+        ? await installClaudeFromExtracted(extractedPath, pack, baseDir, options)
+        : await installCursorFromExtracted(extractedPath, pack, baseDir);
     await promises_1.default.rm(tmpDir, { recursive: true, force: true });
+    if (options.verbose) {
+        console.log(`[repofence] installed from archive ${archiveUrl}`);
+    }
+    return manifest;
+};
+const installCursorFromExtracted = async (extractedPath, pack, baseDir) => {
+    const dir = commandsDir(baseDir);
+    await promises_1.default.mkdir(dir, { recursive: true });
+    const files = await listFilesRecursive(extractedPath);
+    for (const rel of files) {
+        const src = path_1.default.join(extractedPath, rel);
+        const dst = path_1.default.join(dir, rel);
+        await promises_1.default.mkdir(path_1.default.dirname(dst), { recursive: true });
+        await promises_1.default.copyFile(src, dst);
+    }
     const manifest = {
         pack_id: pack.packId,
         pack_version: pack.packVersion,
         installed_at: new Date().toISOString(),
         expires_at: pack.expiresAt ?? null,
-        commands: extractedFiles,
+        commands: files.map((f) => f.replace(/^\.\//, '')),
     };
     await (0, exports.writeManifest)(baseDir, manifest);
-    if (options.verbose) {
-        console.log(`[repofence] instalado desde archive ${archiveUrl}`);
+    return manifest;
+};
+const installClaudeFromExtracted = async (extractedPath, pack, baseDir, options) => {
+    const dir = commandsDir(baseDir);
+    await promises_1.default.mkdir(dir, { recursive: true });
+    const files = await listFilesRecursive(extractedPath);
+    const markdownFiles = files.filter((f) => f.endsWith('.md'));
+    const artifacts = [];
+    for (const rel of markdownFiles) {
+        const sourcePath = path_1.default.join(extractedPath, rel);
+        const sourceMarkdown = await promises_1.default.readFile(sourcePath, 'utf8');
+        const { skillName, content } = toClaudeSkillMarkdown(rel, sourceMarkdown);
+        const targetPath = path_1.default.join(dir, skillName, 'SKILL.md');
+        if (!options.force && (await fileExists(targetPath))) {
+            throw new Error(`Skill already exists: ${targetPath} (use --force to overwrite)`);
+        }
+        await promises_1.default.mkdir(path_1.default.dirname(targetPath), { recursive: true });
+        await promises_1.default.writeFile(targetPath, content, 'utf8');
+        artifacts.push(path_1.default.relative(dir, targetPath));
     }
+    const manifest = {
+        pack_id: pack.packId,
+        pack_version: pack.packVersion,
+        installed_at: new Date().toISOString(),
+        expires_at: pack.expiresAt ?? null,
+        commands: artifacts,
+    };
+    await (0, exports.writeManifest)(baseDir, manifest);
     return manifest;
 };
 const installPack = async (pack, options = {}, baseDir) => {
-    // Si viene archiveUrl, descargar tar.gz y extraer.
+    const target = options.target || 'cursor';
+    // If archiveUrl is set, download tar.gz and extract.
     if (pack.archiveUrl) {
         return installFromArchive(pack, options, baseDir);
     }
     const dir = commandsDir(baseDir);
     await promises_1.default.mkdir(dir, { recursive: true });
+    if (target === 'claude') {
+        const artifacts = [];
+        for (const file of pack.files) {
+            const source = Buffer.from(file.contentBase64, 'base64').toString('utf8');
+            const { skillName, content } = toClaudeSkillMarkdown(file.path, source);
+            const targetPath = path_1.default.join(dir, skillName, 'SKILL.md');
+            if (!options.force && (await fileExists(targetPath))) {
+                throw new Error(`Skill already exists: ${targetPath} (use --force to overwrite)`);
+            }
+            await promises_1.default.mkdir(path_1.default.dirname(targetPath), { recursive: true });
+            await promises_1.default.writeFile(targetPath, content, 'utf8');
+            artifacts.push(path_1.default.relative(dir, targetPath));
+            if (options.verbose) {
+                console.log(`[repofence] wrote skill ${targetPath}`);
+            }
+        }
+        const manifest = {
+            pack_id: pack.packId,
+            pack_version: pack.packVersion,
+            installed_at: new Date().toISOString(),
+            expires_at: pack.expiresAt ?? null,
+            commands: artifacts,
+        };
+        await (0, exports.writeManifest)(baseDir, manifest);
+        return manifest;
+    }
     for (const file of pack.files) {
         const target = path_1.default.join(dir, file.path);
         if (!options.force && (await fileExists(target))) {
-            throw new Error(`El archivo ya existe: ${target} (usa --force para sobrescribir)`);
+            throw new Error(`File already exists: ${target} (use --force to overwrite)`);
         }
         await promises_1.default.mkdir(path_1.default.dirname(target), { recursive: true });
         const buffer = Buffer.from(file.contentBase64, 'base64');
         await promises_1.default.writeFile(target, buffer);
         if (options.verbose) {
-            console.log(`[repofence] escrito ${target}`);
+            console.log(`[repofence] wrote ${target}`);
         }
     }
     const manifest = {
@@ -142,26 +284,13 @@ const installPack = async (pack, options = {}, baseDir) => {
 exports.installPack = installPack;
 const manifestFilePath = (baseDir) => manifestPath(baseDir);
 exports.manifestFilePath = manifestFilePath;
-/** Standard base64 or base64url (some APIs / env pastes). */
-const decodeBase64Flexible = (input) => {
-    const trimmed = input.trim().replace(/\s/g, '');
-    if (!trimmed) {
-        throw new Error('Cadena vacía.');
-    }
-    const b64 = trimmed.includes('-') || trimmed.includes('_')
-        ? trimmed.replace(/-/g, '+').replace(/_/g, '/')
-        : trimmed;
-    const pad = b64.length % 4;
-    const padded = pad ? b64 + '='.repeat(4 - pad) : b64;
-    return Buffer.from(padded, 'base64');
-};
 const validateSignature = async (_pack) => {
     const pack = _pack;
-    // Si no hay firma ni hashes, no validamos (modo demo/mock).
+    // If there is no signature or hashes, skip validation (demo/mock mode).
     if (!pack.signature || !pack.manifestHash) {
         return true;
     }
-    // Construir payload igual que en backend: manifestHash[:archiveHash]
+    // Build payload same as backend: manifestHash[:archiveHash]
     const payloadToVerify = pack.archiveHash
         ? `${pack.manifestHash}:${pack.archiveHash}`
         : pack.manifestHash;
@@ -171,35 +300,14 @@ const validateSignature = async (_pack) => {
         : Buffer.from(rawKey, 'base64').toString('utf8');
     try {
         const keyObject = crypto_1.default.createPublicKey(publicKeyPem);
-        const sigBuf = decodeBase64Flexible(pack.signature);
-        const dataBuf = Buffer.from(payloadToVerify, 'utf8');
-        const keyType = keyObject.asymmetricKeyType;
-        let isValid;
-        if (keyType === 'ed25519') {
-            if (sigBuf.length !== 64) {
-                throw new Error(`Firma Ed25519: tras decodificar se esperaban 64 bytes, hay ${sigBuf.length}. ` +
-                    'Suele indicar que el API firmó con otro algoritmo (p. ej. RSA) o la firma está corrupta. ' +
-                    'El servidor debe usar el par Ed25519 que corresponde a la clave pública del CLI.');
-            }
-            isValid = crypto_1.default.verify(null, dataBuf, keyObject, sigBuf);
-        }
-        else if (keyType === 'rsa') {
-            isValid = crypto_1.default.verify('sha256', dataBuf, keyObject, sigBuf);
-        }
-        else {
-            throw new Error(`Tipo de clave pública no soportado: ${String(keyType)}`);
-        }
+        const isValid = crypto_1.default.verify(null, Buffer.from(payloadToVerify), keyObject, Buffer.from(pack.signature, 'base64'));
         if (!isValid) {
-            throw new Error('Firma de pack inválida.');
+            throw new Error('Invalid pack signature.');
         }
         return true;
     }
     catch (error) {
-        const msg = error instanceof Error ? error.message : 'error_validando_firma';
-        if (msg.includes('asn1') || msg.includes('DECODER') || msg.includes('wrong tag')) {
-            throw new Error(`${msg}. Comprueba que REPOFENCE_SIGNING_KEY en el API sea el par Ed25519 de public_key.pem ` +
-                '(o que REPOFENCE_PUBLIC_KEY en el cliente sea la clave pública que corresponde a la privada del servidor).');
-        }
+        const msg = error instanceof Error ? error.message : 'signature_validation_error';
         throw new Error(msg);
     }
 };

package/dist/core/targets.js

@@ -0,0 +1,40 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPackIdForTarget = exports.isIdeTarget = exports.getTargetProfile = void 0;
+const os_1 = __importDefault(require("os"));
+const path_1 = __importDefault(require("path"));
+const home = os_1.default.homedir();
+const TARGETS = {
+    cursor: {
+        id: 'cursor',
+        displayName: 'Cursor',
+        installBaseDir: path_1.default.join(home, '.cursor', 'commands'),
+        helpCommand: '/repofence.help',
+        packIdEnv: 'REPOFENCE_PACK_ID',
+        specGuideTemplate: 'IDE_CURSOR.md',
+    },
+    claude: {
+        id: 'claude',
+        displayName: 'Claude Code',
+        installBaseDir: path_1.default.join(home, '.claude', 'skills'),
+        helpCommand: '/repofence-reverse',
+        packIdEnv: 'REPOFENCE_CLAUDE_PACK_ID',
+        specGuideTemplate: 'IDE_CLAUDE.md',
+    },
+};
+const getTargetProfile = (target) => TARGETS[target];
+exports.getTargetProfile = getTargetProfile;
+const isIdeTarget = (value) => value === 'cursor' || value === 'claude';
+exports.isIdeTarget = isIdeTarget;
+const getPackIdForTarget = (target) => {
+    const profile = (0, exports.getTargetProfile)(target);
+    if (profile.id === 'claude') {
+        return process.env[profile.packIdEnv] || process.env.REPOFENCE_PACK_ID || 'core';
+    }
+    return process.env[profile.packIdEnv] || 'core';
+};
+exports.getPackIdForTarget = getPackIdForTarget;
+//# sourceMappingURL=targets.js.map

package/dist/templates/CLAUDE.md

@@ -0,0 +1,27 @@
+# Repofence SDD Instructions
+
+Use the spec layer as the primary source of truth in this repository.
+
+## Mandatory workflow
+
+1. Read `/spec/AI_RULES.md` first.
+2. Read `/spec/SYSTEM_OVERVIEW.md`, `/spec/CORE_FLOWS.md`, and `/spec/BOUNDARIES.md`.
+3. For brownfield projects, run `/repofence-reverse` before planning implementation work.
+4. If specs are missing or stale, say so explicitly and propose how to refresh.
+
+## Commanding model
+
+- Use Repofence skills for repeatable workflows:
+  - `/repofence-reverse`
+  - `/repofence-ask`
+  - `/repofence-plan`
+  - `/repofence-build`
+  - `/repofence-review`
+  - `/repofence-finish`
+
+## Boundaries
+
+- Do not invent architecture details not present in specs.
+- Do not silently violate constraints in `BOUNDARIES.md`.
+- If implementation work conflicts with specs, stop and ask for direction.
+

package/dist/templates/CLAUDE_RULES_SDD.md

@@ -0,0 +1,20 @@
+# SDD Rules (Repofence)
+
+These rules apply when editing this project with Claude Code.
+
+## Spec-first
+
+- Always read `spec/AI_RULES.md` before implementation.
+- Treat `spec/SYSTEM_OVERVIEW.md`, `spec/CORE_FLOWS.md`, and `spec/BOUNDARIES.md` as authoritative context.
+
+## Brownfield priority
+
+- Use `/repofence-reverse` early to keep specs aligned with code.
+- If spec coverage is incomplete, label unknowns explicitly instead of guessing.
+
+## Quality checks
+
+- Validate changes against boundaries before finalizing.
+- Keep specs updated when workflows, boundaries, or invariants change.
+- Prefer small, traceable diffs from task to implementation.
+

package/dist/templates/IDE_CLAUDE.md

@@ -0,0 +1,33 @@
+# Claude Code Integration Guide
+
+This guide provides ready-to-copy prompts for using Claude Code with `{{PROJECT_NAME}}`.
+
+## First Prompt
+
+Use this at the start of every session:
+
+```
+Read /spec/AI_RULES.md first, then /spec/SYSTEM_OVERVIEW.md, /spec/CORE_FLOWS.md, and /spec/BOUNDARIES.md. Summarize constraints before changing code.
+```
+
+## Brownfield Fast Path (reverse-first)
+
+```
+Run /repofence-reverse first to refresh the spec layer for this codebase. Then use /repofence-ask to answer questions only from specs.
+```
+
+## Recommended Skill Flow
+
+1. `/repofence-reverse` for brownfield discovery
+2. `/repofence-ask` for spec-only Q&A
+3. `/repofence-plan` before code changes
+4. `/repofence-build` for task execution
+5. `/repofence-review` and `/repofence-finish` to close work
+
+## Guardrails
+
+- Use specs as source of truth.
+- If a spec is stale or missing, call it out explicitly.
+- Never guess implementation details when specs do not contain them.
+- Update specs when behavior or boundaries change.
+

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "repofence",
-  "version": "0.1.8",
+  "version": "0.2.1",
   "description": "Repofence CLI (packs + backend auth)",
   "main": "dist/cli.js",
   "bin": {
-    "repofence": "./dist/cli.js"
+    "repofence": "dist/cli.js"
   },
   "files": [
     "dist/**/*.js",
@@ -20,9 +20,7 @@
     "start:cli": "node dist/cli.js",
     "dev": "ts-node src/cli.ts",
     "backend": "ts-node backend/server.ts",
-    "backend:start": "node backend-dist/server.js",
-    "inspect:signing": "ts-node scripts/inspect-signing-key.ts",
-    "verify:pack-sig": "ts-node scripts/verify-pack-signature-files.ts"
+    "backend:start": "node backend-dist/server.js"
   },
   "keywords": [
     "sdd",
@@ -39,7 +37,6 @@
     "commander": "^11.1.0",
     "dotenv": "^16.4.5",
     "open": "^11.0.0",
-    "repofence": "^0.1.2",
     "tar": "^6.2.1"
   },
   "devDependencies": {