tribunal-kit 4.0.1 → 4.3.0

package/.agent/scripts/verify_all.js

@@ -0,0 +1,256 @@
+#!/usr/bin/env node
+/**
+ * verify_all.js — Full pre-deploy validation suite for the Tribunal Agent Kit.
+ *
+ * Runs comprehensive checks before any production deployment.
+ *
+ * Usage:
+ *   node .agent/scripts/verify_all.js
+ *   node .agent/scripts/verify_all.js --skip build,deps
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const { execFileSync } = require('child_process');
+
+// ━━━ ANSI colors ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+const RED    = '\x1b[91m';
+const GREEN  = '\x1b[92m';
+const YELLOW = '\x1b[93m';
+const BLUE   = '\x1b[94m';
+const BOLD   = '\x1b[1m';
+const RESET  = '\x1b[0m';
+
+const RESULTS = [];
+
+function section(title) {
+    console.log(`\n${BOLD}${BLUE}━━━ ${title} ━━━${RESET}`);
+}
+
+function ok(label, note) {
+    const msg = `${GREEN}✅ ${label}${RESET}` + (note ? `  ${YELLOW}(${note})${RESET}` : '');
+    console.log(`  ${msg}`);
+    RESULTS.push({ label, passed: true, note: note || '' });
+}
+
+function fail(label, note) {
+    const noteStr = note ? `\n     ${note}` : '';
+    console.log(`  ${RED}❌ ${label}${RESET}${noteStr}`);
+    RESULTS.push({ label, passed: false, note: note || '' });
+}
+
+function skip(label, reason) {
+    console.log(`  ${YELLOW}⏭️  ${label} — ${reason}${RESET}`);
+    RESULTS.push({ label, passed: true, note: `skipped: ${reason}` });
+}
+
+/**
+ * Run a shell command and return true if it exits with code 0.
+ */
+function run(label, cmd, cwd) {
+    try {
+        const isWindows = process.platform === 'win32';
+        let bin = cmd[0];
+        if (isWindows && (bin === 'npm' || bin === 'npx')) bin += '.cmd';
+
+        execFileSync(bin, cmd.slice(1), {
+            cwd,
+            stdio: 'pipe',
+            timeout: 120000,
+            encoding: 'utf8',
+        });
+        ok(label);
+        return true;
+    } catch (err) {
+        if (err.code === 'ENOENT') {
+            skip(label, 'tool not installed — skipping');
+            return true;
+        }
+        if (err.killed) {
+            fail(label, 'timed out after 120s');
+            return false;
+        }
+        const output = ((err.stdout || '') + (err.stderr || '')).trim();
+        fail(label, output ? output.slice(0, 500) : 'non-zero exit code');
+        return false;
+    }
+}
+
+
+/**
+ * Scan source files for obviously hardcoded credentials.
+ */
+function scanSecrets(cwd) {
+    const patterns = ['password=', 'secret=', 'api_key=', 'private_key=', 'auth_token='];
+    const found = [];
+    const skipDirs = new Set(['node_modules', '.git', 'dist', '__pycache__', '.agent']);
+
+    function walk(dir) {
+        let entries;
+        try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+
+        for (const entry of entries) {
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                if (!skipDirs.has(entry.name)) walk(fullPath);
+            } else if (entry.isFile()) {
+                if (!/\.(ts|js|tsx|jsx|py)$/.test(entry.name)) continue;
+
+                let content;
+                try { content = fs.readFileSync(fullPath, 'utf8'); } catch { continue; }
+
+                const lines = content.split('\n');
+                for (let i = 0; i < lines.length; i++) {
+                    const low = lines[i].toLowerCase().trim();
+                    const hasPattern = patterns.some(p => low.includes(p));
+                    if (hasPattern && !low.startsWith('#') && low.includes('=')) {
+                        const rel = path.relative(cwd, fullPath);
+                        found.push(`${rel}:${i + 1}`);
+                    }
+                }
+            }
+        }
+    }
+
+    walk(cwd);
+
+    if (found.length > 0) {
+        fail('Secret scan', found.slice(0, 5).join('\n     '));
+        return false;
+    }
+    ok('Secret scan — no hardcoded credentials found');
+    return true;
+}
+
+
+/**
+ * Check if there's a package.json to run npm commands against.
+ */
+function hasNpm(cwd) {
+    return fs.existsSync(path.join(cwd, 'package.json'));
+}
+
+
+/**
+ * Run all verification checks. Returns number of failures.
+ */
+function verifyAll(cwd, skipped) {
+    let failures = 0;
+
+    section('1 — Secret Scan');
+    if (!skipped.includes('secrets')) {
+        if (!scanSecrets(cwd)) failures++;
+    } else {
+        skip('Secret scan', 'skipped by flag');
+    }
+
+    section('2 — TypeScript');
+    if (!skipped.includes('typescript')) {
+        if (hasNpm(cwd)) {
+            if (!run('tsc --noEmit', ['npx', 'tsc', '--noEmit'], cwd)) failures++;
+        } else {
+            skip('TypeScript', 'no package.json found in project');
+        }
+    } else {
+        skip('TypeScript', 'skipped by flag');
+    }
+
+    section('3 — ESLint');
+    if (!skipped.includes('lint')) {
+        if (hasNpm(cwd)) {
+            if (!run('ESLint', ['npx', 'eslint', '.', '--max-warnings=0'], cwd)) failures++;
+        } else {
+            skip('ESLint', 'no package.json found in project');
+        }
+    } else {
+        skip('ESLint', 'skipped by flag');
+    }
+
+    section('4 — Unit Tests');
+    if (!skipped.includes('tests')) {
+        if (hasNpm(cwd)) {
+            if (!run('Test suite', ['npm', 'test', '--', '--passWithNoTests'], cwd)) failures++;
+        } else {
+            skip('Tests', 'no package.json found in project');
+        }
+    } else {
+        skip('Tests', 'skipped by flag');
+    }
+
+    section('5 — Build');
+    if (!skipped.includes('build')) {
+        if (hasNpm(cwd)) {
+            if (!run('npm run build', ['npm', 'run', 'build'], cwd)) failures++;
+        } else {
+            skip('Build', 'no package.json found in project');
+        }
+    } else {
+        skip('Build', 'skipped by flag');
+    }
+
+    section('6 — Dependency Audit');
+    if (!skipped.includes('deps')) {
+        if (hasNpm(cwd)) {
+            if (!run('npm audit', ['npm', 'audit', '--audit-level=high'], cwd)) failures++;
+        } else {
+            skip('Dependency audit', 'no package.json found in project');
+        }
+    } else {
+        skip('Dependency audit', 'skipped by flag');
+    }
+
+    // ━━━ Summary ━━━
+    console.log(`\n${BOLD}━━━ Summary ━━━${RESET}`);
+    for (const { label, passed, note } of RESULTS) {
+        const status = passed ? `${GREEN}✅${RESET}` : `${RED}❌${RESET}`;
+        const noteStr = (!passed && note) ? `  ${YELLOW}(${note})${RESET}` : '';
+        console.log(`  ${status} ${label}${noteStr}`);
+    }
+
+    console.log();
+    if (failures === 0) {
+        console.log(`${GREEN}${BOLD}All checks passed — safe to deploy.${RESET}`);
+    } else {
+        console.log(`${RED}${BOLD}${failures} check(s) failed — fix before deploying.${RESET}`);
+    }
+
+    return failures;
+}
+
+
+/**
+ * Parse CLI arguments manually (no external dependencies).
+ */
+function parseArgs(argv) {
+    const args = { skip: [] };
+    const raw = argv.slice(2);
+
+    for (let i = 0; i < raw.length; i++) {
+        if (raw[i] === '--skip' && raw[i + 1]) {
+            args.skip = raw[++i].split(',').map(s => s.trim().toLowerCase()).filter(Boolean);
+        }
+    }
+    return args;
+}
+
+
+function main() {
+    const args = parseArgs(process.argv);
+    const cwd = process.cwd();
+
+    console.log(`${BOLD}Tribunal — verify_all.js${RESET}`);
+    console.log(`Project: ${cwd}\n`);
+
+    const failures = verifyAll(cwd, args.skip);
+    process.exit(failures > 0 ? 1 : 0);
+}
+
+
+// ━━━ Exports for testing & programmatic use ━━━
+module.exports = { verifyAll, scanSecrets, hasNpm };
+
+if (require.main === module) {
+    main();
+}

package/.agent/skills/agent-organizer/SKILL.md

@@ -98,3 +98,45 @@ Automation without oversight is reckless. The Organizer manages when to pause an
 2. **Recovery Gate (After 3 Failures):** "The database migration script has failed 3 times. I am halting. How would you like to proceed?"
 
 ---
+
+
+---
+
+
+
+AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
+
+1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
+2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
+3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
+4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
+
+---
+
+
+
+**Slash command: `/review` or `/tribunal-full`**
+**Active reviewers: `logic-reviewer` · `security-auditor`**
+
+### ❌ Forbidden AI Tropes
+
+1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
+2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
+3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+
+
+
+Review these questions before confirming output:
+```
+✅ Did I rely ONLY on real, verified tools and methods?
+✅ Is this solution appropriately scoped to the user's constraints?
+✅ Did I handle potential failure modes and edge cases?
+✅ Have I avoided generic boilerplate that doesn't add value?
+```
+
+### 🛑 Verification-Before-Completion (VBC) Protocol
+
+**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
+- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.

package/.agent/skills/agentic-patterns/SKILL.md

@@ -263,3 +263,45 @@ Evidence:    [link to terminal output, test result, or file diff]
 ```
 
 ---
+
+
+---
+
+
+
+AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
+
+1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
+2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
+3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
+4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
+
+---
+
+
+
+**Slash command: `/review` or `/tribunal-full`**
+**Active reviewers: `logic-reviewer` · `security-auditor`**
+
+### ❌ Forbidden AI Tropes
+
+1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
+2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
+3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+
+
+
+Review these questions before confirming output:
+```
+✅ Did I rely ONLY on real, verified tools and methods?
+✅ Is this solution appropriately scoped to the user's constraints?
+✅ Did I handle potential failure modes and edge cases?
+✅ Have I avoided generic boilerplate that doesn't add value?
+```
+
+### 🛑 Verification-Before-Completion (VBC) Protocol
+
+**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
+- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.

package/.agent/skills/ai-prompt-injection-defense/SKILL.md

@@ -132,3 +132,45 @@ Many injections occur because the LLM includes malicious data in its output, whi
 - **Enforce JSON Schemas.** If the LLM goes off-script and starts blabbering, Zod validation should instantly fail the parsing and reject the output.
 
 ---
+
+
+---
+
+
+
+AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
+
+1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
+2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
+3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
+4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
+
+---
+
+
+
+**Slash command: `/review` or `/tribunal-full`**
+**Active reviewers: `logic-reviewer` · `security-auditor`**
+
+### ❌ Forbidden AI Tropes
+
+1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
+2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
+3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+
+
+
+Review these questions before confirming output:
+```
+✅ Did I rely ONLY on real, verified tools and methods?
+✅ Is this solution appropriately scoped to the user's constraints?
+✅ Did I handle potential failure modes and edge cases?
+✅ Have I avoided generic boilerplate that doesn't add value?
+```
+
+### 🛑 Verification-Before-Completion (VBC) Protocol
+
+**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
+- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.

package/.agent/skills/api-patterns/SKILL.md

@@ -195,3 +195,45 @@ Protect against:
 | **OAuth 2.0 / OIDC** | Third-party login, delegated access |
 | **API Key** | Server-to-server, public API consumers |
 | **Passkey (WebAuthn)** | Modern passwordless (2026+) |
+
+
+---
+
+
+
+AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
+
+1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
+2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
+3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
+4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
+
+---
+
+
+
+**Slash command: `/review` or `/tribunal-full`**
+**Active reviewers: `logic-reviewer` · `security-auditor`**
+
+### ❌ Forbidden AI Tropes
+
+1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
+2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
+3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+
+
+
+Review these questions before confirming output:
+```
+✅ Did I rely ONLY on real, verified tools and methods?
+✅ Is this solution appropriately scoped to the user's constraints?
+✅ Did I handle potential failure modes and edge cases?
+✅ Have I avoided generic boilerplate that doesn't add value?
+```
+
+### 🛑 Verification-Before-Completion (VBC) Protocol
+
+**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
+- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.

package/.agent/skills/api-security-auditor/SKILL.md

@@ -141,3 +141,45 @@ const server = new ApolloServer({
 ```
 
 ---
+
+
+---
+
+
+
+AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
+
+1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
+2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
+3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
+4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
+
+---
+
+
+
+**Slash command: `/review` or `/tribunal-full`**
+**Active reviewers: `logic-reviewer` · `security-auditor`**
+
+### ❌ Forbidden AI Tropes
+
+1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
+2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
+3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+
+
+
+Review these questions before confirming output:
+```
+✅ Did I rely ONLY on real, verified tools and methods?
+✅ Is this solution appropriately scoped to the user's constraints?
+✅ Did I handle potential failure modes and edge cases?
+✅ Have I avoided generic boilerplate that doesn't add value?
+```
+
+### 🛑 Verification-Before-Completion (VBC) Protocol
+
+**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
+- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.

package/.agent/skills/app-builder/SKILL.md

@@ -520,3 +520,45 @@ Monorepo:
 |Payment|Stripe|LemonSqueezy, Paddle|
 |Email|-|Resend, SendGrid|
 |Search|-|Algolia, Typesense|
+
+
+---
+
+
+
+AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
+
+1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
+2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
+3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
+4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
+
+---
+
+
+
+**Slash command: `/review` or `/tribunal-full`**
+**Active reviewers: `logic-reviewer` · `security-auditor`**
+
+### ❌ Forbidden AI Tropes
+
+1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
+2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
+3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
+
+
+
+Review these questions before confirming output:
+```
+✅ Did I rely ONLY on real, verified tools and methods?
+✅ Is this solution appropriately scoped to the user's constraints?
+✅ Did I handle potential failure modes and edge cases?
+✅ Have I avoided generic boilerplate that doesn't add value?
+```
+
+### 🛑 Verification-Before-Completion (VBC) Protocol
+
+**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
+- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.

package/.agent/skills/app-builder/templates/SKILL.md

@@ -35,3 +35,73 @@ allowed-tools: Read, Glob, Grep
 2. Match to appropriate template
 3. Read ONLY that template's TEMPLATE.md
 4. Follow its tech stack and structure
+
+---
+
+## 🚨 LLM Trap Table
+
+|Pattern|What AI Does Wrong|What Is Actually Correct|
+|:---|:---|:---|
+|[domain-specific trap 1]|[hallucination]|[correct behavior]|
+|[domain-specific trap 2]|[hallucination]|[correct behavior]|
+|[domain-specific trap 3]|[hallucination]|[correct behavior]|
+
+---
+
+## ✅ Pre-Flight Self-Audit
+
+Before producing any output, verify:
+``
+✅ Did I read the actual files before making claims about them?
+✅ Did I verify all method names against official documentation?
+✅ Did I add // VERIFY: on any uncertain API calls?
+✅ Are all imports from packages that actually exist in package.json?
+✅ Did I test my logic with edge cases (null, empty, 0, max)?
+✅ Did I avoid generating code for more than one module at a time?
+✅ Am I working from evidence, not assumption?
+``
+
+---
+
+## 🔁 VBC Protocol (Verify → Build → Confirm)
+
+``
+VERIFY:  Read the actual codebase before writing anything
+BUILD:   Generate the smallest meaningful unit of code
+CONFIRM: Verify the output is correct before presenting
+``
+
+---
+
+## 🚨 LLM Trap Table
+
+|Pattern|What AI Does Wrong|What Is Actually Correct|
+|:---|:---|:---|
+|[domain-specific trap 1]|[hallucination]|[correct behavior]|
+|[domain-specific trap 2]|[hallucination]|[correct behavior]|
+|[domain-specific trap 3]|[hallucination]|[correct behavior]|
+
+---
+
+## ✅ Pre-Flight Self-Audit
+
+Before producing any output, verify:
+``
+✅ Did I read the actual files before making claims about them?
+✅ Did I verify all method names against official documentation?
+✅ Did I add // VERIFY: on any uncertain API calls?
+✅ Are all imports from packages that actually exist in package.json?
+✅ Did I test my logic with edge cases (null, empty, 0, max)?
+✅ Did I avoid generating code for more than one module at a time?
+✅ Am I working from evidence, not assumption?
+``
+
+---
+
+## 🔁 VBC Protocol (Verify → Build → Confirm)
+
+``
+VERIFY:  Read the actual codebase before writing anything
+BUILD:   Generate the smallest meaningful unit of code
+CONFIRM: Verify the output is correct before presenting
+``

package/.agent/skills/app-builder/templates/astro-static/TEMPLATE.md

@@ -73,4 +73,4 @@ project-name/
 - Use Content Collections for type safety
 - Leverage static generation
 - Add islands only where needed
-- Optimize images with Astro Image
+- Optimize images with Astro Image

package/.agent/skills/app-builder/templates/chrome-extension/TEMPLATE.md

@@ -89,4 +89,4 @@ project-name/
 - Use type-safe messaging
 - Wrap Chrome APIs in promises
 - Minimize permissions
-- Handle offline gracefully
+- Handle offline gracefully

package/.agent/skills/app-builder/templates/cli-tool/TEMPLATE.md

@@ -85,4 +85,4 @@ npm publish
 - Support both interactive and non-interactive modes
 - Use consistent output styling
 - Validate inputs with Zod
-- Exit with proper codes (0 success, 1 error)
+- Exit with proper codes (0 success, 1 error)

package/.agent/skills/app-builder/templates/electron-desktop/TEMPLATE.md

@@ -85,4 +85,4 @@ project-name/
 - Type-safe IPC with typed handlers
 - Custom title bar for native feel
 - Handle window state (maximize, minimize)
-- Auto-updates with electron-updater
+- Auto-updates with electron-updater

package/.agent/skills/app-builder/templates/express-api/TEMPLATE.md

@@ -80,4 +80,4 @@ project-name/
 - Validate all inputs with Zod
 - Centralized error handling
 - Environment-based config
-- Use Prisma for type-safe DB access
+- Use Prisma for type-safe DB access

package/.agent/skills/app-builder/templates/flutter-app/TEMPLATE.md

@@ -87,4 +87,4 @@ project_name/
 - Riverpod for state, React Query pattern for server state
 - Freezed for immutable data classes
 - Go Router for declarative navigation
-- Material 3 theming
+- Material 3 theming

package/.agent/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md

@@ -87,4 +87,4 @@ project-name/
 - Shared configs in packages/config
 - Shared types in packages/types
 - Internal packages with `workspace:*`
-- Use Turbo remote caching for CI
+- Use Turbo remote caching for CI

package/.agent/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md

@@ -119,4 +119,4 @@ project-name/
 - **Mutations**: Use Server Actions combined with React 19's `useActionState` to handle loading and error states instead of manual useState.
 - **Type Safety**: Share Zod schemas between Server Actions (input validation) and Client Forms.
 - **Security**: Always validate input data with Zod before passing it to Prisma.
-- **Styling**: Use native CSS variables in Tailwind v4 for easier dynamic theming.
+- **Styling**: Use native CSS variables in Tailwind v4 for easier dynamic theming.

package/.agent/skills/app-builder/templates/nextjs-saas/TEMPLATE.md

@@ -119,4 +119,4 @@ project-name/
 7. Run project:
    ```bash
    npm run dev
-   ```
+   ```

package/.agent/skills/app-builder/templates/nextjs-static/TEMPLATE.md

@@ -166,4 +166,4 @@ export const metadata: Metadata = {
 - **React Server Components (RSC)**: Default all components to Server Components. Only add `'use client'` when you need state (`useState`) or event listeners (`onClick`).
 - **Image Optimization**: Use the `<Image />` component but remember `unoptimized: true` for static export or use an external image CDN (Cloudinary/Imgix).
 - **Font Optimization**: Use `next/font` (Google Fonts) to automatically host fonts and prevent layout shift.
-- **Responsive**: Mobile-first design using Tailwind prefixes like `sm:`, `md:`, `lg:`.
+- **Responsive**: Mobile-first design using Tailwind prefixes like `sm:`, `md:`, `lg:`.