vibe-and-thrive 1.0.0

package/.claude/commands/tdd-feature.md

@@ -0,0 +1,227 @@
+# TDD Feature
+
+Implement a feature using Test-Driven Development: write the failing E2E test first, then build the feature to make it pass.
+
+## Instructions
+
+This skill follows the TDD workflow:
+1. **Red**: Write a failing test that defines what success looks like
+2. **Green**: Implement the minimum code to make the test pass
+3. **Refactor**: Clean up while keeping tests green
+
+### Phase 1: Discovery
+
+Before writing any code, understand the project's testing setup:
+
+**Check for Playwright configuration:**
+- Look for `playwright.config.ts` or `playwright.config.js`
+- Find the test directory (`e2e/`, `tests/`, etc.)
+- Note the base URL configuration
+
+**Check for existing test patterns:**
+- Search for `*.spec.ts` or `*.test.ts` files in the test directory
+- Look for helper functions and utilities
+- Note how auth is handled in existing tests
+
+**Check the tech stack:**
+- Frontend framework (React, Vue, etc.)
+- API pattern (REST, GraphQL, tRPC)
+- Auth mechanism (session/cookie, JWT, OAuth)
+
+### Phase 2: Gather Requirements
+
+Ask the user:
+1. **"What feature are you building?"** - Get a clear description
+2. **"What should success look like?"** - Define acceptance criteria
+3. **"Does this require authentication?"** - Understand auth needs
+4. **"What API endpoints will this use?"** - Map the backend requirements
+
+If the user provides a feature description upfront like "Users can reset their password via email", proceed to Phase 3.
+
+### Phase 3: Write the Failing Test (RED)
+
+Create the E2E test file with the SCENARIO/EXPECTED/FAILURE pattern:
+
+```typescript
+import { test, expect, Page } from '@playwright/test';
+
+const BASE_URL = process.env.BASE_URL || 'http://localhost:3000';
+const API_BASE_URL = process.env.API_BASE_URL || 'http://localhost:8000';
+
+test.describe('[Feature Name]', () => {
+
+  test('[primary user action]', async ({ page }) => {
+    /**
+     * SCENARIO: As a [user type], when I [perform action],
+     *           I should [see expected outcome]
+     * EXPECTED: [Specific, measurable success criteria]
+     * FAILURE: [What would indicate the feature is broken]
+     */
+
+    // Navigate to the feature
+    await page.goto(`${BASE_URL}/feature-path`);
+
+    // Perform user actions
+    await page.getByRole('button', { name: /action/i }).click();
+    await page.fill('[data-testid="input-field"]', 'test value');
+    await page.getByRole('button', { name: /submit/i }).click();
+
+    // Wait for result
+    await page.waitForSelector('[data-testid="success-message"]', { timeout: 10000 });
+
+    // Critical assertion with debugging
+    const isSuccess = await page.locator('[data-testid="success-message"]').isVisible();
+    if (!isSuccess) {
+      console.error('FAIL: Success message not visible after form submission');
+      await page.screenshot({ path: 'e2e-feature-name-debug.png' });
+    }
+    expect(isSuccess).toBeTruthy();
+  });
+
+});
+```
+
+**Key testing patterns:**
+
+1. **Flexible locators** - Handle UI variations:
+```typescript
+const submitButton = page.getByRole('button', { name: /submit|save|confirm/i })
+  .or(page.locator('[data-testid="submit-btn"]'))
+  .or(page.locator('button[type="submit"]'));
+```
+
+2. **Wait for network** - Don't race with API calls:
+```typescript
+await Promise.all([
+  page.waitForResponse(resp => resp.url().includes('/api/') && resp.status() === 200),
+  submitButton.click()
+]);
+```
+
+3. **Screenshot on failure** - Always capture debug info:
+```typescript
+if (!condition) {
+  console.error('FAIL: Description of what went wrong');
+  await page.screenshot({ path: 'e2e-descriptive-name.png' });
+}
+expect(condition).toBeTruthy();
+```
+
+### Phase 4: Run the Test (Confirm RED)
+
+Tell the user to run:
+```bash
+npx playwright test [test-file] --headed
+```
+
+The test should fail because the feature doesn't exist yet. Verify:
+- The test fails for the **right reason** (missing UI, 404 endpoint, etc.)
+- Not because of test setup issues
+
+If it fails for wrong reasons, fix the test first.
+
+### Phase 5: Implement the Feature (GREEN)
+
+Now implement the minimum code to make the test pass:
+
+1. **Create the UI components** - Only what the test checks for
+2. **Create the API endpoints** - Only what the test calls
+3. **Wire them together** - Focus on the happy path first
+
+Keep implementation minimal. Don't add:
+- Features not covered by the test
+- Error handling beyond what's tested
+- Optimization or polish
+
+### Phase 6: Run the Test (Confirm GREEN)
+
+```bash
+npx playwright test [test-file] --headed
+```
+
+The test should now pass. If it doesn't:
+- Check the console for errors
+- Look at the failure screenshot
+- Adjust implementation, not the test (unless test was wrong)
+
+### Phase 7: Refactor (Keep GREEN)
+
+With a passing test as your safety net, now you can:
+- Extract reusable components
+- Add proper error handling
+- Improve code organization
+- Add TypeScript types
+
+Run the test after each change to ensure nothing breaks.
+
+### Phase 8: Expand Test Coverage
+
+Add tests for:
+- Edge cases (empty inputs, long strings, special characters)
+- Error scenarios (network failure, invalid data)
+- Auth variations (logged out, different roles)
+
+Each new test follows the same cycle: write failing test → implement → verify.
+
+## Example: Password Reset Feature
+
+**User says:** "Users can reset their password via email"
+
+**Phase 3 - Write failing test:**
+```typescript
+test.describe('Password Reset', () => {
+
+  test('user can request password reset email', async ({ page }) => {
+    /**
+     * SCENARIO: As a user who forgot my password, when I enter my email
+     *           and click "Reset Password", I should see confirmation
+     * EXPECTED: Success message appears, email is sent (mock)
+     * FAILURE: Error shown, no confirmation, or page crashes
+     */
+
+    await page.goto(`${BASE_URL}/forgot-password`);
+
+    // Enter email
+    await page.fill('input[type="email"]', 'test@example.com');
+
+    // Submit request
+    await page.getByRole('button', { name: /reset|send/i }).click();
+
+    // Verify success
+    const successMessage = page.getByText(/check your email|reset link sent/i);
+    await expect(successMessage).toBeVisible({ timeout: 10000 });
+  });
+
+  test('shows error for unregistered email', async ({ page }) => {
+    /**
+     * SCENARIO: As a visitor with an unregistered email, when I request
+     *           a password reset, I should see an appropriate message
+     * EXPECTED: Message indicating email not found or generic success (for security)
+     * FAILURE: Crash, no feedback, or reveals registration status
+     */
+
+    await page.goto(`${BASE_URL}/forgot-password`);
+    await page.fill('input[type="email"]', 'notregistered@example.com');
+    await page.getByRole('button', { name: /reset|send/i }).click();
+
+    // Either error message OR same success message (for security)
+    const response = page.getByText(/check your email|not found|no account/i);
+    await expect(response).toBeVisible({ timeout: 10000 });
+  });
+
+});
+```
+
+**Phase 5 - Implement:**
+1. Create `/forgot-password` route
+2. Create ForgotPasswordForm component
+3. Create `POST /api/auth/reset-password` endpoint
+4. Wire up form to API
+
+## Notes
+
+- **Test behavior, not implementation** - Tests should pass regardless of how feature is built
+- **One feature per test file** - Keep tests focused and fast
+- **Independent tests** - Each test sets up its own data, doesn't depend on others
+- **Descriptive failures** - Make it easy to debug when tests fail
+- **Run tests frequently** - Catch regressions immediately

package/.claude/commands/vibe-check.md

@@ -0,0 +1,112 @@
+# Vibe Check
+
+Run a comprehensive code quality check on the current codebase, looking for common patterns that AI coding agents introduce.
+
+## Instructions
+
+Analyze the codebase for the following issues. For each category, search the relevant file types and report what you find.
+
+### 1. Debug Statements
+Search for debug statements that shouldn't go to production:
+- Python: `print()`, `breakpoint()`, `pdb.set_trace()`, `ipdb`
+- JS/TS: `console.log()`, `console.debug()`, `console.info()`, `debugger`
+
+Ignore: `console.error()`, `console.warn()`, `logger.*` calls, and lines with `// noqa: debug` or `# noqa: debug`
+
+### 2. TODO/FIXME Comments
+Search for unfinished work markers:
+- `TODO`, `FIXME`, `XXX`, `HACK`, `BUG`
+
+Skip markdown files and dedicated TODO files.
+
+### 3. Empty Catch Blocks
+Search for error handling that silently swallows errors:
+- Python: `except: pass` or `except Exception: pass`
+- JS/TS: `catch (e) {}` or `.catch(() => {})`
+
+### 4. Hardcoded URLs
+Search for localhost/development URLs:
+- `http://localhost:`
+- `http://127.0.0.1:`
+
+Skip test files and config files.
+
+### 5. snake_case in TypeScript
+Search TypeScript interface/type definitions for snake_case property names that should be camelCase.
+
+### 6. Magic Numbers
+In Python files, look for hardcoded numbers > 10 that aren't in constants files.
+
+### 7. Potential Secrets
+Search for patterns that look like hardcoded secrets:
+- `AKIA` (AWS keys)
+- `sk-` followed by long strings (OpenAI/Stripe)
+- `ghp_` (GitHub tokens)
+- Connection strings with passwords
+
+Skip `.env.example` files.
+
+### 8. DRY Violations
+Look for obvious code duplication:
+- Very similar functions
+- Repeated string literals (same long string 3+ times)
+- Copy-pasted code blocks
+
+## Output Format
+
+Provide a summary report like this:
+
+```
+## Vibe Check Report
+
+### Summary
+- X issues found across Y files
+- Z high priority (secrets, hardcoded URLs)
+- W low priority (TODOs, debug statements)
+
+### High Priority (fix before committing)
+
+#### Potential Secrets
+- file.py:42 - Looks like an API key
+
+#### Hardcoded URLs
+- api.ts:15 - localhost URL should use env var
+
+### Medium Priority (fix soon)
+
+#### Empty Catch Blocks
+- service.py:88 - except: pass (silently swallows errors)
+
+#### snake_case in TypeScript
+- types.ts:12 - `user_id` should be `userId`
+
+### Low Priority (nice to fix)
+
+#### Debug Statements
+- utils.py:23 - print() statement
+- component.tsx:45 - console.log()
+
+#### TODO/FIXME
+- auth.py:67 - TODO: implement refresh token
+
+### Clean Areas
+- No magic numbers found
+- No DRY violations detected
+```
+
+If everything looks good:
+
+```
+## Vibe Check Report
+
+✨ Looking good! No issues found.
+
+Your code is clean and ready to ship.
+```
+
+## Notes
+
+- Focus on **actionable** findings, not nitpicks
+- Group by severity to help prioritize
+- If a file has many issues, summarize rather than listing every line
+- Be encouraging - the goal is to help, not shame

package/.pre-commit-hooks.yaml

@@ -0,0 +1,77 @@
+# vibe-and-thrive pre-commit hooks
+# All hooks use language: node for consistency
+
+# Security checks (blocking - these will fail the commit)
+- id: check-secrets
+  name: Check for hardcoded secrets
+  entry: npx vibe-check --only secrets --fail-on error
+  language: node
+  types_or: [python, javascript, ts, json, yaml]
+  pass_filenames: true
+
+- id: check-hardcoded-urls
+  name: Check for hardcoded URLs
+  entry: npx vibe-check --only urls --fail-on error
+  language: node
+  types_or: [python, javascript, ts]
+  pass_filenames: true
+
+- id: check-unsafe-html
+  name: Check for unsafe HTML manipulation
+  entry: npx vibe-check --only unsafe-html --fail-on error
+  language: node
+  types_or: [javascript, ts]
+  pass_filenames: true
+
+# Code quality checks (warnings - informational)
+- id: check-debug
+  name: Check for debug statements
+  entry: npx vibe-check --only debug --fail-on error
+  language: node
+  types_or: [python, javascript, ts]
+  pass_filenames: true
+
+- id: check-empty-catch
+  name: Check for empty catch blocks
+  entry: npx vibe-check --only empty-catch --fail-on warning
+  language: node
+  types_or: [python, javascript, ts]
+  pass_filenames: true
+
+- id: check-any-types
+  name: Check for any types in TypeScript
+  entry: npx vibe-check --only any-types --fail-on warning
+  language: node
+  types: [ts]
+  pass_filenames: true
+
+- id: check-snake-case
+  name: Check for snake_case in TypeScript
+  entry: npx vibe-check --only snake-case --fail-on warning
+  language: node
+  types: [ts]
+  pass_filenames: true
+
+# Comprehensive check (all hooks)
+- id: vibe-check
+  name: Vibe Check (all)
+  entry: npx vibe-check
+  language: node
+  types_or: [python, javascript, ts, json, yaml]
+  pass_filenames: true
+
+# Quick security-only check
+- id: vibe-check-security
+  name: Vibe Check (security only)
+  entry: npx vibe-check --only secrets,urls,unsafe-html --fail-on error
+  language: node
+  types_or: [python, javascript, ts, json, yaml]
+  pass_filenames: true
+
+# Quality-only check (non-blocking)
+- id: vibe-check-quality
+  name: Vibe Check (quality only)
+  entry: npx vibe-check --skip secrets,urls,unsafe-html --fail-on none
+  language: node
+  types_or: [python, javascript, ts]
+  pass_filenames: true

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 AllThrive AI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,167 @@
+# Vibe and Thrive
+
+**Catch common AI-generated code issues before they hit your codebase.**
+
+Whether you're using AI coding agents or building your own—these tools catch patterns that lead to technical debt automatically.
+
+## Install
+
+```bash
+npm install vibe-and-thrive
+```
+
+## Usage
+
+### CLI
+
+```bash
+# Check all files in current directory
+npx vibe-check .
+
+# Check specific files
+npx vibe-check src/app.ts src/utils.ts
+
+# Check with specific hooks only
+npx vibe-check . --only secrets,urls,debug
+
+# Skip specific hooks
+npx vibe-check . --skip any-types,snake-case
+
+# Output formats
+npx vibe-check . --format pretty   # Default: colored terminal output
+npx vibe-check . --format json     # JSON for CI/scripts
+npx vibe-check . --format compact  # One line per issue
+
+# Severity filtering
+npx vibe-check . --fail-on error   # Only fail on blocking issues (default)
+npx vibe-check . --fail-on warning # Fail on warnings too
+```
+
+### ESLint Plugin
+
+```bash
+npm install -D vibe-and-thrive eslint
+```
+
+```javascript
+// eslint.config.js
+import vibe from 'vibe-and-thrive/eslint-plugin';
+
+export default [
+  // Use recommended config
+  vibe.configs.recommended,
+
+  // Or configure individually
+  {
+    plugins: { vibe },
+    rules: {
+      'vibe/no-any-type': 'warn',
+      'vibe/no-snake-case-props': 'warn',
+      'vibe/no-debug-statements': 'error',
+      'vibe/no-empty-catch': 'warn',
+      'vibe/no-magic-numbers': 'off',
+      'vibe/no-deep-nesting': 'warn',
+      'vibe/max-function-length': ['warn', { max: 50 }],
+    }
+  }
+];
+```
+
+### Pre-commit Hooks
+
+Add to your `.pre-commit-config.yaml`:
+
+```yaml
+repos:
+  - repo: https://github.com/allthriveai/vibe-and-thrive
+    rev: v1.0.0
+    hooks:
+      - id: check-secrets          # BLOCKS commits
+      - id: check-hardcoded-urls   # BLOCKS commits
+      - id: check-debug            # Warns
+      - id: check-empty-catch      # Warns
+      - id: check-any-types        # Warns (TypeScript only)
+      - id: check-snake-case       # Warns (TypeScript only)
+      - id: vibe-check             # All checks
+      - id: vibe-check-security    # Security only (blocking)
+      - id: vibe-check-quality     # Quality only (non-blocking)
+```
+
+Then: `pre-commit install`
+
+### lint-staged
+
+```json
+{
+  "lint-staged": {
+    "*.{js,ts,jsx,tsx}": "vibe-check --fail-on error"
+  }
+}
+```
+
+### Claude Code
+
+Run `/vibe-check` in Claude Code for a full code quality audit.
+
+## Available Checks
+
+| Check | ID | Description | Severity |
+|-------|-----|-------------|----------|
+| Secrets | `secrets` | Hardcoded API keys, passwords, tokens | Error |
+| URLs | `urls` | Hardcoded localhost/production URLs | Error |
+| Unsafe HTML | `unsafe-html` | innerHTML, dangerouslySetInnerHTML, eval | Error |
+| Debug | `debug` | console.log, print(), debugger statements | Warning |
+| Empty Catch | `empty-catch` | Empty catch/except blocks | Warning |
+| Any Types | `any-types` | TypeScript `any` type usage | Warning |
+| Snake Case | `snake-case` | snake_case in TypeScript interfaces | Warning |
+| Magic Numbers | `magic-numbers` | Hardcoded numbers without names | Warning |
+| Function Length | `function-length` | Functions over 50 lines | Warning |
+| Deep Nesting | `deep-nesting` | Code nested more than 4 levels | Warning |
+| DRY | `dry` | Duplicated code blocks | Warning |
+| TODO/FIXME | `todo` | Incomplete work markers | Info |
+| Commented Code | `commented-code` | Commented-out code blocks | Info |
+| Console Error | `console-error` | console.error in catch blocks | Info |
+| Docker Platform | `docker-platform` | Missing --platform in Dockerfiles | Info |
+
+## ESLint Rules
+
+| Rule | Fixable | Description |
+|------|---------|-------------|
+| `vibe/no-any-type` | No | Disallow `any` type |
+| `vibe/no-snake-case-props` | Yes | Disallow snake_case properties |
+| `vibe/no-debug-statements` | No | Disallow console.log, debugger |
+| `vibe/no-empty-catch` | No | Disallow empty catch blocks |
+| `vibe/no-magic-numbers` | No | Disallow magic numbers |
+| `vibe/no-deep-nesting` | No | Disallow deep nesting |
+| `vibe/max-function-length` | No | Enforce max function length |
+
+## Claude Code Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `/vibe-check` | Full code quality audit |
+| `/styleguide` | Generate a styleguide from design preferences |
+| `/tdd-feature` | Build features test-first with AI |
+| `/e2e-scaffold` | Generate E2E test structure |
+| `/review` | Code review for issues |
+| `/explain` | Explain code line by line |
+| `/refactor` | Guided refactoring |
+| `/add-tests` | Add tests to existing code |
+| `/fix-types` | Fix TypeScript without `any` |
+| `/security-check` | Check for vulnerabilities |
+
+## Philosophy
+
+These are **guardrails, not gatekeepers**:
+- Warn about most issues (awareness > blocking)
+- Block only security-critical problems
+- Support `# noqa:` and `// eslint-disable` suppression
+- Little and often make much
+
+## License
+
+MIT - see [LICENSE](LICENSE)
+
+---
+
+Built by [AllThrive AI](https://allthrive.ai) for the vibe coding community.

package/bin/vibe-check.js

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+
+/**
+ * vibe-check CLI
+ *
+ * Usage:
+ *   npx vibe-check .
+ *   npx vibe-check src/app.ts
+ *   npx vibe-check . --only secrets,urls
+ *   npx vibe-check . --skip any-types
+ *   npx vibe-check . --format json
+ */
+
+import { main } from '../dist/cli.js';
+
+main(process.argv.slice(2)).catch((error) => {
+  console.error('Fatal error:', error.message);
+  process.exit(2);
+});

package/dist/cli.d.ts

@@ -0,0 +1,13 @@
+/**
+ * CLI entry point for vibe-check
+ */
+import type { CheckOptions, SummaryResult } from './utils/types.js';
+/**
+ * Main vibe-check function
+ */
+export declare function vibeCheck(files: string[], options?: CheckOptions): SummaryResult;
+/**
+ * CLI main function
+ */
+export declare function main(args: string[]): Promise<void>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EACV,YAAY,EAEZ,aAAa,EAId,MAAM,kBAAkB,CAAC;AAsI1B;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,GAAE,YAAiB,GAAG,aAAa,CA0CpF;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA6BxD"}