vibedoc 1.0.0 → 1.0.2

package/.next/server/chunks/118.js

@@ -0,0 +1,2107 @@
+"use strict";exports.id=118,exports.ids=[118],exports.modules={7118:(e,t,i)=>{i.d(t,{x:()=>a});let n=[{id:"claude-md",name:"CLAUDE.md",description:"AI agent instructions for Claude Code",defaultPath:"CLAUDE.md",category:"ai-agent",content:`# {{PROJECT_NAME}} — Agent Instructions
+
+## What this is
+{{DESCRIPTION}}
+
+## Stack
+{{TECH_STACK}}
+
+## Project type
+{{PROJECT_TYPE}}
+
+## Commands
+\`\`\`bash
+# Install dependencies
+{{PACKAGE_MANAGER}} install
+
+# Start development
+npm run dev
+
+# Build for production
+npm run build
+
+# Run tests
+npm test
+\`\`\`
+
+## Architecture
+- Primary language: {{PRIMARY_LANGUAGE}}
+- Deployment: {{DEPLOYMENT_PLATFORM}}
+- Key directories: \`src/\`, \`docs/\`, \`tests/\`
+- See \`docs/architecture/overview.md\` for full details
+
+## Read before coding
+- @docs/architecture/overview.md
+- @CONTRIBUTING.md
+
+## Key conventions
+{{CONVENTIONS}}
+
+## Key features
+{{KEY_FEATURES}}
+
+## Non-negotiables
+- Always run \`npm run build\` before marking a task done — build must pass
+- Never use localStorage — causes SSR/client mismatch
+- Never commit secrets or credentials
+- Maintain test coverage
+- Follow security best practices
+
+## Code style
+- Follow existing patterns before introducing new abstractions
+- Keep modules small and focused
+- Write tests for business logic
+- Prefer explicit over implicit
+`},{id:"agents-md",name:"AGENTS.md",description:"AI agent instructions (multi-agent / OpenAI)",defaultPath:"AGENTS.md",category:"ai-agent",content:`# {{PROJECT_NAME}} — Agent Instructions
+
+## Overview
+{{DESCRIPTION}}
+
+## Stack
+{{TECH_STACK}}
+
+## Commands
+\`\`\`bash
+npm install
+npm run dev
+npm run build
+npm test
+\`\`\`
+
+## Key conventions
+{{CONVENTIONS}}
+
+## Non-negotiables
+- Follow existing code patterns
+- Write tests for new features
+- Never commit secrets or credentials
+`},{id:"gemini-md",name:"GEMINI.md",description:"AI agent instructions for Gemini CLI",defaultPath:"GEMINI.md",category:"ai-agent",content:`# {{PROJECT_NAME}} — Gemini Agent Instructions
+
+## What this is
+{{DESCRIPTION}}
+
+## Stack
+{{TECH_STACK}}
+
+## Commands
+\`\`\`bash
+# Install dependencies
+npm install
+
+# Start development
+npm run dev
+
+# Build for production
+npm run build
+
+# Run tests
+npm test
+\`\`\`
+
+## Key conventions
+{{CONVENTIONS}}
+
+## Non-negotiables
+- Follow existing code patterns
+- Write tests for new features
+- Never commit secrets or credentials
+`},{id:"cursorrules",name:".cursorrules",description:"Cursor IDE rules for AI assistance",defaultPath:".cursorrules",category:"ai-agent",content:`# {{PROJECT_NAME}} — Cursor Rules
+
+## Project overview
+{{DESCRIPTION}}
+
+## Tech stack
+{{TECH_STACK}}
+
+## Code style
+- Use {{TECH_STACK}} conventions
+- Follow existing patterns in the codebase
+- Prefer explicit over implicit
+- Keep functions small and focused
+
+## Conventions
+{{CONVENTIONS}}
+
+## What NOT to do
+- Don't introduce new dependencies without discussion
+- Don't break existing tests
+- Don't commit secrets or credentials
+- Don't over-engineer simple solutions
+`},{id:"windsurfrules",name:".windsurfrules",description:"Windsurf IDE rules for AI assistance",defaultPath:".windsurfrules",category:"ai-agent",content:`# {{PROJECT_NAME}} — Windsurf Rules
+
+## Project overview
+{{DESCRIPTION}}
+
+## Tech stack
+{{TECH_STACK}}
+
+## Code style
+- Follow existing patterns in the codebase
+- Prefer explicit over implicit
+- Keep functions small and focused
+
+## Conventions
+{{CONVENTIONS}}
+
+## Non-negotiables
+- Don't introduce breaking changes
+- Don't commit secrets or credentials
+- Maintain test coverage
+`},{id:"copilot-instructions",name:"Copilot Instructions",description:"GitHub Copilot custom instructions",defaultPath:".github/copilot-instructions.md",category:"ai-agent",content:`# GitHub Copilot Instructions — {{PROJECT_NAME}}
+
+## Project overview
+{{DESCRIPTION}}
+
+## Tech stack
+{{TECH_STACK}}
+
+## Coding conventions
+{{CONVENTIONS}}
+
+## Key features
+{{KEY_FEATURES}}
+
+## Style guidelines
+- Follow existing patterns before creating new abstractions
+- Write descriptive variable and function names
+- Add comments for non-obvious logic only
+- Keep functions focused on a single responsibility
+
+## Testing
+- Write tests for all new functionality
+- Maintain existing test coverage
+- Use the project's established testing patterns
+`}],o=[{id:"contributing",name:"CONTRIBUTING.md",description:"Contribution guidelines",defaultPath:"CONTRIBUTING.md",category:"github",content:`# Contributing to {{PROJECT_NAME}}
+
+Thank you for your interest in contributing!
+
+## Getting started
+
+1. Fork the repository
+2. Clone your fork: \`git clone {{REPO_URL}}\`
+3. Create a feature branch: \`git checkout -b feat/your-feature\`
+4. Make your changes
+5. Submit a pull request
+
+## Branch naming
+
+| Type | Pattern | Example |
+|------|---------|---------|
+| Feature | \`feat/<description>\` | \`feat/user-auth\` |
+| Fix | \`fix/<description>\` | \`fix/login-crash\` |
+| Chore | \`chore/<description>\` | \`chore/update-deps\` |
+| Docs | \`docs/<description>\` | \`docs/api-guide\` |
+| Refactor | \`refactor/<description>\` | \`refactor/auth-module\` |
+| Release | \`release/<version>\` | \`release/v1.2.0\` |
+
+## Commit conventions
+
+We use [Conventional Commits](https://conventionalcommits.org):
+
+| Type | When to use |
+|------|------------|
+| \`feat\` | New feature |
+| \`fix\` | Bug fix |
+| \`docs\` | Documentation only |
+| \`refactor\` | Code change that's neither fix nor feature |
+| \`test\` | Adding or updating tests |
+| \`chore\` | Build process, dependencies, tooling |
+| \`perf\` | Performance improvement |
+| \`ci\` | CI/CD changes |
+
+Examples:
+\`\`\`
+feat: add user authentication
+fix: resolve login redirect issue
+docs: update API reference
+chore: upgrade dependencies
+feat!: redesign auth API (breaking change — note the !)
+\`\`\`
+
+## PR size guidance
+
+| Size | Lines changed | Guidance |
+|------|--------------|---------|
+| Small | < 400 lines | Ideal — fast to review |
+| Medium | 400–800 lines | Acceptable — add extra context in description |
+| Large | > 800 lines | Needs discussion before opening — split if possible |
+
+Large PRs slow down the team and increase the chance of missed issues. When in doubt, split.
+
+## Pull request process
+
+1. Fill out the PR template completely
+2. Ensure all CI checks pass
+3. Request review from at least one maintainer
+4. Address all review comments
+5. Squash commits before merge
+
+## Code review checklist
+
+**Author:**
+- [ ] Self-reviewed the diff before requesting review
+- [ ] PR description explains the "why", not just the "what"
+- [ ] Tests added/updated and passing
+- [ ] No secrets or credentials in code
+- [ ] Breaking changes noted in PR description
+
+**Reviewer:**
+- [ ] Code is correct and handles edge cases
+- [ ] No obvious performance issues
+- [ ] Tests are meaningful (not just coverage padding)
+- [ ] Naming is clear and consistent with the codebase
+- [ ] Documentation updated if public API changed
+
+## Code style
+{{CONVENTIONS}}
+
+## Reporting bugs
+
+Open an issue with:
+- Description of the bug
+- Steps to reproduce
+- Expected vs actual behavior
+- Environment details
+`},{id:"security",name:"SECURITY.md",description:"Security policy and vulnerability reporting",defaultPath:"SECURITY.md",category:"github",content:`# Security Policy — {{PROJECT_NAME}}
+
+## Supported versions
+
+| Version | Supported |
+|---------|-----------|
+| latest  | ✅ |
+| < 1.0   | ❌ |
+
+## Reporting a vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+To report a security issue, email: **security@example.com**
+
+You may optionally encrypt your report using our PGP key (key ID: \`0x00000000\`, available on keys.openpgp.org).
+
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Any suggested mitigations
+
+You will receive a response within **48 hours**. We will:
+1. Confirm receipt of your report
+2. Investigate and assess the issue
+3. Release a fix or mitigation
+4. Credit you in the release notes (unless you prefer anonymity)
+
+## Vulnerability SLAs
+
+| Severity | Fix SLA |
+|----------|---------|
+| Critical | 48 hours |
+| High | 7 days |
+| Medium | 30 days |
+| Low | 90 days |
+
+Dependabot alerts for **critical** vulnerabilities must be resolved within 48 hours. Run \`npm audit\` in CI on every PR.
+
+## Secrets rotation schedule
+
+| Secret | Rotation | Owner |
+|--------|----------|-------|
+| JWT signing key | Every 90 days | Platform team |
+| Database passwords | Every 180 days | Platform team |
+| API keys (third-party) | On staff change | Security team |
+| Deploy tokens | Every 90 days | DevOps |
+
+## OWASP Top 10 checklist
+
+- [ ] **A01 Broken Access Control** — Enforce authorization on every endpoint; deny by default
+- [ ] **A02 Cryptographic Failures** — Use TLS everywhere; never store plaintext secrets; use bcrypt/argon2 for passwords
+- [ ] **A03 Injection** — Use parameterized queries; validate and sanitize all input
+- [ ] **A04 Insecure Design** — Threat model new features; use principle of least privilege
+- [ ] **A05 Security Misconfiguration** — Harden defaults; disable unused features; set security headers
+- [ ] **A06 Vulnerable Components** — Run \`npm audit\` in CI; automate with Dependabot
+- [ ] **A07 Auth Failures** — Implement MFA; lock accounts after failed attempts; use secure session management
+- [ ] **A08 Software Integrity Failures** — Verify checksums; use lockfiles; pin CI action versions
+- [ ] **A09 Logging Failures** — Log auth events, access failures; never log secrets or PII
+- [ ] **A10 SSRF** — Validate and allowlist URLs for any server-side requests
+
+## Security best practices
+
+When contributing to this project:
+- Never commit secrets, tokens, or credentials
+- Use environment variables for all sensitive configuration
+- Validate and sanitize all user input
+- Follow the principle of least privilege
+- Keep dependencies up to date
+`},{id:"pr-template",name:"PR Template",description:"Pull request template",defaultPath:".github/pull_request_template.md",category:"github",content:`## Description
+
+<!-- Briefly describe the changes and why they were made -->
+
+## Type of change
+
+- [ ] Bug fix (non-breaking change that fixes an issue)
+- [ ] New feature (non-breaking change that adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+- [ ] Documentation update
+- [ ] Refactor / code cleanup
+- [ ] Dependency update
+
+## Related issues
+
+Closes #
+
+## How to test
+
+1.
+2.
+3.
+
+## Screenshots / recordings
+
+<!-- If applicable, add screenshots or screen recordings -->
+
+## Checklist
+
+- [ ] My code follows the project's style guidelines
+- [ ] I have performed a self-review of my changes
+- [ ] I have added tests that prove my fix or feature works
+- [ ] New and existing unit tests pass locally
+- [ ] I have updated documentation if needed
+- [ ] No secrets or credentials are included
+`},{id:"bug-report",name:"Bug Report Template",description:"GitHub issue template for bugs",defaultPath:".github/ISSUE_TEMPLATE/bug_report.md",category:"github",content:`---
+name: Bug report
+about: Create a report to help us improve
+labels: bug
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## Steps to reproduce
+
+1. Go to '...'
+2. Click on '...'
+3. See error
+
+## Expected behavior
+
+A clear and concise description of what you expected to happen.
+
+## Actual behavior
+
+What actually happened.
+
+## Screenshots
+
+If applicable, add screenshots to help explain your problem.
+
+## Environment
+
+- OS: [e.g. macOS 14]
+- Browser: [e.g. Chrome 120]
+- Version: [e.g. 1.2.3]
+- Node.js: [e.g. 20.x]
+
+## Additional context
+
+Add any other context about the problem here.
+`},{id:"feature-request",name:"Feature Request Template",description:"GitHub issue template for features",defaultPath:".github/ISSUE_TEMPLATE/feature_request.md",category:"github",content:`---
+name: Feature request
+about: Suggest an idea for this project
+labels: enhancement
+---
+
+## Problem
+
+Is your feature request related to a problem? Please describe.
+A clear and concise description of what the problem is.
+
+## Proposed solution
+
+A clear and concise description of what you want to happen.
+
+## Alternatives considered
+
+A clear and concise description of any alternative solutions or features you've considered.
+
+## Implementation notes
+
+Any thoughts on how this might be implemented?
+
+## Additional context
+
+Add any other context, mockups, or screenshots about the feature request here.
+`}],s=[{id:"changelog",name:"CHANGELOG.md",description:"Keep a Changelog format",defaultPath:"CHANGELOG.md",category:"process",content:`# Changelog — {{PROJECT_NAME}}
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+-
+
+### Changed
+-
+
+### Fixed
+-
+
+### Removed
+-
+
+## [1.0.0] — {{DATE}}
+
+### Added
+- Initial release
+`},{id:"deployment",name:"DEPLOYMENT.md",description:"Deployment guide and procedures",defaultPath:"DEPLOYMENT.md",category:"process",content:`# Deployment Guide — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Environments
+
+| Environment | URL | Branch | Auto-deploy |
+|-------------|-----|--------|-------------|
+| Production  | | \`main\` | No |
+| Staging     | | \`develop\` | Yes |
+| Preview     | | PRs | Yes |
+
+## Prerequisites
+
+- Access to deployment platform
+- Environment variables configured (see \`.env.example\`)
+- CI/CD pipeline passing
+
+## Deploy to production
+
+\`\`\`bash
+# 1. Ensure tests pass
+npm test
+
+# 2. Build and verify
+npm run build
+
+# 3. Merge to main
+git checkout main && git merge develop
+
+# 4. Tag the release
+git tag v1.x.x && git push --tags
+\`\`\`
+
+## Environment variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+|          | Yes      |             |
+
+## Rollback procedure
+
+1. Identify the last stable release tag
+2. \`git checkout <tag>\`
+3. Redeploy the previous version
+4. Verify the rollback with smoke tests
+
+## Smoke tests
+
+After every deploy, verify:
+- [ ] App loads at production URL
+- [ ] Auth flow works
+- [ ] Core features functional
+- [ ] No error spikes in monitoring
+
+## Contacts
+
+| Role | Contact |
+|------|---------|
+| On-call | |
+| Release manager | |
+`},{id:"testing",name:"TESTING.md",description:"Testing strategy and guide",defaultPath:"TESTING.md",category:"process",content:`# Testing Guide — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Test pyramid
+
+\`\`\`
+        /\\
+       /E2E\\         10% — Critical user flows only
+      /------\\
+     /Integr. \\      20% — API, DB, service boundaries
+    /----------\\
+   /    Unit    \\    70% — Functions, logic, utilities
+  /______________\\
+\`\`\`
+
+## Test strategy
+
+| Layer | Type | Tool | Coverage target |
+|-------|------|------|----------------|
+| Unit | Functions/logic | {{TEST_FRAMEWORK}} | 80%+ |
+| Integration | API/DB | {{TEST_FRAMEWORK}} | 70%+ |
+| E2E | User flows | Playwright | Key paths |
+
+## Coverage targets by directory
+
+| Directory | Target | Rationale |
+|-----------|--------|-----------|
+| \`src/lib/\` | 90%+ | Core business logic |
+| \`src/api/\` | 80%+ | API handlers |
+| \`src/components/\` | 60%+ | UI — focus on logic, not rendering |
+| \`src/utils/\` | 90%+ | Pure utility functions |
+
+## Running tests
+
+\`\`\`bash
+# Run all tests
+npm test
+
+# Run with coverage
+npm run test:coverage
+
+# Run E2E tests
+npm run test:e2e
+
+# Watch mode
+npm run test:watch
+\`\`\`
+
+## Writing tests
+
+### Unit test example
+
+\`\`\`typescript
+describe('MyFunction', () => {
+  it('should return expected value', () => {
+    expect(myFunction(input)).toBe(expected)
+  })
+})
+\`\`\`
+
+### Integration test guidelines
+- Use a real database (not mocks) for DB tests
+- Reset state between tests
+- Test happy path and error cases
+
+### E2E test guidelines
+- Cover critical user journeys
+- Use stable selectors (\`data-testid\`)
+- Run against staging environment
+
+### Playwright config example
+
+\`\`\`typescript
+// playwright.config.ts
+import { defineConfig, devices } from '@playwright/test'
+
+export default defineConfig({
+  testDir: './e2e',
+  fullyParallel: true,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 2 : 0,
+  reporter: 'html',
+  use: {
+    baseURL: process.env.PLAYWRIGHT_BASE_URL ?? 'http://localhost:3000',
+    trace: 'on-first-retry',
+  },
+  projects: [
+    {name: 'chromium', use: {...devices['Desktop Chrome']}},
+    {name: 'Mobile Safari', use: {...devices['iPhone 13']}},
+  ],
+  webServer: {
+    command: 'npm run dev',
+    url: 'http://localhost:3000',
+    reuseExistingServer: !process.env.CI,
+  },
+})
+\`\`\`
+
+## Flaky test policy
+
+1. **Quarantine immediately** — tag with \`@flaky\` and skip in CI (\`test.skip\`)
+2. **Create a ticket** — track as a P2 bug with a 2-week SLA to fix
+3. **Root cause** — common causes: timing issues, shared state, network calls
+4. **Fix or delete** — flaky tests are worse than no tests (false confidence)
+
+Quarantine example:
+\`\`\`typescript
+test.skip('flaky: timing issue with animation', async ({ page }) => {
+  // TODO: fix by waiting for animation end event instead of sleep
+})
+\`\`\`
+
+## Test organization
+
+\`\`\`
+src/
+  __tests__/        # Unit tests
+  __integration__/  # Integration tests
+e2e/                # E2E tests
+\`\`\`
+
+## CI/CD
+
+Tests run automatically on every PR. PRs cannot merge with failing tests.
+`},{id:"glossary",name:"Glossary",description:"Project terminology reference",defaultPath:"docs/glossary.md",category:"process",content:`# Glossary — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+This document defines terms used throughout the project documentation and codebase.
+
+## Terms
+
+| Term | Definition |
+|------|------------|
+|      |            |
+
+## Acronyms
+
+| Acronym | Full form | Meaning |
+|---------|-----------|---------|
+|         |           |         |
+
+## Domain concepts
+
+<!-- Add domain-specific concepts here -->
+
+---
+
+*Keep this document updated as new terminology is introduced.*
+`}],r=new Date().toISOString().split("T")[0],a=[...n,...o,...s,{id:"prd",name:"PRD",description:"Product requirements document",defaultPath:"docs/prd.md",category:"technical",content:`# Product Requirements — {{PROJECT_NAME}}
+
+**Status:** Draft
+**Last updated:** {{DATE}}
+**Author:**
+**Stakeholders:**
+
+## Problem statement
+{{DESCRIPTION}}
+
+## Goals
+-
+-
+
+## Non-goals
+-
+-
+
+## User stories
+| As a... | I want to... | So that... |
+|---------|--------------|------------|
+| user    |              |            |
+
+## Requirements
+
+### Functional
+{{KEY_FEATURES}}
+
+### Non-functional
+- Performance:
+- Security:
+- Reliability:
+- Scalability:
+
+## Success metrics
+| Metric | Current | Target |
+|--------|---------|--------|
+|        |         |        |
+
+## Timeline
+| Milestone | Target date |
+|-----------|-------------|
+|           |             |
+
+## Open questions
+-
+`},{id:"architecture-overview",name:"Architecture Overview",description:"System architecture doc",defaultPath:"docs/architecture/overview.md",category:"technical",content:`# Architecture Overview — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Summary
+{{DESCRIPTION}}
+
+## Tech stack
+{{TECH_STACK}}
+
+## System diagram
+
+### Context (C4 Level 1)
+
+\`\`\`mermaid
+graph TB
+    User["User"] --> System["{{PROJECT_NAME}}"]
+    System --> ExternalAPI["External APIs"]
+    System --> DB["Database"]
+\`\`\`
+
+### Container (C4 Level 2)
+
+\`\`\`mermaid
+graph TB
+    Client["Web Client<br/>(Browser)"] --> API["API Server<br/>(Node.js)"]
+    API --> DB["Database<br/>(PostgreSQL)"]
+    API --> Cache["Cache<br/>(Redis)"]
+    API --> Queue["Job Queue"]
+\`\`\`
+
+## Components
+
+| Component | Responsibility | Tech |
+|-----------|---------------|------|
+|           |               |      |
+
+## Data flow
+
+1.
+2.
+3.
+
+## Key decisions
+
+| Decision | Chosen | Alternative | Rationale |
+|----------|--------|-------------|-----------|
+|          |        |             |           |
+
+## ADR log
+
+| ADR | Title | Status | Date |
+|-----|-------|--------|------|
+| 001 |       | Accepted | {{DATE}} |
+
+## Non-goals
+
+- <!-- What this system explicitly does NOT do -->
+
+## Security considerations
+- Authentication:
+- Authorization:
+- Data validation:
+- Secrets management:
+
+## Scalability notes
+-
+`},{id:"api-reference",name:"API Reference",description:"API endpoints reference",defaultPath:"docs/api-reference.md",category:"technical",content:`# API Reference — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Base URL
+
+\`\`\`
+https://api.example.com/v1
+\`\`\`
+
+## Versioning
+
+This API uses URL-based versioning (\`/v1/\`, \`/v2/\`, etc.).
+
+- The current stable version is \`v1\`.
+- Deprecated versions are supported for 12 months after a new version is released.
+- Breaking changes always increment the major version.
+
+## Authentication
+
+All requests require a bearer token in the Authorization header:
+
+\`\`\`
+Authorization: Bearer <token>
+\`\`\`
+
+### Token refresh
+
+Tokens expire after 1 hour. Refresh using:
+
+\`\`\`
+POST /auth/refresh
+Content-Type: application/json
+
+{"refreshToken": "<refresh_token>"}
+\`\`\`
+
+**Response:**
+\`\`\`json
+{"accessToken": "...", "refreshToken": "...", "expiresIn": 3600}
+\`\`\`
+
+## Rate limiting
+
+- **Limit:** 1000 requests/hour per API key
+- **Headers:** \`X-RateLimit-Limit\`, \`X-RateLimit-Remaining\`, \`X-RateLimit-Reset\`
+
+## Pagination
+
+List endpoints support cursor-based pagination:
+
+\`\`\`
+GET /resources?cursor=<cursor>&limit=20
+\`\`\`
+
+## Error format
+
+All errors follow a standard envelope:
+
+\`\`\`json
+{
+  "code": "VALIDATION_ERROR",
+  "message": "Human-readable description",
+  "details": [{"field": "email", "issue": "invalid format"}]
+}
+\`\`\`
+
+## Error codes
+
+| Code | Meaning |
+|------|---------|
+| 400  | Bad request — invalid parameters |
+| 401  | Unauthorized — missing or invalid token |
+| 403  | Forbidden — insufficient permissions |
+| 404  | Not found |
+| 422  | Unprocessable entity — validation error |
+| 429  | Too many requests |
+| 500  | Internal server error |
+
+## Webhooks
+
+### Signature verification
+
+All webhook payloads are signed with HMAC-SHA256. Verify the signature:
+
+\`\`\`
+X-Webhook-Signature: sha256=<hmac_hex>
+\`\`\`
+
+\`\`\`typescript
+import crypto from 'crypto'
+
+function verifyWebhook(payload: string, signature: string, secret: string): boolean {
+  const expected = crypto
+    .createHmac('sha256', secret)
+    .update(payload)
+    .digest('hex')
+  return crypto.timingSafeEqual(
+    Buffer.from(\`sha256=\${expected}\`),
+    Buffer.from(signature)
+  )
+}
+\`\`\`
+
+## Endpoints
+
+### GET /resource
+
+**Description:** List resources
+
+**Query parameters:**
+- \`limit\` (integer, default 20) — items per page
+- \`cursor\` (string) — pagination cursor
+
+**Response:**
+\`\`\`json
+{
+  "data": [],
+  "cursor": null,
+  "total": 0
+}
+\`\`\`
+
+### POST /resource
+
+**Description:** Create a resource
+
+**Request body:**
+\`\`\`json
+{}
+\`\`\`
+
+**Response:**
+\`\`\`json
+{}
+\`\`\`
+`},{id:"runbook",name:"Runbook",description:"Operational runbook",defaultPath:"docs/runbook.md",category:"technical",content:`# Runbook — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Overview
+{{DESCRIPTION}}
+
+## SLOs
+
+| Metric | Target |
+|--------|--------|
+| Availability | 99.9% |
+| P95 latency | < 500ms |
+| Error rate | < 0.1% |
+
+## Environments
+
+| Env | URL | Purpose |
+|-----|-----|---------|
+| Production | | Live traffic |
+| Staging | | Pre-release testing |
+| Development | | Local dev |
+
+## Alerting
+
+| Alert | Threshold | Severity | Action |
+|-------|-----------|----------|--------|
+|       |           |          |        |
+
+## On-call contacts
+
+| Role | Name | Contact |
+|------|------|---------|
+| Primary | | |
+| Secondary | | |
+
+## Escalation matrix
+
+| Time since incident | Contact | Method |
+|--------------------|---------|--------|
+| 0–15 min | On-call engineer | PagerDuty / phone |
+| 15–30 min | Team lead | Slack + phone |
+| 30+ min | Engineering manager | Phone + email |
+
+## Procedures
+
+### Deploy
+
+1.
+2.
+3.
+
+### Rollback
+
+**When to rollback:**
+
+| Signal | Action |
+|--------|--------|
+| Error rate > 1% after deploy | Immediate rollback |
+| P95 latency doubled | Rollback if no fix in 15 min |
+| Health check failing | Immediate rollback |
+| Critical bug reported | Rollback within 30 min |
+
+**Rollback steps:**
+
+\`\`\`bash
+# 1. Identify last stable release
+git log --oneline --tags --simplify-by-decoration | head -5
+
+# 2. Deploy previous version
+git checkout <previous-tag>
+npm run build && npm run deploy
+
+# 3. Verify rollback
+curl -f https://your-app.com/health
+\`\`\`
+
+### Troubleshooting
+
+#### High error rate
+\`\`\`bash
+# Check recent application logs
+tail -f /var/log/app/error.log
+
+# Check error counts by endpoint
+grep "ERROR" /var/log/app/app.log | awk '{print $5}' | sort | uniq -c | sort -rn | head -10
+
+# Review recent deploys
+git log --oneline -10
+\`\`\`
+
+1. Check application logs for exception traces
+2. Check downstream dependencies (database, cache, external APIs)
+3. Review recent deploys — consider rollback if deploy-correlated
+
+#### High latency
+\`\`\`bash
+# Check database slow query log
+psql $DATABASE_URL -c "SELECT query, calls, mean_exec_time FROM pg_stat_statements ORDER BY mean_exec_time DESC LIMIT 10;"
+
+# Check cache hit rate
+redis-cli info stats | grep hit_rate
+
+# Check CPU/memory
+top -b -n 1 | head -20
+\`\`\`
+
+1. Check database query times (slow query log)
+2. Check cache hit rates
+3. Review resource utilization (CPU, memory, connections)
+
+#### Service won't start
+\`\`\`bash
+# Check environment variables
+env | grep -E "DATABASE|REDIS|PORT"
+
+# Test database connectivity
+psql $DATABASE_URL -c "SELECT 1"
+
+# Check port availability
+lsof -i :3000
+\`\`\`
+
+#### Database connection issues
+\`\`\`bash
+# Check connection pool status
+psql $DATABASE_URL -c "SELECT count(*), state FROM pg_stat_activity GROUP BY state;"
+
+# Check max connections
+psql $DATABASE_URL -c "SHOW max_connections;"
+\`\`\`
+
+#### Memory leak suspected
+\`\`\`bash
+# Monitor memory over time
+watch -n 5 'ps aux --sort=-%mem | head -5'
+
+# Capture heap snapshot (Node.js)
+kill -USR2 <pid>
+\`\`\`
+`},{id:"adr",name:"Architecture Decision",description:"Architecture Decision Record",defaultPath:"docs/architecture/decisions/ADR-001.md",category:"technical",content:`# ADR-001: Title
+
+**Status:** Proposed
+**Date:** {{DATE}}
+**Deciders:**
+
+## Context
+What is the issue that we're seeing that is motivating this decision or change?
+
+## Decision
+What is the change that we're proposing and/or doing?
+
+## Rationale
+Why did we choose this option?
+
+## Alternatives considered
+- **Option A:** Description — pros/cons
+- **Option B:** Description — pros/cons
+
+## Consequences
+
+### Positive
+-
+
+### Negative
+-
+
+### Neutral
+-
+`},{id:"onboarding",name:"Onboarding Guide",description:"Developer onboarding guide",defaultPath:"docs/onboarding.md",category:"technical",content:`# Developer Onboarding — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Overview
+{{DESCRIPTION}}
+
+## Prerequisites
+- [ ] Access to repository ({{REPO_URL}})
+- [ ] Access to staging environment
+- [ ] Accounts: (list required accounts/services)
+
+## Day 1: Get running
+
+- [ ] Clone the repository and set up local environment
+- [ ] Run the app locally and verify it works
+- [ ] Read the architecture overview (\`docs/architecture/overview.md\`)
+- [ ] Meet your team lead and get a tour of the codebase
+
+\`\`\`bash
+# Clone
+git clone {{REPO_URL}}
+cd {{PROJECT_NAME}}
+
+# Install dependencies
+npm install
+
+# Copy environment variables
+cp .env.example .env.local
+# Edit .env.local with real values (ask your team lead)
+
+# Start development server
+npm run dev
+\`\`\`
+
+## Week 1: Get productive
+
+- [ ] Complete the environment setup checklist below
+- [ ] Read \`CONTRIBUTING.md\` and understand the PR process
+- [ ] Submit your first PR (even a small doc fix counts)
+- [ ] Attend team standup and sprint planning
+- [ ] Review 2–3 recent merged PRs to understand code patterns
+- [ ] Shadow a code review
+
+## Month 1: Get comfortable
+
+- [ ] Deliver your first feature end-to-end
+- [ ] Lead a code review
+- [ ] Identify one piece of tech debt and create a ticket
+- [ ] Update this onboarding doc with anything that was unclear
+
+## Environment setup
+
+\`\`\`bash
+# Install dependencies
+npm install
+
+# Copy environment variables
+cp .env.example .env.local
+
+# Start development server
+npm run dev
+\`\`\`
+
+## Tech stack
+{{TECH_STACK}}
+
+## IDE setup
+- Recommended: VS Code or Cursor
+- Install recommended extensions (see \`.vscode/extensions.json\`)
+- Enable format on save
+
+## Project structure
+
+\`\`\`
+(describe key directories here)
+\`\`\`
+
+## Key concepts
+-
+
+## Common tasks
+
+### Running tests
+\`\`\`bash
+npm test
+\`\`\`
+
+### Building for production
+\`\`\`bash
+npm run build
+\`\`\`
+
+## Common pitfalls
+
+1. **Forgetting to copy .env.local** — the app won't start without required env vars. Copy from \`.env.example\` and fill in real values.
+2. **Running \`npm install\` instead of the project's package manager** — check \`package.json\` for the \`packageManager\` field or look for a lock file (\`pnpm-lock.yaml\`, \`yarn.lock\`).
+3. **Committing to \`main\` directly** — always branch and open a PR. Direct pushes to \`main\` are blocked.
+4. **Skipping tests** — CI will catch you, but it's faster to run \`npm test\` locally before pushing.
+5. **Not reading existing patterns** — before adding a new abstraction, search the codebase for how similar problems are solved.
+
+## Your first PR
+
+1. Pick a small, well-defined issue labelled \`good first issue\`
+2. Create a branch: \`git checkout -b feat/your-name-first-pr\`
+3. Make the change and add a test
+4. Open a PR with the PR template filled out
+5. Ask for a review in the team Slack channel
+
+## Key contacts
+
+| Role | Name | Contact |
+|------|------|---------|
+|      |      |         |
+
+## Resources
+- Architecture overview: \`docs/architecture/overview.md\`
+- API reference: \`docs/api-reference.md\`
+- Runbook: \`docs/runbook.md\`
+- Contributing guide: \`CONTRIBUTING.md\`
+`},{id:"database",name:"Database Docs",description:"Database schema and design reference",defaultPath:"docs/DATABASE.md",category:"technical",content:`# Database Documentation — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Overview
+
+<!-- Brief description of the database design -->
+
+## Entity Relationship Diagram
+
+\`\`\`mermaid
+erDiagram
+    USERS {
+        uuid id PK
+        string email
+        timestamp created_at
+    }
+\`\`\`
+
+## Tables
+
+### users
+
+| Column | Type | Nullable | Description |
+|--------|------|----------|-------------|
+| id | uuid | No | Primary key |
+| email | varchar | No | Unique email |
+| created_at | timestamp | No | Creation time |
+
+## Indexes
+
+| Table | Columns | Type | Purpose |
+|-------|---------|------|---------|
+|       |         |      |         |
+
+## Migrations
+
+Migrations live in \`db/migrations/\`. Run with:
+
+\`\`\`bash
+npm run db:migrate
+\`\`\`
+
+## Connection
+
+\`\`\`
+DATABASE_URL=postgresql://user:password@host:5432/dbname
+\`\`\`
+
+## Backup & restore
+
+\`\`\`bash
+# Backup
+pg_dump $DATABASE_URL > backup.sql
+
+# Restore
+psql $DATABASE_URL < backup.sql
+\`\`\`
+
+## Performance notes
+
+-
+`},{id:"openapi",name:"OpenAPI Spec",description:"OpenAPI 3.0 API specification scaffold",defaultPath:"docs/api-spec.yaml",category:"technical",content:`openapi: 3.0.3
+info:
+  title: {{PROJECT_NAME}} API
+  description: |
+    {{DESCRIPTION}}
+  version: 1.0.0
+  contact:
+    email: team@example.com
+
+servers:
+  - url: https://api.example.com/v1
+    description: Production
+  - url: https://staging-api.example.com/v1
+    description: Staging
+
+security:
+  - bearerAuth: []
+
+paths:
+  /health:
+    get:
+      summary: Health check
+      operationId: healthCheck
+      security: []
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  status:
+                    type: string
+                    example: ok
+
+  /resources:
+    get:
+      summary: List resources
+      operationId: listResources
+      parameters:
+        - name: limit
+          in: query
+          schema:
+            type: integer
+            default: 20
+        - name: cursor
+          in: query
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResourceList'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+
+components:
+  securitySchemes:
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  schemas:
+    Resource:
+      type: object
+      properties:
+        id:
+          type: string
+          format: uuid
+        createdAt:
+          type: string
+          format: date-time
+
+    ResourceList:
+      type: object
+      properties:
+        data:
+          type: array
+          items:
+            $ref: '#/components/schemas/Resource'
+        cursor:
+          type: string
+          nullable: true
+        total:
+          type: integer
+
+    Error:
+      type: object
+      properties:
+        error:
+          type: string
+        message:
+          type: string
+
+  responses:
+    Unauthorized:
+      description: Unauthorized
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+`},{id:"meeting-notes",name:"Meeting Notes",description:"Meeting notes template",defaultPath:`docs/meetings/${r}.md`,category:"technical",content:`# Meeting Notes — ${r}
+
+**Attendees:**
+**Facilitator:**
+
+## Agenda
+
+1.
+2.
+
+## Notes
+
+## Decisions
+
+## Action items
+
+| Action | Owner | Due |
+|--------|-------|-----|
+|        |       |     |
+
+## Next meeting
+`},{id:"blank",name:"Blank Document",description:"Empty markdown file",defaultPath:"docs/untitled.md",category:"technical",content:"# Untitled\n\n"},{id:"dockerfile",name:"Dockerfile",description:"Multi-stage Docker build with health check",defaultPath:"Dockerfile",category:"infrastructure",content:`# Stage 1: Install dependencies
+FROM node:20-alpine AS deps
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --only=production
+
+# Stage 2: Build
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+RUN npm run build
+
+# Stage 3: Run
+FROM node:20-alpine AS runner
+WORKDIR /app
+ENV NODE_ENV=production
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 appuser
+COPY --from=builder /app/dist ./dist
+COPY --from=deps /app/node_modules ./node_modules
+COPY package*.json ./
+USER appuser
+EXPOSE 3000
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \\
+  CMD wget -qO- http://localhost:3000/health || exit 1
+CMD ["node", "dist/index.js"]
+`},{id:"docker-compose",name:"docker-compose.yml",description:"Docker Compose with app, Postgres, and Redis",defaultPath:"docker-compose.yml",category:"infrastructure",content:`# Docker Compose V2+ (no version key needed)
+services:
+  app:
+    build: .
+    ports:
+      - "3000:3000"
+    environment:
+      DATABASE_URL: postgresql://postgres:password@db:5432/{{PROJECT_NAME}}
+      REDIS_URL: redis://redis:6379
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
+  db:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_PASSWORD: password
+      POSTGRES_DB: {{PROJECT_NAME}}
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+
+  redis:
+    image: redis:7-alpine
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    volumes:
+      - redis_data:/data
+
+volumes:
+  postgres_data:
+  redis_data:
+`},{id:"dockerignore",name:".dockerignore",description:"Docker build context exclusions",defaultPath:".dockerignore",category:"infrastructure",content:`node_modules
+npm-debug.log*
+.git
+.gitignore
+.env*
+!.env.example
+dist
+build
+coverage
+.nyc_output
+*.test.*
+*.spec.*
+__tests__
+e2e
+.github
+docs
+README.md
+CHANGELOG.md
+`},{id:"makefile",name:"Makefile",description:"Makefile with common dev/build/deploy targets",defaultPath:"Makefile",category:"infrastructure",content:`.PHONY: help dev build test lint docker-up docker-down migrate clean
+
+help: ## Show this help
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\\033[36m%-20s\\033[0m %s\\n", $$1, $$2}'
+
+dev: ## Start development server
+	npm run dev
+
+build: ## Build for production
+	npm run build
+
+test: ## Run all tests
+	npm test
+
+lint: ## Run linter
+	npm run lint
+
+docker-up: ## Start Docker services
+	docker compose up -d
+
+docker-down: ## Stop Docker services
+	docker compose down
+
+migrate: ## Run database migrations
+	npm run db:migrate
+
+clean: ## Remove build artifacts
+	rm -rf dist build .next coverage node_modules/.cache
+`},{id:"env-example",name:".env.example",description:"Annotated environment variables template",defaultPath:".env.example",category:"infrastructure",content:`# App Config
+NODE_ENV=development
+PORT=3000
+APP_URL=http://localhost:3000
+LOG_LEVEL=info
+
+# Database
+DATABASE_URL=postgresql://user:password@localhost:5432/{{PROJECT_NAME}}_dev
+
+# Auth
+JWT_SECRET=your-super-secret-jwt-key-change-in-production
+JWT_EXPIRES_IN=7d
+SESSION_SECRET=your-session-secret-change-in-production
+
+# External Services
+# STRIPE_SECRET_KEY=sk_test_...
+# SENDGRID_API_KEY=SG....
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# AWS_REGION=us-east-1
+# AWS_S3_BUCKET=
+
+# Observability
+# SENTRY_DSN=https://...@sentry.io/...
+# DATADOG_API_KEY=
+# NEW_RELIC_LICENSE_KEY=
+`},{id:"nginx-conf",name:"nginx.conf",description:"Nginx reverse proxy with gzip, security headers, rate limiting",defaultPath:"nginx/nginx.conf",category:"infrastructure",content:`events {
+  worker_connections 1024;
+}
+
+http {
+  gzip on;
+  gzip_types text/plain text/css application/json application/javascript text/xml;
+  gzip_min_length 1000;
+
+  # Rate limiting
+  limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
+
+  server {
+    listen 80;
+    server_name _;
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    location /api/ {
+      limit_req zone=api burst=20 nodelay;
+      proxy_pass http://app:3000;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection 'upgrade';
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_cache_bypass $http_upgrade;
+    }
+
+    location / {
+      proxy_pass http://app:3000;
+      proxy_http_version 1.1;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+    }
+  }
+}
+`},{id:"ci-workflow",name:"CI Workflow",description:"GitHub Actions CI: lint, typecheck, test matrix, coverage",defaultPath:".github/workflows/ci.yml",category:"github-actions",content:`name: CI
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: {node-version: '20', cache: 'npm'}
+      - run: npm ci
+      - run: npm run lint
+      - run: npm run typecheck
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: ['20', '22']
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: {node-version: '\${{ matrix.node-version }}', cache: 'npm'}
+      - run: npm ci
+      - run: npm run test:coverage
+      - uses: codecov/codecov-action@v4
+        if: matrix.node-version == '20'
+
+  build:
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: {node-version: '20', cache: 'npm'}
+      - run: npm ci
+      - run: npm run build
+`},{id:"cd-workflow",name:"CD Workflow",description:"GitHub Actions CD: deploy to production with health check",defaultPath:".github/workflows/cd.yml",category:"github-actions",content:`name: CD
+on:
+  push:
+    branches: [main]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    # needs: [ci]  # Uncomment if using a reusable CI workflow
+    environment: production
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: {node-version: '20', cache: 'npm'}
+      - run: npm ci
+      - run: npm run build
+      - name: Deploy
+        env:
+          DEPLOY_TOKEN: \${{ secrets.DEPLOY_TOKEN }}
+          DEPLOY_URL: \${{ secrets.DEPLOY_URL }}
+        run: |
+          # Add your deployment command here
+          # e.g.: npx railway deploy, vercel deploy --prod, etc.
+          echo "Deploy to production"
+      - name: Health check
+        run: |
+          sleep 30
+          curl -f \${{ secrets.APP_URL }}/health || exit 1
+`},{id:"security-scan",name:"Security Scan",description:"GitHub Actions security: npm audit + CodeQL analysis",defaultPath:".github/workflows/security.yml",category:"github-actions",content:`name: Security
+on:
+  push:
+    branches: [main]
+  schedule:
+    - cron: '0 0 * * 1'  # Weekly on Monday
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: {node-version: '20', cache: 'npm'}
+      - run: npm ci
+      - run: npm audit --audit-level=high
+
+  codeql:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
+        with: {languages: javascript}
+      - uses: github/codeql-action/autobuild@v3
+      - uses: github/codeql-action/analyze@v3
+`},{id:"dependabot-config",name:"Dependabot Config",description:"Dependabot config: npm + GitHub Actions weekly updates",defaultPath:".github/dependabot.yml",category:"github-actions",content:`version: 2
+updates:
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+    groups:
+      minor-and-patch:
+        update-types: ["minor", "patch"]
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+`},{id:"release-workflow",name:"Release Workflow",description:"GitHub Actions release: GitHub Release + Docker image to GHCR",defaultPath:".github/workflows/release.yml",category:"github-actions",content:`name: Release
+on:
+  push:
+    tags: ['v*']
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: \${{ github.actor }}
+          password: \${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/\${{ github.repository }}:\${{ github.ref_name }}
+            ghcr.io/\${{ github.repository }}:latest
+`},{id:"codeowners",name:"CODEOWNERS",description:"GitHub CODEOWNERS file for review assignments",defaultPath:".github/CODEOWNERS",category:"github",content:`# IMPORTANT: Replace {{PROJECT_NAME}} below with your GitHub organization name
+# (org name and project name are often different)
+# Format: @org-name/team-slug
+
+# Global owners - review all changes
+* @{{PROJECT_NAME}}/maintainers
+
+# Documentation
+docs/ @{{PROJECT_NAME}}/docs
+*.md @{{PROJECT_NAME}}/docs
+
+# CI/CD config
+.github/ @{{PROJECT_NAME}}/devops
+Dockerfile @{{PROJECT_NAME}}/devops
+docker-compose*.yml @{{PROJECT_NAME}}/devops
+
+# Security-sensitive files
+**/auth/ @{{PROJECT_NAME}}/security
+**/security/ @{{PROJECT_NAME}}/security
+SECURITY.md @{{PROJECT_NAME}}/security
+`},{id:"eslintrc",name:"ESLint Config",description:"ESLint config with TypeScript strict rules",defaultPath:".eslintrc.json",category:"code-quality",content:`{
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:@typescript-eslint/recommended-requiring-type-checking"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "project": true,
+    "tsconfigRootDir": "."
+  },
+  "plugins": ["@typescript-eslint"],
+  "rules": {
+    "no-console": "warn",
+    "no-unused-vars": "off",
+    "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
+    "@typescript-eslint/no-explicit-any": "warn",
+    "@typescript-eslint/consistent-type-imports": "error",
+    "@typescript-eslint/no-floating-promises": "error"
+  },
+  "ignorePatterns": ["dist/", "build/", "node_modules/", "*.config.js"]
+}
+`},{id:"prettierrc",name:"Prettier Config",description:"Prettier formatting config",defaultPath:".prettierrc",category:"code-quality",content:`{
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "printWidth": 100,
+  "tabWidth": 2,
+  "useTabs": false,
+  "bracketSpacing": true,
+  "arrowParens": "avoid"
+}
+`},{id:"tsconfig-strict",name:"tsconfig (strict)",description:"TypeScript config with strict settings for Node/ESM",defaultPath:"tsconfig.json",category:"code-quality",content:`{
+  "compilerOptions": {
+    "target": "ES2022",
+    "lib": ["ES2022"],
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "outDir": "dist",
+    "rootDir": "src",
+    "strict": true,
+    "noUncheckedIndexedAccess": true,
+    "exactOptionalPropertyTypes": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "noImplicitOverride": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "paths": {
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}
+`},{id:"editorconfig",name:".editorconfig",description:"EditorConfig for consistent editor settings",defaultPath:".editorconfig",category:"code-quality",content:`root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab
+
+[*.{yml,yaml}]
+indent_size = 2
+`},{id:"lint-staged",name:"lint-staged Config",description:"lint-staged config for pre-commit formatting and linting",defaultPath:".lintstagedrc.json",category:"code-quality",content:`{
+  "*.{ts,tsx}": ["eslint --fix", "prettier --write"],
+  "*.{js,jsx}": ["eslint --fix", "prettier --write"],
+  "*.{json,md,yml,yaml}": ["prettier --write"],
+  "*.{css,scss}": ["prettier --write"]
+}
+`},{id:"commitlint",name:"commitlint Config",description:"commitlint config enforcing Conventional Commits",defaultPath:"commitlint.config.js",category:"code-quality",content:`module.exports = {
+  extends: ['@commitlint/config-conventional'],
+  rules: {
+    'type-enum': [2, 'always', [
+      'feat', 'fix', 'docs', 'style', 'refactor',
+      'perf', 'test', 'chore', 'revert', 'ci', 'build'
+    ]],
+    'scope-case': [2, 'always', 'lower-case'],
+    'subject-case': [2, 'always', 'lower-case'],
+    'subject-max-length': [2, 'always', 100],
+    'body-max-line-length': [2, 'always', 200],
+  },
+}
+`},{id:"husky-setup",name:"Husky Setup Doc",description:"Documentation for Husky git hooks setup",defaultPath:".husky/README.md",category:"code-quality",content:`# Husky Git Hooks
+
+This project uses [Husky](https://typicode.github.io/husky/) to enforce code quality at commit time.
+
+## Setup
+
+After cloning and running \`npm install\`, Husky hooks are auto-installed via the \`prepare\` script.
+
+If hooks aren't running, install manually:
+
+\`\`\`
+npx husky install
+\`\`\`
+
+## Hooks
+
+| Hook | Command | Purpose |
+|------|---------|---------|
+| pre-commit | \`lint-staged\` | Lint and format staged files |
+| commit-msg | \`commitlint\` | Validate commit message format |
+| pre-push | \`npm test\` | Run tests before pushing |
+
+## Skip hooks (emergencies only)
+
+\`\`\`
+git commit --no-verify -m "emergency fix"
+\`\`\`
+
+Use sparingly. CI will still catch failures.
+`},{id:"vscode-settings",name:"VS Code Settings",description:"VS Code workspace settings for the project",defaultPath:".vscode/settings.json",category:"code-quality",content:`{
+  "editor.formatOnSave": true,
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit",
+    "source.organizeImports": "explicit"
+  },
+  "typescript.preferences.importModuleSpecifier": "non-relative",
+  "typescript.tsdk": "node_modules/typescript/lib",
+  "files.eol": "\\n",
+  "files.trimTrailingWhitespace": true,
+  "files.insertFinalNewline": true,
+  "[markdown]": {
+    "editor.formatOnSave": false
+  }
+}
+`},{id:"vscode-extensions",name:"VS Code Extensions",description:"Recommended VS Code extensions for the project",defaultPath:".vscode/extensions.json",category:"code-quality",content:`{
+  "recommendations": [
+    "esbenp.prettier-vscode",
+    "dbaeumer.vscode-eslint",
+    "ms-vscode.vscode-typescript-next",
+    "bradlc.vscode-tailwindcss",
+    "eamodio.gitlens",
+    "usernamehw.errorlens",
+    "streetsidesoftware.code-spell-checker",
+    "github.copilot",
+    "christian-kohler.path-intellisense"
+  ]
+}
+`},{id:"health-check-doc",name:"Health Check Guide",description:"Health check endpoint documentation with Kubernetes config",defaultPath:"docs/health-checks.md",category:"monitoring",content:`# Health Checks — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Overview
+
+Health check endpoints allow load balancers and orchestrators to verify service status.
+
+## Endpoints
+
+| Endpoint | Purpose | Auth required |
+|----------|---------|---------------|
+| \`GET /health\` | Liveness probe — is the process running? | No |
+| \`GET /health/ready\` | Readiness probe — can the service handle traffic? | No |
+| \`GET /health/detailed\` | Full dependency status | Yes (internal) |
+
+## Liveness Check (\`GET /health\`)
+
+Returns 200 if the process is alive, regardless of dependency status.
+
+\`\`\`json
+{"status": "ok", "uptime": 1234}
+\`\`\`
+
+## Readiness Check (\`GET /health/ready\`)
+
+Returns 200 only if all critical dependencies are healthy.
+
+\`\`\`json
+{
+  "status": "ready",
+  "dependencies": {
+    "database": "ok",
+    "redis": "ok",
+    "external_api": "degraded"
+  }
+}
+\`\`\`
+
+Returns 503 if any critical dependency is unhealthy.
+
+## Kubernetes Configuration
+
+\`\`\`yaml
+livenessProbe:
+  httpGet:
+    path: /health
+    port: 3000
+  initialDelaySeconds: 30
+  periodSeconds: 10
+readinessProbe:
+  httpGet:
+    path: /health/ready
+    port: 3000
+  initialDelaySeconds: 5
+  periodSeconds: 5
+\`\`\`
+`},{id:"slo-doc",name:"SLO/SLA Document",description:"Service Level Objectives with error budget and burn rate alerts",defaultPath:"docs/slo.md",category:"monitoring",content:`# Service Level Objectives — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+**Owner:** Platform Team
+
+## Availability SLO
+
+| Metric | Target | Error Budget (30 days) |
+|--------|--------|----------------------|
+| Availability | 99.9% | 43.8 minutes |
+| Success rate | 99.5% | — |
+
+## Latency SLO
+
+| Percentile | Target |
+|------------|--------|
+| p50 | < 100ms |
+| p95 | < 500ms |
+| p99 | < 1000ms |
+
+## Error Budget Policy
+
+| Burn Rate | Alert Window | Severity | Action |
+|-----------|-------------|----------|--------|
+| > 14.4x | 1 hour | Critical | Page on-call immediately |
+| > 6x | 6 hours | High | Page on-call |
+| > 3x | 24 hours | Medium | Ticket + monitor |
+| > 1x | 72 hours | Low | Review in standup |
+
+## Consequences of Exhausting Error Budget
+
+- Feature freeze until budget replenishes
+- Reliability sprint prioritized over new features
+- Post-mortem required for any budget burn > 50%
+
+## Measurement
+
+- Uptime tracked via synthetic monitoring (Pingdom / UptimeRobot)
+- Latency tracked via APM (Datadog / New Relic)
+- Error rate from application logs + Sentry
+`},{id:"incident-runbook",name:"Incident Runbook",description:"Incident response runbook with severity levels and escalation",defaultPath:"docs/incident-runbook.md",category:"monitoring",content:`# Incident Runbook — {{PROJECT_NAME}}
+
+**Last updated:** {{DATE}}
+
+## Severity Levels
+
+| Severity | Definition | Response Time | Example |
+|----------|-----------|---------------|---------|
+| P0 | Complete outage, all users affected | 15 minutes | Site down |
+| P1 | Major feature broken, >50% users affected | 30 minutes | Login broken |
+| P2 | Significant degradation, subset of users | 2 hours | Slow API |
+| P3 | Minor issue, workaround available | Next business day | Cosmetic bug |
+
+## Roles
+
+| Role | Responsibility |
+|------|---------------|
+| Incident Commander (IC) | Owns resolution, coordinates team, communicates status |
+| Tech Lead | Diagnoses root cause, coordinates fixes |
+| Comms Lead | Updates status page, notifies stakeholders |
+
+## Response Process
+
+### 0–15 minutes (Detect & Triage)
+1. Confirm the incident (not a false alarm)
+2. Assign Incident Commander
+3. Create incident Slack channel: \`#incident-YYYYMMDD-description\`
+4. Set severity level
+5. Start incident timeline document
+
+### 15–60 minutes (Investigate)
+1. Identify scope: what's broken, who's affected
+2. Check recent deployments (\`git log\`, deployment history)
+3. Review error rates and logs
+4. Consider rollback if recent deploy is suspected
+
+### Mitigation
+1. Apply fix or rollback
+2. Monitor for improvement
+3. Update status page
+4. Notify stakeholders
+
+## Post-Incident Checklist
+
+- [ ] Incident resolved and verified
+- [ ] Status page updated to "resolved"
+- [ ] Stakeholders notified
+- [ ] Timeline documented
+- [ ] Post-mortem scheduled (P0/P1) or ticket created (P2)
+- [ ] Action items created in project tracker
+`},{id:"postmortem",name:"Postmortem Template",description:"Blameless postmortem template with five-whys and action items",defaultPath:"docs/postmortem-template.md",category:"monitoring",content:`# Postmortem: [Title]
+
+**Date:** {{DATE}}
+**Severity:** P[0-3]
+**Duration:**
+**Author:**
+**Reviewers:**
+
+> This postmortem follows a blameless culture. We focus on systems and processes, not individuals.
+
+## Summary
+
+<!-- 2-3 sentence summary: what happened, why it matters, what we're doing about it -->
+
+## Impact
+
+- **Users affected:**
+- **Duration:**
+- **Revenue impact:**
+- **Data loss:**
+
+## Timeline
+
+| Time (UTC) | Event |
+|------------|-------|
+| 00:00 | Monitoring alert fired |
+| 00:05 | On-call engineer paged |
+| 00:15 | Incident confirmed, IC assigned |
+| 00:30 | Root cause identified |
+| 01:00 | Fix deployed |
+| 01:15 | Incident resolved |
+
+## Root Cause Analysis (Five Whys)
+
+**Problem:** [Describe the issue]
+
+1. **Why?** [First cause]
+2. **Why?** [Second cause]
+3. **Why?** [Third cause]
+4. **Why?** [Fourth cause]
+5. **Why?** [Root cause]
+
+## What Went Well
+
+-
+-
+
+## What Could Have Gone Better
+
+-
+-
+
+## Action Items
+
+| Action | Owner | Due Date | Priority |
+|--------|-------|----------|----------|
+|        |       |          | P[0-3]   |
+
+## Lessons Learned
+
+<!-- Key takeaways to share with the wider team -->
+`}]}};