PyPI - claude-code-kit - Versions diffs - 0.7.0__py3-none-any.whl - Mend

claude-code-kit 0.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

claude_code_kit-0.7.0.dist-info/METADATA +384 -0
claude_code_kit-0.7.0.dist-info/RECORD +209 -0
claude_code_kit-0.7.0.dist-info/WHEEL +4 -0
claude_code_kit-0.7.0.dist-info/entry_points.txt +4 -0
claude_code_kit-0.7.0.dist-info/licenses/LICENSE +21 -0
claude_kit/__init__.py +10 -0
claude_kit/__main__.py +8 -0
claude_kit/_payload/agents/acceptance-reviewer.md +60 -0
claude_kit/_payload/agents/auditor.md +76 -0
claude_kit/_payload/agents/dependency-scanner.md +84 -0
claude_kit/_payload/agents/developer.md +187 -0
claude_kit/_payload/agents/devils-advocate.md +62 -0
claude_kit/_payload/agents/devops-engineer.md +134 -0
claude_kit/_payload/agents/e2e-tester.md +152 -0
claude_kit/_payload/agents/em-reviewer.md +105 -0
claude_kit/_payload/agents/incident-responder.md +64 -0
claude_kit/_payload/agents/merge-reviewer.md +194 -0
claude_kit/_payload/agents/observability-engineer.md +94 -0
claude_kit/_payload/agents/orchestrator.md +551 -0
claude_kit/_payload/agents/owasp-reviewer.md +76 -0
claude_kit/_payload/agents/policy-validator.md +63 -0
claude_kit/_payload/agents/pr-raiser.md +138 -0
claude_kit/_payload/agents/risk-classifier.md +50 -0
claude_kit/_payload/agents/sdlc-code-reviewer.md +196 -0
claude_kit/_payload/agents/secret-scanner.md +70 -0
claude_kit/_payload/agents/security-reviewer.md +80 -0
claude_kit/_payload/agents/senior-backend-dev.md +199 -0
claude_kit/_payload/agents/senior-frontend-dev.md +181 -0
claude_kit/_payload/agents/senior-tester.md +206 -0
claude_kit/_payload/agents/spec-doc-writer.md +331 -0
claude_kit/_payload/agents/story-planner.md +56 -0
claude_kit/_payload/agents/technical-architect.md +139 -0
claude_kit/_payload/agents/tester.md +193 -0
claude_kit/_payload/agents/ui-designer.md +73 -0
claude_kit/_payload/agents/unit-tester.md +119 -0
claude_kit/_payload/catalog/mcp.yaml +54 -0
claude_kit/_payload/catalog/org.yaml +145 -0
claude_kit/_payload/catalog/profiles.yaml +96 -0
claude_kit/_payload/catalog/stacks.yaml +96 -0
claude_kit/_payload/commands/init.md +36 -0
claude_kit/_payload/commands/sdlc.md +18 -0
claude_kit/_payload/commands/status.md +20 -0
claude_kit/_payload/hooks/hooks.json +58 -0
claude_kit/_payload/hooks/scripts/audit-log.sh +18 -0
claude_kit/_payload/hooks/scripts/guard-secrets.sh +26 -0
claude_kit/_payload/hooks/scripts/lint-fix.sh +38 -0
claude_kit/_payload/hooks/scripts/load-continuity.sh +32 -0
claude_kit/_payload/hooks/scripts/load-learnings.sh +40 -0
claude_kit/_payload/hooks/scripts/type-check.sh +23 -0
claude_kit/_payload/hooks/scripts/validate-frontmatter.sh +34 -0
claude_kit/_payload/hooks/scripts/validate-settings.sh +21 -0
claude_kit/_payload/hooks/scripts/warn-large-edits.sh +24 -0
claude_kit/_payload/hooks/scripts/warn-missing-tests.sh +24 -0
claude_kit/_payload/hooks/scripts/warn-sensitive-files.sh +30 -0
claude_kit/_payload/hooks/scripts/warn-shared-modules.sh +33 -0
claude_kit/_payload/rules/agent-guardrails.md +83 -0
claude_kit/_payload/rules/agent-memory.md +106 -0
claude_kit/_payload/rules/agent-resilience.md +61 -0
claude_kit/_payload/rules/autonomy-levels.md +30 -0
claude_kit/_payload/rules/code-organization.md +312 -0
claude_kit/_payload/rules/continuity.md +84 -0
claude_kit/_payload/rules/design-patterns.md +422 -0
claude_kit/_payload/rules/devops-observability.md +57 -0
claude_kit/_payload/rules/documentation.md +326 -0
claude_kit/_payload/rules/evals.md +62 -0
claude_kit/_payload/rules/frontend-best-practices.md +157 -0
claude_kit/_payload/rules/goal-setting-and-monitoring.md +72 -0
claude_kit/_payload/rules/human-in-the-loop.md +64 -0
claude_kit/_payload/rules/linting-and-formatting.md +220 -0
claude_kit/_payload/rules/mandatory-workflow.md +309 -0
claude_kit/_payload/rules/model-tiers.md +34 -0
claude_kit/_payload/rules/quality-gates.md +107 -0
claude_kit/_payload/rules/rarv-cycle.md +31 -0
claude_kit/_payload/rules/reasoning-techniques.md +62 -0
claude_kit/_payload/rules/responsive-and-accessibility.md +353 -0
claude_kit/_payload/rules/risk-classification.md +36 -0
claude_kit/_payload/rules/testing.md +417 -0
claude_kit/_payload/rules/tool-design.md +66 -0
claude_kit/_payload/skills/_references/accessibility-checklist.md +160 -0
claude_kit/_payload/skills/_references/orchestration-patterns.md +405 -0
claude_kit/_payload/skills/_references/performance-checklist.md +153 -0
claude_kit/_payload/skills/_references/security-checklist.md +134 -0
claude_kit/_payload/skills/_references/testing-patterns.md +236 -0
claude_kit/_payload/skills/accessibility-review/SKILL.md +56 -0
claude_kit/_payload/skills/api-and-interface-design/SKILL.md +294 -0
claude_kit/_payload/skills/api-integration/SKILL.md +348 -0
claude_kit/_payload/skills/archive-sprint/SKILL.md +31 -0
claude_kit/_payload/skills/backlog/SKILL.md +41 -0
claude_kit/_payload/skills/backlog/item-template.md +20 -0
claude_kit/_payload/skills/browser-testing-with-devtools/SKILL.md +302 -0
claude_kit/_payload/skills/ci-cd-and-automation/SKILL.md +402 -0
claude_kit/_payload/skills/code-review-and-quality/SKILL.md +347 -0
claude_kit/_payload/skills/code-simplification/SKILL.md +331 -0
claude_kit/_payload/skills/component-design/SKILL.md +171 -0
claude_kit/_payload/skills/consolidate-learnings/SKILL.md +55 -0
claude_kit/_payload/skills/context-engineering/SKILL.md +321 -0
claude_kit/_payload/skills/debugging-and-error-recovery/SKILL.md +300 -0
claude_kit/_payload/skills/decision/SKILL.md +46 -0
claude_kit/_payload/skills/decision/adr-template.md +36 -0
claude_kit/_payload/skills/deprecation-and-migration/SKILL.md +207 -0
claude_kit/_payload/skills/documentation-and-adrs/SKILL.md +299 -0
claude_kit/_payload/skills/doubt-driven-development/SKILL.md +243 -0
claude_kit/_payload/skills/execute/SKILL.md +27 -0
claude_kit/_payload/skills/frontend-ui-engineering/SKILL.md +328 -0
claude_kit/_payload/skills/git-workflow-and-versioning/SKILL.md +300 -0
claude_kit/_payload/skills/idea-refine/SKILL.md +178 -0
claude_kit/_payload/skills/idea-refine/examples.md +238 -0
claude_kit/_payload/skills/idea-refine/frameworks.md +99 -0
claude_kit/_payload/skills/idea-refine/refinement-criteria.md +113 -0
claude_kit/_payload/skills/idea-refine/scripts/idea-refine.sh +15 -0
claude_kit/_payload/skills/incident-postmortem/SKILL.md +74 -0
claude_kit/_payload/skills/incremental-implementation/SKILL.md +245 -0
claude_kit/_payload/skills/interview-me/SKILL.md +221 -0
claude_kit/_payload/skills/load-testing/SKILL.md +83 -0
claude_kit/_payload/skills/manual-test/SKILL.md +516 -0
claude_kit/_payload/skills/performance-optimization/SKILL.md +277 -0
claude_kit/_payload/skills/planning-and-task-breakdown/SKILL.md +223 -0
claude_kit/_payload/skills/playwright-verification/SKILL.md +205 -0
claude_kit/_payload/skills/refresh-docs/SKILL.md +63 -0
claude_kit/_payload/skills/remember/SKILL.md +96 -0
claude_kit/_payload/skills/scope/SKILL.md +52 -0
claude_kit/_payload/skills/scope/scope-template.md +82 -0
claude_kit/_payload/skills/sdlc/SKILL.md +83 -0
claude_kit/_payload/skills/security-and-hardening/SKILL.md +368 -0
claude_kit/_payload/skills/security-verification/SKILL.md +209 -0
claude_kit/_payload/skills/shipping-and-launch/SKILL.md +309 -0
claude_kit/_payload/skills/smoke-test/SKILL.md +78 -0
claude_kit/_payload/skills/source-driven-development/SKILL.md +195 -0
claude_kit/_payload/skills/spec-driven-development/SKILL.md +200 -0
claude_kit/_payload/skills/sprint/SKILL.md +67 -0
claude_kit/_payload/skills/sprint/sprint-template.md +90 -0
claude_kit/_payload/skills/test-driven-development/SKILL.md +383 -0
claude_kit/_payload/skills/threat-model/SKILL.md +60 -0
claude_kit/_payload/skills/triage/SKILL.md +87 -0
claude_kit/_payload/skills/ui-ux-design/SKILL.md +71 -0
claude_kit/_payload/skills/unit-test/SKILL.md +237 -0
claude_kit/_payload/skills/using-agent-skills/SKILL.md +180 -0
claude_kit/_payload/templates/CLAUDE.md +238 -0
claude_kit/_payload/templates/CLAUDE.stack.md.tmpl +53 -0
claude_kit/_payload/templates/CONTINUITY.template.md +35 -0
claude_kit/_payload/templates/README.claude-sdlc.md.tmpl +219 -0
claude_kit/_payload/templates/agent-memory/MEMORY.md +30 -0
claude_kit/_payload/templates/agent-memory/api/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/architecture/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/debugging/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/gotchas/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/patterns/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/performance/.gitkeep +0 -0
claude_kit/_payload/templates/artifacts/adr.md +18 -0
claude_kit/_payload/templates/artifacts/feature-spec.md +29 -0
claude_kit/_payload/templates/artifacts/release-plan.md +23 -0
claude_kit/_payload/templates/artifacts/runbook.md +24 -0
claude_kit/_payload/templates/artifacts/security-review.md +23 -0
claude_kit/_payload/templates/artifacts/test-plan.md +22 -0
claude_kit/_payload/templates/org/README.md +53 -0
claude_kit/_payload/templates/org/agents/data-workflow-agent.md +59 -0
claude_kit/_payload/templates/org/agents/founder-prototype-agent.md +61 -0
claude_kit/_payload/templates/org/agents/internal-tools-builder.md +63 -0
claude_kit/_payload/templates/org/agents/pm-copilot.md +60 -0
claude_kit/_payload/templates/org/agents/support-ticket-engineer.md +63 -0
claude_kit/_payload/templates/org/packs/devops-and-release/README.md +46 -0
claude_kit/_payload/templates/org/packs/devops-and-release/pack.yaml +32 -0
claude_kit/_payload/templates/org/packs/engineering-core/README.md +46 -0
claude_kit/_payload/templates/org/packs/engineering-core/pack.yaml +44 -0
claude_kit/_payload/templates/org/packs/non-engineer-builder/README.md +53 -0
claude_kit/_payload/templates/org/packs/non-engineer-builder/pack.yaml +39 -0
claude_kit/_payload/templates/org/packs/onboarding-and-docs/README.md +49 -0
claude_kit/_payload/templates/org/packs/onboarding-and-docs/pack.yaml +26 -0
claude_kit/_payload/templates/org/packs/product-to-code/README.md +50 -0
claude_kit/_payload/templates/org/packs/product-to-code/pack.yaml +34 -0
claude_kit/_payload/templates/org/packs/quality-and-review/README.md +53 -0
claude_kit/_payload/templates/org/packs/quality-and-review/pack.yaml +40 -0
claude_kit/_payload/templates/org/packs/security-and-compliance/README.md +50 -0
claude_kit/_payload/templates/org/packs/security-and-compliance/pack.yaml +36 -0
claude_kit/_payload/templates/org/rules/ai-working-agreement.md +45 -0
claude_kit/_payload/templates/org/rules/ambiguity-resolution.md +36 -0
claude_kit/_payload/templates/org/rules/branch-and-pr-policy.md +41 -0
claude_kit/_payload/templates/org/rules/compliance-policy.md +50 -0
claude_kit/_payload/templates/org/rules/non-engineer-safe-coding.md +37 -0
claude_kit/_payload/templates/org/rules/pii-policy.md +46 -0
claude_kit/_payload/templates/org/rules/production-data-policy.md +35 -0
claude_kit/_payload/templates/org/rules/prompt-to-task-conversion.md +30 -0
claude_kit/_payload/templates/org/rules/prototype-boundaries.md +40 -0
claude_kit/_payload/templates/org/rules/secrets-policy.md +34 -0
claude_kit/_payload/templates/org/skills/customer-issue-to-fix/SKILL.md +61 -0
claude_kit/_payload/templates/org/skills/feature-from-idea/SKILL.md +56 -0
claude_kit/_payload/templates/org/skills/prompt-to-safe-task/SKILL.md +59 -0
claude_kit/_payload/templates/org/skills/prototype-to-production/SKILL.md +61 -0
claude_kit/_payload/templates/org/skills/repo-onboarding/SKILL.md +60 -0
claude_kit/_payload/templates/settings.json +53 -0
claude_kit/_payload/templates/stacks/backend/python/fastapi/rules/fastapi-patterns.md +64 -0
claude_kit/_payload/templates/stacks/db/mongodb/agents/migration-specialist.md +61 -0
claude_kit/_payload/templates/stacks/db/mongodb/agents/mongodb-specialist.md +59 -0
claude_kit/_payload/templates/stacks/db/mongodb/rules/mongodb-patterns.md +39 -0
claude_kit/_payload/templates/stacks/db/postgres/agents/db-performance-reviewer.md +66 -0
claude_kit/_payload/templates/stacks/db/postgres/agents/migration-specialist.md +56 -0
claude_kit/_payload/templates/stacks/db/postgres/agents/postgres-specialist.md +58 -0
claude_kit/_payload/templates/stacks/db/postgres/rules/database-performance.md +64 -0
claude_kit/_payload/templates/stacks/db/postgres/rules/postgres-patterns.md +43 -0
claude_kit/_payload/templates/stacks/frontend/react/rules/react-patterns.md +63 -0
claude_kit/catalog.py +476 -0
claude_kit/cli.py +327 -0
claude_kit/hooks.py +246 -0
claude_kit/models.py +205 -0
claude_kit/prompts.py +209 -0
claude_kit/render.py +146 -0
claude_kit/scaffold.py +492 -0
claude_kit/upgrader.py +294 -0
claude_kit/validator.py +197 -0

claude_kit/_payload/rules/design-patterns.md ADDED Viewed

@@ -0,0 +1,422 @@
+# Design Patterns
+Mandatory design patterns for backend and frontend code. Apply the appropriate pattern whenever the described situation arises.
+**Async-first consideration:** When your project uses async I/O (async/await, promises, event loops), all patterns below should be implemented with async primitives. No blocking I/O should exist in the request path. See `.claude/rules/code-organization.md` for async architecture guidance.
+---
+## Backend Patterns
+### 1. Repository Pattern
+**When:** Any database access.
+**Why:** Isolate data access logic from business rules. Makes services testable without DB.
+```
+<domain>/<resource>/
+├── repository.{ext}   ← Repository (DB I/O only)
+├── service.{ext}      ← Service (business rules)
+├── handler.{ext}      ← Router/handler (HTTP interface)
+└── schemas.{ext}      ← Typed request/response schemas
+```
+**Rules:**
+- Repository functions accept a database connection/session as first param
+- Repositories return domain objects or `None`/`null` — never raise HTTP-level exceptions
+- Repositories never commit — they call `flush()` or equivalent at most
+- One repository per domain aggregate (User, Organization, Tenant)
+**Example (Python with async ORM):**
+```python
+# repository.py
+async def get_by_email(db: AsyncSession, email: str) -> User | None:
+    stmt = select(User).where(User.email == email.lower())
+    result = await db.execute(stmt)
+    return result.scalar_one_or_none()
+async def create(db: AsyncSession, **fields: Any) -> User:
+    user = User(**fields)
+    db.add(user)
+    await db.flush()
+    return user
+```
+**Example (TypeScript/Node with Prisma):**
+```typescript
+// repository.ts
+async function getByEmail(db: PrismaClient, email: string): Promise<User | null> {
+  return db.user.findUnique({ where: { email: email.toLowerCase() } });
+}
+async function create(db: PrismaClient, fields: CreateUserData): Promise<User> {
+  return db.user.create({ data: fields });
+}
+```
+### 2. Service Layer Pattern
+**When:** Any business logic that involves validation, orchestration, or side effects.
+**Why:** Keeps handlers thin. Business rules live in one testable place.
+**Rules:**
+- Services call repositories for DB access
+- Services raise HTTP-level exceptions (or return error types) for user-facing errors
+- Services own the transaction commit — not repositories, not handlers
+- Services accept typed schemas or primitives as input — never raw dictionaries/objects
+- Services can call multiple repositories in a single operation
+**Example (Python):**
+```python
+# service.py
+async def create_user(
+    db: AsyncSession,
+    payload: UserCreate,
+    *,
+    actor: User,
+) -> User:
+    if await repository.get_by_email(db, payload.email):
+        raise HTTPException(status_code=409, detail="email already registered")
+    user = await repository.create(
+        db,
+        email=payload.email,
+        password_hash=hash_password(payload.password),
+        organization_id=actor.organization_id,
+    )
+    await db.commit()
+    return user
+```
+**Example (TypeScript/Node):**
+```typescript
+// service.ts
+async function createUser(
+  db: PrismaClient,
+  payload: UserCreate,
+  actor: User
+): Promise<User> {
+  const existing = await repository.getByEmail(db, payload.email);
+  if (existing) {
+    throw new ConflictError("email already registered");
+  }
+  const user = await repository.create(db, {
+    email: payload.email,
+    passwordHash: hashPassword(payload.password),
+    organizationId: actor.organizationId,
+  });
+  return user;
+}
+```
+### 3. Dependency Injection
+**When:** Any cross-cutting concern — auth, DB session, permissions, rate limiting.
+**Why:** Composable, testable, declarative dependencies.
+**Rules:**
+- Reusable deps in a common dependencies module or per-domain deps file
+- Named clearly: `getCurrentUser`, `getDbSession`, `requireRole("admin")`
+- Order in handler signature: request artifacts → auth → authorization → DB/cache clients
+- Never instantiate services or sessions manually inside handlers — always via dependency injection
+**Example (FastAPI with Depends):**
+```python
+@router.post("", response_model=UserRead, status_code=201)
+async def create_user(
+    payload: UserCreate,
+    current_user: User = Depends(get_current_user),
+    _: None = Depends(require_role("org_admin")),
+    db: AsyncSession = Depends(get_db_session),
+) -> UserRead:
+    user = await service.create_user(db, payload, actor=current_user)
+    return UserRead.model_validate(user)
+```
+**Example (NestJS with decorators):**
+```typescript
+@Post()
+@UseGuards(AuthGuard, RoleGuard)
+@Roles('org_admin')
+async createUser(
+  @Body() payload: UserCreateDto,
+  @CurrentUser() currentUser: User,
+  @InjectDb() db: PrismaClient,
+): Promise<UserRead> {
+  const user = await this.service.createUser(db, payload, currentUser);
+  return new UserRead(user);
+}
+```
+### 4. Unit of Work
+**When:** Multiple DB operations that must succeed or fail together.
+**Why:** Transactional consistency without explicit transaction management.
+**Rules:**
+- The DB session dependency wraps operations in a transaction — rollback on exception
+- Service layer calls `commit()` at the end of a successful operation
+- Use `flush()` or equivalent when you need a generated ID before commit
+- Never call `commit()` in repository functions
+- For multi-step workflows, keep all operations in the same session/transaction
+### 5. Mixin Pattern (for ORM models)
+**When:** Cross-cutting model fields (timestamps, soft-delete).
+**Why:** DRY — mixins applied once, inherited everywhere.
+**Example (Python with SQLAlchemy):**
+```python
+class User(Base, CreatedAtMixin, UpdatedAtMixin, SoftDeleteMixin):
+    ...
+```
+**Example (TypeScript with TypeORM):**
+```typescript
+@Entity()
+class User extends CreatedAtEntity {
+  // ...
+}
+```
+**Rules:**
+- New cross-cutting fields → add a mixin, don't copy-paste columns
+- Mixins provide column definitions via framework-specific mechanisms
+- Mixins never define relationships — keep them pure column providers
+### 6. Factory Pattern (App Factory)
+**When:** Application setup.
+**Why:** Testability (fresh app per test), configurable middleware/routers.
+**Rules:**
+- Never import a module-level app object — always call a factory function
+- Tests use the factory to create isolated app instances
+**Example (Python):**
+```python
+def get_app() -> Application:
+    app = Application()
+    # configure middleware, routes, etc.
+    return app
+```
+**Example (Node/Express):**
+```typescript
+function createApp(): Express {
+  const app = express();
+  // configure middleware, routes, etc.
+  return app;
+}
+```
+### 7. Strategy Pattern
+**When:** Multiple algorithms for the same operation (e.g., hashing, notification channels, export formats).
+**Why:** Swap behavior without modifying callers.
+**Example (Python with Protocol):**
+```python
+from typing import Protocol
+class PasswordHasher(Protocol):
+    def hash(self, password: str) -> str: ...
+    def verify(self, password: str, hash: str) -> bool: ...
+class StrongHasher:
+    def hash(self, password: str) -> str: ...
+    def verify(self, password: str, hash: str) -> bool: ...
+```
+**Example (TypeScript with interface):**
+```typescript
+interface PasswordHasher {
+  hash(password: string): string;
+  verify(password: string, hash: string): boolean;
+}
+class StrongHasher implements PasswordHasher {
+  hash(password: string): string { /* ... */ }
+  verify(password: string, hash: string): boolean { /* ... */ }
+}
+```
+**Rules:**
+- Use interface/protocol for strategy contracts
+- Inject via dependency — not hardcoded `if/else` chains
+- Use when there are 2+ interchangeable implementations
+### 8. Enum Pattern
+**When:** Constrained string fields with a known set of values (roles, statuses, types).
+**Why:** Type safety, autocomplete, no magic strings.
+**Example (Python):**
+```python
+class UserRole(str, Enum):
+    SYS_ADMIN = "sys_admin"
+    ORG_ADMIN = "org_admin"
+    MEMBER = "member"
+```
+**Example (TypeScript):**
+```typescript
+enum UserRole {
+  SYS_ADMIN = "sys_admin",
+  ORG_ADMIN = "org_admin",
+  MEMBER = "member",
+}
+```
+**Rules:**
+- Always use string-based enums for JSON-serializable values
+- Use enums in typed schemas and data models
+- Never compare with raw strings: `if role == "admin"` → `if role == UserRole.SYS_ADMIN`
+---
+## Frontend Patterns
+### 9. Container / Presentational Split
+**When:** A component both fetches data and renders UI.
+**Why:** Separation of concerns — data logic vs display logic.
+```
+src/pages/UsersPage.{ext}         ← Container (data fetching, state)
+src/components/UserList.{ext}     ← Presentational (props → UI)
+src/components/UserCard.{ext}     ← Presentational (props → UI)
+```
+**Rules:**
+- Pages/containers own data fetching and state
+- Components are presentational — they receive props and render
+- Presentational components are pure functions where possible
+### 10. Custom Hook Pattern (React/Vue composables)
+**When:** Shared stateful logic across components.
+**Why:** Reusable, testable state logic extracted from components.
+**Example (React):**
+```typescript
+// hooks/useAuth.ts
+export function useAuth() {
+  const user = useAuthStore((s) => s.user);
+  const logout = useAuthStore((s) => s.logout);
+  return { user, isAuthenticated: !!user, logout };
+}
+```
+**Example (Vue):**
+```typescript
+// composables/useAuth.ts
+export function useAuth() {
+  const store = useAuthStore();
+  return {
+    user: computed(() => store.user),
+    isAuthenticated: computed(() => !!store.user),
+    logout: () => store.logout(),
+  };
+}
+```
+**Rules:**
+- One concern per hook/composable
+- Return stable references (memoize functions where needed)
+- Name as `use<Purpose>` — `useAuth`, `usePagination`, `useDebounce`
+### 11. Store Pattern
+**When:** Shared state across components that isn't server-state.
+**Why:** Simple, minimal boilerplate, good type support.
+**Example (with client state library):**
+```typescript
+interface AuthState {
+  user: User | null;
+  setUser: (user: User | null) => void;
+  logout: () => void;
+}
+export const useAuthStore = createStore<AuthState>({
+  user: null,
+  setUser: (user) => ({ user }),
+  logout: () => ({ user: null }),
+});
+```
+**Rules:**
+- Always use selectors: `useStore((s) => s.value)` — never `useStore()` (full state)
+- Never create new objects/arrays inside selectors
+- Actions are stable references — exclude from dependency arrays
+- One store per concern — don't dump everything in one god-store
+### 12. API Client Pattern
+**When:** Any HTTP call from the frontend.
+**Why:** Centralized error handling, auth, base URL.
+**Example:**
+```typescript
+// lib/api.ts
+import axios from "axios";
+const api = axios.create({
+  baseURL: import.meta.env.VITE_API_BASE_URL || "http://localhost:8000",
+  withCredentials: true,  // session cookies
+});
+api.interceptors.response.use(
+  (response) => response,
+  (error) => {
+    if (error.response?.status === 401) {
+      // redirect to login
+    }
+    return Promise.reject(error);
+  },
+);
+export default api;
+```
+**Rules:**
+- One shared HTTP client instance — don't create clients per request
+- Configure global interceptors for auth expiry
+- Per-domain API modules for organized endpoints: `lib/users.ts`, `lib/orgs.ts`
+### 13. Error Boundary Pattern
+**When:** Any page or major section that could throw during render.
+**Why:** Graceful degradation — don't crash the entire app.
+**Rules:**
+- Wrap each route-level page in an error boundary
+- Show a user-friendly error message — not a blank screen
+- Log the error for observability
+---
+## Anti-Patterns (DO NOT)
+### Backend
+- ❌ **God service** — one service that does everything. Split by domain.
+- ❌ **Anemic domain** — models are just data bags with all logic in utilities. Put behavior near data.
+- ❌ **Business logic in handlers** — handlers are thin wrappers. Logic goes in services.
+- ❌ **Repository that raises HTTP exceptions** — repositories return data or None/null.
+- ❌ **Raw dict/object passing** — use typed schemas or data classes for structured data.
+- ❌ **Hardcoded magic strings** — use Enums or constants.
+- ❌ **Circular imports** — respect the dependency direction: handler → service → repository → models.
+### Frontend
+- ❌ **Prop drilling 3+ levels deep** — use a state store or context instead.
+- ❌ **Ad-hoc data fetching in effects** — use a data-fetching library or at minimum a dedicated hook.
+- ❌ **God component** — components over 200 lines should be split.
+- ❌ **Inline styles** — use a styling system (CSS modules, utility classes, styled components).
+- ❌ **Direct localStorage for auth** — use secure cookie-based sessions where possible.
+---
+## When to Apply Which Pattern
+| Situation | Pattern |
+|-----------|---------|
+| New API endpoint | Repository + Service + DI + Typed schemas |
+| New DB model | Mixin (if applicable) + Factory (app) + Enum (for constrained fields) |
+| Shared model fields | Mixin (ORM-specific) |
+| Auth/permissions | DI + Strategy (if multiple auth methods) |
+| Multi-step DB operation | Unit of Work |
+| New frontend page | Container/Presentational + Store + API Client |
+| Shared frontend state | Store + Custom Hook |
+| Constrained string values | Enum (backend) or union type (frontend) |
+| Multiple implementations | Strategy (interface/protocol) |
+| Cross-cutting render concern | Error Boundary |

claude_kit/_payload/rules/devops-observability.md ADDED Viewed

@@ -0,0 +1,57 @@
+# DevOps & Observability Phases
+Two delivery-side phases that run **after** the test-coverage merge gate (MR3 VERIFIED) and **before** the PR Raiser, so that pipeline and observability artifacts ship *inside* the same PR as the code. They are owned by dedicated agents and each has its own quality gate.
+```
+... MR3 (test coverage VERIFIED)
+      -> [DevOps]        devops-engineer        -> Gate: Pipeline Green
+      -> [Observability] observability-engineer -> Gate: Observability Ready
+      -> PR Raiser
+```
+## When these phases run (conditional)
+Run them when the change touches a **deployable or observable surface**:
+- a new/changed endpoint, service, container, dependency, env var, port, or migration;
+- anything that adds a user-facing critical path worth an SLO or an alert.
+**Skip (note in CONTINUITY.md why)** for pure-internal changes with no deployment or observability surface — a refactor behind an unchanged interface, a copy tweak, a test-only change. Fast-track (Mode D) skips both unless infra/observability is the actual subject of the fix.
+---
+## Phase: DevOps  ·  Agent: `devops-engineer`  ·  Gate: **Pipeline Green**
+Owns the infra seam (containerization, orchestration, migrations-at-boot, ports, CORS, env). For a feature, it ensures the change is **buildable and deployable**, not just runnable on the author's machine.
+**Pipeline Green passes when:**
+- [ ] CI config is valid and includes lint + type-check + unit tests for the changed stack(s) (CI pipeline config files — editing those requires user approval per CLAUDE.md).
+- [ ] Container orchestration config resolves; a clean rebuild and restart brings all services up **healthy**.
+- [ ] New env vars are in the project's settings/config, orchestration config, `.env.example`, and the README table.
+- [ ] Migrations (if applicable) apply cleanly at boot and have a working rollback/downgrade.
+- [ ] A short **runbook** entry exists for anything operationally new (how to deploy it, how to roll it back).
+- [ ] No secrets committed; ports/CORS changes reflected in README.
+Findings classified by `.claude/rules/quality-gates.md` severity; Critical/High/Medium block.
+---
+## Phase: Observability  ·  Agent: `observability-engineer`  ·  Gate: **Observability Ready**
+Ensures the feature is **operable in production**: you can tell when it breaks and why. Builds on the project's existing health endpoints and structured logging.
+**Observability Ready passes when:**
+- [ ] **SLOs/SLIs** defined for each critical user journey the feature adds (e.g., "p95 endpoint latency < 200ms", "login success rate ≥ 99.5%").
+- [ ] **Health/readiness** — any new external dependency (database, cache, third-party service) is reflected in the readiness check; liveness stays dependency-free.
+- [ ] **Structured logging** — new state changes log via the project's structured logger as JSON key-values, semantic event names, **no secrets/PII**; error paths log at `error`/`exception` level.
+- [ ] **Alerts** — alert rules defined for the feature's failure modes (error-rate spike, latency breach, dependency down) with a severity and an owner.
+- [ ] **Traceability** — correlation/request id flows through new code paths where the stack supports it.
+Findings classified by `.claude/rules/quality-gates.md` severity; Critical/High/Medium block.
+---
+## Notes
+- Both agents follow the **RARV cycle** (`.claude/rules/rarv-cycle.md`) and update `CONTINUITY.md` at handoff.
+- Neither agent writes application business logic — they own infra and operability only. Logic gaps go back to the relevant dev lane.
+- Editing CI pipeline config, package manifests, or other project-wide files still requires explicit user approval (CLAUDE.md §"Files that require user approval").