PyPI - claude-code-kit - Versions diffs - 0.7.0__py3-none-any.whl - Mend

claude-code-kit 0.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

claude_code_kit-0.7.0.dist-info/METADATA +384 -0
claude_code_kit-0.7.0.dist-info/RECORD +209 -0
claude_code_kit-0.7.0.dist-info/WHEEL +4 -0
claude_code_kit-0.7.0.dist-info/entry_points.txt +4 -0
claude_code_kit-0.7.0.dist-info/licenses/LICENSE +21 -0
claude_kit/__init__.py +10 -0
claude_kit/__main__.py +8 -0
claude_kit/_payload/agents/acceptance-reviewer.md +60 -0
claude_kit/_payload/agents/auditor.md +76 -0
claude_kit/_payload/agents/dependency-scanner.md +84 -0
claude_kit/_payload/agents/developer.md +187 -0
claude_kit/_payload/agents/devils-advocate.md +62 -0
claude_kit/_payload/agents/devops-engineer.md +134 -0
claude_kit/_payload/agents/e2e-tester.md +152 -0
claude_kit/_payload/agents/em-reviewer.md +105 -0
claude_kit/_payload/agents/incident-responder.md +64 -0
claude_kit/_payload/agents/merge-reviewer.md +194 -0
claude_kit/_payload/agents/observability-engineer.md +94 -0
claude_kit/_payload/agents/orchestrator.md +551 -0
claude_kit/_payload/agents/owasp-reviewer.md +76 -0
claude_kit/_payload/agents/policy-validator.md +63 -0
claude_kit/_payload/agents/pr-raiser.md +138 -0
claude_kit/_payload/agents/risk-classifier.md +50 -0
claude_kit/_payload/agents/sdlc-code-reviewer.md +196 -0
claude_kit/_payload/agents/secret-scanner.md +70 -0
claude_kit/_payload/agents/security-reviewer.md +80 -0
claude_kit/_payload/agents/senior-backend-dev.md +199 -0
claude_kit/_payload/agents/senior-frontend-dev.md +181 -0
claude_kit/_payload/agents/senior-tester.md +206 -0
claude_kit/_payload/agents/spec-doc-writer.md +331 -0
claude_kit/_payload/agents/story-planner.md +56 -0
claude_kit/_payload/agents/technical-architect.md +139 -0
claude_kit/_payload/agents/tester.md +193 -0
claude_kit/_payload/agents/ui-designer.md +73 -0
claude_kit/_payload/agents/unit-tester.md +119 -0
claude_kit/_payload/catalog/mcp.yaml +54 -0
claude_kit/_payload/catalog/org.yaml +145 -0
claude_kit/_payload/catalog/profiles.yaml +96 -0
claude_kit/_payload/catalog/stacks.yaml +96 -0
claude_kit/_payload/commands/init.md +36 -0
claude_kit/_payload/commands/sdlc.md +18 -0
claude_kit/_payload/commands/status.md +20 -0
claude_kit/_payload/hooks/hooks.json +58 -0
claude_kit/_payload/hooks/scripts/audit-log.sh +18 -0
claude_kit/_payload/hooks/scripts/guard-secrets.sh +26 -0
claude_kit/_payload/hooks/scripts/lint-fix.sh +38 -0
claude_kit/_payload/hooks/scripts/load-continuity.sh +32 -0
claude_kit/_payload/hooks/scripts/load-learnings.sh +40 -0
claude_kit/_payload/hooks/scripts/type-check.sh +23 -0
claude_kit/_payload/hooks/scripts/validate-frontmatter.sh +34 -0
claude_kit/_payload/hooks/scripts/validate-settings.sh +21 -0
claude_kit/_payload/hooks/scripts/warn-large-edits.sh +24 -0
claude_kit/_payload/hooks/scripts/warn-missing-tests.sh +24 -0
claude_kit/_payload/hooks/scripts/warn-sensitive-files.sh +30 -0
claude_kit/_payload/hooks/scripts/warn-shared-modules.sh +33 -0
claude_kit/_payload/rules/agent-guardrails.md +83 -0
claude_kit/_payload/rules/agent-memory.md +106 -0
claude_kit/_payload/rules/agent-resilience.md +61 -0
claude_kit/_payload/rules/autonomy-levels.md +30 -0
claude_kit/_payload/rules/code-organization.md +312 -0
claude_kit/_payload/rules/continuity.md +84 -0
claude_kit/_payload/rules/design-patterns.md +422 -0
claude_kit/_payload/rules/devops-observability.md +57 -0
claude_kit/_payload/rules/documentation.md +326 -0
claude_kit/_payload/rules/evals.md +62 -0
claude_kit/_payload/rules/frontend-best-practices.md +157 -0
claude_kit/_payload/rules/goal-setting-and-monitoring.md +72 -0
claude_kit/_payload/rules/human-in-the-loop.md +64 -0
claude_kit/_payload/rules/linting-and-formatting.md +220 -0
claude_kit/_payload/rules/mandatory-workflow.md +309 -0
claude_kit/_payload/rules/model-tiers.md +34 -0
claude_kit/_payload/rules/quality-gates.md +107 -0
claude_kit/_payload/rules/rarv-cycle.md +31 -0
claude_kit/_payload/rules/reasoning-techniques.md +62 -0
claude_kit/_payload/rules/responsive-and-accessibility.md +353 -0
claude_kit/_payload/rules/risk-classification.md +36 -0
claude_kit/_payload/rules/testing.md +417 -0
claude_kit/_payload/rules/tool-design.md +66 -0
claude_kit/_payload/skills/_references/accessibility-checklist.md +160 -0
claude_kit/_payload/skills/_references/orchestration-patterns.md +405 -0
claude_kit/_payload/skills/_references/performance-checklist.md +153 -0
claude_kit/_payload/skills/_references/security-checklist.md +134 -0
claude_kit/_payload/skills/_references/testing-patterns.md +236 -0
claude_kit/_payload/skills/accessibility-review/SKILL.md +56 -0
claude_kit/_payload/skills/api-and-interface-design/SKILL.md +294 -0
claude_kit/_payload/skills/api-integration/SKILL.md +348 -0
claude_kit/_payload/skills/archive-sprint/SKILL.md +31 -0
claude_kit/_payload/skills/backlog/SKILL.md +41 -0
claude_kit/_payload/skills/backlog/item-template.md +20 -0
claude_kit/_payload/skills/browser-testing-with-devtools/SKILL.md +302 -0
claude_kit/_payload/skills/ci-cd-and-automation/SKILL.md +402 -0
claude_kit/_payload/skills/code-review-and-quality/SKILL.md +347 -0
claude_kit/_payload/skills/code-simplification/SKILL.md +331 -0
claude_kit/_payload/skills/component-design/SKILL.md +171 -0
claude_kit/_payload/skills/consolidate-learnings/SKILL.md +55 -0
claude_kit/_payload/skills/context-engineering/SKILL.md +321 -0
claude_kit/_payload/skills/debugging-and-error-recovery/SKILL.md +300 -0
claude_kit/_payload/skills/decision/SKILL.md +46 -0
claude_kit/_payload/skills/decision/adr-template.md +36 -0
claude_kit/_payload/skills/deprecation-and-migration/SKILL.md +207 -0
claude_kit/_payload/skills/documentation-and-adrs/SKILL.md +299 -0
claude_kit/_payload/skills/doubt-driven-development/SKILL.md +243 -0
claude_kit/_payload/skills/execute/SKILL.md +27 -0
claude_kit/_payload/skills/frontend-ui-engineering/SKILL.md +328 -0
claude_kit/_payload/skills/git-workflow-and-versioning/SKILL.md +300 -0
claude_kit/_payload/skills/idea-refine/SKILL.md +178 -0
claude_kit/_payload/skills/idea-refine/examples.md +238 -0
claude_kit/_payload/skills/idea-refine/frameworks.md +99 -0
claude_kit/_payload/skills/idea-refine/refinement-criteria.md +113 -0
claude_kit/_payload/skills/idea-refine/scripts/idea-refine.sh +15 -0
claude_kit/_payload/skills/incident-postmortem/SKILL.md +74 -0
claude_kit/_payload/skills/incremental-implementation/SKILL.md +245 -0
claude_kit/_payload/skills/interview-me/SKILL.md +221 -0
claude_kit/_payload/skills/load-testing/SKILL.md +83 -0
claude_kit/_payload/skills/manual-test/SKILL.md +516 -0
claude_kit/_payload/skills/performance-optimization/SKILL.md +277 -0
claude_kit/_payload/skills/planning-and-task-breakdown/SKILL.md +223 -0
claude_kit/_payload/skills/playwright-verification/SKILL.md +205 -0
claude_kit/_payload/skills/refresh-docs/SKILL.md +63 -0
claude_kit/_payload/skills/remember/SKILL.md +96 -0
claude_kit/_payload/skills/scope/SKILL.md +52 -0
claude_kit/_payload/skills/scope/scope-template.md +82 -0
claude_kit/_payload/skills/sdlc/SKILL.md +83 -0
claude_kit/_payload/skills/security-and-hardening/SKILL.md +368 -0
claude_kit/_payload/skills/security-verification/SKILL.md +209 -0
claude_kit/_payload/skills/shipping-and-launch/SKILL.md +309 -0
claude_kit/_payload/skills/smoke-test/SKILL.md +78 -0
claude_kit/_payload/skills/source-driven-development/SKILL.md +195 -0
claude_kit/_payload/skills/spec-driven-development/SKILL.md +200 -0
claude_kit/_payload/skills/sprint/SKILL.md +67 -0
claude_kit/_payload/skills/sprint/sprint-template.md +90 -0
claude_kit/_payload/skills/test-driven-development/SKILL.md +383 -0
claude_kit/_payload/skills/threat-model/SKILL.md +60 -0
claude_kit/_payload/skills/triage/SKILL.md +87 -0
claude_kit/_payload/skills/ui-ux-design/SKILL.md +71 -0
claude_kit/_payload/skills/unit-test/SKILL.md +237 -0
claude_kit/_payload/skills/using-agent-skills/SKILL.md +180 -0
claude_kit/_payload/templates/CLAUDE.md +238 -0
claude_kit/_payload/templates/CLAUDE.stack.md.tmpl +53 -0
claude_kit/_payload/templates/CONTINUITY.template.md +35 -0
claude_kit/_payload/templates/README.claude-sdlc.md.tmpl +219 -0
claude_kit/_payload/templates/agent-memory/MEMORY.md +30 -0
claude_kit/_payload/templates/agent-memory/api/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/architecture/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/debugging/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/gotchas/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/patterns/.gitkeep +0 -0
claude_kit/_payload/templates/agent-memory/performance/.gitkeep +0 -0
claude_kit/_payload/templates/artifacts/adr.md +18 -0
claude_kit/_payload/templates/artifacts/feature-spec.md +29 -0
claude_kit/_payload/templates/artifacts/release-plan.md +23 -0
claude_kit/_payload/templates/artifacts/runbook.md +24 -0
claude_kit/_payload/templates/artifacts/security-review.md +23 -0
claude_kit/_payload/templates/artifacts/test-plan.md +22 -0
claude_kit/_payload/templates/org/README.md +53 -0
claude_kit/_payload/templates/org/agents/data-workflow-agent.md +59 -0
claude_kit/_payload/templates/org/agents/founder-prototype-agent.md +61 -0
claude_kit/_payload/templates/org/agents/internal-tools-builder.md +63 -0
claude_kit/_payload/templates/org/agents/pm-copilot.md +60 -0
claude_kit/_payload/templates/org/agents/support-ticket-engineer.md +63 -0
claude_kit/_payload/templates/org/packs/devops-and-release/README.md +46 -0
claude_kit/_payload/templates/org/packs/devops-and-release/pack.yaml +32 -0
claude_kit/_payload/templates/org/packs/engineering-core/README.md +46 -0
claude_kit/_payload/templates/org/packs/engineering-core/pack.yaml +44 -0
claude_kit/_payload/templates/org/packs/non-engineer-builder/README.md +53 -0
claude_kit/_payload/templates/org/packs/non-engineer-builder/pack.yaml +39 -0
claude_kit/_payload/templates/org/packs/onboarding-and-docs/README.md +49 -0
claude_kit/_payload/templates/org/packs/onboarding-and-docs/pack.yaml +26 -0
claude_kit/_payload/templates/org/packs/product-to-code/README.md +50 -0
claude_kit/_payload/templates/org/packs/product-to-code/pack.yaml +34 -0
claude_kit/_payload/templates/org/packs/quality-and-review/README.md +53 -0
claude_kit/_payload/templates/org/packs/quality-and-review/pack.yaml +40 -0
claude_kit/_payload/templates/org/packs/security-and-compliance/README.md +50 -0
claude_kit/_payload/templates/org/packs/security-and-compliance/pack.yaml +36 -0
claude_kit/_payload/templates/org/rules/ai-working-agreement.md +45 -0
claude_kit/_payload/templates/org/rules/ambiguity-resolution.md +36 -0
claude_kit/_payload/templates/org/rules/branch-and-pr-policy.md +41 -0
claude_kit/_payload/templates/org/rules/compliance-policy.md +50 -0
claude_kit/_payload/templates/org/rules/non-engineer-safe-coding.md +37 -0
claude_kit/_payload/templates/org/rules/pii-policy.md +46 -0
claude_kit/_payload/templates/org/rules/production-data-policy.md +35 -0
claude_kit/_payload/templates/org/rules/prompt-to-task-conversion.md +30 -0
claude_kit/_payload/templates/org/rules/prototype-boundaries.md +40 -0
claude_kit/_payload/templates/org/rules/secrets-policy.md +34 -0
claude_kit/_payload/templates/org/skills/customer-issue-to-fix/SKILL.md +61 -0
claude_kit/_payload/templates/org/skills/feature-from-idea/SKILL.md +56 -0
claude_kit/_payload/templates/org/skills/prompt-to-safe-task/SKILL.md +59 -0
claude_kit/_payload/templates/org/skills/prototype-to-production/SKILL.md +61 -0
claude_kit/_payload/templates/org/skills/repo-onboarding/SKILL.md +60 -0
claude_kit/_payload/templates/settings.json +53 -0
claude_kit/_payload/templates/stacks/backend/python/fastapi/rules/fastapi-patterns.md +64 -0
claude_kit/_payload/templates/stacks/db/mongodb/agents/migration-specialist.md +61 -0
claude_kit/_payload/templates/stacks/db/mongodb/agents/mongodb-specialist.md +59 -0
claude_kit/_payload/templates/stacks/db/mongodb/rules/mongodb-patterns.md +39 -0
claude_kit/_payload/templates/stacks/db/postgres/agents/db-performance-reviewer.md +66 -0
claude_kit/_payload/templates/stacks/db/postgres/agents/migration-specialist.md +56 -0
claude_kit/_payload/templates/stacks/db/postgres/agents/postgres-specialist.md +58 -0
claude_kit/_payload/templates/stacks/db/postgres/rules/database-performance.md +64 -0
claude_kit/_payload/templates/stacks/db/postgres/rules/postgres-patterns.md +43 -0
claude_kit/_payload/templates/stacks/frontend/react/rules/react-patterns.md +63 -0
claude_kit/catalog.py +476 -0
claude_kit/cli.py +327 -0
claude_kit/hooks.py +246 -0
claude_kit/models.py +205 -0
claude_kit/prompts.py +209 -0
claude_kit/render.py +146 -0
claude_kit/scaffold.py +492 -0
claude_kit/upgrader.py +294 -0
claude_kit/validator.py +197 -0

claude_kit/_payload/skills/_references/security-checklist.md ADDED Viewed

@@ -0,0 +1,134 @@
+# Security Checklist
+Quick reference for web application security. Use alongside the `security-and-hardening` skill.
+## Table of Contents
+- [Pre-Commit Checks](#pre-commit-checks)
+- [Authentication](#authentication)
+- [Authorization](#authorization)
+- [Input Validation](#input-validation)
+- [Security Headers](#security-headers)
+- [CORS Configuration](#cors-configuration)
+- [Data Protection](#data-protection)
+- [Dependency Security](#dependency-security)
+- [Error Handling](#error-handling)
+- [OWASP Top 10 Quick Reference](#owasp-top-10-quick-reference)
+## Pre-Commit Checks
+- [ ] No secrets in code (`git diff --cached | grep -i "password\|secret\|api_key\|token"`)
+- [ ] `.gitignore` covers: `.env`, `.env.local`, `*.pem`, `*.key`
+- [ ] `.env.example` uses placeholder values (not real secrets)
+## Authentication
+- [ ] Passwords hashed with bcrypt (≥12 rounds), scrypt, or argon2
+- [ ] Session cookies: `httpOnly`, `secure`, `sameSite: 'lax'`
+- [ ] Session expiration configured (reasonable max-age)
+- [ ] Rate limiting on login endpoint (≤10 attempts per 15 minutes)
+- [ ] Password reset tokens: time-limited (≤1 hour), single-use
+- [ ] Account lockout after repeated failures (optional, with notification)
+- [ ] MFA supported for sensitive operations (optional but recommended)
+## Authorization
+- [ ] Every protected endpoint checks authentication
+- [ ] Every resource access checks ownership/role (prevents IDOR)
+- [ ] Admin endpoints require admin role verification
+- [ ] API keys scoped to minimum necessary permissions
+- [ ] JWT tokens validated (signature, expiration, issuer)
+## Input Validation
+- [ ] All user input validated at system boundaries (API routes, form handlers)
+- [ ] Validation uses allowlists (not denylists)
+- [ ] String lengths constrained (min/max)
+- [ ] Numeric ranges validated
+- [ ] Email, URL, and date formats validated with proper libraries
+- [ ] File uploads: type restricted, size limited, content verified
+- [ ] SQL queries parameterized (no string concatenation)
+- [ ] HTML output encoded (use framework auto-escaping)
+- [ ] URLs validated before redirect (prevent open redirect)
+## Security Headers
+```
+Content-Security-Policy: default-src 'self'; script-src 'self'
+Strict-Transport-Security: max-age=31536000; includeSubDomains
+X-Content-Type-Options: nosniff
+X-Frame-Options: DENY
+X-XSS-Protection: 0  (disabled, rely on CSP)
+Referrer-Policy: strict-origin-when-cross-origin
+Permissions-Policy: camera=(), microphone=(), geolocation=()
+```
+## CORS Configuration
+```typescript
+// Restrictive (recommended)
+cors({
+  origin: ['https://yourdomain.com', 'https://app.yourdomain.com'],
+  credentials: true,
+  methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'],
+  allowedHeaders: ['Content-Type', 'Authorization'],
+})
+// NEVER use in production:
+cors({ origin: '*' })  // Allows any origin
+```
+## Data Protection
+- [ ] Sensitive fields excluded from API responses (`passwordHash`, `resetToken`, etc.)
+- [ ] Sensitive data not logged (passwords, tokens, full CC numbers)
+- [ ] PII encrypted at rest (if required by regulation)
+- [ ] HTTPS for all external communication
+- [ ] Database backups encrypted
+## Dependency Security
+```bash
+# Audit dependencies
+npm audit
+# Fix automatically where possible
+npm audit fix
+# Check for critical vulnerabilities
+npm audit --audit-level=critical
+# Keep dependencies updated
+npx npm-check-updates
+```
+## Error Handling
+```typescript
+// Production: generic error, no internals
+res.status(500).json({
+  error: { code: 'INTERNAL_ERROR', message: 'Something went wrong' }
+});
+// NEVER in production:
+res.status(500).json({
+  error: err.message,
+  stack: err.stack,         // Exposes internals
+  query: err.sql,           // Exposes database details
+});
+```
+## OWASP Top 10 Quick Reference
+| # | Vulnerability | Prevention |
+|---|---|---|
+| 1 | Broken Access Control | Auth checks on every endpoint, ownership verification |
+| 2 | Cryptographic Failures | HTTPS, strong hashing, no secrets in code |
+| 3 | Injection | Parameterized queries, input validation |
+| 4 | Insecure Design | Threat modeling, spec-driven development |
+| 5 | Security Misconfiguration | Security headers, minimal permissions, audit deps |
+| 6 | Vulnerable Components | `npm audit`, keep deps updated, minimal deps |
+| 7 | Auth Failures | Strong passwords, rate limiting, session management |
+| 8 | Data Integrity Failures | Verify updates/dependencies, signed artifacts |
+| 9 | Logging Failures | Log security events, don't log secrets |
+| 10 | SSRF | Validate/allowlist URLs, restrict outbound requests |

claude_kit/_payload/skills/_references/testing-patterns.md ADDED Viewed

@@ -0,0 +1,236 @@
+# Testing Patterns Reference
+Quick reference for common testing patterns across the stack. Use alongside the `test-driven-development` skill.
+## Table of Contents
+- [Test Structure (Arrange-Act-Assert)](#test-structure-arrange-act-assert)
+- [Test Naming Conventions](#test-naming-conventions)
+- [Common Assertions](#common-assertions)
+- [Mocking Patterns](#mocking-patterns)
+- [React/Component Testing](#reactcomponent-testing)
+- [API / Integration Testing](#api--integration-testing)
+- [E2E Testing (Playwright)](#e2e-testing-playwright)
+- [Test Anti-Patterns](#test-anti-patterns)
+## Test Structure (Arrange-Act-Assert)
+```typescript
+it('describes expected behavior', () => {
+  // Arrange: Set up test data and preconditions
+  const input = { title: 'Test Task', priority: 'high' };
+  // Act: Perform the action being tested
+  const result = createTask(input);
+  // Assert: Verify the outcome
+  expect(result.title).toBe('Test Task');
+  expect(result.priority).toBe('high');
+  expect(result.status).toBe('pending');
+});
+```
+## Test Naming Conventions
+```typescript
+// Pattern: [unit] [expected behavior] [condition]
+describe('TaskService.createTask', () => {
+  it('creates a task with default pending status', () => {});
+  it('throws ValidationError when title is empty', () => {});
+  it('trims whitespace from title', () => {});
+  it('generates a unique ID for each task', () => {});
+});
+```
+## Common Assertions
+```typescript
+// Equality
+expect(result).toBe(expected);           // Strict equality (===)
+expect(result).toEqual(expected);        // Deep equality (objects/arrays)
+expect(result).toStrictEqual(expected);  // Deep equality + type matching
+// Truthiness
+expect(result).toBeTruthy();
+expect(result).toBeFalsy();
+expect(result).toBeNull();
+expect(result).toBeDefined();
+expect(result).toBeUndefined();
+// Numbers
+expect(result).toBeGreaterThan(5);
+expect(result).toBeLessThanOrEqual(10);
+expect(result).toBeCloseTo(0.3, 5);      // Floating point
+// Strings
+expect(result).toMatch(/pattern/);
+expect(result).toContain('substring');
+// Arrays / Objects
+expect(array).toContain(item);
+expect(array).toHaveLength(3);
+expect(object).toHaveProperty('key', 'value');
+// Errors
+expect(() => fn()).toThrow();
+expect(() => fn()).toThrow(ValidationError);
+expect(() => fn()).toThrow('specific message');
+// Async
+await expect(asyncFn()).resolves.toBe(value);
+await expect(asyncFn()).rejects.toThrow(Error);
+```
+## Mocking Patterns
+### Mock Functions
+```typescript
+const mockFn = jest.fn();
+mockFn.mockReturnValue(42);
+mockFn.mockResolvedValue({ data: 'test' });
+mockFn.mockImplementation((x) => x * 2);
+expect(mockFn).toHaveBeenCalled();
+expect(mockFn).toHaveBeenCalledWith('arg1', 'arg2');
+expect(mockFn).toHaveBeenCalledTimes(3);
+```
+### Mock Modules
+```typescript
+// Mock an entire module
+jest.mock('./database', () => ({
+  query: jest.fn().mockResolvedValue([{ id: 1, title: 'Test' }]),
+}));
+// Mock specific exports
+jest.mock('./utils', () => ({
+  ...jest.requireActual('./utils'),
+  generateId: jest.fn().mockReturnValue('test-id'),
+}));
+```
+### Mock at Boundaries Only
+```
+Mock these:                    Don't mock these:
+├── Database calls             ├── Internal utility functions
+├── HTTP requests              ├── Business logic
+├── File system operations     ├── Data transformations
+├── External API calls         ├── Validation functions
+└── Time/Date (when needed)    └── Pure functions
+```
+## React/Component Testing
+```tsx
+import { render, screen, fireEvent, waitFor } from '@testing-library/react';
+describe('TaskForm', () => {
+  it('submits the form with entered data', async () => {
+    const onSubmit = jest.fn();
+    render(<TaskForm onSubmit={onSubmit} />);
+    // Find elements by accessible role/label (not test IDs)
+    await screen.findByRole('textbox', { name: /title/i });
+    fireEvent.change(screen.getByRole('textbox', { name: /title/i }), {
+      target: { value: 'New Task' },
+    });
+    fireEvent.click(screen.getByRole('button', { name: /create/i }));
+    await waitFor(() => {
+      expect(onSubmit).toHaveBeenCalledWith({ title: 'New Task' });
+    });
+  });
+  it('shows validation error for empty title', async () => {
+    render(<TaskForm onSubmit={jest.fn()} />);
+    fireEvent.click(screen.getByRole('button', { name: /create/i }));
+    expect(await screen.findByText(/title is required/i)).toBeInTheDocument();
+  });
+});
+```
+## API / Integration Testing
+```typescript
+import request from 'supertest';
+import { app } from '../src/app';
+describe('POST /api/tasks', () => {
+  it('creates a task and returns 201', async () => {
+    const response = await request(app)
+      .post('/api/tasks')
+      .send({ title: 'Test Task' })
+      .set('Authorization', `Bearer ${testToken}`)
+      .expect(201);
+    expect(response.body).toMatchObject({
+      id: expect.any(String),
+      title: 'Test Task',
+      status: 'pending',
+    });
+  });
+  it('returns 422 for invalid input', async () => {
+    const response = await request(app)
+      .post('/api/tasks')
+      .send({ title: '' })
+      .set('Authorization', `Bearer ${testToken}`)
+      .expect(422);
+    expect(response.body.error.code).toBe('VALIDATION_ERROR');
+  });
+  it('returns 401 without authentication', async () => {
+    await request(app)
+      .post('/api/tasks')
+      .send({ title: 'Test' })
+      .expect(401);
+  });
+});
+```
+## E2E Testing (Playwright)
+```typescript
+import { test, expect } from '@playwright/test';
+test('user can create and complete a task', async ({ page }) => {
+  // Navigate and authenticate
+  await page.goto('/');
+  await page.fill('[name="email"]', 'test@example.com');
+  await page.fill('[name="password"]', 'testpass123');
+  await page.click('button:has-text("Log in")');
+  // Create a task
+  await page.click('button:has-text("New Task")');
+  await page.fill('[name="title"]', 'Buy groceries');
+  await page.click('button:has-text("Create")');
+  // Verify task appears
+  await expect(page.locator('text=Buy groceries')).toBeVisible();
+  // Complete the task
+  await page.click('[aria-label="Complete Buy groceries"]');
+  await expect(page.locator('text=Buy groceries')).toHaveCSS(
+    'text-decoration-line', 'line-through'
+  );
+});
+```
+## Test Anti-Patterns
+| Anti-Pattern | Problem | Better Approach |
+|---|---|---|
+| Testing implementation details | Breaks on refactor | Test inputs/outputs |
+| Snapshot everything | No one reviews snapshot diffs | Assert specific values |
+| Shared mutable state | Tests pollute each other | Setup/teardown per test |
+| Testing third-party code | Wastes time, not your bug | Mock the boundary |
+| Skipping tests to pass CI | Hides real bugs | Fix or delete the test |
+| Using `test.skip` permanently | Dead code | Remove or fix it |
+| Overly broad assertions | Doesn't catch regressions | Be specific |
+| No async error handling | Swallowed errors, false passes | Always `await` async tests |

claude_kit/_payload/skills/accessibility-review/SKILL.md ADDED Viewed

@@ -0,0 +1,56 @@
+---
+name: accessibility-review
+description: Use when reviewing or building UI to check accessibility (WCAG) — keyboard operability, focus management, semantics/ARIA, color contrast, touch-target size, motion, and screen-reader labels. Produces prioritized findings with concrete fixes. Distinct from performance/visual review.
+---
+# Accessibility Review
+Review a UI change (or a whole view) for accessibility and return prioritized, concrete fixes mapped to
+WCAG. Design-and-review companion to `frontend-ui-engineering` and `ui-ux-design`.
+**Risk tier:** low–medium (raise to high if it gates a legally-required compliance surface — see
+`.claude/rules/risk-classification.md`).
+## When to use
+- Reviewing any frontend/UI change, or auditing an existing view before release.
+- The `responsive-and-accessibility.md` rule sets the standards; this skill is the review procedure.
+## Who should use it
+Frontend engineers, the `ui-designer` agent, QA. Designers/PMs can run it for a first pass.
+## Required inputs
+The component/view (file paths or a running URL) and which states matter (loading, empty, error, modal).
+## Ordered questions to ask
+1. Is everything **operable by keyboard** (tab order, visible focus, no traps, Esc closes overlays)?
+2. Is the **semantics** right (native elements over `div` soup, headings in order, landmarks, labels
+   for every control, `alt` for images)?
+3. Do interactive states expose **name/role/value** to assistive tech (ARIA only where native won't do)?
+4. Does **color contrast** meet WCAG AA (text ≥ 4.5:1, large text/UI ≥ 3:1) and is color not the only
+   signal?
+5. Are **touch targets** ≥ 44×44px and is motion reduced under `prefers-reduced-motion`?
+6. Are **dynamic updates** announced (live regions) and **forms** clear (labels, errors tied to inputs)?
+## Agents to delegate to
+`ui-designer` for design-spec gaps; `sdlc-code-reviewer` to land fixes. Reference
+`.claude/skills/_references/accessibility-checklist.md` if present.
+## Quality gates
+No keyboard trap; every control has an accessible name; AA contrast on text/UI; focus visible and
+managed across route/modal changes; target sizes met.
+## Expected outputs
+Prioritized findings (P0 blocks release → P3 polish), each with the element, the WCAG criterion, and the
+exact fix.
+## Stop conditions
+Stop and flag if a fix requires a design change (hand to `ui-designer`) or if a compliance obligation
+makes a P0 a release blocker that needs human sign-off.
+## Example
+```
+/accessibility-review the invite-teammate modal
+→ P0: focus not trapped in modal + Esc doesn't close → add focus trap + Esc handler (WCAG 2.1.2/2.4.3)
+→ P1: "✕" close button has no accessible name → aria-label="Close" (4.1.2)
+→ P2: error text only red → add icon/text prefix (1.4.1); contrast 3.9:1 → darken to ≥4.5:1 (1.4.3)
+```