25 Commits

  • feat: add Rails 8 application CLAUDE.md example (#2258)
    * feat: add Rails 8 application CLAUDE.md example
    
    Adds examples/rails-app-CLAUDE.md as a reference template for Rails 8 applications.
    
    - Add examples/rails-app-CLAUDE.md: full-stack Rails 8 template covering Hotwire (Turbo + Stimulus), ViewComponent, the Solid stack (SolidQueue, SolidCache, SolidCable), service objects, query objects, and Pundit authorization
    - Aligns with existing rules/ruby/ conventions (Rails Way first, SolidQueue for greenfield, Hotwire-preferred, Rails 8 generated authentication)
    - Includes five Key Patterns code blocks: service object, skinny controller, query object, background job, RSpec test
    
    	new file:   examples/rails-app-CLAUDE.md
    
    * fix(examples): correct Rails 8 CLAUDE.md examples for auth, transactions, and terminology
    
    - Remove Django `select_related` terminology in favor of direct Rails methods
    - Replace `authenticate_user!` (Devise-only) with `require_authentication` (Rails 8 generator default), with inline comment noting Devise as the alternative
    - Move `send_notifications` outside the transaction block in the service object example so it only runs after a confirmed commit; safe with both SolidQueue and Sidekiq
    - Remove `puts` from the N+1 BAD/GOOD example to align with the Ruby Conventions rule that bans `puts` in committed code
    
    * fix(examples): improve idempotency, notification handling, and job argument guidance
    
    - Wrap send_notifications in its own rescue block so notification failures are logged but do not raise out of the service object, preserving the Result-based error handling pattern
    - Update the background job example to show an idempotency_key passed to the external API call, so the example is retry-safe by default rather than relying on a comment to flag the limitation
    - Add a Background Jobs rule about pairing local idempotency checks with API-level idempotency tokens and considering with_lock for high-concurrency scenarios
    - Soften the absolute "never records" claim for job arguments to explain the real reason (ActiveJob::DeserializationError when records are deleted between enqueue and execute)
    
    * fix(examples): use exported_at.present? to match the column the example writes
    
    The previous `exported?` check assumed a predicate method on the model that this example does not define. Using `exported_at.present?` keeps the guard consistent with the column the next line writes to in `update!(exported_at: Time.current)`.
  • docs: add prompt defense baselines
    Add compact prompt-defense baselines to active ECC prompt surfaces and copied CLAUDE examples. AgentShield prompt-defense findings are now zero; local tests passed 2366/2366.
  • feat: add ECC statusline observability hooks
    Salvages the useful statusline/context monitor work from stale PR #1504 while preserving the current continuous-learning hook runner wiring.
    
    Adds the metrics bridge, context monitor, statusline script, shared cost/session bridge utilities, and tests. Fixes the reviewed false loop-detection hash collision for non-file tools, avoids default-session cost inflation, sanitizes statusline task lookup, and records hook payload session IDs in cost-tracker.
  • feat: add GAN-style generator-evaluator harness (#1029)
    Implements Anthropic's March 2026 harness design pattern — a multi-agent
    architecture that separates generation from evaluation, creating an
    adversarial feedback loop that produces production-quality applications.
    
    Components:
    - 3 agent definitions (planner, generator, evaluator)
    - 1 skill with full documentation (skills/gan-style-harness/)
    - 2 commands (gan-build for full apps, gan-design for frontend)
    - 1 shell orchestrator (scripts/gan-harness.sh)
    - Examples and configuration reference
    
    Based on: https://www.anthropic.com/engineering/harness-design-long-running-apps
    
    Co-authored-by: Hao Chen <haochen806@gmail.com>
  • feat: add laravel skills (#420)
    * feat: add laravel skills
    
    * docs: fix laravel patterns example
    
    * docs: add laravel api example
    
    * docs: update readme and configure-ecc for laravel skills
    
    * docs: reference laravel skills in php rules
    
    * docs: add php import guidance
    
    * docs: expand laravel skills with more pattern, security, testing, and verification examples
    
    * docs: add laravel routing, security, testing, and sail guidance
    
    * docs: fix laravel example issues from code review
    
    * docs: fix laravel examples and skills per review findings
    
    * docs: resolve remaining laravel review fixes
    
    * docs: refine laravel patterns and tdd guidance
    
    * docs: clarify laravel queue healthcheck guidance
    
    * docs: fix laravel examples and test guidance
    
    * docs: correct laravel tdd and api example details
    
    * docs: align laravel form request auth semantics
    
    * docs: fix laravel coverage, imports, and scope guidance
    
    * docs: align laravel tdd and security examples with guidance
    
    * docs: tighten laravel form request authorization examples
    
    * docs: fix laravel tdd and queue job examples
    
    * docs: harden laravel rate limiting and policy examples
    
    * docs: fix laravel pagination, validation, and verification examples
    
    * docs: align laravel controller response with envelope
    
    * docs: strengthen laravel password validation example
    
    * docs: address feedback regarding examples
    
    * docs: improve guidance and examples for pest usage
    
    * docs: clarify laravel upload storage and authorization notes
    
    * docs: tighten up examples
  • feat: add Cursor, Codex, and OpenCode harnesses — maximize every AI coding tool
    - AGENTS.md: universal cross-tool file read by Claude Code, Cursor, Codex, and OpenCode
    - .cursor/: 15 hook events via hooks.json, 16 hook scripts with DRY adapter pattern,
      29 rules (9 common + 20 language-specific) with Cursor YAML frontmatter
    - .codex/: reference config.toml, Codex-specific AGENTS.md supplement,
      10 skills ported to .agents/skills/ with openai.yaml metadata
    - .opencode/: 3 new tools (format-code, lint-check, git-summary), 3 new hooks
      (shell.env, experimental.session.compacting, permission.ask), expanded instructions,
      version bumped to 1.6.0
    - README: fixed Cursor section, added Codex section, added cross-tool parity table
    - install.sh: now copies hooks.json + hooks/ for --target cursor
  • chore: update Sonnet model references from 4.5 to 4.6
    Update MODEL_SONNET constant and all documentation references
    to reflect the new claude-sonnet-4-6 model version.
  • docs: enhance 5 thin commands and add Rust API example
    Commands enhanced with multi-language support, error recovery strategies,
    and structured step-by-step workflows:
    - build-fix: build system detection table, fix loop, recovery strategies
    - test-coverage: framework detection, test generation rules, before/after report
    - refactor-clean: safety tiers (SAFE/CAUTION/DANGER), multi-language tools
    - update-codemaps: codemap format spec, diff detection, metadata headers
    - update-docs: source-of-truth mapping, staleness checks, generated markers
    
    New example:
    - rust-api-CLAUDE.md: Axum + SQLx + PostgreSQL with layered architecture,
      thiserror patterns, compile-time SQL verification, integration test examples
  • docs: add hooks guide, expand planner agent, add Django example
    - Add hooks/README.md: comprehensive hook documentation with input schema,
      customization guide, 4 ready-to-use hook recipes, and cross-platform notes
    - Expand planner agent with full worked example (Stripe subscriptions plan)
      and sizing/phasing guidance (119 → 212 lines)
    - Add Django REST API example config (DRF + Celery + pytest + Factory Boy)
    - Update README directory tree with new files
  • docs: expand Spring Boot skills and add Go microservice example
    - springboot-security: add code examples for authorization, input validation,
      SQL injection prevention, password encoding, CORS, rate limiting, and secrets
      management (119 → 261 lines)
    - springboot-verification: add unit test, Testcontainers integration test,
      MockMvc API test patterns, and security scan grep commands (100 → 222 lines)
    - Add Go microservice example (gRPC + PostgreSQL + clean architecture)
    - Update README directory tree with new example
  • docs: improve README with agent guide, FAQ, and fix component counts
    - Fix inaccurate counts: 13 agents (was 15+), 34 skills (was 30+), 31 commands (was 30)
    - Add "Which Agent Should I Use?" decision table with common workflows
    - Add FAQ section addressing top recurring issues (hooks, context window, cross-platform)
    - Add 5 missing skills and 7 missing commands to directory tree listing
    - Expand code-reviewer agent with React/Next.js, Node.js patterns, and confidence filtering
    - Add real-world SaaS example (Next.js + Supabase + Stripe) in examples/
  • Add hooks.md to documentation index (#40)
    Docs: Add hooks.md reference to rules table
  • fix: multiple community-reported issues
    - feat(plugin.json): add agents declaration to make 9 agents visible
      in /agents command (fixes #66, closes PR #67)
    
    - fix(backend-patterns): correct requirePermission HOF pattern to
      properly wrap handlers instead of expecting Request directly
      (fixes #54, closes PR #63)
    
    - docs(user-CLAUDE): add privacy guideline about redacting secrets
      from logs before sharing (fixes #38, closes PR #39)
    
    - fix(eval-harness): add mandatory frontmatter with name, description,
      and tools fields (closes PR #58)
  • feat: add continuous learning skill with session examples
    Stop hook-based pattern extraction - no README, comments in .sh file.
  • Initial release: Complete Claude Code configuration collection
    Battle-tested configs from 10+ months of daily Claude Code usage.
    Won Anthropic x Forum Ventures hackathon building zenith.chat.
    
    Includes:
    - 9 specialized agents (planner, architect, tdd-guide, code-reviewer, etc.)
    - 9 slash commands (tdd, plan, e2e, code-review, etc.)
    - 8 rule files (security, coding-style, testing, git-workflow, etc.)
    - 7 skills (coding-standards, backend-patterns, frontend-patterns, etc.)
    - Hooks configuration (PreToolUse, PostToolUse, Stop)
    - MCP server configurations (15 servers)
    - Plugin/marketplace documentation
    - Example configs (project CLAUDE.md, user CLAUDE.md, statusline)
    
    Read the full guide: https://x.com/affaanmustafa/status/2012378465664745795