feat: add hooks and rules

.claude/hooks/auto-format.cjs

@@ -0,0 +1,42 @@
+#!/usr/bin/env node
+/**
+ * PostToolUse hook: auto-formats files after Write or Edit.
+ * Detects file extension and runs the appropriate formatter.
+ * Fails open — formatting errors are silently ignored.
+ */
+"use strict";
+
+const { execSync } = require("child_process");
+const path = require("path");
+
+const FORMATTERS = {
+  ".py": (f) => `ruff check --fix "${f}"`,
+  ".ts": (f) => `npx eslint --fix "${f}"`,
+  ".tsx": (f) => `npx eslint --fix "${f}"`,
+  ".js": (f) => `npx eslint --fix "${f}"`,
+  ".jsx": (f) => `npx eslint --fix "${f}"`,
+};
+
+async function main() {
+  try {
+    let data = "";
+    for await (const chunk of process.stdin) data += chunk;
+    const input = JSON.parse(data);
+
+    const filePath = input?.tool_input?.file_path ?? "";
+    if (!filePath) return;
+
+    const ext = path.extname(filePath).toLowerCase();
+    const formatter = FORMATTERS[ext];
+    if (!formatter) return;
+
+    execSync(formatter(filePath), {
+      stdio: "ignore",
+      timeout: 10000,
+    });
+  } catch {
+    // Fail open — formatting errors should never block work
+  }
+}
+
+main();

.claude/hooks/block-dangerous-commands.cjs

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+/**
+ * PreToolUse hook: blocks dangerous shell commands before execution.
+ * Exit 0 = allow, Exit 2 = block.
+ * Fails open on errors (exit 0) so a hook bug never stalls the session.
+ */
+"use strict";
+
+const DANGEROUS_PATTERNS = [
+  /rm\s+-rf\s+\//,                          // rm -rf /
+  /git\s+push\s+(-f|--force)\s+(origin\s+)?main/, // force push to main
+  /git\s+reset\s+--hard/,                   // hard reset
+  /DROP\s+(TABLE|DATABASE)/i,               // SQL drop
+  /TRUNCATE\s+/i,                           // SQL truncate
+];
+
+async function main() {
+  try {
+    let data = "";
+    for await (const chunk of process.stdin) data += chunk;
+    const input = JSON.parse(data);
+
+    const cmd = input?.tool_input?.command ?? "";
+    for (const pattern of DANGEROUS_PATTERNS) {
+      if (pattern.test(cmd)) {
+        console.error(`BLOCKED: dangerous command detected — ${cmd}`);
+        process.exit(2);
+      }
+    }
+
+    process.exit(0);
+  } catch {
+    // Fail open — never block on hook errors
+    process.exit(0);
+  }
+}
+
+main();

.claude/hooks/notify.cjs

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+/**
+ * Notification hook: cross-platform desktop notification.
+ * Supports macOS (osascript), Linux (notify-send), and Windows (PowerShell).
+ * Fails open — notification errors are silently ignored.
+ */
+"use strict";
+
+const { execSync } = require("child_process");
+const os = require("os");
+
+function notify(title, message) {
+  const platform = os.platform();
+
+  const commands = {
+    darwin: `osascript -e 'display notification "${message}" with title "${title}"'`,
+    linux: `notify-send "${title}" "${message}"`,
+    win32: `powershell.exe -Command "Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('${message}', '${title}', 'OK', 'Information')"`,
+  };
+
+  const cmd = commands[platform];
+  if (cmd) {
+    execSync(cmd, { stdio: "ignore", timeout: 5000 });
+  }
+}
+
+async function main() {
+  try {
+    let data = "";
+    for await (const chunk of process.stdin) data += chunk;
+    const input = JSON.parse(data);
+
+    const message = input?.message ?? "Needs your attention";
+    notify("Claude Code", message);
+  } catch {
+    // Fail open — notification errors should never block work
+  }
+}
+
+main();

.claude/rules/api.md

@@ -0,0 +1,16 @@
+---
+paths:
+  - "src/api/**"
+  - "**/routes/**"
+  - "**/endpoints/**"
+  - "**/controllers/**"
+---
+
+# API Development Rules
+
+- All endpoints must include input validation (Zod for TS, Pydantic for Python)
+- Use standard error response format: `{ error: string, code: number, details?: any }`
+- Return appropriate HTTP status codes — never use 200 for errors
+- Include OpenAPI documentation comments on all endpoints
+- Rate limiting required on all public endpoints
+- Authentication middleware on all protected routes

.claude/rules/frontend.md

@@ -0,0 +1,17 @@
+---
+paths:
+  - "**/*.tsx"
+  - "**/*.jsx"
+  - "src/components/**"
+  - "src/app/**"
+---
+
+# Frontend Rules
+
+- One component per file, named with PascalCase
+- Use Server Components by default in Next.js — add `'use client'` only when needed
+- Tailwind utility classes for styling — avoid inline styles
+- All interactive elements must be keyboard accessible
+- Include `aria-label` on icon-only buttons
+- Use semantic HTML (`<nav>`, `<main>`, `<section>`) over generic `<div>`
+- Images require `alt` text

.claude/rules/migrations.md

@@ -0,0 +1,14 @@
+---
+paths:
+  - "**/migrations/**"
+  - "**/*.migration.*"
+  - "**/alembic/**"
+---
+
+# Database Migration Rules
+
+- Every migration must be reversible — include down/rollback logic
+- Never modify existing migrations — create new ones
+- Add indexes for foreign keys and frequently queried columns
+- Use transactions for multi-step migrations
+- Test migrations against a copy of production data when possible

.claude/rules/security.md

@@ -0,0 +1,12 @@
+# Security Rules
+
+- Never hardcode secrets, API keys, or credentials in source code
+- Use parameterized queries only — never string concatenation for SQL
+- No `eval()`, `new Function()`, or dynamic code execution
+- No `any` types in TypeScript — use proper typing
+- Validate all user inputs at API boundaries
+- Output encoding for all rendered content
+- Secrets via environment variables only
+- No disabled security headers
+- Authentication required on all protected endpoints
+- Rate limiting on public APIs

.claude/rules/testing.md

@@ -0,0 +1,19 @@
+---
+paths:
+  - "**/*.test.*"
+  - "**/*.spec.*"
+  - "**/tests/**"
+  - "**/test_*"
+  - "**/__tests__/**"
+---
+
+# Test Writing Rules
+
+- Python test naming: `test_[function]_[scenario]_[expected]`
+- TypeScript test naming: `describe('[Component]', () => { it('should [behavior]') })`
+- Each test file must have at least one happy path and one error case
+- Mock external dependencies, not internal modules
+- Use factories/fixtures over inline test data
+- Never commit `.skip()` or `.only()` — remove before pushing
+- Minimum coverage: 80% overall, 95% for critical paths
+- Prefer pytest for Python, vitest for TypeScript

.claude/settings.json

@@ -1,4 +1,5 @@
 {
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
   "permissions": {
     "allow": [
       "Bash(git:*)",
@@ -16,21 +17,47 @@
       "Bash(prettier:*)",
       "Bash(tsc:*)",
       "Bash(docker:*)",
-      "Bash(gh:*)",
-      "Read(*)",
-      "Write(*)",
-      "Edit(*)"
+      "Bash(gh:*)"
     ],
-    "deny": []
+    "deny": [
+      "Read(.env*)",
+      "Write(.env*)",
+      "Edit(.env*)",
+      "Read(**/secrets/**)",
+      "Write(**/secrets/**)",
+      "Edit(**/secrets/**)"
+    ]
   },
   "hooks": {
-    "PostToolUse": [
+    "PreToolUse": [
       {
-        "matcher": "Write",
+        "matcher": "Bash",
         "hooks": [
           {
             "type": "command",
-            "command": "if [[ \"$FILE\" == *.py ]]; then ruff check --fix \"$FILE\" 2>/dev/null || true; elif [[ \"$FILE\" == *.ts || \"$FILE\" == *.tsx ]]; then npx eslint --fix \"$FILE\" 2>/dev/null || true; fi"
+            "command": "node .claude/hooks/block-dangerous-commands.cjs"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node .claude/hooks/auto-format.cjs"
+          }
+        ]
+      }
+    ],
+    "Notification": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node .claude/hooks/notify.cjs"
           }
         ]
       }