feat: Add Go/Rust agents, enhance setperms with AI CLIs and git safety

New agents:
- go-expert: Concurrency, interfaces, error handling, idiomatic Go
- rust-expert: Ownership, lifetimes, traits, async patterns, tokio/serde

Enhanced setperms command:
- AI CLI tools: gemini, claude, codex, perplexity
- Git safety guardrails: destructive commands in "ask" list
- Additional tools: dust, btm, tldr, firecrawl, brew
- Full template adds podman, pulumi, flyctl, railway

Settings:
- Cleaned up permissions (removed ad-hoc approvals)
- Added destructive git commands to "ask" list
- Set default output style to Vesper

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.claude/rules/cli-tools.md

@@ -0,0 +1,101 @@
+# CLI Tool Preferences (dev-shell-tools)
+
+ALWAYS prefer modern CLI tools over traditional alternatives.
+
+## File Search & Navigation
+
+| Instead of | Use | Why |
+|------------|-----|-----|
+| `find` | `fd` | 5x faster, respects .gitignore |
+| `grep` | `rg` (ripgrep) | 10x faster, respects .gitignore |
+| `ls` | `eza` | Git status, tree view |
+| `cat` | `bat` | Syntax highlighting |
+| `cd` + manual | `z`/`zoxide` | Frecent directories |
+| `tree` | `eza --tree` | Interactive |
+
+## Data Processing
+
+| Instead of | Use |
+|------------|-----|
+| `sed` | `sd` |
+| Manual JSON | `jq` |
+| Manual YAML | `yq` |
+
+## Git Operations
+
+| Instead of | Use |
+|------------|-----|
+| `git diff` | `delta` or `difft` |
+| Manual git | `lazygit` |
+| GitHub web | `gh` |
+
+## Code Analysis
+
+- Line counts: `tokei`
+- AST search: `ast-grep` / `sg`
+- Benchmarks: `hyperfine`
+- Disk usage: `dust`
+
+## System Monitoring
+
+| Instead of | Use |
+|------------|-----|
+| `du -h` | `dust` |
+| `top`/`htop` | `btm` (bottom) |
+
+## Documentation
+
+| Instead of | Use |
+|------------|-----|
+| `man <cmd>` | `tldr <cmd>` |
+
+## Python
+
+| Instead of | Use |
+|------------|-----|
+| `pip` | `uv` |
+| `python -m venv` | `uv venv` |
+
+## Task Running
+
+Prefer `just` over Makefiles.
+
+## Web Fetching
+
+| Priority | Tool | When to Use |
+|----------|------|-------------|
+| 1 | `WebFetch` | First attempt - fast, built-in |
+| 2 | `r.jina.ai/URL` | JS-rendered pages, cleaner extraction |
+| 3 | `firecrawl <url>` | Anti-bot bypass, blocked sites |
+
+## AI CLI Tools
+
+For multi-model analysis (see /conclave command):
+
+| Tool | Model | Best For |
+|------|-------|----------|
+| `gemini` | Gemini 2.5 | 2M context, large codebases |
+| `claude` | Claude | Coding, analysis |
+| `codex` | OpenAI | Deep reasoning |
+| `perplexity` | Perplexity | Web search, current info |
+
+## Git Safety
+
+Destructive commands require confirmation (in "ask" list):
+
+| Command | Risk | Safe Alternative |
+|---------|------|------------------|
+| `git reset --hard` | Loses uncommitted changes | `git stash` first |
+| `git checkout -- <file>` | Discards file changes | `git stash` or `git diff` first |
+| `git clean -fd` | Deletes untracked files | `git clean -n` (dry run) first |
+| `git stash drop` | Permanently deletes stash | Check `git stash list` first |
+| `git push --force` | Overwrites remote history | `git push --force-with-lease` |
+| `git branch -D` | Deletes unmerged branch | `git branch -d` (safe delete) |
+
+**Before destructive operations:**
+1. Check status: `git status`
+2. Check for uncommitted changes: `git diff`
+3. Consider stashing: `git stash`
+4. Use dry-run flags when available
+
+Reference: https://github.com/0xDarkMatter/dev-shell-tools

.claude/settings.local.json

@@ -6,91 +6,71 @@
       "Bash(mkdir:*)",
       "Bash(cat:*)",
       "Bash(wc:*)",
+      "Bash(tree:*)",
+      "Bash(curl:*)",
+      "Bash(rg:*)",
+      "Bash(fd:*)",
+      "Bash(fzf:*)",
+      "Bash(z:*)",
+      "Bash(zoxide:*)",
+      "Bash(br:*)",
+      "Bash(broot:*)",
+      "Bash(ast-grep:*)",
+      "Bash(sg:*)",
+      "Bash(bat:*)",
+      "Bash(eza:*)",
+      "Bash(delta:*)",
+      "Bash(difft:*)",
       "Bash(jq:*)",
       "Bash(yq:*)",
+      "Bash(sd:*)",
+      "Bash(lazygit:*)",
+      "Bash(gh:*)",
+      "Bash(tokei:*)",
+      "Bash(uv:*)",
+      "Bash(just:*)",
+      "Bash(http:*)",
+      "Bash(procs:*)",
+      "Bash(hyperfine:*)",
+      "Bash(npm:*)",
+      "Bash(node:*)",
+      "Bash(python:*)",
+      "Bash(pip:*)",
       "Bash(powershell -Command:*)",
-      "Bash(nul)",
-      "Bash(.claude/.context-init.md)",
-      "Bash(for:*)",
-      "Bash(do:*)",
-      "Bash(echo:*)",
-      "Bash(done)",
-      "Bash(found=\"\")",
-      "Bash({ cat \"$f\")",
-      "Bash(found=\"$found $f\")",
-      "Bash(})",
-      "Bash([ -n \"$found\" ])",
-      "SlashCommand(/init)",
-      "Bash(find:*)",
-      "Bash(winget install:*)",
-      "Bash(winget search:*)",
-      "Bash(export PATH=\"$PATH:$HOME/AppData/Local/Microsoft/WinGet/Links\")",
-      "Bash(TLDR=\"/c/Users/Mack/AppData/Local/Microsoft/WinGet/Packages/dbrgn.tealdeer_Microsoft.Winget.Source_8wekyb3d8bbwe/tldr.exe\")",
-      "Bash($TLDR --update)",
-      "Bash($TLDR git-rebase)",
-      "Bash(fc https://httpbin.org/html)",
-      "Bash(where fc:*)",
+      "Bash(powershell.exe:*)",
+      "Bash(bash:*)",
+      "Bash(chmod:*)",
+      "Bash(xargs:*)",
+      "Bash(command -v:*)",
+      "Bash(brew:*)",
+      "Bash(tldr:*)",
+      "Bash(dust:*)",
+      "Bash(btm:*)",
+      "Bash(bottom:*)",
       "Bash(firecrawl:*)",
-      "Bash(\"C:/Users/Mack/AppData/Local/Microsoft/WinGet/Links/firecrawl.cmd\" https://httpbin.org/html)",
-      "Bash(pip3 list:*)",
-      "Bash(python3:*)",
-      "Bash(where:*)",
-      "Bash(\"C:\\Users\\Mack\\AppData\\Local\\Programs\\Python\\Python313\\python.exe\" -c \"import os; print(''FIRECRAWL_API_KEY is set:'', ''Yes'' if os.getenv(''FIRECRAWL_API_KEY'') else ''No'')\")",
-      "Bash(md5:*)",
-      "Bash(certutil:*)",
-      "Bash(certutil -hashfile:*)",
-      "Bash(grep:*)",
-      "Bash(xargs basename:*)",
-      "Bash(dir:*)",
-      "Bash(cut:*)",
-      "Bash(tr:*)",
-      "Bash(test:*)",
-      "Bash(gemini --version:*)",
       "Bash(gemini:*)",
+      "Bash(claude:*)",
       "Bash(codex:*)",
-      "Bash(printenv:*)",
-      "Bash(sed:*)",
       "Bash(perplexity:*)",
-      "Bash(findstr:*)",
-      "Bash(claude --version:*)",
-      "Bash(claude:*)",
-      "Bash(nc:*)",
-      "Bash(curl:*)",
-      "Bash(npm update:*)",
-      "Bash(xargs:*)",
-      "SlashCommand(/pulse:*)",
-      "Bash(gh api:*)",
-      "Bash(gh search:*)",
-      "WebFetch(domain:www.anthropic.com)",
-      "WebFetch(domain:simonwillison.net)",
-      "WebFetch(domain:blog.sshh.io)",
-      "WebFetch(domain:blog.gitbutler.com)",
-      "WebFetch(domain:github.com)",
-      "WebFetch(domain:nx.dev)",
-      "WebFetch(domain:every.to)",
-      "Bash(brew install:*)",
-      "WebFetch(domain:raw.githubusercontent.com)",
-      "WebFetch(domain:agentskills.io)",
-      "Bash(eza --tree:*)",
-      "Bash(chmod:*)",
-      "Bash(/Users/mack/projects/claude-mods/tests/skills/run-tests.sh:*)",
-      "Bash(/Users/mack/projects/claude-mods/tests/skills/validate-triggers.sh:*)",
-      "Bash(bash:*)",
-      "Bash(tests/skills/run-tests.sh)",
-      "Bash(command -v rg:*)",
-      "Bash(command -v:*)",
-      "Bash(tests/skills/run-tests.sh:*)",
-      "Skill(data-processing)",
-      "Skill(code-stats)",
-      "Bash(tokei:*)",
-      "Bash(difft:*)",
-      "Skill(structural-search)",
-      "Bash(sg:*)",
-      "Bash(fd:*)",
-      "Bash(sd:*)"
+      "Bash(md5:*)",
+      "Bash(test:*)",
+      "mcp__morph-mcp__edit_file"
     ],
     "deny": [],
-    "ask": []
+    "ask": [
+      "Bash(git reset --hard:*)",
+      "Bash(git checkout -- :*)",
+      "Bash(git clean -f:*)",
+      "Bash(git stash drop:*)",
+      "Bash(git stash clear:*)",
+      "Bash(git restore --worktree:*)",
+      "Bash(git push --force:*)",
+      "Bash(git push -f:*)",
+      "Bash(git push origin --force:*)",
+      "Bash(git push origin -f:*)",
+      "Bash(git branch -D:*)"
+    ]
   },
-  "hooks": {}
+  "hooks": {},
+  "outputStyle": "Vesper"
 }

agents/go-expert.md

@@ -0,0 +1,915 @@
+---
+name: go-expert
+description: Expert in Go development including concurrency patterns, error handling, testing, and idiomatic Go. Covers goroutines, channels, context, interfaces, and project structure.
+model: sonnet
+---
+
+# Go Expert Agent
+
+You are a Go expert specializing in idiomatic Go, concurrency patterns, error handling, and high-performance applications. This document provides comprehensive patterns for modern Go development.
+
+---
+
+## Part 1: Core Language
+
+### Types and Interfaces
+
+```go
+// Basic types
+var (
+    b    bool       = true
+    s    string     = "hello"
+    i    int        = 42
+    f    float64    = 3.14
+    r    rune       = 'A'     // alias for int32
+    by   byte       = 255     // alias for uint8
+)
+
+// Struct definition
+type User struct {
+    ID        int64     `json:"id"`
+    Name      string    `json:"name"`
+    Email     string    `json:"email,omitempty"`
+    CreatedAt time.Time `json:"created_at"`
+}
+
+// Methods
+func (u User) FullName() string {
+    return u.Name
+}
+
+func (u *User) SetEmail(email string) {
+    u.Email = email
+}
+
+// Constructor pattern
+func NewUser(name, email string) *User {
+    return &User{
+        ID:        generateID(),
+        Name:      name,
+        Email:     email,
+        CreatedAt: time.Now(),
+    }
+}
+```
+
+### Interfaces
+
+```go
+// Interface definition
+type Reader interface {
+    Read(p []byte) (n int, err error)
+}
+
+type Writer interface {
+    Write(p []byte) (n int, err error)
+}
+
+// Interface embedding
+type ReadWriter interface {
+    Reader
+    Writer
+}
+
+// Accept interfaces, return structs
+func ProcessData(r io.Reader) (*Result, error) {
+    data, err := io.ReadAll(r)
+    if err != nil {
+        return nil, fmt.Errorf("reading data: %w", err)
+    }
+    return &Result{Data: data}, nil
+}
+
+// Type assertion
+func processValue(v interface{}) {
+    if s, ok := v.(string); ok {
+        fmt.Println("String:", s)
+    }
+
+    // Type switch
+    switch x := v.(type) {
+    case string:
+        fmt.Println("String:", x)
+    case int:
+        fmt.Println("Int:", x)
+    default:
+        fmt.Printf("Unknown type: %T\n", x)
+    }
+}
+```
+
+### Slices and Maps
+
+```go
+// Slices
+nums := []int{1, 2, 3}
+nums = append(nums, 4, 5)
+
+// Make with capacity
+data := make([]byte, 0, 1024)
+
+// Slice operations
+copy(dst, src)
+slice := original[start:end]
+
+// Maps
+users := make(map[int64]*User)
+users[1] = &User{Name: "Alice"}
+
+// Check existence
+if user, ok := users[id]; ok {
+    // user exists
+}
+
+// Delete
+delete(users, id)
+
+// Iterate
+for key, value := range users {
+    fmt.Printf("%d: %v\n", key, value)
+}
+```
+
+---
+
+## Part 2: Error Handling
+
+### Error Patterns
+
+```go
+// Custom error type
+type ValidationError struct {
+    Field   string
+    Message string
+}
+
+func (e *ValidationError) Error() string {
+    return fmt.Sprintf("%s: %s", e.Field, e.Message)
+}
+
+// Sentinel errors
+var (
+    ErrNotFound     = errors.New("not found")
+    ErrUnauthorized = errors.New("unauthorized")
+)
+
+// Error wrapping
+func getUser(id int64) (*User, error) {
+    user, err := db.FindUser(id)
+    if err != nil {
+        return nil, fmt.Errorf("getting user %d: %w", id, err)
+    }
+    return user, nil
+}
+
+// Error checking
+if errors.Is(err, ErrNotFound) {
+    // Handle not found
+}
+
+var valErr *ValidationError
+if errors.As(err, &valErr) {
+    // Handle validation error
+}
+```
+
+### Error Best Practices
+
+```go
+// DON'T: Ignore errors
+result, _ := doSomething()
+
+// DO: Handle or propagate
+result, err := doSomething()
+if err != nil {
+    return fmt.Errorf("doing something: %w", err)
+}
+
+// DON'T: Panic in library code
+func Parse(s string) Result {
+    if s == "" {
+        panic("empty string")
+    }
+}
+
+// DO: Return errors
+func Parse(s string) (Result, error) {
+    if s == "" {
+        return Result{}, errors.New("empty string")
+    }
+}
+
+// DON'T: Log and return
+if err != nil {
+    log.Printf("error: %v", err)
+    return err  // Error logged twice!
+}
+
+// DO: Either log OR return
+if err != nil {
+    return fmt.Errorf("operation failed: %w", err)
+}
+```
+
+---
+
+## Part 3: Concurrency
+
+### Goroutines and Channels
+
+```go
+// Basic goroutine
+go func() {
+    doWork()
+}()
+
+// Channel basics
+ch := make(chan int)      // Unbuffered
+ch := make(chan int, 10)  // Buffered
+
+// Send and receive
+ch <- value   // Send
+value := <-ch // Receive
+
+// Close channel
+close(ch)
+
+// Range over channel
+for value := range ch {
+    process(value)
+}
+
+// Select
+select {
+case msg := <-ch1:
+    handle(msg)
+case ch2 <- value:
+    // Sent successfully
+case <-time.After(time.Second):
+    // Timeout
+default:
+    // Non-blocking
+}
+```
+
+### Worker Pool Pattern
+
+```go
+func workerPool(jobs <-chan Job, results chan<- Result, numWorkers int) {
+    var wg sync.WaitGroup
+
+    for i := 0; i < numWorkers; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+            for job := range jobs {
+                results <- process(job)
+            }
+        }()
+    }
+
+    wg.Wait()
+    close(results)
+}
+
+// Usage
+func main() {
+    jobs := make(chan Job, 100)
+    results := make(chan Result, 100)
+
+    go workerPool(jobs, results, 10)
+
+    // Send jobs
+    for _, job := range allJobs {
+        jobs <- job
+    }
+    close(jobs)
+
+    // Collect results
+    for result := range results {
+        handleResult(result)
+    }
+}
+```
+
+### Context for Cancellation
+
+```go
+func fetchData(ctx context.Context, url string) (*Data, error) {
+    req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+    if err != nil {
+        return nil, err
+    }
+
+    resp, err := http.DefaultClient.Do(req)
+    if err != nil {
+        return nil, err
+    }
+    defer resp.Body.Close()
+
+    // Check for cancellation
+    select {
+    case <-ctx.Done():
+        return nil, ctx.Err()
+    default:
+    }
+
+    var data Data
+    if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
+        return nil, err
+    }
+    return &data, nil
+}
+
+// Usage with timeout
+ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+defer cancel()
+
+data, err := fetchData(ctx, url)
+```
+
+### Synchronization
+
+```go
+// Mutex
+type SafeCounter struct {
+    mu    sync.Mutex
+    count int
+}
+
+func (c *SafeCounter) Inc() {
+    c.mu.Lock()
+    defer c.mu.Unlock()
+    c.count++
+}
+
+// RWMutex
+type Cache struct {
+    mu   sync.RWMutex
+    data map[string]interface{}
+}
+
+func (c *Cache) Get(key string) (interface{}, bool) {
+    c.mu.RLock()
+    defer c.mu.RUnlock()
+    val, ok := c.data[key]
+    return val, ok
+}
+
+func (c *Cache) Set(key string, value interface{}) {
+    c.mu.Lock()
+    defer c.mu.Unlock()
+    c.data[key] = value
+}
+
+// Once
+var once sync.Once
+var instance *Singleton
+
+func GetInstance() *Singleton {
+    once.Do(func() {
+        instance = &Singleton{}
+    })
+    return instance
+}
+
+// WaitGroup
+var wg sync.WaitGroup
+
+for _, item := range items {
+    wg.Add(1)
+    go func(item Item) {
+        defer wg.Done()
+        process(item)
+    }(item)
+}
+wg.Wait()
+```
+
+### errgroup for Concurrent Operations
+
+```go
+import "golang.org/x/sync/errgroup"
+
+func fetchAll(ctx context.Context, urls []string) ([]Result, error) {
+    g, ctx := errgroup.WithContext(ctx)
+    results := make([]Result, len(urls))
+
+    for i, url := range urls {
+        i, url := i, url  // Capture loop variables
+        g.Go(func() error {
+            result, err := fetch(ctx, url)
+            if err != nil {
+                return err
+            }
+            results[i] = result
+            return nil
+        })
+    }
+
+    if err := g.Wait(); err != nil {
+        return nil, err
+    }
+    return results, nil
+}
+```
+
+---
+
+## Part 4: Testing
+
+### Table-Driven Tests
+
+```go
+func TestAdd(t *testing.T) {
+    tests := []struct {
+        name     string
+        a, b     int
+        expected int
+    }{
+        {"positive", 2, 3, 5},
+        {"negative", -1, -2, -3},
+        {"zero", 0, 0, 0},
+        {"mixed", -1, 5, 4},
+    }
+
+    for _, tt := range tests {
+        t.Run(tt.name, func(t *testing.T) {
+            result := Add(tt.a, tt.b)
+            if result != tt.expected {
+                t.Errorf("Add(%d, %d) = %d; want %d",
+                    tt.a, tt.b, result, tt.expected)
+            }
+        })
+    }
+}
+```
+
+### Subtests and Parallel
+
+```go
+func TestUser(t *testing.T) {
+    t.Run("Create", func(t *testing.T) {
+        t.Parallel()
+        // Test creation
+    })
+
+    t.Run("Update", func(t *testing.T) {
+        t.Parallel()
+        // Test update
+    })
+}
+```
+
+### Test Helpers
+
+```go
+func TestDatabase(t *testing.T) {
+    db := setupTestDB(t)  // t.Cleanup registered inside
+
+    // Test using db
+}
+
+func setupTestDB(t *testing.T) *Database {
+    t.Helper()
+
+    db, err := NewDatabase(":memory:")
+    if err != nil {
+        t.Fatalf("setting up database: %v", err)
+    }
+
+    t.Cleanup(func() {
+        db.Close()
+    })
+
+    return db
+}
+```
+
+### Mocking with Interfaces
+
+```go
+// Interface
+type UserStore interface {
+    GetUser(id int64) (*User, error)
+    CreateUser(user *User) error
+}
+
+// Mock implementation
+type MockUserStore struct {
+    GetUserFunc    func(id int64) (*User, error)
+    CreateUserFunc func(user *User) error
+}
+
+func (m *MockUserStore) GetUser(id int64) (*User, error) {
+    return m.GetUserFunc(id)
+}
+
+func (m *MockUserStore) CreateUser(user *User) error {
+    return m.CreateUserFunc(user)
+}
+
+// Test
+func TestService(t *testing.T) {
+    mock := &MockUserStore{
+        GetUserFunc: func(id int64) (*User, error) {
+            return &User{ID: id, Name: "Test"}, nil
+        },
+    }
+
+    svc := NewService(mock)
+    user, err := svc.GetUser(1)
+
+    if err != nil {
+        t.Fatalf("unexpected error: %v", err)
+    }
+    if user.Name != "Test" {
+        t.Errorf("expected name 'Test', got %q", user.Name)
+    }
+}
+```
+
+### Benchmarks
+
+```go
+func BenchmarkProcess(b *testing.B) {
+    data := generateTestData()
+
+    b.ResetTimer()
+    for i := 0; i < b.N; i++ {
+        Process(data)
+    }
+}
+
+// With setup
+func BenchmarkProcessParallel(b *testing.B) {
+    data := generateTestData()
+
+    b.RunParallel(func(pb *testing.PB) {
+        for pb.Next() {
+            Process(data)
+        }
+    })
+}
+```
+
+---
+
+## Part 5: HTTP and JSON
+
+### HTTP Server
+
+```go
+func main() {
+    mux := http.NewServeMux()
+
+    mux.HandleFunc("GET /users/{id}", getUser)
+    mux.HandleFunc("POST /users", createUser)
+
+    server := &http.Server{
+        Addr:         ":8080",
+        Handler:      mux,
+        ReadTimeout:  5 * time.Second,
+        WriteTimeout: 10 * time.Second,
+        IdleTimeout:  120 * time.Second,
+    }
+
+    log.Fatal(server.ListenAndServe())
+}
+
+func getUser(w http.ResponseWriter, r *http.Request) {
+    id := r.PathValue("id")
+
+    user, err := userStore.GetUser(id)
+    if err != nil {
+        http.Error(w, "User not found", http.StatusNotFound)
+        return
+    }
+
+    w.Header().Set("Content-Type", "application/json")
+    json.NewEncoder(w).Encode(user)
+}
+```
+
+### HTTP Client
+
+```go
+func NewHTTPClient() *http.Client {
+    return &http.Client{
+        Timeout: 30 * time.Second,
+        Transport: &http.Transport{
+            MaxIdleConns:        100,
+            MaxIdleConnsPerHost: 10,
+            IdleConnTimeout:     90 * time.Second,
+        },
+    }
+}
+
+func fetchJSON(ctx context.Context, url string, result interface{}) error {
+    req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+    if err != nil {
+        return err
+    }
+
+    resp, err := httpClient.Do(req)
+    if err != nil {
+        return err
+    }
+    defer resp.Body.Close()
+
+    if resp.StatusCode != http.StatusOK {
+        return fmt.Errorf("unexpected status: %d", resp.StatusCode)
+    }
+
+    return json.NewDecoder(resp.Body).Decode(result)
+}
+```
+
+### JSON Handling
+
+```go
+type Response struct {
+    Data    interface{} `json:"data,omitempty"`
+    Error   string      `json:"error,omitempty"`
+    Message string      `json:"message,omitempty"`
+}
+
+func writeJSON(w http.ResponseWriter, status int, data interface{}) {
+    w.Header().Set("Content-Type", "application/json")
+    w.WriteHeader(status)
+    json.NewEncoder(w).Encode(data)
+}
+
+func readJSON(r *http.Request, dst interface{}) error {
+    dec := json.NewDecoder(r.Body)
+    dec.DisallowUnknownFields()
+
+    if err := dec.Decode(dst); err != nil {
+        return fmt.Errorf("decoding JSON: %w", err)
+    }
+    return nil
+}
+```
+
+---
+
+## Part 6: Project Structure
+
+### Standard Layout
+
+```
+myproject/
+├── cmd/
+│   └── server/
+│       └── main.go
+├── internal/
+│   ├── config/
+│   │   └── config.go
+│   ├── handler/
+│   │   └── user.go
+│   ├── service/
+│   │   └── user.go
+│   └── repository/
+│       └── user.go
+├── pkg/
+│   └── validator/
+│       └── validator.go
+├── api/
+│   └── openapi.yaml
+├── go.mod
+├── go.sum
+└── Makefile
+```
+
+### Main Entry Point
+
+```go
+// cmd/server/main.go
+package main
+
+import (
+    "context"
+    "log"
+    "net/http"
+    "os"
+    "os/signal"
+    "syscall"
+    "time"
+
+    "myproject/internal/config"
+    "myproject/internal/handler"
+)
+
+func main() {
+    cfg, err := config.Load()
+    if err != nil {
+        log.Fatalf("loading config: %v", err)
+    }
+
+    h := handler.New(cfg)
+    server := &http.Server{
+        Addr:    cfg.Addr,
+        Handler: h,
+    }
+
+    // Graceful shutdown
+    go func() {
+        sigCh := make(chan os.Signal, 1)
+        signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
+        <-sigCh
+
+        ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+        defer cancel()
+
+        if err := server.Shutdown(ctx); err != nil {
+            log.Printf("shutdown error: %v", err)
+        }
+    }()
+
+    log.Printf("starting server on %s", cfg.Addr)
+    if err := server.ListenAndServe(); err != http.ErrServerClosed {
+        log.Fatalf("server error: %v", err)
+    }
+}
+```
+
+---
+
+## Part 7: Common Patterns
+
+### Functional Options
+
+```go
+type Server struct {
+    addr    string
+    timeout time.Duration
+    logger  *log.Logger
+}
+
+type Option func(*Server)
+
+func WithAddr(addr string) Option {
+    return func(s *Server) {
+        s.addr = addr
+    }
+}
+
+func WithTimeout(d time.Duration) Option {
+    return func(s *Server) {
+        s.timeout = d
+    }
+}
+
+func WithLogger(l *log.Logger) Option {
+    return func(s *Server) {
+        s.logger = l
+    }
+}
+
+func NewServer(opts ...Option) *Server {
+    s := &Server{
+        addr:    ":8080",
+        timeout: 30 * time.Second,
+        logger:  log.Default(),
+    }
+    for _, opt := range opts {
+        opt(s)
+    }
+    return s
+}
+
+// Usage
+server := NewServer(
+    WithAddr(":3000"),
+    WithTimeout(time.Minute),
+)
+```
+
+### Builder Pattern
+
+```go
+type QueryBuilder struct {
+    table   string
+    columns []string
+    where   []string
+    limit   int
+}
+
+func NewQuery(table string) *QueryBuilder {
+    return &QueryBuilder{table: table}
+}
+
+func (q *QueryBuilder) Select(cols ...string) *QueryBuilder {
+    q.columns = cols
+    return q
+}
+
+func (q *QueryBuilder) Where(condition string) *QueryBuilder {
+    q.where = append(q.where, condition)
+    return q
+}
+
+func (q *QueryBuilder) Limit(n int) *QueryBuilder {
+    q.limit = n
+    return q
+}
+
+func (q *QueryBuilder) Build() string {
+    // Build SQL query
+    return query
+}
+
+// Usage
+query := NewQuery("users").
+    Select("id", "name", "email").
+    Where("active = true").
+    Limit(10).
+    Build()
+```
+
+---
+
+## Part 8: Performance
+
+### Profiling
+
+```go
+import (
+    "net/http"
+    _ "net/http/pprof"
+)
+
+func main() {
+    // Enable pprof endpoint
+    go func() {
+        log.Println(http.ListenAndServe("localhost:6060", nil))
+    }()
+
+    // Main application
+}
+```
+
+```bash
+# CPU profile
+go tool pprof http://localhost:6060/debug/pprof/profile?seconds=30
+
+# Memory profile
+go tool pprof http://localhost:6060/debug/pprof/heap
+
+# Goroutine profile
+go tool pprof http://localhost:6060/debug/pprof/goroutine
+```
+
+### Memory Optimization
+
+```go
+// Pre-allocate slices
+data := make([]Item, 0, expectedSize)
+
+// Use sync.Pool for frequent allocations
+var bufferPool = sync.Pool{
+    New: func() interface{} {
+        return new(bytes.Buffer)
+    },
+}
+
+func process() {
+    buf := bufferPool.Get().(*bytes.Buffer)
+    defer func() {
+        buf.Reset()
+        bufferPool.Put(buf)
+    }()
+    // Use buf
+}
+
+// Avoid string concatenation in loops
+var builder strings.Builder
+for _, s := range items {
+    builder.WriteString(s)
+}
+result := builder.String()
+```
+
+---
+
+## Quality Checklist
+
+- [ ] All errors handled or propagated with context
+- [ ] Context used for cancellation and timeouts
+- [ ] Goroutines properly synchronized
+- [ ] Resources cleaned up (defer, Close())
+- [ ] Interfaces used at boundaries
+- [ ] Table-driven tests for functions
+- [ ] Benchmarks for hot paths
+- [ ] No data races (go test -race)
+- [ ] go vet and staticcheck pass
+
+---
+
+## Canonical Resources
+
+- [Effective Go](https://go.dev/doc/effective_go)
+- [Go by Example](https://gobyexample.com/)
+- [Go Wiki](https://github.com/golang/go/wiki)
+- [pkg.go.dev](https://pkg.go.dev/)
+- [The Go Blog](https://go.dev/blog/)

agents/rust-expert.md

@@ -0,0 +1,894 @@
+---
+name: rust-expert
+description: Expert in Rust development including ownership, lifetimes, traits, async Rust, error handling, and systems programming. Covers tokio, serde, and common ecosystem patterns.
+model: sonnet
+---
+
+# Rust Expert Agent
+
+You are a Rust expert specializing in ownership, lifetimes, traits, async programming, and high-performance systems code. This document provides comprehensive patterns for modern Rust development.
+
+---
+
+## Part 1: Ownership and Borrowing
+
+### Ownership Rules
+
+```rust
+// 1. Each value has exactly one owner
+// 2. When owner goes out of scope, value is dropped
+// 3. Ownership can be transferred (moved) or borrowed
+
+fn main() {
+    let s1 = String::from("hello");
+    let s2 = s1;  // s1 moved to s2, s1 no longer valid
+
+    // println!("{}", s1);  // ERROR: value moved
+
+    let s3 = s2.clone();  // Deep copy, both valid
+    println!("{} {}", s2, s3);
+}
+```
+
+### Borrowing
+
+```rust
+fn main() {
+    let s = String::from("hello");
+
+    // Immutable borrow (multiple allowed)
+    let len = calculate_length(&s);
+    println!("Length of '{}' is {}", s, len);
+
+    // Mutable borrow (only one allowed)
+    let mut s = String::from("hello");
+    change(&mut s);
+}
+
+fn calculate_length(s: &str) -> usize {
+    s.len()
+}
+
+fn change(s: &mut String) {
+    s.push_str(", world");
+}
+```
+
+### Borrowing Rules
+
+```rust
+// 1. Multiple immutable borrows OR one mutable borrow
+// 2. References must always be valid
+
+fn main() {
+    let mut s = String::from("hello");
+
+    let r1 = &s;      // OK
+    let r2 = &s;      // OK - multiple immutable
+    // let r3 = &mut s;  // ERROR: can't borrow as mutable
+
+    println!("{} {}", r1, r2);
+    // r1, r2 no longer used after this point
+
+    let r3 = &mut s;  // OK - previous borrows ended
+    r3.push_str("!");
+}
+```
+
+---
+
+## Part 2: Lifetimes
+
+### Lifetime Annotations
+
+```rust
+// Lifetime tells compiler how long references are valid
+
+fn longest<'a>(x: &'a str, y: &'a str) -> &'a str {
+    if x.len() > y.len() { x } else { y }
+}
+
+// Multiple lifetimes
+fn first_word<'a, 'b>(s: &'a str, _other: &'b str) -> &'a str {
+    s.split_whitespace().next().unwrap_or("")
+}
+```
+
+### Struct Lifetimes
+
+```rust
+struct Excerpt<'a> {
+    part: &'a str,
+}
+
+impl<'a> Excerpt<'a> {
+    fn level(&self) -> i32 {
+        3
+    }
+
+    fn announce_and_return(&self, announcement: &str) -> &str {
+        println!("Attention: {}", announcement);
+        self.part
+    }
+}
+```
+
+### Lifetime Elision Rules
+
+```rust
+// These are equivalent due to elision rules:
+
+fn first_word(s: &str) -> &str { ... }
+fn first_word<'a>(s: &'a str) -> &'a str { ... }
+
+// Rules:
+// 1. Each reference parameter gets its own lifetime
+// 2. If one input lifetime, output gets same lifetime
+// 3. If &self or &mut self, output gets self's lifetime
+```
+
+### Static Lifetime
+
+```rust
+// 'static means reference lives for entire program
+let s: &'static str = "I have a static lifetime.";
+
+// Common in error types
+fn make_error() -> Box<dyn std::error::Error + 'static> {
+    Box::new(std::io::Error::new(std::io::ErrorKind::Other, "error"))
+}
+```
+
+---
+
+## Part 3: Traits and Generics
+
+### Defining Traits
+
+```rust
+pub trait Summary {
+    fn summarize(&self) -> String;
+
+    // Default implementation
+    fn summarize_author(&self) -> String {
+        String::from("(anonymous)")
+    }
+}
+
+pub struct Article {
+    pub headline: String,
+    pub content: String,
+}
+
+impl Summary for Article {
+    fn summarize(&self) -> String {
+        format!("{}", self.headline)
+    }
+}
+```
+
+### Trait Bounds
+
+```rust
+// Trait bound syntax
+fn notify<T: Summary>(item: &T) {
+    println!("Breaking news! {}", item.summarize());
+}
+
+// Multiple bounds
+fn notify<T: Summary + Display>(item: &T) { ... }
+
+// Where clause (cleaner for complex bounds)
+fn some_function<T, U>(t: &T, u: &U) -> i32
+where
+    T: Display + Clone,
+    U: Clone + Debug,
+{
+    // ...
+}
+
+// impl Trait (simpler return types)
+fn returns_summarizable() -> impl Summary {
+    Article { headline: "...", content: "..." }
+}
+```
+
+### Common Traits
+
+```rust
+// Clone - explicit duplication
+#[derive(Clone)]
+struct Point { x: i32, y: i32 }
+
+// Copy - implicit copy on assignment (requires Clone)
+#[derive(Clone, Copy)]
+struct Point { x: i32, y: i32 }
+
+// Debug - {:?} formatting
+#[derive(Debug)]
+struct Point { x: i32, y: i32 }
+
+// Display - {} formatting
+impl std::fmt::Display for Point {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "({}, {})", self.x, self.y)
+    }
+}
+
+// Default - default values
+#[derive(Default)]
+struct Config {
+    debug: bool,       // false
+    timeout: u64,      // 0
+    name: String,      // ""
+}
+
+// PartialEq, Eq - equality comparison
+#[derive(PartialEq, Eq)]
+struct Point { x: i32, y: i32 }
+
+// PartialOrd, Ord - ordering comparison
+#[derive(PartialOrd, Ord, PartialEq, Eq)]
+struct Point { x: i32, y: i32 }
+
+// Hash - for HashMap/HashSet keys
+#[derive(Hash, PartialEq, Eq)]
+struct Point { x: i32, y: i32 }
+```
+
+### From and Into
+
+```rust
+struct Wrapper(String);
+
+impl From<String> for Wrapper {
+    fn from(s: String) -> Self {
+        Wrapper(s)
+    }
+}
+
+impl From<&str> for Wrapper {
+    fn from(s: &str) -> Self {
+        Wrapper(s.to_string())
+    }
+}
+
+// Usage (Into comes free with From)
+let w: Wrapper = "hello".into();
+let w = Wrapper::from("hello");
+```
+
+---
+
+## Part 4: Error Handling
+
+### Result and Option
+
+```rust
+// Result<T, E> for recoverable errors
+fn read_file(path: &str) -> Result<String, std::io::Error> {
+    std::fs::read_to_string(path)
+}
+
+// Option<T> for optional values
+fn find_user(id: u64) -> Option<User> {
+    users.get(&id).cloned()
+}
+
+// ? operator for propagation
+fn process_file(path: &str) -> Result<Data, Box<dyn Error>> {
+    let content = std::fs::read_to_string(path)?;
+    let data: Data = serde_json::from_str(&content)?;
+    Ok(data)
+}
+```
+
+### Custom Errors with thiserror
+
+```rust
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum AppError {
+    #[error("Database error: {0}")]
+    Database(#[from] sqlx::Error),
+
+    #[error("IO error: {0}")]
+    Io(#[from] std::io::Error),
+
+    #[error("Not found: {0}")]
+    NotFound(String),
+
+    #[error("Validation error: {field} - {message}")]
+    Validation { field: String, message: String },
+}
+
+// Usage
+fn get_user(id: u64) -> Result<User, AppError> {
+    let user = db.find(id)
+        .ok_or_else(|| AppError::NotFound(format!("User {}", id)))?;
+    Ok(user)
+}
+```
+
+### Anyhow for Application Code
+
+```rust
+use anyhow::{Context, Result, bail, ensure};
+
+fn process() -> Result<()> {
+    let config = load_config()
+        .context("Failed to load configuration")?;
+
+    ensure!(config.valid, "Configuration is invalid");
+
+    if config.debug {
+        bail!("Debug mode not allowed in production");
+    }
+
+    Ok(())
+}
+
+// Anyhow is for applications
+// thiserror is for libraries
+```
+
+### Error Handling Patterns
+
+```rust
+// Match on specific errors
+match result {
+    Ok(value) => println!("{}", value),
+    Err(AppError::NotFound(msg)) => println!("Not found: {}", msg),
+    Err(e) => return Err(e),
+}
+
+// Convert Option to Result
+let user = find_user(id).ok_or(AppError::NotFound("user"))?;
+
+// Map errors
+let result = operation().map_err(AppError::from)?;
+
+// Combine Results
+let (a, b) = (get_a()?, get_b()?);
+
+// Collect Results
+let values: Result<Vec<_>, _> = items.iter().map(process).collect();
+```
+
+---
+
+## Part 5: Async Rust
+
+### Async/Await Basics
+
+```rust
+// Async function
+async fn fetch_url(url: &str) -> Result<String> {
+    let response = reqwest::get(url).await?;
+    let body = response.text().await?;
+    Ok(body)
+}
+
+// Running async code
+#[tokio::main]
+async fn main() {
+    let result = fetch_url("https://example.com").await;
+    println!("{:?}", result);
+}
+```
+
+### Tokio Runtime
+
+```rust
+use tokio::time::{sleep, Duration};
+
+#[tokio::main]
+async fn main() {
+    // Spawn concurrent tasks
+    let handle1 = tokio::spawn(async {
+        sleep(Duration::from_secs(1)).await;
+        "Task 1 done"
+    });
+
+    let handle2 = tokio::spawn(async {
+        sleep(Duration::from_secs(2)).await;
+        "Task 2 done"
+    });
+
+    // Wait for both
+    let (r1, r2) = tokio::join!(handle1, handle2);
+    println!("{:?} {:?}", r1, r2);
+}
+```
+
+### Select for Racing
+
+```rust
+use tokio::select;
+
+async fn race_operations() -> Result<Data> {
+    select! {
+        result = operation_a() => {
+            println!("A finished first");
+            result
+        }
+        result = operation_b() => {
+            println!("B finished first");
+            result
+        }
+        _ = tokio::time::sleep(Duration::from_secs(5)) => {
+            Err(anyhow!("Timeout"))
+        }
+    }
+}
+```
+
+### Channels
+
+```rust
+use tokio::sync::mpsc;
+
+#[tokio::main]
+async fn main() {
+    let (tx, mut rx) = mpsc::channel(100);
+
+    // Spawn sender
+    tokio::spawn(async move {
+        for i in 0..10 {
+            tx.send(i).await.unwrap();
+        }
+    });
+
+    // Receive
+    while let Some(value) = rx.recv().await {
+        println!("Received: {}", value);
+    }
+}
+```
+
+### Async Traits
+
+```rust
+use async_trait::async_trait;
+
+#[async_trait]
+pub trait DataStore {
+    async fn get(&self, key: &str) -> Option<String>;
+    async fn set(&self, key: &str, value: String) -> Result<()>;
+}
+
+#[async_trait]
+impl DataStore for RedisStore {
+    async fn get(&self, key: &str) -> Option<String> {
+        self.client.get(key).await.ok()
+    }
+
+    async fn set(&self, key: &str, value: String) -> Result<()> {
+        self.client.set(key, value).await?;
+        Ok(())
+    }
+}
+```
+
+---
+
+## Part 6: Serialization with Serde
+
+### Basic Serde
+
+```rust
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct User {
+    pub id: u64,
+    pub name: String,
+    #[serde(default)]
+    pub active: bool,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub email: Option<String>,
+}
+
+// JSON
+let json = serde_json::to_string(&user)?;
+let user: User = serde_json::from_str(&json)?;
+
+// TOML
+let toml = toml::to_string(&config)?;
+let config: Config = toml::from_str(&toml)?;
+```
+
+### Serde Attributes
+
+```rust
+#[derive(Serialize, Deserialize)]
+pub struct Config {
+    #[serde(rename = "serverPort")]
+    pub server_port: u16,
+
+    #[serde(default = "default_timeout")]
+    pub timeout: u64,
+
+    #[serde(skip)]
+    pub internal: InternalState,
+
+    #[serde(flatten)]
+    pub extra: HashMap<String, Value>,
+
+    #[serde(with = "chrono::serde::ts_seconds")]
+    pub timestamp: DateTime<Utc>,
+}
+
+fn default_timeout() -> u64 { 30 }
+```
+
+### Custom Serialization
+
+```rust
+use serde::{Serializer, Deserializer};
+
+#[derive(Debug)]
+pub struct Url(String);
+
+impl Serialize for Url {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        serializer.serialize_str(&self.0)
+    }
+}
+
+impl<'de> Deserialize<'de> for Url {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        let s = String::deserialize(deserializer)?;
+        if s.starts_with("http") {
+            Ok(Url(s))
+        } else {
+            Err(serde::de::Error::custom("Invalid URL"))
+        }
+    }
+}
+```
+
+---
+
+## Part 7: Collections and Iterators
+
+### Common Collections
+
+```rust
+use std::collections::{HashMap, HashSet, VecDeque, BTreeMap};
+
+// Vec
+let mut vec = vec![1, 2, 3];
+vec.push(4);
+vec.extend([5, 6, 7]);
+
+// HashMap
+let mut map = HashMap::new();
+map.insert("key", "value");
+map.entry("key").or_insert("default");
+
+// HashSet
+let mut set = HashSet::new();
+set.insert(1);
+set.contains(&1);
+
+// VecDeque (double-ended queue)
+let mut deque = VecDeque::new();
+deque.push_back(1);
+deque.push_front(0);
+```
+
+### Iterator Methods
+
+```rust
+let numbers = vec![1, 2, 3, 4, 5];
+
+// Map and collect
+let doubled: Vec<_> = numbers.iter().map(|x| x * 2).collect();
+
+// Filter
+let evens: Vec<_> = numbers.iter().filter(|x| *x % 2 == 0).collect();
+
+// Fold/reduce
+let sum: i32 = numbers.iter().sum();
+let product: i32 = numbers.iter().product();
+let custom = numbers.iter().fold(0, |acc, x| acc + x);
+
+// Find
+let first_even = numbers.iter().find(|x| *x % 2 == 0);
+
+// Any/All
+let has_even = numbers.iter().any(|x| x % 2 == 0);
+let all_positive = numbers.iter().all(|x| *x > 0);
+
+// Chain
+let combined: Vec<_> = vec1.iter().chain(vec2.iter()).collect();
+
+// Flatten
+let nested = vec![vec![1, 2], vec![3, 4]];
+let flat: Vec<_> = nested.into_iter().flatten().collect();
+
+// Zip
+let pairs: Vec<_> = names.iter().zip(ages.iter()).collect();
+
+// Enumerate
+for (i, item) in items.iter().enumerate() {
+    println!("{}: {}", i, item);
+}
+```
+
+### Custom Iterator
+
+```rust
+struct Counter {
+    count: usize,
+    max: usize,
+}
+
+impl Iterator for Counter {
+    type Item = usize;
+
+    fn next(&mut self) -> Option<Self::Item> {
+        if self.count < self.max {
+            self.count += 1;
+            Some(self.count)
+        } else {
+            None
+        }
+    }
+}
+
+impl Counter {
+    fn new(max: usize) -> Self {
+        Counter { count: 0, max }
+    }
+}
+```
+
+---
+
+## Part 8: Smart Pointers
+
+### Box, Rc, Arc
+
+```rust
+// Box - heap allocation, single owner
+let boxed = Box::new(5);
+let large_data = Box::new([0u8; 1_000_000]);
+
+// Rc - reference counting (single-threaded)
+use std::rc::Rc;
+let data = Rc::new(vec![1, 2, 3]);
+let clone1 = Rc::clone(&data);
+let clone2 = Rc::clone(&data);
+
+// Arc - atomic reference counting (thread-safe)
+use std::sync::Arc;
+let data = Arc::new(vec![1, 2, 3]);
+let clone = Arc::clone(&data);
+std::thread::spawn(move || {
+    println!("{:?}", clone);
+});
+```
+
+### RefCell and Mutex
+
+```rust
+// RefCell - interior mutability (single-threaded)
+use std::cell::RefCell;
+
+let data = RefCell::new(5);
+*data.borrow_mut() += 1;
+
+// Mutex - interior mutability (thread-safe)
+use std::sync::Mutex;
+
+let data = Arc::new(Mutex::new(vec![]));
+let clone = Arc::clone(&data);
+
+std::thread::spawn(move || {
+    let mut lock = clone.lock().unwrap();
+    lock.push(1);
+});
+
+// RwLock - multiple readers OR single writer
+use std::sync::RwLock;
+
+let data = RwLock::new(vec![1, 2, 3]);
+let read = data.read().unwrap();  // Multiple readers OK
+let mut write = data.write().unwrap();  // Exclusive write
+```
+
+### Cow (Clone on Write)
+
+```rust
+use std::borrow::Cow;
+
+fn process(input: &str) -> Cow<str> {
+    if input.contains(' ') {
+        Cow::Owned(input.replace(' ', "_"))
+    } else {
+        Cow::Borrowed(input)
+    }
+}
+
+// Avoids allocation when not needed
+let result = process("hello");  // Borrowed, no allocation
+let result = process("hello world");  // Owned, allocates
+```
+
+---
+
+## Part 9: Testing
+
+### Unit Tests
+
+```rust
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_add() {
+        assert_eq!(add(2, 3), 5);
+    }
+
+    #[test]
+    #[should_panic(expected = "division by zero")]
+    fn test_divide_by_zero() {
+        divide(1, 0);
+    }
+
+    #[test]
+    fn test_result() -> Result<(), String> {
+        let result = parse("42")?;
+        assert_eq!(result, 42);
+        Ok(())
+    }
+}
+```
+
+### Async Tests
+
+```rust
+#[tokio::test]
+async fn test_async_function() {
+    let result = fetch_data().await;
+    assert!(result.is_ok());
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_concurrent() {
+    // Uses multi-threaded runtime
+}
+```
+
+### Integration Tests
+
+```rust
+// tests/integration_test.rs
+use mylib::public_function;
+
+#[test]
+fn test_public_api() {
+    let result = public_function();
+    assert!(result.is_ok());
+}
+```
+
+### Doc Tests
+
+```rust
+/// Adds two numbers.
+///
+/// # Examples
+///
+/// ```
+/// use mylib::add;
+/// assert_eq!(add(2, 3), 5);
+/// ```
+pub fn add(a: i32, b: i32) -> i32 {
+    a + b
+}
+```
+
+---
+
+## Part 10: Project Structure
+
+### Cargo.toml
+
+```toml
+[package]
+name = "myapp"
+version = "0.1.0"
+edition = "2021"
+authors = ["Your Name <you@example.com>"]
+description = "My Application"
+license = "MIT"
+
+[dependencies]
+tokio = { version = "1", features = ["full"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+thiserror = "1"
+anyhow = "1"
+tracing = "0.1"
+tracing-subscriber = "0.3"
+
+[dev-dependencies]
+mockall = "0.11"
+tempfile = "3"
+
+[features]
+default = []
+full = ["feature-a", "feature-b"]
+feature-a = []
+feature-b = ["dep:optional-dep"]
+
+[profile.release]
+lto = true
+codegen-units = 1
+```
+
+### Module Structure
+
+```
+src/
+├── main.rs
+├── lib.rs
+├── config.rs
+├── error.rs
+├── models/
+│   ├── mod.rs
+│   └── user.rs
+├── services/
+│   ├── mod.rs
+│   └── user_service.rs
+└── handlers/
+    ├── mod.rs
+    └── user_handler.rs
+```
+
+```rust
+// src/lib.rs
+pub mod config;
+pub mod error;
+pub mod models;
+pub mod services;
+pub mod handlers;
+
+pub use error::Error;
+```
+
+---
+
+## Quality Checklist
+
+- [ ] No unnecessary clones (use references)
+- [ ] Proper error handling (Result, ?)
+- [ ] Thread safety verified (Arc, Mutex where needed)
+- [ ] Lifetimes explicit where required
+- [ ] Tests cover edge cases
+- [ ] clippy warnings resolved
+- [ ] cargo fmt applied
+- [ ] Documentation for public API
+- [ ] No unwrap() in library code
+
+---
+
+## Canonical Resources
+
+- [The Rust Book](https://doc.rust-lang.org/book/)
+- [Rust by Example](https://doc.rust-lang.org/rust-by-example/)
+- [Rustlings](https://github.com/rust-lang/rustlings)
+- [docs.rs](https://docs.rs/)
+- [Tokio Tutorial](https://tokio.rs/tokio/tutorial)
+- [Serde Documentation](https://serde.rs/)

commands/setperms.md

@@ -17,20 +17,26 @@ Initialize Claude Code with modern dev-shell-tools for a comfortable development
 Tools from [dev-shell-tools](https://github.com/0xDarkMatter/dev-shell-tools):
 
 **Core Tools:**
-- **Git**: Full git access, lazygit, gh (GitHub CLI)
-- **File ops**: ls, mkdir, cat, wc, tree, eza, bat
+- **Git**: Full git access, lazygit, gh (GitHub CLI), delta, difft
+- **File ops**: ls, mkdir, cat, wc, tree, eza, bat, chmod
 - **Search**: rg (ripgrep), fd, fzf, ast-grep/sg
 - **Navigation**: zoxide/z, broot/br
-- **Data processing**: jq, yq, sd
-- **Diff tools**: delta, difft (difftastic)
-- **Analysis**: tokei, procs, hyperfine
+- **Data processing**: jq, yq, sd, xargs
+- **Analysis**: tokei, procs, hyperfine, dust
 
 **Dev Tools:**
-- **Package managers**: npm, node, python, uv, pip
-- **Task runners**: just
-- **Network**: curl, http (httpie)
+- **Package managers**: npm, node, python, uv, pip, brew
+- **Task runners**: just, bash
+- **Network**: curl, http (httpie), firecrawl
+- **Documentation**: tldr
 - **Windows**: powershell
 
+**AI CLI Tools:**
+- **gemini**: Google Gemini CLI (2M context)
+- **claude**: Anthropic Claude CLI
+- **codex**: OpenAI Codex CLI
+- **perplexity**: Perplexity CLI (web search)
+
 ## Execution Flow
 
 ```
@@ -110,10 +116,36 @@ Write to `.claude/settings.local.json`:
       "Bash(python:*)",
       "Bash(pip:*)",
       "Bash(powershell -Command:*)",
-      "Bash(powershell.exe:*)"
+      "Bash(powershell.exe:*)",
+      "Bash(bash:*)",
+      "Bash(chmod:*)",
+      "Bash(xargs:*)",
+      "Bash(command -v:*)",
+      "Bash(brew:*)",
+      "Bash(tldr:*)",
+      "Bash(dust:*)",
+      "Bash(btm:*)",
+      "Bash(bottom:*)",
+      "Bash(firecrawl:*)",
+      "Bash(gemini:*)",
+      "Bash(claude:*)",
+      "Bash(codex:*)",
+      "Bash(perplexity:*)"
     ],
     "deny": [],
-    "ask": []
+    "ask": [
+      "Bash(git reset --hard:*)",
+      "Bash(git checkout -- :*)",
+      "Bash(git clean -f:*)",
+      "Bash(git stash drop:*)",
+      "Bash(git stash clear:*)",
+      "Bash(git restore --worktree:*)",
+      "Bash(git push --force:*)",
+      "Bash(git push -f:*)",
+      "Bash(git push origin --force:*)",
+      "Bash(git push origin -f:*)",
+      "Bash(git branch -D:*)"
+    ]
   },
   "hooks": {}
 }
@@ -160,6 +192,20 @@ ALWAYS prefer modern CLI tools over traditional alternatives.
 - Line counts: `tokei`
 - AST search: `ast-grep` / `sg`
 - Benchmarks: `hyperfine`
+- Disk usage: `dust`
+
+## System Monitoring
+
+| Instead of | Use |
+|------------|-----|
+| `du -h` | `dust` |
+| `top`/`htop` | `btm` (bottom) |
+
+## Documentation
+
+| Instead of | Use |
+|------------|-----|
+| `man <cmd>` | `tldr <cmd>` |
 
 ## Python
 
@@ -172,6 +218,44 @@ ALWAYS prefer modern CLI tools over traditional alternatives.
 
 Prefer `just` over Makefiles.
 
+## Web Fetching
+
+| Priority | Tool | When to Use |
+|----------|------|-------------|
+| 1 | `WebFetch` | First attempt - fast, built-in |
+| 2 | `r.jina.ai/URL` | JS-rendered pages, cleaner extraction |
+| 3 | `firecrawl <url>` | Anti-bot bypass, blocked sites |
+
+## AI CLI Tools
+
+For multi-model analysis (see /conclave command):
+
+| Tool | Model | Best For |
+|------|-------|----------|
+| `gemini` | Gemini 2.5 | 2M context, large codebases |
+| `claude` | Claude | Coding, analysis |
+| `codex` | OpenAI | Deep reasoning |
+| `perplexity` | Perplexity | Web search, current info |
+
+## Git Safety
+
+Destructive commands require confirmation (in "ask" list):
+
+| Command | Risk | Safe Alternative |
+|---------|------|------------------|
+| `git reset --hard` | Loses uncommitted changes | `git stash` first |
+| `git checkout -- <file>` | Discards file changes | `git stash` or `git diff` first |
+| `git clean -fd` | Deletes untracked files | `git clean -n` (dry run) first |
+| `git stash drop` | Permanently deletes stash | Check `git stash list` first |
+| `git push --force` | Overwrites remote history | `git push --force-with-lease` |
+| `git branch -D` | Deletes unmerged branch | `git branch -d` (safe delete) |
+
+**Before destructive operations:**
+1. Check status: `git status`
+2. Check for uncommitted changes: `git diff`
+3. Consider stashing: `git stash`
+4. Use dry-run flags when available
+
 Reference: https://github.com/0xDarkMatter/dev-shell-tools
 ```
 
@@ -182,12 +266,14 @@ Report to user:
 Initialized Claude Code with dev-shell-tools:
 
 Created:
-  .claude/settings.local.json  (37 tool permissions)
+  .claude/settings.local.json  (51 tool permissions, 11 guardrails)
   .claude/rules/cli-tools.md   (modern tool preferences)
 
 Claude will now:
   - Auto-approve dev-shell-tools commands
   - Prefer fd over find, rg over grep, bat over cat, etc.
+  - Use AI CLIs for multi-model analysis
+  - Ask before destructive git commands (reset --hard, push --force, etc.)
 
 To customize: edit files in .claude/
 To add to git: git add .claude/
@@ -202,6 +288,7 @@ To add to git: git add .claude/
 | `--rules-only` | Only install rules, skip permissions |
 | `--minimal` | Minimal permissions (git, ls, cat, mkdir only) |
 | `--full` | Add cloud/container tools (docker, kubectl, terraform, etc.) |
+| `--no-guardrails` | Skip git safety guardrails (empty "ask" list) |
 
 ### Full Template (--full)
 
@@ -209,13 +296,17 @@ Adds to permissions:
 ```json
 "Bash(docker:*)",
 "Bash(docker-compose:*)",
+"Bash(podman:*)",
 "Bash(kubectl:*)",
 "Bash(helm:*)",
 "Bash(terraform:*)",
+"Bash(pulumi:*)",
 "Bash(aws:*)",
 "Bash(gcloud:*)",
 "Bash(az:*)",
-"Bash(wrangler:*)"
+"Bash(wrangler:*)",
+"Bash(flyctl:*)",
+"Bash(railway:*)"
 ```
 
 ## Notes
@@ -223,5 +314,5 @@ Adds to permissions:
 - Permissions are project-local (don't affect other projects)
 - Rules instruct Claude to prefer modern tools
 - Global settings in `~/.claude/` still apply
-- Restart Claude Code session for changes to take effect
+- Changes take effect on next tool use (no restart needed)
 - Tools from: https://github.com/0xDarkMatter/dev-shell-tools