deps(deps-dev): bump @vitejs/plugin-react from 4.7.0 to 6.0.1

.cargo/config.toml

@@ -0,0 +1,2 @@
+[build]
+target-dir = "target"

.cursor/rules/antipatterns.mdc

@@ -0,0 +1,20 @@
+---
+description: Common LoopForge mistakes to avoid during edits
+alwaysApply: false
+---
+
+# LoopForge Antipatterns
+
+Avoid these mistakes:
+
+- Editing plan or story data only in Zustand without persisting to artifact files
+- Saving empty wizard snapshots like `"{}"` instead of full draft state
+- Passing partial configure inputs that never reach `build_ralph_config`
+- Leaving process cleanup stubs without child termination and flush behavior
+- Creating oversized mixed concern modules instead of splitting commands, services, and storage
+
+Preferred patterns:
+
+- Persist `plan.md`, `prd.json`, `config.json`, and `draft.json` through backend commands
+- Keep command handlers thin and move logic into services
+- Validate artifact reads and writes with tests when changing flow contracts

.cursor/rules/frozen-modules.mdc

@@ -0,0 +1,16 @@
+---
+description: Apply when a task touches frozen or unconnected modules
+alwaysApply: false
+---
+
+# Frozen Modules
+
+Do not modify, extend, or wire these modules into new code unless the task explicitly includes a planned vertical slice for them.
+
+- `connections.rs` and `Connections.tsx`
+- `plugin_registry.rs` and `Plugins.tsx`
+- `scm_watcher.rs`
+- `ephemeral_query.rs` and `EphemeralOverlay.tsx`
+- `summary_generator.rs`
+
+If work must touch one of these files, pause and confirm the intended slice boundary before coding.

.cursor/rules/react.mdc

@@ -8,12 +8,13 @@ globs: "src/**/*.{ts,tsx}"
 ## Components
 - Functional components with named exports
 - PascalCase for component names and files
-- Props as inline type parameters, not separate interface files
+- Keep components focused and extract early before large mixed concern files form
 
 ## State
 - Zustand stores in `src/stores/`
 - One store per domain: projectStore, agentStore, loopStore, wizardStore
 - Use selectors to minimize re-renders
+- Never treat Zustand as source of truth for `plan.md`, `prd.json`, `config.json`, or `draft.json`
 
 ## Styling
 - Tailwind CSS 4 utility classes exclusively
@@ -32,3 +33,14 @@ globs: "src/**/*.{ts,tsx}"
 - Bindings in `src/lib/tauri.ts`
 - Use `@tauri-apps/api/core` for invoke
 - Use `@tauri-apps/api/event` for listen
+- Persist user edits through backend commands before advancing workflow stages
+
+## Data Contracts
+- Plan step edits must land in `plan.md`
+- Atomize edits must land in `prd.json`
+- Configure edits must land in `config.json`
+- Wizard resume data must land in `draft.json`
+
+## Testing Expectations
+- Run `bun run typecheck` after TypeScript edits
+- For flow changes, verify frontend action reaches backend command and artifact update

.cursor/rules/rust.mdc

@@ -10,6 +10,7 @@ globs: "**/*.rs"
 - `anyhow::Result` acceptable at application boundary (src-tauri commands)
 - Never `unwrap()` in `crates/ralph-core/`; acceptable in tests
 - Use `?` propagation, not `match` chains for simple forwarding
+- Keep command errors serializable for IPC boundaries
 
 ## Async
 - Runtime: tokio (multi-thread)
@@ -21,10 +22,16 @@ globs: "**/*.rs"
 - New optional fields use `#[serde(default)]`
 - JSON output: `serde_json` with `to_string_pretty` for artifact files
 
+## Persistence Contracts
+- Keep metadata in SQLite through `rusqlite` and managed `DbState`
+- Keep project workflow artifacts on filesystem under project directories
+- Do not use `tauri-plugin-sql` for project persistence
+
 ## Testing
 - Unit tests in same file (`#[cfg(test)]` module)
 - Integration tests in `tests/` directory
 - `#[tokio::test]` for async tests
+- For flow changes, test storage, service, and command layers together where possible
 
 ## Dependencies (ralph-core)
 - serde, serde_json, tokio, anyhow, thiserror, regex, chrono

.cursor/rules/tauri.mdc

@@ -9,12 +9,12 @@ globs: "src-tauri/**/*.rs"
 - Define in `src-tauri/src/commands/` module
 - Use `#[tauri::command]` macro
 - Return `Result<T, String>` for IPC error serialization
-- Group by domain: project_commands.rs, agent_commands.rs, loop_commands.rs
+- Keep command handlers thin and delegate logic to services
 
 ## Events
 - Emit from backend: `app_handle.emit("event-name", payload)`
 - Listen in frontend: `listen("event-name", callback)`
-- Event names: kebab-case (plan-activity, agent-output-stream, iteration-started)
+- Event names: kebab-case (`plan-activity`, `agent-output-stream`, `iteration-started`)
 
 ## State Management
 - Use `tauri::State<Mutex<T>>` or `tauri::State<Arc<RwLock<T>>>`
@@ -28,15 +28,18 @@ globs: "src-tauri/**/*.rs"
 - Track PIDs for graceful termination (SIGTERM, then SIGKILL after timeout)
 
 ## SQLite
-- Use `tauri-plugin-sql` with migrations defined in Rust
-- Migrations registered via `tauri_plugin_sql::Builder::default().add_migrations()`
-- Database at `sqlite:loopforge.db` (resolves to AppConfig directory)
-- Frontend queries via `@tauri-apps/plugin-sql` (`Database.load()`, `db.select()`, `db.execute()`)
-- Permissions in `capabilities/default.json`: `sql:default`, `sql:allow-execute`, `sql:allow-select`
+- Use `rusqlite` directly via `DbState`
+- Do not use `tauri-plugin-sql` or `@tauri-apps/plugin-sql`
+- Keep SQLite access in backend services and expose data through Tauri commands
+- Store metadata in SQLite and keep artifact files on filesystem per project directory
 
 ## Shell (Agent CLI)
 - Use `tauri-plugin-shell` for spawning agent CLIs
 - `ShellExt` trait: `app.shell().command("claude").args([...]).spawn()`
 - Returns `(Receiver<CommandEvent>, Child)` for async streaming
 - `child.write(bytes)` for stdin piping
 - Permissions in `capabilities/default.json`: `shell:default`
+
+## Vertical Slice Reminder
+- Add features in this order: storage, model, service, command, event, IPC binding, UI, test
+- Do not ship scaffolding steps without wiring the end to end path

.cursor/rules/templates.mdc

@@ -0,0 +1,15 @@
+---
+description: MiniJinja template editing conventions
+globs: "src-tauri/templates/**/*.j2"
+alwaysApply: false
+---
+
+# MiniJinja Template Rules
+
+- Keep templates deterministic and data driven
+- Prefer explicit variable names that match Rust struct fields
+- Avoid hidden control flow and nested branching when simple conditional blocks work
+- Keep prompt and output sections easy to diff across iterations
+- Preserve whitespace behavior expected by downstream parsers
+
+When template fields change, update the corresponding Rust serializer or model and verify the full atomizer pipeline.

.cursor/rules/vertical-slice.mdc

@@ -0,0 +1,19 @@
+---
+description: Apply when adding new features or extending IPC flows
+alwaysApply: false
+---
+
+# Vertical Slice Workflow
+
+Implement feature changes in this exact order:
+
+1. Storage schema or artifact contract
+2. Rust models with serde support
+3. Service logic in backend
+4. Tauri command wrapper
+5. Event and stream wiring if needed
+6. Frontend IPC binding in `src/lib/tauri.ts`
+7. UI integration
+8. Tests proving end to end behavior
+
+Do not ship partial scaffolding. Each step depends on the previous step being wired and verified.

.editorconfig

@@ -0,0 +1,22 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+charset = utf-8
+
+[*.{ts,tsx,js,json,css,html}]
+indent_style = space
+indent_size = 2
+
+[*.rs]
+indent_style = space
+indent_size = 4
+
+[*.toml]
+indent_style = space
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false

.github/CODEOWNERS

@@ -0,0 +1,11 @@
+* @taberoajorge
+
+/.github/                @taberoajorge
+/src-tauri/              @taberoajorge
+/crates/                 @taberoajorge
+/src/                    @taberoajorge
+
+SECURITY.md              @taberoajorge
+LICENSE                  @taberoajorge
+README.md                @taberoajorge
+CONTRIBUTING.md          @taberoajorge

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,96 @@
+name: Bug report
+description: Report a reproducible defect in LoopForge
+labels:
+  - bug
+  - triage
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to report a defect. Please fill every section so the maintainers can reproduce the issue fast.
+
+  - type: checkboxes
+    id: preflight
+    attributes:
+      label: Preflight checks
+      options:
+        - label: I searched existing issues and did not find a duplicate.
+          required: true
+        - label: I am running the latest release or a recent `main` build.
+          required: true
+        - label: I reviewed the troubleshooting section of the README.
+          required: true
+
+  - type: input
+    id: loopforge_version
+    attributes:
+      label: LoopForge version
+      description: Output of the `About` dialog or the release tag you are running.
+      placeholder: "v0.1.0"
+    validations:
+      required: true
+
+  - type: dropdown
+    id: platform
+    attributes:
+      label: Operating system
+      options:
+        - macOS
+        - Linux
+        - Windows
+        - Other
+    validations:
+      required: true
+
+  - type: input
+    id: os_version
+    attributes:
+      label: Operating system version
+      placeholder: "macOS 15.2, Ubuntu 22.04, Windows 11 23H2"
+    validations:
+      required: true
+
+  - type: input
+    id: agent_cli
+    attributes:
+      label: Agent CLI and version
+      placeholder: "claude-code 1.2.3, codex 0.4.0, cursor-agent 0.9.1"
+    validations:
+      required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary of the defect
+      description: What did you expect to happen and what actually happened.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Reproduction steps
+      description: Minimal steps that reliably reproduce the defect.
+      placeholder: |
+        1. Open LoopForge
+        2. Start the wizard and load `plan.md`
+        3. Launch the loop and observe the failure
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant logs
+      description: Paste the contents of `.loopforge/activity.log` and `.loopforge/error.log` from the project directory.
+      render: shell
+    validations:
+      required: false
+
+  - type: textarea
+    id: extra
+    attributes:
+      label: Additional context
+      description: Screenshots, configuration snippets, or anything else that helps.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability
+    url: https://github.com/taberoajorge/loopforge/security/advisories/new
+    about: Report a security vulnerability through a private advisory, never in a public issue.
+  - name: Question or discussion
+    url: https://github.com/taberoajorge/loopforge/discussions
+    about: Ask questions or share ideas in Discussions once they are enabled.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,52 @@
+name: Feature request
+description: Propose a new capability or an enhancement for LoopForge
+labels:
+  - enhancement
+  - triage
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for suggesting an improvement. Please describe the outcome first, then the implementation ideas.
+
+  - type: checkboxes
+    id: preflight
+    attributes:
+      label: Preflight checks
+      options:
+        - label: I searched existing issues and discussions and did not find a duplicate proposal.
+          required: true
+        - label: The feature aligns with the scope described in the README.
+          required: true
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem statement
+      description: What situation or pain point motivates the request.
+    validations:
+      required: true
+
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposal
+      description: A short description of the desired behaviour or workflow.
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Any other approaches you weighed and why they fall short.
+    validations:
+      required: false
+
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional context
+      description: Mockups, command examples, related prior art.
+    validations:
+      required: false