centralize guides and rails under mosaic with runtime compatibility links

templates/agent/projects/nestjs-nextjs/AGENTS.md.template

@@ -0,0 +1,91 @@
+# ${PROJECT_NAME} — Agent Context
+
+> Guidelines for AI agents working on this NestJS + Next.js monorepo.
+> **Update this file** when you discover reusable patterns or non-obvious requirements.
+
+## Codebase Patterns
+
+- **Monorepo structure:** pnpm workspaces + TurboRepo
+  - `apps/api/` — NestJS backend
+  - `apps/web/` — Next.js frontend
+  - `packages/shared/` — Shared types and utilities
+- **Database:** Prisma ORM — schema at `apps/api/prisma/schema.prisma`
+- **Auth:** Configured in `apps/api/src/auth/`
+- **API:** RESTful with DTOs for validation
+
+## Common Gotchas
+
+- **Always run `pnpm install`** after pulling — lockfile changes frequently
+- **Prisma generate** after schema changes: `pnpm --filter api prisma generate`
+- **Environment variables:** Frontend vars need `NEXT_PUBLIC_` prefix
+- **Import paths:** Use `@shared/` alias for shared package imports
+- **Tests require running database:** Set `DATABASE_URL` in `.env.test`
+- **TurboRepo caching:** Run `pnpm clean` if builds behave unexpectedly
+
+## Context Management
+
+Context = tokens = cost. Be smart.
+
+| Strategy | When |
+|----------|------|
+| **Spawn sub-agents** | Isolated coding tasks, research |
+| **Batch operations** | Group related API calls |
+| **Check existing patterns** | Before writing new code |
+| **Minimize re-reading** | Don't re-read files you just wrote |
+
+## Quality Gates
+
+**All must pass before any commit:**
+
+```bash
+pnpm typecheck && pnpm lint && pnpm test
+```
+
+## Orchestrator Integration
+
+### Task Prefix
+Use `${TASK_PREFIX}` for orchestrated tasks (e.g., `${TASK_PREFIX}-SEC-001`).
+
+### Worker Checklist
+1. Read the finding details from the report
+2. Implement the fix following existing patterns
+3. Run quality gates (ALL must pass)
+4. Commit: `git commit -m "fix({finding_id}): brief description"`
+5. Push: `git push origin {branch}`
+6. Report result as JSON
+
+### Post-Coding Review
+After implementing changes, the orchestrator will run:
+1. **Codex code review** — `~/.mosaic/rails/codex/codex-code-review.sh --uncommitted`
+2. **Codex security review** — `~/.mosaic/rails/codex/codex-security-review.sh --uncommitted`
+3. If blockers/critical findings: remediation task created
+4. If clean: task marked done
+
+## Workflow (Non-Negotiable)
+
+```
+1. Branch    → git checkout -b feature/XX-description
+2. Code      → TDD: write test (RED), implement (GREEN), refactor
+3. Test      → pnpm test (must pass)
+4. Push      → git push origin feature/XX-description
+5. PR        → Create PR to develop (not main)
+6. Review    → Wait for approval or self-merge if authorized
+7. Close     → Close related issues
+```
+
+**Never merge directly to develop without a PR.**
+
+## Key Files
+
+| File | Purpose |
+|------|---------|
+| `CLAUDE.md` | Project overview and conventions |
+| `apps/api/prisma/schema.prisma` | Database schema |
+| `apps/api/src/` | Backend source |
+| `apps/web/app/` | Frontend pages |
+| `packages/shared/` | Shared types |
+| `.env.example` | Required environment variables |
+
+---
+
+_Model-agnostic. Works for Claude, Codex, GPT, Llama, etc._

templates/agent/projects/nestjs-nextjs/CLAUDE.md.template

@@ -0,0 +1,200 @@
+# ${PROJECT_NAME} — Claude Code Instructions
+
+> **${PROJECT_DESCRIPTION}**
+
+## Conditional Documentation Loading
+
+| When working on... | Load this guide |
+|---|---|
+| Bootstrapping this project | `~/.mosaic/guides/bootstrap.md` |
+| Orchestrating autonomous tasks | `~/.mosaic/guides/orchestrator.md` |
+| Frontend development | `~/.mosaic/guides/frontend.md` |
+| Backend/API development | `~/.mosaic/guides/backend.md` |
+| Code review | `~/.mosaic/guides/code-review.md` |
+| TypeScript strict typing | `~/.mosaic/guides/typescript.md` |
+| Authentication/Authorization | `~/.mosaic/guides/authentication.md` |
+| QA/Testing | `~/.mosaic/guides/qa-testing.md` |
+
+## Technology Stack
+
+| Layer | Technology |
+|-------|------------|
+| **Frontend** | Next.js + React + TailwindCSS + Shadcn/ui |
+| **Backend** | NestJS + Prisma ORM |
+| **Database** | PostgreSQL |
+| **Testing** | Vitest + Playwright |
+| **Monorepo** | pnpm workspaces + TurboRepo |
+| **Deployment** | Docker + docker-compose |
+
+## Repository Structure
+
+```
+${PROJECT_DIR}/
+├── CLAUDE.md              # This file
+├── AGENTS.md              # Agent-specific patterns and gotchas
+├── apps/
+│   ├── api/               # NestJS backend
+│   │   ├── src/
+│   │   ├── prisma/
+│   │   │   └── schema.prisma
+│   │   └── Dockerfile
+│   └── web/               # Next.js frontend
+│       ├── app/
+│       ├── components/
+│       └── Dockerfile
+├── packages/
+│   ├── shared/            # Shared types, utilities
+│   ├── ui/                # Shared UI components
+│   └── config/            # Shared configuration
+├── docs/
+│   ├── scratchpads/       # Per-issue working documents
+│   └── templates/         # Project templates
+├── tests/                 # Integration/E2E tests
+├── docker/                # Docker configuration
+├── .env.example
+├── turbo.json
+├── pnpm-workspace.yaml
+└── README.md
+```
+
+## Development Workflow
+
+### Branch Strategy
+- `main` — Stable releases only
+- `develop` — Active development (default working branch)
+- `feature/*` — Feature branches from develop
+- `fix/*` — Bug fix branches
+
+### Starting Work
+```bash
+git checkout develop
+git pull --rebase
+pnpm install
+```
+
+### Building
+```bash
+pnpm build                    # Build all packages
+pnpm --filter api build       # Build API only
+pnpm --filter web build       # Build web only
+```
+
+### Testing
+```bash
+pnpm test                     # Run all tests
+pnpm test:unit                # Unit tests (Vitest)
+pnpm test:e2e                 # E2E tests (Playwright)
+pnpm test:coverage            # Coverage report
+```
+
+### Linting & Type Checking
+```bash
+pnpm lint                     # ESLint
+pnpm typecheck                # TypeScript type checking
+pnpm format                   # Prettier formatting
+```
+
+## Quality Gates
+
+**All must pass before committing:**
+
+```bash
+pnpm typecheck && pnpm lint && pnpm test
+```
+
+## API Conventions
+
+### NestJS Patterns
+- Controllers handle HTTP, Services handle business logic
+- Use DTOs with `class-validator` for request validation
+- Use Guards for authentication/authorization
+- Use Interceptors for response transformation
+- Use Prisma for database access (no raw SQL)
+
+### REST API Standards
+- `GET /resource` — List (with pagination)
+- `GET /resource/:id` — Get single
+- `POST /resource` — Create
+- `PATCH /resource/:id` — Update
+- `DELETE /resource/:id` — Delete
+- Return proper HTTP status codes (201 Created, 204 No Content, etc.)
+
+## Frontend Conventions
+
+### Next.js Patterns
+- Use App Router (`app/` directory)
+- Server Components by default, `'use client'` only when needed
+- Use Shadcn/ui components — don't create custom UI primitives
+- Use TailwindCSS for styling — no CSS modules or styled-components
+
+### Component Structure
+```
+components/
+├── ui/          # Shadcn/ui components (auto-generated)
+├── layout/      # Layout components (header, sidebar, etc.)
+├── forms/       # Form components
+└── features/    # Feature-specific components
+```
+
+## Database
+
+### Prisma Workflow
+```bash
+# Generate client after schema changes
+pnpm --filter api prisma generate
+
+# Create migration
+pnpm --filter api prisma migrate dev --name description
+
+# Apply migrations
+pnpm --filter api prisma migrate deploy
+
+# Reset database (dev only)
+pnpm --filter api prisma migrate reset
+```
+
+### Rules
+- Always create migrations for schema changes
+- Include migrations in commits
+- Never use raw SQL — use Prisma client
+- Use transactions for multi-table operations
+
+## Code Review
+
+### Independent Review (Automated)
+After completing code changes, run independent reviews:
+
+```bash
+# Code quality review (Codex)
+~/.mosaic/rails/codex/codex-code-review.sh --uncommitted
+
+# Security review (Codex)
+~/.mosaic/rails/codex/codex-security-review.sh --uncommitted
+```
+
+## Issue Tracking
+
+### Workflow
+1. Check for assigned issues before starting work
+2. Create scratchpad: `docs/scratchpads/{issue-number}-{short-name}.md`
+3. Reference issues in commits: `Fixes #123` or `Refs #123`
+4. Close issues after successful testing
+
+### Commits
+```
+<type>(#issue): Brief description
+
+Fixes #123
+```
+Types: `feat`, `fix`, `docs`, `test`, `refactor`, `chore`
+
+## Secrets Management
+
+**NEVER hardcode secrets.**
+
+```bash
+# .env.example is committed (with placeholders)
+# .env is NOT committed (contains real values)
+```
+
+Required environment variables are documented in `.env.example`.