Improve quickstart commands with two-pass workflow

Split quickstart into separate repo-policy and code-style passes, clone
prompts repo once instead of per-command, and make each prompt
self-contained so agents don't need memory of prior runs.

.golangci.yml

@@ -0,0 +1,32 @@
+version: "2"
+
+run:
+  timeout: 5m
+  modules-download-mode: readonly
+
+linters:
+  default: all
+  disable:
+    # Genuinely incompatible with project patterns
+    - exhaustruct      # Requires all struct fields
+    - depguard         # Dependency allow/block lists
+    - godot            # Requires comments to end with periods
+    - wsl              # Deprecated, replaced by wsl_v5
+    - wrapcheck        # Too verbose for internal packages
+    - varnamelen       # Short names like db, id are idiomatic Go
+
+linters-settings:
+  lll:
+    line-length: 88
+  funlen:
+    lines: 80
+    statements: 50
+  cyclop:
+    max-complexity: 15
+  dupl:
+    threshold: 100
+
+issues:
+  exclude-use-default: false
+  max-issues-per-linter: 0
+  max-same-issues: 0

Makefile

@@ -1,5 +1,7 @@
 .PHONY: test lint fmt fmt-check check docker hooks
 
+# flags are repeated here (also in .prettierrc) so this Makefile works
+# standalone when copied as a template
 PRETTIER := yarn run prettier
 
 test:

README.md

@@ -6,16 +6,90 @@ useful prompts for working with large language models.
 
 ## Quick Start
 
-Bring an existing repo up to standards (run from within the repo):
+### Existing Repo
+
+Run from within the repo you want to bring up to standards. Clone the prompts
+repo once, then run both commands in order.
 
 ```bash
-P=$(mktemp -d) && git clone --depth 1 https://git.eeqj.de/sneak/prompts.git "$P" && claude "Read $P/prompts/REPO_POLICIES.md and $P/prompts/EXISTING_REPO_CHECKLIST.md, then bring this repo up to those standards."
+export TD="$(mktemp -d)"
+git clone --depth 1 https://git.eeqj.de/sneak/prompts.git "$TD"
 ```
 
-Start a new repo from scratch:
+**Repository structure and policies:**
 
 ```bash
-P=$(mktemp -d) && git clone --depth 1 https://git.eeqj.de/sneak/prompts.git "$P" && claude "Read $P/prompts/REPO_POLICIES.md and $P/prompts/NEW_REPO_CHECKLIST.md, then set up this new repo according to those standards."
+claude "Read $TD/prompts/REPO_POLICIES.md and
+$TD/prompts/EXISTING_REPO_CHECKLIST.md, then bring this repo up to those
+standards. Your scope is repo scaffolding and policy compliance:
+Makefile, Dockerfile, .dockerignore, .gitignore, .editorconfig, CI
+workflow, README sections, LICENSE, REPO_POLICIES.md, and any
+language-specific config files (.golangci.yml, .prettierrc, etc.).
+You must also run the formatter (make fmt) and fix any linter errors
+(make lint) so that make check passes — this will touch source code,
+but do not restructure, refactor, or rewrite any application logic.
+Follow the policies yourself: work on a feature branch, never git add -A,
+and make each logical change a separate commit (e.g. one commit for
+formatting, one for linter fixes, one for README updates, one for each
+new repo file added, etc.)."
+```
+
+**Code style and conventions:**
+
+```bash
+claude "Read $TD/prompts/CODE_STYLEGUIDE.md and whichever
+language-specific styleguides in $TD/prompts/ apply to this repo
+(CODE_STYLEGUIDE_GO.md, CODE_STYLEGUIDE_JS.md, CODE_STYLEGUIDE_PYTHON.md,
+GO_HTTP_SERVER_CONVENTIONS.md). Then review the application code in this
+repo and bring it into compliance with those coding standards. Your scope
+is application code structure and style: naming, patterns, error
+handling, project layout, and conventions described in the styleguides.
+Do not modify repo scaffolding (Makefile, Dockerfile, CI workflow,
+.gitignore, .editorconfig, etc.) — only application code. Work on a
+feature branch, never git add -A, and make each logical change a
+separate commit."
+```
+
+### New Repo
+
+Run from inside the directory where you want to create a new repo. Clone the
+prompts repo once, then run both commands in order.
+
+```bash
+export TD="$(mktemp -d)"
+git clone --depth 1 https://git.eeqj.de/sneak/prompts.git "$TD"
+```
+
+**Repository scaffolding:**
+
+```bash
+claude "Read $TD/prompts/REPO_POLICIES.md and
+$TD/prompts/NEW_REPO_CHECKLIST.md, then set up this new repo according
+to those standards. Your scope is repo structure and required files:
+README.md, LICENSE, REPO_POLICIES.md, Makefile, Dockerfile, .dockerignore,
+.gitignore, .editorconfig, CI workflow, and language-specific config.
+Run the formatter (make fmt) and fix any linter errors (make lint) so
+that make check passes — this will touch source code, but do not
+restructure, refactor, or rewrite any application logic. Follow the
+policies yourself: work on a feature branch, never git add -A, and make
+each logical change a separate commit (e.g. one commit for formatting,
+one for linter fixes, one for README, one for each new repo file, etc.)."
+```
+
+**Code style and conventions:**
+
+```bash
+claude "Read $TD/prompts/CODE_STYLEGUIDE.md and whichever
+language-specific styleguides in $TD/prompts/ apply to this repo
+(CODE_STYLEGUIDE_GO.md, CODE_STYLEGUIDE_JS.md, CODE_STYLEGUIDE_PYTHON.md,
+GO_HTTP_SERVER_CONVENTIONS.md). Then review the application code in this
+repo and bring it into compliance with those coding standards. Your scope
+is application code structure and style: naming, patterns, error
+handling, project layout, and conventions described in the styleguides.
+Do not modify repo scaffolding (Makefile, Dockerfile, CI workflow,
+.gitignore, .editorconfig, etc.) — only application code. Work on a
+feature branch, never git add -A, and make each logical change a
+separate commit."
 ```
 
 ## Getting Started
@@ -36,15 +110,14 @@ share, and evolve prompts across projects.
 
 ## Design
 
-The repository is a flat collection of Markdown files. Each file contains one or
+The repository is a collection of Markdown files organized in the `prompts/`
-more related prompts or policy documents. There is no build step or runtime
+subdirectory. Each file contains one or more related prompts or policy
-component; the prompts are consumed by copying them into other projects or
+documents. There is no build step or runtime component; the prompts are consumed
-referencing them directly.
+by copying them into other projects or referencing them directly.
 
 ## TODO
 
 - Add more prompt templates for common development tasks
-- Add CI to lint Markdown
 
 ## License
 

REPO_POLICIES.md

@@ -0,0 +1 @@
+prompts/REPO_POLICIES.md

prompts/CODE_STYLEGUIDE.md

@@ -1,28 +1,13 @@
-# sneak/styleguide
+---
+title: Code Styleguide
+last_modified: 2026-02-22
+---
 
-The following is the first released version of my personal code styleguide.
+# All
-There are many like it, but this one is mine.
 
-Only the Go portion is "complete". The others are mostly just placeholders.
+1. Every repo must have a `Makefile` and a `Dockerfile`. See
-
+   [Repository Policies](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md)
-Feedback and suggestions are not only welcome but explicitly encouraged.
+   for required targets and conventions.
-
-[sneak@sneak.berlin](mailto:sneak@sneak.berlin)
-
-# My 2024 Code Styleguide
-
-## All
-
-1. Every project/repo should have a `Makefile` in the root. At a minimum,
-   `make clean`, `make run`, `make fmt`, and `make test` should work. Choose a
-   sane default target (`test` for libraries, `run` or `publish` for binaries).
-   `fmt` should invoke the appropriate formatters for the files in the repo,
-   such as `go fmt`, `prettier`, `black`, etc. Other standard `Makefile` targets
-   include `deploy`, `lint`. Consider the `Makefile` the official documentation
-   about how to operate the repository.
-
-1. If it's possible to write a `Dockerfile`, include at least a simple one. It
-   should be possible to build and run the project with `docker build .`.
 
 1. For F/OSS-licensed software, try to include the full source code of the
    current version (and any dependencies, such as vendored dependencies) in the
@@ -51,18 +36,16 @@ Feedback and suggestions are not only welcome but explicitly encouraged.
    be enabled in prod.
 
 1. For services/servers, make a healthcheck available at
-   `/.well-known/healthcheck`. This is out of spec but it is my personal
+   `/.well-known/healthcheck`. The response must have a
-   standard. This should return a 200 OK if the service is healthy, along with a
+   `Content-Type: application/json` header and return a JSON object containing
-   JSON object containing the service's name, uptime, and any other relevant
+   the service's name, uptime, and a key of `"status"` with a value of `"ok"`.
-   information, and a key of "status" with a value of "ok" if the service is
+   Return a 200 for healthy, 5xx for unhealthy.
-   healthy. Make sure that in the event of a failure, the service returns a 5xx
-   status code for that route.
 
 1. If possible, for services/servers, include a /metrics endpoint that returns
    Prometheus-formatted metrics. This is not required for all services, but is a
    nice-to-have.
 
-## Bash / Shell
+# Bash / Shell
 
 1. Use `[[` instead of `[` for conditionals. It's a shell builtin and doesn't
    have to execute a separate process.
@@ -82,7 +65,7 @@ Feedback and suggestions are not only welcome but explicitly encouraged.
 1. Put all code in functions, even a main function. Define all functions then
    call main at the bottom of the file.
 
-## Docker Containers (for services)
+# Docker Containers (for services)
 
 1. Use `runit` with `runsvinit` as the entrypoint for all containers. This
    allows for easy service management and logging. In startup scripts

prompts/CODE_STYLEGUIDE_GO.md

@@ -1,4 +1,7 @@
-# Golang
+---
+title: Code Styleguide — Go
+last_modified: 2026-02-22
+---
 
 1.  Try to hard wrap long lines at 77 characters or less.
 
@@ -68,11 +71,8 @@
 1.  Avoid obvious footguns. For example, use range instead of for loops for
     iterating.
 
-1.  Try to use zerolog for logging. It's fast and has a nice API. For
+1.  Use `log/slog` for structured logging. Import `sneak.berlin/go/simplelog`
-    smaller/quick projects, the standard library's `log` package (and
+    for sensible defaults. Example:
-    specifically `log/slog`) is fine. In that case, log structured logs whenever
-    possible, and import `sneak.berlin/go/simplelog` to configure it
-    appropriately. Example:
 
     ```go
     package main
@@ -105,9 +105,9 @@
     able-to-be-compiled state, linted, and any tests run. The Docker build
     should fail if linting doesn't pass.
 
-1.  Include a `Makefile` with targets for at least `clean` and `test`. If there
+1.  Every repo must have a `Makefile`. See
-    are multiple binaries, include a target for each binary. If there are
+    [Repository Policies](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md)
-    multiple binaries, include a target for `all` that builds all binaries.
+    for required targets and conventions.
 
 1.  If you are writing a single-module library, `.go` files are okay in the repo
     root.
@@ -130,7 +130,7 @@
     single-file scripts.
 
 1.  HTTP HandleFuncs should be returned from methods or functions that need to
-    handle HTTP requests. Don't use methods or our top level functions as
+    handle HTTP requests. Don't use methods or your top level functions as
     handlers.
 
 1.  Provide a .gitignore file that ignores at least `*.log`, `*.out`, and
@@ -429,7 +429,7 @@
     releasable". "Releasable" in this context means that it builds and functions
     as expected, and that all tests and linting passes.
 
-## Other Golang Tips and Best Practices (Optional)
+# Other Golang Tips and Best Practices (Optional)
 
 1. For any internet-facing http server, set appropriate timeouts and limits to
    protect against slowloris attacks or huge uploads that can consume server

prompts/CODE_STYLEGUIDE_JS.md

@@ -1,4 +1,7 @@
-# JavaScript / ECMAScript / ES6
+---
+title: Code Styleguide — JavaScript
+last_modified: 2026-02-22
+---
 
 1. Use `const` for everything. If you need to reassign, use `let`. Never use
    `var`.
@@ -9,9 +12,12 @@
 
 1. Use `prettier` for code formatting, with four spaces for indentation.
 
-1. At a minimum, `npm run test` and `npm run build` should work (complete the
+1. At a minimum, both `yarn run test`/`yarn run build` and
-   appropriate scripts in `package.json`). The `Makefile` should call these, do
+   `npm run test`/`npm run build` should work (complete the appropriate scripts
-   not duplicate the scripts in the `Makefile`.
+   in `package.json`). However, prefer `make test` and `make build` instead —
+   the Makefile is authoritative on how to interact with the repo. See
+   [Repository Policies](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md)
+   for details.
 
 # Author
 

prompts/CODE_STYLEGUIDE_PYTHON.md

@@ -1,8 +1,11 @@
-# Python
+---
+title: Code Styleguide — Python
+last_modified: 2026-02-22
+---
 
 1. Format all code with `black`, with four space indents.
 
-2. Put all code in functions. If you are writing a script, put the script in a
+1. Put all code in functions. If you are writing a script, put the script in a
    function called `main` and call `main()` at the end of the script using the
    standard invocation:
 

prompts/EXISTING_REPO_CHECKLIST.md

@@ -1,56 +1,69 @@
-# Existing Repo Checklist
+---
+title: Existing Repo Checklist
+last_modified: 2026-02-22
+---
 
 Use this checklist when beginning work in a repo that may not yet conform to our
-[development policies](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md).
+repository policies
+(`https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md`).
 
 Work on a feature branch. Check each item and fix any gaps before proceeding
 with your task.
 
-## Formatting (do this first)
+# Formatting (do this first)
 
 - [ ] If the repo has never been formatted to our standards, run `make fmt` and
       commit the result as a standalone branch/commit/PR before any other
       changes. Formatting diffs can be large and should not be mixed with
       functional changes.
 
-## Required Files
+# Required Files
 
 - [ ] `README.md` exists with all required sections (Description, Getting
       Started, Rationale, Design, TODO, License, Author)
 - [ ] `LICENSE` file exists and matches the README
-- [ ] `REPO_POLICIES.md` exists and version date is current with the
+- [ ] `REPO_POLICIES.md` exists and version date is current — fetch from
-      [authoritative source](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md)
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md`
 - [ ] `.gitignore` is comprehensive (OS, editor, language artifacts, secrets) —
       fetch from `https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore`
       if missing
-- [ ] `.editorconfig` exists
+- [ ] `.editorconfig` exists — fetch from
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.editorconfig`
 - [ ] `Dockerfile` and `.dockerignore` exist; Dockerfile runs `make check` as a
-      build step
+      build step — fetch `.dockerignore` from
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.dockerignore`
 - [ ] Gitea Actions workflow in `.gitea/workflows/` runs `docker build .` on
-      push
+      push — reference
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitea/workflows/check.yml`
 - [ ] Language-specific config:
-    - [ ] Go: `go.mod`, `go.sum`, `.golangci.yml`
+    - [ ] Go: `go.mod`, `go.sum`, `.golangci.yml` (fetch from
+          `https://git.eeqj.de/sneak/prompts/raw/branch/main/.golangci.yml`)
     - [ ] JS: `package.json`, `yarn.lock`, `.prettierrc`, `.prettierignore`
+          (fetch from
+          `https://git.eeqj.de/sneak/prompts/raw/branch/main/.prettierrc` and
+          `https://git.eeqj.de/sneak/prompts/raw/branch/main/.prettierignore`)
     - [ ] Python: `pyproject.toml`
-    - [ ] Docs/writing: `.prettierrc`, `.prettierignore`
+    - [ ] Docs/writing: `.prettierrc`, `.prettierignore` (same URLs as above)
 
-## Makefile
+# Makefile
 
-- [ ] `Makefile` exists in root — reference the
+- [ ] `Makefile` exists in root — reference
-      [model Makefile](https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile)
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile`
 - [ ] Has targets: `test`, `lint`, `fmt`, `fmt-check`, `check`, `docker`,
       `hooks`
 - [ ] `make check` does not modify any files in the repo
 - [ ] `make test` has a 30-second timeout
+- [ ] `make test` runs real tests, not a no-op (at minimum, import/compile
+      check)
 - [ ] `make check` passes on current branch
 
-## Formatting
+# Formatting
 
 - [ ] Platform-standard formatter is configured (`black`, `prettier`, `go fmt`)
 - [ ] Default formatter config, only exception: four-space indents (except Go)
 - [ ] All files pass `make fmt-check`
 
-## Git Hygiene
+# Git Hygiene
 
 - [ ] Pre-commit hook is installed (`make hooks`)
 - [ ] No secrets in the repo (`.env`, keys, credentials)
@@ -58,14 +71,14 @@ with your task.
       pinned by cryptographic hash with version/date comment
 - [ ] Using `yarn`, not `npm` (JS projects)
 
-## Directory Structure
+# Directory Structure
 
 - [ ] No unnecessary files in repo root
 - [ ] Files organized into canonical subdirectories (`bin/`, `cmd/`, `docs/`,
       `internal/`, `static/`, etc.)
 - [ ] Go migrations in `internal/db/migrations/` and embedded in binary
 
-## Final
+# Final
 
 - [ ] `make check` passes
 - [ ] `docker build` succeeds

prompts/GO_HTTP_SERVER_CONVENTIONS.md

@@ -1,10 +1,13 @@
-# Go HTTP Server Conventions
+---
+title: Go HTTP Server Conventions
+last_modified: 2026-02-22
+---
 
 This document defines the architectural patterns, design decisions, and
 conventions for building Go HTTP servers. All new projects must follow these
 standards.
 
-## Table of Contents
+# Table of Contents
 
 1. [Required Libraries](#1-required-libraries)
 2. [Project Structure](#2-project-structure)
@@ -23,7 +26,7 @@ standards.
 
 ---
 
-## 1. Required Libraries
+# 1. Required Libraries
 
 These libraries are **mandatory** for all new projects:
 
@@ -42,7 +45,7 @@ These libraries are **mandatory** for all new projects:
 
 ---
 
-## 2. Project Structure
+# 2. Project Structure
 
 ```
 project-root/
@@ -84,7 +87,7 @@ project-root/
 └── Dockerfile
 ```
 
-### Key Principles
+## Key Principles
 
 - **`cmd/{appname}/`**: Only the entry point. Minimal logic, just bootstrapping.
 - **`internal/`**: All application packages. Not importable by external
@@ -94,9 +97,9 @@ project-root/
 
 ---
 
-## 3. Dependency Injection (Uber fx)
+# 3. Dependency Injection (Uber fx)
 
-### Entry Point Pattern
+## Entry Point Pattern
 
 ```go
 // cmd/httpd/main.go
@@ -141,7 +144,7 @@ func main() {
 }
 ```
 
-### Params Struct Pattern
+## Params Struct Pattern
 
 Every component that receives dependencies uses a params struct with `fx.In`:
 
@@ -161,7 +164,7 @@ type Handlers struct {
 }
 ```
 
-### Factory Function Pattern
+## Factory Function Pattern
 
 All components expose a `New` function with this signature:
 
@@ -185,7 +188,7 @@ func New(lc fx.Lifecycle, params SomeParams) (*Something, error) {
 }
 ```
 
-### Dependency Order
+## Dependency Order
 
 Providers are resolved automatically by fx, but conceptually follow this order:
 
@@ -201,9 +204,9 @@ Providers are resolved automatically by fx, but conceptually follow this order:
 
 ---
 
-## 4. Server Architecture
+# 4. Server Architecture
 
-### Server Struct
+## Server Struct
 
 The Server struct is the central orchestrator:
 
@@ -234,7 +237,7 @@ type Server struct {
 }
 ```
 
-### Server Factory
+## Server Factory
 
 ```go
 func New(lc fx.Lifecycle, params ServerParams) (*Server, error) {
@@ -259,7 +262,7 @@ func New(lc fx.Lifecycle, params ServerParams) (*Server, error) {
 }
 ```
 
-### HTTP Server Setup
+## HTTP Server Setup
 
 ```go
 // internal/server/http.go
@@ -289,7 +292,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 }
 ```
 
-### Signal Handling and Graceful Shutdown
+## Signal Handling and Graceful Shutdown
 
 ```go
 func (s *Server) serve() int {
@@ -333,9 +336,9 @@ func (s *Server) cleanShutdown() {
 
 ---
 
-## 5. Routing (go-chi)
+# 5. Routing (go-chi)
 
-### Route Setup Pattern
+## Route Setup Pattern
 
 ```go
 // internal/server/routes.go
@@ -378,7 +381,7 @@ func (s *Server) SetupRoutes() {
     s.router.Get("/login", auth(s.h.HandleLoginGET()).ServeHTTP)
 
     // Health check (standard path)
-    s.router.Get("/.well-known/healthcheck.json", s.h.HandleHealthCheck())
+    s.router.Get("/.well-known/healthcheck", s.h.HandleHealthCheck())
 
     // Protected route groups
     if viper.GetString("METRICS_USERNAME") != "" {
@@ -390,7 +393,7 @@ func (s *Server) SetupRoutes() {
 }
 ```
 
-### Middleware Ordering (Critical)
+## Middleware Ordering (Critical)
 
 1. `middleware.Recoverer` - Panic recovery (must be first)
 2. `middleware.RequestID` - Generate request IDs
@@ -400,7 +403,7 @@ func (s *Server) SetupRoutes() {
 6. `middleware.Timeout(60s)` - Request timeout
 7. `sentryhttp.Handler` - Sentry error reporting (if enabled)
 
-### API Versioning
+## API Versioning
 
 Use route groups for API versioning:
 
@@ -410,7 +413,7 @@ s.router.Route("/api/v1", func(r chi.Router) {
 })
 ```
 
-### Static File Serving
+## Static File Serving
 
 Static files are served at `/s/` prefix:
 
@@ -420,9 +423,9 @@ s.router.Mount("/s", http.StripPrefix("/s", http.FileServer(http.FS(static.Stati
 
 ---
 
-## 6. Handler Conventions
+# 6. Handler Conventions
 
-### Handler Base Struct
+## Handler Base Struct
 
 ```go
 // internal/handlers/handlers.go
@@ -455,7 +458,7 @@ func New(lc fx.Lifecycle, params HandlersParams) (*Handlers, error) {
 }
 ```
 
-### Closure-Based Handler Pattern
+## Closure-Based Handler Pattern
 
 All handlers return `http.HandlerFunc` using the closure pattern. This allows
 initialization logic to run once when the handler is created:
@@ -477,7 +480,7 @@ func (s *Handlers) HandleIndex() http.HandlerFunc {
 }
 ```
 
-### JSON Handler Pattern
+## JSON Handler Pattern
 
 ```go
 // internal/handlers/now.go
@@ -492,7 +495,7 @@ func (s *Handlers) HandleNow() http.HandlerFunc {
 }
 ```
 
-### Response Helpers
+## Response Helpers
 
 ```go
 // internal/handlers/handlers.go
@@ -512,7 +515,7 @@ func (s *Handlers) decodeJSON(w http.ResponseWriter, r *http.Request, v interfac
 }
 ```
 
-### Handler Naming Convention
+## Handler Naming Convention
 
 - `HandleIndex()` - Main page
 - `HandleLoginGET()` / `HandleLoginPOST()` - Form handlers with HTTP method
@@ -522,9 +525,9 @@ func (s *Handlers) decodeJSON(w http.ResponseWriter, r *http.Request, v interfac
 
 ---
 
-## 7. Middleware Conventions
+# 7. Middleware Conventions
 
-### Middleware Struct
+## Middleware Struct
 
 ```go
 // internal/middleware/middleware.go
@@ -548,7 +551,7 @@ func New(lc fx.Lifecycle, params MiddlewareParams) (*Middleware, error) {
 }
 ```
 
-### Middleware Signature
+## Middleware Signature
 
 All custom middleware methods return `func(http.Handler) http.Handler`:
 
@@ -567,7 +570,7 @@ func (s *Middleware) Auth() func(http.Handler) http.Handler {
 }
 ```
 
-### Logging Middleware with Status Capture
+## Logging Middleware with Status Capture
 
 ```go
 type loggingResponseWriter struct {
@@ -611,7 +614,7 @@ func (s *Middleware) Logging() func(http.Handler) http.Handler {
 }
 ```
 
-### CORS Middleware
+## CORS Middleware
 
 ```go
 func (s *Middleware) CORS() func(http.Handler) http.Handler {
@@ -626,7 +629,7 @@ func (s *Middleware) CORS() func(http.Handler) http.Handler {
 }
 ```
 
-### Metrics Middleware
+## Metrics Middleware
 
 ```go
 func (s *Middleware) Metrics() func(http.Handler) http.Handler {
@@ -652,9 +655,9 @@ func (s *Middleware) MetricsAuth() func(http.Handler) http.Handler {
 
 ---
 
-## 8. Configuration (Viper)
+# 8. Configuration (Viper)
 
-### Config Struct
+## Config Struct
 
 ```go
 // internal/config/config.go
@@ -677,7 +680,7 @@ type Config struct {
 }
 ```
 
-### Configuration Loading
+## Configuration Loading
 
 ```go
 func New(lc fx.Lifecycle, params ConfigParams) (*Config, error) {
@@ -735,7 +738,7 @@ func New(lc fx.Lifecycle, params ConfigParams) (*Config, error) {
 }
 ```
 
-### Configuration Precedence
+## Configuration Precedence
 
 1. **Environment variables** (highest priority via `AutomaticEnv()`)
 2. **`.env` file** (loaded via `godotenv/autoload` import)
@@ -743,7 +746,7 @@ func New(lc fx.Lifecycle, params ConfigParams) (*Config, error) {
    `~/.config/{appname}/{appname}.yaml`
 4. **Defaults** (lowest priority)
 
-### Environment Loading
+## Environment Loading
 
 Import godotenv with autoload to automatically load `.env` files:
 
@@ -755,9 +758,9 @@ import (
 
 ---
 
-## 9. Logging (slog)
+# 9. Logging (slog)
 
-### Logger Struct
+## Logger Struct
 
 ```go
 // internal/logger/logger.go
@@ -773,7 +776,7 @@ type Logger struct {
 }
 ```
 
-### Logger Setup with TTY Detection
+## Logger Setup with TTY Detection
 
 ```go
 func New(lc fx.Lifecycle, params LoggerParams) (*Logger, error) {
@@ -807,7 +810,7 @@ func New(lc fx.Lifecycle, params LoggerParams) (*Logger, error) {
 }
 ```
 
-### Logger Methods
+## Logger Methods
 
 ```go
 func (l *Logger) EnableDebugLogging() {
@@ -828,7 +831,7 @@ func (l *Logger) Identify() {
 }
 ```
 
-### Logging Patterns
+## Logging Patterns
 
 ```go
 // Info with fields
@@ -864,9 +867,9 @@ s.log.Info("request",
 
 ---
 
-## 10. Database Wrapper
+# 10. Database Wrapper
 
-### Database Struct
+## Database Struct
 
 ```go
 // internal/database/database.go
@@ -883,7 +886,7 @@ type Database struct {
 }
 ```
 
-### Database Factory with Lifecycle
+## Database Factory with Lifecycle
 
 ```go
 func New(lc fx.Lifecycle, params DatabaseParams) (*Database, error) {
@@ -910,7 +913,7 @@ func New(lc fx.Lifecycle, params DatabaseParams) (*Database, error) {
 }
 ```
 
-### Usage Pattern
+## Usage Pattern
 
 The Database struct is injected into handlers and other services:
 
@@ -931,9 +934,9 @@ func (s *Handlers) HandleSomething() http.HandlerFunc {
 
 ---
 
-## 11. Globals Package
+# 11. Globals Package
 
-### Package Variables and Struct
+## Package Variables and Struct
 
 ```go
 // internal/globals/globals.go
@@ -965,7 +968,7 @@ func New(lc fx.Lifecycle) (*Globals, error) {
 }
 ```
 
-### Setting Globals in Main
+## Setting Globals in Main
 
 ```go
 // cmd/httpd/main.go
@@ -983,7 +986,7 @@ func main() {
 }
 ```
 
-### Build-Time Variable Injection
+## Build-Time Variable Injection
 
 Use ldflags to inject version information at build time:
 
@@ -997,9 +1000,9 @@ build:
 
 ---
 
-## 12. Static Assets & Templates
+# 12. Static Assets & Templates
 
-### Static File Embedding
+## Static File Embedding
 
 ```go
 // static/static.go
@@ -1024,7 +1027,7 @@ static/
     └── jquery-3.5.1.slim.min.js
 ```
 
-### Template Embedding and Lazy Parsing
+## Template Embedding and Lazy Parsing
 
 ```go
 // templates/templates.go
@@ -1047,7 +1050,7 @@ func GetParsed() *template.Template {
 }
 ```
 
-### Template Composition
+## Template Composition
 
 Templates use Go's template composition:
 
@@ -1062,7 +1065,7 @@ Templates use Go's template composition:
 {{ template "pagefooter.html" . }} {{ template "htmlfooter.html" . }}
 ```
 
-### Static Asset References
+## Static Asset References
 
 Reference static files with `/s/` prefix:
 
@@ -1074,9 +1077,9 @@ Reference static files with `/s/` prefix:
 
 ---
 
-## 13. Health Check
+# 13. Health Check
 
-### Health Check Service
+## Health Check Service
 
 ```go
 // internal/healthcheck/healthcheck.go
@@ -1112,7 +1115,7 @@ func New(lc fx.Lifecycle, params HealthcheckParams) (*Healthcheck, error) {
 }
 ```
 
-### Health Check Response
+## Health Check Response
 
 ```go
 type HealthcheckResponse struct {
@@ -1142,19 +1145,19 @@ func (s *Healthcheck) Healthcheck() *HealthcheckResponse {
 }
 ```
 
-### Standard Endpoint
+## Standard Endpoint
 
 Health check is served at the standard `.well-known` path:
 
 ```go
-s.router.Get("/.well-known/healthcheck.json", s.h.HandleHealthCheck())
+s.router.Get("/.well-known/healthcheck", s.h.HandleHealthCheck())
 ```
 
 ---
 
-## 14. External Integrations
+# 14. External Integrations
 
-### Sentry Error Reporting
+## Sentry Error Reporting
 
 Sentry is conditionally enabled based on `SENTRY_DSN` environment variable:
 
@@ -1199,7 +1202,7 @@ if s.sentryEnabled {
 }
 ```
 
-### Prometheus Metrics
+## Prometheus Metrics
 
 Metrics are conditionally enabled and protected by basic auth:
 
@@ -1218,7 +1221,7 @@ if viper.GetString("METRICS_USERNAME") != "" {
 }
 ```
 
-### Environment Variables Summary
+## Environment Variables Summary
 
 | Variable           | Description                      | Default |
 | ------------------ | -------------------------------- | ------- |
@@ -1229,3 +1232,11 @@ if viper.GetString("METRICS_USERNAME") != "" {
 | `MAINTENANCE_MODE` | Enable maintenance mode          | false   |
 | `METRICS_USERNAME` | Basic auth username for /metrics | ""      |
 | `METRICS_PASSWORD` | Basic auth password for /metrics | ""      |
+
+# Author
+
+[@sneak](https://sneak.berlin) <[sneak@sneak.berlin](mailto:sneak@sneak.berlin)>
+
+# License
+
+MIT. See [LICENSE](../LICENSE).

prompts/NEW_REPO_CHECKLIST.md

@@ -1,18 +1,21 @@
-# New Repo Checklist
+---
+title: New Repo Checklist
+last_modified: 2026-02-22
+---
 
 Use this checklist when creating a new repository from scratch. Follow the steps
-in order. Full policies are at:
+in order. Full policies are at
-`https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md`
+`https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md`.
 
 Template files can be fetched from:
 `https://git.eeqj.de/sneak/prompts/raw/branch/main/<path>`
 
-## 1. Initialize
+# 1. Initialize
 
 - [ ] `git init`
 - [ ] Ask the user for the license (MIT, GPL, or WTFPL)
 
-## 2. First Commit (README only)
+# 2. First Commit (README only)
 
 - [ ] Create `README.md` with all required sections:
     - [ ] **Description**: name, purpose, category, license, author
@@ -24,40 +27,47 @@ Template files can be fetched from:
     - [ ] **Author**: [@sneak](https://sneak.berlin)
 - [ ] `git add README.md && git commit`
 
-## 3. Scaffolding (feature branch)
+# 3. Scaffolding (feature branch)
 
 - [ ] `git checkout -b initial-scaffolding`
 
-### Fetch Template Files
+## Fetch Template Files
 
-- [ ] `.gitignore` — fetch from prompts repo, extend for language-specific
+- [ ] `.gitignore` — fetch from
-      artifacts
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore`, extend for
-- [ ] `.editorconfig` — fetch from prompts repo
+      language-specific artifacts
-- [ ] `Makefile` — fetch from prompts repo, adapt targets for the project's
+- [ ] `.editorconfig` — fetch from
-      language and tools
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.editorconfig`
-- [ ] For JS/docs repos: `.prettierrc`, `.prettierignore`
+- [ ] `Makefile` — fetch from
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile`, adapt
+      targets for the project's language and tools
+- [ ] For JS/docs repos: `.prettierrc` and `.prettierignore` — fetch from
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.prettierrc` and
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.prettierignore`
 
-### Create Project Files
+## Create Project Files
 
 - [ ] `LICENSE` file matching the chosen license
-- [ ] `REPO_POLICIES.md` — fetch from `prompts/REPO_POLICIES.md` in the prompts
+- [ ] `REPO_POLICIES.md` — fetch from
-      repo
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/REPO_POLICIES.md`
-- [ ] `Dockerfile` and `.dockerignore`
+- [ ] `Dockerfile` and `.dockerignore` — fetch `.dockerignore` from
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.dockerignore`
     - All Dockerfiles must run `make check` as a build step
     - Server: also builds and runs the application
     - Non-server: brings up dev environment and runs `make check`
     - Image pinned by sha256 hash with version/date comment
 - [ ] Gitea Actions workflow at `.gitea/workflows/check.yml` that runs
-      `docker build .` on push
+      `docker build .` on push — reference
+      `https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitea/workflows/check.yml`
 - [ ] Language-specific:
-    - [ ] Go: `go mod init sneak.berlin/go/<name>`, `.golangci.yml` (copy from
+    - [ ] Go: `go mod init sneak.berlin/go/<name>`, `.golangci.yml` (fetch from
-          `~/dev/upaas/.golangci.yml`)
+          `https://git.eeqj.de/sneak/prompts/raw/branch/main/.golangci.yml`)
     - [ ] JS: `yarn init`, `yarn add --dev prettier`
     - [ ] Python: `pyproject.toml`
 
-### Configure Makefile
+## Configure Makefile
 
-- [ ] `make test` — runs project tests (30-second timeout)
+- [ ] `make test` — runs real tests, not a no-op (30-second timeout)
 - [ ] `make lint` — runs linter
 - [ ] `make fmt` — formats code (writes)
 - [ ] `make fmt-check` — checks formatting (read-only)
@@ -65,7 +75,7 @@ Template files can be fetched from:
 - [ ] `make docker` — builds Docker image
 - [ ] `make hooks` — installs pre-commit hook
 
-## 4. Verify
+# 4. Verify
 
 - [ ] `make check` passes
 - [ ] `make docker` succeeds
@@ -74,7 +84,7 @@ Template files can be fetched from:
 - [ ] No unnecessary files in repo root
 - [ ] All dates written as YYYY-MM-DD
 
-## 5. Merge and Set Up
+# 5. Merge and Set Up
 
 - [ ] Commit, merge to `main`
 - [ ] `make hooks` to install pre-commit hook

prompts/REPO_POLICIES.md

@@ -1,10 +1,23 @@
-# Development Policies
+---
+title: Repository Policies
+last_modified: 2026-02-22
+---
 
-Version: 2026-02-22
+This document covers repository structure, tooling, and workflow standards. Code
+style conventions are in separate documents:
 
-- Cross-project documentation (such as this file) must include a
+- [Code Styleguide](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE.md)
-  `Version: YYYY-MM-DD` line near the top so it can be kept in sync with the
+  (general, bash, Docker)
-  authoritative source as policies evolve.
+- [Go](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_GO.md)
+- [JavaScript](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_JS.md)
+- [Python](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_PYTHON.md)
+- [Go HTTP Server Conventions](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/GO_HTTP_SERVER_CONVENTIONS.md)
+
+---
+
+- Cross-project documentation (such as this file) must include
+  `last_modified: YYYY-MM-DD` in the YAML front matter so it can be kept in sync
+  with the authoritative source as policies evolve.
 
 - **ALL external references must be pinned by cryptographic hash.** This
   includes Docker base images, Go modules, npm packages, GitHub Actions, and
@@ -30,6 +43,16 @@ Version: 2026-02-22
   instead of invoking the underlying tools directly. The Makefile is the single
   source of truth for how these operations are run.
 
+- The Makefile is authoritative documentation for how the repo is used. Beyond
+  the required targets above, it should have targets for every common operation:
+  running a local development server (`make run`, `make dev`), re-initializing
+  or migrating the database (`make db-reset`, `make migrate`), building
+  artifacts (`make build`), generating code, seeding data, or anything else a
+  developer would do regularly. If someone checks out the repo and types
+  `make<tab>`, they should see every meaningful operation available. A new
+  contributor should be able to understand the entire development workflow by
+  reading the Makefile.
+
 - Every repo should have a `Dockerfile`. All Dockerfiles must run `make check`
   as a build step so the build fails if the branch is not green. For non-server
   repos, the Dockerfile should bring up a development environment and run
@@ -50,6 +73,12 @@ Version: 2026-02-22
   `make lint && make fmt-check`. The Makefile should provide a `make hooks`
   target to install the pre-commit hook.
 
+- All repos with software must have tests that run via the platform-standard
+  test framework (`go test`, `pytest`, `jest`/`vitest`, etc.). If no meaningful
+  tests exist yet, add the most minimal test possible — e.g. importing the
+  module under test to verify it compiles/parses. There is no excuse for
+  `make test` to be a no-op.
+
 - `make test` must complete in under 20 seconds. Add a 30-second timeout in the
   Makefile.
 
@@ -77,7 +106,8 @@ Version: 2026-02-22
   feature branch.
 
 - `.golangci.yml` is standardized and must _NEVER_ be modified by an agent, only
-  manually by the user. Copy from `~/dev/upaas/.golangci.yml` if available.
+  manually by the user. Fetch from
+  `https://git.eeqj.de/sneak/prompts/raw/branch/main/.golangci.yml`.
 
 - When pinning images or packages by hash, add a comment above the reference
   with the version and date (YYYY-MM-DD).
@@ -143,7 +173,8 @@ Version: 2026-02-22
 
 - New repos must contain at minimum:
     - `README.md`, `.git`, `.gitignore`, `.editorconfig`
-    - `REPO_POLICIES.md` (copy from the `prompts` repo)
+    - `LICENSE`, `REPO_POLICIES.md` (copy from the `prompts` repo)
+    - `Makefile`
     - `Dockerfile`, `.dockerignore`
     - `.gitea/workflows/check.yml`
     - Go: `go.mod`, `go.sum`, `.golangci.yml`