Add agent skills and prompts

skills/rubric-audit/SKILL.md — agent skill for scoring any CLI
prompts/close-gap.md — agent prompt for closing a specific rubric gap
prompts/seed-cli.md — agent prompt for bootstrapping a new CLI

Author: jeremy

prompts/close-gap.md

@@ -0,0 +1,50 @@
+# Close a Rubric Gap
+
+You are closing a specific gap in a Go CLI's compliance with the 37signals CLI rubric.
+
+## Input
+
+- **Criterion ID**: e.g., "1A.1" (--json flag on every command)
+- **CLI repo**: The repository you're working in
+- **Current state**: What exists today
+
+## Process
+
+1. Read RUBRIC.md to understand the criterion requirements
+2. Read the reference implementation in basecamp-cli
+3. Assess the current state of the target CLI
+4. Implement the minimum change to meet the criterion
+5. Add or update tests
+6. Verify the criterion is met
+
+## Shared Packages
+
+If the gap can be closed by adopting a shared package, prefer that over writing new code:
+
+| Gap Area | Package | Import |
+|----------|---------|--------|
+| Output envelope, formats, exit codes | `output` | `github.com/basecamp/cli/output` |
+| Credential storage (keyring + file) | `credstore` | `github.com/basecamp/cli/credstore` |
+| PKCE helpers | `pkce` | `github.com/basecamp/cli/pkce` |
+| OAuth callback server | `oauthcallback` | `github.com/basecamp/cli/oauthcallback` |
+| CLI surface snapshots | `surface` | `github.com/basecamp/cli/surface` |
+
+## Implementation Patterns
+
+### Adding --json flag (1A.1)
+Add a persistent `--json` flag to the root command. In your output wrapper, check the flag and set `FormatJSON` accordingly.
+
+### Adding structured output (1A.3-4)
+Import `github.com/basecamp/cli/output` and use `Writer.OK()` / `Writer.Err()` in every command's RunE.
+
+### Adding exit codes (1B.1)
+Use `output.AsError(err).ExitCode()` in your root command's error handler. Map all errors through typed constructors.
+
+### Adding --help --agent (1C.1)
+Detect `--help --agent` flag combination. When both are set, emit a JSON object with: name, description, flags (name, type, default, description), subcommands (name, description).
+
+### Adding keyring (1D.3)
+Replace file-only credential storage with `credstore.NewStore()`. Set ServiceName to your app name, DisableEnvVar to `APP_NO_KEYRING`.
+
+### Adding surface stability (2A.2-3)
+Use the `surface` package to generate snapshots. Commit the baseline. Add the `surface-compat` GitHub Action to CI.

prompts/seed-cli.md

@@ -0,0 +1,88 @@
+# Bootstrap a New CLI from Seed
+
+You are creating a new Go CLI for a 37signals product using the seed templates.
+
+## Input
+
+- **App name**: e.g., "fizzy", "hey"
+- **API base URL**: e.g., "https://fizzy.37signals.com"
+- **Auth model**: OAuth+PKCE, bearer token (PAT), or purchase token
+
+## Process
+
+1. Create the repository structure:
+   ```
+   <app>-cli/
+   ├── cmd/<app>/main.go
+   ├── internal/
+   │   ├── auth/
+   │   ├── commands/
+   │   ├── config/
+   │   └── output/
+   ├── e2e/
+   ├── skills/
+   ├── .claude-plugin/
+   ├── go.mod
+   ├── Makefile
+   ├── .goreleaser.yaml
+   ├── .golangci.yml
+   ├── AGENTS.md
+   ├── CONTRIBUTING.md
+   └── README.md
+   ```
+
+2. Initialize go.mod with `github.com/basecamp/<app>-cli`
+
+3. Add shared dependencies:
+   ```
+   go get github.com/basecamp/cli/output
+   go get github.com/basecamp/cli/credstore
+   go get github.com/basecamp/cli/pkce
+   go get github.com/spf13/cobra
+   ```
+
+4. Copy and customize seed templates:
+   - `seed/Makefile` → `Makefile` (update BINARY_NAME)
+   - `seed/.goreleaser.yaml` → `.goreleaser.yaml` (update ProjectName)
+   - `seed/.golangci.yml` → `.golangci.yml`
+   - `seed/AGENTS.md.tmpl` → `AGENTS.md` (fill in app name)
+   - `seed/CONTRIBUTING.md.tmpl` → `CONTRIBUTING.md` (fill in app name)
+   - `seed/internal/output/output.go` → `internal/output/output.go`
+   - `seed/internal/auth/auth.go` → `internal/auth/auth.go` (customize service name, env vars)
+   - `seed/.claude-plugin/` → `.claude-plugin/` (customize)
+   - `seed/skills/SKILL.md.tmpl` → `skills/SKILL.md` (customize)
+
+5. Create the root command in `cmd/<app>/main.go`:
+   - Import `github.com/spf13/cobra`
+   - Add persistent flags: --json, --quiet, --agent, --verbose, --ids-only, --count, --markdown
+   - Wire up output.Writer with format resolution
+   - Add --help --agent handler
+
+6. Create auth commands: `<app> auth login`, `<app> auth logout`, `<app> auth status`
+
+7. Create first resource command as an example
+
+8. Run `make check` to verify everything works
+
+## Auth Model Configuration
+
+### OAuth + PKCE
+```go
+import (
+    "github.com/basecamp/cli/credstore"
+    "github.com/basecamp/cli/pkce"
+    "github.com/basecamp/cli/oauthcallback"
+)
+```
+
+### Bearer Token (PAT)
+```go
+import "github.com/basecamp/cli/credstore"
+// No PKCE or callback needed — user provides token directly
+```
+
+### Purchase Token (HMAC)
+```go
+import "github.com/basecamp/cli/credstore"
+// Custom verification logic — credstore handles storage only
+```

skills/rubric-audit/SKILL.md

@@ -0,0 +1,104 @@
+---
+name: rubric-audit
+description: Audit a Go CLI against the 37signals CLI rubric
+---
+
+# CLI Rubric Audit
+
+Audit a Go CLI repository against the 37signals CLI rubric (RUBRIC.md).
+
+## Usage
+
+Run this skill in the root of a Go CLI repository to produce a gap report.
+
+## Audit Process
+
+### 1. Identify the CLI
+
+- Find the main binary (check `cmd/` directory or Makefile)
+- Build it: `make build` or `go build ./cmd/<name>`
+- Determine the profile: API CLI (wraps a web API) or TUI tool (full-screen interface)
+
+### 2. Check Tier 1: Agent Contract
+
+#### 1A. Structured Output (API CLI only)
+- [ ] Run `<cli> --help` — does `--json` flag exist?
+- [ ] Pipe a command: `<cli> <cmd> | cat` — does it output JSON automatically?
+- [ ] Run with `--json`: verify `{ok: true, data: ...}` envelope
+- [ ] Run invalid command: verify `{ok: false, error: ..., code: ...}` envelope
+- [ ] Check for `--quiet`, `--agent`, `--ids-only`, `--count`, `--markdown` flags
+- [ ] Grep for `json.Decoder.UseNumber` or `json.Number` in output code
+
+#### 1B. Exit Codes
+- [ ] Run with bad args: should exit 1
+- [ ] Access nonexistent resource: should exit 2
+- [ ] Run without auth: should exit 3
+- [ ] Check error types in code: look for typed error constructors
+
+#### 1C. Programmatic Discovery (API CLI only)
+- [ ] Run `--help --agent`: should emit structured JSON
+- [ ] Check responses for breadcrumbs
+- [ ] Look for `commands --json` or catalog command
+
+#### 1D. Authentication
+- [ ] Check for `APP_TOKEN` env var support
+- [ ] Check for keyring usage (go-keyring dependency)
+- [ ] Check for file fallback with 0600 perms
+- [ ] Check for token refresh logic
+
+### 3. Check Tier 2: Reliability
+
+#### 2A. Surface Stability
+- [ ] `--version` flag exists and shows version/commit/date
+- [ ] Surface snapshot script or tool exists
+- [ ] CI runs surface compat check
+
+#### 2B. Resilience
+- [ ] Grep for retry/backoff logic
+- [ ] Check for 429/rate limit handling
+
+#### 2C. Configuration
+- [ ] Check config loading order (flag > env > file)
+- [ ] Check for HTTPS enforcement
+- [ ] Check for XDG directory usage
+
+### 4. Check Tier 3: Agent Integration (API CLI only)
+
+- [ ] Check for SKILL.md and go:embed
+- [ ] Check for .claude-plugin/ directory
+- [ ] Check for --limit, --all flags on list commands
+- [ ] Check for --verbose, APP_DEBUG
+
+### 5. Check Tier 4: Distribution & Ecosystem
+
+- [ ] Check for .goreleaser.yaml
+- [ ] Check for Homebrew tap
+- [ ] Check for e2e tests
+- [ ] Check for golangci-lint config
+- [ ] Check for CONTRIBUTING.md, AGENTS.md
+
+## Output Format
+
+Produce a scorecard:
+
+```
+## Scorecard: <CLI Name>
+
+| Tier | Score | Max |
+|------|-------|-----|
+| T1: Agent Contract | X/21 | 21 |
+| T2: Reliability | X/14 | 14 |
+| T3: Agent Integration | X/9 | 9 |
+| T4: Distribution | X/19 | 19 |
+| **Total** | **X/63** | **63** |
+
+### Critical Gaps
+1. [Most impactful gap]
+2. [Second gap]
+...
+
+### Recommended Priority
+1. [First thing to fix — highest leverage]
+2. [Second]
+...
+```