nek0der · nek0der · Jan 25, 2026 · Jan 25, 2026
@@ -0,0 +1,50 @@
+# Pull Request Workflow
+
+**IMPORTANT**: Use PR template (`.github/pull_request_template.md`).
+
+## Pre-PR Validation
+
+Before creating PR, verify:
+
+1. **Testing**: If Services/Models/Helpers changed → unit tests exist
+2. **Security**:
+   - Proper `ProviderConstants.ValidateAndNormalize()` usage
+   - No hardcoded secrets (see SECURITY.md)
+3. **Async**: `SafeFireAndForget()` used, no bare `async void` except handlers
+4. **Dependencies**: No GPL-licensed packages (check .csproj)
+5. **PR title**: Follows convention (CONTRIBUTING.md#pr-title-format)
+6. **Quality**: No `Debug.WriteLine`, proper error handling
+7. **Changelog**: User-facing changes → CHANGELOG.md updated
+
+**If validation fails**: STOP. Report issues. DO NOT create PR.
+
+## PR Creation Process
+
+1. **Analyze changes**:
+   ```bash
+   git log [base-branch]...HEAD      # ALL commits
+   git diff [base-branch]...HEAD     # Full scope
+   ```
+
+2. **Fill template** (`.github/pull_request_template.md`):
+   - Description (what + why)
+   - Related issue or "N/A"
+   - Type checkboxes
+   - Test description
+   - Checklist (mark all applicable)
+   - Breaking changes or "N/A"
+
+3. **Create PR**:
+   ```bash
+   gh pr create --title "Prefix: Description" --body "$(cat <<'EOF'
+   [Full template content]
+   EOF
+   )"
+   ```
+
+## Critical Rules
+
+- Analyze ALL commits, not just latest
+- Validate BEFORE creating PR
+- Preserve template structure (all sections, checkboxes)
+- Use HEREDOC for multi-line formatting
@@ -0,0 +1,26 @@
+# Security Rules
+
+## Provider Validation
+
+**ALWAYS** use `ProviderConstants.ValidateAndNormalize()` before executing WSL commands with provider names.
+
+See `Models/ProviderConfig.cs` for validation logic.
+
+## Secrets Management
+
+- NO hardcoded credentials
+- NO API keys in code
+- NO secrets in CLAUDE.md or documentation
+
+## Dependencies
+
+- NO GPL-licensed packages (MIT incompatible)
+- Check `.github/workflows/licenses.yml` for enforcement
+
+## Async Safety
+
+- NO bare `async void` except event handlers
+- ALL event handlers: wrap with try-catch
+- Fire-and-forget: use `SafeFireAndForget()`
+
+See SECURITY.md for full policy.
@@ -0,0 +1,34 @@
+# Testing Requirements
+
+## Scope
+
+Unit tests REQUIRED for changes to:
+- Services/
+- Models/
+- Helpers/
+
+UI layer (Views, ViewModels) is EXEMPT.
+
+## Naming Conventions
+
+**File**: `{ClassName}Tests.cs`
+
+Example: `CodexBarService.cs` → `CodexBarServiceTests.cs`
+
+**Method**: `{MethodName}_{Condition}_{ExpectedResult}`
+
+Examples:
+- `GetUsageDataAsync_WhenValidProvider_ReturnsUsageData`
+- `ValidateAndNormalize_WhenInvalidProvider_ThrowsException`
+
+## Tech Stack
+
+- MSTest (test framework)
+- Moq (mocking)
+- FluentAssertions (assertions)
+
+## Running Tests
+
+```bash
+dotnet test CodexBarWin.Tests.Unit -c Debug -p:Platform=x64
+```
@@ -362,8 +362,10 @@ MigrationBackup/
 # Fody - auto-generated XML schema
 FodyWeavers.xsd
 
-# Claude Code
-.claude/
+# Claude Code (ignore personal settings, commit team-shared config)
+.claude/*.local.*
+.claude/settings.local.json
+CLAUDE.local.md
 
 # Serena (MCP coding agent)
 .serena/

@@ -1,75 +1,72 @@
-# CLAUDE.md
+# CodexBarWin
 
-## Project Overview
+Windows 11 WinUI 3 app for AI coding tool usage monitoring. Frontend for [CodexBar CLI](https://github.com/steipete/CodexBar).
 
-CodexBarWin is a Windows 11 native app (WinUI 3) that displays AI coding tool usage limits in the system tray. It's a frontend for [Win-CodexBar CLI](https://github.com/Finesssee/Win-CodexBar).
+## Stack
 
-## Tech Stack
+.NET 10, WinUI 3, Windows App SDK, MVVM (CommunityToolkit.Mvvm), H.NotifyIcon.WinUI, MSTest/Moq/FluentAssertions
 
-- **Framework**: .NET 10, WinUI 3, Windows App SDK
-- **Architecture**: MVVM (CommunityToolkit.Mvvm)
-- **DI**: Microsoft.Extensions.DependencyInjection
-- **System Tray**: H.NotifyIcon.WinUI
-- **Testing**: MSTest, Moq, FluentAssertions
+## Commands
+
+```bash
+dotnet build -c Release -p:Platform=x64                          # Build
+dotnet test CodexBarWin.Tests.Unit -c Debug -p:Platform=x64      # Test
+dotnet restore CodexBarWin.sln                                   # Restore
+```
 
-## Project Structure
+## Structure
 
 ```
-CodexBarWin/
-├── Models/          # Data models and DTOs
-├── Services/        # Business logic (IWslService, ICodexBarService, etc.)
-├── ViewModels/      # MVVM ViewModels
-├── Views/           # XAML pages
-├── Helpers/         # Utility classes (AsyncHelper)
-├── Controls/        # Custom UI controls
-└── Assets/          # Images and resources
+Services/       - Business logic (IWslService, ICodexBarService)
+Models/         - Data models, DTOs
+ViewModels/     - MVVM ViewModels
+Views/          - XAML pages
+Helpers/        - Utility classes
 ```
 
-## Commands
+## Code Style
 
-```bash
-# Build
-dotnet build -c Release -p:Platform=x64
+- **All deliverables in English** (code, comments, commits, docs)
+- **Async**: Use `SafeFireAndForget()`, no bare `async void` except event handlers
+- **Logging**: `ILogger<T>`, not `Debug.WriteLine`
+- **Security**: Use `ProviderConstants.ValidateAndNormalize()` for provider names
 
-# Run tests
-dotnet test CodexBarWin.Tests.Unit -c Debug -p:Platform=x64
+## Testing
 
-# Restore packages
-dotnet restore CodexBarWin.sln
-```
+Required for Services/, Models/, Helpers/ changes. See [.claude/rules/testing.md](.claude/rules/testing.md) for details.
 
-## Code Conventions
+## Pull Requests
 
-- **PR titles**: Use prefixes (`Add:`, `Fix:`, `Update:`, `Refactor:`, `Test:`, `Docs:`) - enforced by CI
-- **Async methods**: Use `SafeFireAndForget()` for fire-and-forget, always handle exceptions
-- **Provider validation**: Use `ProviderConstants.ValidateAndNormalize()` for security
-- **Logging**: Use `ILogger<T>`, not `Debug.WriteLine`
-- **Testing**: Services, Models, Helpers への変更時はユニットテスト必須
-  - テストファイル命名: `{対象クラス名}Tests.cs`
-  - テストメソッド命名: `{メソッド名}_{条件}_{期待結果}` 形式
-  - UI層（Views, ViewModels）はテスト対象外
+**Before creating PR**: Read [.claude/rules/pr-workflow.md](.claude/rules/pr-workflow.md) for validation checklist and process.
+
+PR titles must follow format: `Add:`, `Fix:`, `Update:`, `Refactor:`, `Test:`, `Docs:`, `Remove:`
+
+## Security
+
+Read [.claude/rules/security.md](.claude/rules/security.md) before modifying Services/Models.
+
+Critical rules:
+- NO GPL dependencies (MIT incompatible)
+- NO hardcoded secrets
+- ALWAYS validate provider input
 
 ## Important Files
 
-- `Services/CodexBarService.cs` - Core usage data fetching logic
+- `Services/CodexBarService.cs` - Core usage data fetching
 - `Models/ProviderConfig.cs` - Provider validation (security-critical)
-- `MainWindow.xaml.cs` - System tray and window animation
-- `ViewModels/MainViewModel.cs` - Main UI state management
+- `MainWindow.xaml.cs` - System tray, window animation
+- `ViewModels/MainViewModel.cs` - Main UI state
 
-## Do Not
+## CI/CD
 
-- Add GPL-licensed dependencies (MIT incompatible)
-- Hardcode secrets or credentials
-- Use `async void` except for event handlers (wrap with try-catch)
-- Skip provider validation when executing WSL commands
-- Merge logic changes to Services/Models/Helpers without corresponding tests
+Workflows: build, test, licenses, pr-title, stale
 
-## CI/CD
+All PRs must pass CI. Uses Squash & Merge strategy.
 
-- **Build**: `.github/workflows/build.yml`
-- **Test**: `.github/workflows/test.yml`
-- **License Check**: `.github/workflows/licenses.yml`
-- **PR Title**: `.github/workflows/pr-title.yml`
-- **Stale**: `.github/workflows/stale.yml` (auto-close inactive issues/PRs)
+## References
 
-All PRs must pass CI checks before merging. Uses Squash & Merge strategy.
+- Setup: [CONTRIBUTING.md](CONTRIBUTING.md#development-setup)
+- Architecture: [CONTRIBUTING.md](CONTRIBUTING.md#project-structure)
+- Security Policy: [SECURITY.md](SECURITY.md)
+- PR Template: [.github/pull_request_template.md](.github/pull_request_template.md)
+- Changelog: [CHANGELOG.md](CHANGELOG.md)