feat: Add Laravel framework support with tech stack selection and file upload enhancements #43

jacob8919 · 2026-01-11T05:40:43Z

Summary

This PR introduces comprehensive Laravel framework support to autocoder, along with several quality-of-life improvements and bug fixes.

Major Features

Laravel Framework Integration: Full support for Laravel projects with tech stack selection wizard
- Framework options: React + Node.js, Laravel + React, Laravel + Vue, Laravel + Livewire, Laravel API-only
- Database selection: SQLite, MySQL, PostgreSQL, MariaDB
- Testing frameworks: Vitest/Jest (Node.js) or Pest/PHPUnit (Laravel)
- Laravel Boost MCP server integration with 15 specialized tools
- Laravel-specific prompt templates and expanded command allowlist
File Upload Enhancements: Extended spec creation chat to accept markdown (.md) and text (.txt) files
- New TextFileAttachment model with UTF-8 validation
- Files display as expandable accordions in chat messages

Improvements

Increased debug log history capacity from 100 to 1000 lines
Added SQLite timeout parameter to prevent database lock errors in MCP features server
Expanded security allowlist with PHP/Laravel commands (pint, pgrep, etc.)

Bug Fixes

Fixed Laravel Boost MCP server naming convention (hyphen vs. underscore)
Corrected Laravel initializer template with proper Boost installation via Composer

Files Changed

23 files modified across frontend components, backend services, and configuration files.

Testing

Laravel project creation workflow tested
Tech stack selection wizard validated
File upload functionality verified with .md and .txt files
Database lock error scenario tested

Screenshots

Add any relevant screenshots here

🤖 Co-authored with Claude Opus 4.5

Summary by CodeRabbit

New Features
- Added Laravel framework support with automated project scaffolding and configuration workflows
- Enabled text file attachments (.md, .txt) alongside images in spec creation
- Introduced tech stack configuration UI for selecting framework, database, and testing options during project setup
Improvements
- Enhanced database connection stability with timeout handling
- Expanded security controls for PHP and Laravel development tools

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Add Laravel framework support during project creation: - Add tech stack selection wizard (framework, database, testing) - Support Laravel + React/Vue/Livewire/API starter kits - Add Laravel Boost MCP server integration - Create Laravel-specific prompt templates - Add PHP/Laravel commands to security allowlist - Auto-detect framework from app_spec.txt at runtime Framework options: - React + Node.js (default) - Laravel + React (Inertia.js) - Laravel + Vue (Inertia.js) - Laravel + Livewire - Laravel API Only Database options: SQLite, MySQL, PostgreSQL, MariaDB Testing options: Vitest/Jest (Node.js), Pest/PHPUnit (Laravel) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Remove invalid --boost flag from laravel new commands (doesn't exist) - Make database option dynamic, reading from app_spec.txt <database> tag - Add separate Laravel Boost installation via Composer - Use --no-interaction flag for php artisan boost:install to skip prompts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

… laravel_boost) The Laravel Boost MCP server exposes tools with hyphen naming (mcp__laravel-boost__*), but we were configuring it with underscore (mcp__laravel_boost__*), causing permission errors when the agent tried to use Laravel Boost tools. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Document the 15 MCP tools available from Laravel Boost so the agent knows to use them instead of bash commands where appropriate. - Add tools table with purpose and examples - Add guidance on when to use MCP vs bash commands - Update database verification step to reference MCP tools - Update Laravel Log section to recommend MCP tools first Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Allow users to upload markdown and text files in addition to images when creating a project spec. This enables uploading detailed spec documents instead of typing them manually. Changes: - Add TextFileAttachment model with UTF-8 validation (schemas.py) - Update backend to send text files as text content blocks to Claude - Add FileAttachment discriminated union type (ImageAttachment | TextAttachment) - Display text files as compact chips in pending attachments - Show sent text files as expandable accordions in chat messages - Update file input to accept .md and .txt files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…es server The features database was missing the timeout parameter in create_engine(), causing immediate "database is locked" failures when encountering WAL artifacts from other processes. This matches the pattern already used in registry.py. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

coderabbitai · 2026-01-11T05:40:52Z

📝 Walkthrough

Walkthrough

This pull request adds comprehensive Laravel framework support to the project scaffolding system. It introduces Laravel-specific templates, framework detection, interactive tech stack configuration (framework/database/testing choices), Laravel Boost MCP tool integration, enhanced file attachment handling (text + images), and end-to-end framework-aware workflows for both backend and frontend.

Changes

Cohort / File(s)	Summary
Laravel Templates & Initialization `.claude/templates/laravel/app_spec.template.txt`, `.claude/templates/laravel/coding_prompt.template.md`, `.claude/templates/laravel/coding_prompt_yolo.template.md`, `.claude/templates/laravel/initializer_prompt.template.md`	Added four comprehensive Laravel project templates: specification template with project structure and design tokens, standard coding workflow with testing/verification steps, YOLO mode rapid prototyping (tests disabled), and initializer prompt for bootstrapping new Laravel projects.
Framework Detection & Prompt Selection `prompts.py`	Introduced `detect_framework_from_spec()` to infer framework from app spec, added `LARAVEL_TEMPLATES_DIR` constant, and extended `scaffold_project_prompts()` to select framework-specific templates with fallback to base templates.
Agent & Client Framework Awareness `agent.py`, `client.py`	Updated agent to detect framework at startup and thread `is_laravel` flag through client creation. Extended `create_client()` signature with `is_laravel` parameter; when true, includes `LARAVEL_BOOST_TOOLS` in allowed tools and configures Laravel Boost MCP server.
Framework-Aware Project Scaffolding `server/routers/projects.py`, `server/routers/spec_creation.py`, `server/schemas.py`	Modified create_project to detect Laravel framework and pass to scaffold step. Added `TechStackConfig` model with framework/database/testing enums and helper methods (`is_laravel()`, `get_default_testing()`, `get_laravel_starter_kit()`). Added to `ProjectCreate` as optional `tech_stack` field.
Multi-Format Attachment Support `server/schemas.py`, `server/services/spec_chat_session.py`	Introduced `TextFileAttachment` for text files (UTF-8 validated, size-capped). Created union type `FileAttachment = ImageAttachment
Command & Security Whitelisting `security.py`, `api/database.py`	Extended `ALLOWED_COMMANDS` with PHP/Laravel tools (php, composer, laravel, artisan, pest, pint) and process inspection (pgrep). Allowed php/artisan in pkill validation. Added 30-second database connection timeout.
Interactive Tech Stack Selection `start.py`	Added `ask_framework_choice()`, `ask_database_choice()`, `ask_testing_choice()` prompts. Extended `ensure_project_scaffolded()` with framework parameter. Reworked `create_new_project_flow()` to collect tech stack before scaffolding and display summary.
Frontend Tech Stack UI `ui/src/components/NewProjectModal.tsx`	Introduced two-step tech stack flow: framework selection (react_node, laravel_react, laravel_vue, laravel_livewire, laravel_api with auto-default testing) and database/testing options. Updated project creation payload to include `techStack`.
File Attachment Type System `ui/src/lib/types.ts`	Added discriminated union for attachments: `ImageAttachment` now carries `type: 'image'`; new `TextAttachment` with `type: 'text'` and decoded `textContent`. Created `FileAttachment` union. Added comprehensive tech stack type definitions (`FrameworkChoice`, `DatabaseChoice`, `TestingFramework`, `TechStackConfig`, option interfaces).
Attachment Rendering & API Integration `ui/src/components/ChatMessage.tsx`, `ui/src/components/SpecCreationChat.tsx`, `ui/src/hooks/useProjects.ts`, `ui/src/hooks/useSpecChat.ts`, `ui/src/lib/api.ts`	Updated ChatMessage to expand/collapse text attachments alongside images. Extended SpecCreationChat to accept .md/.txt files, validate MIME types, and display previews. Updated API layer and hooks to pass `techStack?: TechStackConfig` through project creation and spec chat flows.
Minor Updates `ui/src/components/ExpandProjectChat.tsx`, `ui/src/hooks/useWebSocket.ts`	Added type field to attachment objects. Increased log retention from 100 to 1000 lines.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Frontend as Frontend UI
    participant Backend as Backend API
    participant Agent as AI Agent
    participant MCPTools as Laravel Boost MCP
    participant FileSystem as Project Directory

    User->>Frontend: Start New Project
    Frontend->>Frontend: Ask framework choice
    User->>Frontend: Select Laravel
    Frontend->>Frontend: Display tech stack UI
    User->>Frontend: Select database & testing
    Frontend->>Backend: POST /projects/create with techStack
    
    Backend->>Backend: Detect framework from spec
    Backend->>Backend: Create ProjectCreate with tech_stack
    Backend->>Agent: Initialize with is_laravel=true
    
    Agent->>Agent: Load Laravel-specific templates
    Agent->>Agent: Create client with LARAVEL_BOOST_TOOLS
    Agent->>MCPTools: Initialize Laravel Boost MCP server
    
    Agent->>Backend: Call scaffold_project_prompts(framework="laravel")
    Backend->>FileSystem: Select from LARAVEL_TEMPLATES_DIR
    Backend->>Agent: Provide Laravel initializer prompt
    
    Agent->>MCPTools: Execute feature_create_bulk via MCP
    MCPTools->>FileSystem: Create features, migrations, models
    
    Agent->>Backend: Run artisan commands (migrate, etc.)
    Backend->>FileSystem: Bootstrap Laravel app
    
    Agent->>Frontend: Report project ready
    Frontend->>User: Show Laravel project initialized

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Poem

🐰 Hops of joy for Laravel's debut!
Framework flags and templates too,
Attachments dance both text and image bright,
MCP tools make Boost take flight!
From Vue to Livewire, the choice is free,
A rabbit-built system, wild and free! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 76.47% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: adding Laravel framework support, tech stack selection, and file upload enhancements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

📝 Generate docstrings

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

security.py (1)
184-233: pkill allowing php is potentially too broad (can kill non-dev PHP processes).

pkill php is a pattern match and can hit php-fpm/other PHP processes. If the intent is “only kill Laravel dev server”, consider requiring -f and matching a more specific command line (e.g., php artisan serve) for PHP-related kills, or requiring -x for exact-name matches where possible.
Proposed tightening (one possible direction)
 def validate_pkill_command(command_string: str) -> tuple[bool, str]:
@@
     allowed_process_names = {
@@
-        # PHP/Laravel dev servers
-        "php",
-        "artisan",
+        # PHP/Laravel dev servers (prefer full-cmdline match via -f)
+        # Keep "php" out of the simple-name allowlist to avoid killing unrelated php/php-fpm processes.
+        "artisan",
     }
@@
-    if target in allowed_process_names:
-        return True, ""
+    if target in allowed_process_names:
+        return True, ""
+
+    # Allow php only when using -f with an artisan command line
+    # e.g. pkill -f "php artisan serve"
+    if "php" == target and "-f" in tokens and "artisan" in command_string:
+        return True, ""
ui/src/components/ChatMessage.tsx (1)
155-206: Harden window.open + be defensive about missing textContent.

window.open(url, '_blank') should include noopener,noreferrer to avoid reverse-tabnabbing, and text attachments should render something sensible if textContent is empty/undefined.
Proposed diff
- onClick={() => window.open(attachment.previewUrl, '_blank')}
+ onClick={() => window.open(attachment.previewUrl, '_blank', 'noopener,noreferrer')}

...
- {attachment.textContent}
+ {attachment.textContent ?? '(no content)'}

🤖 Fix all issues with AI agents

In @security.py:
- Around line 35-41: ALLOWED_COMMANDS is missing "phpstan" which breaks
templates that run ./vendor/bin/phpstan analyse; update the ALLOWED_COMMANDS
list to include "phpstan" (and optionally remove unused "pest" if you confirm
tests are always run via "php artisan test"); keep the note that "artisan" in
validate_pkill_command.allowed_process_names remains correct for stopping dev
servers but does not enable "php artisan ..." usage — ensure any template that
expects direct "artisan" execution is adjusted or the template is updated to
call "php" + "artisan" appropriately.

In @ui/src/components/SpecCreationChat.tsx:
- Around line 157-170: The code in SpecCreationChat.tsx uses atob(base64Data) to
build textContent which garbles non-ASCII UTF-8 characters; replace the atob
usage in the TextAttachment creation (the textContent variable) with proper
UTF-8 decoding by converting base64Data to a Uint8Array and decoding it via new
TextDecoder('utf-8'). Ensure the updated textContent is used when constructing
the TextAttachment and then call setPendingAttachments((prev) => [...prev,
attachment]) as before.

🧹 Nitpick comments (12)

ui/src/hooks/useWebSocket.ts (1)

20-20: LGTM! Aligns with PR objectives to expand debug log retention.

The 10x increase (100→1000) in retained log lines supports richer debugging workflows introduced in this PR. The slicing logic on line 79 correctly maintains the limit.

Optional operational note: Retaining 10x more logs increases memory usage proportionally. If logs are verbose or multiple WebSocket connections are active simultaneously, monitor memory consumption in production or consider implementing log level filtering or pagination for very large log volumes.
api/database.py (1)
87-87: Good addition to prevent lock contention errors.

The 30-second timeout is appropriate and directly addresses the "database is locked" errors mentioned in the PR objectives. This gives SQLite sufficient time to acquire locks in concurrent access scenarios.

Optional enhancement: Consider enabling WAL mode for better concurrency.

For improved concurrent read/write performance, you could optionally enable SQLite's Write-Ahead Logging (WAL) mode:
♻️ Optional WAL mode enhancement
 def create_database(project_dir: Path) -> tuple:
     """
     Create database and return engine + session maker.
 
     Args:
         project_dir: Directory containing the project
 
     Returns:
         Tuple of (engine, SessionLocal)
     """
     db_url = get_database_url(project_dir)
     engine = create_engine(db_url, connect_args={"check_same_thread": False, "timeout": 30})
     Base.metadata.create_all(bind=engine)
+    
+    # Enable WAL mode for better concurrency
+    with engine.connect() as conn:
+        conn.execute(text("PRAGMA journal_mode=WAL"))
+        conn.commit()
 
     # Migrate existing databases to add in_progress column
     _migrate_add_in_progress_column(engine)
WAL mode allows concurrent readers while a writer is active, reducing lock contention beyond what the timeout alone provides.
ui/src/components/ExpandProjectChat.tsx (1)
111-127: Guard base64 parsing + prefer crypto.randomUUID() for attachment IDs.

dataUrl.split(',')[1] can be undefined (unexpected DataURL), and the current ID generation can collide in theory. Suggest a small hardening tweak.
Proposed diff
 reader.onload = (e) => {
   const dataUrl = e.target?.result as string
-  const base64Data = dataUrl.split(',')[1]
+  const base64Data = dataUrl.split(',')[1]
+  if (!base64Data) {
+    setError(`Failed to parse file data: ${file.name}`)
+    return
+  }

   const attachment: ImageAttachment = {
     type: 'image',
-    id: `${Date.now()}-${Math.random().toString(36).substring(2, 9)}`,
+    id: crypto.randomUUID(),
     filename: file.name,
     mimeType: file.type as 'image/jpeg' | 'image/png',
     base64Data,
     previewUrl: dataUrl,
     size: file.size,
   }
client.py (1)
264-274: Consider pinning the Laravel Boost MCP package version (and confirm env contract).

Playwright uses @latest; Laravel Boost currently doesn’t. If the package expects a specific version or additional args/env (beyond PROJECT_DIR), startup can break.
Possible diff (if you want parity with Playwright)
 mcp_servers["laravel-boost"] = {
   "command": "npx",
-  "args": ["@anthropic/laravel-boost"],
+  "args": ["@anthropic/laravel-boost@latest"],
   "env": {
     **os.environ,
     "PROJECT_DIR": str(project_dir.resolve()),
   },
 }
agent.py (1)
142-149: Consider explicit handling of None from framework detection.

The framework detection logic assumes that detect_framework_from_spec returns either "laravel" or "nodejs". According to the context, it can also return None when the spec file is not found. Currently, is_laravel will be False when framework is None, which effectively defaults to Node.js behavior.

If this is intentional for backward compatibility, consider adding a comment to clarify. Otherwise, you may want to log a warning when framework detection returns None.
💡 Optional enhancement to handle None explicitly
 # Detect framework from spec
 framework = detect_framework_from_spec(project_dir)
+if framework is None:
+    print("Framework: Not detected (defaulting to Node.js)")
+    is_laravel = False
+elif framework == "laravel":
-is_laravel = framework == "laravel"
-if is_laravel:
     print("Framework: Laravel (with Laravel Boost MCP)")
+    is_laravel = True
 else:
     print("Framework: Node.js")
+    is_laravel = False
 print()
.claude/templates/laravel/initializer_prompt.template.md (2)
104-127: Add language specifier to fenced code block.

The fenced code block lacks a language specifier, which can affect syntax highlighting and linting. Since this shows tool usage syntax, consider using a generic identifier.
📝 Suggested fix
-```
+```text
 Use the feature_create_bulk tool with features=[
   {
     "category": "functional",
357-359: Add language specifier to fenced code block.

Similar to the earlier block, this tool usage example should have a language specifier for consistency.
📝 Suggested fix
-```
+```text
 Use the feature_get_next tool
</details>

</blockquote></details>
<details>
<summary>server/services/spec_chat_session.py (1)</summary><blockquote>

`294-301`: **Move import to module level.**

The `import base64 as b64` inside the function is executed on every call with text attachments. While functional, this is unconventional and slightly inefficient. The module already has access to base64 functionality.



<details>
<summary>♻️ Proposed fix</summary>

Add at the top of the file (around line 9):
```python
import base64
Then update the decoding:
                 elif att.mimeType in ('text/plain', 'text/markdown'):
                     # Text file: decode and send as text content block
-                    import base64 as b64
-                    decoded_text = b64.b64decode(att.base64Data).decode('utf-8')
+                    decoded_text = base64.b64decode(att.base64Data).decode('utf-8')
                     # Format with filename header for context
.claude/templates/laravel/coding_prompt_yolo.template.md (1)
40-46: Add language specifiers to MCP tool usage blocks.

Multiple fenced code blocks showing MCP tool usage lack language specifiers. While these are minor formatting issues, adding specifiers improves consistency.
📝 Example fix for lines 40-46
-```
+```text
 # 6. Get progress statistics (passing/total counts)
 Use the feature_get_stats tool

 # 7. Get the next feature to work on
 Use the feature_get_next tool
</details>

This applies similarly to blocks at lines 74-77, 82-84, 112-114, 187-189, and 298-316.

</blockquote></details>
<details>
<summary>start.py (1)</summary><blockquote>

`487-507`: **Consider persisting tech stack choices for template customization.**

The `tech_stack` dict is built with database and testing choices but only used for display. These values could be valuable for pre-populating the app_spec.txt template or passed to the scaffolding function for automatic placeholder replacement.



This could be addressed in a follow-up PR if needed. For now, the display provides useful confirmation to users about their choices.

</blockquote></details>
<details>
<summary>ui/src/components/NewProjectModal.tsx (1)</summary><blockquote>

`31-80`: **Consider extracting constants to a shared location.**

These option constants are well-defined and correctly typed. However, since the same options may be needed in other components or for server-side validation, consider moving them to `lib/constants.ts` or colocating with the types in `lib/types.ts` to enable reuse and ensure consistency.

</blockquote></details>
<details>
<summary>server/schemas.py (1)</summary><blockquote>

`291-316`: **Minor: Error message substring check may be fragile.**

The exception handling on line 314 checks for `'not valid UTF-8'` but the actual error raised on line 312 is `'File is not valid UTF-8 text'`. This works but is fragile if error messages change.



<details>
<summary>♻️ Suggested improvement</summary>

Consider using a custom exception class or restructuring to avoid substring matching:

```diff
     @field_validator('base64Data')
     @classmethod
     def validate_base64_and_size(cls, v: str) -> str:
         """Validate that base64 data is valid UTF-8 text and within size limit."""
         try:
             decoded = base64.b64decode(v)
-            if len(decoded) > MAX_FILE_SIZE:
-                raise ValueError(
-                    f'File size ({len(decoded) / (1024 * 1024):.1f} MB) exceeds '
-                    f'maximum of {MAX_FILE_SIZE // (1024 * 1024)} MB'
-                )
-            # Validate it's valid UTF-8 text
-            decoded.decode('utf-8')
-            return v
-        except UnicodeDecodeError:
-            raise ValueError('File is not valid UTF-8 text')
-        except Exception as e:
-            if 'File size' in str(e) or 'not valid UTF-8' in str(e):
-                raise
-            raise ValueError(f'Invalid base64 data: {e}')
+        except Exception as e:
+            raise ValueError(f'Invalid base64 data: {e}')
+        
+        if len(decoded) > MAX_FILE_SIZE:
+            raise ValueError(
+                f'File size ({len(decoded) / (1024 * 1024):.1f} MB) exceeds '
+                f'maximum of {MAX_FILE_SIZE // (1024 * 1024)} MB'
+            )
+        
+        try:
+            decoded.decode('utf-8')
+        except UnicodeDecodeError:
+            raise ValueError('File is not valid UTF-8 text')
+        
+        return v

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 334b655 and e9c3e4e.

📒 Files selected for processing (23)

.claude/templates/laravel/app_spec.template.txt
.claude/templates/laravel/coding_prompt.template.md
.claude/templates/laravel/coding_prompt_yolo.template.md
.claude/templates/laravel/initializer_prompt.template.md
agent.py
api/database.py
client.py
prompts.py
security.py
server/routers/projects.py
server/routers/spec_creation.py
server/schemas.py
server/services/spec_chat_session.py
start.py
ui/src/components/ChatMessage.tsx
ui/src/components/ExpandProjectChat.tsx
ui/src/components/NewProjectModal.tsx
ui/src/components/SpecCreationChat.tsx
ui/src/hooks/useProjects.ts
ui/src/hooks/useSpecChat.ts
ui/src/hooks/useWebSocket.ts
ui/src/lib/api.ts
ui/src/lib/types.ts

🧰 Additional context used

📓 Path-based instructions (7)

ui/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

ui/src/**/*.{ts,tsx}: Use TypeScript for React components in the UI (React 18 with TypeScript)
Use React Query (TanStack Query) for API calls and data fetching in the UI
Use Radix UI for component primitives in the React UI
Run ESLint to lint React UI code

Files:

ui/src/hooks/useWebSocket.ts
ui/src/components/ChatMessage.tsx
ui/src/lib/types.ts
ui/src/components/ExpandProjectChat.tsx
ui/src/hooks/useProjects.ts
ui/src/components/NewProjectModal.tsx
ui/src/lib/api.ts
ui/src/hooks/useSpecChat.ts
ui/src/components/SpecCreationChat.tsx

.claude/templates/**/*.template.md

📄 CodeRabbit inference engine (CLAUDE.md)

Prompt templates should follow a fallback chain: project-specific in {project_dir}/prompts/{name}.md, then base template in .claude/templates/{name}.template.md

Files:

.claude/templates/laravel/coding_prompt.template.md
.claude/templates/laravel/initializer_prompt.template.md
.claude/templates/laravel/coding_prompt_yolo.template.md

*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Python backend should use the ClaudeSDKClient configuration in client.py with security hooks and MCP servers

Files:

prompts.py
start.py
security.py
agent.py
client.py

**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Use SQLite with SQLAlchemy ORM for database access and feature management

Files:

prompts.py
start.py
server/routers/spec_creation.py
server/services/spec_chat_session.py
server/schemas.py
api/database.py
security.py
server/routers/projects.py
agent.py
client.py

server/routers/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Use FastAPI for REST API endpoints in the server/routers/ directory

Files:

server/routers/spec_creation.py
server/routers/projects.py

security.py

📄 CodeRabbit inference engine (CLAUDE.md)

Implement bash command validation using the ALLOWED_COMMANDS whitelist in security.py

Files:

security.py

agent.py

📄 CodeRabbit inference engine (CLAUDE.md)

Agent sessions should auto-continue with a 3-second delay between sessions

Files:

agent.py

🧠 Learnings (8)