Add claude config

.claude/skills/verification-loop/SKILL.md

@@ -0,0 +1,242 @@
+# Verification Loop Skill
+
+Comprehensive verification system for Python/FastAPI development.
+
+## When to Use
+
+Invoke this skill:
+- After completing a feature or significant code change
+- Before creating a PR
+- When you want to ensure quality gates pass
+- After refactoring
+- Before deployment
+
+## Verification Phases
+
+### Phase 1: Type Check
+```bash
+# Run mypy type checker
+mypy src/ --ignore-missing-imports 2>&1 | head -30
+```
+
+Report all type errors. Fix critical ones before continuing.
+
+### Phase 2: Lint Check
+```bash
+# Run ruff linter
+ruff check src/ 2>&1 | head -30
+
+# Auto-fix if desired
+ruff check src/ --fix
+```
+
+Check for:
+- Unused imports
+- Code style violations
+- Common Python anti-patterns
+
+### Phase 3: Test Suite
+```bash
+# Run tests with coverage
+pytest --cov=src --cov-report=term-missing -q 2>&1 | tail -50
+
+# Run specific test file
+pytest tests/test_ocr/test_machine_code_parser.py -v
+
+# Run with short traceback
+pytest -x --tb=short
+```
+
+Report:
+- Total tests: X
+- Passed: X
+- Failed: X
+- Coverage: X%
+- Target: 80% minimum
+
+### Phase 4: Security Scan
+```bash
+# Check for hardcoded secrets
+grep -rn "password\s*=" --include="*.py" src/ 2>/dev/null | grep -v "db_password:" | head -10
+grep -rn "api_key\s*=" --include="*.py" src/ 2>/dev/null | head -10
+grep -rn "sk-" --include="*.py" src/ 2>/dev/null | head -10
+
+# Check for print statements (should use logging)
+grep -rn "print(" --include="*.py" src/ 2>/dev/null | head -10
+
+# Check for bare except
+grep -rn "except:" --include="*.py" src/ 2>/dev/null | head -10
+
+# Check for SQL injection risks (f-strings in execute)
+grep -rn 'execute(f"' --include="*.py" src/ 2>/dev/null | head -10
+grep -rn "execute(f'" --include="*.py" src/ 2>/dev/null | head -10
+```
+
+### Phase 5: Import Check
+```bash
+# Verify all imports work
+python -c "from src.web.app import app; print('Web app OK')"
+python -c "from src.inference.pipeline import InferencePipeline; print('Pipeline OK')"
+python -c "from src.ocr.machine_code_parser import parse_payment_line; print('Parser OK')"
+```
+
+### Phase 6: Diff Review
+```bash
+# Show what changed
+git diff --stat
+git diff HEAD --name-only
+
+# Show staged changes
+git diff --staged --stat
+```
+
+Review each changed file for:
+- Unintended changes
+- Missing error handling
+- Potential edge cases
+- Missing type hints
+- Mutable default arguments
+
+### Phase 7: API Smoke Test (if server running)
+```bash
+# Health check
+curl -s http://localhost:8000/api/v1/health | python -m json.tool
+
+# Verify response format
+curl -s http://localhost:8000/api/v1/health | grep -q "healthy" && echo "Health: OK" || echo "Health: FAIL"
+```
+
+## Output Format
+
+After running all phases, produce a verification report:
+
+```
+VERIFICATION REPORT
+==================
+
+Types:     [PASS/FAIL] (X errors)
+Lint:      [PASS/FAIL] (X warnings)
+Tests:     [PASS/FAIL] (X/Y passed, Z% coverage)
+Security:  [PASS/FAIL] (X issues)
+Imports:   [PASS/FAIL]
+Diff:      [X files changed]
+
+Overall:   [READY/NOT READY] for PR
+
+Issues to Fix:
+1. ...
+2. ...
+```
+
+## Quick Commands
+
+```bash
+# Full verification (WSL)
+wsl bash -c "source ~/miniconda3/etc/profile.d/conda.sh && conda activate invoice-py311 && cd /mnt/c/Users/yaoji/git/ColaCoder/invoice-master-poc-v2 && mypy src/ --ignore-missing-imports && ruff check src/ && pytest -x --tb=short"
+
+# Type check only
+wsl bash -c "source ~/miniconda3/etc/profile.d/conda.sh && conda activate invoice-py311 && cd /mnt/c/Users/yaoji/git/ColaCoder/invoice-master-poc-v2 && mypy src/ --ignore-missing-imports"
+
+# Tests only
+wsl bash -c "source ~/miniconda3/etc/profile.d/conda.sh && conda activate invoice-py311 && cd /mnt/c/Users/yaoji/git/ColaCoder/invoice-master-poc-v2 && pytest --cov=src -q"
+```
+
+## Verification Checklist
+
+### Before Commit
+- [ ] mypy passes (no type errors)
+- [ ] ruff check passes (no lint errors)
+- [ ] All tests pass
+- [ ] No print() statements in production code
+- [ ] No hardcoded secrets
+- [ ] No bare `except:` clauses
+- [ ] No SQL injection risks (f-strings in queries)
+- [ ] Coverage >= 80% for changed code
+
+### Before PR
+- [ ] All above checks pass
+- [ ] git diff reviewed for unintended changes
+- [ ] New code has tests
+- [ ] Type hints on all public functions
+- [ ] Docstrings on public APIs
+- [ ] No TODO/FIXME for critical items
+
+### Before Deployment
+- [ ] All above checks pass
+- [ ] E2E tests pass
+- [ ] Health check returns healthy
+- [ ] Model loaded successfully
+- [ ] No server errors in logs
+
+## Common Issues and Fixes
+
+### Type Error: Missing return type
+```python
+# Before
+def process(data):
+    return result
+
+# After
+def process(data: dict) -> InferenceResult:
+    return result
+```
+
+### Lint Error: Unused import
+```python
+# Remove unused imports or add to __all__
+```
+
+### Security: print() in production
+```python
+# Before
+print(f"Processing {doc_id}")
+
+# After
+logger.info(f"Processing {doc_id}")
+```
+
+### Security: Bare except
+```python
+# Before
+except:
+    pass
+
+# After
+except Exception as e:
+    logger.error(f"Error: {e}")
+    raise
+```
+
+### Security: SQL injection
+```python
+# Before (DANGEROUS)
+cur.execute(f"SELECT * FROM docs WHERE id = '{user_input}'")
+
+# After (SAFE)
+cur.execute("SELECT * FROM docs WHERE id = %s", (user_input,))
+```
+
+## Continuous Mode
+
+For long sessions, run verification after major changes:
+
+```markdown
+Checkpoints:
+- After completing each function
+- After finishing a module
+- Before moving to next task
+- Every 15-20 minutes of coding
+
+Run: /verify
+```
+
+## Integration with Other Skills
+
+| Skill | Purpose |
+|-------|---------|
+| code-review | Detailed code analysis |
+| security-review | Deep security audit |
+| tdd-workflow | Test coverage |
+| build-fix | Fix errors incrementally |
+
+This skill provides quick, comprehensive verification. Use specialized skills for deeper analysis.