Add guardrails: CLAUDE.md rules, hooks, pre-commit validation (#33)

* feat: add gptme agent to spawn matrix

Add gptme (https://github.com/gptme/gptme) - a personal AI agent in the
terminal with tools for code editing, terminal commands, web browsing,
and more. Natively supports OpenRouter via OPENROUTER_API_KEY.

- Add gptme agent entry to manifest.json with OpenRouter env vars
- Implement sprite/gptme.sh deployment script
- Implement hetzner/gptme.sh deployment script
- Add "missing" matrix entries for remaining 8 clouds
- Update README.md with usage instructions for Sprite and Hetzner

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: add Fly.io cloud provider with claude and aider agents

Add Fly.io as a new cloud provider using the Machines REST API for
provisioning and flyctl CLI for SSH access. Docker-based machines
with pay-per-second pricing.

- Create fly/lib/common.sh with Fly.io Machines API integration
- Implement fly/claude.sh for Claude Code deployment
- Implement fly/aider.sh for Aider deployment
- Update README.md with Fly.io usage instructions and env vars

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: add gemini, amazonq, cline, gptme to Fly.io

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: add openclaw, nanoclaw, goose, codex, interpreter to Fly.io

Implements 5 new agent scripts for the Fly.io cloud provider:
- fly/openclaw.sh: OpenClaw with gateway + TUI, model selection, config
- fly/nanoclaw.sh: NanoClaw WhatsApp agent with .env configuration
- fly/goose.sh: Block's Goose agent with OpenRouter provider
- fly/codex.sh: OpenAI Codex CLI with OpenRouter base URL override
- fly/interpreter.sh: Open Interpreter with OpenRouter base URL override

All scripts follow the Fly.io pattern (flyctl-based, no IP args for
run_server/interactive_session) and use upload_file for env injection.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: add gptme agent to 8 remaining clouds

Implement gptme agent scripts for digitalocean, vultr, linode, lambda,
aws-lightsail, gcp, e2b, and modal. Each script follows the exact
pattern of that cloud's existing aider.sh, adapted for gptme's install
and launch commands. Updates manifest.json matrix entries from "missing"
to "implemented".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add guardrails from insights: CLAUDE.md rules, hooks, pre-commit

Based on usage insights analysis:

CLAUDE.md:
- Shell script rules: curl|bash compat, macOS bash 3.x compat
- Autonomous loop rules: test after each iteration, never revert fixes
- Git workflow rules: always use feature branches

.claude/settings.json:
- PostToolUse hook validates .sh files on every Write/Edit:
  syntax check, no relative source, no echo -e, no set -u

.githooks/pre-commit:
- Blocks commits with: syntax errors, relative sources, echo -e,
  set -euo, references to deleted functions
- Install: git config core.hooksPath .githooks

README.md:
- Added developer setup section with hook installation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Sprite <noreply@sprite.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

manifest.json

@@ -161,6 +161,23 @@
         "OPENROUTER_API_KEY": "${OPENROUTER_API_KEY}"
       },
       "notes": "Works with OpenRouter via OPENAI_BASE_URL override"
+    },
+    "gptme": {
+      "name": "gptme",
+      "description": "Personal AI agent in the terminal with tools for code, terminal, browser, and more",
+      "url": "https://github.com/gptme/gptme",
+      "install": "pip install gptme",
+      "launch": "gptme -m openrouter/${MODEL_ID}",
+      "env": {
+        "OPENROUTER_API_KEY": "${OPENROUTER_API_KEY}"
+      },
+      "interactive_prompts": {
+        "model_id": {
+          "prompt": "Enter model ID",
+          "default": "openrouter/auto"
+        }
+      },
+      "notes": "Natively supports OpenRouter via OPENROUTER_API_KEY and -m openrouter/... flag"
     }
   },
   "clouds": {
@@ -308,6 +325,23 @@
         "image": "debian_slim"
       },
       "notes": "No SSH — uses Modal Python SDK for exec. Sub-second cold starts. Requires pip install modal."
+    },
+    "fly": {
+      "name": "Fly.io",
+      "description": "Fly.io Machines via REST API and flyctl CLI",
+      "url": "https://fly.io",
+      "type": "api+cli",
+      "auth": "FLY_API_TOKEN",
+      "provision_method": "POST /v1/apps + POST /v1/apps/{app}/machines",
+      "exec_method": "fly ssh console -C",
+      "interactive_method": "fly ssh console",
+      "defaults": {
+        "region": "iad",
+        "vm_size": "shared-cpu-1x",
+        "vm_memory": 1024,
+        "image": "ubuntu:24.04"
+      },
+      "notes": "Uses Machines API for provisioning and flyctl SSH for exec. Docker-based, pay-per-second pricing. Requires flyctl CLI."
     }
   },
   "matrix": {
@@ -410,6 +444,27 @@
     "modal/interpreter": "implemented",
     "modal/gemini": "implemented",
     "modal/amazonq": "implemented",
-    "modal/cline": "implemented"
+    "modal/cline": "implemented",
+    "sprite/gptme": "implemented",
+    "hetzner/gptme": "implemented",
+    "digitalocean/gptme": "implemented",
+    "vultr/gptme": "implemented",
+    "linode/gptme": "implemented",
+    "lambda/gptme": "implemented",
+    "aws-lightsail/gptme": "implemented",
+    "gcp/gptme": "implemented",
+    "e2b/gptme": "implemented",
+    "modal/gptme": "implemented",
+    "fly/claude": "implemented",
+    "fly/aider": "implemented",
+    "fly/openclaw": "implemented",
+    "fly/nanoclaw": "implemented",
+    "fly/goose": "implemented",
+    "fly/codex": "implemented",
+    "fly/interpreter": "implemented",
+    "fly/gemini": "implemented",
+    "fly/amazonq": "implemented",
+    "fly/cline": "implemented",
+    "fly/gptme": "implemented"
   }
 }