Add repository protection checks to prevent syncing with CCPM template repository

.claude/commands/pm/epic-sync.md

@@ -25,6 +25,34 @@ If no tasks found: "❌ No tasks to sync. Run: /pm:epic-decompose $ARGUMENTS"
 
 ## Instructions
 
+### 0. Check Remote Repository
+
+Follow `/rules/github-operations.md` to ensure we're not syncing to the CCPM template:
+
+```bash
+# Check if remote origin is the CCPM template repository
+remote_url=$(git remote get-url origin 2>/dev/null || echo "")
+if [[ "$remote_url" == *"automazeio/ccpm"* ]] || [[ "$remote_url" == *"automazeio/ccpm.git"* ]]; then
+  echo "❌ ERROR: You're trying to sync with the CCPM template repository!"
+  echo ""
+  echo "This repository (automazeio/ccpm) is a template for others to use."
+  echo "You should NOT create issues or PRs here."
+  echo ""
+  echo "To fix this:"
+  echo "1. Fork this repository to your own GitHub account"
+  echo "2. Update your remote origin:"
+  echo "   git remote set-url origin https://github.com/YOUR_USERNAME/YOUR_REPO.git"
+  echo ""
+  echo "Or if this is a new project:"
+  echo "1. Create a new repository on GitHub"
+  echo "2. Update your remote origin:"
+  echo "   git remote set-url origin https://github.com/YOUR_USERNAME/YOUR_REPO.git"
+  echo ""
+  echo "Current remote: $remote_url"
+  exit 1
+fi
+```
+
 ### 1. Create Epic Issue
 
 Strip frontmatter and prepare GitHub issue body:
@@ -34,11 +62,11 @@ sed '1,/^---$/d; 1,/^---$/d' .claude/epics/$ARGUMENTS/epic.md > /tmp/epic-body-r
 
 # Remove "## Tasks Created" section and replace with Stats
 awk '
-  /^## Tasks Created/ { 
+  /^## Tasks Created/ {
     in_tasks=1
     next
   }
-  /^## / && in_tasks { 
+  /^## / && in_tasks {
     in_tasks=0
     # When we hit the next section after Tasks Created, add Stats
     if (total_tasks) {
@@ -53,10 +81,10 @@ awk '
   /^Total tasks:/ && in_tasks { total_tasks = $3; next }
   /^Parallel tasks:/ && in_tasks { parallel_tasks = $3; next }
   /^Sequential tasks:/ && in_tasks { sequential_tasks = $3; next }
-  /^Estimated total effort:/ && in_tasks { 
+  /^Estimated total effort:/ && in_tasks {
     gsub(/^Estimated total effort: /, "")
     total_effort = $0
-    next 
+    next
   }
   !in_tasks { print }
   END {
@@ -112,13 +140,13 @@ if [ "$task_count" -lt 5 ]; then
   # Create sequentially for small batches
   for task_file in .claude/epics/$ARGUMENTS/[0-9][0-9][0-9].md; do
     [ -f "$task_file" ] || continue
-    
+
     # Extract task name from frontmatter
     task_name=$(grep '^name:' "$task_file" | sed 's/^name: *//')
-    
+
     # Strip frontmatter from task content
     sed '1,/^---$/d; 1,/^---$/d' "$task_file" > /tmp/task-body.md
-    
+
     # Create sub-issue with labels
     if [ "$use_subissues" = true ]; then
       task_number=$(gh sub-issue create \
@@ -134,11 +162,11 @@ if [ "$task_count" -lt 5 ]; then
         --label "task,epic:$ARGUMENTS" \
         --json number -q .number)
     fi
-    
+
     # Record mapping for renaming
     echo "$task_file:$task_number" >> /tmp/task-mapping.txt
   done
-  
+
   # After creating all issues, update references and rename files
   # This follows the same process as step 3 below
 fi
@@ -149,14 +177,14 @@ fi
 ```bash
 if [ "$task_count" -ge 5 ]; then
   echo "Creating $task_count sub-issues in parallel..."
-  
+
   # Check if gh-sub-issue is available for parallel agents
   if gh extension list | grep -q "yahsan2/gh-sub-issue"; then
     subissue_cmd="gh sub-issue create --parent $epic_number"
   else
     subissue_cmd="gh issue create"
   fi
-  
+
   # Batch tasks for parallel processing
   # Spawn agents to create sub-issues in parallel with proper labels
   # Each agent must use: --label "task,epic:$ARGUMENTS"
@@ -171,24 +199,24 @@ Task:
   prompt: |
     Create GitHub sub-issues for tasks in epic $ARGUMENTS
     Parent epic issue: #$epic_number
-    
+
     Tasks to process:
     - {list of 3-4 task files}
-    
+
     For each task file:
     1. Extract task name from frontmatter
     2. Strip frontmatter using: sed '1,/^---$/d; 1,/^---$/d'
     3. Create sub-issue using:
-       - If gh-sub-issue available: 
+       - If gh-sub-issue available:
          gh sub-issue create --parent $epic_number --title "$task_name" \
            --body-file /tmp/task-body.md --label "task,epic:$ARGUMENTS"
-       - Otherwise: 
+       - Otherwise:
          gh issue create --title "$task_name" --body-file /tmp/task-body.md \
            --label "task,epic:$ARGUMENTS"
     4. Record: task_file:issue_number
-    
+
     IMPORTANT: Always include --label parameter with "task,epic:$ARGUMENTS"
-    
+
     Return mapping of files to issue numbers.
 ```
 
@@ -221,30 +249,30 @@ Then rename files and update all references:
 # Process each task file
 while IFS=: read -r task_file task_number; do
   new_name="$(dirname "$task_file")/${task_number}.md"
-  
+
   # Read the file content
   content=$(cat "$task_file")
-  
+
   # Update depends_on and conflicts_with references
   while IFS=: read -r old_num new_num; do
     # Update arrays like [001, 002] to use new issue numbers
     content=$(echo "$content" | sed "s/\b$old_num\b/$new_num/g")
   done < /tmp/id-mapping.txt
-  
+
   # Write updated content to new file
   echo "$content" > "$new_name"
-  
+
   # Remove old file if different from new
   [ "$task_file" != "$new_name" ] && rm "$task_file"
-  
+
   # Update github field in frontmatter
   # Add the GitHub URL to the frontmatter
   repo=$(gh repo view --json nameWithOwner -q .nameWithOwner)
   github_url="https://github.com/$repo/issues/$task_number"
-  
+
   # Update frontmatter with GitHub URL and current timestamp
   current_date=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-  
+
   # Use sed to update the github and updated fields
   sed -i.bak "/^github:/c\github: $github_url" "$new_name"
   sed -i.bak "/^updated:/c\updated: $current_date" "$new_name"
@@ -260,16 +288,16 @@ If NOT using gh-sub-issue, add task list to epic:
 if [ "$use_subissues" = false ]; then
   # Get current epic body
   gh issue view {epic_number} --json body -q .body > /tmp/epic-body.md
-  
+
   # Append task list
   cat >> /tmp/epic-body.md << 'EOF'
-  
+
   ## Tasks
   - [ ] #{task1_number} {task1_name}
   - [ ] #{task2_number} {task2_name}
   - [ ] #{task3_number} {task3_name}
   EOF
-  
+
   # Update epic issue
   gh issue edit {epic_number} --body-file /tmp/epic-body.md
 fi
@@ -304,16 +332,16 @@ EOF
 # Add each task with its real issue number
 for task_file in .claude/epics/$ARGUMENTS/[0-9]*.md; do
   [ -f "$task_file" ] || continue
-  
+
   # Get issue number (filename without .md)
   issue_num=$(basename "$task_file" .md)
-  
+
   # Get task name from frontmatter
   task_name=$(grep '^name:' "$task_file" | sed 's/^name: *//')
-  
+
   # Get parallel status
   parallel=$(grep '^parallel:' "$task_file" | sed 's/^parallel: *//')
-  
+
   # Add to tasks section
   echo "- [ ] #${issue_num} - ${task_name} (parallel: ${parallel})" >> /tmp/tasks-section.md
 done
@@ -336,7 +364,7 @@ cp .claude/epics/$ARGUMENTS/epic.md .claude/epics/$ARGUMENTS/epic.md.backup
 
 # Use awk to replace the section
 awk '
-  /^## Tasks Created/ { 
+  /^## Tasks Created/ {
     skip=1
     while ((getline line < "/tmp/tasks-section.md") > 0) print line
     close("/tmp/tasks-section.md")
@@ -366,10 +394,10 @@ EOF
 # Add each task mapping
 for task_file in .claude/epics/$ARGUMENTS/[0-9]*.md; do
   [ -f "$task_file" ] || continue
-  
+
   issue_num=$(basename "$task_file" .md)
   task_name=$(grep '^name:' "$task_file" | sed 's/^name: *//')
-  
+
   echo "- #${issue_num}: ${task_name} - https://github.com/${repo}/issues/${issue_num}" >> .claude/epics/$ARGUMENTS/github-mapping.md
 done
 
@@ -424,4 +452,4 @@ If any issue creation fails:
 - Trust GitHub CLI authentication
 - Don't pre-check for duplicates
 - Update frontmatter only after successful creation
-- Keep operations simple and atomic
+- Keep operations simple and atomic

.claude/commands/pm/issue-sync.md

@@ -21,6 +21,17 @@ Push local updates as GitHub issue comments for transparent audit trail.
 Before proceeding, complete these validation steps.
 Do not bother the user with preflight checks progress ("I'm not going to ..."). Just do them and move on.
 
+0. **Repository Protection Check:**
+   Follow `/rules/github-operations.md` - check remote origin:
+   ```bash
+   remote_url=$(git remote get-url origin 2>/dev/null || echo "")
+   if [[ "$remote_url" == *"automazeio/ccpm"* ]]; then
+     echo "❌ ERROR: Cannot sync to CCPM template repository!"
+     echo "Update your remote: git remote set-url origin https://github.com/YOUR_USERNAME/YOUR_REPO.git"
+     exit 1
+   fi
+   ```
+
 1. **GitHub Authentication:**
    - Run: `gh auth status`
    - If not authenticated, tell user: "❌ GitHub CLI not authenticated. Run: gh auth login"

.claude/rules/github-operations.md

@@ -2,6 +2,41 @@
 
 Standard patterns for GitHub CLI operations across all commands.
 
+## CRITICAL: Repository Protection
+
+**Before ANY GitHub operation that creates/modifies issues or PRs:**
+
+```bash
+# Check if remote origin is the CCPM template repository
+remote_url=$(git remote get-url origin 2>/dev/null || echo "")
+if [[ "$remote_url" == *"automazeio/ccpm"* ]] || [[ "$remote_url" == *"automazeio/ccpm.git"* ]]; then
+  echo "❌ ERROR: You're trying to sync with the CCPM template repository!"
+  echo ""
+  echo "This repository (automazeio/ccpm) is a template for others to use."
+  echo "You should NOT create issues or PRs here."
+  echo ""
+  echo "To fix this:"
+  echo "1. Fork this repository to your own GitHub account"
+  echo "2. Update your remote origin:"
+  echo "   git remote set-url origin https://github.com/YOUR_USERNAME/YOUR_REPO.git"
+  echo ""
+  echo "Or if this is a new project:"
+  echo "1. Create a new repository on GitHub"
+  echo "2. Update your remote origin:"
+  echo "   git remote set-url origin https://github.com/YOUR_USERNAME/YOUR_REPO.git"
+  echo ""
+  echo "Current remote: $remote_url"
+  exit 1
+fi
+```
+
+This check MUST be performed in ALL commands that:
+- Create issues (`gh issue create`)
+- Edit issues (`gh issue edit`)
+- Comment on issues (`gh issue comment`)
+- Create PRs (`gh pr create`)
+- Any other operation that modifies the GitHub repository
+
 ## Authentication
 
 **Don't pre-check authentication.** Just run the command and handle failure:
@@ -19,16 +54,19 @@ gh issue view {number} --json state,title,labels,body
 
 ### Create Issue
 ```bash
+# ALWAYS check remote origin first!
 gh issue create --title "{title}" --body-file {file} --label "{labels}"
 ```
 
 ### Update Issue
 ```bash
+# ALWAYS check remote origin first!
 gh issue edit {number} --add-label "{label}" --add-assignee @me
 ```
 
 ### Add Comment
 ```bash
+# ALWAYS check remote origin first!
 gh issue comment {number} --body-file {file}
 ```
 
@@ -41,7 +79,8 @@ If any gh command fails:
 
 ## Important Notes
 
+- **ALWAYS** check remote origin before ANY write operation to GitHub
 - Trust that gh CLI is installed and authenticated
 - Use --json for structured output when parsing
 - Keep operations atomic - one gh command per action
-- Don't check rate limits preemptively
+- Don't check rate limits preemptively

.claude/scripts/pm/init.sh

@@ -92,6 +92,19 @@ if git rev-parse --git-dir > /dev/null 2>&1; then
   if git remote -v | grep -q origin; then
     remote_url=$(git remote get-url origin)
     echo "  ✅ Remote configured: $remote_url"
+    
+    # Check if remote is the CCPM template repository
+    if [[ "$remote_url" == *"automazeio/ccpm"* ]] || [[ "$remote_url" == *"automazeio/ccpm.git"* ]]; then
+      echo ""
+      echo "  ⚠️ WARNING: Your remote origin points to the CCPM template repository!"
+      echo "  This means any issues you create will go to the template repo, not your project."
+      echo ""
+      echo "  To fix this:"
+      echo "  1. Fork the repository or create your own on GitHub"
+      echo "  2. Update your remote:"
+      echo "     git remote set-url origin https://github.com/YOUR_USERNAME/YOUR_REPO.git"
+      echo ""
+    fi
   else
     echo "  ⚠️ No remote configured"
     echo "  Add with: git remote add origin <url>"