feat: Migrate from agent markdown files to Skills, Rules, and Sub-Agents

Replace the manual "read .claude/agents/*.md" workflow with native
Claude Code features for a more efficient, scalable development experience:

- **Skills** (.claude/skills/): 7 auto-discovered slash commands
  (/requirements, /architecture, /frontend, /backend, /qa, /deploy, /help)
  with forked sub-agents for heavy tasks and inline execution for interactive ones
- **Rules** (.claude/rules/): 4 modular rule files (general, frontend, backend,
  security) auto-applied based on file context
- **Sub-Agents** (.claude/agents/): Lightweight configs for frontend-dev,
  backend-dev, and qa-engineer with model, tool, and turn limit settings
- **Context Engineering**: Layered context loading, context isolation via
  forked skills, built-in context recovery after compaction, and
  "always read, never guess" rules to prevent hallucinated code references
- **CLAUDE.md**: Auto-loaded project context replacing PROJECT_CONTEXT.md
- **Feature tracking**: features/INDEX.md as persistent state across sessions
- **Production guides**: docs/production/ for error tracking, security,
  performance, database optimization, and rate limiting
- **Init Mode**: /requirements detects empty PRD and bootstraps full project
  setup (PRD + all feature specs) from a single project description

Removed: 6 monolithic agent files, PROJECT_CONTEXT.md, HOW_TO_USE_AGENTS.md,
TEMPLATE_CHANGELOG.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/production/rate-limiting.md

@@ -0,0 +1,101 @@
+# Rate Limiting
+
+Prevent abuse, DDoS attacks, and excessive API usage.
+
+## When to Add Rate Limiting
+- **MVP:** Optional (focus on features first)
+- **Production with users:** Recommended on auth endpoints and public APIs
+- **Public-facing APIs:** Required
+
+## Setup with Upstash Redis
+
+### 1. Install Dependencies
+```bash
+npm install @upstash/ratelimit @upstash/redis
+```
+
+### 2. Create Upstash Account
+- Go to [upstash.com](https://upstash.com) (free tier: 10k requests/day)
+- Create a Redis database
+- Copy REST URL and token
+
+### 3. Add Environment Variables
+```bash
+# .env.local
+UPSTASH_REDIS_REST_URL=https://xxx.upstash.io
+UPSTASH_REDIS_REST_TOKEN=xxx
+```
+
+### 4. Create Rate Limiter
+```typescript
+// src/lib/rate-limit.ts
+import { Ratelimit } from '@upstash/ratelimit'
+import { Redis } from '@upstash/redis'
+
+export const ratelimit = new Ratelimit({
+  redis: Redis.fromEnv(),
+  limiter: Ratelimit.slidingWindow(10, '10 s'), // 10 requests per 10 seconds
+})
+```
+
+### 5. Use in API Routes
+```typescript
+// src/app/api/example/route.ts
+import { ratelimit } from '@/lib/rate-limit'
+import { NextRequest, NextResponse } from 'next/server'
+
+export async function POST(request: NextRequest) {
+  const ip = request.headers.get('x-forwarded-for') ?? 'anonymous'
+  const { success, limit, remaining } = await ratelimit.limit(ip)
+
+  if (!success) {
+    return NextResponse.json(
+      { error: 'Too many requests' },
+      {
+        status: 429,
+        headers: {
+          'X-RateLimit-Limit': limit.toString(),
+          'X-RateLimit-Remaining': remaining.toString(),
+        },
+      }
+    )
+  }
+
+  // Process request normally...
+}
+```
+
+### 6. Use in Middleware (Global)
+```typescript
+// middleware.ts
+import { ratelimit } from '@/lib/rate-limit'
+import { NextRequest, NextResponse } from 'next/server'
+
+export async function middleware(request: NextRequest) {
+  // Only rate limit API routes
+  if (request.nextUrl.pathname.startsWith('/api/')) {
+    const ip = request.headers.get('x-forwarded-for') ?? 'anonymous'
+    const { success } = await ratelimit.limit(ip)
+
+    if (!success) {
+      return NextResponse.json({ error: 'Too Many Requests' }, { status: 429 })
+    }
+  }
+}
+
+export const config = {
+  matcher: '/api/:path*',
+}
+```
+
+## Recommended Limits
+
+| Endpoint Type | Limit | Window |
+|--------------|-------|--------|
+| Login/Register | 5 requests | 1 minute |
+| Password Reset | 3 requests | 5 minutes |
+| General API | 30 requests | 10 seconds |
+| File Upload | 5 requests | 1 minute |
+
+## Alternative
+**Vercel Edge Config** - Simpler but less flexible. Built into Vercel, no external service needed.