docs: Add Architecture Deep Dive guide

[stranma]

Summary

• Adds docs/ARCHITECTURE_GUIDE.md (698 lines): a comprehensive onboarding guide that explains why each template component exists, what it does under the hood, and what breaks if you remove or modify it. Covers all security hooks, productivity hooks, agents, skills, commands, rules, configuration files, devcontainer layers (firewall, tiers, policy blocker), and CI/CD workflows. Includes a defense-in-depth system architecture diagram, workflow lifecycle visualization, and a practical Customization Guide (Safe to Remove / Safe to Modify / Risky to Remove).
• Links the new guide from README.md (new "Understanding the Template" section) and docs/GETTING_STARTED.md (Next Steps).
• Logs design decisions in docs/DECISIONS.md (single-document format, 4-question structure, collapsible sections, cross-referencing over duplication).
• Adds changelog entry in docs/CHANGELOG.md.

Test plan

• Verify docs/ARCHITECTURE_GUIDE.md renders correctly on GitHub (ASCII diagrams, collapsible <details> sections, Markdown tables)
• Verify all internal cross-reference links resolve: Getting Started, Development Process, Devcontainer Permissions, Agent Reference anchor
• Verify README.md link to docs/ARCHITECTURE_GUIDE.md works from the repo root
• Verify GETTING_STARTED.md link to ARCHITECTURE_GUIDE.md works from within docs/
• Spot-check technical accuracy: compare hook descriptions against actual hook scripts (e.g., dangerous-actions-blocker.sh pattern counts, init-firewall.sh whitelisted domains)
• Confirm no existing docs were broken by the additions (CHANGELOG.md entry ordering, DECISIONS.md chronological order)

Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Added an Architecture Deep Dive guide covering system design, security layers, devcontainer tiers, agents/workflows, hooks/plugins, CI/CD, and customization guidance.
  • Updated changelog, decisions log, getting-started content, and README with references and summary guidance on component purposes and safe modification/removal.

[coderabbitai]

Warning

Rate limit exceeded

@stranma has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 3 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c04c8100-88c7-4410-a293-49b68bce612a

📥 Commits

Reviewing files that changed from the base of the PR and between 864c4f6 and 53ef788.

📒 Files selected for processing (1)

• docs/ARCHITECTURE_GUIDE.md

📝 Walkthrough

Walkthrough

Adds a new Architecture Deep Dive document and updates README, CHANGELOG, DECISIONS, and GETTING_STARTED to reference and summarize the new guide; no code or runtime behavior changes.

Changes

Cohort / File(s)	Summary
Architecture Deep Dive docs/ARCHITECTURE_GUIDE.md	New comprehensive architecture and security guide (detailed system, devcontainer tiers, hooks, agents, rules, CI/CD, and customization guidance).
Documentation References & Indexes README.md, docs/CHANGELOG.md, docs/DECISIONS.md, docs/GETTING_STARTED.md	Added references and brief entries pointing to the new Architecture Deep Dive; small README insertion duplicated the subsection link.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• docs: Rewrite README for community adoption #21: Overlapping changes to README and getting-started content that add or expand architecture/devcontainer documentation.
• refactor: Trim CLAUDE.md to essential non-discoverable constraints #14: Related updates to docs/DECISIONS.md and repository decision records about architecture guidance.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'docs: Add Architecture Deep Dive guide' accurately describes the main change: adding a comprehensive architecture documentation guide (ARCHITECTURE_GUIDE.md) and related links.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/architecture-guide

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/ARCHITECTURE_GUIDE.md`:
- Around line 13-44: The fenced code blocks containing the ASCII diagrams and
config snippets should include a language specifier so markdownlint MD040 is
satisfied; update each bare triple-backtick block that wraps the Devcontainer
diagram (the block starting with
"+-----------------------------------------------------------------------+"),
the workflow diagram (the block containing "/sync           /design         
write code"), and the devcontainer.json example (the block that begins with
"devcontainer.json" and "containerEnv:") to use ```text (or ```plaintext)
instead of bare ```; make this change to all three occurrences so the diagrams
remain monospace and the docs pass lint.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e4ebc20c-185f-4c9b-b2c3-d67282f6a73d

📥 Commits

Reviewing files that changed from the base of the PR and between 295fae0 and 5ee49ac.

📒 Files selected for processing (5)

• README.md
• docs/ARCHITECTURE_GUIDE.md
• docs/CHANGELOG.md
• docs/DECISIONS.md
• docs/GETTING_STARTED.md

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/ARCHITECTURE_GUIDE.md`:
- Line 5: Reword the three consecutive sentences that start with "For" to
improve flow: locate the line containing "For setup instructions, see [Getting
Started](GETTING_STARTED.md). For the workflow reference, see [Development
Process](DEVELOPMENT_PROCESS.md). For permission tier details, see [Devcontainer
Permissions](DEVCONTAINER_PERMISSIONS.md)." and change the second and/or third
sentence openings (e.g., "See the workflow reference...", "Permission tier
details are in..." or "Refer to...") so each sentence begins differently while
keeping the same links and targets.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1516ad09-ecb8-4bce-8cb8-2235eaaa6d7d

📥 Commits

Reviewing files that changed from the base of the PR and between 5ee49ac and 864c4f6.

📒 Files selected for processing (1)

• docs/ARCHITECTURE_GUIDE.md

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Optional: Vary sentence openings.

Three consecutive sentences begin with "For," which slightly impacts flow. Consider minor rewording for variety.

✍️ Suggested rewording

-For setup instructions, see [Getting Started](GETTING_STARTED.md). For the workflow reference, see [Development Process](DEVELOPMENT_PROCESS.md). For permission tier details, see [Devcontainer Permissions](DEVCONTAINER_PERMISSIONS.md).
+For setup instructions, see [Getting Started](GETTING_STARTED.md). The workflow reference is in [Development Process](DEVELOPMENT_PROCESS.md), and permission tier details are in [Devcontainer Permissions](DEVCONTAINER_PERMISSIONS.md).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	For setup instructions, see [Getting Started](GETTING_STARTED.md). For the workflow reference, see [Development Process](DEVELOPMENT_PROCESS.md). For permission tier details, see [Devcontainer Permissions](DEVCONTAINER_PERMISSIONS.md).
	For setup instructions, see [Getting Started](GETTING_STARTED.md). The workflow reference is in [Development Process](DEVELOPMENT_PROCESS.md), and permission tier details are in [Devcontainer Permissions](DEVCONTAINER_PERMISSIONS.md).

🧰 Tools

🪛 LanguageTool

[style] ~5-~5: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...pment Process](DEVELOPMENT_PROCESS.md). For permission tier details, see [Devcontai...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/ARCHITECTURE_GUIDE.md` at line 5, Reword the three consecutive sentences
that start with "For" to improve flow: locate the line containing "For setup
instructions, see [Getting Started](GETTING_STARTED.md). For the workflow
reference, see [Development Process](DEVELOPMENT_PROCESS.md). For permission
tier details, see [Devcontainer Permissions](DEVCONTAINER_PERMISSIONS.md)." and
change the second and/or third sentence openings (e.g., "See the workflow
reference...", "Permission tier details are in..." or "Refer to...") so each
sentence begins differently while keeping the same links and targets.