feat(languages): add bash/shell bundle

Shell-heavy projects had no bundle that fit. archangel and archsetup are bash repos, and installing elisp or python gave them the wrong language rules. I added languages/bash on the go bundle's shape.

The bundle ships bash.md and bash-testing.md rules, a PostToolUse hook that runs shellcheck on edited shell files and blocks on a violation, a shellcheck pre-commit githook, settings.json wiring, gitignore-add.txt, and a "Bash/shell project" CLAUDE.md. The hook covers .sh, .bash, and extensionless files with a shell shebang, since the CLI tools that fill a shell repo carry no extension. shellcheck is the gate. shfmt stays out of the blocking path because shell has no canonical formatting style, and forcing tabs-vs-spaces would impose a contested choice. Both the hook and the githook are shellcheck-clean against their own rule.

I extended the Makefile test target to discover languages/*/tests/*.bats, so the bundle's 8 hook tests run with the rest of the suite. The README bundle table was stale, listing elisp only. I corrected it to the five bundles now shipping.

1 files changed, 66 insertions, 0 deletions

diff --git a/languages/bash/claude/hooks/validate-bash.sh b/languages/bash/claude/hooks/validate-bash.sh
new file mode 100755
index 0000000..4e75f40
--- /dev/null
+++ b/languages/bash/claude/hooks/validate-bash.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+# Validate shell files after Edit/Write/MultiEdit.
+# PostToolUse hook: receives tool-call JSON on stdin.
+#
+# On success: exit 0 silent.
+# On failure: emit JSON with hookSpecificOutput.additionalContext so Claude
+# sees a structured error in its context, THEN exit 2 to block the tool
+# pipeline. stderr still echoes the error for terminal visibility.
+#
+# Gate: shellcheck. It catches the bugs that define shell — unquoted
+# expansions, unset variables, masked exit codes — and is the high-value,
+# universally-agreed check. Formatting (shfmt) is deliberately NOT enforced
+# here: shell has no single canonical style (tabs vs spaces), so blocking on
+# it would impose a contested choice. bash.md recommends shfmt; this hook
+# enforces correctness.
+#
+# Scope: .sh and .bash files, plus extensionless files whose first line is a
+# sh/bash shebang (the CLI tools that fill a shell-heavy repo carry no
+# extension).
+
+set -u
+
+# Emit a JSON failure payload and exit 2. Arguments:
+#   $1 — short failure type (e.g. "SHELLCHECK FAILED")
+#   $2 — file path
+#   $3 — tool output (error body)
+fail_json() {
+    local ctx
+    ctx="$(printf '%s: %s\n\n%s\n\nFix before proceeding.' "$1" "$2" "$3" \
+        | jq -Rs .)"
+    cat <<EOF
+{"hookSpecificOutput": {"hookEventName": "PostToolUse", "additionalContext": $ctx}}
+EOF
+    printf '%s: %s\n%s\n' "$1" "$2" "$3" >&2
+    exit 2
+}
+
+f="$(jq -r '.tool_input.file_path // .tool_response.filePath // empty')"
+[ -z "$f" ] && exit 0
+[ -f "$f" ] || exit 0
+
+# Is this a shell file? By extension, or by shebang when it has no extension.
+# Match on the basename, not the full path — a temp/parent dir can carry a dot
+# (e.g. validate-bash-bats.XXXX/) and misfire the "*.*" extension test.
+is_shell=0
+base="${f##*/}"
+case "$base" in
+    *.sh | *.bash) is_shell=1 ;;
+    *.*) is_shell=0 ;;  # some other extension — not ours
+    *)
+        # No extension: sniff the shebang.
+        if head -1 "$f" 2>/dev/null | grep -qE '^#!.*\b(bash|sh)\b'; then
+            is_shell=1
+        fi
+        ;;
+esac
+[ "$is_shell" -eq 1 ] || exit 0
+
+# No shellcheck on this machine — nothing to validate, don't block the edit.
+command -v shellcheck >/dev/null 2>&1 || exit 0
+
+if ! out="$(shellcheck "$f" 2>&1)"; then
+    fail_json "SHELLCHECK FAILED" "$f" "$out"
+fi
+
+exit 0