Commit Graph

41 Commits

Author SHA1 Message Date
Bastien Chanot
e8807a7333 feat(gitflow): chore branch type + aiguillage for standalone memory/doc skills
Standalone /capitalize /close /prune-memory /reconcile no longer lean on the .claude/** hook exemption when run on main/develop: the aiguillage branches them to chore/* off develop before writing. New chore type (base develop, finish->develop) added to the lib; hook unchanged (chore/* non-protected). Closes the leak where standalone memory work (memory IS the work, no code branch to follow) landed direct on a protected base. 64/64 gitflow-test green, shellcheck clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RNaYKPEkjH1jbgoX1TwKMX
2026-07-01 13:25:36 +02:00
Bastien Chanot
d3d6cede65 feat(release-candidate): orchestrator skill over gitflow release + the version tag
/release-candidate cuts a release by orchestrating the existing gitflow
release mechanic (start from develop; finish fan-out main+develop+delete)
and adding the one piece the lib lacks: the version tag.

- skills/release-candidate/SKILL.md: thin orchestrator — preconditions →
  gitflow start release → prep (version.txt + CHANGELOG, breaking doc'd) →
  run-tests gate → human WHEN-to-release gate → gitflow finish → git tag -a
  vX.Y.Z (in the skill, lib untouched) → push (gated).
- lib/tests/run-release-candidate.sh: throwaway-repo flow replay. RC_TAG=0
  reds the tag (gitflow fans out but never tags); RC_TAG=1 → 5/5.
- CLAUDE.md: Skill routing line. CHANGELOG [Unreleased]: /reconcile +
  /release-candidate under Added (so the eventual v4.0.0 captures them).

Tag scheme vX.Y.Z continues the version.txt/CHANGELOG lineage. writing-skills TDD.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01C6bUdvHnajCNzgVQefZowj
2026-06-30 14:41:12 +02:00
Bastien Chanot
82e6322a9f feat(reconcile): deterministic declared-vs-real engine + thin gated skill
/reconcile confronts declarative sources (TODO checkboxes, registry
statuses, ## Index) against real git/fs state and surfaces the gaps,
in 4 categories + contradiction candidates.

- lib/reconcile.sh: engine — body-only enumeration (never the Index),
  git/fs oracles, BLK last-block-wins status, lexical deferral sweep,
  contradiction candidates, pure reconcile_verdict kernel.
- lib/tests/run-reconcile.sh + fixtures (neutral-named): 20/20;
  recursive-coherence T1 reds if the engine reads the Index (teeth).
- skills/reconcile/SKILL.md: thin orchestration + A/B/C write-back gate,
  honest limits (lexical deferrals, contradictions surfaced not asserted).
- CLAUDE.md: Skill routing line.

Founding principle: never trust a declarative source as an oracle — the
skill practices what it preaches (tested). Built via writing-skills TDD.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01C6bUdvHnajCNzgVQefZowj
2026-06-30 13:42:24 +02:00
Bastien Chanot
167ea9678e feat(gitflow): universal gitflow model — lib + skill + orchestrator wiring
lib core (start/finish/init, transactional bootstrap) + migrate + 57-test suite + aiguillage; skills/gitflow + gitignore template; CLAUDE.md gitflow rule; wiring init-project (5f/8/11), onboard (2.6), ship-feature (0/4/9), feat/bugfix/hotfix aiguillage.
2026-06-29 02:58:13 +02:00
Bastien Chanot
e5e673ac1f refactor(skill): rename validate → web-validate
Clearer scoped name for the W3C + WCAG skill. Updated: folder (git mv),
frontmatter name, H1 title, command refs, CLAUDE.md routing, 6 profiles
(functional — activate the skill by folder name), cross-refs in
harden/seo/depth-matrix/client-handover, agent dispatch refs, README +
USAGE tables.

Confidentiality: the client-deliverable leak-guard regex
(client-handover-writer.md) now matches BOTH /web-validate and legacy
/validate, so older client docs stay covered.

Left intentionally: validator-analyzer agent name (lockstep with
subagent_type + registry), .validate-cache/ + VALIDATE.md (audit-file
family {SEO,GEO,HARDEN,CSO,VALIDATE}.md), .claude/ history (append-only),
CHANGELOG old entry (added a new "renamed" entry instead). NL trigger
keywords kept so "validate" still routes here. Third-party html-validate
untouched.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 01:29:36 +02:00
Bastien Chanot
990318ce9d docs(claude-md): trim decorative separators + blank lines
Whitespace-only rognage, zero content/instruction changed: 286 -> 275.
- Drop 4 '---' section rules (the '#' headers already delimit sections).
- Drop 2 intro->list blanks (consistency with the compressed sections).
- Drop 1 orphan header-to-header blank (Tooling & skills -> Skill routing).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 00:29:47 +02:00
Bastien Chanot
ba743cf356 docs(claude-md): compress routing + design + graphify
Universal global config (loaded every session): 317 -> 286 lines (-31).
- Routing: drop name-obvious lines (covered by skill descriptions), keep
  non-obvious only (gstack fallbacks, cryptic names, disambiguation) +
  dense catch-all. Restore plan-eng-review + validate (misleading names),
  add feat/hotfix/bugfix file-count pointer.
- Design: compress + make the FILE signal explicit (UI-file edits trigger
  the toolchain, not just the prompt keyword).
- graphify: densify conditional rules.
No path-scope / no externalization: user-level path-scoped rules do not
load (issue #21858, 2.1.190) -> compression is the only safe lever.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 00:21:42 +02:00
Bastien Chanot
2e6725e8bb docs(claude-md): design gate → pointer to lib
Replace the inline "Design gate (automatic)" description — which still named
the old atomic "ui-ux-pro-max inactive → ask user" behavior — with a one-line
pointer to the gate spec, now that the gate logic lives in design-gate.md +
design-tool-gate.sh and points at /profile design. No design rule changed;
the Orchestrators line (STEP 0 plugin-check) is untouched.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 11:22:01 +02:00
Bastien Chanot
663b16c472 docs(claude-md): merge workflow/todo + emphasis discipline
P5: merge the TODO volet of ## Workflow with ## Task tracking into a
single ## Planning & TODO section (when to plan / exempt scope / how to
track), placed right after ## Workflow. Drops the "see Workflow" cross-ref;
no rule lost.

P6: reserve emphasis caps (NEVER/ALWAYS/MUST/FORBIDDEN/ONLY/No…) for the
~9 critical rules only (security, never-invent, append-only memory, radical
honesty, never-assume, STOP, SPA-ban, supply-chain dep vetting). Downgrade
process/style dressing to normal case so the critical anchors stand out.
Typography only — no content or meaning changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-21 02:26:50 +02:00
Bastien Chanot
493b6b904e docs(claude-md): consolidate design routing
Design routing was split across 3 places (Skill-routing entries, the
Design gate paragraph, and the Design work section). Collapse the 3
skill-routing design entries to one renvoi; move the Design gate into
"## Design work — full toolchain"; mark that section the single source.
No rule lost — gate preserved verbatim, just relocated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 20:09:00 +02:00
Bastien Chanot
d4a5cfec93 chore(caveman): purge plugin + always-on integration
Disable + uninstall caveman@caveman and delete every repo dependency on
it: SessionStart/UserPromptSubmit hook blocks, standalone hook files,
settings.json enabledPlugins + marketplace entries, install-plugins.sh
STEP 5.5, update-all.sh refresh step, plugins.lock.json entry, doctor.sh
checks, lib/detect-plugins.sh helpers, lib/profile.sh + plugin-advisor +
skills/profile protected-list entries, .gitignore runtime-file block,
and README/USAGE docs. Dead /caveman:compress refs replaced with
manual/claude.ai guidance. Memory-registry terse-format convention kept
(separate subsystem). Version 3.4.0 -> 3.5.0.

On a subscription plan caveman's ~75% output-token compression has no
cost benefit, and the always-on hooks added friction on validation
gates and client deliverables.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 19:08:40 +02:00
Bastien Chanot
be0f047f04 docs: sync routing after merge
Reflect the /close → /capitalize --ritual merge in the session-loaded routing
table (CLAUDE.md) and the README/USAGE command tables: capitalize now also
reconciles .claude/tasks/TODO.md, --ritual adds the end-of-session reflection,
and /close is documented as an alias. Does not touch the in-progress caveman
purge edits in these files (left unstaged).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 18:05:05 +02:00
Bastien Chanot
02a0ba0602 docs(claude-md): add subagent delegation guidance to Workflow
Expand the sub-agent bullet to push fan-out work (many files,
parallel searches, multi-point checks) to sub-agents rather than
serial iteration, and default to delegation for multi-file
exploration. Counters Opus 4.8's tendency to under-delegate.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-18 17:00:24 +02:00
Bastien Chanot
e7e9dacddc refactor(claude-md): resolve contradictions, fix dead refs, restructure sections
Fable 5 audit of the global CLAUDE.md (symlinked from this repo):

Contradictions resolved:
- two conflicting graphify sections merged into one (query-first when
  graphify-out/graph.json exists, direct read otherwise; single command
  form; dropped the false 'this project has a knowledge graph' claim)
- plan rule: 'when in doubt skip plan' no longer cancels the mandate —
  borderline = single-file small obvious change
- deviation rule disambiguated: minor/justified -> explain after,
  significant/shaky -> ask before
- 'append-only' registries reconciled with /prune-memory curation

Dead refs fixed: /caveman:compress -> /caveman-compress; design-gate
path now ~/.claude/lib/ (was repo-relative); '(replaces LESSONS)' note
dropped.

Structure: Health Stack / Skill routing / graphify no longer nested
under '# Communication mode'; new '# Tooling & skills' and
'# This repo only' sections; repo-specific Health Stack labeled as such.

Routing updated: + audit-delta, close, capitalize, prune-memory,
profile, context-restore, geo; explicit gstack-OFF fallback rule.
Mid-task question exception generalized to all skill-mandated gates.

Non-critical sections caveman-compressed; Architecture decisions and
Security kept verbatim (must stay unambiguous). Net -1471 chars while
adding 8 routing entries.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 13:56:59 +02:00
Bastien Chanot
0d9f3d41eb feat(design): mandate full design toolchain on UI work via CLAUDE.md rule + hook
Add a tiered-by-scope "Design work — full toolchain" rule to the global
CLAUDE.md: trivial tweaks stay on /hotfix, building UI mobilizes ui-ux-pro-max,
frontend-design, Magic MCP, emil-design-eng, design-motion-principles, and
design-html; design systems start with design-consultation; reviews use
design-review + emil + motion audit. In doubt about scope, do not silently
skip the toolchain — ask or default to the Build tier.

Reinforce it with a design-toolchain-reminder UserPromptSubmit hook that
detects UI/design signals (broad FR+EN keyword set, \b-guarded against
substring false matches) and injects the tiered guidance into context. Soft
nudge, always exits 0, falls back to raw stdin when the hook JSON is missing.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 15:48:10 +02:00
Bastien Chanot
0a8f524b72 chore(graphify): rewrite CLAUDE.md + hook to prefer graphify query over GRAPH_REPORT.md
Query-first approach: run graphify query/path/explain for focused
questions, read GRAPH_REPORT.md only for broad architecture review.
Also fixes checkpoint→context-save routing line in CLAUDE.md.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-21 05:55:13 +02:00
bastien
c26d8adcdd docs(claude): add graphify navigation rules
Tell Claude to read graphify-out/GRAPH_REPORT.md before answering
architecture questions, prefer graphify query/path/explain over grep
for cross-module questions, and run graphify update . after code edits.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-06 17:08:52 +02:00
bastien
4181bdc9cf docs(memory): mandate caveman format for registries
Add "Format — registries ALWAYS caveman" rule alongside existing
English-only rule. All writes to .claude/memory/*.md (decisions,
learnings, blockers, journal, evals) must drop articles/filler/hedging
while preserving technical terms, IDs, dates, and code blocks exact.

Rationale: registries load every session start — caveman cuts ~40%
input tokens with zero loss of substance. Applies to direct writes and
skill-driven CAPITALIZE steps (close, ship-feature, feat, bugfix,
hotfix, commit-change). Existing entries: compress on demand via
/caveman:compress <file>.

Self-applied: CLAUDE.md prose itself compressed in same pass.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-05 23:46:15 +02:00
bastien
617865cb07 feat(capitalize): enforce English in all memory registry entries
Registries are re-read at every session start; consistency pays back
each time. Adding a single rule in CLAUDE.md § Memory registries
(authoritative) + a short reminder at the end of each CAPITALIZE
block (ship-feature, bugfix, hotfix, feat, commit-change, close).

Rationale: (1) model re-reads the registries more efficiently in a
single language, (2) lower token cost for English (model's primary
training language), (3) easier cross-project reuse. Interactive gates
may still mirror the user's language — only the written entry is
constrained.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:24:04 +02:00
bastien
e93116e160 docs(claude): adopt .claude/ paths + add Memory registries section
Session start now reads the 5 registries before TODO.md. After-code-
changes rule points to .claude/memory/ (routed per type) instead of
the single tasks/LESSONS.md. Adds Memory registries section with
routing rules, proactive-capitalization guideline, and session-close
ritual. Updates via symlink to ~/.claude/CLAUDE.md too.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:08 +02:00
bastien
feed3dbae9 feat(validate): add W3C HTML/CSS validity + WCAG a11y audit skill
New /validate skill runs a narrow-scope web standards audit covering
W3C HTML validity (validator.nu API in FULL, html-validate / vnu.jar
in LOCAL), W3C CSS validity (jigsaw.w3.org/css-validator in FULL,
stylelint / css-tree in LOCAL), and WCAG 2.1 accessibility (pa11y,
@axe-core/cli, WAVE API, or static checklist fallback).

Dedicated validator-analyzer agent with a strict IN/OUT scope filter
so the report stays focused on conformance — no meta/OG/JSON-LD/
sitemap/CSP/cookie/CWV noise. Those remain owned by /seo, /geo, and
/harden respectively.

LOCAL mode degrades gracefully: tries local npm tools first, falls
back to static analysis if none present (same 12-point a11y checklist
as /onboard a11y dispatch). Never fails hard.

Framework awareness: validates built output (dist/, _site/, build/,
out/) for SPA/JS frameworks, not JSX/TSX source. Warns if no build
dir found.

Fix mode (--fix) produces a conservative auto-fix bundle: missing
lang attr, alt="" on decorative images, unclosed void tags, duplicate
IDs, unambiguous heading level skips. Content decisions (form labels,
color contrast, landmark restructure, alt text on content images)
always go to User actions, never auto-applied.

Flags: --local, --full, --fix, --no-external.

Routing updated in CLAUDE.md. /harden and /seo cross-refs narrowed
to redirect W3C / WCAG concerns to /validate (was previously routed
to /onboard a11y dispatch, which only runs at setup).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 22:39:30 +02:00
bastien
97415e9aea feat(harden): add web hardening audit skill
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).

Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.

FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
  - Mozilla Observatory (API v2 JSON, ~10s)
  - SecurityHeaders.com (HTML scrape, ~5s)
  - SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)

Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).

Flags: --local, --full, --fix, --no-external.

Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 20:32:48 +02:00
bastien
31202e8621 docs(claude): make TODO.md systematic for complex write/modify tasks
Replace the "3+ steps" threshold with a logic-based criterion: any
write/modify task touching new behavior, control flow, state, API,
or dependencies requires a plan in tasks/TODO.md decomposed into
subtasks — even a single complex task.

Drop the blanket "Confirm before implementing" step: confirmation is
now limited to real trade-offs (multiple valid approaches, breaking
changes, destructive actions) to avoid rubber-stamp friction.

Add an explicit exemption list (reads, explanations, typos, cosmetic
CSS, single config values) aligned with /hotfix scope.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:38:06 +02:00
bastien
1da901ee8e docs(onboard): document new pipeline (archetype detection + full audit)
USAGE.md Pattern C expanded with the 9-STEP pipeline table and post-run
flow. CLAUDE.md skill routing line updated to reflect the new scope
(config + archetype detection + full audit pipeline + backlog).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:37:44 +02:00
bastien
07b8a207c1 docs(claude): consolidate graphify sections into Context Navigation
Merge the auto-installed "## graphify" block (L. 170-177, written by
`graphify claude install`) into the existing "## Context Navigation
(graphify)" block. Keeps one source of truth: when to invoke graphify,
what to read first (GRAPH_REPORT.md), and the AST-only --update
shortcut after code edits.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 17:54:51 +02:00
bastien
e144dc78ee added some info into claude.md and settings 2026-04-21 15:22:05 +02:00
bastien
57309b80f8 feat(agents): add design gate for automatic ui-ux-pro-max detection
Lightweight skills (feat, hotfix, bugfix) had zero plugin awareness —
design tasks ran without ui-ux-pro-max even when relevant. Add a
design gate (lib/design-gate.md) that auto-detects UI/style signals
in task description and filesystem, then asks the user to activate
ui-ux-pro-max if inactive. Orchestrators already handle this via
their STEP 0 plugin-check.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:50:56 +02:00
bastien
0f28829bdb feat(claude-md): add health stack + enrich skill routing with full arsenal
Health Stack persists shellcheck config for /health.
Skill routing now covers all skills (gstack + perso) with fallbacks
when gstack is unavailable (bugfix, ship-feature, doc).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:08:36 +02:00
bastien
40db25b590 chore: add gstack skill routing rules to CLAUDE.md 2026-04-16 00:37:37 +02:00
bastien
3f69326c9a chore: switch CLAUDE_EFFORT env var to --effort alias, add task tracking
install-plugins.sh: replace 'export CLAUDE_EFFORT=max' with
'alias claude="claude --effort max"' (cleaner, uses CLI flag).
Cleans up old env var from shell profile on re-run.

Also adds tasks/ tracking files and fixes trailing whitespace in CLAUDE.md.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 23:21:57 +02:00
bastien
eb020d88a7 docs(claude): rewrite graphify context navigation guidelines
Clarify when to use graphify (large-scope tasks only) vs reading
files directly (small tasks). Removes the "always query graph first"
rule that added unnecessary overhead for simple lookups.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 20:18:40 +02:00
bastien
9d73d31cde added onboard and claude improve 2026-04-15 18:23:55 +02:00
bastien
46f9fc93d3 added security claude md 2026-04-15 17:37:03 +02:00
bastien
67e66b7217 added api versions 2026-04-14 03:08:33 +02:00
bastien
7318c18730 added no SPA for public website in claude.md 2026-04-14 01:15:41 +02:00
bastien
1f65a365f4 Added honesty and clarity in claude.md for no bullshit yesman response 2026-04-13 16:06:34 +02:00
bastien
0dac12b885 add gstack skill symlinks, graphify skill, and gitignore updates
Track all gstack-provided skill symlinks (autoplan, browse, qa, etc.)
and the graphify skill. Add .claude/, graphify-out/, .ctx7-cache/ to
gitignore to exclude local/generated files from the repo.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-12 14:56:03 +02:00
bchanot
f55a2b3fdf final version seems 2026-04-08 13:46:45 +02:00
bastien
f8811fab37 opus version correction 2026-04-03 18:08:21 +02:00
bastien
fbe43d519e added skills and agents 2026-04-01 02:51:01 +02:00
bastien
8ccdfd8eb3 corrected to uppercase 2026-03-31 20:51:12 +02:00