End-to-end pipeline that hardens the project, commits, pauses for
deploy, validates the live site, then generates a non-technical client
deliverable (LIVRAISON.md / HANDOVER.md):
1. /seo (SEO+GEO) and /harden run in parallel with auto-fix loops
until each scores >=17/20.
2. /commit-change + push if changes were made.
3. Pause to tell the user what to deploy and wait for confirmation.
4. /validate against the live site.
5. Per-audit gate >=17/20 — stop and analyze if any below.
6. Write client doc with before/after score table + owner-maintenance
checklist.
Reads git history + .claude/memory/ registries for context. For
local-business projects, appends a manual NAP-consistency platform
checklist (Google Business, Pages Jaunes, Yelp, Facebook, Instagram,
TikTok, Apple Maps, Bing Places, TripAdvisor). Optional build/deploy
chapter on prompt.
Adds skills/client-handover/SKILL.md (slash-command entrypoint),
skills/client-handover/checklists/seo-geo-manual.md (NAP checklist),
agents/client-handover-writer.md (orchestrator agent).
Co-Authored-By: Claude <noreply@anthropic.com>
Auto-discover what the project actually has instead of a fixed doc list:
root files (incl. DEPLOY.md, SECURITY.md, ARCHITECTURE.md, ROADMAP.md),
docs/**, and .claude/{tasks,audits,memory}/.
Detect stack (Node/Python/Rust/Go/Ruby/PHP/Dart/.NET) and deploy
complexity (NONE/TRIVIAL/NON_TRIVIAL) to drive doc-needs:
- Propose DEPLOY.md only when non-trivial (Docker, fly.toml, k8s,
multi-stage CI).
- Propose inlining/removing DEPLOY.md when deploy is trivial.
- Enforce README presence with typical GitHub layout.
Add CREATE/REMOVE proposal categories to the validation gate. Update
auto-mode to map deploy artifacts to DEPLOY.md and decisions.md
architectural changes back to CLAUDE.md/README.
Sync skills/doc/SKILL.md description + triggers to match.
Co-Authored-By: Claude <noreply@anthropic.com>
- GitHub URL clone support (single + multi-repo merge)
- uv tool detection ahead of pipx shebang
- Optional Kimi K2.6 backend via MOONSHOT_API_KEY
- Discrete confidence rubric (0.55/0.65/0.75/0.85/0.95) replaces continuous range
- Aggregated community view for graphs >5000 nodes
- Manifest persistence after --update so next run diffs against current state
- Video file support, rationale-as-attribute (not separate node)
Co-Authored-By: Claude <noreply@anthropic.com>
Ship lib/profile.sh + 9 profiles in lib/profiles/. A profile is a
plain-text file listing items + types (gstack | personal | external |
plugin@<marketplace> | mcp | cli). `profile set <name>` enables the
listed items and disables the rest:
- gstack/personal/external skills: symlink toggle skills/ ↔
skills-disabled/ (gstack__<name> prefix to avoid collisions; no
prefix for personal/external).
- plugins typed `plugin@<marketplace>`: actually toggled via
`claude plugin enable|disable <name>@<marketplace>`. Allowlist:
MANAGED_PLUGINS = ui-ux-pro-max, plugin-dev, pr-review-toolkit.
Denylist: PROTECTED_PLUGINS = caveman, security-guidance,
superpowers (always-on, never disabled even if absent from a
profile).
- mcp magic: delegated to lib/toggle-external.sh which already
handles the MAGIC_API_KEY env lookup. Other MCPs stay advisory.
- cli (rtk, gsd, ctx7, graphify): status-only, never auto-installed.
Profiles shipped:
web public website work — frontend + content + light dev
seo SEO + GEO + W3C audit (search/AI indexability + a11y)
web-full production website end-to-end (web ∪ seo ∪ qa-only/canary)
backend backend / API / system dev — no design, no SEO
design visual QA, design systems, mockups, polish
dev daily code work — features, fixes, refactor, ship
qa site testing, perf, canary, validation
audit comprehensive audit — security + SEO + perf + health
minimal strip all gstack skills (quiet session)
Commands:
profile list / show <name> / current / apply <name> / set <name> /
reset / diff <a> <b>
`current` heuristic returns "full" when nothing is disabled, otherwise
picks the profile with the highest available-ratio (counts both
"enabled" and "installed" — the latter for CLIs). Tiebreaker: larger
profile total wins, so web-full beats web at a 100% tie.
`reset` re-enables every gstack skill but does NOT touch plugins —
the user re-enables a managed plugin manually or via `apply <profile>`.
This is documented in the trailing info line.
Integration:
- skills/profile/SKILL.md — `/profile` slash command, lists profiles,
documents the per-type mechanism, points at lib/profile.sh.
- agents/plugin-advisor.md — DETECT phase calls `profile current`,
OUTPUT adds a PROFILE line, and TOGGLING EXTERNAL TOOLS gains a
"Skill profiles" section with a signal → profile recommendation
table.
- lib/toggle-external.sh — header pointer to profile.sh for fine-
grained activation (toggle-external still owns whole-gstack and
magic-MCP toggles).
- Makefile — `make profile cmd="set <name>"`, profile-list,
profile-current, profile-reset.
Tested end-to-end: `set web` enables ui-ux-pro-max + magic; `set seo`
disables ui-ux-pro-max; `set minimal` disables ui-ux-pro-max but
spares always-on plugins; `reset` restores all 64 skills; shellcheck
clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Registries are re-read at every session start; consistency pays back
each time. Adding a single rule in CLAUDE.md § Memory registries
(authoritative) + a short reminder at the end of each CAPITALIZE
block (ship-feature, bugfix, hotfix, feat, commit-change, close).
Rationale: (1) model re-reads the registries more efficiently in a
single language, (2) lower token cost for English (model's primary
training language), (3) easier cross-project reuse. Interactive gates
may still mirror the user's language — only the written entry is
constrained.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Before: SEO.md, GEO.md, HARDEN.md, VALIDATE.md, BUGS-FOUND.md landed
at project root. After: all five go to .claude/audits/. Covers both
dispatcher write paths and the dispatcher bash commands that parse
each report (test -s, grep score, wc) — otherwise the dispatcher
would look for the file at the old location.
- skills/seo,geo,harden,validate,code-clean — write paths + console
summaries ("Report: .claude/audits/X.md")
- skills/harden,validate — bash parsing commands (test/grep/wc) aligned
- agents/seo-analyzer,validator-analyzer,code-cleaner — agent-side refs
- agents/validator-analyzer frontmatter description updated
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Manual fallback for the 3-question ritual (what was decided / learned
/ blocked) when none of the completion skills ran. Pre-fills BDR/LRN/
BLK candidates from git log + conversation context, presents for
validation, appends approved entries to .claude/memory/ registries
plus a timeline line in journal.md. Always writes the journal line
even if all 3 questions are skipped.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Registries only get filled if something actively writes to them.
Without integration, the 3-question ritual is aspirational text.
Adds a CAPITALIZE step at the end of every completion skill so work
milestones automatically propose BDR/LRN/BLK entries from context.
- ship-feature STEP 9 — decision/learning/blocker candidates per feature
- bugfix STEP 7 — always propose BLK with root cause; LRN if pattern reusable
- hotfix STEP 5 — default skip; only prompt when non-obvious lesson surfaces
- feat STEP 6 — propose BDR for design choice, LRN for pattern
- commit-change Phase 4 — analyze the commit batch, propose grouped entries
Every variant also appends a one-liner to .claude/memory/journal.md under
today's date heading.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adapt the two skills that scaffold project config + the underlying
onboarder agent + the dotfiles-meta archetype folder tree to the new
governance layout. AUDIT_* files go to .claude/audits/, TODO goes to
.claude/tasks/, and .claude/memory/ is seeded from ~/.claude/templates/memory/
with all 5 registries (decisions/learnings/blockers/journal/evals).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New /validate skill runs a narrow-scope web standards audit covering
W3C HTML validity (validator.nu API in FULL, html-validate / vnu.jar
in LOCAL), W3C CSS validity (jigsaw.w3.org/css-validator in FULL,
stylelint / css-tree in LOCAL), and WCAG 2.1 accessibility (pa11y,
@axe-core/cli, WAVE API, or static checklist fallback).
Dedicated validator-analyzer agent with a strict IN/OUT scope filter
so the report stays focused on conformance — no meta/OG/JSON-LD/
sitemap/CSP/cookie/CWV noise. Those remain owned by /seo, /geo, and
/harden respectively.
LOCAL mode degrades gracefully: tries local npm tools first, falls
back to static analysis if none present (same 12-point a11y checklist
as /onboard a11y dispatch). Never fails hard.
Framework awareness: validates built output (dist/, _site/, build/,
out/) for SPA/JS frameworks, not JSX/TSX source. Warns if no build
dir found.
Fix mode (--fix) produces a conservative auto-fix bundle: missing
lang attr, alt="" on decorative images, unclosed void tags, duplicate
IDs, unambiguous heading level skips. Content decisions (form labels,
color contrast, landmark restructure, alt text on content images)
always go to User actions, never auto-applied.
Flags: --local, --full, --fix, --no-external.
Routing updated in CLAUDE.md. /harden and /seo cross-refs narrowed
to redirect W3C / WCAG concerns to /validate (was previously routed
to /onboard a11y dispatch, which only runs at setup).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).
Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.
FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
- Mozilla Observatory (API v2 JSON, ~10s)
- SecurityHeaders.com (HTML scrape, ~5s)
- SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)
Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).
Flags: --local, --full, --fix, --no-external.
Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
STEP 4.5 extracts the archetype's "Implications" (Surface sécurité) and
"Typical pain points" sections into .onboard-audit/archetype-context.md.
STEP 6 cso dispatch reads it and filters checks per category: web vulns
(XSS/SQLi/CORS/CSP/CSRF/HTTPS) only on framework/api/ecommerce/cms,
embedded-specific checks (buffer overflow, secure boot, JTAG, OTA sig)
only on embedded; library/cli/infra/data-science/desktop each get their
own focused section. Previously the fallback prompt searched for web
vulnerabilities even on firmware projects.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Move discovery, interview, archetype detection, audit pipeline, and
validation gates from the onboarder agent into the /onboard skill as
a 9-STEP orchestrator (STEP 0 plugin-check → STEP 9 sequenced backlog).
The onboarder agent becomes a pure config generator: takes a prepared
brief, writes CLAUDE.md / settings.json / .claudeignore / tasks/ scaffold.
No more interview or filesystem scanning in the agent.
Agent shrinks 263 → 86 lines; skill grows 15 → 847 lines.
Co-Authored-By: Claude <noreply@anthropic.com>
Auto-upgraded during /graphify invocation. Notable SKILL.md changes:
safer AST cache_root (pin to cwd), clearer node ID format docs with
concrete example, new Step 6b Wiki export (opt-in via --wiki),
--update now persists merged extraction back to .graphify_extract.json
so Step 4 sees the full graph.
Co-Authored-By: Claude <noreply@anthropic.com>
Post-review hardening of the parallel seo+geo dispatch:
- skills/seo/SKILL.md: shared-file edit discipline embedded in both dispatch prompts (Edit-only on shared templates, Write only on sole-owned files). CROSS-AGENT NOTES flow clarified — dispatcher escalates to SEO.md §11 as user action with automation options (Option B).
- agents/seo-analyzer.md: STEP 2 detects 8 CMS (WordPress/Drupal/Magento/Shopify/Joomla/PrestaShop/Ghost/Wix-Squarespace-Webflow) and presence of SEO plugins. STEP 10 emits P0 quick win "install CMS plugin" when CMS detected without plugin. STEP 5 expands topic clusters / silos sémantiques. Framework notes in STEP 12 cover all 8 CMS explicitly.
- agents/geo-analyzer.md: STEP 6 checks /faq path + FAQPage schema presence. STEP 11 mandates 3 AI-index user actions per FULL audit (Bing Webmaster Tools / GSC / IndexNow) + Apple Business Connect for local business.
- agents/resources/automation-catalog.md: new structured CMS plugin section (install links + pricing per platform). AI-index submission section rewritten with Bing Webmaster as canonical entry for ChatGPT Search/Copilot/DuckDuckGo, IndexNow protocol details, Brave Web Discovery, Apple Business Connect.
- agents/resources/llms-txt-template.md: explicit note that /ai.txt and /about-data are NOT real standards; llms.txt (Jeremy Howard) remains the only proposed one.
Rationale: third-party AI review of the skill surfaced 5 gaps — race condition on shared templates (Layout.astro holds meta + JSON-LD), ambiguous cross-agent flow, missing CMS-plugin-first logic (Gemini), under-exposed Bing Webmaster (ChatGPT Search channel), and minor accuracy items.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Refactor the monolithic seo-analyzer into two specialist agents
orchestrated in parallel by the /seo skill, plus a standalone /geo
skill for AI-only audits.
Changes
- agents/seo-analyzer.md: refocused on classical engines (Google, Bing,
DuckDuckGo). Adds Core Web Vitals 2.0 (LCP/INP/CLS + VSI), CSP + full
security headers, hreflang audit, video SEO (transcripts), accessibility
as ranking signal, image/video sitemaps.
- agents/geo-analyzer.md: new agent for AI engines (ChatGPT, Claude,
Perplexity, Gemini, Google AI Overviews, Copilot). Covers AI crawler
policy, llms.txt/llms-full.txt, Schema.org for AI extraction (QAPage,
Speakable, Person+Article, Organization graph), entity SEO (Wikidata,
sameAs, Knowledge Panel), content shape (Definition Lead, TL;DR,
Q->A, citable stats, freshness), AI visibility testing.
- agents/resources/: shared knowledge base referenced by both agents —
ai-crawlers-2026.md (25+ bots, training vs retrieval categories,
permissive/restrictive templates), llms-txt-template.md, geo-schemas.md
(incl. deprecated list: ClaimReview, CourseInfo, etc. removed June 2025),
entity-seo.md, content-shape-for-ai.md, ai-visibility-tools.md,
automation-catalog.md.
- skills/seo/SKILL.md: becomes parallel dispatcher. Collects context
once (depth + business), spawns both agents in a single message for
concurrent execution, merges envelopes into unified SEO.md. Includes
authoritative file-ownership matrix to prevent parallel-edit races.
- skills/geo/SKILL.md: new standalone wrapper for GEO-only audits.
Scoring
- Combined score: GLOBAL = 0.80 * SEO + 0.20 * GEO (local B2C),
0.75 * SEO + 0.25 * GEO (SaaS/national/content).
- GEO axis weight raised from 5% (old) to first-class dimension.
Policy
- AI crawlers: permissive default (maximise AI citations). Restrictive
template available for premium/regulated content.
- Every user action in SEO.md section 11 must cite automation options
from automation-catalog.md.
Tools
- WebFetch + WebSearch added to allowed-tools of both skills and
both agents (needed for live CWV via PageSpeed API, AI visibility
testing, Wikidata/Knowledge Panel lookups, competitor analysis).
Research basis (2026 state of the art validated via WebSearch):
- Core Web Vitals 2.0 (VSI signal, Google core update March 2026)
- AI Overviews trigger on ~48% of Google searches
- ClaimReview + 6 other schema types deprecated June 2025
- Definition Lead Architecture (CMU KDD 2024, +impression score)
- Citations + stats add up to 40% AI visibility (Aggarwal 2024)
- Wikidata grounds every major LLM (ChatGPT, Claude, Gemini, Perplexity)
Backup
- agents/seo-analyzer.md.bak kept for rollback reference.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Doc syncer now detects features present in code but missing from docs
(ADDED) and features documented but removed from code (REMOVED). Both
full audit and auto mode updated. Tags follow AUTO/HUMAN rules: list
entries are AUTO, new sections and deprecation notes are HUMAN.
Co-Authored-By: Claude <noreply@anthropic.com>
The awk extraction now correctly parses both `description: text` (inline)
and `description: |` (block scalar) YAML formats.
Co-Authored-By: Claude <noreply@anthropic.com>
Personal skills are identified by checking if their SKILL.md references
an agent file from ~/.claude/agents/. Adds agent column to output table.
Replaces unreliable git history heuristic.
Co-Authored-By: Claude <noreply@anthropic.com>
Use git history heuristic: skills added in bulk commits (5+ SKILL.md
files at once) are framework installs, not user-created. Only show
skills added in small commits (1-3 files).
Co-Authored-By: Claude <noreply@anthropic.com>
Lists all local skills from ~/.claude/skills/ with name and description,
excluding symlinked/external ones (gstack, emil-design-eng).
Co-Authored-By: Claude <noreply@anthropic.com>
Skills now delegate to agent .md files instead of embedding logic
inline. Added new agents (bugfixer, code-cleaner, commit-changer,
doc-syncer, feater, hotfixer, seo-analyzer) and new skills
(code-clean, doc, seo). Replaced /readme with /doc (broader scope).
Co-Authored-By: Claude <noreply@anthropic.com>
Fill the gap between direct editing and the full /ship-feature
orchestrator. Three new skills for common everyday tasks:
- /hotfix: superficial bugs (typo, CSS, config), 1-2 files, no plan
- /bugfix: deeper bugs with root cause investigation + fix plan
- /feat: small features 1-5 files, light planning, no subagents
Each skill documents its escalation path to the next level.
Updated plugin-advisor with skill routing table and references.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
These 37 symlinks point to skills-external/gstack/ and are recreated
automatically by the gstack setup during install-plugins.sh. They
should not be versioned. Added all patterns to .gitignore.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- detect_plan() auto-detects Max/Pro/Free from ~/.claude.json
- session-start budget adapts to plan (Max=20k, Pro=11k, Free=5k)
- token counting now uses only ACTIVE plugins, not installed binaries
- statusline shows plan label + session duration instead of start time
- plugin-advisor: complexity assessment (0-100%) drives tool selection
- plugin-advisor: auto-activation with confirmation (PHASE 4)
- ruflo OFF by default, GSD v2 preferred for multi-session
- init-project: ctx7 pre-fetch + graphify scaffold + graphify full
- ship-feature: ctx7 cache check before implementation
- frontend-design disabled in installer (doublon with ui-ux-pro-max)
- python3 -c moved from deny to ask (unblocks graphify)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Track all gstack-provided skill symlinks (autoplan, browse, qa, etc.)
and the graphify skill. Add .claude/, graphify-out/, .ctx7-cache/ to
gitignore to exclude local/generated files from the repo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>