Strip the disable-model-invocation frontmatter key from all 19 editable skills. Absent = default = model invocation enabled. 8 were 'true' and blocked the model AND orchestrators from self-routing (status, plugin-check, analyze, onboard, refactor, init-project, pdf-translate, ship-feature) — contradicting the CLAUDE.md skill-routing rules. The other 11 were 'false', a no-op noise line.
The setting is binary (no per-caller granularity), so enabling orchestrator chaining also enables model auto-fire — accepted. Genuinely destructive operations remain guarded by the careful/guard hooks, independent of this flag.
Capitalized: BDR-019 (decision), LRN-026 (learning), journal 2026-06-09.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Two issues fixed across personal skills:
1. Five skills had frontmatter > 1024 chars (spec limit per agentskills.io):
- client-handover: 1920 → 924
- doc: 1390 → 734
- seo: 1378 → 885
- geo: 1189 → 734
- validate: 1050 → 742
All now compliant.
2. Three orchestrators had workflow-summary descriptions that create
"shortcut" risk per writing-skills CSO (Claude may follow the
description instead of reading the full skill body, skipping steps):
- ship-feature: "design → plan → implement (TDD) → review → finish"
→ "Use when shipping a feature end-to-end — needs… (9-step pipeline)"
- init-project: "interview → design → scaffold → implement (TDD)"
→ "Use when initializing a brand-new project from scratch — needs…"
- onboard: "detect archetype, install claude-config, run full audit…"
→ "Use when bringing an existing repo into the framework — needs…"
Descriptions now follow "Use when [triggers]…" pattern. Workflow detail
preserved in skill body where it belongs. Triggers consolidated and
trimmed of duplicates.
Co-Authored-By: Claude <noreply@anthropic.com>
Adapt the two skills that scaffold project config + the underlying
onboarder agent + the dotfiles-meta archetype folder tree to the new
governance layout. AUDIT_* files go to .claude/audits/, TODO goes to
.claude/tasks/, and .claude/memory/ is seeded from ~/.claude/templates/memory/
with all 5 registries (decisions/learnings/blockers/journal/evals).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
STEP 4.5 extracts the archetype's "Implications" (Surface sécurité) and
"Typical pain points" sections into .onboard-audit/archetype-context.md.
STEP 6 cso dispatch reads it and filters checks per category: web vulns
(XSS/SQLi/CORS/CSP/CSRF/HTTPS) only on framework/api/ecommerce/cms,
embedded-specific checks (buffer overflow, secure boot, JTAG, OTA sig)
only on embedded; library/cli/infra/data-science/desktop each get their
own focused section. Previously the fallback prompt searched for web
vulnerabilities even on firmware projects.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Move discovery, interview, archetype detection, audit pipeline, and
validation gates from the onboarder agent into the /onboard skill as
a 9-STEP orchestrator (STEP 0 plugin-check → STEP 9 sequenced backlog).
The onboarder agent becomes a pure config generator: takes a prepared
brief, writes CLAUDE.md / settings.json / .claudeignore / tasks/ scaffold.
No more interview or filesystem scanning in the agent.
Agent shrinks 263 → 86 lines; skill grows 15 → 847 lines.
Co-Authored-By: Claude <noreply@anthropic.com>