Commit Graph

21 Commits

Author SHA1 Message Date
bastien
fffc222005 feat(validate): add W3C HTML/CSS validity + WCAG a11y audit skill
New /validate skill runs a narrow-scope web standards audit covering
W3C HTML validity (validator.nu API in FULL, html-validate / vnu.jar
in LOCAL), W3C CSS validity (jigsaw.w3.org/css-validator in FULL,
stylelint / css-tree in LOCAL), and WCAG 2.1 accessibility (pa11y,
@axe-core/cli, WAVE API, or static checklist fallback).

Dedicated validator-analyzer agent with a strict IN/OUT scope filter
so the report stays focused on conformance — no meta/OG/JSON-LD/
sitemap/CSP/cookie/CWV noise. Those remain owned by /seo, /geo, and
/harden respectively.

LOCAL mode degrades gracefully: tries local npm tools first, falls
back to static analysis if none present (same 12-point a11y checklist
as /onboard a11y dispatch). Never fails hard.

Framework awareness: validates built output (dist/, _site/, build/,
out/) for SPA/JS frameworks, not JSX/TSX source. Warns if no build
dir found.

Fix mode (--fix) produces a conservative auto-fix bundle: missing
lang attr, alt="" on decorative images, unclosed void tags, duplicate
IDs, unambiguous heading level skips. Content decisions (form labels,
color contrast, landmark restructure, alt text on content images)
always go to User actions, never auto-applied.

Flags: --local, --full, --fix, --no-external.

Routing updated in CLAUDE.md. /harden and /seo cross-refs narrowed
to redirect W3C / WCAG concerns to /validate (was previously routed
to /onboard a11y dispatch, which only runs at setup).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 22:39:30 +02:00
bastien
5a503f4f5e feat(harden): add web hardening audit skill
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).

Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.

FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
  - Mozilla Observatory (API v2 JSON, ~10s)
  - SecurityHeaders.com (HTML scrape, ~5s)
  - SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)

Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).

Flags: --local, --full, --fix, --no-external.

Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 20:32:48 +02:00
bastien
7e3c6744c7 docs(claude): make TODO.md systematic for complex write/modify tasks
Replace the "3+ steps" threshold with a logic-based criterion: any
write/modify task touching new behavior, control flow, state, API,
or dependencies requires a plan in tasks/TODO.md decomposed into
subtasks — even a single complex task.

Drop the blanket "Confirm before implementing" step: confirmation is
now limited to real trade-offs (multiple valid approaches, breaking
changes, destructive actions) to avoid rubber-stamp friction.

Add an explicit exemption list (reads, explanations, typos, cosmetic
CSS, single config values) aligned with /hotfix scope.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:38:06 +02:00
bastien
6d8842e0c8 docs(onboard): document new pipeline (archetype detection + full audit)
USAGE.md Pattern C expanded with the 9-STEP pipeline table and post-run
flow. CLAUDE.md skill routing line updated to reflect the new scope
(config + archetype detection + full audit pipeline + backlog).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:37:44 +02:00
bastien
fe7c34ac17 docs(claude): consolidate graphify sections into Context Navigation
Merge the auto-installed "## graphify" block (L. 170-177, written by
`graphify claude install`) into the existing "## Context Navigation
(graphify)" block. Keeps one source of truth: when to invoke graphify,
what to read first (GRAPH_REPORT.md), and the AST-only --update
shortcut after code edits.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 17:54:51 +02:00
bastien
3ca18bc0f7 added some info into claude.md and settings 2026-04-21 15:22:05 +02:00
bastien
7223ebcf60 feat(agents): add design gate for automatic ui-ux-pro-max detection
Lightweight skills (feat, hotfix, bugfix) had zero plugin awareness —
design tasks ran without ui-ux-pro-max even when relevant. Add a
design gate (lib/design-gate.md) that auto-detects UI/style signals
in task description and filesystem, then asks the user to activate
ui-ux-pro-max if inactive. Orchestrators already handle this via
their STEP 0 plugin-check.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:50:56 +02:00
bastien
3766f3a581 feat(claude-md): add health stack + enrich skill routing with full arsenal
Health Stack persists shellcheck config for /health.
Skill routing now covers all skills (gstack + perso) with fallbacks
when gstack is unavailable (bugfix, ship-feature, doc).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:08:36 +02:00
bastien
72e168f39d chore: add gstack skill routing rules to CLAUDE.md 2026-04-16 00:37:37 +02:00
bastien
2ef37b5f9a chore: switch CLAUDE_EFFORT env var to --effort alias, add task tracking
install-plugins.sh: replace 'export CLAUDE_EFFORT=max' with
'alias claude="claude --effort max"' (cleaner, uses CLI flag).
Cleans up old env var from shell profile on re-run.

Also adds tasks/ tracking files and fixes trailing whitespace in CLAUDE.md.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 23:21:57 +02:00
bastien
02e4f25f56 docs(claude): rewrite graphify context navigation guidelines
Clarify when to use graphify (large-scope tasks only) vs reading
files directly (small tasks). Removes the "always query graph first"
rule that added unnecessary overhead for simple lookups.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 20:18:40 +02:00
bastien
80e03ce9fd added onboard and claude improve 2026-04-15 18:23:55 +02:00
bastien
6714a893d1 added security claude md 2026-04-15 17:37:03 +02:00
bastien
064b33c67e added api versions 2026-04-14 03:08:33 +02:00
bastien
4a85804b6d added no SPA for public website in claude.md 2026-04-14 01:15:41 +02:00
bastien
b3ada19509 Added honesty and clarity in claude.md for no bullshit yesman response 2026-04-13 16:06:34 +02:00
bastien
fb3e397c67 add gstack skill symlinks, graphify skill, and gitignore updates
Track all gstack-provided skill symlinks (autoplan, browse, qa, etc.)
and the graphify skill. Add .claude/, graphify-out/, .ctx7-cache/ to
gitignore to exclude local/generated files from the repo.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-12 14:56:03 +02:00
bchanot
64b9392189 final version seems 2026-04-08 13:46:45 +02:00
bastien
82eb8f226d opus version correction 2026-04-03 18:08:21 +02:00
bastien
42c5595e6a added skills and agents 2026-04-01 02:51:01 +02:00
bastien
4b88e0dc86 corrected to uppercase 2026-03-31 20:51:12 +02:00