Commit Graph

319 Commits

Author SHA1 Message Date
bastien
d50763e04c chore(graphify): bump skill to 0.7.0
- GitHub URL clone support (single + multi-repo merge)
- uv tool detection ahead of pipx shebang
- Optional Kimi K2.6 backend via MOONSHOT_API_KEY
- Discrete confidence rubric (0.55/0.65/0.75/0.85/0.95) replaces continuous range
- Aggregated community view for graphs >5000 nodes
- Manifest persistence after --update so next run diffs against current state
- Video file support, rationale-as-attribute (not separate node)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-06 17:08:47 +02:00
bastien
d5677f67c9 chore(memory): capitalize BDR-009 from caveman format mandate
Append BDR-009 entry + Index update in decisions.md, plus 2026-05-05
heading in journal.md covering the 4-commit batch.

Catches Index up to BDR-008 (was missing 007/008 entries despite
already-written sections).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-05 23:50:07 +02:00
bastien
ee00f8c32f chore(gitignore): exclude *.original.md compress backups
/caveman:compress writes a human-readable backup as <file>.original.md
before overwriting. Backups are recoverable via git history (the
pre-compression state lives in the previous commit), so committing
them duplicates content and bloats the repo.

Globbing on *.original.md catches all compressed registries plus
CLAUDE.original.md.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-05 23:46:47 +02:00
bastien
4364e2b351 chore(memory): compress 5 registries to caveman format
Apply CLAUDE.md "Format — registries ALWAYS caveman" rule to existing
entries via /caveman:compress. Drops articles, filler, and hedging
while preserving:

  - Technical terms (rtk, claude plugin install, framer-motion, etc.)
  - IDs unchanged (BDR-XXX, LRN-XXX, BLK-XXX, EVAL-XXX)
  - Dates unchanged (2026-04-22 etc.)
  - Code blocks and quoted error strings exact
  - Commit refs (892de28, 7b57b2e, d3c79f0, 64d6ca7)

Files: decisions.md, learnings.md, blockers.md, journal.md, evals.md.
Token reduction: ~40% on session-start memory load.

Pre-compression backups saved as *.original.md (gitignored next).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-05 23:46:23 +02:00
bastien
4181bdc9cf docs(memory): mandate caveman format for registries
Add "Format — registries ALWAYS caveman" rule alongside existing
English-only rule. All writes to .claude/memory/*.md (decisions,
learnings, blockers, journal, evals) must drop articles/filler/hedging
while preserving technical terms, IDs, dates, and code blocks exact.

Rationale: registries load every session start — caveman cuts ~40%
input tokens with zero loss of substance. Applies to direct writes and
skill-driven CAPITALIZE steps (close, ship-feature, feat, bugfix,
hotfix, commit-change). Existing entries: compress on demand via
/caveman:compress <file>.

Self-applied: CLAUDE.md prose itself compressed in same pass.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-05 23:46:15 +02:00
bastien
15fa120942 chore(settings): disable example-skills plugin
Toggle example-skills@anthropic-agent-skills off — not used in active
profiles, reduces session-start skill enumeration.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-05 23:46:06 +02:00
bastien
d694a9e0da chore(memory): capitalize BDR-007 + BDR-008 from profile system
- BDR-007: Skill profiles partition gstack by usage (v1, skill-only).
  Decision to ship lib/profile.sh + symlink-based toggle for skills,
  with plugin/MCP entries advisory in v1. Rationale: the existing
  toggle-external.sh enable|disable gstack is too coarse — it
  disables checkpoint/ship/learn alongside design skills. Profiles
  hide the irrelevant skills without uninstalling the gstack repo.
  Alternatives rejected: forking SKILL.md to strip the gstack
  preamble (re-fork on every upgrade — preamble already degrades
  gracefully via `|| true`); per-skill toggle via claude plugin
  enable/disable (gstack skills are not marketplace plugins);
  removing symlinks (lossy if user has local edits).

- BDR-008: Profile system v2 — extend to plugins + MCPs + CLIs.
  Reverses the "advisory only" stance from BDR-007 alternative #4.
  User feedback: pure-skill toggling left ui-ux-pro-max/magic always
  loaded regardless of profile, so passive token cost didn't drop
  enough on profile switch. Solution: real claude plugin enable/
  disable for an explicit MANAGED_PLUGINS allowlist (3 entries) +
  PROTECTED_PLUGINS denylist for always-on (caveman, security-
  guidance, superpowers). MCP magic delegated to toggle-external.sh.
  Other MCPs stay advisory because each needs specific config. Adds
  4 new profiles: web, seo, web-full, backend.

- Journal: 2026-05-04 entry summarizing the v1 ship, then a follow-up
  block for the v2 extension (new profiles, plugin auto-toggle, tie-
  breaker for `current`).

- TODO.md: marked done — v1 (Skill profiles) section and v2 (Profile
  system v2 — extension plugins/MCPs/CLIs) section, both with their
  full subtask lists.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 02:09:51 +02:00
bastien
239d91db67 feat(profile): partition skills/plugins/MCPs/CLIs by usage profile
Ship lib/profile.sh + 9 profiles in lib/profiles/. A profile is a
plain-text file listing items + types (gstack | personal | external |
plugin@<marketplace> | mcp | cli). `profile set <name>` enables the
listed items and disables the rest:

  - gstack/personal/external skills: symlink toggle skills/ ↔
    skills-disabled/ (gstack__<name> prefix to avoid collisions; no
    prefix for personal/external).
  - plugins typed `plugin@<marketplace>`: actually toggled via
    `claude plugin enable|disable <name>@<marketplace>`. Allowlist:
    MANAGED_PLUGINS = ui-ux-pro-max, plugin-dev, pr-review-toolkit.
    Denylist: PROTECTED_PLUGINS = caveman, security-guidance,
    superpowers (always-on, never disabled even if absent from a
    profile).
  - mcp magic: delegated to lib/toggle-external.sh which already
    handles the MAGIC_API_KEY env lookup. Other MCPs stay advisory.
  - cli (rtk, gsd, ctx7, graphify): status-only, never auto-installed.

Profiles shipped:
  web        public website work — frontend + content + light dev
  seo        SEO + GEO + W3C audit (search/AI indexability + a11y)
  web-full   production website end-to-end (web ∪ seo ∪ qa-only/canary)
  backend    backend / API / system dev — no design, no SEO
  design     visual QA, design systems, mockups, polish
  dev        daily code work — features, fixes, refactor, ship
  qa         site testing, perf, canary, validation
  audit      comprehensive audit — security + SEO + perf + health
  minimal    strip all gstack skills (quiet session)

Commands:
  profile list / show <name> / current / apply <name> / set <name> /
  reset / diff <a> <b>

`current` heuristic returns "full" when nothing is disabled, otherwise
picks the profile with the highest available-ratio (counts both
"enabled" and "installed" — the latter for CLIs). Tiebreaker: larger
profile total wins, so web-full beats web at a 100% tie.

`reset` re-enables every gstack skill but does NOT touch plugins —
the user re-enables a managed plugin manually or via `apply <profile>`.
This is documented in the trailing info line.

Integration:
  - skills/profile/SKILL.md — `/profile` slash command, lists profiles,
    documents the per-type mechanism, points at lib/profile.sh.
  - agents/plugin-advisor.md — DETECT phase calls `profile current`,
    OUTPUT adds a PROFILE line, and TOGGLING EXTERNAL TOOLS gains a
    "Skill profiles" section with a signal → profile recommendation
    table.
  - lib/toggle-external.sh — header pointer to profile.sh for fine-
    grained activation (toggle-external still owns whole-gstack and
    magic-MCP toggles).
  - Makefile — `make profile cmd="set <name>"`, profile-list,
    profile-current, profile-reset.

Tested end-to-end: `set web` enables ui-ux-pro-max + magic; `set seo`
disables ui-ux-pro-max; `set minimal` disables ui-ux-pro-max but
spares always-on plugins; `reset` restores all 64 skills; shellcheck
clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 02:09:28 +02:00
bastien
d8ad38b131 chore(memory): capitalize BDR-006 + LRN-005 + LRN-006 from caveman session
- BDR-006: Caveman as 4th always-on plugin (output compression, sym
  with rtk's input compression). Full install rationale, alternatives
  rejected, caveats around path normalization + gitignore.
- LRN-005: claude plugin install does NOT enable — explicit
  claude plugin enable required for ALWAYS-ON plugins. Pattern: read
  enabledPlugins, never hardcode plugin names in status displays.
- LRN-006: caveman-shrink (and any MCP middleware proxy) needs an
  upstream wrapper. Bare registration fails health checks. Pattern:
  register under derived names (proxy-upstream), don't auto-register.
- Journal: 2026-05-03 entry summarizing the session.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 23:06:26 +02:00
bastien
64d6ca7843 fix(install,session-start): enable always-on plugins + truthful banner
Two interlocked bugs masking each other:

1. install-plugins.sh installed but never enabled marketplace plugins.
   `claude plugin install` only writes to ~/.claude/plugins/cache; without
   a separate `claude plugin enable` the plugin sits dormant in the
   user's enabledPlugins map. security-guidance and superpowers shipped
   as ALWAYS-ON in CLAUDE.md/README/installer banner but in practice
   landed disabled on every fresh install.

2. session-start.sh hardcoded the literal "security-guidance rtk
   superpowers" in the  ON row, so the misleading banner agreed with
   the misleading documentation. The bug stayed invisible.

Fixes:
  - install-plugins.sh now calls enable_plugin (added in the caveman
    commit) for security-guidance and superpowers immediately after
    install. Idempotent: skips if already in enabledPlugins.
  - session-start.sh builds the ALWAYS-ON row dynamically from RTK
    binary detection + plugin_enabled() lookups against
    settings.json. Plugins that are not enabled are omitted, so the
    banner reflects reality. Wider strings split across two lines like
    the toggle row.
  - settings.json: ship security-guidance and superpowers in
    enabledPlugins so this user's machine matches the contract until
    install-plugins.sh runs again.

Out of scope (separate bug, not addressed here): the marketplace-aware
detect_security_guidance / detect_plugin_dev cache scans miss plugins
nested under cache/<marketplace>/<plugin>/<version>/. They aren't on
the always-on path so the symptom is hidden — left for a follow-up.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 23:03:21 +02:00
bastien
e4f4edc121 feat(caveman): full install — plugin + standalone hooks + MCP scaffold
Wires JuliusBrussee/caveman into the always-on tier alongside
security-guidance and superpowers. Caveman compresses Claude's output
tokens (~75%) by speaking like a caveman while keeping technical
substance. Three layers:

  1. Plugin (caveman@caveman, marketplace JuliusBrussee/caveman)
     — adds /caveman, /caveman-commit, /caveman-review, /caveman-stats,
       /caveman-help, /cavecrew, /compress + 3 cavecrew agents +
       SessionStart/UserPromptSubmit hooks from the plugin path.
  2. Standalone hooks (statusline + stats badge) deployed by
     caveman's own hooks/install.sh into ~/.claude/hooks/. Paths in
     settings.json normalized to ~/.claude/hooks/... so this user's
     home dir doesn't leak across machines.
  3. caveman-shrink MCP proxy — NOT auto-registered. The bare proxy
     fails health checks because it requires an upstream MCP server
     to wrap. install-plugins.sh STEP 5.5 prints a snippet showing how
     to register a wrapped entry (e.g. caveman-shrink-fs) when the user
     decides which upstream to compress.

New helper enable_plugin() for explicit always-on activation —
'claude plugin install' only copies into cache, doesn't write
enabledPlugins. Idempotent via Python json check.

doctor.sh adds detect_caveman / detect_caveman_hooks / detect_caveman_shrink
checks plus a 300t passive-cost adder. update-all.sh refreshes hook
files via the upstream installer's --force mode.

.gitignore covers caveman runtime files materialized into hooks/
because ~/.claude/hooks is symlinked to this repo.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 23:02:47 +02:00
bastien
94b79d2ebb fix(doctor): guard gstack find against set -euo pipefail
doctor.sh exited at the gstack-skills-count step on machines where
~/.claude/skills/gstack does not contain a skills/ subdirectory (e.g.
when the gstack submodule layout puts skills directly at root). Under
set -o pipefail, find's non-zero exit propagated through wc | tr,
killing the script before it reached the prerequisites/plugins/budget
sections.

Wrap the find in a brace group with `|| true` so the pipe stays
zero-exit and downstream sections run.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 23:00:11 +02:00
bastien
4d3fb6a661 chore(memory): capitalize BDR-005 + LRN-004 from animation lib auto-install
BDR-005: motion as default animation library; plugin-advisor stays
read-only (orchestrators own install).

LRN-004: framer-motion was rebranded `motion` in Nov 2024 — single
package for React/Svelte/vanilla, separate `motion-v` for Vue. React
Native still needs react-native-reanimated.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 15:32:55 +02:00
bastien
f80f83ee77 feat(animation): auto-install motion lib + detection across init/onboard/advisor
Add lib/animation-lib-check.sh with detect_anim_eligibility,
is_anim_lib_installed and recommend_anim_install_cmd helpers.
Wire it into the framework:
- init-project STEP 5e: silent auto-install after scaffold validated
- onboard STEP 2.5: propose + wait for user confirmation (opt-in on
  existing projects)
- plugin-advisor PHASE 1/2/3: read-only detection only, never installs
- scaffolder PHASE 4: clarifies boundary (orchestrator owns motion install)
- design-gate filesystem signals: motion / motion-v / framer-motion /
  gsap / lottie-react / react-spring / popmotion / auto-animate

Recommends `motion` (rebranded from framer-motion in Nov 2024) for
React-family and Svelte stacks, `motion-v` for Vue 3 / Nuxt. Excludes
React Native (use react-native-reanimated), backend, embedded, Flutter.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 15:32:46 +02:00
bastien
d513ea39a0 auto mode 2026-04-27 13:48:40 +02:00
bastien
e209f56216 chore(memory): capitalize BDR-004 + LRN-003 from auto-mode switch
BDR-004 documents the decision to adopt auto permission mode as default
with classifier safety net, alternatives, and feature-gate caveats.

LRN-003 captures the gotcha that Claude Code's disable* settings use
the literal sentinel string "disable" rather than a boolean — required
context for any future permission-mode change.

Journal entry added for 2026-04-27.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-27 13:19:00 +02:00
bastien
d3c79f02a0 feat(settings): enable auto permission mode by default
Switch defaultMode from "default" to "auto" so Claude Code uses the
classifier-driven auto mode instead of prompting on each tool call.
Drop disableAutoMode: "disable" which would otherwise reject the new
defaultMode at startup.

Auto mode requires Claude Code v2.1.83+, a Max/Team/Enterprise/API
plan, a compatible Sonnet 4.6 / Opus 4.6 / Opus 4.7 model, and the
Anthropic API provider. If any prerequisite is missing, Claude Code
reports auto mode as unavailable on session start.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-27 13:16:39 +02:00
bastien
dd701f4bf5 chore(settings): reorder keys and add effortLevel xhigh
Move remoteControlAtStartup to the bottom of the file (next to other
top-level user preferences) and add effortLevel: xhigh as the default
reasoning effort.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-27 13:16:24 +02:00
bastien
f24bea4d14 chore: remove stale root TODO.md
Tracking moved to .claude/tasks/TODO.md per project convention.
The 3 listed skills (SEO, code-clean, doc) were already shipped.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-27 13:15:47 +02:00
bastien
54602a9a3c chore(memory): retrofit existing 9 entries to English
Apply the English-only rule (BDR/CLAUDE.md § Memory registries)
retroactively to the 9 entries written before the rule was in place:

- decisions.md: BDR-001, BDR-002, BDR-003 + index titles
- learnings.md: LRN-001, LRN-002 body prose (LRN-002 was already
  half-English from the CAPITALIZE pass; now fully normalized)
- blockers.md: BLK-001, BLK-002 + BLK-002 index row
- journal.md: 2026-04-23 entry rewritten, + one bullet added noting
  the retrofit itself
- evals.md: EVAL-001 + index row

Content-preserving translation — same claims, same IDs, same dates,
same file structure. YAML headers and schema sections untouched
(they were already English).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:30:58 +02:00
bastien
617865cb07 feat(capitalize): enforce English in all memory registry entries
Registries are re-read at every session start; consistency pays back
each time. Adding a single rule in CLAUDE.md § Memory registries
(authoritative) + a short reminder at the end of each CAPITALIZE
block (ship-feature, bugfix, hotfix, feat, commit-change, close).

Rationale: (1) model re-reads the registries more efficiently in a
single language, (2) lower token cost for English (model's primary
training language), (3) easier cross-project reuse. Interactive gates
may still mirror the user's language — only the written entry is
constrained.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:24:04 +02:00
bastien
ec5ba2a16c chore(memory): capitalize BDR-003 + LRN-002 + BLK-002 from restructure
First real CAPITALIZE phase (commit-changer Phase 4) — extract reusable
knowledge from the .claude/ restructure batch (commits 892de28..6ec06c8):

- BDR-003: gitignore wildcard + negations pattern (decision with why/alts)
- LRN-002: moving report-file paths requires grepping bash READS,
           not just WRITES — rule learned from 2 dispatchers being
           silently broken until a verify-gate caught them
- BLK-002: rmdir blocked in sandbox even on empty dirs — resolved via
           git rm + rename auto-detect (no rmdir needed in practice)
- journal: 2026-04-23 entry extended with verify-gate outcomes and
           commit batch reference

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:19:28 +02:00
bastien
6ec06c803a docs: add MIGRATION.md for existing projects
One-shot bash migration block for repos onboarded before this layout:
creates .claude/{tasks,memory,audits}, moves tasks/*.md + AUDIT_* +
orphan root audits (SEO/GEO/HARDEN/VALIDATE/BUGS-FOUND) to the new
homes, seeds memory registries from templates, patches .gitignore to
un-ignore shared dirs, and ships a post-migration sanity check.

Uses mv throughout (no rm) so the migration stays reversible via
git checkout . until the commit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:07:02 +02:00
bastien
7b57b2e091 refactor(audits): route all report writes to .claude/audits/
Before: SEO.md, GEO.md, HARDEN.md, VALIDATE.md, BUGS-FOUND.md landed
at project root. After: all five go to .claude/audits/. Covers both
dispatcher write paths and the dispatcher bash commands that parse
each report (test -s, grep score, wc) — otherwise the dispatcher
would look for the file at the old location.

- skills/seo,geo,harden,validate,code-clean — write paths + console
  summaries ("Report: .claude/audits/X.md")
- skills/harden,validate — bash parsing commands (test/grep/wc) aligned
- agents/seo-analyzer,validator-analyzer,code-cleaner — agent-side refs
- agents/validator-analyzer frontmatter description updated

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:54 +02:00
bastien
32ccceb548 fix(gitignore): un-ignore shared .claude/{tasks,memory,audits}/
Previous rule (.claude/) ignored everything under .claude/, making
the new governance files invisible to git. Switches to a wildcard
pattern with explicit negations: tasks/memory/audits/settings.json
become trackable; settings.local.json and agent-memory/ stay
per-machine. Commits existing .claude/settings.json which now falls
under the tracked scope.

Verified with git check-ignore:
- .claude/memory/decisions.md → exit 1 (not ignored) ✓
- .claude/tasks/TODO.md      → exit 1 (not ignored) ✓
- .claude/settings.local.json → exit 0 (ignored)    ✓
- .claude/agent-memory/      → exit 0 (ignored)     ✓

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:44 +02:00
bastien
a3843fbf70 docs(usage): sync /onboard table with .claude/ paths
Table in Pattern C (onboard) referenced tasks/ in steps 2, 7, 9 and
the post-onboard cat command. Aligns with the new governance layout.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:36 +02:00
bastien
a6ff0e62ed feat(close): add /close skill for session-end memory ritual
Manual fallback for the 3-question ritual (what was decided / learned
/ blocked) when none of the completion skills ran. Pre-fills BDR/LRN/
BLK candidates from git log + conversation context, presents for
validation, appends approved entries to .claude/memory/ registries
plus a timeline line in journal.md. Always writes the journal line
even if all 3 questions are skipped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:31 +02:00
bastien
6e322db968 feat(capitalize): add CAPITALIZE step across completion skills
Registries only get filled if something actively writes to them.
Without integration, the 3-question ritual is aspirational text.
Adds a CAPITALIZE step at the end of every completion skill so work
milestones automatically propose BDR/LRN/BLK entries from context.

- ship-feature STEP 9 — decision/learning/blocker candidates per feature
- bugfix STEP 7 — always propose BLK with root cause; LRN if pattern reusable
- hotfix STEP 5 — default skip; only prompt when non-obvious lesson surfaces
- feat STEP 6 — propose BDR for design choice, LRN for pattern
- commit-change Phase 4 — analyze the commit batch, propose grouped entries

Every variant also appends a one-liner to .claude/memory/journal.md under
today's date heading.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:24 +02:00
bastien
c1efd87aad refactor(onboard,init-project): migrate file paths to .claude/
Adapt the two skills that scaffold project config + the underlying
onboarder agent + the dotfiles-meta archetype folder tree to the new
governance layout. AUDIT_* files go to .claude/audits/, TODO goes to
.claude/tasks/, and .claude/memory/ is seeded from ~/.claude/templates/memory/
with all 5 registries (decisions/learnings/blockers/journal/evals).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:14 +02:00
bastien
e93116e160 docs(claude): adopt .claude/ paths + add Memory registries section
Session start now reads the 5 registries before TODO.md. After-code-
changes rule points to .claude/memory/ (routed per type) instead of
the single tasks/LESSONS.md. Adds Memory registries section with
routing rules, proactive-capitalization guideline, and session-close
ritual. Updates via symlink to ~/.claude/CLAUDE.md too.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:08 +02:00
bastien
892de288fe feat(memory): introduce .claude/{tasks,memory,audits}/ governance layout
Move tasks/ into .claude/tasks/ and create .claude/memory/ with 5
persistent registries (decisions/learnings/blockers/journal/evals) plus
.claude/audits/ for audit reports. Also seed templates/memory/ for
onboarder to copy into user projects.

- tasks/TODO.md, tasks/rtk-upstream-issue.md → .claude/tasks/
- tasks/LESSONS.md deleted (empty template; superseded by learnings.md)
- .claude/memory/: 5 append-only registries with YAML schema + seed entries
- templates/memory/: 5 empty-index templates for new projects

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:00 +02:00
bastien
6f5f4fe5b5 aded remote controle true 2026-04-23 14:17:39 +02:00
bastien
e47376d3dc docs(tasks): plan --help helper across all skills (option C)
Add TODO section for future work: add a `--help` / `help` argument
handler to every personal skill so users can type `/<skill> --help`
and get a standardized help block (description, usage, arguments,
examples, see-also) without dispatching the agent.

Design sketch: shared lib at skills/lib/help-handler.md, integrated
as STEP 0.5 in each SKILL.md. Skills-external/gstack excluded — they
have their own convention.

Follow-up discovered while reviewing /validate — the new skill has
argument-hint but no --help handler, matching the state of every
other personal skill. Worth systematizing rather than one-off.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 22:39:59 +02:00
bastien
feed3dbae9 feat(validate): add W3C HTML/CSS validity + WCAG a11y audit skill
New /validate skill runs a narrow-scope web standards audit covering
W3C HTML validity (validator.nu API in FULL, html-validate / vnu.jar
in LOCAL), W3C CSS validity (jigsaw.w3.org/css-validator in FULL,
stylelint / css-tree in LOCAL), and WCAG 2.1 accessibility (pa11y,
@axe-core/cli, WAVE API, or static checklist fallback).

Dedicated validator-analyzer agent with a strict IN/OUT scope filter
so the report stays focused on conformance — no meta/OG/JSON-LD/
sitemap/CSP/cookie/CWV noise. Those remain owned by /seo, /geo, and
/harden respectively.

LOCAL mode degrades gracefully: tries local npm tools first, falls
back to static analysis if none present (same 12-point a11y checklist
as /onboard a11y dispatch). Never fails hard.

Framework awareness: validates built output (dist/, _site/, build/,
out/) for SPA/JS frameworks, not JSX/TSX source. Warns if no build
dir found.

Fix mode (--fix) produces a conservative auto-fix bundle: missing
lang attr, alt="" on decorative images, unclosed void tags, duplicate
IDs, unambiguous heading level skips. Content decisions (form labels,
color contrast, landmark restructure, alt text on content images)
always go to User actions, never auto-applied.

Flags: --local, --full, --fix, --no-external.

Routing updated in CLAUDE.md. /harden and /seo cross-refs narrowed
to redirect W3C / WCAG concerns to /validate (was previously routed
to /onboard a11y dispatch, which only runs at setup).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 22:39:30 +02:00
bastien
97415e9aea feat(harden): add web hardening audit skill
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).

Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.

FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
  - Mozilla Observatory (API v2 JSON, ~10s)
  - SecurityHeaders.com (HTML scrape, ~5s)
  - SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)

Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).

Flags: --local, --full, --fix, --no-external.

Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 20:32:48 +02:00
bastien
051779e5ff feat(onboard): make cso security audit archetype-aware
STEP 4.5 extracts the archetype's "Implications" (Surface sécurité) and
"Typical pain points" sections into .onboard-audit/archetype-context.md.
STEP 6 cso dispatch reads it and filters checks per category: web vulns
(XSS/SQLi/CORS/CSP/CSRF/HTTPS) only on framework/api/ecommerce/cms,
embedded-specific checks (buffer overflow, secure boot, JTAG, OTA sig)
only on embedded; library/cli/infra/data-science/desktop each get their
own focused section. Previously the fallback prompt searched for web
vulnerabilities even on firmware projects.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 13:52:09 +02:00
bastien
31202e8621 docs(claude): make TODO.md systematic for complex write/modify tasks
Replace the "3+ steps" threshold with a logic-based criterion: any
write/modify task touching new behavior, control flow, state, API,
or dependencies requires a plan in tasks/TODO.md decomposed into
subtasks — even a single complex task.

Drop the blanket "Confirm before implementing" step: confirmation is
now limited to real trade-offs (multiple valid approaches, breaking
changes, destructive actions) to avoid rubber-stamp friction.

Add an explicit exemption list (reads, explanations, typos, cosmetic
CSS, single config values) aligned with /hotfix scope.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:38:06 +02:00
bastien
1da901ee8e docs(onboard): document new pipeline (archetype detection + full audit)
USAGE.md Pattern C expanded with the 9-STEP pipeline table and post-run
flow. CLAUDE.md skill routing line updated to reflect the new scope
(config + archetype detection + full audit pipeline + backlog).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:37:44 +02:00
bastien
3f85bcf3ad refactor(onboard): split into orchestrator skill + config-only agent
Move discovery, interview, archetype detection, audit pipeline, and
validation gates from the onboarder agent into the /onboard skill as
a 9-STEP orchestrator (STEP 0 plugin-check → STEP 9 sequenced backlog).

The onboarder agent becomes a pure config generator: takes a prepared
brief, writes CLAUDE.md / settings.json / .claudeignore / tasks/ scaffold.
No more interview or filesystem scanning in the agent.

Agent shrinks 263 → 86 lines; skill grows 15 → 847 lines.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:37:16 +02:00
bastien
3c8b2a8f68 feat(archetypes): add project archetype library + detection algorithm
Introduce ~/.claude/lib/project-archetypes/ with 25 archetype files
(web, mobile, APIs, CMS, infra, firmware, etc.) and the detection
algorithm in lib/archetype-detector.md. Consumed by /onboard STEP 1
to drive archetype-specific audit stacks and plugin recommendations.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:37:07 +02:00
bastien
72920e032e feat(toggle-external): manage Magic MCP (21st-dev) — installed disabled by default
Add `magic` to the unified toggle-external.sh helper alongside gstack,
emil-design-eng, darwin-skill, find-skills. MCPs are toggled via
`claude mcp add|remove` instead of symlink moves.

API key loaded from $REPO/.env (gitignored) via .env.example template.
install-plugins.sh step 8.7 forces magic MCP off after each install run
so the MCP doesn't load into every session unless explicitly enabled.

Toggle: bash lib/toggle-external.sh enable|disable|status magic

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 20:28:03 +02:00
bastien
07b8a207c1 docs(claude): consolidate graphify sections into Context Navigation
Merge the auto-installed "## graphify" block (L. 170-177, written by
`graphify claude install`) into the existing "## Context Navigation
(graphify)" block. Keeps one source of truth: when to invoke graphify,
what to read first (GRAPH_REPORT.md), and the AST-only --update
shortcut after code edits.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 17:54:51 +02:00
bastien
f922fbbc59 chore(graphify): bump skill to v0.4.23
Auto-upgraded during /graphify invocation. Notable SKILL.md changes:
safer AST cache_root (pin to cwd), clearer node ID format docs with
concrete example, new Step 6b Wiki export (opt-in via --wiki),
--update now persists merged extraction back to .graphify_extract.json
so Step 4 sees the full graph.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 17:54:45 +02:00
bastien
a446a428a7 fix(toggle-external): idempotent enable/disable — clobber stale destination before mv
gstack ./setup now creates skills/<name>/ as directories (with a SKILL.md
symlink inside) rather than top-level symlinks. A second disable call used
to nest the new dir inside the existing one (gstack__<name>/<name>/),
producing "mv: cannot overwrite … Directory not empty" on the third call
and breaking `make install` under set -euo pipefail.

rm -rf the destination first — contents are symlinks into the submodule
and are regenerated by gstack ./setup, so clobbering is safe.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 17:05:50 +02:00
bastien
c7d4fe5042 suppressed model 2026-04-21 16:59:16 +02:00
bastien
476195978e feat(seo/geo): CMS plugin-first + shared-file edit discipline + Bing/IndexNow mandatory
Post-review hardening of the parallel seo+geo dispatch:

- skills/seo/SKILL.md: shared-file edit discipline embedded in both dispatch prompts (Edit-only on shared templates, Write only on sole-owned files). CROSS-AGENT NOTES flow clarified — dispatcher escalates to SEO.md §11 as user action with automation options (Option B).
- agents/seo-analyzer.md: STEP 2 detects 8 CMS (WordPress/Drupal/Magento/Shopify/Joomla/PrestaShop/Ghost/Wix-Squarespace-Webflow) and presence of SEO plugins. STEP 10 emits P0 quick win "install CMS plugin" when CMS detected without plugin. STEP 5 expands topic clusters / silos sémantiques. Framework notes in STEP 12 cover all 8 CMS explicitly.
- agents/geo-analyzer.md: STEP 6 checks /faq path + FAQPage schema presence. STEP 11 mandates 3 AI-index user actions per FULL audit (Bing Webmaster Tools / GSC / IndexNow) + Apple Business Connect for local business.
- agents/resources/automation-catalog.md: new structured CMS plugin section (install links + pricing per platform). AI-index submission section rewritten with Bing Webmaster as canonical entry for ChatGPT Search/Copilot/DuckDuckGo, IndexNow protocol details, Brave Web Discovery, Apple Business Connect.
- agents/resources/llms-txt-template.md: explicit note that /ai.txt and /about-data are NOT real standards; llms.txt (Jeremy Howard) remains the only proposed one.

Rationale: third-party AI review of the skill surfaced 5 gaps — race condition on shared templates (Layout.astro holds meta + JSON-LD), ambiguous cross-agent flow, missing CMS-plugin-first logic (Gemini), under-exposed Bing Webmaster (ChatGPT Search channel), and minor accuracy items.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-21 16:57:32 +02:00
bastien
95347d2e47 feat(seo/geo): split into parallel seo + geo agents with shared resources
Refactor the monolithic seo-analyzer into two specialist agents
orchestrated in parallel by the /seo skill, plus a standalone /geo
skill for AI-only audits.

Changes
- agents/seo-analyzer.md: refocused on classical engines (Google, Bing,
  DuckDuckGo). Adds Core Web Vitals 2.0 (LCP/INP/CLS + VSI), CSP + full
  security headers, hreflang audit, video SEO (transcripts), accessibility
  as ranking signal, image/video sitemaps.
- agents/geo-analyzer.md: new agent for AI engines (ChatGPT, Claude,
  Perplexity, Gemini, Google AI Overviews, Copilot). Covers AI crawler
  policy, llms.txt/llms-full.txt, Schema.org for AI extraction (QAPage,
  Speakable, Person+Article, Organization graph), entity SEO (Wikidata,
  sameAs, Knowledge Panel), content shape (Definition Lead, TL;DR,
  Q->A, citable stats, freshness), AI visibility testing.
- agents/resources/: shared knowledge base referenced by both agents —
  ai-crawlers-2026.md (25+ bots, training vs retrieval categories,
  permissive/restrictive templates), llms-txt-template.md, geo-schemas.md
  (incl. deprecated list: ClaimReview, CourseInfo, etc. removed June 2025),
  entity-seo.md, content-shape-for-ai.md, ai-visibility-tools.md,
  automation-catalog.md.
- skills/seo/SKILL.md: becomes parallel dispatcher. Collects context
  once (depth + business), spawns both agents in a single message for
  concurrent execution, merges envelopes into unified SEO.md. Includes
  authoritative file-ownership matrix to prevent parallel-edit races.
- skills/geo/SKILL.md: new standalone wrapper for GEO-only audits.

Scoring
- Combined score: GLOBAL = 0.80 * SEO + 0.20 * GEO (local B2C),
  0.75 * SEO + 0.25 * GEO (SaaS/national/content).
- GEO axis weight raised from 5% (old) to first-class dimension.

Policy
- AI crawlers: permissive default (maximise AI citations). Restrictive
  template available for premium/regulated content.
- Every user action in SEO.md section 11 must cite automation options
  from automation-catalog.md.

Tools
- WebFetch + WebSearch added to allowed-tools of both skills and
  both agents (needed for live CWV via PageSpeed API, AI visibility
  testing, Wikidata/Knowledge Panel lookups, competitor analysis).

Research basis (2026 state of the art validated via WebSearch):
- Core Web Vitals 2.0 (VSI signal, Google core update March 2026)
- AI Overviews trigger on ~48% of Google searches
- ClaimReview + 6 other schema types deprecated June 2025
- Definition Lead Architecture (CMU KDD 2024, +impression score)
- Citations + stats add up to 40% AI visibility (Aggarwal 2024)
- Wikidata grounds every major LLM (ChatGPT, Claude, Gemini, Perplexity)

Backup
- agents/seo-analyzer.md.bak kept for rollback reference.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-21 16:16:30 +02:00
bastien
53d04db480 feat(install): gstack disabled by default — opt-in via toggle-external
gstack ships ~40 skills that all load into Claude's context. Keeping
them active by default taxes every session, even when the project has
no browser-QA or deploy workflow. install-plugins.sh now calls
`toggle-external.sh disable gstack` right after gstack's ./setup, so
fresh installs land with gstack symlinks staged in skills-disabled/.

update-all.sh captures the current enabled/disabled state before the
submodule bump and restores it afterwards — otherwise ./setup would
silently re-enable a user who had explicitly disabled gstack.

To use gstack: `bash lib/toggle-external.sh enable gstack`.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 15:30:52 +02:00
bastien
e144dc78ee added some info into claude.md and settings 2026-04-21 15:22:05 +02:00
bastien
6ade88f38d chore(gitignore): ignore new gstack skills from v0.17.0 submodule bump
gstack 0.17.0 added 5 skills that land in skills/ via gstack ./setup
(benchmark-models, context-restore, context-save, make-pdf, plan-tune).
The older gstack skills are already ignored here — extend the list so
these don't show up as untracked after `make update`.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 15:18:43 +02:00