Commit Graph

22 Commits

Author SHA1 Message Date
bastien
e93116e160 docs(claude): adopt .claude/ paths + add Memory registries section
Session start now reads the 5 registries before TODO.md. After-code-
changes rule points to .claude/memory/ (routed per type) instead of
the single tasks/LESSONS.md. Adds Memory registries section with
routing rules, proactive-capitalization guideline, and session-close
ritual. Updates via symlink to ~/.claude/CLAUDE.md too.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:06:08 +02:00
bastien
feed3dbae9 feat(validate): add W3C HTML/CSS validity + WCAG a11y audit skill
New /validate skill runs a narrow-scope web standards audit covering
W3C HTML validity (validator.nu API in FULL, html-validate / vnu.jar
in LOCAL), W3C CSS validity (jigsaw.w3.org/css-validator in FULL,
stylelint / css-tree in LOCAL), and WCAG 2.1 accessibility (pa11y,
@axe-core/cli, WAVE API, or static checklist fallback).

Dedicated validator-analyzer agent with a strict IN/OUT scope filter
so the report stays focused on conformance — no meta/OG/JSON-LD/
sitemap/CSP/cookie/CWV noise. Those remain owned by /seo, /geo, and
/harden respectively.

LOCAL mode degrades gracefully: tries local npm tools first, falls
back to static analysis if none present (same 12-point a11y checklist
as /onboard a11y dispatch). Never fails hard.

Framework awareness: validates built output (dist/, _site/, build/,
out/) for SPA/JS frameworks, not JSX/TSX source. Warns if no build
dir found.

Fix mode (--fix) produces a conservative auto-fix bundle: missing
lang attr, alt="" on decorative images, unclosed void tags, duplicate
IDs, unambiguous heading level skips. Content decisions (form labels,
color contrast, landmark restructure, alt text on content images)
always go to User actions, never auto-applied.

Flags: --local, --full, --fix, --no-external.

Routing updated in CLAUDE.md. /harden and /seo cross-refs narrowed
to redirect W3C / WCAG concerns to /validate (was previously routed
to /onboard a11y dispatch, which only runs at setup).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 22:39:30 +02:00
bastien
97415e9aea feat(harden): add web hardening audit skill
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).

Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.

FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
  - Mozilla Observatory (API v2 JSON, ~10s)
  - SecurityHeaders.com (HTML scrape, ~5s)
  - SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)

Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).

Flags: --local, --full, --fix, --no-external.

Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 20:32:48 +02:00
bastien
31202e8621 docs(claude): make TODO.md systematic for complex write/modify tasks
Replace the "3+ steps" threshold with a logic-based criterion: any
write/modify task touching new behavior, control flow, state, API,
or dependencies requires a plan in tasks/TODO.md decomposed into
subtasks — even a single complex task.

Drop the blanket "Confirm before implementing" step: confirmation is
now limited to real trade-offs (multiple valid approaches, breaking
changes, destructive actions) to avoid rubber-stamp friction.

Add an explicit exemption list (reads, explanations, typos, cosmetic
CSS, single config values) aligned with /hotfix scope.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:38:06 +02:00
bastien
1da901ee8e docs(onboard): document new pipeline (archetype detection + full audit)
USAGE.md Pattern C expanded with the 9-STEP pipeline table and post-run
flow. CLAUDE.md skill routing line updated to reflect the new scope
(config + archetype detection + full audit pipeline + backlog).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:37:44 +02:00
bastien
07b8a207c1 docs(claude): consolidate graphify sections into Context Navigation
Merge the auto-installed "## graphify" block (L. 170-177, written by
`graphify claude install`) into the existing "## Context Navigation
(graphify)" block. Keeps one source of truth: when to invoke graphify,
what to read first (GRAPH_REPORT.md), and the AST-only --update
shortcut after code edits.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 17:54:51 +02:00
bastien
e144dc78ee added some info into claude.md and settings 2026-04-21 15:22:05 +02:00
bastien
57309b80f8 feat(agents): add design gate for automatic ui-ux-pro-max detection
Lightweight skills (feat, hotfix, bugfix) had zero plugin awareness —
design tasks ran without ui-ux-pro-max even when relevant. Add a
design gate (lib/design-gate.md) that auto-detects UI/style signals
in task description and filesystem, then asks the user to activate
ui-ux-pro-max if inactive. Orchestrators already handle this via
their STEP 0 plugin-check.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:50:56 +02:00
bastien
0f28829bdb feat(claude-md): add health stack + enrich skill routing with full arsenal
Health Stack persists shellcheck config for /health.
Skill routing now covers all skills (gstack + perso) with fallbacks
when gstack is unavailable (bugfix, ship-feature, doc).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:08:36 +02:00
bastien
40db25b590 chore: add gstack skill routing rules to CLAUDE.md 2026-04-16 00:37:37 +02:00
bastien
3f69326c9a chore: switch CLAUDE_EFFORT env var to --effort alias, add task tracking
install-plugins.sh: replace 'export CLAUDE_EFFORT=max' with
'alias claude="claude --effort max"' (cleaner, uses CLI flag).
Cleans up old env var from shell profile on re-run.

Also adds tasks/ tracking files and fixes trailing whitespace in CLAUDE.md.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 23:21:57 +02:00
bastien
eb020d88a7 docs(claude): rewrite graphify context navigation guidelines
Clarify when to use graphify (large-scope tasks only) vs reading
files directly (small tasks). Removes the "always query graph first"
rule that added unnecessary overhead for simple lookups.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 20:18:40 +02:00
bastien
9d73d31cde added onboard and claude improve 2026-04-15 18:23:55 +02:00
bastien
46f9fc93d3 added security claude md 2026-04-15 17:37:03 +02:00
bastien
67e66b7217 added api versions 2026-04-14 03:08:33 +02:00
bastien
7318c18730 added no SPA for public website in claude.md 2026-04-14 01:15:41 +02:00
bastien
1f65a365f4 Added honesty and clarity in claude.md for no bullshit yesman response 2026-04-13 16:06:34 +02:00
bastien
0dac12b885 add gstack skill symlinks, graphify skill, and gitignore updates
Track all gstack-provided skill symlinks (autoplan, browse, qa, etc.)
and the graphify skill. Add .claude/, graphify-out/, .ctx7-cache/ to
gitignore to exclude local/generated files from the repo.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-12 14:56:03 +02:00
bchanot
f55a2b3fdf final version seems 2026-04-08 13:46:45 +02:00
bastien
f8811fab37 opus version correction 2026-04-03 18:08:21 +02:00
bastien
fbe43d519e added skills and agents 2026-04-01 02:51:01 +02:00
bastien
8ccdfd8eb3 corrected to uppercase 2026-03-31 20:51:12 +02:00