Commit Graph

20 Commits

Author SHA1 Message Date
bastien
97415e9aea feat(harden): add web hardening audit skill
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).

Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.

FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
  - Mozilla Observatory (API v2 JSON, ~10s)
  - SecurityHeaders.com (HTML scrape, ~5s)
  - SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)

Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).

Flags: --local, --full, --fix, --no-external.

Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 20:32:48 +02:00
bastien
31202e8621 docs(claude): make TODO.md systematic for complex write/modify tasks
Replace the "3+ steps" threshold with a logic-based criterion: any
write/modify task touching new behavior, control flow, state, API,
or dependencies requires a plan in tasks/TODO.md decomposed into
subtasks — even a single complex task.

Drop the blanket "Confirm before implementing" step: confirmation is
now limited to real trade-offs (multiple valid approaches, breaking
changes, destructive actions) to avoid rubber-stamp friction.

Add an explicit exemption list (reads, explanations, typos, cosmetic
CSS, single config values) aligned with /hotfix scope.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:38:06 +02:00
bastien
1da901ee8e docs(onboard): document new pipeline (archetype detection + full audit)
USAGE.md Pattern C expanded with the 9-STEP pipeline table and post-run
flow. CLAUDE.md skill routing line updated to reflect the new scope
(config + archetype detection + full audit pipeline + backlog).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 22:37:44 +02:00
bastien
07b8a207c1 docs(claude): consolidate graphify sections into Context Navigation
Merge the auto-installed "## graphify" block (L. 170-177, written by
`graphify claude install`) into the existing "## Context Navigation
(graphify)" block. Keeps one source of truth: when to invoke graphify,
what to read first (GRAPH_REPORT.md), and the AST-only --update
shortcut after code edits.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-21 17:54:51 +02:00
bastien
e144dc78ee added some info into claude.md and settings 2026-04-21 15:22:05 +02:00
bastien
57309b80f8 feat(agents): add design gate for automatic ui-ux-pro-max detection
Lightweight skills (feat, hotfix, bugfix) had zero plugin awareness —
design tasks ran without ui-ux-pro-max even when relevant. Add a
design gate (lib/design-gate.md) that auto-detects UI/style signals
in task description and filesystem, then asks the user to activate
ui-ux-pro-max if inactive. Orchestrators already handle this via
their STEP 0 plugin-check.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:50:56 +02:00
bastien
0f28829bdb feat(claude-md): add health stack + enrich skill routing with full arsenal
Health Stack persists shellcheck config for /health.
Skill routing now covers all skills (gstack + perso) with fallbacks
when gstack is unavailable (bugfix, ship-feature, doc).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-16 01:08:36 +02:00
bastien
40db25b590 chore: add gstack skill routing rules to CLAUDE.md 2026-04-16 00:37:37 +02:00
bastien
3f69326c9a chore: switch CLAUDE_EFFORT env var to --effort alias, add task tracking
install-plugins.sh: replace 'export CLAUDE_EFFORT=max' with
'alias claude="claude --effort max"' (cleaner, uses CLI flag).
Cleans up old env var from shell profile on re-run.

Also adds tasks/ tracking files and fixes trailing whitespace in CLAUDE.md.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 23:21:57 +02:00
bastien
eb020d88a7 docs(claude): rewrite graphify context navigation guidelines
Clarify when to use graphify (large-scope tasks only) vs reading
files directly (small tasks). Removes the "always query graph first"
rule that added unnecessary overhead for simple lookups.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-15 20:18:40 +02:00
bastien
9d73d31cde added onboard and claude improve 2026-04-15 18:23:55 +02:00
bastien
46f9fc93d3 added security claude md 2026-04-15 17:37:03 +02:00
bastien
67e66b7217 added api versions 2026-04-14 03:08:33 +02:00
bastien
7318c18730 added no SPA for public website in claude.md 2026-04-14 01:15:41 +02:00
bastien
1f65a365f4 Added honesty and clarity in claude.md for no bullshit yesman response 2026-04-13 16:06:34 +02:00
bastien
0dac12b885 add gstack skill symlinks, graphify skill, and gitignore updates
Track all gstack-provided skill symlinks (autoplan, browse, qa, etc.)
and the graphify skill. Add .claude/, graphify-out/, .ctx7-cache/ to
gitignore to exclude local/generated files from the repo.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-12 14:56:03 +02:00
bchanot
f55a2b3fdf final version seems 2026-04-08 13:46:45 +02:00
bastien
f8811fab37 opus version correction 2026-04-03 18:08:21 +02:00
bastien
fbe43d519e added skills and agents 2026-04-01 02:51:01 +02:00
bastien
8ccdfd8eb3 corrected to uppercase 2026-03-31 20:51:12 +02:00