STEP 4.5 extracts the archetype's "Implications" (Surface sécurité) and
"Typical pain points" sections into .onboard-audit/archetype-context.md.
STEP 6 cso dispatch reads it and filters checks per category: web vulns
(XSS/SQLi/CORS/CSP/CSRF/HTTPS) only on framework/api/ecommerce/cms,
embedded-specific checks (buffer overflow, secure boot, JTAG, OTA sig)
only on embedded; library/cli/infra/data-science/desktop each get their
own focused section. Previously the fallback prompt searched for web
vulnerabilities even on firmware projects.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Complete rewrite of the SEO/GEO audit agent (317 → 868 lines):
- Two audit depths: LOCAL (code-only, 4 scored axes) and FULL (live site +
external presence + competitors, 8 scored axes). Same rigor, user chooses.
- Plugin-advisor invoked at STEP 3 (after stack detection), not upfront.
Only triggered for FULL depth. Offers downgrade to LOCAL if tools missing.
- Sub-agent orchestration: findings triaged into 6 batches (A-F), delegated
to hotfixer (1-2 file fixes), feater (multi-file features), or direct Bash
(image pipeline). No more raw edits from the orchestrator.
- New audit scopes: live HTTP audit, external presence (GMB, social, citations,
NAP consistency), competitive analysis, legal compliance FR (LCEN, RGPD,
DGCCRF), GEO/AI readiness (FAQPage, E-E-A-T, AI engine visibility).
- Scored report (/20 per axis, weighted by business type) with prioritized
action plan (quick wins / medium / long term).
- SEO.md versioned document (15 sections, iterative updates, audit history).
- Landing page protection rule, confirmation gates for structural changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Lightweight skills (feat, hotfix, bugfix) had zero plugin awareness —
design tasks ran without ui-ux-pro-max even when relevant. Add a
design gate (lib/design-gate.md) that auto-detects UI/style signals
in task description and filesystem, then asks the user to activate
ui-ux-pro-max if inactive. Orchestrators already handle this via
their STEP 0 plugin-check.
Co-Authored-By: Claude <noreply@anthropic.com>
install-plugins.sh: replace 'export CLAUDE_EFFORT=max' with
'alias claude="claude --effort max"' (cleaner, uses CLI flag).
Cleans up old env var from shell profile on re-run.
Also adds tasks/ tracking files and fixes trailing whitespace in CLAUDE.md.
Co-Authored-By: Claude <noreply@anthropic.com>