Add TODO section for future work: add a `--help` / `help` argument
handler to every personal skill so users can type `/<skill> --help`
and get a standardized help block (description, usage, arguments,
examples, see-also) without dispatching the agent.
Design sketch: shared lib at skills/lib/help-handler.md, integrated
as STEP 0.5 in each SKILL.md. Skills-external/gstack excluded — they
have their own convention.
Follow-up discovered while reviewing /validate — the new skill has
argument-hint but no --help handler, matching the state of every
other personal skill. Worth systematizing rather than one-off.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New /validate skill runs a narrow-scope web standards audit covering
W3C HTML validity (validator.nu API in FULL, html-validate / vnu.jar
in LOCAL), W3C CSS validity (jigsaw.w3.org/css-validator in FULL,
stylelint / css-tree in LOCAL), and WCAG 2.1 accessibility (pa11y,
@axe-core/cli, WAVE API, or static checklist fallback).
Dedicated validator-analyzer agent with a strict IN/OUT scope filter
so the report stays focused on conformance — no meta/OG/JSON-LD/
sitemap/CSP/cookie/CWV noise. Those remain owned by /seo, /geo, and
/harden respectively.
LOCAL mode degrades gracefully: tries local npm tools first, falls
back to static analysis if none present (same 12-point a11y checklist
as /onboard a11y dispatch). Never fails hard.
Framework awareness: validates built output (dist/, _site/, build/,
out/) for SPA/JS frameworks, not JSX/TSX source. Warns if no build
dir found.
Fix mode (--fix) produces a conservative auto-fix bundle: missing
lang attr, alt="" on decorative images, unclosed void tags, duplicate
IDs, unambiguous heading level skips. Content decisions (form labels,
color contrast, landmark restructure, alt text on content images)
always go to User actions, never auto-applied.
Flags: --local, --full, --fix, --no-external.
Routing updated in CLAUDE.md. /harden and /seo cross-refs narrowed
to redirect W3C / WCAG concerns to /validate (was previously routed
to /onboard a11y dispatch, which only runs at setup).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).
Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.
FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
- Mozilla Observatory (API v2 JSON, ~10s)
- SecurityHeaders.com (HTML scrape, ~5s)
- SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)
Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).
Flags: --local, --full, --fix, --no-external.
Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
STEP 4.5 extracts the archetype's "Implications" (Surface sécurité) and
"Typical pain points" sections into .onboard-audit/archetype-context.md.
STEP 6 cso dispatch reads it and filters checks per category: web vulns
(XSS/SQLi/CORS/CSP/CSRF/HTTPS) only on framework/api/ecommerce/cms,
embedded-specific checks (buffer overflow, secure boot, JTAG, OTA sig)
only on embedded; library/cli/infra/data-science/desktop each get their
own focused section. Previously the fallback prompt searched for web
vulnerabilities even on firmware projects.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace the "3+ steps" threshold with a logic-based criterion: any
write/modify task touching new behavior, control flow, state, API,
or dependencies requires a plan in tasks/TODO.md decomposed into
subtasks — even a single complex task.
Drop the blanket "Confirm before implementing" step: confirmation is
now limited to real trade-offs (multiple valid approaches, breaking
changes, destructive actions) to avoid rubber-stamp friction.
Add an explicit exemption list (reads, explanations, typos, cosmetic
CSS, single config values) aligned with /hotfix scope.
Co-Authored-By: Claude <noreply@anthropic.com>
USAGE.md Pattern C expanded with the 9-STEP pipeline table and post-run
flow. CLAUDE.md skill routing line updated to reflect the new scope
(config + archetype detection + full audit pipeline + backlog).
Co-Authored-By: Claude <noreply@anthropic.com>
Move discovery, interview, archetype detection, audit pipeline, and
validation gates from the onboarder agent into the /onboard skill as
a 9-STEP orchestrator (STEP 0 plugin-check → STEP 9 sequenced backlog).
The onboarder agent becomes a pure config generator: takes a prepared
brief, writes CLAUDE.md / settings.json / .claudeignore / tasks/ scaffold.
No more interview or filesystem scanning in the agent.
Agent shrinks 263 → 86 lines; skill grows 15 → 847 lines.
Co-Authored-By: Claude <noreply@anthropic.com>
Introduce ~/.claude/lib/project-archetypes/ with 25 archetype files
(web, mobile, APIs, CMS, infra, firmware, etc.) and the detection
algorithm in lib/archetype-detector.md. Consumed by /onboard STEP 1
to drive archetype-specific audit stacks and plugin recommendations.
Co-Authored-By: Claude <noreply@anthropic.com>
Add `magic` to the unified toggle-external.sh helper alongside gstack,
emil-design-eng, darwin-skill, find-skills. MCPs are toggled via
`claude mcp add|remove` instead of symlink moves.
API key loaded from $REPO/.env (gitignored) via .env.example template.
install-plugins.sh step 8.7 forces magic MCP off after each install run
so the MCP doesn't load into every session unless explicitly enabled.
Toggle: bash lib/toggle-external.sh enable|disable|status magic
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Merge the auto-installed "## graphify" block (L. 170-177, written by
`graphify claude install`) into the existing "## Context Navigation
(graphify)" block. Keeps one source of truth: when to invoke graphify,
what to read first (GRAPH_REPORT.md), and the AST-only --update
shortcut after code edits.
Co-Authored-By: Claude <noreply@anthropic.com>
Auto-upgraded during /graphify invocation. Notable SKILL.md changes:
safer AST cache_root (pin to cwd), clearer node ID format docs with
concrete example, new Step 6b Wiki export (opt-in via --wiki),
--update now persists merged extraction back to .graphify_extract.json
so Step 4 sees the full graph.
Co-Authored-By: Claude <noreply@anthropic.com>
gstack ./setup now creates skills/<name>/ as directories (with a SKILL.md
symlink inside) rather than top-level symlinks. A second disable call used
to nest the new dir inside the existing one (gstack__<name>/<name>/),
producing "mv: cannot overwrite … Directory not empty" on the third call
and breaking `make install` under set -euo pipefail.
rm -rf the destination first — contents are symlinks into the submodule
and are regenerated by gstack ./setup, so clobbering is safe.
Co-Authored-By: Claude <noreply@anthropic.com>
Post-review hardening of the parallel seo+geo dispatch:
- skills/seo/SKILL.md: shared-file edit discipline embedded in both dispatch prompts (Edit-only on shared templates, Write only on sole-owned files). CROSS-AGENT NOTES flow clarified — dispatcher escalates to SEO.md §11 as user action with automation options (Option B).
- agents/seo-analyzer.md: STEP 2 detects 8 CMS (WordPress/Drupal/Magento/Shopify/Joomla/PrestaShop/Ghost/Wix-Squarespace-Webflow) and presence of SEO plugins. STEP 10 emits P0 quick win "install CMS plugin" when CMS detected without plugin. STEP 5 expands topic clusters / silos sémantiques. Framework notes in STEP 12 cover all 8 CMS explicitly.
- agents/geo-analyzer.md: STEP 6 checks /faq path + FAQPage schema presence. STEP 11 mandates 3 AI-index user actions per FULL audit (Bing Webmaster Tools / GSC / IndexNow) + Apple Business Connect for local business.
- agents/resources/automation-catalog.md: new structured CMS plugin section (install links + pricing per platform). AI-index submission section rewritten with Bing Webmaster as canonical entry for ChatGPT Search/Copilot/DuckDuckGo, IndexNow protocol details, Brave Web Discovery, Apple Business Connect.
- agents/resources/llms-txt-template.md: explicit note that /ai.txt and /about-data are NOT real standards; llms.txt (Jeremy Howard) remains the only proposed one.
Rationale: third-party AI review of the skill surfaced 5 gaps — race condition on shared templates (Layout.astro holds meta + JSON-LD), ambiguous cross-agent flow, missing CMS-plugin-first logic (Gemini), under-exposed Bing Webmaster (ChatGPT Search channel), and minor accuracy items.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Refactor the monolithic seo-analyzer into two specialist agents
orchestrated in parallel by the /seo skill, plus a standalone /geo
skill for AI-only audits.
Changes
- agents/seo-analyzer.md: refocused on classical engines (Google, Bing,
DuckDuckGo). Adds Core Web Vitals 2.0 (LCP/INP/CLS + VSI), CSP + full
security headers, hreflang audit, video SEO (transcripts), accessibility
as ranking signal, image/video sitemaps.
- agents/geo-analyzer.md: new agent for AI engines (ChatGPT, Claude,
Perplexity, Gemini, Google AI Overviews, Copilot). Covers AI crawler
policy, llms.txt/llms-full.txt, Schema.org for AI extraction (QAPage,
Speakable, Person+Article, Organization graph), entity SEO (Wikidata,
sameAs, Knowledge Panel), content shape (Definition Lead, TL;DR,
Q->A, citable stats, freshness), AI visibility testing.
- agents/resources/: shared knowledge base referenced by both agents —
ai-crawlers-2026.md (25+ bots, training vs retrieval categories,
permissive/restrictive templates), llms-txt-template.md, geo-schemas.md
(incl. deprecated list: ClaimReview, CourseInfo, etc. removed June 2025),
entity-seo.md, content-shape-for-ai.md, ai-visibility-tools.md,
automation-catalog.md.
- skills/seo/SKILL.md: becomes parallel dispatcher. Collects context
once (depth + business), spawns both agents in a single message for
concurrent execution, merges envelopes into unified SEO.md. Includes
authoritative file-ownership matrix to prevent parallel-edit races.
- skills/geo/SKILL.md: new standalone wrapper for GEO-only audits.
Scoring
- Combined score: GLOBAL = 0.80 * SEO + 0.20 * GEO (local B2C),
0.75 * SEO + 0.25 * GEO (SaaS/national/content).
- GEO axis weight raised from 5% (old) to first-class dimension.
Policy
- AI crawlers: permissive default (maximise AI citations). Restrictive
template available for premium/regulated content.
- Every user action in SEO.md section 11 must cite automation options
from automation-catalog.md.
Tools
- WebFetch + WebSearch added to allowed-tools of both skills and
both agents (needed for live CWV via PageSpeed API, AI visibility
testing, Wikidata/Knowledge Panel lookups, competitor analysis).
Research basis (2026 state of the art validated via WebSearch):
- Core Web Vitals 2.0 (VSI signal, Google core update March 2026)
- AI Overviews trigger on ~48% of Google searches
- ClaimReview + 6 other schema types deprecated June 2025
- Definition Lead Architecture (CMU KDD 2024, +impression score)
- Citations + stats add up to 40% AI visibility (Aggarwal 2024)
- Wikidata grounds every major LLM (ChatGPT, Claude, Gemini, Perplexity)
Backup
- agents/seo-analyzer.md.bak kept for rollback reference.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
gstack ships ~40 skills that all load into Claude's context. Keeping
them active by default taxes every session, even when the project has
no browser-QA or deploy workflow. install-plugins.sh now calls
`toggle-external.sh disable gstack` right after gstack's ./setup, so
fresh installs land with gstack symlinks staged in skills-disabled/.
update-all.sh captures the current enabled/disabled state before the
submodule bump and restores it afterwards — otherwise ./setup would
silently re-enable a user who had explicitly disabled gstack.
To use gstack: `bash lib/toggle-external.sh enable gstack`.
Co-Authored-By: Claude <noreply@anthropic.com>
gstack 0.17.0 added 5 skills that land in skills/ via gstack ./setup
(benchmark-models, context-restore, context-save, make-pdf, plan-tune).
The older gstack skills are already ignored here — extend the list so
these don't show up as untracked after `make update`.
Co-Authored-By: Claude <noreply@anthropic.com>
`claude plugin enable|disable` only toggles marketplace plugins.
Tools living as symlinks (gstack per-skill entries, emil-design-eng,
darwin-skill, find-skills) had no lever — users had to edit symlinks
by hand. The new script moves symlinks in/out of skills-disabled/
so Claude Code stops or starts scanning them.
Also removes the legacy global `skills/gstack` symlink that shadowed
per-skill entries with a duplicate top-level "gstack" skill (same
description as "browse"). gstack detection in detect-plugins.sh now
probes an individual skill instead.
plugin-advisor reads the new script's `list` command when gathering
state and emits its `enable|disable` commands in recommendations.
Co-Authored-By: Claude <noreply@anthropic.com>
`claude plugin update` rejects a bare plugin name when multiple
marketplaces are registered — the CLI demands `name@marketplace`.
update-all.sh stripped the suffix via `${_p%%@*}`, causing every
marketplace plugin update to fail with "Plugin not found". Fixed
by passing the unmodified spec from `claude plugin list`.
Also adds install + update paths for external skills distributed
through the `npx skills` CLI (vercel-labs/skills):
- alchaincyf/darwin-skill
- alchaincyf/find-skills
These land in ~/.agents/skills/ and are now symlinked into
$REPO/skills/ via link.sh using absolute paths — the previous
relative `../../.agents/...` targets resolved incorrectly when
the repo is cloned below $HOME (as ~/Documents/claude/), leaving
dangling symlinks.
Co-Authored-By: Claude <noreply@anthropic.com>
Move rtk from v0.34.3 to "latest" to pick up upstream fixes as they
ship (notably the pending TTY-passthrough issue documented in
tasks/rtk-upstream-issue.md).
Co-Authored-By: Claude <noreply@anthropic.com>
Document that `rtk curl` (and siblings `cat`, `read`, `json`, etc.)
emits the compressed/schema representation even when stdout is piped,
silently breaking any downstream parser (jq, python json.load, awk).
Proposes an isatty(stdout) check to passthrough raw bytes when not
a TTY, matching the Unix convention used by ls/grep/diff.
Co-Authored-By: Claude <noreply@anthropic.com>
Complete rewrite of the SEO/GEO audit agent (317 → 868 lines):
- Two audit depths: LOCAL (code-only, 4 scored axes) and FULL (live site +
external presence + competitors, 8 scored axes). Same rigor, user chooses.
- Plugin-advisor invoked at STEP 3 (after stack detection), not upfront.
Only triggered for FULL depth. Offers downgrade to LOCAL if tools missing.
- Sub-agent orchestration: findings triaged into 6 batches (A-F), delegated
to hotfixer (1-2 file fixes), feater (multi-file features), or direct Bash
(image pipeline). No more raw edits from the orchestrator.
- New audit scopes: live HTTP audit, external presence (GMB, social, citations,
NAP consistency), competitive analysis, legal compliance FR (LCEN, RGPD,
DGCCRF), GEO/AI readiness (FAQPage, E-E-A-T, AI engine visibility).
- Scored report (/20 per axis, weighted by business type) with prioritized
action plan (quick wins / medium / long term).
- SEO.md versioned document (15 sections, iterative updates, audit history).
- Landing page protection rule, confirmation gates for structural changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Lightweight skills (feat, hotfix, bugfix) had zero plugin awareness —
design tasks ran without ui-ux-pro-max even when relevant. Add a
design gate (lib/design-gate.md) that auto-detects UI/style signals
in task description and filesystem, then asks the user to activate
ui-ux-pro-max if inactive. Orchestrators already handle this via
their STEP 0 plugin-check.
Co-Authored-By: Claude <noreply@anthropic.com>
Health Stack persists shellcheck config for /health.
Skill routing now covers all skills (gstack + perso) with fallbacks
when gstack is unavailable (bugfix, ship-feature, doc).
Co-Authored-By: Claude <noreply@anthropic.com>
Context7 requires a free account + API key — added install step
and linked to context7.com in the components table.
Co-Authored-By: Claude <noreply@anthropic.com>
Replace atomic-by-type grouping (docs together, feat together, chore
together) with development-step reconstruction. Commits now retrace
the order work happened — one commit per logical step, regardless of
file type. Count adapts to the workload: 1 commit or 20.
Co-Authored-By: Claude <noreply@anthropic.com>
install-plugins.sh: replace 'export CLAUDE_EFFORT=max' with
'alias claude="claude --effort max"' (cleaner, uses CLI flag).
Cleans up old env var from shell profile on re-run.
Also adds tasks/ tracking files and fixes trailing whitespace in CLAUDE.md.
Co-Authored-By: Claude <noreply@anthropic.com>
Doc syncer now detects features present in code but missing from docs
(ADDED) and features documented but removed from code (REMOVED). Both
full audit and auto mode updated. Tags follow AUTO/HUMAN rules: list
entries are AUTO, new sections and deprecation notes are HUMAN.
Co-Authored-By: Claude <noreply@anthropic.com>
Bump version to 3.4.0. Changelog covers 9 new skills, 7 new agents,
install.sh bootstrap, hooks, and plugins.lock additions. README and
USAGE updated with new skill table, decision tree, and patterns.
TODO items marked done.
Co-Authored-By: Claude <noreply@anthropic.com>
The awk extraction now correctly parses both `description: text` (inline)
and `description: |` (block scalar) YAML formats.
Co-Authored-By: Claude <noreply@anthropic.com>
Personal skills are identified by checking if their SKILL.md references
an agent file from ~/.claude/agents/. Adds agent column to output table.
Replaces unreliable git history heuristic.
Co-Authored-By: Claude <noreply@anthropic.com>
Use git history heuristic: skills added in bulk commits (5+ SKILL.md
files at once) are framework installs, not user-created. Only show
skills added in small commits (1-3 files).
Co-Authored-By: Claude <noreply@anthropic.com>
Lists all local skills from ~/.claude/skills/ with name and description,
excluding symlinked/external ones (gstack, emil-design-eng).
Co-Authored-By: Claude <noreply@anthropic.com>
New Step 10 writes CLAUDE_EFFORT=max and
CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1 to the user's shell
profile (~/.bashrc, ~/.zshrc, or ~/.profile). Skips if already
present.
Co-Authored-By: Claude <noreply@anthropic.com>
Clarify when to use graphify (large-scope tasks only) vs reading
files directly (small tasks). Removes the "always query graph first"
rule that added unnecessary overhead for simple lookups.
Co-Authored-By: Claude <noreply@anthropic.com>
Skills now delegate to agent .md files instead of embedding logic
inline. Added new agents (bugfixer, code-cleaner, commit-changer,
doc-syncer, feater, hotfixer, seo-analyzer) and new skills
(code-clean, doc, seo). Replaced /readme with /doc (broader scope).
Co-Authored-By: Claude <noreply@anthropic.com>
Fill the gap between direct editing and the full /ship-feature
orchestrator. Three new skills for common everyday tasks:
- /hotfix: superficial bugs (typo, CSS, config), 1-2 files, no plan
- /bugfix: deeper bugs with root cause investigation + fix plan
- /feat: small features 1-5 files, light planning, no subagents
Each skill documents its escalation path to the next level.
Updated plugin-advisor with skill routing table and references.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>