@a13xu/lucid 1.13.0 → 1.16.0

package/skills/lucid-plan/SKILL.md

@@ -1,60 +1,52 @@
----
-name: lucid-plan
-description: Create and track an implementation plan before writing any code — use Lucid's planning tools to define user story, ordered tasks, and test criteria.
-argument-hint: "[feature or task description]"
----
-
-# Lucid Planning Workflow
-
-Use this skill BEFORE writing code for any non-trivial feature. Plans are persisted in the Lucid DB and survive session restarts.
-
-## Steps
-
-### 1. Create the plan
-```
-plan_create(
-  title="<short title>",
-  description="<what this plan accomplishes>",
-  user_story="As a <user>, I want <goal>, so that <benefit>.",
-  tasks=[
-    { title: "Task 1", description: "...", test_criteria: "How to verify done" },
-    { title: "Task 2", description: "...", test_criteria: "..." },
-  ]
-)
-```
-Returns a `plan_id` and task IDs (format: `planId * 100 + sequence`).
-
-### 2. Work through tasks
-For each task, mark it in progress when you start:
-```
-plan_update_task(task_id=101, status="in_progress")
-```
-
-When done, mark it complete (optionally add a note):
-```
-plan_update_task(task_id=101, status="done", note="Used useFetch instead of axios")
-```
-
-Plan auto-completes when all tasks reach `done`.
-
-### 3. Resume a session — check plan status
-```
-plan_list()                  # see all active plans
-plan_get(plan_id=1)          # see full details + task status
-```
-
-## Task statuses
-
-| Status | When to use |
-|---|---|
-| `pending` | Not started yet |
-| `in_progress` | Currently working on it |
-| `done` | Completed and verified |
-| `blocked` | Waiting on external dependency |
-
-## Tips
-
-- Define `test_criteria` clearly — it becomes your acceptance test
-- Use `plan_get` when resuming to quickly re-orient yourself
-- Keep tasks small (1–4 hours each); use more tasks rather than fewer
-- Notes are append-only — use them to document decisions made during implementation
+---
+name: lucid-plan
+description: MANDATORY before writing code for any non-trivial feature — creates a persisted plan with tasks. HARD-GATE: no coding without a plan.
+argument-hint: "[feature or task description]"
+---
+
+<HARD-GATE>
+You are about to write code for a feature or fix.
+STOP. Create a plan first. Plans survive session restarts.
+Do NOT write implementation code until a plan exists and tasks are defined.
+</HARD-GATE>
+
+## When to invoke
+
+**INVOKE when:** implementing a feature, fixing a non-trivial bug, any task with 3+ steps
+**DO NOT INVOKE for:** single-line fixes, config changes, documentation-only tasks
+
+## Steps
+
+### 0. Get model recommendation
+```
+suggest_model(task_description="<paste the user's task description>")
+```
+Say: **"Using [model] — [reasoning]"** then proceed.
+
+### 1. Create the plan
+```
+plan_create(
+  title="<short descriptive title>",
+  description="<what this accomplishes>",
+  user_story="As a <user>, I want <goal>, so that <benefit>.",
+  tasks=[
+    { title: "Task 1", description: "...", test_criteria: "How to verify it's done" },
+    { title: "Task 2", description: "...", test_criteria: "..." },
+  ]
+)
+```
+Returns a `plan_id` and task IDs (format: `planId * 100 + sequence`).
+
+### 2. Mark tasks in progress / done as you work
+```
+plan_update_task(task_id=101, status="in_progress")
+plan_update_task(task_id=101, status="done", note="Decision made: used X instead of Y")
+```
+
+### 3. Resume a session
+```
+plan_list()           # all active plans
+plan_get(plan_id=1)   # full details + task status
+```
+
+## Task statuses: `pending` → `in_progress` → `done` | `blocked`

package/skills/lucid-security/SKILL.md

@@ -1,59 +1,41 @@
----
-name: lucid-security
-description: Run a full security review on a file or snippet — combines web vulnerability scanning (XSS, injection, secrets) with LLM drift detection before shipping code.
-argument-hint: "[file path or paste code]"
----
-
-# Lucid Security Review
-
-Run this skill before shipping any code that handles user input, authentication, file access, or external data.
-
-## Steps
-
-### 1. Scan for web security vulnerabilities
-```
-security_scan(
-  code="<file contents or snippet>",
-  language="typescript",    # javascript | typescript | html | vue
-  context="backend"         # frontend | backend | api
-)
-```
-Detects: XSS vectors, eval/new Function, SQL injection via string concat, hardcoded secrets/keys, open redirects, prototype pollution, path traversal, insecure CORS.
-
-### 2. Scan for logic errors (LLM drift)
-```
-validate_file(path="<file path>")
-```
-Catches security-adjacent logic bugs: wrong condition direction, silent exception swallowing, null propagation into auth checks.
-
-### 3. For frontend components — audit accessibility too
-```
-accessibility_audit(code="<template or JSX>", wcag_level="AA", framework="vue")
-```
-
-## Severity guide
-
-| Icon | Severity | Action |
-|---|---|---|
-| 🔴 Critical | XSS, eval, hardcoded secret, SQL injection | Fix before any commit |
-| 🟠 High | Open redirect, path traversal, prototype pollution | Fix before merge |
-| 🟡 Medium | Wildcard CORS, missing CSRF protection | Fix before production |
-| 🔵 Low | console.log, minor info leakage | Fix when convenient |
-
-## Common patterns to watch
-
-| Pattern | Risk |
-|---|---|
-| `element.innerHTML = userInput` | XSS — use `textContent` or DOMPurify |
-| `eval(...)` / `new Function(...)` | Code injection |
-| `const key = "sk-abc123..."` | Hardcoded secret — move to env var |
-| `res.redirect(req.query.url)` | Open redirect — validate against allowlist |
-| `readFile(req.params.filename)` | Path traversal — use `path.resolve` + bounds check |
-| `Access-Control-Allow-Origin: *` | Overly permissive CORS |
-
-## Note
-
-Static scanning finds patterns, not all vulnerabilities. Complement with:
-- Manual code review for business logic flaws
-- DAST (dynamic testing) for runtime issues
-- Dependency audit: `npm audit` / `pip-audit`
+---
+name: lucid-security
+description: Run before merging any code that handles user input, auth, or external data — security scan + drift check for injection, XSS, and credential exposure.
+argument-hint: "[file path or directory]"
+---
+
+<HARD-GATE>
+Before merging code that:
+- Handles user input (forms, query params, file uploads)
+- Implements auth, tokens, sessions, or permissions
+- Calls external APIs or parses external data
+- Manages files or runs shell commands
+
+Run this skill. No exceptions.
+</HARD-GATE>
+
+## Steps
+
+### 0. Get model recommendation
+```
+suggest_model(task_description="<paste the user's task description>")
+```
+Say: **"Using [model] — [reasoning]"** then proceed.
+
+### 1. Security scan
+```
+security_scan(code="<file contents or snippet>", language="typescript", context="backend")
+```
+
+### 2. Drift check for security-sensitive snippets
+```
+check_drift(code="<auth/input-handling code>", language="typescript")
+```
+
+### 3. Fix all CRITICAL issues before merging
+
+| Severity | Action |
+|---|---|
+| 🔴 CRITICAL | Block merge — fix immediately |
+| 🟠 HIGH | Fix before merge |
+| 🔵 MEDIUM/LOW | Track, fix in follow-up |

package/skills/lucid-start/SKILL.md

@@ -0,0 +1,70 @@
+---
+name: lucid-start
+description: MANDATORY at every session start and before any coding task — loads project context via Lucid before Claude reads any file or writes any code
+argument-hint: "[optional: what you are about to work on]"
+---
+
+<HARD-GATE>
+You MUST complete ALL steps below BEFORE:
+- Reading any source file
+- Writing or editing any code
+- Answering any coding question
+- Creating any plan or task
+
+This is not optional. There are no exceptions. "I'll do it after" is not acceptable.
+</HARD-GATE>
+
+## Steps (all mandatory, in order)
+
+### 0. Get model recommendation
+```
+suggest_model(task_description="<paste the user's task description>")
+```
+Say: **"Using [model] — [reasoning]"** then proceed.
+
+### 1. Check what changed recently
+```
+get_recent(hours=48)
+```
+This shows files modified since your last session. Review the list.
+
+### 2. If working on a specific task — load relevant context
+```
+smart_context(query="<describe what you are about to work on>", task_type="moderate")
+```
+If the user's request involves code, call smart_context. For purely conversational exchanges with zero code involvement, this step may be omitted.
+
+### 3. Announce readiness
+Say: "✓ Lucid active — context loaded"
+
+---
+
+## After EVERY file write or edit
+
+Call `sync_file` IMMEDIATELY after the tool call completes:
+```
+sync_file(path="<exact path of file you just wrote or edited>")
+```
+
+**Do this before anything else.** Before the next file. Before the next thought. Now.
+
+If you modified multiple files (refactor, git pull): call `sync_project()` instead.
+
+---
+
+## Before marking any task as done
+
+Run /lucid-audit before saying "done", "fixed", "complete", or "implemented".
+
+---
+
+## Trigger conditions
+
+**USE this skill:**
+- At the start of every new conversation
+- When resuming work after a break
+- When the user says "let's work on X" or similar
+
+**DO NOT USE for:**
+- Pure conversation with no code involved
+- Answering theoretical questions

package/skills/lucid-webdev/SKILL.md

@@ -1,123 +1,45 @@
----
-name: lucid-webdev
-description: Web development code generation tools — generate components, pages, SEO meta, API clients, tests, layouts, design tokens, and analyze accessibility and performance.
-argument-hint: "[component | page | seo | a11y | api | test | layout | security | tokens | perf]"
----
-
-# Lucid Web Dev Tools
-
-10 tools for common web development tasks. Pick the one that matches what you need:
-
-## Component & Page Generation
-
-### Generate a component
-```
-generate_component(
-  description="user profile card with avatar and edit button",
-  framework="vue",          # react | vue | nuxt
-  styling="tailwind",       # tailwind | css-modules | none
-  typescript=true
-)
-```
-
-### Generate a page scaffold
-```
-scaffold_page(
-  page_name="ProductDetail",
-  framework="nuxt",          # nuxt | next | vue
-  sections=["hero", "specs", "reviews", "cta"],
-  seo_title="Product Detail"
-)
-```
-
-## SEO & Accessibility
-
-### Generate SEO metadata
-```
-seo_meta(
-  title="Buy Widgets — Best Price",
-  description="Shop our range of premium widgets with free delivery.",
-  keywords=["widgets", "buy widgets", "widget shop"],
-  page_type="product",       # article | product | landing | home
-  url="https://example.com/widgets",
-  image_url="https://example.com/og/widgets.jpg"
-)
-```
-Returns: HTML meta tags + Open Graph + Twitter Card + JSON-LD structured data.
-
-### Audit accessibility (WCAG)
-```
-accessibility_audit(
-  code="<your HTML/JSX/Vue snippet>",
-  wcag_level="AA",           # A | AA | AAA
-  framework="vue"            # html | jsx | vue
-)
-```
-Returns: violations with severity (critical/warning/info), WCAG criterion, and corrected code.
-
-## API & Testing
-
-### Generate a typed API client
-```
-api_client(
-  endpoint="/users/:id",
-  method="GET",              # GET | POST | PUT | PATCH | DELETE
-  response_schema="{ id: string; name: string; email: string }",
-  auth="bearer",             # bearer | cookie | apikey | none
-  base_url_var="NEXT_PUBLIC_API_URL"
-)
-```
-
-### Generate tests
-```
-test_generator(
-  code="<your function or component source>",
-  test_framework="vitest",   # vitest | jest | playwright
-  test_type="unit",          # unit | integration | e2e
-  component_framework="vue"  # vue | react | none
-)
-```
-
-## Layout & Design
-
-### Generate a responsive layout
-```
-responsive_layout(
-  description="sidebar left 260px, main content, right panel 240px",
-  framework="tailwind",      # tailwind | css-grid | flexbox
-  breakpoints=["mobile", "tablet", "desktop"],
-  container="sidebar"        # full | centered | sidebar
-)
-```
-
-### Generate design tokens
-```
-design_tokens(
-  brand_name="Acme",
-  primary_color="#6366F1",   # hex or name (blue, green, etc.)
-  mood="minimal",            # minimal | bold | playful | corporate
-  output_format="css-variables"  # css-variables | tailwind-config | json
-)
-```
-
-## Security & Performance
-
-### Scan for security vulnerabilities
-```
-security_scan(
-  code="<your code snippet>",
-  language="typescript",     # javascript | typescript | html | vue
-  context="frontend"         # frontend | backend | api
-)
-```
-Detects: XSS, eval/injection, hardcoded secrets, SQL injection, open redirects, CORS issues.
-
-### Analyze Core Web Vitals issues
-```
-perf_hints(
-  code="<your component or page source>",
-  framework="vue",           # react | vue | nuxt | vanilla
-  context="page"             # component | page | layout
-)
-```
-Detects: missing image dimensions (CLS), render-blocking scripts (FCP), fetch-in-render (TTFB), heavy click handlers (INP), missing useMemo/computed.
+---
+name: lucid-webdev
+description: Use for web development tasks — generates components, pages, audits, API clients, and performance hints via Lucid's 10 web dev tools.
+argument-hint: "[what you are building: component/page/api/audit]"
+---
+
+<HARD-GATE>
+Before building any web component, page, or API client from scratch:
+call the relevant generator tool first. Do not write boilerplate manually.
+</HARD-GATE>
+
+## When to invoke
+
+**INVOKE when:** building UI components, scaffolding pages, writing API clients, running accessibility/security/performance audits
+**DO NOT INVOKE for:** backend-only logic with no web layer
+
+## Steps
+
+### 0. Get model recommendation
+```
+suggest_model(task_description="<paste the user's task description>")
+```
+Say: **"Using [model] — [reasoning]"** then proceed.
+
+## Available tools
+
+| Task | Tool |
+|---|---|
+| Generate a React/Vue component | `generate_component(description, framework, styling, typescript)` |
+| Scaffold a full page | `scaffold_page(page_name, framework, sections, seo_title)` |
+| SEO meta tags | `seo_meta(title, description, keywords, page_type, url, image_url)` |
+| Accessibility audit | `accessibility_audit(code, wcag_level, framework)` |
+| API client | `api_client(endpoint, method, response_schema, auth, base_url_var)` |
+| Test scaffolding | `test_generator(code, test_framework, test_type, component_framework)` |
+| Responsive layout | `responsive_layout(description, framework, breakpoints, container)` |
+| Security scan | `security_scan(code, language, context)` |
+| Design tokens | `design_tokens(brand_name, primary_color, mood, output_format)` |
+| Performance hints | `perf_hints(code, framework, context)` |
+
+## Workflow
+
+1. Call the relevant generator/auditor tool
+2. Review output → adapt to project conventions
+3. `sync_file(path="<generated file>")` after saving
+4. Run /lucid-audit before marking done