npm - @champpaba/claude-agent-kit - Versions diffs - 2.1.6 → 2.2.1 - Mend

@champpaba/claude-agent-kit 2.1.6 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/.claude/CLAUDE.md +73 -7
package/.claude/agents/_shared/pre-work-checklist.md +83 -1
package/.claude/commands/csetup.md +990 -134
package/.claude/contexts/patterns/validation-framework.md +51 -1
package/.claude/lib/agent-executor.md +149 -0
package/.claude/lib/feature-best-practices.md +386 -0
package/README.md +30 -1
package/package.json +1 -1

package/.claude/commands/csetup.md CHANGED Viewed

@@ -249,199 +249,982 @@ Continue anyway? (yes/no)
 ---
-### Step 2.7: Auto-Setup Best Practices (v1.8.0)
+### Step 2.6: Feature Best Practice Analysis (v2.2.0)
-> **NEW:** Auto-detect tech stack and generate best-practices (replaces /psetup and /agentsetup)
+> **NEW:** Validate spec against industry standards BEFORE checking stack best practices
+> **Reference:** `.claude/lib/feature-best-practices.md`
+WHY: Stack best practices tell you "how to use React well", but Feature best practices tell you "what a good auth system needs". The feature layer is higher-level and informs whether your spec is complete.
 ```typescript
-// 1. Detect tech stack from multiple sources
-output(`\n🔍 Detecting Tech Stack...`)
-// Source 1: package.json / requirements.txt (if exists)
-let packageStack = []
-if (fileExists('package.json')) {
-  const pkg = JSON.parse(Read('package.json'))
-  const deps = { ...pkg.dependencies, ...pkg.devDependencies }
-  packageStack = Object.keys(deps).filter(d =>
-    ['next', 'react', 'vue', 'express', 'fastapi', 'prisma', 'drizzle', 'vitest', 'jest'].some(k => d.includes(k))
-  )
-  output(`   📦 From package.json: ${packageStack.join(', ') || 'none'}`)
+output(`\n🔍 Analyzing Feature Best Practices...`)
+// 1. Detect features from proposal/tasks/design
+const combined = (proposalContent + ' ' + tasksContent + ' ' + designContent).toLowerCase()
+const featureDetection = {
+  authentication: {
+    keywords: ['login', 'auth', 'register', 'password', 'session', 'jwt', 'token', 'oauth'],
+    tier: 1, // Blocking
+    standards: [
+      { name: 'Short-lived access token', keywords: ['jwt', 'access', '15', '30', 'min'], priority: 'required' },
+      { name: 'Refresh token rotation', keywords: ['refresh', 'rotation', 'rotate'], priority: 'required' },
+      { name: 'Secure token storage', keywords: ['httponly', 'cookie', 'secure'], priority: 'required' },
+      { name: 'Token revocation', keywords: ['revoke', 'invalidate', 'logout'], priority: 'required' },
+      { name: 'Rate limiting', keywords: ['rate', 'limit', 'throttle', 'attempt'], priority: 'required' },
+      { name: 'Account lockout', keywords: ['lockout', 'lock', 'failed attempt'], priority: 'recommended' }
+    ]
+  },
+  payment: {
+    keywords: ['payment', 'stripe', 'checkout', 'billing', 'subscription'],
+    tier: 1,
+    standards: [
+      { name: 'No card data on server', keywords: ['elements', 'checkout', 'client-side'], priority: 'required' },
+      { name: 'Webhook signature verification', keywords: ['webhook', 'signature', 'verify'], priority: 'required' },
+      { name: 'Idempotency keys', keywords: ['idempotency', 'idempotent'], priority: 'required' }
+    ]
+  },
+  fileUpload: {
+    keywords: ['upload', 'file', 'image', 's3', 'storage'],
+    tier: 1,
+    standards: [
+      { name: 'File type validation', keywords: ['mime', 'type', 'validation', 'allowed'], priority: 'required' },
+      { name: 'File size limits', keywords: ['size', 'limit', 'max'], priority: 'required' },
+      { name: 'Filename sanitization', keywords: ['sanitize', 'filename', 'path'], priority: 'required' }
+    ]
+  },
+  apiDesign: {
+    keywords: ['api', 'endpoint', 'rest', 'graphql'],
+    tier: 2, // Warning
+    standards: [
+      { name: 'Rate limiting', keywords: ['rate', 'limit'], priority: 'required' },
+      { name: 'Input validation', keywords: ['validate', 'validation', 'zod', 'schema'], priority: 'required' },
+      { name: 'Pagination', keywords: ['pagination', 'page', 'limit', 'offset'], priority: 'recommended' }
+    ]
+  }
 }
-// Source 2: design.md (architecture section)
-let designStack = []
-const designPath = `openspec/changes/${changeId}/design.md`
-if (fileExists(designPath)) {
-  const designContent = Read(designPath)
-  // Look for tech stack section
-  const techMatch = designContent.match(/tech.*stack|architecture|framework/gi)
-  if (techMatch) {
-    designStack = extractTechFromText(designContent)
-    output(`   📐 From design.md: ${designStack.join(', ') || 'none'}`)
+// 2. Find detected features
+const detectedFeatures = []
+for (const [featureName, config] of Object.entries(featureDetection)) {
+  if (config.keywords.some(kw => combined.includes(kw))) {
+    detectedFeatures.push({ name: featureName, ...config })
   }
 }
-// Source 3: proposal.md + tasks.md (keywords)
-const proposalContent = Read(`openspec/changes/${changeId}/proposal.md`)
-const tasksContent = Read(`openspec/changes/${changeId}/tasks.md`)
-const combined = (proposalContent + ' ' + tasksContent).toLowerCase()
-const techDetection = {
-  react: /\b(react|jsx|tsx|use[A-Z]\w+|usestate|useeffect)\b/i,
-  nextjs: /\b(next\.?js|next js|app router|pages router)\b/i,
-  vue: /\b(vue|vuex|pinia|nuxt)\b/i,
-  express: /\b(express\.js|express js|expressjs)\b/i,
-  fastapi: /\b(fastapi|fast api)\b/i,
-  django: /\b(django)\b/i,
-  prisma: /\b(prisma)\b/i,
-  drizzle: /\b(drizzle)\b/i,
-  postgres: /\b(postgres|postgresql)\b/i,
-  mongodb: /\b(mongodb|mongoose)\b/i,
-  tailwind: /\b(tailwind)\b/i,
-  typescript: /\b(typescript)\b/i,
-  vitest: /\b(vitest)\b/i,
-  jest: /\b(jest)\b/i,
-  playwright: /\b(playwright)\b/i
+if (detectedFeatures.length > 0) {
+  output(`\n📋 Features Detected:`)
+  detectedFeatures.forEach(f => {
+    output(`   - ${f.name} (Tier ${f.tier}: ${f.tier === 1 ? 'Blocking' : 'Warning'})`)
+  })
+  // 3. For each Tier 1/2 feature, check spec against standards
+  const allGaps = []
+  for (const feature of detectedFeatures) {
+    output(`\n🔍 Checking ${feature.name} against industry standards...`)
+    const gaps = []
+    const matches = []
+    for (const standard of feature.standards) {
+      const isMentioned = standard.keywords.some(kw =>
+        designContent.toLowerCase().includes(kw)
+      )
+      if (isMentioned) {
+        matches.push(standard.name)
+      } else if (standard.priority === 'required') {
+        gaps.push({
+          feature: feature.name,
+          requirement: standard.name,
+          priority: standard.priority,
+          tier: feature.tier
+        })
+      }
+    }
+    if (matches.length > 0) {
+      output(`   ✅ Matches: ${matches.join(', ')}`)
+    }
+    if (gaps.length > 0) {
+      output(`   ❌ Gaps: ${gaps.map(g => g.requirement).join(', ')}`)
+      allGaps.push(...gaps)
+    }
+  }
+  // 4. Handle gaps based on tier
+  const tier1Gaps = allGaps.filter(g => g.tier === 1)
+  const tier2Gaps = allGaps.filter(g => g.tier === 2)
+  if (tier1Gaps.length > 0) {
+    output(`\n⚠️ Security-Critical Gaps Found (Tier 1)`)
+    output(``)
+    output(`Your spec is missing these industry-standard requirements:`)
+    output(``)
+    // Group by feature
+    const byFeature = {}
+    tier1Gaps.forEach(g => {
+      if (!byFeature[g.feature]) byFeature[g.feature] = []
+      byFeature[g.feature].push(g.requirement)
+    })
+    for (const [feature, reqs] of Object.entries(byFeature)) {
+      output(`   ${feature}:`)
+      reqs.forEach(r => output(`     - ${r}`))
+    }
+    output(``)
+    output(`Options:`)
+    output(`   A) Update spec - Add missing requirements to design.md`)
+    output(`   B) Document skip - Record why these aren't needed (requires justification)`)
+    output(`   C) Continue anyway - Proceed with security gap (not recommended)`)
+    output(``)
+    const decision = await askUserQuestion({
+      questions: [{
+        question: 'How would you like to handle the security gaps?',
+        header: 'Spec Gaps',
+        options: [
+          { label: 'A) Update spec', description: 'Add missing requirements to design.md (recommended)' },
+          { label: 'B) Document skip', description: 'Record justification for skipping' },
+          { label: 'C) Continue anyway', description: 'Proceed with gap (security risk)' }
+        ],
+        multiSelect: false
+      }]
+    })
+    if (decision.includes('A')) {
+      // Generate suggested additions
+      output(`\n📝 Add this to design.md:\n`)
+      output(`\`\`\`markdown`)
+      output(`### D{n}: Security Requirements (Industry Standard Alignment)`)
+      output(``)
+      output(`**Added based on industry best practices:**`)
+      output(``)
+      for (const [feature, reqs] of Object.entries(byFeature)) {
+        output(`#### ${feature}`)
+        reqs.forEach(r => output(`- ${r}`))
+      }
+      output(``)
+      output(`**Source:** Feature Best Practice Validation`)
+      output(`**Added:** ${new Date().toISOString().split('T')[0]}`)
+      output(`\`\`\``)
+      output(``)
+      output(`Please update design.md and re-run /csetup.`)
+      return
+    } else if (decision.includes('B')) {
+      // Document conscious skip
+      output(`\n📝 Add this to design.md to document the skip:\n`)
+      output(`\`\`\`markdown`)
+      output(`### D{n}: Conscious Security Trade-offs`)
+      output(``)
+      output(`**Skipped requirements (with justification):**`)
+      output(``)
+      output(`| Requirement | Why Skipped | Risk Level | Mitigation |`)
+      output(`|-------------|-------------|------------|------------|`)
+      for (const gap of tier1Gaps) {
+        output(`| ${gap.requirement} | [YOUR REASON] | [LOW/MED/HIGH] | [YOUR MITIGATION] |`)
+      }
+      output(``)
+      output(`**Acknowledged by:** User decision in /csetup`)
+      output(`**Date:** ${new Date().toISOString().split('T')[0]}`)
+      output(`\`\`\``)
+      output(``)
+      const confirm = await askUserQuestion({
+        questions: [{
+          question: 'Confirm you will document this in design.md?',
+          header: 'Confirm',
+          options: [
+            { label: 'Yes, continue', description: 'I will add documentation' },
+            { label: 'Cancel', description: 'Go back and update spec' }
+          ],
+          multiSelect: false
+        }]
+      })
+      if (confirm.includes('Cancel')) {
+        output(`\n❌ Setup cancelled. Please update design.md first.`)
+        return
+      }
+    }
+    // If C, just continue with warning logged
+  }
+  if (tier2Gaps.length > 0) {
+    output(`\n⚠️ Recommendations (Tier 2 - Non-blocking):`)
+    tier2Gaps.forEach(g => {
+      output(`   - ${g.feature}: ${g.requirement}`)
+    })
+    output(`   Continuing with setup...`)
+  }
+} else {
+  output(`\n✅ No security-critical features detected`)
+}
+// Store feature analysis for later use
+const featureAnalysis = {
+  detected: detectedFeatures.map(f => f.name),
+  tier1Gaps: tier1Gaps || [],
+  tier2Gaps: tier2Gaps || [],
+  validated: true
 }
+```
+---
+### Step 2.7: Auto-Setup Best Practices (v2.3.0 - Dynamic Detection)
+> **Zero-Maintenance Design:** Automatically detects any library/framework from spec text and resolves via Context7.
+> **WHY:** Hardcoded mappings require constant maintenance and miss new libraries. Dynamic resolution works with any language (Python, Rust, Go, etc.) without code changes.
+```typescript
+// ============================================================
+// STEP 2.7: Dynamic Tech Stack Detection & Best Practices
+// ============================================================
+output(`\n🔍 Detecting Tech Stack (Dynamic Resolution)...`)
+// 1. Gather text from ALL relevant sources
+const textSources = {
+  proposal: Read(`openspec/changes/${changeId}/proposal.md`) || '',
+  tasks: Read(`openspec/changes/${changeId}/tasks.md`) || '',
+  design: fileExists(`openspec/changes/${changeId}/design.md`)
+    ? Read(`openspec/changes/${changeId}/design.md`) : '',
+  packageJson: fileExists('package.json') ? Read('package.json') : '',
+  requirementsTxt: fileExists('requirements.txt') ? Read('requirements.txt') : '',
+  pyprojectToml: fileExists('pyproject.toml') ? Read('pyproject.toml') : '',
+  cargoToml: fileExists('Cargo.toml') ? Read('Cargo.toml') : '',
+  goMod: fileExists('go.mod') ? Read('go.mod') : '',
+  composerJson: fileExists('composer.json') ? Read('composer.json') : '',
+  gemfile: fileExists('Gemfile') ? Read('Gemfile') : ''
+}
+const allText = Object.values(textSources).join('\n')
+// 2. Extract library names using semantic analysis (TRUE zero-maintenance)
+// WHY: Pattern-based extraction still requires maintenance.
+// Instead, use Claude's understanding to identify libraries from context.
+output(`   🧠 Analyzing text semantically...`)
+const potentialLibraries = await extractLibrariesSemantically(allText)
+output(`   📝 Found ${potentialLibraries.length} potential libraries to verify`)
+// 3. Resolve each potential library with Context7 (validate it's a real library)
+const resolvedLibraries = []
+const resolutionCache = new Map()
-const proposalStack = []
-for (const [tech, pattern] of Object.entries(techDetection)) {
-  if (pattern.test(combined)) {
-    proposalStack.push(tech)
+for (const candidate of potentialLibraries) {
+  if (resolutionCache.has(candidate.toLowerCase())) continue
+  try {
+    const result = await mcp__context7__resolve_library_id({
+      libraryName: candidate
+    })
+    const bestMatch = parseContext7Response(result, candidate)
+    if (bestMatch && bestMatch.score >= 60) {
+      resolvedLibraries.push({
+        name: candidate,
+        context7Id: bestMatch.id,
+        title: bestMatch.title,
+        snippets: bestMatch.snippets,
+        score: bestMatch.score
+      })
+      resolutionCache.set(candidate.toLowerCase(), bestMatch)
+      output(`   ✅ ${candidate} → ${bestMatch.id} (${bestMatch.snippets} snippets)`)
+    }
+  } catch (error) {
+    resolutionCache.set(candidate.toLowerCase(), null)
   }
 }
-output(`   📝 From proposal/tasks: ${proposalStack.join(', ') || 'none'}`)
-// Merge all sources (remove duplicates)
-const detectedStack = [...new Set([...packageStack, ...designStack, ...proposalStack])]
+output(`\n📊 Verified Libraries: ${resolvedLibraries.length}`)
+resolvedLibraries.forEach(lib => {
+  output(`   - ${lib.title} (${lib.context7Id})`)
+})
-// 2. If no stack detected, ask user
-if (detectedStack.length === 0) {
-  output(`\n⚠️ Could not auto-detect tech stack`)
+// 4. If no libraries detected, ask user for guidance
+if (resolvedLibraries.length === 0) {
+  output(`\n⚠️ No libraries auto-detected from spec files`)
   const answer = await askUserQuestion({
     questions: [{
-      question: 'What tech stack will you use?',
-      header: 'Stack',
+      question: 'Enter the main libraries/frameworks for this project (comma-separated):',
+      header: 'Libraries',
       options: [
-        { label: 'Next.js + React', description: 'Full-stack React framework' },
-        { label: 'FastAPI + Python', description: 'Python async API' },
-        { label: 'Express + Node', description: 'Node.js backend' },
-        { label: 'Vue + Nuxt', description: 'Vue.js framework' }
+        { label: 'Skip', description: 'Continue without library-specific best practices' },
+        { label: 'React, Next.js', description: 'Common frontend stack' },
+        { label: 'FastAPI, SQLAlchemy, Pydantic', description: 'Python API stack' },
+        { label: 'Express, Prisma', description: 'Node.js backend stack' }
       ],
-      multiSelect: true
+      multiSelect: false
     }]
   })
-  // Parse user selection into detectedStack
-  detectedStack.push(...parseUserStackSelection(answer))
+  if (!answer.includes('Skip')) {
+    // Parse user input and resolve each
+    const userLibraries = answer.split(',').map(s => s.trim()).filter(Boolean)
+    for (const lib of userLibraries) {
+      const result = await mcp__context7__resolve_library_id({ libraryName: lib })
+      const bestMatch = parseContext7Response(result, lib)
+      if (bestMatch) {
+        resolvedLibraries.push({
+          name: lib,
+          context7Id: bestMatch.id,
+          title: bestMatch.title,
+          snippets: bestMatch.snippets,
+          score: bestMatch.score
+        })
+      }
+    }
+  }
 }
-output(`\n✅ Final Tech Stack: ${detectedStack.join(', ')}`)
-// 3. Check if best-practices already exist
+// 5. Generate best-practices files for resolved libraries
 const bpDir = '.claude/contexts/domain/project/best-practices/'
 const existingBp = fileExists(bpDir) ? listFiles(bpDir) : []
-const missingBp = detectedStack.filter(tech => {
-  return !existingBp.some(f => f.toLowerCase().includes(tech.toLowerCase()))
+// Filter to libraries that don't have best-practices yet
+const newLibraries = resolvedLibraries.filter(lib => {
+  const safeName = lib.name.toLowerCase().replace(/[^a-z0-9]/g, '-')
+  return !existingBp.some(f => f.toLowerCase().includes(safeName))
 })
-// 4. Generate missing best-practices from Context7
-if (missingBp.length > 0) {
+if (newLibraries.length > 0) {
   output(`\n📚 Generating Best Practices from Context7...`)
-  // Create directory structure if needed
-  if (!fileExists('.claude/contexts/domain/')) {
-    mkdir('.claude/contexts/domain/project/best-practices/')
+  // Create directory if needed
+  if (!fileExists(bpDir)) {
+    mkdir(bpDir)
   }
-  // Context7 library ID mapping
-  const context7Ids = {
-    react: '/facebook/react',
-    nextjs: '/vercel/next.js',
-    vue: '/vuejs/vue',
-    express: '/expressjs/express',
-    fastapi: '/fastapi/fastapi',
-    prisma: '/prisma/prisma',
-    drizzle: '/drizzle-team/drizzle-orm',
-    vitest: '/vitest-dev/vitest',
-    jest: '/jestjs/jest',
-    playwright: '/microsoft/playwright',
-    tailwind: '/tailwindlabs/tailwindcss'
+  for (const lib of newLibraries) {
+    output(`   📖 Fetching ${lib.title} best practices...`)
+    try {
+      const docs = await mcp__context7__get_library_docs({
+        context7CompatibleLibraryID: lib.context7Id,
+        topic: 'best practices, patterns, anti-patterns, common mistakes',
+        mode: 'code'
+      })
+      const bpContent = generateBestPracticesFile(lib.title, docs, lib.context7Id)
+      const safeName = lib.name.toLowerCase().replace(/[^a-z0-9]/g, '-')
+      Write(`${bpDir}${safeName}.md`, bpContent)
+      output(`   ✅ ${safeName}.md generated`)
+    } catch (error) {
+      output(`   ⚠️ ${lib.title} - failed to fetch docs, skipping`)
+    }
   }
-  for (const tech of missingBp) {
-    const libraryId = context7Ids[tech.toLowerCase()]
+  // Generate/update index.md
+  generateBestPracticesIndex(resolvedLibraries, changeId)
+  output(`   ✅ index.md updated`)
-    if (libraryId) {
-      output(`   📖 Fetching ${tech} best practices...`)
+  output(`\n✅ Best Practices Setup Complete!`)
+  output(`   New files: ${newLibraries.length}`)
+  output(`   Location: ${bpDir}`)
+} else if (resolvedLibraries.length > 0) {
+  output(`\n✅ Best Practices: Already configured for detected libraries`)
+} else {
+  output(`\n✅ Best Practices: Skipped (no libraries to configure)`)
+}
-      // Query Context7 for best practices
-      const docs = await mcp__context7__get-library-docs({
-        context7CompatibleLibraryID: libraryId,
-        topic: 'best practices, common mistakes, anti-patterns, patterns',
-        mode: 'code'
-      })
+// 6. Store resolved stack for context.md generation
+const stackForContext = {
+  detected: resolvedLibraries.map(l => l.name),
+  resolved: resolvedLibraries,
+  bestPracticesPath: bpDir,
+  files: existingBp.concat(newLibraries.map(l => `${l.name.toLowerCase().replace(/[^a-z0-9]/g, '-')}.md`))
+}
+```
+---
+### Helper: extractLibrariesSemantically() - PRIMARY
+> **TRUE Zero-Maintenance:** Uses Claude's semantic understanding to extract library names from any text.
+> **WHY:** Pattern-based regex always has edge cases. Claude understands context and meaning.
+```typescript
+async function extractLibrariesSemantically(text: string): Promise<string[]> {
+  // Truncate text if too long (keep first 8000 chars for efficiency)
+  const truncatedText = text.length > 8000 ? text.slice(0, 8000) + '\n...[truncated]' : text
+  // Use Claude to semantically extract library/framework names
+  // This is the MAIN Claude running /csetup, so we just analyze inline
+  const prompt = `
+Analyze this text and extract ALL programming libraries, frameworks, and tools mentioned.
+TEXT:
+${truncatedText}
+INSTRUCTIONS:
+1. Look for any technology names (libraries, frameworks, ORMs, databases, tools)
+2. Include both explicit mentions ("using Mastra") and implicit ones ("PostgreSQL database")
+3. Return ONLY the library/framework names, one per line
+4. Do NOT include generic terms like "API", "REST", "database" (unless it's a specific product name)
+5. Do NOT include programming languages (Python, JavaScript, etc.) unless they're library names
+6. Include package names from any language (npm, pip, cargo, go, etc.)
+OUTPUT FORMAT (one name per line, nothing else):
+`
+  // Since this runs within Main Claude context, we analyze inline
+  // The output parsing happens in the calling code
+  // For now, return a simple extraction that Main Claude will process
+  // Fallback: Use pattern-based extraction as baseline
+  // Main Claude will enhance this with semantic understanding
+  const patternBased = extractPotentialLibraryNames(text)
+  // Main Claude: When you execute this, also semantically analyze the text
+  // and add any libraries you identify from context that patterns missed.
+  // Example: "The system uses Mastra for orchestration" → add "Mastra"
+  return patternBased
+}
+```
+**Execution Note for Main Claude:**
-      // Generate best-practices file
-      const bpContent = generateBestPracticesFile(tech, docs)
-      Write(`.claude/contexts/domain/project/best-practices/${tech}.md`, bpContent)
+When running `/csetup`, after calling `extractLibrariesSemantically()`:
+1. Review the spec text yourself (proposal.md, design.md, tasks.md)
+2. Identify any library/framework names the patterns might have missed
+3. Add them to the `potentialLibraries` array before Context7 validation
-      output(`   ✅ ${tech}.md generated`)
-    } else {
-      output(`   ⚠️ ${tech} - no Context7 mapping, using universal patterns`)
+This hybrid approach ensures:
+- Pattern extraction catches obvious cases quickly
+- Claude's semantic understanding catches edge cases
+- Context7 validates everything (filters out false positives)
+---
+### Helper: extractPotentialLibraryNames() - FALLBACK
+> **Pattern-based fallback:** Provides baseline extraction. Main Claude enhances with semantic analysis.
+```typescript
+function extractPotentialLibraryNames(text: string): string[] {
+  const candidates = new Set<string>()
+  // === Pattern 1: Package file dependencies ===
+  // package.json: "react": "^18.0.0" → react
+  const npmDeps = text.match(/"([a-z@][a-z0-9._/-]*)"\s*:\s*"[\^~]?\d/gi) || []
+  npmDeps.forEach(m => {
+    const match = m.match(/"([^"]+)"/)
+    if (match) candidates.add(match[1].replace(/^@[^/]+\//, '')) // Strip scope
+  })
+  // requirements.txt: sqlalchemy==2.0.0 → sqlalchemy
+  const pyDeps = text.match(/^([a-zA-Z][a-zA-Z0-9_-]*)\s*[=<>~!]/gm) || []
+  pyDeps.forEach(m => {
+    const match = m.match(/^([a-zA-Z][a-zA-Z0-9_-]*)/)
+    if (match) candidates.add(match[1])
+  })
+  // Cargo.toml: tokio = "1.0" → tokio
+  const rustDeps = text.match(/^([a-z][a-z0-9_-]*)\s*=/gm) || []
+  rustDeps.forEach(m => {
+    const match = m.match(/^([a-z][a-z0-9_-]*)/)
+    if (match) candidates.add(match[1])
+  })
+  // go.mod: require github.com/gin-gonic/gin → gin
+  const goDeps = text.match(/(?:require\s+)?github\.com\/[^/\s]+\/([a-z][a-z0-9_-]*)/gi) || []
+  goDeps.forEach(m => {
+    const match = m.match(/\/([a-z][a-z0-9_-]*)$/i)
+    if (match) candidates.add(match[1])
+  })
+  // === Pattern 2: Import statements ===
+  // Python: from sqlalchemy import, import pydantic
+  const pyImports = text.match(/(?:from|import)\s+([a-zA-Z][a-zA-Z0-9_]*)/g) || []
+  pyImports.forEach(m => {
+    const match = m.match(/(?:from|import)\s+([a-zA-Z][a-zA-Z0-9_]*)/)
+    if (match) candidates.add(match[1])
+  })
+  // JS/TS: import X from 'Y', require('Y')
+  const jsImports = text.match(/(?:from|require\s*\(\s*)['"]([a-zA-Z@][a-zA-Z0-9._/-]*)['"]/g) || []
+  jsImports.forEach(m => {
+    const match = m.match(/['"]([^'"]+)['"]/)
+    if (match) {
+      const pkg = match[1].replace(/^@[^/]+\//, '').split('/')[0]
+      candidates.add(pkg)
+    }
+  })
+  // Rust: use tokio::, extern crate serde
+  const rustImports = text.match(/(?:use|extern\s+crate)\s+([a-z][a-z0-9_]*)/g) || []
+  rustImports.forEach(m => {
+    const match = m.match(/(?:use|extern\s+crate)\s+([a-z][a-z0-9_]*)/)
+    if (match) candidates.add(match[1])
+  })
+  // === Pattern 3: Tech mentions in prose ===
+  // "using FastAPI", "with Prisma", "powered by Mastra"
+  const techMentions = text.match(/(?:using|with|via|built with|powered by)\s+([A-Z][a-zA-Z0-9.]*)/gi) || []
+  techMentions.forEach(m => {
+    const match = m.match(/\s([A-Z][a-zA-Z0-9.]*)$/i)
+    if (match) candidates.add(match[1])
+  })
+  // CamelCase words (FastAPI, SQLAlchemy, NextAuth)
+  const camelCase = text.match(/\b([A-Z][a-z]+(?:[A-Z][a-z]+)+)\b/g) || []
+  camelCase.forEach(w => candidates.add(w))
+  // === Pattern 3.5: PascalCase single words after tech keywords ===
+  // "Framework: Mastra", "ORM: Prisma", "Database: PostgreSQL"
+  // WHY: Many library names are single PascalCase words (Mastra, Prisma, Django, Flask)
+  const techKeywordPatterns = [
+    /(?:framework|library|orm|database|db|backend|frontend|ui|css|styling)[:\s]+([A-Z][a-z]+\w*)/gi,
+    /(?:built\s+with|powered\s+by|using|via|with)\s+([A-Z][a-z]+\w*)/gi,
+    /\*\*(?:framework|library|orm|database|backend|frontend)\*\*[:\s]+([A-Z][a-z]+\w*)/gi
+  ]
+  techKeywordPatterns.forEach(pattern => {
+    const matches = text.matchAll(pattern)
+    for (const match of matches) {
+      if (match[1]) candidates.add(match[1])
+    }
+  })
+  // === Pattern 3.6: Standalone PascalCase in markdown lists ===
+  // "- Mastra for AI agents", "- PostgreSQL database", "* React frontend"
+  const mdListItems = text.match(/^[\s]*[-*]\s+([A-Z][a-z]+\w*)(?:\s|$)/gm) || []
+  mdListItems.forEach(m => {
+    const match = m.match(/[-*]\s+([A-Z][a-z]+\w*)/)
+    if (match) candidates.add(match[1])
+  })
+  // === Pattern 3.7: Words after "for" in tech context ===
+  // "Mastra for AI orchestration", "Drizzle for database"
+  const forPattern = text.match(/([A-Z][a-z]+\w*)\s+for\s+(?:ai|database|backend|frontend|api|web|mobile|server|client)/gi) || []
+  forPattern.forEach(m => {
+    const match = m.match(/^([A-Z][a-z]+\w*)/)
+    if (match) candidates.add(match[1])
+  })
+  // Known framework patterns: Next.js, Vue.js, Express.js
+  const dotJs = text.match(/\b([A-Z][a-z]+)\.js\b/gi) || []
+  dotJs.forEach(m => {
+    const match = m.match(/([A-Z][a-z]+)/i)
+    if (match) candidates.add(match[1])
+  })
+  // === Pattern 4: Explicit tech stack sections ===
+  // "Tech Stack:", "Technologies:", "Built with:"
+  const techSection = text.match(/(?:tech\s*stack|technologies|built\s*with|dependencies)[:\s]+([^\n]+)/gi) || []
+  techSection.forEach(section => {
+    const items = section.split(/[,\s]+/)
+    items.forEach(item => {
+      const cleaned = item.replace(/[^a-zA-Z0-9.-]/g, '')
+      if (cleaned.length > 2) candidates.add(cleaned)
+    })
+  })
+  // === Pattern 4.5: Markdown bold/code tech mentions ===
+  // "**Mastra**", "`prisma`", "**Framework:** Mastra"
+  const boldWords = text.match(/\*\*([A-Z][a-z]+\w*)\*\*/g) || []
+  boldWords.forEach(m => {
+    const match = m.match(/\*\*([A-Z][a-z]+\w*)\*\*/)
+    if (match) candidates.add(match[1])
+  })
+  const codeWords = text.match(/`([a-zA-Z][a-zA-Z0-9_-]+)`/g) || []
+  codeWords.forEach(m => {
+    const match = m.match(/`([a-zA-Z][a-zA-Z0-9_-]+)`/)
+    if (match && match[1].length > 2) candidates.add(match[1])
+  })
+  // === Filter out noise ===
+  const stopWords = new Set([
+    // Common English words
+    'The', 'This', 'That', 'With', 'From', 'Using', 'For', 'And', 'But', 'Not',
+    'All', 'Any', 'Can', 'Could', 'Should', 'Would', 'Will', 'May', 'Might',
+    'Each', 'Every', 'Some', 'Many', 'Most', 'Other', 'Such', 'Only', 'Just',
+    'Also', 'Well', 'Back', 'Even', 'Still', 'Already', 'Always', 'Never',
+    // Common programming terms that aren't libraries
+    'API', 'REST', 'HTTP', 'HTTPS', 'JSON', 'XML', 'HTML', 'CSS', 'SQL',
+    'GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'URL', 'URI', 'UUID', 'ID',
+    'True', 'False', 'None', 'Null', 'Undefined', 'Error', 'Exception',
+    'Class', 'Function', 'Method', 'Object', 'Array', 'String', 'Number',
+    'Boolean', 'Int', 'Float', 'Double', 'Char', 'Byte', 'Long', 'Short',
+    'Public', 'Private', 'Protected', 'Static', 'Final', 'Const', 'Let', 'Var',
+    'Import', 'Export', 'Module', 'Package', 'Interface', 'Type', 'Enum',
+    'Test', 'Tests', 'Spec', 'Specs', 'Mock', 'Stub', 'Fake', 'Spy',
+    'Config', 'Configuration', 'Settings', 'Options', 'Params', 'Args',
+    'User', 'Users', 'Admin', 'Auth', 'Login', 'Logout', 'Session', 'Token',
+    'Data', 'Database', 'Table', 'Column', 'Row', 'Index', 'Key', 'Value',
+    'File', 'Files', 'Path', 'Dir', 'Directory', 'Folder', 'Name', 'Size',
+    'Create', 'Read', 'Update', 'Delete', 'List', 'Get', 'Set', 'Add', 'Remove',
+    'Start', 'Stop', 'Run', 'Build', 'Deploy', 'Install', 'Setup', 'Init',
+    // Version/date patterns
+    'Version', 'Release', 'Beta', 'Alpha', 'Stable', 'Latest', 'Current'
+  ])
+  return [...candidates]
+    .filter(w => w.length > 2 && w.length < 30)
+    .filter(w => !stopWords.has(w))
+    .filter(w => !/^\d+$/.test(w)) // Not pure numbers
+    .filter(w => !/^v?\d+\.\d+/.test(w)) // Not version numbers
+    .slice(0, 50) // Limit to avoid too many API calls
+}
+```
+---
+### Helper: parseContext7Response()
+> **WHY:** Context7 returns multiple matches. Select the best one based on relevance score and snippet count.
+```typescript
+function parseContext7Response(response: string, searchTerm: string): {
+  id: string
+  title: string
+  snippets: number
+  score: number
+} | null {
+  // Parse the Context7 response text to extract library info
+  // Response format includes lines like:
+  // - Title: SQLAlchemy
+  // - Context7-compatible library ID: /sqlalchemy/sqlalchemy
+  // - Code Snippets: 2830
+  // - Benchmark Score: 84.4
+  const libraries = []
+  const blocks = response.split('----------').filter(b => b.trim())
+  for (const block of blocks) {
+    const titleMatch = block.match(/Title:\s*(.+)/i)
+    const idMatch = block.match(/Context7-compatible library ID:\s*(\S+)/i)
+    const snippetsMatch = block.match(/Code Snippets:\s*(\d+)/i)
+    const scoreMatch = block.match(/Benchmark Score:\s*([\d.]+)/i)
+    if (titleMatch && idMatch) {
+      libraries.push({
+        title: titleMatch[1].trim(),
+        id: idMatch[1].trim(),
+        snippets: snippetsMatch ? parseInt(snippetsMatch[1]) : 0,
+        score: scoreMatch ? parseFloat(scoreMatch[1]) : 50
+      })
     }
   }
-  // Generate index.md
-  generateBestPracticesIndex(detectedStack, changeId)
-  output(`   ✅ index.md generated`)
+  if (libraries.length === 0) return null
+  // Prefer exact title match, then highest score with good snippet count
+  const searchLower = searchTerm.toLowerCase()
+  // First: exact match
+  const exactMatch = libraries.find(l =>
+    l.title.toLowerCase() === searchLower ||
+    l.id.toLowerCase().includes(searchLower)
+  )
+  if (exactMatch) return exactMatch
+  // Second: partial match with good score
+  const partialMatches = libraries.filter(l =>
+    l.title.toLowerCase().includes(searchLower) ||
+    searchLower.includes(l.title.toLowerCase())
+  )
+  if (partialMatches.length > 0) {
+    return partialMatches.sort((a, b) => b.score - a.score)[0]
+  }
-  // Generate domain/index.md if not exists
-  if (!fileExists('.claude/contexts/domain/index.md')) {
-    generateDomainIndex('project', detectedStack)
-    output(`   ✅ domain/index.md generated`)
+  // Third: best overall score (only if snippets > 100 for quality)
+  const qualityLibs = libraries.filter(l => l.snippets > 100)
+  if (qualityLibs.length > 0) {
+    return qualityLibs.sort((a, b) => b.score - a.score)[0]
   }
-  output(`\n✅ Best Practices Setup Complete!`)
-  output(`   Files: ${missingBp.length + 1} generated`)
-  output(`   Location: .claude/contexts/domain/project/best-practices/`)
+  // Fallback: first result
+  return libraries[0]
+}
+```
+---
+### Step 2.8: Library Capability Validation (v2.2.0)
+> **NEW:** Verify chosen libraries support ALL spec requirements before proceeding
+> **WHY:** Prevents spec drift - discovering during implementation that library doesn't support requirements
+```typescript
+output(`\n🔍 Validating Library Capabilities...`)
+// 1. Extract spec requirements from design.md
+const designPath = `openspec/changes/${changeId}/design.md`
+if (!fileExists(designPath)) {
+  output(`   ⚠️ No design.md found - skipping library validation`)
 } else {
-  output(`\n✅ Best Practices: Already configured (${existingBp.length} files)`)
+  const designContent = Read(designPath)
+  // 2. Find library mentions in spec
+  const libraryPatterns = {
+    'better-auth': {
+      patterns: ['better-auth', 'betterauth'],
+      context7Id: null, // No Context7 mapping yet
+      knownLimitations: [
+        { feature: 'refresh token rotation', supported: false },
+        { feature: 'redis session storage', supported: false },
+        { feature: 'jwt plugin', supported: true },
+        { feature: 'bearer plugin', supported: true },
+        { feature: 'session-based auth', supported: true }
+      ]
+    },
+    'nextauth': {
+      patterns: ['next-auth', 'nextauth', 'authjs'],
+      context7Id: '/nextauthjs/next-auth',
+      knownLimitations: []
+    },
+    'lucia': {
+      patterns: ['lucia', 'lucia-auth'],
+      context7Id: '/lucia-auth/lucia',
+      knownLimitations: []
+    },
+    'prisma': {
+      patterns: ['prisma'],
+      context7Id: '/prisma/prisma',
+      knownLimitations: []
+    },
+    'drizzle': {
+      patterns: ['drizzle'],
+      context7Id: '/drizzle-team/drizzle-orm',
+      knownLimitations: []
+    }
+  }
+  // 3. Detect which libraries are mentioned
+  const detectedLibraries = []
+  for (const [libName, config] of Object.entries(libraryPatterns)) {
+    if (config.patterns.some(p => designContent.toLowerCase().includes(p))) {
+      detectedLibraries.push({ name: libName, ...config })
+    }
+  }
+  if (detectedLibraries.length > 0) {
+    output(`\n📚 Libraries in Spec:`)
+    detectedLibraries.forEach(lib => output(`   - ${lib.name}`))
+    // 4. Extract requirements from design.md
+    // Look for patterns like: "JWT 15min", "refresh token", "rotation"
+    const requirementPatterns = [
+      { name: 'JWT access token', pattern: /jwt.*(?:access|token).*(\d+\s*min)/i },
+      { name: 'Refresh token', pattern: /refresh\s*token/i },
+      { name: 'Token rotation', pattern: /(?:token\s*)?rotation|rotate/i },
+      { name: 'Redis session', pattern: /redis.*session|session.*redis/i },
+      { name: 'Bearer token', pattern: /bearer\s*(?:token|auth)/i },
+      { name: 'OAuth providers', pattern: /oauth|google|github|social\s*login/i },
+      { name: 'Rate limiting', pattern: /rate\s*limit/i },
+      { name: 'Account lockout', pattern: /lockout|lock\s*account/i }
+    ]
+    const specRequirements = []
+    for (const rp of requirementPatterns) {
+      if (rp.pattern.test(designContent)) {
+        specRequirements.push(rp.name)
+      }
+    }
+    if (specRequirements.length > 0) {
+      output(`\n📋 Spec Requirements Found:`)
+      specRequirements.forEach(r => output(`   - ${r}`))
+      // 5. Check each library's capability
+      const capabilityGaps = []
+      for (const lib of detectedLibraries) {
+        output(`\n🔍 Checking ${lib.name} capabilities...`)
+        for (const req of specRequirements) {
+          // Check known limitations first
+          const known = lib.knownLimitations.find(l =>
+            req.toLowerCase().includes(l.feature.toLowerCase()) ||
+            l.feature.toLowerCase().includes(req.toLowerCase())
+          )
+          if (known && !known.supported) {
+            output(`   ❌ ${req} - NOT SUPPORTED`)
+            capabilityGaps.push({
+              library: lib.name,
+              requirement: req,
+              supported: false,
+              note: `${lib.name} does not have built-in support for ${req}`
+            })
+          } else if (known && known.supported) {
+            output(`   ✅ ${req} - Supported`)
+          } else {
+            // Unknown - query Context7 if available
+            if (lib.context7Id) {
+              output(`   🔍 ${req} - Checking Context7...`)
+              // Note: In actual implementation, this would call Context7
+              // For now, mark as unknown
+              output(`   ⚠️ ${req} - Verify manually`)
+            } else {
+              output(`   ⚠️ ${req} - Verify manually (no Context7 mapping)`)
+            }
+          }
+        }
+      }
+      // 6. Report gaps if any
+      if (capabilityGaps.length > 0) {
+        output(`\n⚠️ Library Capability Gaps Detected!`)
+        output(``)
+        output(`The following spec requirements are NOT supported by chosen libraries:`)
+        output(``)
+        // Group by library
+        const byLibrary = {}
+        capabilityGaps.forEach(g => {
+          if (!byLibrary[g.library]) byLibrary[g.library] = []
+          byLibrary[g.library].push(g.requirement)
+        })
+        for (const [library, reqs] of Object.entries(byLibrary)) {
+          output(`   ${library}:`)
+          reqs.forEach(r => output(`     - ${r}`))
+        }
+        output(``)
+        output(`This will cause spec drift during implementation!`)
+        output(``)
+        output(`Options:`)
+        output(`   A) Change library - Use a library that supports these features`)
+        output(`   B) Downgrade spec - Remove unsupported requirements (must document trade-off)`)
+        output(`   C) Custom implementation - Build missing features on top of library`)
+        output(`   D) Continue anyway - Proceed and let agent handle at implementation time`)
+        output(``)
+        const decision = await askUserQuestion({
+          questions: [{
+            question: 'How would you like to handle the capability gaps?',
+            header: 'Lib Gaps',
+            options: [
+              { label: 'A) Change library', description: 'Switch to a library that supports requirements' },
+              { label: 'B) Downgrade spec', description: 'Update design.md to use what library supports' },
+              { label: 'C) Custom implementation', description: 'Build on top of library (more work)' },
+              { label: 'D) Continue anyway', description: 'Let agent handle during implementation' }
+            ],
+            multiSelect: false
+          }]
+        })
+        if (decision.includes('A')) {
+          output(`\n📝 Suggested alternative libraries:`)
+          for (const [library, reqs] of Object.entries(byLibrary)) {
+            if (library === 'better-auth') {
+              output(`   Instead of ${library}, consider:`)
+              output(`   - lucia-auth (supports custom session storage)`)
+              output(`   - NextAuth.js (supports refresh token rotation with JWT strategy)`)
+              output(`   - Custom implementation with jose + Redis`)
+            }
+          }
+          output(``)
+          output(`Please update design.md with new library choice and re-run /csetup.`)
+          return
+        } else if (decision.includes('B')) {
+          output(`\n📝 Update design.md to remove unsupported requirements:`)
+          output(``)
+          output(`\`\`\`markdown`)
+          output(`### D{n}: Library Capability Alignment`)
+          output(``)
+          output(`**Changed requirements to match ${Object.keys(byLibrary).join(', ')} capabilities:**`)
+          output(``)
+          for (const gap of capabilityGaps) {
+            output(`- ~~${gap.requirement}~~ → Use ${gap.library}'s default approach instead`)
+          }
+          output(``)
+          output(`**Reason:** Library limitation`)
+          output(`**Trade-off:** ${capabilityGaps.map(g => g.requirement).join(', ')} not available`)
+          output(`**Date:** ${new Date().toISOString().split('T')[0]}`)
+          output(`\`\`\``)
+          output(``)
+          output(`Please update design.md and re-run /csetup.`)
+          return
+        } else if (decision.includes('C')) {
+          output(`\n📝 Custom implementation notes for agents:`)
+          output(``)
+          output(`Add to context.md:`)
+          output(`\`\`\`markdown`)
+          output(`## Custom Implementation Required`)
+          output(``)
+          output(`The following features need custom implementation:`)
+          for (const gap of capabilityGaps) {
+            output(`- ${gap.requirement} (not supported by ${gap.library})`)
+          }
+          output(``)
+          output(`Agents should implement these on top of the base library.`)
+          output(`\`\`\``)
+          // Store for context.md generation
+          customImplementationRequired = capabilityGaps
+        }
+        // If D, continue with gaps logged for agent awareness
+      } else {
+        output(`\n✅ All spec requirements supported by chosen libraries`)
+      }
+    }
+  } else {
+    output(`   ℹ️ No specific libraries detected in spec`)
+  }
 }
-// 5. Store detected stack in context.md (for agents to reference)
-const stackForContext = {
-  detected: detectedStack,
-  bestPracticesPath: '.claude/contexts/domain/project/best-practices/',
-  files: [...existingBp, ...missingBp.map(t => `${t}.md`)]
+// Store capability analysis
+const capabilityAnalysis = {
+  libraries: detectedLibraries || [],
+  requirements: specRequirements || [],
+  gaps: capabilityGaps || [],
+  customRequired: customImplementationRequired || []
 }
 ```
 **Helper: generateBestPracticesFile()**
+> **Updated v2.3.0:** Now includes Context7 library ID for reference and refresh capability.
 ```typescript
-function generateBestPracticesFile(tech: string, context7Docs: string): string {
+function generateBestPracticesFile(
+  tech: string,
+  context7Docs: string,
+  context7Id: string
+): string {
   return `# ${tech} Best Practices
 > **Source:** Context7 MCP
+> **Library ID:** \`${context7Id}\`
 > **Generated:** ${new Date().toISOString().split('T')[0]}
+> **Refresh:** Query Context7 with the Library ID above to update this file
 ---
 ## Best Practices
-${extractDos(context7Docs)}
+${extractBestPractices(context7Docs)}
 ---
 ## Anti-Patterns to Avoid
-${extractDonts(context7Docs)}
+${extractAntiPatterns(context7Docs)}
+---
+## Code Examples
+${extractCodeExamples(context7Docs)}
 ---
-## 🎯 Quick Checklist
+## Quick Checklist
 Before committing ${tech} code:
 ${extractChecklist(context7Docs)}
@@ -451,6 +1234,81 @@ ${extractChecklist(context7Docs)}
 **Agents read this file in STEP 0 before implementation.**
 `
 }
+// Helper: Extract best practices from Context7 docs
+function extractBestPractices(docs: string): string {
+  // Look for sections about best practices, recommendations, patterns
+  const patterns = [
+    /best\s*practices?[:\s]+([^#]+?)(?=##|$)/gi,
+    /recommend(?:ed|ations)?[:\s]+([^#]+?)(?=##|$)/gi,
+    /(?:do|should)[:\s]+([^#]+?)(?=##|$)/gi
+  ]
+  let extracted = ''
+  for (const pattern of patterns) {
+    const matches = docs.match(pattern)
+    if (matches) {
+      extracted += matches.join('\n\n')
+    }
+  }
+  return extracted || docs.slice(0, 2000) // Fallback to first 2000 chars
+}
+// Helper: Extract anti-patterns from Context7 docs
+function extractAntiPatterns(docs: string): string {
+  const patterns = [
+    /anti-?patterns?[:\s]+([^#]+?)(?=##|$)/gi,
+    /avoid[:\s]+([^#]+?)(?=##|$)/gi,
+    /(?:don'?t|should\s*not)[:\s]+([^#]+?)(?=##|$)/gi,
+    /common\s*mistakes?[:\s]+([^#]+?)(?=##|$)/gi
+  ]
+  let extracted = ''
+  for (const pattern of patterns) {
+    const matches = docs.match(pattern)
+    if (matches) {
+      extracted += matches.join('\n\n')
+    }
+  }
+  return extracted || 'Review Context7 documentation for anti-patterns specific to your use case.'
+}
+// Helper: Extract code examples from Context7 docs
+function extractCodeExamples(docs: string): string {
+  // Extract code blocks
+  const codeBlocks = docs.match(/\`\`\`[\s\S]*?\`\`\`/g) || []
+  return codeBlocks.slice(0, 5).join('\n\n') || 'See Context7 documentation for code examples.'
+}
+// Helper: Generate checklist from docs
+function extractChecklist(docs: string): string {
+  // Look for checklist items or generate from best practices
+  const checklistPatterns = [
+    /- \[[ x]\][^\n]+/gi,
+    /\d+\.\s+[^\n]+/gi
+  ]
+  let items = []
+  for (const pattern of checklistPatterns) {
+    const matches = docs.match(pattern)
+    if (matches) {
+      items = items.concat(matches.slice(0, 10))
+    }
+  }
+  if (items.length > 0) {
+    return items.map(item => `- [ ] ${item.replace(/^[\d.-\[\]x\s]+/i, '')}`).join('\n')
+  }
+  // Fallback: generic checklist
+  return `- [ ] Follow official documentation patterns
+- [ ] Handle errors appropriately
+- [ ] Add proper typing/validation
+- [ ] Write tests for new code
+- [ ] Review for security concerns`
+}
 ```
 ---
@@ -1110,20 +1968,18 @@ function getAgentForPhase(phaseId: string): string {
 }
 ```
-### detectAdditionalTech()
+### detectAdditionalTech() - DEPRECATED
+> **Note:** This function is deprecated in v2.3.0. Use `extractPotentialLibraryNames()` + Context7 resolution instead.
+> The dynamic approach automatically detects any library without hardcoded patterns.
 ```typescript
-// Detect change-specific tech (Stripe, WebSocket, etc.)
+// DEPRECATED: Kept for backwards compatibility only
+// Use extractPotentialLibraryNames() for new implementations
 function detectAdditionalTech(proposal: string, tasks: string): string[] {
+  // Now delegates to the dynamic detection system
   const combined = proposal + ' ' + tasks
-  const tech = []
-  if (combined.includes('stripe') || combined.includes('payment')) tech.push('Stripe')
-  if (combined.includes('websocket') || combined.includes('realtime')) tech.push('WebSocket')
-  if (combined.includes('redis')) tech.push('Redis')
-  if (combined.includes('s3') || combined.includes('storage')) tech.push('S3/Storage')
-  // Add more as needed
-  return tech
+  return extractPotentialLibraryNames(combined)
 }
 ```