@codyswann/lisa 1.56.0 → 1.56.2

package/plugins/lisa-typescript/skills/agent-design-best-practices/SKILL.md

@@ -1,219 +0,0 @@
----
-name: agent-design-best-practices
-description: Best practices for designing Claude Code agent files (.claude/agents/*.md). This skill should be used when writing or reviewing agent markdown files to ensure proper design with focused domains, correct tool access, reusable definitions, and separation of capabilities from lifecycle. Combines Anthropic's official guidance with battle-tested patterns from agent team usage.
----
-
-# Agent Design Best Practices
-
-## Overview
-
-This skill defines best practices for designing Claude Code agent files (`.claude/agents/*.md`). Agent files define reusable roles that can be spawned as subagents or teammates. The core principle is that **agent files define capabilities, not lifecycle** -- the team lead's spawn prompt controls when and how the agent runs.
-
-## Principles
-
-### 1. Define Capabilities, Not Lifecycle
-
-Agent files describe *what* an agent can do. The spawn prompt from the team lead controls *when* it runs and *what to focus on*.
-
-```markdown
-<!-- Wrong: Hardcodes workflow phase and interaction pattern -->
-# Security Planner Agent
-
-You are a security specialist in a plan-create Agent Team.
-Given a Research Brief from the team lead, identify security
-considerations for the planned changes.
-
-## Output Format
-
-Send your sub-plan to the team lead via `SendMessage` with this structure:
-...
-```
-
-```markdown
-<!-- Correct: Defines domain expertise, team lead controls usage -->
-# Security Specialist Agent
-
-You are a security specialist who identifies vulnerabilities,
-evaluates threats, and recommends mitigations for code changes.
-
-## Analysis Process
-1. Read affected files
-2. STRIDE analysis
-3. Check input validation
-...
-```
-
-The wrong version is coupled to one workflow ("plan-create Agent Team", "Given a Research Brief", "Send via SendMessage"). The correct version works in any context -- planning, review, ad-hoc analysis -- because the team lead's spawn prompt provides the specific instructions.
-
-### 2. One Agent Per Domain, Not Per Phase
-
-Prefer a single agent that covers a domain over multiple agents split by workflow phase. The team lead specializes the agent per phase via the spawn prompt.
-
-| Wrong | Right |
-|-------|-------|
-| `security-planner` + `security-reviewer` | `security-specialist` |
-| `test-strategist` + `test-coverage-agent` | `test-specialist` |
-| `architecture-planner` + `architecture-reviewer` | `architecture-specialist` |
-
-The same agent type can be spawned multiple times with different prompts for different phases. A `security-specialist` spawned during planning gets "evaluate this plan for security risks" while the same type spawned during review gets "review these code changes for vulnerabilities."
-
-### 3. Design Focused Domains
-
-Each agent should excel at one specific domain. The domain should be broad enough to avoid workflow coupling but narrow enough to provide real expertise.
-
-```yaml
-# Too narrow (coupled to one workflow step)
-description: Performs STRIDE analysis on Research Briefs during plan-create Phase 2
-
-# Too broad (no clear expertise)
-description: General-purpose agent that can do anything
-
-# Just right (focused domain, reusable across workflows)
-description: Security specialist. Performs threat modeling (STRIDE), reviews code for OWASP Top 10 vulnerabilities, checks auth/validation/secrets handling.
-```
-
-### 4. Write Detailed Descriptions
-
-Claude uses the `description` field in YAML frontmatter to decide when to delegate tasks. Be specific about what the agent does and when it adds value.
-
-```yaml
-# Bad: Vague, Claude can't decide when to use it
-description: Reviews code
-
-# Good: Specific domain, clear trigger conditions
-description: Security specialist. Performs threat modeling (STRIDE), reviews code for OWASP Top 10 vulnerabilities, checks auth/validation/secrets handling, and recommends mitigations.
-```
-
-### 5. Limit Tool Access
-
-Grant only the tools necessary for the agent's domain. This enforces focus and prevents agents from exceeding their intended scope.
-
-| Agent Type | Appropriate Tools | Rationale |
-|-----------|-------------------|-----------|
-| Researcher / Reviewer | `Read, Grep, Glob, Bash` | Read-only analysis, no file modifications |
-| Implementer | `Read, Write, Edit, Bash, Grep, Glob` | Needs to modify code |
-| Planner | `Read, Grep, Glob` | Research only, no execution |
-
-Read-only agents cannot implement code. Do not assign implementation tasks to agents without `Write` and `Edit` tools.
-
-### 6. No Hardcoded Interaction Patterns
-
-Do not prescribe how the agent communicates or what input format it expects. The team lead's spawn prompt handles interaction patterns.
-
-```markdown
-<!-- Wrong: Hardcodes communication protocol -->
-## Input
-You receive a **Research Brief** from the team lead containing...
-
-## Output Format
-Send your sub-plan to the team lead via `SendMessage` with this structure:
-```
-
-```markdown
-<!-- Correct: Defines output structure without prescribing delivery mechanism -->
-## Output Format
-Structure your findings as:
-
-### Threat Model (STRIDE)
-| Threat | Applies? | Description | Mitigation |
-...
-```
-
-The output format itself is fine to define -- it provides structure. But how the agent receives input and delivers output should be left to the team lead.
-
-### 7. Context Window Isolation
-
-Each teammate has its own context window. Teammates do not share context and cannot see what other teammates have done. Account for this in agent design:
-
-- Do not assume the agent has seen previous analysis from other agents
-- Include enough domain knowledge in the agent file for independent operation
-- The team lead bridges context between agents via spawn prompts and messages
-
-### 8. File Ownership in Teams
-
-When agents work in teams, each teammate should own distinct files or directories. Two teammates editing the same file leads to conflicts and lost work.
-
-Design agent domains so their file ownership naturally separates:
-
-| Agent | Owns |
-|-------|------|
-| `implementer` | Source files (`src/`) |
-| `test-specialist` | Test files (`tests/`) |
-| `quality-specialist` | No files (read-only) |
-
-## Agent File Structure
-
-### Required Frontmatter
-
-```yaml
----
-name: agent-name           # lowercase with hyphens
-description: When and why to use this agent. Be specific.
-tools: Read, Grep, Glob     # comma-separated, minimal set
----
-```
-
-### Optional Frontmatter
-
-```yaml
-model: sonnet              # sonnet, opus, haiku, or inherit (default)
-permissionMode: default     # default, acceptEdits, plan, bypassPermissions, etc.
-maxTurns: 50               # limit agentic turns
-skills:                     # skills to preload
-  - skill-name
-memory: user                # persistent memory: user, project, or local
-```
-
-### Body Structure
-
-The markdown body becomes the agent's system prompt. Structure it as:
-
-1. **Role statement** -- one sentence describing what the agent is
-2. **Analysis/workflow process** -- numbered steps for the agent's approach
-3. **Output format** -- structure for findings (without prescribing delivery mechanism)
-4. **Rules/constraints** -- guardrails for the agent's behavior
-
-## Anti-Patterns
-
-### Don't Create Phase-Specific Agents
-
-```markdown
-<!-- Wrong: Two agents for the same domain, split by phase -->
-# Pre-Implementation Security Planner
-...
-# Post-Implementation Security Reviewer
-...
-
-<!-- Correct: One agent, team lead controls timing -->
-# Security Specialist
-...
-```
-
-### Don't Hardcode Workflow Dependencies
-
-```markdown
-<!-- Wrong: Agent assumes specific workflow context -->
-You are part of the plan-create Phase 2 team.
-Wait for the Research Brief from Phase 1.
-After your analysis, the Consistency Checker will validate your output.
-
-<!-- Correct: Agent is self-contained -->
-You are a security specialist who identifies vulnerabilities
-and recommends mitigations for code changes.
-```
-
-### Don't Over-Specify the Model
-
-Only set `model` when there's a clear reason. Most agents work well with `inherit` (the default), which uses the same model as the parent session. Use `haiku` for fast, simple tasks (exploration, search). Use `sonnet` or `opus` only when the domain requires stronger reasoning.
-
-## Verification Checklist
-
-Before committing an agent file, verify:
-
-1. **Description is specific** -- Claude can determine when to delegate from the description alone
-2. **Tools are minimal** -- only the tools the agent actually needs
-3. **No workflow coupling** -- no references to specific team structures, phases, or input formats
-4. **No hardcoded communication** -- no "send via SendMessage" or "given a Research Brief"
-5. **Domain is reusable** -- the agent works in planning, review, and ad-hoc contexts
-6. **Role statement is clear** -- first line of body explains what the agent is
-7. **Output format is defined** -- structured output without prescribing delivery

package/plugins/lisa-typescript/skills/git-commit/SKILL.md

@@ -1,48 +0,0 @@
----
-name: git-commit
-description: This skill should be used when creating conventional commits for current changes. It groups related changes into logical commits, ensures all files are committed, and verifies the working directory is clean afterward.
-allowed-tools: ["Bash"]
----
-
-# Git Commit Workflow
-
-Create conventional commits for current changes. Optional hint: $ARGUMENTS
-
-## Workflow
-
-### See what has changed
-
-!git status
-!git diff --stat
-
-### Apply these requirements
-
-1. **Branch Check**: If on `dev`, `staging`, or `main`, create a feature branch named after the changes
-2. **Commit Strategy**: Group related changes into logical conventional commits (feat, fix, chore, docs, etc.)
-3. **Commit ALL Files**: Every file must be assigned to a commit group - no file gets left out or unstaged
-4. **Commit Creation**: Stage and commit each group with clear messages
-5. **Verification**: Run `git status` to confirm working directory is clean - must show "nothing to commit"
-
-### Use conventional commit format
-
-- `feat:` for new features
-- `fix:` for bug fixes
-- `docs:` for documentation
-- `chore:` for maintenance
-- `style:` for formatting
-- `refactor:` for code restructuring
-- `test:` for test additions
-
-### Never
-
-- use `--no-verify` flag
-- attempt to bypass tests or quality checks
-- skip tests or quality checks
-- stash changes - ALL changes must be committed
-- skip or exclude any files from the commit - even if they're unrelated
-- leave uncommitted changes in the working directory
-- ask the user which files to commit - commit everything
-
-## Execute
-
-Execute the workflow now.

package/plugins/lisa-typescript/skills/git-commit-and-submit-pr/SKILL.md

@@ -1,8 +0,0 @@
----
-name: git-commit-and-submit-pr
-description: This skill should be used when creating conventional commits for current changes and then submitting the current branch as a pull request for code review. It combines the git:commit and git:submit-pr skills into a single workflow.
-allowed-tools: ["Bash"]
----
-
-1. Run /git-commit $ARGUMENTS
-2. Run /git-submit-pr $ARGUMENTS

package/plugins/lisa-typescript/skills/git-commit-submit-pr-and-verify/SKILL.md

@@ -1,7 +0,0 @@
----
-name: git-commit-submit-pr-and-verify
-description: This skill should be used when creating conventional commits for current changes and then submitting the current branch as a pull request for code review. And then verifying the pull request was approved.
-allowed-tools: ["Bash"]
----
-
-Run the /git-commit-and-submit-pr with $ARGUMENTS and set the PR to auto-merge. Fix any pre-commit or pre-push issues and then follow the pr, make sure all checks pass and comments are resolved or addressed. Fix anything that is broken and repeat.

package/plugins/lisa-typescript/skills/git-commit-submit-pr-deploy-and-verify/SKILL.md

@@ -1,7 +0,0 @@
----
-name: git-commit-submit-pr-deploy-and-verify
-description: This skill should be used when creating conventional commits for current changes and then submitting the current branch as a pull request for code review. And then verifying the pull request was approved. As well as making sure the resutling deploy succeeds.
-allowed-tools: ["Bash"]
----
-
-Run the /git-commit-submit-pr-and-verify with $ARGUMENTS. Once the merge is complete, follow the resulting deploy and fix anything that breaks with the deploy and then follow this process again with a new PR until the deploy succeeds.

package/plugins/lisa-typescript/skills/git-prune/SKILL.md

@@ -1,35 +0,0 @@
----
-name: git-prune
-description: This skill should be used when pruning local branches that have been deleted on the remote. It fetches remote changes, identifies stale local branches, and safely deletes them.
-allowed-tools: ["Bash"]
----
-
-# Git Prune Local Branches
-
-Remove local branches whose upstream tracking branches have been deleted on remote.
-
-## Workflow
-
-### Fetch and prune remote-tracking references
-
-!git fetch --prune
-
-### Find and delete stale local branches
-
-!git branch -vv | grep ': gone]' | awk '{print $1}'
-
-### Apply these requirements
-
-1. **Preview**: Show which branches will be deleted before deleting
-2. **Safe Delete**: Use `-d` (safe delete) which refuses to delete unmerged branches
-3. **Report**: Show summary of deleted branches
-
-### Never
-
-- Force delete (`-D`) without user confirmation
-- Delete the current branch
-- Delete protected branches (dev, staging, main)
-
-## Execute
-
-Execute the workflow now.

package/plugins/lisa-typescript/skills/git-submit-pr/SKILL.md

@@ -1,44 +0,0 @@
----
-name: git-submit-pr
-description: This skill should be used when pushing changes and creating or updating a pull request. It verifies the branch state, pushes to remote, creates or updates a PR with a comprehensive description, and enables auto-merge.
-allowed-tools: ["Bash", "mcp__github__create_pull_request", "mcp__github__get_pull_request", "mcp__github__update_pull_request"]
----
-
-# Submit Pull Request Workflow
-
-Push current branch and create or update a pull request. Optional hint: $ARGUMENTS
-
-## Workflow
-
-### Check current state
-
-!git status
-!git log --oneline -10
-
-### Apply these requirements
-
-1. **Branch Check**: Verify not on `dev`, `staging`, or `main` (cannot create PR from protected branches)
-2. **Commit Check**: Ensure all changes are committed before pushing
-3. **Push**: Push current branch to remote with `-u` flag and the following environment variable - GIT_SSH_COMMAND="ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=5"
-4. **PR Management**:
-   - Check for existing PR on this branch
-   - If exists: Update description with latest changes
-   - If not: Create PR with comprehensive description (not a draft)
-5. **Auto-merge**: Enable auto-merge on the PR using `gh pr merge --auto --merge`
-
-### PR Description Format
-
-Include in the PR description:
-
-- **Summary**: Brief overview of changes (1-3 bullet points)
-- **Test plan**: How to verify the changes work correctly
-
-### Never
-
-- use `--force` push without explicit user request
-- create PR from protected branches (dev, staging, main)
-- skip pushing before PR creation
-
-## Execute
-
-Execute the workflow now.

package/plugins/lisa-typescript/skills/jira-add-journey/SKILL.md

@@ -1,120 +0,0 @@
----
-name: jira-add-journey
-description: "Add a Validation Journey section to an existing JIRA ticket by analyzing the change type and generating appropriate verification steps with evidence markers."
----
-
-# Add Validation Journey to Existing JIRA Ticket
-
-Read an existing JIRA ticket, analyze the change type, and generate a Validation Journey section with appropriate verification steps based on the project's verification patterns.
-
-## Arguments
-
-`$ARGUMENTS`: `<TICKET_ID>`
-
-- `TICKET_ID` (required): JIRA ticket key (e.g., `PROJ-123`)
-
-## Prerequisites
-
-- `JIRA_API_TOKEN` environment variable set
-- `jira-cli` configured (`~/.config/.jira/.config.yml`)
-
-## Workflow
-
-### Step 1: Read the Ticket
-
-Use the Atlassian MCP or jira-cli to read the full ticket details:
-
-```bash
-jira issue view <TICKET_ID>
-```
-
-Extract: title, description, acceptance criteria, components, labels, linked tickets.
-
-### Step 2: Check for Existing Journey
-
-Run the parser to see if a Validation Journey already exists:
-
-```bash
-python3 .claude/skills/jira-journey/scripts/parse-plan.py <TICKET_ID> 2>&1
-```
-
-If the parser succeeds and returns steps, the ticket already has a journey. Report this to the user and stop.
-
-### Step 3: Analyze the Change Type
-
-Examine the ticket description, acceptance criteria, and codebase to determine the change type:
-
-1. **API/GraphQL changes** — New or modified endpoints, request/response schemas
-2. **Database migration** — Schema changes, new tables/columns, indexes
-3. **Background job/queue** — New job processors, queue consumers, event handlers
-4. **Library/utility** — Exported functions, shared modules, npm package changes
-5. **Security fix** — Auth, authorization, input validation, OWASP vulnerabilities
-6. **Authentication/authorization** — Role-based access, session management, tokens
-
-Use the Explore agent or read the codebase directly to understand which files are affected and what verification approach is appropriate.
-
-### Step 4: Map Change Type to Verification Pattern
-
-Based on the change type, generate verification steps using patterns from `verfication.md`:
-
-| Change Type | Verification Approach |
-|---|---|
-| API/GraphQL | curl commands verifying endpoints, status codes, response schemas |
-| Database migration | Migration execution + schema verification + rollback check |
-| Background job/queue | Enqueue + process + state change verification |
-| Library/utility | Test execution + build verification + export check |
-| Security fix | Exploit reproduction pre-fix + exploit failure post-fix |
-| Auth/authz | Multi-role verification with explicit status codes |
-
-### Step 5: Draft the Validation Journey
-
-Compose the journey with `[EVIDENCE: name]` markers at key verification points:
-
-```text
-h2. Validation Journey
-
-h3. Prerequisites
-- List required services, database, env vars
-
-h3. Steps
-1. Verify current state before changes
-2. Apply the change
-3. Verify expected new state [EVIDENCE: state-name]
-4. Test error/edge cases [EVIDENCE: error-case]
-5. Verify rollback if applicable [EVIDENCE: rollback]
-
-h3. Assertions
-- Describe what must be true after verification
-```
-
-### Guidelines for Drafting
-
-1. **2-5 evidence markers** — Focus on proving the change works and handles errors
-2. **Concrete, runnable steps** — "Run `curl -s localhost:3000/health | jq .status`" not "Check the endpoint"
-3. **Include environment setup** — Database connection, running services, env vars
-4. **Evidence names in kebab-case** — `api-response`, `schema-check`, `rate-limit-hit`
-5. **Assertions are measurable** — "Returns 200 with `{status: ok}`" not "API works correctly"
-6. **Cover happy path and error path** — At minimum, one success and one failure evidence marker
-
-### Step 6: Present to User for Approval
-
-Display the drafted Validation Journey to the user and ask for confirmation before appending it to the ticket.
-
-### Step 7: Append to Ticket Description
-
-After user approval, use the JIRA REST API to append the Validation Journey to the existing ticket description.
-
-### Step 8: Verify
-
-Run the parser again to confirm the journey was added correctly:
-
-```bash
-python3 .claude/skills/jira-journey/scripts/parse-plan.py <TICKET_ID>
-```
-
-## When to Use This Skill
-
-- Ticket was created before the Validation Journey convention was established
-- Ticket was created manually without following `jira-create` guidelines
-- Ticket needs a journey added or updated based on implementation progress
-- Before starting work on a ticket, to ensure verification steps are documented

package/plugins/lisa-typescript/skills/jira-create/SKILL.md

@@ -1,95 +0,0 @@
----
-name: jira-create
-description: This skill should be used when creating JIRA epics, stories, and tasks from code files or descriptions. It analyzes the provided input, determines the appropriate issue hierarchy, and creates issues with comprehensive quality requirements including test-first development and documentation.
-allowed-tools: ["Read", "Glob", "LS", "mcp__atlassian__createJiraIssue", "mcp__atlassian__getVisibleJiraProjects", "mcp__atlassian__getJiraProjectIssueTypesMetadata", "mcp__atlassian__getAccessibleAtlassianResources"]
----
-
-# Create JIRA Issues from $ARGUMENTS
-
-Analyze the provided file(s) and create a comprehensive JIRA hierarchy with all mandatory quality gates.
-
-## Process
-
-1. **Analyze**: Read $ARGUMENTS to understand scope
-2. **Determine Structure**:
-   - Epic needed if: multiple features, major changes, >3 related files
-   - Direct tasks if: bug fix, single file, minor change
-3. **Create Issues** with hierarchy:
-   ```
-   Epic → User Story → Tasks (test, implement, document, cleanup)
-   ```
-
-## Mandatory for Every Code Issue
-
-**Test-First**: Write tests before implementation
-**Quality Gates**: All tests/checks must pass, no SonarCloud violations
-**Documentation**: Check existing, update/create new, remove obsolete
-**Cleanup**: Remove temporary code, scripts, dev configs
-
-## Validation Journey
-
-Tickets that change runtime behavior should include a `Validation Journey` section in the description. This section is consumed by the `jira-journey` skill to automate verification.
-
-### When to Include
-
-Include a Validation Journey when the ticket involves:
-- API endpoint changes (new, modified, or removed routes)
-- Database schema changes (migrations, new columns, index changes)
-- Background job or queue processing changes
-- Library or utility function changes that affect exports
-- Security fixes (authentication, authorization, input validation)
-- Performance-critical changes requiring measurement
-
-### When to Skip
-
-Skip the Validation Journey for:
-- Documentation-only changes
-- Config-only changes (env vars, CI/CD, feature flags with no code)
-- Type-definition-only changes (interfaces, types, no runtime effect)
-
-### How to Write
-
-Design the journey based on the **change type**. The agent executing the journey determines how to verify each step using patterns from the project's `verfication.md`. Place `[EVIDENCE: name]` markers at key verification points.
-
-Add this section to the ticket description:
-
-```text
-h2. Validation Journey
-
-h3. Prerequisites
-- Local dev server running
-- Database accessible
-- Required environment variables set
-
-h3. Steps
-1. Verify the current state before changes
-2. Apply the change (run migration, deploy, etc.)
-3. Verify the expected new state [EVIDENCE: state-after-change]
-4. Test error/edge cases [EVIDENCE: error-handling]
-5. Verify rollback or cleanup if applicable [EVIDENCE: rollback-check]
-
-h3. Assertions
-- Describe what must be true after verification
-- Each assertion is verified against the captured evidence
-```
-
-### Guidelines
-
-1. **Steps must be concrete and verifiable** — "Run `curl -s localhost:3000/health`" not "Check the API"
-2. **Evidence markers at verification points** — Place `[EVIDENCE: name]` at states that prove the change works. Use descriptive kebab-case names (e.g., `api-response`, `schema-check`, `rate-limit-hit`)
-3. **Include 2-5 evidence markers** — Enough to prove the change works across happy path and error cases
-4. **Assertions are testable statements** — "Health check returns 200 with status ok" not "API works"
-5. **Prerequisites include environment setup** — Database connection, env vars, running services
-
-## Issue Requirements
-
-Each issue must clearly communicate to:
-
-- **Coding Assistants**: Implementation requirements
-- **Developers**: Technical approach
-- **Stakeholders**: Business value
-
-Default project: from jira-cli config (override via arguments)
-Exclude unless requested: migration plans, performance tests
-
-Execute the analysis and create the complete JIRA structure with proper parent-child relationships.

package/plugins/lisa-typescript/skills/jira-evidence/SKILL.md

@@ -1,73 +0,0 @@
----
-name: jira-evidence
-description: "Upload text evidence to GitHub pr-assets release, update PR description, post JIRA comment with code blocks, and move ticket to Code Review. Reusable by any skill that captures evidence and generates evidence/comment.txt + evidence/comment.md."
----
-
-# JIRA Evidence Posting
-
-Upload captured evidence and generated templates to GitHub PR description and JIRA ticket. This skill is the posting step — it assumes evidence files and comment templates already exist in the evidence directory.
-
-## Arguments
-
-`$ARGUMENTS`: `<TICKET_ID> <EVIDENCE_DIR> <PR_NUMBER>`
-
-- `TICKET_ID` (required): JIRA ticket key (e.g., `PROJ-123`)
-- `EVIDENCE_DIR` (required): Directory containing evidence and templates (e.g., `./evidence`)
-- `PR_NUMBER` (required): GitHub PR number to update description
-
-## Prerequisites
-
-- `JIRA_API_TOKEN` environment variable set
-- `jira-cli` configured (`~/.config/.jira/.config.yml`) — server and login are read from there
-- `gh` CLI authenticated
-- Evidence directory containing:
-  - `NN-name.txt` or `NN-name.json` text evidence files (e.g., `01-health-check.json`)
-  - `comment.txt` — JIRA wiki markup (generated by `generate-templates.py`)
-  - `comment.md` — GitHub markdown (generated by `generate-templates.py`)
-
-## Usage
-
-```bash
-bash .claude/skills/jira-evidence/scripts/post-evidence.sh <TICKET_ID> <EVIDENCE_DIR> <PR_NUMBER>
-```
-
-### Example
-
-```bash
-bash .claude/skills/jira-evidence/scripts/post-evidence.sh PROJ-123 ./evidence 42
-```
-
-## What It Does
-
-1. **Read JIRA config** — Reads `~/.config/.jira/.config.yml` to obtain `server` and `login` dynamically
-2. **Upload to GitHub `pr-assets` release** — Uploads evidence files via `gh release upload --clobber`
-3. **Update PR description** — Replaces or appends the `## Evidence` section in the PR body
-4. **Post JIRA comment** — Posts `comment.txt` as a new comment (wiki markup with code blocks)
-5. **Move ticket to Code Review** — Transitions the JIRA ticket
-
-## Evidence Naming Convention
-
-Text evidence files are named: `{NN}-{evidence-name}.txt` or `{NN}-{evidence-name}.json`
-
-```text
-evidence/
-  01-health-check.json          uploaded
-  02-schema-after-migration.txt uploaded
-  03-rate-limit-response.txt    uploaded
-  comment.txt                   used for JIRA comment
-  comment.md                    used for PR description
-```
-
-## Troubleshooting
-
-### Evidence not appearing in GitHub PR
-
-Evidence files must be in the `pr-assets` GitHub release. If the release does not exist:
-
-```bash
-gh release create pr-assets --title "PR Assets" --notes "CDN for PR evidence"
-```
-
-### JIRA API returns 403
-
-Ensure `JIRA_API_TOKEN` is set and `login` in `~/.config/.jira/.config.yml` matches your Atlassian account email.