@devran-ai/kit 4.1.0

package/.agent/workflows/pr.md

@@ -0,0 +1,184 @@
+---
+description: Production-grade PR creation with branch strategy validation, size/scope guards, pre-flight checks, and CI verification.
+version: 3.0.0
+sdlc-phase: ship
+skills: [git-workflow, pr-toolkit, verification-loop]
+commit-types: [feat, fix, refactor, perf, chore, docs, test]
+---
+
+# /pr — Production-Grade Pull Request Workflow
+
+> **Trigger**: `/pr [target]` (default: `main`) · `/pr --draft [target]`
+> **Lifecycle**: Ship — after `/preflight` readiness passes, before `/deploy`
+
+> Standards: See `rules/workflow-standards.md` (artifact discipline, conventional commits, branch strategy, governance)
+
+> [!CAUTION]
+> PR creation pushes code to remote and triggers CI pipelines. Run `/review` locally first. Never create PRs with unresolved conflicts or failing tests.
+
+---
+
+## Scope Filter
+
+| Commit Type | PR Mode | Gates Skipped |
+| :--- | :--- | :--- |
+| `feat`, `fix`, `refactor`, `perf` | Full (8 steps) | None |
+| `chore` | Lightweight | Step 3 (pre-flight) |
+| `docs` | Lightweight | Steps 3, 7 (pre-flight, CI) |
+| `test` | Lightweight | Step 3 runs test gate only |
+
+---
+
+## Critical Rules
+
+1. Detect branch strategy before validating target
+2. Sync with target branch before creating PR
+3. Run pre-flight `/review` locally before pushing
+4. Never create PR from `main`/`production` branches
+5. Never create PR with known conflicts — resolve first
+6. Atomic PRs — one logical unit of work per PR
+7. Size guard — XL (50+ files/1500+ LOC) must be split
+
+---
+
+## Steps
+
+### Step 1: Verify Branch State & Detect Strategy
+
+// turbo
+
+- If on `main`/`production` → **STOP**
+- If dirty working tree → prompt to commit or stash
+- Detect GitFlow vs Trunk-Based (check for `dev`/`develop` remote)
+- Validate target branch per strategy rules
+
+### Step 2: Sync with Target Branch
+
+// turbo
+
+```bash
+git fetch origin <target> && git merge origin/<target> --no-edit
+```
+
+If conflicts → resolve, commit as `merge: resolve conflicts with <target>`, re-run Step 3.
+
+### Step 2.5: Size & Scope Guard
+
+// turbo
+
+- Classify PR size (XS-M proceed, L warn, XL block)
+- Check scope coherence — detect mixed concerns and recommend splitting
+
+### Step 3: Run Pre-Flight Checks
+
+// turbo
+
+- Check `/preflight` scorecard (for feat/fix/refactor/perf)
+- Run `/review` pipeline (scope-filtered by commit type)
+- Fix any failures before proceeding
+
+### Step 4: Push to Remote
+
+```bash
+git push origin HEAD
+```
+
+### Step 5: Generate & Validate PR Title & Body
+
+// turbo
+
+**Title**: Parse from branch name → `type(scope): description`. Validate conventional format, imperative mood, <72 chars.
+
+**Body**: Populate from `git log` and `git diff --stat`. Include Summary, Changes, Test Plan, Breaking Changes, Related Issues sections.
+
+### Step 6: Create PR
+
+Pre-check for existing open PR on current branch.
+
+**2-tier fallback**:
+1. `gh pr create --title "<title>" --body "<body>" --base <target> [--draft]`
+2. If fails → provide pre-formatted title + body for manual browser paste
+
+### Step 7: Verify CI Pipeline
+
+Poll CI status via `gh pr checks`. Report each check. Note draft PRs may not trigger CI.
+
+### Step 8: Handle Results
+
+- All green → offer to assign reviewers, link issues
+- Any fail → read logs, suggest fix, re-run from Step 3
+
+---
+
+## PR Body Template
+
+```markdown
+## Summary
+[One-line from branch name and commits]
+
+## Changes
+### [Category from commit types]
+- [Change descriptions]
+
+## Test Plan
+- [x] Pre-flight `/review` passed locally
+- [x] Branch synced with `{target}` — no conflicts
+- [x] No secrets or PII in diff
+
+## Breaking Changes
+[None / list]
+
+## Related Issues
+[Closes #N]
+```
+
+---
+
+## Output Template
+
+```markdown
+## PR Created Successfully
+
+| Field | Value |
+| :--- | :--- |
+| PR | #[N] |
+| Title | [type(scope): description] |
+| Branch | [source] → [target] |
+| Status | [draft / ready] |
+| URL | [link] |
+
+### CI Status
+| Check | Status |
+| :--- | :--- |
+| [name] | Pass / Pending / Fail |
+
+**Next**: Wait for CI → `/deploy` when ready.
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** PRs from `main`/`production` · wrong target per strategy · unresolved conflicts · XL PRs without splitting · pushing without `/review` · non-conventional titles
+
+**REQUIRED:** Branch strategy detection · target validation · size/scope check · branch sync · local pre-flight · conventional title · structured body · CI verification
+
+---
+
+## Completion Criteria
+
+- [ ] Branch strategy detected and target validated
+- [ ] Working tree clean, target synced
+- [ ] Size classified, scope verified
+- [ ] Pre-flight passed (scope-filtered)
+- [ ] Pushed, PR created with structured body
+- [ ] CI monitored
+
+---
+
+## Related Resources
+
+- **Previous**: `/preflight` · `/review`
+- **Next**: `/deploy`
+- **Skills**: `.agent/skills/pr-toolkit/SKILL.md` · `.agent/skills/git-workflow/SKILL.md`
+- **Related**: `/pr-review` · `/pr-fix` · `/status`

package/.agent/workflows/preflight.md

@@ -0,0 +1,107 @@
+---
+description: Production readiness assessment with weighted scoring across 10 audit domains.
+version: 1.0.0
+sdlc-phase: verify
+skills: [production-readiness, verification-loop, security-practices]
+commit-types: [feat, fix, refactor, perf]
+---
+
+# /preflight — Production Readiness Assessment
+
+> **Trigger**: `/preflight [domain|flag]`
+> **Lifecycle**: Verify — after `/review`, before `/pr`
+
+> Standards: See `rules/workflow-standards.md`
+
+> [!CAUTION]
+> Production readiness gate. All critical domains must pass before `/pr` → `/deploy`.
+
+---
+
+## Critical Rules
+
+1. **Evidence-backed scoring** — every domain score must cite observable proof
+2. **Never bypass blockers** — blocker rule violations override total score
+3. **Human approval required** — Go/No-Go requires explicit user decision
+4. **Non-destructive** — checks do not modify source code
+5. **Fail-safe defaults** — unverifiable checks score 0, not assumed pass
+
+---
+
+## Argument Parsing
+
+| Command | Action |
+| :--- | :--- |
+| `/preflight` | Full scan — all 10 domains |
+| `/preflight [domain]` | Single domain focus |
+| `/preflight --quick` | Quick scan — D4 + D5 + D6 + D9 |
+| `/preflight --rescan` | Re-scan with delta comparison |
+
+**Domain aliases**: D1 tasks/roadmap, D2 journeys/ux, D3 implementation/tests, D4 code/quality/lint, D5 security/privacy, D6 config/env, D7 performance/perf, D8 docs, D9 infra/ci/pipeline, D10 observability/monitoring
+
+---
+
+## Steps
+
+// turbo
+1. **Project Detection** — detect type, stack, key files, deployment target, applicable domains
+
+// turbo
+2. **Domain Scanning** — for each domain: load skill, execute sub-checks, record evidence, calculate score, classify findings (Critical/High/Medium/Low)
+
+// turbo
+3. **Scoring** — apply blocker rules (any domain=0 → Not Ready, D5<50% → Not Ready, D4<50% → minimum), calculate total, determine verdict (>=85 Ready, 70-84 Conditional, <70 Not Ready)
+
+4. **Go/No-Go** — present scorecard, highlight critical findings, wait for user decision
+
+---
+
+## Output Template
+
+```markdown
+# Production Readiness Scorecard
+
+> Project: [name] · Date: [date] · Mode: [mode]
+
+| Score | Status | Decision |
+| :--- | :--- | :--- |
+| [XX/100] | [status] | [recommendation] |
+
+## Domain Scores
+| Domain | Score | Status | Key Finding |
+| :--- | :--- | :--- | :--- |
+| D1-D10 | X/max | [emoji] | [summary] |
+
+## Blocker Check
+| Rule | Result |
+| :--- | :--- |
+| Zero Domain / Security Floor / Quality Floor | PASS/FAIL |
+
+## Findings (Critical → High → Medium)
+- [finding with evidence and remediation]
+
+Verdict: [score]/100 — [status]. Run `/preflight --rescan` after fixes.
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Auto-deploying on pass · skipping blocker evaluation · fabricating evidence · modifying project files
+
+**REQUIRED:** Evidence per sub-check · blocker evaluation before score · human approval · severity classification
+
+---
+
+## Completion Criteria
+
+- [ ] Project detected, domains scanned with evidence
+- [ ] Blocker rules evaluated, scores calculated
+- [ ] Scorecard presented, user made Go/No-Go decision
+
+---
+
+## Related Resources
+
+- **Previous**: `/review` · **Next**: `/pr`
+- **Skills**: `.agent/skills/production-readiness/SKILL.md` · `.agent/skills/verification-loop/SKILL.md`

package/.agent/workflows/preview.md

@@ -0,0 +1,95 @@
+---
+description: Preview server management. Start, stop, and check local development server.
+version: 2.1.0
+sdlc-phase: build
+skills: [shell-conventions]
+commit-types: [chore]
+---
+
+# /preview — Preview Server Management
+
+> **Trigger**: `/preview [sub-command]`
+> **Lifecycle**: Build — during development
+
+> Standards: See `rules/workflow-standards.md`
+
+---
+
+## Critical Rules
+
+1. Auto-detect project type from config files
+2. Handle port conflicts gracefully
+3. No background orphans — track and provide stop commands
+4. Platform-aware (web, mobile, API)
+
+---
+
+## Argument Parsing
+
+| Command | Action |
+| :--- | :--- |
+| `/preview` | Show status |
+| `/preview start` | Start dev server |
+| `/preview stop` | Stop server |
+| `/preview restart` | Restart server |
+
+---
+
+## Steps
+
+// turbo
+1. **Detect Type** — scan config files, determine command and port
+
+// turbo
+2. **Check State** — server running? Port available? Dependencies installed?
+
+3. **Execute** — start/stop/restart/status
+
+4. **Port Conflicts** — offer alternate port, close conflict, or custom port
+
+---
+
+## Project Detection
+
+| Type | Config | Command | Port |
+| :--- | :--- | :--- | :--- |
+| Next.js | `next.config.*` | `npm run dev` | 3000 |
+| Vite | `vite.config.*` | `npm run dev` | 5173 |
+| Expo | `app.json` | `npx expo start` | 8081 |
+| NestJS | `nest-cli.json` | `npm run start:dev` | 3000 |
+| Django | `manage.py` | `python manage.py runserver` | 8000 |
+| FastAPI | `main.py` | `uvicorn main:app --reload` | 8000 |
+
+---
+
+## Output Template
+
+```markdown
+## Preview Server
+
+- **Type**: [framework]
+- **URL**: http://localhost:[port]
+- **Status**: Running / Stopped
+
+Stop: `/preview stop` · Restart: `/preview restart`
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Starting without detection · orphaned processes · auto-running without awareness
+
+**REQUIRED:** Project detection · port conflict resolution · clean process management
+
+---
+
+## Completion Criteria
+
+- [ ] Project detected, server managed correctly
+
+---
+
+## Related Resources
+
+- **Cross-cutting**: Available during any Build phase

package/.agent/workflows/quality-gate.md

@@ -0,0 +1,103 @@
+---
+description: Pre-task research and validation protocol. Market research, gap analysis, and ethics review before implementation.
+version: 2.1.0
+sdlc-phase: discover
+skills: [brainstorming]
+commit-types: [docs, chore]
+---
+
+# /quality-gate — Pre-Task Research & Validation
+
+> **Trigger**: `/quality-gate` — before implementation of new features or refactors
+> **Lifecycle**: Before `/plan` — research informs planning
+
+> Standards: See `rules/workflow-standards.md`
+
+---
+
+## Critical Rules
+
+1. No implementation without validated research
+2. All claims backed by market data or competitor analysis
+3. Ethics gate — privacy, bias, automation risks evaluated
+4. Approval required before proceeding
+
+---
+
+## Scope Filter
+
+Required for `feat()` and `refactor()`. Skip for fix, chore, docs, test.
+
+---
+
+## Steps
+
+// turbo
+1. **Market Research** — survey 5+ market leaders for the feature domain
+
+// turbo
+2. **Comparative Analysis** — produce comparison table (approach, AI/ML, UX, automation, privacy)
+
+// turbo
+3. **Gap Detection** — where product meets/exceeds/falls-below market. Reject harmful/deceptive patterns.
+
+// turbo
+4. **Enhancement Strategy** — how product improves on baseline (transparency, ethics, user-centric, data sovereignty, accuracy)
+
+// turbo
+5. **Ethics & Safety** — GDPR, AI bias, automation safety, user autonomy, mitigations
+
+// turbo
+6. **Research Summary** — compile key insights, risks, proposed solution, dependencies
+
+7. **Present for Approval** — implementation blocked until explicit approval. Then proceed to `/plan`.
+
+---
+
+## Rejection Triggers
+
+Reject if: no market research, harmful patterns, below market standard, unmitigated risks, no research justification.
+
+---
+
+## Output Template
+
+```markdown
+# Quality Gate Report: [Feature]
+
+## Market Research (5+ competitors)
+| Competitor | Approach | AI/ML | UX | Automation | Privacy |
+
+## Gap Analysis
+| Area | Current | Market Standard | Gap? |
+
+## Enhancement Strategy
+## Ethics & Safety Review
+## Verdict: Approved / Rejected — [reasoning]
+
+After approval: proceed to `/plan`.
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Implementing without research · skipping competitors · ignoring ethics · proceeding without approval
+
+**REQUIRED:** 5+ competitors analyzed · enhancement documented · risks mitigated · approval received
+
+---
+
+## Completion Criteria
+
+- [ ] Market research completed (5+ competitors)
+- [ ] Gap analysis and enhancement strategy defined
+- [ ] Ethics review completed
+- [ ] Approved by Product Owner
+
+---
+
+## Related Resources
+
+- **Previous**: `/brainstorm` · **Next**: `/plan`
+- **Skill**: `.agent/skills/brainstorming/SKILL.md`

package/.agent/workflows/retrospective.md

@@ -0,0 +1,100 @@
+---
+description: Tier-1 Retrospective Quality Audit — full product, architecture, and pipeline review against market standards
+version: 2.1.0
+sdlc-phase: evaluate
+skills: [verification-loop]
+commit-types: [docs, chore]
+---
+
+# /retrospective — Tier-1 Retrospective Quality Audit
+
+> **Trigger**: `/retrospective` or `/tier1-audit`
+> **Lifecycle**: After sprint/milestone completion — feeds next sprint's `/plan`
+
+> Standards: See `rules/workflow-standards.md`
+
+> [!CAUTION]
+> Do NOT defend previous decisions by default, minimize issues, or optimize for speed over correctness.
+
+---
+
+## Critical Rules
+
+1. No defense bias — evaluate with fresh eyes
+2. No minimization — report all issues at true severity
+3. Evidence required — every classification must be backed by data
+4. Structural over cosmetic — prefer foundational improvements
+5. Market-grade bar — compare against Google/Meta/Apple standards
+
+---
+
+## Audit Scope
+
+Cover all applicable domains (skip unimplemented):
+Architecture, Code Quality, Security & Privacy, Performance, Testing, Documentation, CI/CD, UX/Accessibility
+
+---
+
+## Steps
+
+// turbo
+1. **Inventory** — catalog project docs, task tracking, git log, ADRs, feature specs
+
+// turbo
+2. **Market Benchmark** — evaluate each feature against market leaders
+
+// turbo
+3. **Outdated Pattern Detection** — legacy assumptions, deprecated libraries, anti-patterns
+
+// turbo
+4. **Tier-1 Validation** — would it pass Google/Meta/Apple review? Shortcuts? Missing edge cases?
+
+// turbo
+5. **Ethics & Safety** — AI bias, automation transparency, GDPR, human-in-the-loop
+
+// turbo
+6. **Differentiation Alignment** — quality>volume, measurable outcomes, ethical automation
+
+// turbo
+7. **Classification** — Tier-1 Compliant / Partially Compliant / Non-Compliant with action plans
+
+---
+
+## Output Template
+
+```markdown
+# Tier-1 Retrospective Audit Report
+
+> Date: [date] · Sprint: [N]
+
+## Executive Summary
+## Compliance Classification (per area)
+## Gaps & Risks
+## Revision Recommendations
+## Priority Matrix
+| Priority | Issue | Impact | Effort |
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Defending past decisions by default · minimizing issues · marking compliant without evidence · skipping domains
+
+**REQUIRED:** Rigorous analysis · market-grade bar · revisions for non-compliant areas · actionable recommendations
+
+---
+
+## Completion Criteria
+
+- [ ] All domains analyzed and classified
+- [ ] Gaps documented with evidence
+- [ ] Priority matrix populated
+- [ ] Audit report delivered
+
+---
+
+## Related Resources
+
+- **Next**: `/plan` (findings feed next sprint)
+- **Related**: `/quality-gate` · `/review`

package/.agent/workflows/review.md

@@ -0,0 +1,104 @@
+---
+description: Code review workflow. Sequential quality gate pipeline — lint, type-check, test, security scan, and build verification.
+version: 2.1.0
+sdlc-phase: verify
+skills: [verification-loop]
+commit-types: [fix, refactor]
+---
+
+# /review — Code Review Quality Gate
+
+> **Trigger**: `/review` (full) · `/review lint` · `/review tests` · `/review security` · `/review build`
+> **Lifecycle**: After implementation, before `/pr`
+
+> Standards: See `rules/workflow-standards.md`
+
+> [!CAUTION]
+> Sequential gate pipeline — each step must pass before proceeding. No overrides.
+
+---
+
+## Scope Filter
+
+Full review for feat, fix, refactor. Gate 3 only for test. Skip docs, chore.
+
+---
+
+## Critical Rules
+
+1. Sequential — each gate must pass before next
+2. Stop on failure — show error + fix suggestion
+3. No overrides — failed gates block merge
+4. Full-stack scanning
+
+---
+
+## Pipeline Gates
+
+Execute IN ORDER. Stop at first failure.
+
+### Gate 1: Lint
+// turbo
+```bash
+npm run lint  # or ruff check . / cargo clippy
+```
+
+### Gate 2: Type Check
+// turbo
+```bash
+npx tsc --noEmit  # or mypy .
+```
+
+### Gate 3: Tests
+// turbo
+```bash
+npm test  # or pytest / cargo test
+```
+
+### Gate 4: Security Scan
+// turbo
+```bash
+npm audit --audit-level=moderate  # or pip-audit / cargo audit
+```
+
+### Gate 5: Build
+// turbo
+```bash
+npm run build  # or python -m build / cargo build --release
+```
+
+---
+
+## Output Template
+
+```markdown
+## Review Complete
+
+| Gate | Status | Duration |
+| :--- | :--- | :--- |
+| Lint / Type Check / Tests / Security / Build | Pass/Fail | {time} |
+
+**Verdict**: Ready for commit / Failed at Gate {N}
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Skipping gates · overriding failures · merging without all passing
+
+**REQUIRED:** All gates for merge-ready code · document results · fix before re-run
+
+---
+
+## Completion Criteria
+
+- [ ] All gates executed, zero failures
+- [ ] Results documented
+
+---
+
+## Related Resources
+
+- **Previous**: `/test` · **Next**: `/preflight` · `/pr`
+- **Skill**: `.agent/skills/verification-loop/SKILL.md`