@devran-ai/kit 4.1.0

package/.agent/workflows/status.md

@@ -0,0 +1,89 @@
+---
+description: Display project and progress status. Current state overview.
+version: 2.1.0
+sdlc-phase: cross-cutting
+skills: [verification-loop]
+commit-types: [chore]
+---
+
+# /status — Project Status Overview
+
+> **Trigger**: `/status [sub-command]`
+> **Lifecycle**: Cross-cutting — any SDLC phase
+
+> Standards: See `rules/workflow-standards.md`
+
+> [!NOTE]
+> Read-only workflow. Gathers and displays data without modifying anything.
+
+---
+
+## Critical Rules
+
+1. Accurate live data — never cached
+2. Always include health checks
+3. Non-destructive — never modify files or state
+
+---
+
+## Argument Parsing
+
+| Command | Action |
+| :--- | :--- |
+| `/status` | Full report |
+| `/status brief` | One-line summary |
+| `/status health` | Build, tests, server only |
+| `/status git` | Branch, changes, commits only |
+
+---
+
+## Steps
+
+// turbo
+1. **Project** — name, path, type, stack
+
+// turbo
+2. **Git** — branch, last commit, uncommitted changes, ahead/behind
+
+// turbo
+3. **Progress** — read ROADMAP/tasks, count completed/in-progress/pending
+
+// turbo
+4. **Health** — build status, test status, server status
+
+// turbo
+5. **Statistics** — files created/modified, recent changes
+
+---
+
+## Output Template
+
+```markdown
+## Project Status
+
+- **Project**: [name] · [stack]
+- **Branch**: [name] · [changes]
+- **Health**: Build/Tests/Server status
+- **Progress**: [completed]/[total] tasks
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Modifying files · reporting stale data · skipping health checks
+
+**REQUIRED:** Live data · health checks · accurate progress
+
+---
+
+## Completion Criteria
+
+- [ ] Project, git, health, progress reported accurately
+
+---
+
+## Related Resources
+
+- **Cross-cutting**: Available at any phase
+- **Related**: `/retrospective` · `/deploy`

package/.agent/workflows/test.md

@@ -0,0 +1,98 @@
+---
+description: Write and run tests systematically.
+version: 2.1.0
+sdlc-phase: verify
+skills: [testing-patterns, webapp-testing]
+commit-types: [test]
+---
+
+# /test — Systematic Test Writing & Execution
+
+> **Trigger**: `/test [scope]`
+> **Lifecycle**: Verify — after implementation, before `/review`
+
+> Standards: See `rules/workflow-standards.md`
+
+---
+
+## Critical Rules
+
+1. **AAA pattern** — Arrange-Act-Assert for all tests
+2. **Coverage >=80%** on new code
+3. No `skip`/`xit`/`xdescribe` in committed code
+4. Descriptive names: "should [behavior] when [condition]"
+5. Always test edge cases, null/undefined, error paths
+6. Stack-agnostic — detect project stack, use appropriate framework
+
+---
+
+## Scope Filter
+
+Run tests for feat, fix, refactor, test. Skip docs, chore.
+
+---
+
+## Steps
+
+// turbo
+1. **Identify Scope** — what to test, test type, critical paths
+
+// turbo
+2. **Detect Framework** — scan for jest/vitest/pytest/cargo config
+
+// turbo
+3. **Analyze Coverage** — run report, identify gaps, prioritize
+
+4. **Write Tests** — AAA pattern, descriptive names, happy + edge + error paths, mock externals
+
+// turbo
+5. **Run & Verify** — execute suite, verify all pass, check >=80% coverage
+
+---
+
+## Multi-Stack Commands
+
+| Stack | Test | Coverage |
+| :--- | :--- | :--- |
+| Node/Jest | `npm test` | `npm run test:coverage` |
+| Node/Vitest | `npx vitest` | `npx vitest --coverage` |
+| Python | `pytest` | `pytest --cov` |
+| Rust | `cargo test` | `cargo tarpaulin` |
+| Go | `go test ./...` | `go test -coverprofile=cover.out` |
+
+---
+
+## Output Template
+
+```markdown
+## Test Results: [Scope]
+
+| Metric | Value |
+| :--- | :--- |
+| Total / Passing / Failing / Coverage | [values] |
+
+**Next**: `/review` for quality gates.
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Committed skip annotations · below 80% without justification · happy-path-only testing
+
+**REQUIRED:** AAA pattern · coverage report · descriptive names · stack-appropriate framework
+
+---
+
+## Completion Criteria
+
+- [ ] Tests written (AAA, descriptive names)
+- [ ] All passing, coverage >=80%
+- [ ] Edge cases and error paths covered
+
+---
+
+## Related Resources
+
+- **Next**: `/review`
+- **Skills**: `.agent/skills/testing-patterns/SKILL.md` · `.agent/skills/webapp-testing/SKILL.md`

package/.agent/workflows/ui-ux-pro-max.md

@@ -0,0 +1,93 @@
+---
+description: Premium UI/UX design and implementation workflow.
+version: 2.1.0
+sdlc-phase: build
+skills: [ui-ux-pro-max, frontend-patterns, mobile-design]
+commit-types: [feat, refactor]
+---
+
+# /ui-ux-pro-max — Premium UI/UX Design & Implementation
+
+> **Trigger**: `/ui-ux-pro-max [description]`
+> **Lifecycle**: Build — UI/design implementation
+
+> Standards: See `rules/workflow-standards.md`
+
+> [!IMPORTANT]
+> Visual excellence required. No generic, template-like, or "AI-slop" designs.
+
+---
+
+## Critical Rules
+
+1. **Anti-AI-slop** — no generic gradients, default border-radius, cookie-cutter layouts
+2. Premium aesthetics — curated HSL palettes, modern typography, smooth micro-animations
+3. WCAG 2.1 AA compliance mandatory
+4. Performance-first — 60fps animations, optimized images, minimal layout shifts
+5. Mobile-first responsive design
+6. Design system coherence — use existing tokens or create consistent ones
+
+---
+
+## Steps
+
+// turbo
+1. **Design System Audit** — check existing palette, typography, spacing, component library, CSS variables
+
+// turbo
+2. **Requirements** — what's being designed, target mood/aesthetic, brand guidelines
+
+3. **Implementation** — semantic HTML, palette + typography, spacing + hierarchy, responsive breakpoints
+
+4. **Polish** — hover/focus states, transitions, loading/skeleton states, 60fps animations
+
+5. **Accessibility** — contrast (>=4.5:1 text, >=3:1 large), keyboard nav, ARIA, `prefers-reduced-motion`
+
+---
+
+## Design Reference
+
+```css
+/* Curated palette */ --primary: hsl(230, 70%, 55%); --surface: hsl(230, 20%, 10%);
+/* Typography */ --font-display: "Inter", "Outfit", system-ui; --font-mono: "JetBrains Mono", monospace;
+/* Effects */ backdrop-filter: blur(12px); box-shadow: 0 4px 24px rgba(0,0,0,0.12);
+/* Breakpoints */ @media (min-width: 640/768/1024/1280px)
+```
+
+---
+
+## Output Template
+
+```markdown
+## UI/UX: [Component/Page]
+
+- **Palette/Typography/Style**: [details]
+- **Files**: [created/modified]
+- **Accessibility**: contrast/keyboard/screen-reader/reduced-motion
+- **Responsive**: mobile/tablet/desktop
+
+**Next**: `/preview` or `/test`
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** Generic designs · default browser colors/fonts · ignoring accessibility · hardcoded pixels without responsive
+
+**REQUIRED:** Curated palettes · modern typography · WCAG 2.1 AA · mobile-first · micro-animations
+
+---
+
+## Completion Criteria
+
+- [ ] Design system audited
+- [ ] Premium implementation with accessibility
+- [ ] Responsive across breakpoints
+
+---
+
+## Related Resources
+
+- **Skill**: `.agent/skills/ui-ux-pro-max/SKILL.md`
+- **Next**: `/preview` · `/test`

package/.agent/workflows/upgrade.md

@@ -0,0 +1,97 @@
+---
+description: Non-destructive Devran AI Kit framework upgrade with preservation verification.
+version: 1.0.0
+sdlc-phase: maintenance
+skills: [verification-loop]
+commit-types: [chore]
+---
+
+# /upgrade — Framework Upgrade
+
+> **Trigger**: `/upgrade [sub-command]`
+> **Lifecycle**: Maintenance — when new kit version available
+
+> Standards: See `rules/workflow-standards.md`
+
+> [!CAUTION]
+> Upgrades modify `.agent/` files. Preservation Contract protects user state. Always verify after upgrade.
+
+---
+
+## Critical Rules
+
+1. Non-destructive only — use `kit update`, never `init --force`
+2. Preservation Contract — user state (rules, checklists, sessions, decisions, contexts, identity) must survive
+3. Always run `kit verify` post-upgrade
+4. Human confirmation required before executing upgrade
+
+---
+
+## Argument Parsing
+
+| Command | Action |
+| :--- | :--- |
+| `/upgrade` | Interactive — detect, preview, apply, verify |
+| `/upgrade --dry-run` | Preview only |
+| `/upgrade --verify-only` | Post-upgrade verification only |
+
+---
+
+## Steps
+
+// turbo
+1. **Pre-Upgrade** — check current version, verify clean working tree, record HEAD for rollback
+
+// turbo
+2. **Preservation Snapshot** — verify all protected items exist, record checksums
+
+3. **Execute Upgrade** — `kit update` (requires user approval)
+
+// turbo
+4. **Verify Integrity** — `kit verify`, confirm preserved items intact
+
+// turbo
+5. **Report** — version change, new capabilities, preservation compliance
+
+---
+
+## Output Template
+
+```markdown
+## Upgrade Complete
+
+| Field | Value |
+| :--- | :--- |
+| Previous / New Version | [versions] |
+| Preservation Contract | Intact |
+| Manifest Verify | Passed |
+
+### New Capabilities
+| Type | Added | Details |
+
+**Next**: `/status` for health check.
+```
+
+---
+
+## Governance
+
+**PROHIBITED:** `init --force` for routine upgrades · modifying preserved files · skipping verification · auto-executing without confirmation
+
+**REQUIRED:** Clean working tree · preservation snapshot · `kit verify` after upgrade · human approval
+
+---
+
+## Completion Criteria
+
+- [ ] Version identified, working tree clean
+- [ ] Preservation snapshot taken
+- [ ] Upgrade executed, `kit verify` passed
+- [ ] All preserved items intact, report delivered
+
+---
+
+## Related Resources
+
+- **Rule**: `.agent/rules/agent-upgrade-policy.md`
+- **Next**: `/status`

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Emre Dursun
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,218 @@
+# Devran AI Kit
+
+[![Version](https://img.shields.io/badge/version-4.1.0-blue.svg)](https://github.com/devran-ai/kit)
+[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
+[![Tests](https://img.shields.io/badge/tests-382%20passing-brightgreen.svg)](tests/)
+[![Dependencies](https://img.shields.io/badge/dependencies-0-brightgreen.svg)](package.json)
+[![AI Agents](https://img.shields.io/badge/AI%20Agents-23-purple.svg)](.agent/agents/)
+[![Skills](https://img.shields.io/badge/Skills-34-orange.svg)](.agent/skills/)
+
+> Trust-Grade AI Development Framework — Zero dependencies. 23 agents. 34 skills. 21 workflows. One command.
+
+## Why Devran AI Kit?
+
+- **Not a prompt collection** — 31-module zero-dependency runtime engine with workflow state machine, circuit breaker, error budget, and self-healing CI
+- **Trust-grade governance** — Immutable operating constraints enforced through a 7-phase SDLC (IDLE > EXPLORE > PLAN > IMPLEMENT > VERIFY > CHECKPOINT > REVIEW > DEPLOY)
+- **Intelligent agent system** — 23 specialized agents with reputation scoring, domain-aware routing, and on-demand loading via keyword matching
+- **Cross-IDE support** — One `kit init` configures Claude Code, Antigravity, Cursor, OpenCode, and Codex from a single manifest source of truth
+
+## Comparison
+
+| Capability | Prompt Files | Rule Collections | **Devran AI Kit** |
+|---|---|---|---|
+| Agent orchestration | Manual | Manual | 23 agents with reputation scoring |
+| Workflow governance | None | None | 7-phase SDLC state machine |
+| Session persistence | None | None | Full state across restarts |
+| Self-healing CI | None | None | Auto-diagnoses and patches failures |
+| Cross-IDE support | Single IDE | Single IDE | 5 IDEs from one source of truth |
+| Plugin marketplace | None | None | Trust-verified skill marketplace |
+| Test suite | None | None | 382+ tests with security validation |
+| Runtime dependencies | Varies | Varies | **Zero** |
+
+## Quick Start
+
+### Option 1: Create New Project (Recommended)
+
+```bash
+npx create-kit-app my-project
+npx create-kit-app my-api --template node-api
+npx create-kit-app my-app --template nextjs
+```
+
+Creates a new project with `.agent/` pre-configured. Templates: `minimal`, `node-api`, `nextjs`.
+
+### Option 2: Add to Existing Project
+
+```bash
+npx @devran-ai/kit init
+```
+
+### Updating
+
+```bash
+kit update              # Non-destructive — preserves your customizations
+kit update --dry-run    # Preview changes without applying
+```
+
+> Prefer `kit update` over `kit init --force`. The update command preserves your session data, ADRs, learning contexts, and customizations. Use `init --force` only for clean reinstalls.
+
+### Verify Installation
+
+```bash
+kit verify    # Manifest integrity check
+kit scan      # Security scan
+```
+
+## Architecture
+
+| Component | Count | Purpose |
+|---|---|---|
+| Agents | 23 | Specialized AI agents with reputation scoring and domain routing |
+| Skills | 34 | Domain knowledge modules loaded on demand via keyword matching |
+| Commands | 37 | Slash commands for IDE interaction (`/plan`, `/implement`, `/verify`) |
+| Workflows | 21 | Process templates with quality gates and phase enforcement |
+| Runtime Modules | 31 | Engine components (state machine, circuit breaker, plugin system) |
+| Rules | 10 | Governance constraints (security, coding style, testing, git) |
+| Checklists | 4 | Verification checklists (pre-commit, deployment, review, release) |
+| Hooks | 8 | Lifecycle events (session start/end, phase transition, task complete) |
+
+### Workflow State Machine
+
+```
+IDLE -> EXPLORE -> PLAN -> IMPLEMENT -> VERIFY -> CHECKPOINT -> REVIEW -> DEPLOY
+```
+
+Each phase requires explicit developer approval before transitioning. The engine enforces governance rules and tracks session state across restarts.
+
+## What's New in v4.1.0
+
+| Change | Details |
+|---|---|
+| Cross-IDE support | Cursor, OpenCode, Codex, Antigravity — all from one manifest |
+| Multi-language reviewers | TypeScript, Python, Go dedicated review agents |
+| Continuous learning | Confidence scoring with time-based decay model |
+| MCP server templates | GitHub, Supabase, Vercel, PostgreSQL, Filesystem |
+| Test coverage | 382 tests (up from 348) across 36 test suites |
+
+## Cross-IDE Support
+
+| IDE | Config Path | Format |
+|---|---|---|
+| Claude Code | `.agent/` | Native |
+| Antigravity | `.agent/` | Native |
+| Cursor | `.cursor/rules/` | YAML frontmatter + Markdown |
+| OpenCode | `.opencode/` | JSON |
+| Codex | `.codex/` | TOML |
+
+All generated automatically by `kit init`.
+
+## CLI Reference
+
+| Command | Description | Key Flags |
+|---|---|---|
+| `kit init` | Install `.agent/` framework into project | `--force`, `--path <dir>` |
+| `kit update` | Non-destructive framework update | `--dry-run` |
+| `kit status` | Dashboard with capabilities and metrics | — |
+| `kit verify` | Manifest integrity and structure checks | — |
+| `kit scan` | Security scan (secrets, injection patterns) | — |
+| `kit plugin` | Plugin management | `list`, `install`, `remove` |
+| `kit market` | Marketplace integration | `search`, `info`, `install` |
+| `kit heal` | CI failure detection and auto-fix | `--file <path>`, `--apply` |
+| `kit health` | Aggregated health check | — |
+
+## Safety Guarantees
+
+Devran AI Kit is designed to **never touch your project files**. All operations are scoped to the `.agent/` directory.
+
+| Your Project Files | Safe? | Details |
+|---|---|---|
+| Source code (`src/`, `lib/`, `app/`) | Never touched | Init/update only operates on `.agent/` |
+| Config files (`.env`, `package.json`) | Never touched | No project config is read or written |
+| Documentation (`docs/`, `README.md`) | Never touched | Only `.agent/` docs are managed |
+| Tests (`tests/`, `__tests__/`) | Never touched | Kit tests are internal to the package |
+| Platform files (`android/`, `ios/`) | Never touched | No platform-specific operations |
+
+`init --force` safety features:
+
+- **Auto-backup** — Creates timestamped backup of existing `.agent/` before overwriting
+- **Atomic copy** — Uses temp directory + rename to prevent corruption on failure
+- **Symlink guard** — Skips symbolic links to prevent path traversal attacks
+- **Session warning** — Alerts if active work-in-progress would be destroyed
+- **Dry-run preview** — `--dry-run --force` shows exactly which user files would be overwritten
+
+`update` preserved files:
+
+- `session-context.md` — Your active session notes
+- `session-state.json` — Your session metadata
+- `decisions/` — Your Architecture Decision Records
+- `contexts/` — Your learning data and plan quality logs
+- `rules/` — Your custom governance rules
+- `checklists/` — Your custom quality gates
+
+## Agents (23)
+
+| Category | Agents |
+|---|---|
+| **Core Development** | Architect, Code Reviewer, TDD Guide, Planner |
+| **Language Reviewers** | TypeScript Reviewer, Python Reviewer, Go Reviewer |
+| **Domain Specialists** | Frontend Specialist, Backend Specialist, Mobile Developer, Database Architect, DevOps Engineer |
+| **Quality & Security** | Security Reviewer, E2E Runner, Performance Optimizer, Reliability Engineer |
+| **Support & Intelligence** | Doc Updater, Build Error Resolver, Refactor Cleaner, Explorer Agent, Knowledge Agent |
+| **Autonomy** | PR Reviewer, Sprint Orchestrator |
+
+## Operating Constraints
+
+| Principle | Description |
+|---|---|
+| Trust > Optimization | User trust is never sacrificed for metrics |
+| Safety > Growth | User safety overrides business goals |
+| Explainability > Performance | Understandable AI beats faster AI |
+| Completion > Suggestion | Finish current work before proposing new |
+| Consistency > Speed | All affected files updated, not just target |
+
+## Repository Structure
+
+```
+kit/
+├── .agent/                 # Framework directory (installed to projects)
+│   ├── agents/             # 23 specialized agent definitions
+│   ├── skills/             # 34 domain knowledge modules
+│   ├── commands/           # 37 slash command definitions
+│   ├── workflows/          # 21 workflow templates
+│   ├── rules/              # 10 governance constraints
+│   ├── checklists/         # 4 lifecycle quality gates
+│   ├── engine/             # Runtime config (loading-rules, MCP templates)
+│   ├── decisions/          # Architecture Decision Records
+│   └── manifest.json       # Definitive capability inventory
+├── lib/                    # 31 runtime modules (zero dependencies)
+├── bin/kit.js              # CLI entry point
+├── create-kit-app/         # Project scaffolder
+├── docs/                   # MkDocs documentation site
+├── examples/               # Starter examples (minimal, full-stack)
+└── tests/                  # 382 tests (unit, structural, security)
+```
+
+## Security
+
+Secret detection covers API keys, tokens, AWS credentials, and private keys. The scanner checks for prompt injection patterns, path traversal attempts, and symlink abuse. Plugins are verified with SHA-256 checksums before installation.
+
+## Documentation
+
+Full documentation: [devran-ai.github.io/kit](https://devran-ai.github.io/kit/)
+
+## Contributing
+
+Fork the repo, create a feature branch, add tests, and open a PR. See [CONTRIBUTING.md](CONTRIBUTING.md) for branch strategy and code standards.
+
+```bash
+git clone https://github.com/devran-ai/kit.git
+cd kit && npm install && npm test
+```
+
+## Author
+
+**Emre Dursun** — [LinkedIn](https://www.linkedin.com/in/emre-dursun-nl/) · [GitHub](https://github.com/emredursun)
+
+## License
+
+[MIT](LICENSE)