@esoteric-logic/praxis-harness 1.1.0

package/bin/praxis.js

@@ -0,0 +1,385 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const { spawnSync } = require('child_process');
+
+const VERSION = require('../package.json').version;
+const PKG_DIR = path.resolve(__dirname, '..');
+const CLAUDE_DIR = path.join(os.homedir(), '.claude');
+const CONFIG_FILE = path.join(CLAUDE_DIR, 'praxis.config.json');
+
+// ── Helpers ──────────────────────────────────────────────────
+
+function header(msg) { console.log('\n\x1b[1m\x1b[36m' + msg + '\x1b[0m'); }
+function ok(msg)     { console.log('  \x1b[32m\u2713\x1b[0m ' + msg); }
+function fail(msg)   { console.error('  \x1b[31m\u2717\x1b[0m ' + msg); }
+function dim(msg)    { console.log('  \x1b[2m' + msg + '\x1b[0m'); }
+
+function toolExists(name) {
+  const r = spawnSync('which', [name], { stdio: 'pipe' });
+  return r.status === 0;
+}
+
+function copyDir(src, dest) {
+  fs.cpSync(src, dest, { recursive: true, force: true });
+}
+
+function copyFile(src, dest) {
+  fs.cpSync(src, dest, { force: true });
+}
+
+// ── Install ──────────────────────────────────────────────────
+
+async function install() {
+  header('Praxis Harness v' + VERSION);
+
+  // Ensure ~/.claude/ structure
+  for (const sub of ['rules', 'commands', 'skills']) {
+    fs.mkdirSync(path.join(CLAUDE_DIR, sub), { recursive: true });
+  }
+
+  // Copy base/CLAUDE.md → ~/.claude/CLAUDE.md
+  const claudeMdSrc = path.join(PKG_DIR, 'base', 'CLAUDE.md');
+  if (fs.existsSync(claudeMdSrc)) {
+    copyFile(claudeMdSrc, path.join(CLAUDE_DIR, 'CLAUDE.md'));
+    ok('CLAUDE.md installed');
+  }
+
+  // Copy base/rules/* → ~/.claude/rules/
+  const rulesDir = path.join(PKG_DIR, 'base', 'rules');
+  if (fs.existsSync(rulesDir)) {
+    let count = 0;
+    for (const f of fs.readdirSync(rulesDir)) {
+      copyFile(path.join(rulesDir, f), path.join(CLAUDE_DIR, 'rules', f));
+      count++;
+    }
+    ok(count + ' rules installed');
+  }
+
+  // Copy base/commands/* → ~/.claude/commands/
+  const cmdsDir = path.join(PKG_DIR, 'base', 'commands');
+  if (fs.existsSync(cmdsDir)) {
+    let count = 0;
+    for (const f of fs.readdirSync(cmdsDir)) {
+      copyFile(path.join(cmdsDir, f), path.join(CLAUDE_DIR, 'commands', f));
+      count++;
+    }
+    ok(count + ' commands installed');
+  }
+
+  // Copy base/skills/* → ~/.claude/skills/
+  const skillsDir = path.join(PKG_DIR, 'base', 'skills');
+  if (fs.existsSync(skillsDir)) {
+    let count = 0;
+    for (const entry of fs.readdirSync(skillsDir)) {
+      const src = path.join(skillsDir, entry);
+      const dest = path.join(CLAUDE_DIR, 'skills', entry);
+      if (fs.statSync(src).isDirectory()) {
+        copyDir(src, dest);
+      } else {
+        copyFile(src, dest);
+      }
+      count++;
+    }
+    ok(count + ' skills installed');
+  }
+
+  // Copy kits/ → ~/.claude/kits/
+  const kitsDir = path.join(PKG_DIR, 'kits');
+  if (fs.existsSync(kitsDir)) {
+    copyDir(kitsDir, path.join(CLAUDE_DIR, 'kits'));
+    ok('kits installed');
+  }
+
+  // Orphan cleanup: obsidian.md renamed to vault.md
+  const legacyObsidian = path.join(CLAUDE_DIR, 'rules', 'obsidian.md');
+  if (fs.existsSync(legacyObsidian)) {
+    fs.unlinkSync(legacyObsidian);
+    ok('Removed legacy obsidian.md (renamed to vault.md)');
+  }
+
+  // Vault configuration
+  if (!fs.existsSync(CONFIG_FILE)) {
+    header('Vault configuration');
+    const readline = require('readline/promises');
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+
+    console.log('');
+    console.log('  Choose a vault backend:');
+    console.log('    [1] Obsidian (default)');
+    console.log('    [2] Logseq');
+    console.log('    [3] Plain markdown (~/.praxis-vault)');
+    console.log('    [4] Custom path');
+    console.log('');
+    const backendChoice = await rl.question('  Choice [1]: ');
+    const choice = (backendChoice || '1').trim();
+
+    let vaultBackend = 'obsidian';
+    let vaultPath = '';
+
+    switch (choice) {
+      case '1':
+        vaultBackend = 'obsidian';
+        vaultPath = await rl.question('  Obsidian vault path: ');
+        break;
+      case '2':
+        vaultBackend = 'logseq';
+        vaultPath = await rl.question('  Logseq vault path: ');
+        break;
+      case '3':
+        vaultBackend = 'plain';
+        vaultPath = path.join(os.homedir(), '.praxis-vault');
+        fs.mkdirSync(vaultPath, { recursive: true });
+        ok('Created ' + vaultPath);
+        break;
+      case '4':
+        vaultBackend = 'custom';
+        vaultPath = await rl.question('  Vault path: ');
+        break;
+      default:
+        vaultBackend = 'obsidian';
+        vaultPath = await rl.question('  Vault path: ');
+        break;
+    }
+    rl.close();
+
+    if (vaultPath) {
+      vaultPath = vaultPath.replace(/^~/, os.homedir());
+    }
+
+    const config = {
+      version: '1.1.0',
+      vault_path: vaultPath || '',
+      vault_backend: vaultBackend,
+      repo_path: PKG_DIR
+    };
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + '\n');
+    ok('praxis.config.json written');
+  } else {
+    dim('praxis.config.json already exists — skipping');
+  }
+
+  // Tool checks (conditional on backend)
+  header('Tool check');
+  let vaultBackendForCheck = 'obsidian';
+  if (fs.existsSync(CONFIG_FILE)) {
+    try {
+      const cfg = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+      vaultBackendForCheck = cfg.vault_backend || 'obsidian';
+    } catch {}
+  }
+
+  const baseTools = ['node', 'claude', 'jq'];
+  if (vaultBackendForCheck === 'obsidian') {
+    baseTools.push('obsidian');
+  } else {
+    baseTools.push('rg');
+  }
+  for (const tool of baseTools) {
+    if (toolExists(tool)) {
+      ok(tool + ' available');
+    } else {
+      fail(tool + ' not found (optional)');
+    }
+  }
+
+  // Summary
+  header('Install complete');
+  console.log('  Files copied to ' + CLAUDE_DIR);
+  console.log('  Run: npx praxis-harness health');
+  console.log('');
+}
+
+// ── Update ───────────────────────────────────────────────────
+
+async function update() {
+  header('Updating Praxis Harness v' + VERSION);
+  await install();
+}
+
+// ── Health ───────────────────────────────────────────────────
+
+function health() {
+  header('Praxis Health Check');
+  let pass = 0;
+  let total = 0;
+
+  function check(condition, label) {
+    total++;
+    if (condition) { ok(label); pass++; }
+    else { fail(label); }
+  }
+
+  // Core files
+  console.log('\nCore:');
+  check(fs.existsSync(path.join(CLAUDE_DIR, 'CLAUDE.md')), 'CLAUDE.md installed');
+
+  // Rules
+  console.log('\nRules:');
+  const rulesDir = path.join(PKG_DIR, 'base', 'rules');
+  if (fs.existsSync(rulesDir)) {
+    for (const f of fs.readdirSync(rulesDir)) {
+      check(fs.existsSync(path.join(CLAUDE_DIR, 'rules', f)), 'rules/' + f + ' installed');
+    }
+  }
+
+  // Commands
+  console.log('\nCommands:');
+  const cmdsDir = path.join(PKG_DIR, 'base', 'commands');
+  if (fs.existsSync(cmdsDir)) {
+    for (const f of fs.readdirSync(cmdsDir)) {
+      check(fs.existsSync(path.join(CLAUDE_DIR, 'commands', f)), 'commands/' + f + ' installed');
+    }
+  }
+
+  // Skills
+  console.log('\nSkills:');
+  const skillsDir = path.join(PKG_DIR, 'base', 'skills');
+  if (fs.existsSync(skillsDir)) {
+    for (const entry of fs.readdirSync(skillsDir)) {
+      check(fs.existsSync(path.join(CLAUDE_DIR, 'skills', entry)), 'skills/' + entry + ' installed');
+    }
+  }
+
+  // Kits
+  console.log('\nKits:');
+  check(fs.existsSync(path.join(CLAUDE_DIR, 'kits')), 'kits directory installed');
+
+  // Config
+  console.log('\nConfig:');
+  check(fs.existsSync(CONFIG_FILE), 'praxis.config.json exists');
+  if (fs.existsSync(CONFIG_FILE)) {
+    try {
+      const cfg = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+      if (cfg.vault_path) {
+        check(fs.existsSync(cfg.vault_path), 'vault_path (' + cfg.vault_path + ') exists');
+      } else {
+        total++; fail('vault_path not set in config');
+      }
+    } catch { total++; fail('praxis.config.json is invalid JSON'); }
+  }
+
+  // Tools (conditional on backend)
+  console.log('\nTools:');
+  let healthBackend = 'obsidian';
+  if (fs.existsSync(CONFIG_FILE)) {
+    try {
+      const cfg = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+      healthBackend = cfg.vault_backend || 'obsidian';
+    } catch {}
+  }
+  const healthTools = ['node', 'claude', 'jq'];
+  if (healthBackend === 'obsidian') {
+    healthTools.push('obsidian');
+  } else {
+    healthTools.push('rg');
+  }
+  for (const tool of healthTools) {
+    check(toolExists(tool), tool + ' available');
+  }
+
+  // Summary
+  console.log('\n' + '\u2501'.repeat(38));
+  console.log('  Results: ' + pass + '/' + total + ' passed');
+  if (pass < total) {
+    console.log('  ' + (total - pass) + ' check(s) failed');
+    process.exit(1);
+  } else {
+    console.log('  All checks passed');
+  }
+}
+
+// ── Uninstall ────────────────────────────────────────────────
+
+function uninstall() {
+  header('Uninstalling Praxis Harness');
+
+  // Remove files that came from base/
+  const claudeMd = path.join(CLAUDE_DIR, 'CLAUDE.md');
+  if (fs.existsSync(claudeMd)) { fs.unlinkSync(claudeMd); ok('CLAUDE.md removed'); }
+
+  // Remove rules from base/rules/
+  const rulesDir = path.join(PKG_DIR, 'base', 'rules');
+  if (fs.existsSync(rulesDir)) {
+    for (const f of fs.readdirSync(rulesDir)) {
+      const target = path.join(CLAUDE_DIR, 'rules', f);
+      if (fs.existsSync(target)) fs.unlinkSync(target);
+    }
+    // Also remove legacy obsidian.md if present
+    const legacyRule = path.join(CLAUDE_DIR, 'rules', 'obsidian.md');
+    if (fs.existsSync(legacyRule)) fs.unlinkSync(legacyRule);
+    ok('rules removed');
+  }
+
+  // Remove commands from base/commands/
+  const cmdsDir = path.join(PKG_DIR, 'base', 'commands');
+  if (fs.existsSync(cmdsDir)) {
+    for (const f of fs.readdirSync(cmdsDir)) {
+      const target = path.join(CLAUDE_DIR, 'commands', f);
+      if (fs.existsSync(target)) fs.unlinkSync(target);
+    }
+    ok('commands removed');
+  }
+
+  // Remove skills from base/skills/
+  const skillsDir = path.join(PKG_DIR, 'base', 'skills');
+  if (fs.existsSync(skillsDir)) {
+    for (const entry of fs.readdirSync(skillsDir)) {
+      const target = path.join(CLAUDE_DIR, 'skills', entry);
+      if (fs.existsSync(target)) {
+        fs.rmSync(target, { recursive: true, force: true });
+      }
+    }
+    ok('skills removed');
+  }
+
+  // Remove kits
+  const kitsTarget = path.join(CLAUDE_DIR, 'kits');
+  if (fs.existsSync(kitsTarget)) {
+    fs.rmSync(kitsTarget, { recursive: true, force: true });
+    ok('kits removed');
+  }
+
+  header('Uninstall complete');
+  dim('Config file preserved: ' + CONFIG_FILE);
+  dim('Run: rm ' + CONFIG_FILE + ' to remove config');
+  console.log('');
+}
+
+// ── Help ─────────────────────────────────────────────────────
+
+function printHelp() {
+  console.log(`
+praxis-harness v${VERSION}
+
+Usage: npx praxis-harness [command]
+
+Commands:
+  install     Copy rules, commands, skills, and kits to ~/.claude/ (default)
+  update      Re-copy from latest npm package version
+  health      Verify install integrity
+  uninstall   Remove Praxis-owned files from ~/.claude/
+
+Flags:
+  --help, -h      Show this help
+  --version, -v   Show version
+`);
+}
+
+// ── Main ─────────────────────────────────────────────────────
+
+const arg = process.argv[2] || 'install';
+const commands = { install, update, health, uninstall };
+
+if (arg === '--help' || arg === '-h') { printHelp(); }
+else if (arg === '--version' || arg === '-v') { console.log(VERSION); }
+else if (commands[arg]) {
+  const result = commands[arg]();
+  if (result && typeof result.catch === 'function') {
+    result.catch(err => { fail(err.message); process.exit(1); });
+  }
+}
+else { fail('Unknown command: ' + arg); printHelp(); process.exit(1); }

package/kits/infrastructure/KIT.md

@@ -0,0 +1,66 @@
+---
+name: infrastructure
+version: 1.0.0
+description: Infrastructure as Code — Terraform, Azure, compliance, drift detection
+activation: /kit:infrastructure
+deactivation: /kit:off
+skills_chain:
+  - phase: plan
+    skills: []
+    status: planned
+  - phase: apply
+    skills: []
+    status: planned
+  - phase: drift
+    skills: []
+    status: planned
+  - phase: compliance
+    skills: []
+    status: planned
+mcp_servers: []
+rules:
+  - infrastructure.md
+removal_condition: >
+  Remove when infrastructure work is fully handled by a dedicated IaC pipeline
+  with no manual Claude-driven operations remaining.
+---
+
+# Infrastructure Kit
+
+## Purpose
+Chain infrastructure-as-code skills into a phased workflow for planning,
+applying, drift detection, and compliance checking against Azure/Terraform
+environments.
+
+## Skills Chain
+
+| # | Phase | Command | What It Provides |
+|---|-------|---------|-----------------|
+| 1 | Plan | `/infra:plan` | Terraform plan + review, flag destructive changes |
+| 2 | Apply | `/infra:apply` | Gated behind plan approval, write result to vault |
+| 3 | Drift | `/infra:drift` | Detect configuration drift via `terraform plan -detailed-exitcode` |
+| 4 | Compliance | `/infra:compliance` | NIST CSF mapping, public endpoint check, missing tags |
+
+## Workflow Integration
+
+This kit operates WITHIN the universal base workflow:
+- **GSD** structures the work (discuss → plan → execute → verify)
+- **Superpowers** enforces TDD and code review during execution
+- **This kit** adds infrastructure-specific rules and commands
+
+## Ralph Integration
+
+To persist this kit across Ralph iterations, add to project `CLAUDE.md`:
+
+```markdown
+## Active kit
+On session start, activate: /kit:infrastructure
+```
+
+Each Ralph iteration reads project CLAUDE.md and activates the kit automatically.
+The `/kit` command is idempotent — double-activation is a no-op.
+
+## Prerequisites
+
+Run `install.sh` in this directory to check for required CLI tools.
+Verify with `/kit:infrastructure` after install.

package/kits/infrastructure/commands/infra-apply.md

@@ -0,0 +1,44 @@
+---
+description: Apply a reviewed terraform plan. Gated behind plan approval. Writes result to vault.
+---
+
+You are applying an infrastructure plan.
+
+**Step 1 — Verify plan exists**
+- Check for `tfplan` file in working directory
+- If missing: STOP. "No plan file found. Run `/infra:plan` first."
+- Confirm user has reviewed the plan output
+
+**Step 2 — Apply**
+```bash
+terraform apply tfplan
+```
+Capture full output.
+
+**Step 3 — Verify**
+Run `terraform plan -detailed-exitcode` after apply:
+- Exit 0 = state matches config (success)
+- Exit 2 = drift remains (partial apply — investigate)
+
+**Step 4 — Write to vault**
+Write apply result to vault:
+- Update `{vault_path}/status.md` with What / So What / Now What
+- If this was a significant change: write to `{vault_path}/specs/` as a decision record
+- Vault indexing is automatic.
+
+**Step 5 — Report**
+```
+INFRA APPLY — {project} ({date})
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Status: {SUCCESS | PARTIAL | FAILED}
+Resources applied: {n}
+Post-apply drift: {none | details}
+
+Vault updated: {status.md path}
+```
+
+**Rules:**
+- Never apply without a saved plan file.
+- Never use `-auto-approve` without explicit user request.
+- Clean up tfplan file after successful apply.

package/kits/infrastructure/commands/infra-compliance.md

@@ -0,0 +1,65 @@
+---
+description: Check infrastructure compliance — NIST CSF mapping, public endpoints, missing tags.
+---
+
+You are running an infrastructure compliance check.
+
+**Step 1 — Load engagement context**
+- Read vault_path from `~/.claude/praxis.config.json`
+- Read `{vault_path}/_index.md` for engagement compliance requirements
+- Identify applicable frameworks (NIST CSF, SOC 2, ISO 27001, FedRAMP, VITA)
+
+**Step 2 — Public endpoint check**
+```bash
+# Azure: find public endpoints
+az storage account list -g {rg} --query "[?publicNetworkAccess!='Disabled'].[name]" -o table 2>/dev/null
+az sql server list -g {rg} --query "[?publicNetworkAccess!='Disabled'].[name]" -o table 2>/dev/null
+
+# Terraform: check for public access in config
+rg 'public_network_access\s*=\s*"Enabled"' --glob '*.tf'
+rg 'public_access\s*=\s*true' --glob '*.tf'
+```
+
+**Step 3 — Tag compliance**
+Check for mandatory tags defined in `_index.md`:
+```bash
+# Find resources missing required tags
+rg 'tags\s*=' --glob '*.tf' -l  # files with tags
+rg 'resource\s+"' --glob '*.tf' -l  # files with resources
+# Compare: resources without tags blocks
+```
+
+**Step 4 — NIST CSF mapping**
+For security-relevant resources, map to NIST CSF functions:
+- **Identify**: asset inventory, data classification
+- **Protect**: encryption, access control, network segmentation
+- **Detect**: monitoring, logging, alerting
+- **Respond**: incident response procedures
+- **Recover**: backup, disaster recovery
+
+**Step 5 — Report**
+```
+INFRA COMPLIANCE — {project} ({date})
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Framework: {applicable frameworks}
+
+PUBLIC ENDPOINTS: {n found}
+{list with resource and recommendation}
+
+TAG COMPLIANCE: {n non-compliant}
+{list with resource and missing tags}
+
+NIST CSF GAPS: {n identified}
+{list with function, gap, recommendation}
+
+Overall: {PASS | ISSUES FOUND}
+```
+
+**Step 6 — Document**
+Write compliance report to `{vault_path}/specs/{date}_compliance-check.md`
+Vault indexing is automatic.
+
+**Rules:**
+- Compliance checks are advisory. They do not modify infrastructure.
+- Critical findings (public endpoints on data services, missing encryption) should be flagged as risks via `/risk`.

package/kits/infrastructure/commands/infra-drift.md

@@ -0,0 +1,45 @@
+---
+description: Detect infrastructure drift via terraform plan. Reports divergence between state and config.
+---
+
+You are checking for infrastructure drift.
+
+**Step 1 — Run drift check**
+```bash
+terraform init -input=false
+terraform plan -detailed-exitcode
+```
+Capture exit code:
+- 0 = no drift, config matches state
+- 1 = error running plan
+- 2 = drift detected
+
+**Step 2 — Analyze drift**
+If exit code 2:
+- List each drifted resource with: resource address, attribute changed, expected vs actual
+- Classify drift:
+  - **Benign**: tags, descriptions, metadata (manual update outside Terraform)
+  - **Concerning**: security groups, RBAC, network config (possible unauthorized change)
+  - **Critical**: data resources, encryption settings, public access (investigate immediately)
+
+**Step 3 — Report**
+```
+INFRA DRIFT — {project} ({date})
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Status: {NO DRIFT | DRIFT DETECTED}
+Drifted resources: {n}
+
+{resource list with classification}
+
+Recommendation: {accept drift | remediate | investigate}
+```
+
+**Step 4 — Document**
+If drift is Concerning or Critical:
+- Write findings to `{vault_path}/notes/{date}_drift-report.md`
+- Vault indexing is automatic.
+
+**Rules:**
+- Drift detection is read-only. Never modify state or config during drift check.
+- Benign drift can be accepted. Concerning/Critical drift requires action.

package/kits/infrastructure/commands/infra-plan.md

@@ -0,0 +1,45 @@
+---
+description: Run terraform plan, review output, flag destructive changes. Use before any infrastructure apply.
+---
+
+You are running an infrastructure plan review.
+
+**Step 1 — Validate environment**
+- Confirm `terraform` is available: `command -v terraform`
+- Confirm working directory has `.tf` files
+- Check for remote backend configuration: `rg 'backend' *.tf`
+- If no backend: STOP. "Remote state backend not configured. Set up backend before planning."
+
+**Step 2 — Run plan**
+```bash
+terraform init -input=false
+terraform plan -out=tfplan -detailed-exitcode
+```
+Capture the exit code:
+- 0 = no changes
+- 1 = error
+- 2 = changes detected
+
+**Step 3 — Review output**
+- Flag **destructive changes** (destroy, replace) prominently
+- Flag **new resources** that introduce cost
+- Flag **security-relevant changes** (NSG rules, RBAC, public endpoints)
+- Summarize: {N} to add, {N} to change, {N} to destroy
+
+**Step 4 — Report**
+```
+INFRA PLAN — {project} ({date})
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Add: {n}  |  Change: {n}  |  Destroy: {n}
+
+{destructive changes if any, highlighted}
+{security-relevant changes if any}
+
+Plan saved to: tfplan
+Run /infra:apply to proceed.
+```
+
+**Rules:**
+- Never auto-approve. Always require explicit user confirmation.
+- If destroy count >0: require user to acknowledge before `/infra:apply`.

package/kits/infrastructure/install.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+set -euo pipefail
+
+echo "=== Praxis: Installing infrastructure kit ==="
+echo ""
+
+PASS=0
+TOTAL=0
+
+check() {
+  TOTAL=$((TOTAL + 1))
+  if command -v "$1" &>/dev/null; then
+    echo "  ✓ $1 found ($(command -v "$1"))"
+    PASS=$((PASS + 1))
+  else
+    echo "  ✗ $1 not found"
+    echo "    Install: $2"
+  fi
+}
+
+echo "Checking required CLI tools..."
+echo ""
+
+check "az"        "https://learn.microsoft.com/en-us/cli/azure/install-azure-cli"
+check "terraform"  "https://developer.hashicorp.com/terraform/install"
+check "tflint"     "brew install tflint  OR  https://github.com/terraform-linters/tflint"
+check "jq"         "brew install jq  OR  apt-get install jq"
+
+echo ""
+echo "  $PASS/$TOTAL tools found"
+echo ""
+
+if [[ $PASS -lt $TOTAL ]]; then
+  echo "  ⚠ Some tools missing. Install them before using infrastructure commands."
+fi
+
+echo ""
+echo "Note: Skills chain phases are status: planned."
+echo "Commands available: /infra:plan, /infra:apply, /infra:drift, /infra:compliance"
+echo ""
+echo "=== infrastructure kit check complete ==="
+echo "Activate with: /kit:infrastructure"
+echo ""