@grant-vine/wunderkind 0.10.6 → 0.10.8

package/dist/agents/ciso.js

@@ -1,5 +1,6 @@
 import { createAgentToolRestrictions } from "./types.js";
-import { buildPersistentContextSection, buildSoulMaintenanceSection } from "./shared-prompt-sections.js";
+import { buildPersistentContextSection, buildSoulMaintenanceSection, renderSlashCommandRegistry } from "./shared-prompt-sections.js";
+import { RETAINED_AGENT_SLASH_COMMANDS } from "./slash-commands.js";
 const MODE = "all";
 export const CISO_METADATA = {
     category: "specialist",
@@ -39,6 +40,7 @@ export function createCisoAgent(model) {
         blockers: "unresolved High/Critical findings awaiting engineering action",
     });
     const soulMaintenanceSection = buildSoulMaintenanceSection();
+    const slashCommandsSection = renderSlashCommandRegistry(RETAINED_AGENT_SLASH_COMMANDS.ciso);
     return {
         description: "USE FOR: security architecture, security review, threat modelling, STRIDE, DREAD, NIST CSF, OWASP Top 10, secure by design, defence in depth, shift-left security, zero trust, least privilege, principle of least privilege, security posture assessment, vulnerability management, dependency auditing, CVE, SBOM, software bill of materials, secret scanning, credential exposure, CSP, CORS, HSTS, security headers, rate limiting, auth security, JWT security, OAuth security, session management, RBAC, ABAC, row-level security, data protection, encryption at rest, encryption in transit, TLS configuration, certificate management, compliance, GDPR, POPIA, SOC2, ISO 27001, penetration testing, security audit, code review security, security incident response, breach response, security incident command, compliance impact assessment, forensic evidence preservation, vulnerability disclosure, security training, security culture, pen test coordination, security analyst, compliance officer.",
         mode: MODE,
@@ -131,180 +133,7 @@ Security controls must exist at multiple layers — compromising one layer must
 
 ---
 
-## Slash Commands
-
-### \`/threat-model <system or feature>\`
-Run a STRIDE threat model on a system or feature.
-
-1. Draw the data flow: what data enters the system, how it's processed, where it's stored, what leaves
-2. Identify trust boundaries: where does data cross from one trust level to another?
-3. Apply STRIDE to each component and data flow
-4. Rate each threat: Likelihood (H/M/L) × Impact (H/M/L) = Risk (H/M/L)
-5. Map mitigations to each identified threat
-6. Output: threat model document with risk register
-
-Delegate to Security Analyst for detailed vulnerability assessment:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:security-analyst"],
-  description="Security analysis of [system/feature]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/security-audit <scope>\`
-Perform a security audit of a codebase, feature, or system.
-
-1. Check OWASP Top 10:2025 for each applicable risk category
-2. Review auth implementation: JWT handling, session management, token storage
-3. Review authorisation: RBAC enforcement, IDOR prevention, missing checks
-4. Review input validation: all user inputs sanitised before DB/API/eval
-5. Review secrets: no hardcoded credentials, proper env var usage
-6. Review security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
-7. Review dependencies: known CVEs via \`npm audit\` / \`bun audit\`
-
-Delegate pen testing to the Pen Tester sub-skill:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:pen-tester"],
-  description="Pen test [scope]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/compliance-check <regulation>\`
-Assess compliance posture against a specific regulation.
-
-Delegate to Compliance Officer:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:compliance-officer"],
-  description="Compliance assessment for [regulation]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/incident-response <incident type>\`
-Activate the security incident response playbook.
-
-**Phases:**
-1. **Contain**: isolate affected systems immediately — disable compromised accounts, revoke exposed secrets, take affected systems offline if necessary
-2. **Assess**: what data was accessed? What systems were compromised? What is the blast radius?
-3. **Notify**: who needs to know? Internal stakeholders, legal, affected users, regulators (if data breach, timeline depends on jurisdiction — GDPR 72h, POPIA 72h)
-4. **Eradicate**: remove the attacker's foothold — patch the vulnerability, rotate credentials, review logs for persistence
-5. **Recover**: restore from verified clean backups, verify integrity, monitor closely post-recovery
-6. **Learn**: postmortem within 48 hours, update threat model, improve controls
-
-**For containment and service recovery**, delegate to \`wunderkind:fullstack-wunderkind\` immediately so engineering owns the operational response while you retain security command:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:fullstack-wunderkind"],
-  description="Incident containment: [incident type]",
-  prompt="A security incident has been declared: [incident type and known details]. Execute containment: isolate affected systems, revoke exposed credentials/tokens, disable compromised accounts, capture and preserve logs for forensics, assess service availability impact, and stand up a status page or internal comms channel. Return: actions taken, systems affected, blast radius estimate, and current service status.",
-  run_in_background=false
-)
-\`\`\`
-
-**If personal data is involved**, assess breach-notification obligations with \`wunderkind:compliance-officer\`; route final legal wording or contractual notice work to \`wunderkind:legal-counsel\` after the impact is classified:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:compliance-officer"],
-  description="Breach notification assessment for [incident type]",
-  prompt="A security incident involving personal data has occurred: [incident details]. Assess breach notification obligations: 1) Does this require regulator notification? If so, what is the timeline and which regulator? (Check .wunderkind/wunderkind.config.jsonc for PRIMARY_REGULATION). 2) Do affected individuals need to be notified? 3) Draft the regulator notification. 4) Draft the individual notification if required. 5) Document everything for the ROPA breach record.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/security-headers-check <url>\`
-Audit security headers on a live URL.
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Check security headers for [url]",
-  prompt="Navigate to [url] and capture all response headers. Check for presence and correct configuration of: Content-Security-Policy, Strict-Transport-Security (HSTS with max-age >= 31536000), X-Content-Type-Options (nosniff), X-Frame-Options (SAMEORIGIN or DENY), Referrer-Policy, Permissions-Policy. For CSP: check it is not just 'unsafe-inline' or 'unsafe-eval'. Return: present/missing/misconfigured status for each header with the actual value and recommended fix.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/dependency-audit\`
-Audit project dependencies for known vulnerabilities.
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=[],
-  description="Run dependency vulnerability audit",
-  prompt="Run 'bun audit' (or 'npm audit --json' if bun not available) in the project root. Parse the output and return: critical vulnerabilities (fix immediately), high vulnerabilities (fix this sprint), moderate vulnerabilities (fix next sprint), low/info (track). For each critical/high: package name, CVE, affected version, fixed version, and recommended action (update/replace/workaround).",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-## Sub-Skill Delegation
-
-The CISO orchestrates three specialist sub-skills. Delegate as follows:
-
-**Security Analyst** — vulnerability assessment, OWASP analysis, code review, auth testing:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:security-analyst"],
-  description="Security analysis: [specific task]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
-**Pen Tester** — active testing, attack simulation, ASVS, auth flows, force browsing:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:pen-tester"],
-  description="Penetration test: [scope]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
-**Compliance Officer** — GDPR, POPIA, data classification, consent management, breach notification:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:compliance-officer"],
-  description="Compliance assessment: [regulation/scope]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
+${slashCommandsSection}
 
 ---
 
@@ -321,19 +150,6 @@ task(
 
 ${persistentContextSection}
 
-## Delegation Patterns
-
-When OSS licensing, TOS/Privacy Policy, DPAs, CLAs, or contract review is needed:
-
-\`\`\`typescript
-task(
-  subagent_type="legal-counsel",
-  description="Review legal matter: [topic]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
----
 
 ## Hard Rules
 

package/dist/agents/ciso.js.map

@@ -1 +1 @@
-{"version":3,"file":"ciso.js","sourceRoot":"","sources":["../../src/agents/ciso.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AACxD,OAAO,EAAE,6BAA6B,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAA;AAExG,MAAM,IAAI,GAAc,KAAK,CAAA;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAwB;IAChD,QAAQ,EAAE,YAAY;IACtB,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,MAAM;IACnB,QAAQ,EAAE;QACR;YACE,MAAM,EAAE,uBAAuB;YAC/B,OAAO,EACL,+MAA+M;SAClN;KACF;IACD,OAAO,EAAE;QACP,8EAA8E;QAC9E,mDAAmD;QACnD,iDAAiD;QACjD,6CAA6C;QAC7C,6FAA6F;QAC7F,6DAA6D;QAC7D,sDAAsD;KACvD;IACD,SAAS,EAAE;QACT,qDAAqD;QACrD,iGAAiG;QACjG,wHAAwH;QACxH,4GAA4G;KAC7G;CACF,CAAA;AAED,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,YAAY,GAAG,2BAA2B,CAAC;QAC/C,OAAO;QACP,MAAM;QACN,aAAa;KACd,CAAC,CAAA;IAEF,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;QAC7D,SAAS,EAAE,4EAA4E;QACvF,SAAS,EAAE,2EAA2E;QACtF,QAAQ,EAAE,+DAA+D;KAC1E,CAAC,CAAA;IACF,MAAM,sBAAsB,GAAG,2BAA2B,EAAE,CAAA;IAE5D,OAAO;QACL,WAAW,EACT,y9BAAy9B;QAC39B,IAAI,EAAE,IAAI;QACV,KAAK;QACL,WAAW,EAAE,GAAG;QAChB,GAAG,YAAY;QACf,MAAM,EAAE;;;;EAIV,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8QtB,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;oFAuB0D;KACjF,CAAA;AACH,CAAC;AAED,eAAe,CAAC,IAAI,GAAG,IAAI,CAAA"}
+{"version":3,"file":"ciso.js","sourceRoot":"","sources":["../../src/agents/ciso.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AACxD,OAAO,EAAE,6BAA6B,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AACpI,OAAO,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAA;AAEnE,MAAM,IAAI,GAAc,KAAK,CAAA;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAwB;IAChD,QAAQ,EAAE,YAAY;IACtB,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,MAAM;IACnB,QAAQ,EAAE;QACR;YACE,MAAM,EAAE,uBAAuB;YAC/B,OAAO,EACL,+MAA+M;SAClN;KACF;IACD,OAAO,EAAE;QACP,8EAA8E;QAC9E,mDAAmD;QACnD,iDAAiD;QACjD,6CAA6C;QAC7C,6FAA6F;QAC7F,6DAA6D;QAC7D,sDAAsD;KACvD;IACD,SAAS,EAAE;QACT,qDAAqD;QACrD,iGAAiG;QACjG,wHAAwH;QACxH,4GAA4G;KAC7G;CACF,CAAA;AAED,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,YAAY,GAAG,2BAA2B,CAAC;QAC/C,OAAO;QACP,MAAM;QACN,aAAa;KACd,CAAC,CAAA;IAEF,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;QAC7D,SAAS,EAAE,4EAA4E;QACvF,SAAS,EAAE,2EAA2E;QACtF,QAAQ,EAAE,+DAA+D;KAC1E,CAAC,CAAA;IACF,MAAM,sBAAsB,GAAG,2BAA2B,EAAE,CAAA;IAC5D,MAAM,oBAAoB,GAAG,0BAA0B,CAAC,6BAA6B,CAAC,IAAI,CAAC,CAAA;IAE3F,OAAO;QACL,WAAW,EACT,y9BAAy9B;QAC39B,IAAI,EAAE,IAAI;QACV,KAAK;QACL,WAAW,EAAE,GAAG;QAChB,GAAG,YAAY;QACf,MAAM,EAAE;;;;EAIV,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkFtB,oBAAoB;;;;;;;;;;;;;;;EAepB,wBAAwB;;;;;;;;;;oFAU0D;KACjF,CAAA;AACH,CAAC;AAED,eAAe,CAAC,IAAI,GAAG,IAAI,CAAA"}

package/dist/agents/creative-director.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"creative-director.d.ts","sourceRoot":"","sources":["../../src/agents/creative-director.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,KAAK,EAAa,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAMhE,eAAO,MAAM,0BAA0B,EAAE,mBAuBxC,CAAA;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CAoQtE;yBApQe,2BAA2B"}
+{"version":3,"file":"creative-director.d.ts","sourceRoot":"","sources":["../../src/agents/creative-director.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,KAAK,EAAa,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAOhE,eAAO,MAAM,0BAA0B,EAAE,mBAuBxC,CAAA;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CAoHtE;yBApHe,2BAA2B"}

package/dist/agents/creative-director.js

@@ -1,5 +1,6 @@
 import { createAgentToolRestrictions } from "./types.js";
-import { buildPersistentContextSection, buildSoulMaintenanceSection } from "./shared-prompt-sections.js";
+import { buildPersistentContextSection, buildSoulMaintenanceSection, renderSlashCommandRegistry } from "./shared-prompt-sections.js";
+import { RETAINED_AGENT_SLASH_COMMANDS } from "./slash-commands.js";
 const MODE = "all";
 export const CREATIVE_DIRECTOR_METADATA = {
     category: "specialist",
@@ -37,6 +38,7 @@ export function createCreativeDirectorAgent(model) {
         blockers: "missing brand assets, unresolved accessibility failures, design reviews pending",
     });
     const soulMaintenanceSection = buildSoulMaintenanceSection();
+    const slashCommandsSection = renderSlashCommandRegistry(RETAINED_AGENT_SLASH_COMMANDS["creative-director"]);
     return {
         description: "USE FOR: brand identity, visual identity, creative direction, design system, design language, typography, colour palette, colour theory, logo design, icon design, illustration style, photography art direction, motion design, animation, video creative, advertising creative, campaign creative, creative brief, creative strategy, UI design, UX design, user experience, information architecture, wireframes, prototypes, design critique, design review, design audit, accessibility, WCAG, contrast ratios, design tokens, CSS custom properties, Tailwind theme, W3C design tokens, Figma, component design, design system documentation, brand guidelines, style guide, visual storytelling, art direction, mood boards, creative concepts, copywriting, headline writing, taglines, microcopy, UX writing, print design, digital design, social media graphics, email templates, web design, landing page design, responsive design, dark mode, light mode, theming, design consistency, pixel perfect, spacing system, grid system, layout design.",
         mode: MODE,
@@ -117,152 +119,7 @@ You hold two modes in tension: the wild creative who pushes boundaries and surpr
 
 ---
 
-## Slash Commands
-
-### \`/brand-identity <brief>\`
-Develop a complete brand identity system from a creative brief.
-
-1. **Discovery**: Ask the Opening Questionnaire (mood, colour preferences, industry, competitors, brand personality, audience, existing assets)
-2. **Exploration**: Present 3 distinct creative directions with rationale
-3. **System**: For the chosen direction, define: colour palette, typography pair, spacing scale, iconography style, photography direction
-4. **Tokens**: Output as CSS custom properties + Tailwind config + W3C Design Token JSON
-5. **Guidelines**: Write brand do/don't rules for each element
-
-Load \`visual-artist\` for palette generation and token export:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["visual-artist"],
-  description="Generate colour system and design tokens for [brand]",
-  prompt="Generate a comprehensive colour palette from [seed colour]. Include primary, secondary, neutral, surface, and semantic colours. Output as CSS custom properties, Tailwind config, and W3C Design Token JSON. Audit all colours for WCAG AA compliance.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/design-audit <url>\`
-Rigorous design and accessibility audit of a live page or design.
-
-Switch to **Audit Mode**: mathematical, unforgiving, precise.
-
-Delegate browser capture:
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Capture design audit data from [url]",
-  prompt="Navigate to [url]. 1) Screenshot full page to /tmp/design-audit.png 2) Inject axe-core (https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.0/axe.min.js) and run axe.run({ runOnly: ['color-contrast', 'heading-order'] }) 3) Extract computed CSS: all unique colors, font families, font sizes from body, h1-h6, p, a, button 4) Return screenshot path, axe violations, color/font lists",
-  run_in_background=false
-)
-\`\`\`
-
-**Report output:**
-- WCAG contrast violations table (element, foreground, background, ratio, level)
-- Typography hierarchy review (h1-h6 sizes, weights, line-heights)
-- Spacing audit (are margins/paddings multiples of 4px/8px?)
-- Colour consistency (are there rogue one-off hex values?)
-- Quick wins vs strategic fixes prioritised list
-
----
-
-### \`/generate-palette <seed>\`
-Generate a comprehensive, accessible colour system from a seed.
-
-Delegate to \`visual-artist\`:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["visual-artist"],
-  description="Generate accessible colour palette from [seed]",
-  prompt="Run /generate-palette [seed]. Return the full palette with Hex/RGB/HSL values, WCAG contrast ratios, pass/fail status, and usage recommendations for each colour.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/design-system-review\`
-Audit an existing codebase's design system for consistency and completeness.
-
-1. Read \`tailwind.config.ts\`, \`globals.css\`, \`tokens.css\` (or equivalent)
-2. Map all defined tokens: colours, spacing, typography, radius, shadow
-3. Identify gaps: missing semantic colours, inconsistent spacing values, undefined states
-4. Identify redundancies: duplicate values, unused tokens, conflicting definitions
-5. Output a prioritised remediation plan
-
----
-
-### \`/creative-brief <project>\`
-Write a creative brief for any design or campaign project.
-
-Sections:
-- **Project Overview**: What are we making and why?
-- **Audience**: Who will see this? What do they care about?
-- **Objective**: What should they think/feel/do after experiencing this?
-- **Deliverables**: Exact list of outputs with specs
-- **Tone & Mood**: 3-5 adjectives + reference examples
-- **Constraints**: Budget, timeline, technical, brand guardrails
-- **Success Criteria**: How will we know this worked?
-
----
-
-## Sub-Skill Delegation
-
-For detailed colour palette generation, design tokens, and WCAG auditing:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["visual-artist"],
-  description="[specific design system or palette task]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-## Delegation Patterns
-
-When implementing designs in code (React, Astro, Tailwind):
-
-\`\`\`typescript
-task(
-  category="visual-engineering",
-  load_skills=["frontend-ui-ux"],
-  description="Implement [component/page] design",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
-When browser-based design auditing or screenshot capture is needed:
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Capture design data from [url]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
-When writing brand copy, taglines, or UX writing at scale:
-
-\`\`\`typescript
-task(
-  category="writing",
-  load_skills=[],
-  description="Write [copy type] for [context]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
+${slashCommandsSection}
 
 ---
 

package/dist/agents/creative-director.js.map

@@ -1 +1 @@
-{"version":3,"file":"creative-director.js","sourceRoot":"","sources":["../../src/agents/creative-director.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AACxD,OAAO,EAAE,6BAA6B,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAA;AAExG,MAAM,IAAI,GAAc,KAAK,CAAA;AAE7B,MAAM,CAAC,MAAM,0BAA0B,GAAwB;IAC7D,QAAQ,EAAE,YAAY;IACtB,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,mBAAmB;IAChC,QAAQ,EAAE;QACR;YACE,MAAM,EAAE,yBAAyB;YACjC,OAAO,EACL,oHAAoH;SACvH;KACF;IACD,OAAO,EAAE;QACP,2DAA2D;QAC3D,6DAA6D;QAC7D,uCAAuC;QACvC,2DAA2D;QAC3D,mDAAmD;KACpD;IACD,SAAS,EAAE;QACT,gEAAgE;QAChE,8DAA8D;QAC9D,wDAAwD;KACzD;CACF,CAAA;AAED,MAAM,UAAU,2BAA2B,CAAC,KAAa;IACvD,MAAM,YAAY,GAAG,2BAA2B,CAAC;QAC/C,OAAO;QACP,MAAM;QACN,aAAa;QACb,MAAM;KACP,CAAC,CAAA;IAEF,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;QAC7D,SAAS,EAAE,qEAAqE;QAChF,SAAS,EAAE,6EAA6E;QACxF,QAAQ,EAAE,iFAAiF;KAC5F,CAAC,CAAA;IACF,MAAM,sBAAsB,GAAG,2BAA2B,EAAE,CAAA;IAE5D,OAAO;QACL,WAAW,EACT,igCAAigC;QACngC,IAAI,EAAE,IAAI;QACV,KAAK;QACL,WAAW,EAAE,GAAG;QAChB,GAAG,YAAY;QACf,MAAM,EAAE;;;;EAIV,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwOtB,wBAAwB,EAAE;KACzB,CAAA;AACH,CAAC;AAED,2BAA2B,CAAC,IAAI,GAAG,IAAI,CAAA"}
+{"version":3,"file":"creative-director.js","sourceRoot":"","sources":["../../src/agents/creative-director.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AACxD,OAAO,EAAE,6BAA6B,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AACpI,OAAO,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAA;AAEnE,MAAM,IAAI,GAAc,KAAK,CAAA;AAE7B,MAAM,CAAC,MAAM,0BAA0B,GAAwB;IAC7D,QAAQ,EAAE,YAAY;IACtB,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,mBAAmB;IAChC,QAAQ,EAAE;QACR;YACE,MAAM,EAAE,yBAAyB;YACjC,OAAO,EACL,oHAAoH;SACvH;KACF;IACD,OAAO,EAAE;QACP,2DAA2D;QAC3D,6DAA6D;QAC7D,uCAAuC;QACvC,2DAA2D;QAC3D,mDAAmD;KACpD;IACD,SAAS,EAAE;QACT,gEAAgE;QAChE,8DAA8D;QAC9D,wDAAwD;KACzD;CACF,CAAA;AAED,MAAM,UAAU,2BAA2B,CAAC,KAAa;IACvD,MAAM,YAAY,GAAG,2BAA2B,CAAC;QAC/C,OAAO;QACP,MAAM;QACN,aAAa;QACb,MAAM;KACP,CAAC,CAAA;IAEF,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;QAC7D,SAAS,EAAE,qEAAqE;QAChF,SAAS,EAAE,6EAA6E;QACxF,QAAQ,EAAE,iFAAiF;KAC5F,CAAC,CAAA;IACF,MAAM,sBAAsB,GAAG,2BAA2B,EAAE,CAAA;IAC5D,MAAM,oBAAoB,GAAG,0BAA0B,CAAC,6BAA6B,CAAC,mBAAmB,CAAC,CAAC,CAAA;IAE3G,OAAO;QACL,WAAW,EACT,igCAAigC;QACngC,IAAI,EAAE,IAAI;QACV,KAAK;QACL,WAAW,EAAE,GAAG;QAChB,GAAG,YAAY;QACf,MAAM,EAAE;;;;EAIV,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsEtB,oBAAoB;;;;;;;;;;;;;;;;;EAiBpB,wBAAwB,EAAE;KACzB,CAAA;AACH,CAAC;AAED,2BAA2B,CAAC,IAAI,GAAG,IAAI,CAAA"}

package/dist/agents/fullstack-wunderkind.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fullstack-wunderkind.d.ts","sourceRoot":"","sources":["../../src/agents/fullstack-wunderkind.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,KAAK,EAAa,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAKhE,eAAO,MAAM,6BAA6B,EAAE,mBA2B3C,CAAA;AAED,wBAAgB,8BAA8B,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CAkazE;yBAlae,8BAA8B"}
+{"version":3,"file":"fullstack-wunderkind.d.ts","sourceRoot":"","sources":["../../src/agents/fullstack-wunderkind.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,KAAK,EAAa,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAMhE,eAAO,MAAM,6BAA6B,EAAE,mBA2B3C,CAAA;AAED,wBAAgB,8BAA8B,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CA0LzE;yBA1Le,8BAA8B"}

package/dist/agents/fullstack-wunderkind.js

@@ -1,4 +1,5 @@
-import { buildPersistentContextSection, buildSoulMaintenanceSection } from "./shared-prompt-sections.js";
+import { buildPersistentContextSection, buildSoulMaintenanceSection, renderSlashCommandRegistry } from "./shared-prompt-sections.js";
+import { RETAINED_AGENT_SLASH_COMMANDS } from "./slash-commands.js";
 const MODE = "all";
 export const FULLSTACK_WUNDERKIND_METADATA = {
     category: "specialist",
@@ -34,6 +35,7 @@ export function createFullstackWunderkindAgent(model) {
         blockers: "build failures, type errors not yet resolved, external blockers",
     });
     const soulMaintenanceSection = buildSoulMaintenanceSection();
+    const slashCommandsSection = renderSlashCommandRegistry(RETAINED_AGENT_SLASH_COMMANDS["fullstack-wunderkind"]);
     return {
         description: "USE FOR: full-stack development, frontend, backend, infrastructure, database, Astro, React, Next.js, TypeScript, JavaScript, Tailwind CSS, CSS, HTML, Node.js, Vercel deployment, Vercel, serverless, edge functions, API design, REST API, GraphQL, tRPC, authentication, authorisation, JWT, OAuth, session management, PostgreSQL, Neon DB, Drizzle ORM, schema design, migrations, query optimisation, EXPLAIN ANALYZE, index audit, ERD, database architecture, performance optimisation, Core Web Vitals, Lighthouse, bundle analysis, code splitting, lazy loading, ISR, SSR, SSG, App Router, Edge Runtime, Neon DB branching, preview URLs, CI/CD, GitHub Actions, automated testing, unit tests, integration tests, end-to-end tests, Playwright, security, OWASP, data privacy, architecture decisions, system design, microservices, monorepo, refactoring, code review, technical debt, dependency management, bun, npm, package management, environment variables, secrets management, logging, monitoring, error tracking, SRE, reliability engineering, SLO, SLI, SLA, error budget, incident response, postmortem, runbook, supportability review, observability, tracing, on-call, admin panel, admin tooling, internal tooling, web accessibility, WCAG, responsive design, mobile-first, dark mode, design system implementation, component library, Storybook, testing, debugging, technical triage, defect diagnosis, TDD execution, regression coverage, coverage analysis, DevOps, infrastructure as code, cloud, AI integration, LLM, embeddings, vector search, streaming.",
         mode: MODE,
@@ -191,245 +193,12 @@ const db = drizzle(neon(process.env.DATABASE_URL!));
 
 ---
 
-## Slash Commands
-
-### \`/validate-page <url>\`
-Full page audit: accessibility, Core Web Vitals, broken links, console errors.
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Full page audit of [url]",
-  prompt="Navigate to [url], waitUntil: networkidle. 1) Inject axe-core (https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.0/axe.min.js) and run axe.run({ runOnly: ['color-contrast', 'heading-order'] }). 2) Capture console errors. 3) Measure CWV via PerformanceObserver (LCP, CLS, FCP, TTFB) with 4s timeout. 4) Check 30 links via fetch HEAD for 4xx/5xx. 5) Screenshot to /tmp/page-validate.png. Return: CWV metrics, console errors, broken links, axe violations.",
-  run_in_background=false
-)
-\`\`\`
-
-Output a CWV table vs targets:
-| Metric | Measured | Target | Status |
-|--------|----------|--------|--------|
-| LCP    | ?        | <2.5s  | ✅/❌  |
-| CLS    | ?        | <0.1   | ✅/❌  |
-| FCP    | ?        | <1.8s  | ✅/❌  |
-| TTFB   | ?        | <800ms | ✅/❌  |
-
----
-
-### \`/bundle-analyze\`
-Analyse Next.js bundle sizes and flag heavy dependencies.
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=["vercel-architect"],
-  description="Bundle analysis for current Next.js project",
-  prompt="Run /bundle-analyze. Install @next/bundle-analyzer, build with ANALYZE=true, report largest chunks. Flag: lodash (replace with lodash-es), moment.js (replace with dayjs), components >50KB (wrap with dynamic import). Return treemap summary and replacement recommendations.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/db-audit\`
-Full database health check: schema, indexes, slow queries.
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["db-architect"],
-  description="Full database audit",
-  prompt="Run /index-audit and /migration-diff. Report: missing FK indexes, unused indexes, sequential scan hotspots, and drift between Drizzle schema and live database. Flag all destructive operations — do not execute them, only report with recommended SQL.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/edge-vs-node <filepath>\`
-Determine whether a route/middleware file can run on Edge Runtime.
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=["vercel-architect"],
-  description="Edge compatibility check for [filepath]",
-  prompt="Run /edge-vs-node [filepath]. Check for Node-only imports (fs, path, os, child_process, node:*), Node globals (Buffer, __dirname), and incompatible ORMs (prisma, pg, mysql2). Return VERDICT: EDGE COMPATIBLE or NODE REQUIRED with reasons and fix instructions.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/security-audit\`
-Quick OWASP Top 10 check on the codebase. Delegates to \`wunderkind:ciso\` for comprehensive coverage.
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:ciso"],
-  description="OWASP security audit of current codebase",
-  prompt="Perform a security audit covering OWASP Top 10:2025. Check: 1) Hardcoded secrets or API keys in source files. 2) All user inputs validated/sanitised before DB queries. 3) SQL injection vectors (raw query strings with interpolation). 4) Auth middleware coverage — which routes are protected? 5) CORS configuration, CSP headers, HSTS. 6) Missing rate limiting on auth and sensitive endpoints. 7) Dependency vulnerabilities via bun audit. 8) Data minimisation and consent tracking for compliance. Return: prioritised findings by severity (Critical/High/Medium/Low) with exact file paths and recommended fixes.",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-### \`/architecture-review <component>\`
-Review a system component for architectural correctness.
-
-1. Read the component, its dependencies, and callers
-2. Assess: separation of concerns, coupling, cohesion, single responsibility
-3. Flag: circular dependencies, god objects, leaky abstractions, performance traps
-4. Propose: minimal refactoring steps with before/after code examples
-5. Estimate: effort (hours), risk (low/med/high), impact (low/med/high)
-
----
-
-### \`/supportability-review <service>\`
-Run a production-readiness and supportability review before launch.
-
-1. Check observability coverage across logs, metrics, traces, dashboards, and alerting
-2. Verify rollback, backup, recovery, and on-call ownership are explicit and tested
-3. Confirm the service has an executable runbook, dependency map, and escalation path
-4. Return a launch scorecard with blockers, near-term fixes, and evidence gaps
-
----
-
-### \`/runbook <service> <alert>\`
-Write or refine a production runbook for a service and alert.
-
-1. Translate the alert into plain-English impact and likely blast radius
-2. List numbered triage and rollback steps with exact commands or dashboards
-3. Document the most likely root-cause branches and how to verify each one
-4. Define success checks, escalation conditions, and post-incident follow-up
-
----
-
-## Sub-Skill Delegation
-
-For red-green-refactor implementation, regression hardening, and defect-driven delivery:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["tdd"],
-  description="[specific bugfix or behavior]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-For Vercel deployment, Next.js App Router, Edge Runtime, Neon branching, and performance:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["vercel-architect"],
-  description="[specific Vercel/Next.js task]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
-For database schema design, Drizzle ORM, query analysis, migrations, and index auditing:
-
-\`\`\`typescript
-task(
-  category="unspecified-high",
-  load_skills=["db-architect"],
-  description="[specific database task]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
----
-
-## Delegation Patterns
-
-For UI implementation and visual engineering:
-
-\`\`\`typescript
-task(
-  category="visual-engineering",
-  load_skills=["frontend-ui-ux"],
-  description="Implement [component/page]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
-For browser automation, E2E testing, and page validation:
-
-\`\`\`typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="[browser task]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
-For exploring codebase structure and patterns:
-
-\`\`\`typescript
-task(
-  subagent_type="explore",
-  load_skills=[],
-  description="Map [module/pattern] in codebase",
-  prompt="...",
-  run_in_background=true
-)
-\`\`\`
-
-For researching library APIs, best practices, and external documentation:
-
-\`\`\`typescript
-task(
-  subagent_type="librarian",
-  load_skills=[],
-  description="Research [library/pattern]",
-  prompt="...",
-  run_in_background=true
-)
-\`\`\`
-
-For git operations (commits, branches, history):
-
-\`\`\`typescript
-task(
-  category="quick",
-  load_skills=["git-master"],
-  description="[git operation]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
-
----
+${slashCommandsSection}
 
 ---
 
 ${persistentContextSection}
 
-## Delegation Patterns
-
-When external developer documentation, tutorials, migration guides, or getting-started content are needed:
-
-\`\`\`typescript
-task(
-  category="writing",
-  load_skills=["technical-writer"],
-  description="Write developer documentation or tutorial for [topic]",
-  prompt="...",
-  run_in_background=false
-)
-\`\`\`
 ---
 
 ## Hard Rules (Non-Negotiable)