@kennethsolomon/shipkit 1.0.0

package/skills/sk:setup-claude/templates/commands/finish-feature.md.template

@@ -0,0 +1,155 @@
+<!-- Generated by /setup-claude -->
+
+# Finish Feature Command
+
+**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → **Finalize** → Release
+
+Finalize a feature/bug-fix branch: changelog, arch log, security gate, verification, and PR creation.
+
+This is the **last step before `/release`**. It auto-commits documentation changes (changelog, arch log) so you don't need to loop back to `/commit` for docs-only work.
+
+## Before You Start
+
+If `tasks/lessons.md` exists, read it in full. For each active lesson, scan the
+final diff (`git diff main..HEAD`) for the **Bug** pattern described in that lesson
+before marking the feature done. This is the last gate before merge — catch recurring
+mistakes here rather than in review.
+
+If `tasks/security-findings.md` exists, read it. Check that any Critical or High
+severity findings from the most recent `/security-check` audit have been addressed.
+If unresolved Critical/High findings remain, warn the user before proceeding.
+
+## Steps
+
+1. **Check Git Branch**
+   - Verify you are not on `main`
+   - Create a branch if needed: `feature/<desc>`, `fix/<desc>`, or `chore/<desc>`
+
+2. **Show Branch Summary**
+   - `git status --short`
+   - `git log main..HEAD --oneline`
+
+3. **Verify `CHANGELOG.md` Updated**
+   - Ensure an entry exists under `[Unreleased]`
+   - Follow `.claude/docs/changelog-guide.md`
+   - If CHANGELOG.md needs updating, make the edit and auto-commit:
+     ```bash
+     git add CHANGELOG.md
+     git commit -m "docs: update CHANGELOG.md for unreleased changes"
+     ```
+
+4. **Check for Architectural Changes**
+
+   The auto-detector scans for architecture-relevant changes:
+   - Schema/database changes (migrations, models, databases)
+   - API/route structure changes (endpoints, controllers)
+   - Component/module organization changes
+   - Configuration changes affecting architecture
+   - New subsystems or major refactors
+   - Dependency changes
+
+   Run to see what would be detected:
+   ```bash
+   python3 $HOME/.claude/skills/setup-claude/scripts/detect_arch_changes.py --dry-run
+   ```
+
+   If architectural changes detected:
+   a) **Auto-generate the draft:**
+      ```bash
+      python3 $HOME/.claude/skills/setup-claude/scripts/detect_arch_changes.py
+      ```
+      This creates a markdown draft in `.claude/docs/architectural_change_log/`
+
+   b) **Review and edit the draft:**
+      - Open the generated file
+      - Fill in [TODO] sections:
+        - Detailed Changes: What specifically changed?
+        - Before & After: Show the comparison
+        - Affected Components: What parts of system are impacted?
+        - Migration/Compatibility: Any breaking changes?
+      - Verify the auto-filled sections (Summary, Type, What Changed, Impact)
+
+   c) **Auto-commit the arch log** (no need to go back to `/commit`):
+      ```bash
+      git add .claude/docs/architectural_change_log/
+      git commit -m "docs: add architectural changelog entry"
+      ```
+
+   If no architectural changes detected: skip to step 5.
+
+5. **Verification** (with Test Checklist for Reviewers)
+
+   Tests should have been created during `/execute-plan`. Verify:
+
+   a) **Automated Tests**
+      - Execute: `[TEST_COMMAND]`
+      - Verify all tests pass with no failures
+      - Check test coverage (target: >80% for new code in `[LANGUAGE]` projects)
+      - No skipped tests (`test.skip`, `it.skip`, `@skip`, etc.)
+      - Run other CI checks: lint (`npm run lint` or equivalent), build (`npm run build` or equivalent)
+
+   b) **Manual Testing - [FRAMEWORK] / [TESTING]**
+      - For frontend ([FRAMEWORK]): Render the component/page in browser, verify state updates work correctly, test all user interactions (clicks, form inputs, navigation), verify conditional rendering, check edge cases and error states
+      - For backend/API ([FRAMEWORK]): Test HTTP status codes and responses, verify request/response bodies match spec, test error cases and input validation, check database transactions/state, verify authentication/authorization if applicable
+      - For CLI/desktop ([FRAMEWORK]): Test command-line arguments and flags, verify output format and readability, test error messages and help text, check file I/O operations
+      - Using [TESTING] framework: Verify test structure matches project conventions, assertions are clear and specific, setup/teardown is properly handled
+
+   c) **Regression Testing**
+      - Test related existing functionality to ensure no breakage
+      - For [FRAMEWORK] projects: check related components/endpoints/commands work correctly
+      - Verify no new console errors, warnings, or debug statements
+      - Confirm existing tests still pass
+
+   d) **Code Quality Checks**
+      - No hardcoded test data, credentials, or environment-specific values in production code
+      - Proper error handling and validation
+      - No debugging code (`console.log`, `debugger`, `pdb`, `print` statements, etc.)
+      - Comments explain *why*, not *what*
+      - Follows [LANGUAGE] conventions and style guide (see `CLAUDE.md`)
+
+6. **Security Gate**
+   - Read `tasks/security-findings.md`. If it doesn't exist or has no audit for this branch, recommend: "Run `/security-check` before creating a PR."
+   - If the most recent audit has unresolved Critical or High findings, list them and ask the user to confirm they've been addressed before proceeding.
+
+7. **Create Pull Request**
+
+   a) **Check remote status:**
+   ```bash
+   git remote -v
+   git rev-parse --abbrev-ref --symbolic-full-name @{u} 2>/dev/null || echo "no upstream"
+   ```
+
+   b) **Push branch if needed:**
+   ```bash
+   git push -u origin HEAD
+   ```
+
+   c) **Generate PR title and body:**
+      - Title: Short, imperative, under 70 characters
+      - Body: Summary of changes, review findings (if any from `/review`), test status
+
+   d) **Create PR:**
+   ```bash
+   gh pr create --title "title here" --body "$(cat <<'EOF'
+## Summary
+- bullet points of key changes
+
+## Review Notes
+- Any findings from /review (or "Clean review — no issues found")
+
+## Security
+- Security check status (passed / N findings addressed)
+
+## Test Plan
+- How to verify the changes
+
+Generated with [Claude Code](https://claude.com/claude-code)
+EOF
+)"
+   ```
+
+   e) Report the PR URL to the user.
+
+## When Done
+
+> "Feature finalized and PR created! Run `/release` when ready to tag and publish."

package/skills/sk:setup-claude/templates/commands/plan.md.template

@@ -0,0 +1,30 @@
+---
+description: "Create/refresh tasks planning files and start planning."
+---
+
+<!-- Generated by /setup-claude -->
+
+# /plan
+
+Initialize planning files in `tasks/` (create-if-missing) and start Phase 1 planning.
+
+## Before You Start
+
+If `tasks/lessons.md` exists, read it in full. Apply every active lesson as a
+constraint when filling `tasks/todo.md` — lessons represent decisions already made
+about what not to do on this project.
+
+## Steps
+
+1. Ensure `tasks/` exists.
+2. If missing, create:
+   - `tasks/todo.md`
+   - `tasks/findings.md`
+   - `tasks/progress.md`
+3. Read `tasks/todo.md` and ask the user:
+   - What’s the goal?
+   - What are the constraints?
+   - What does “done” look like?
+4. Fill `tasks/todo.md` (Goal + Plan + Verification + Acceptance Criteria).
+5. Continue with `/write-plan` if you need a more detailed plan.
+

package/skills/sk:setup-claude/templates/commands/re-setup.md.template

@@ -0,0 +1,38 @@
+---
+description: "Re-run /setup-claude bootstrap for this repo (refresh generated files)."
+---
+
+<!-- Generated by /setup-claude -->
+
+# /re-setup
+
+Re-run the `/setup-claude` bootstrap for this repository. Use this to refresh generated files or repair scaffolding.
+
+## Steps
+
+1. Run a dry-run preview:
+
+   ```bash
+   python3 "$HOME/.claude/skills/setup-claude/scripts/apply_setup_claude.py" "$(pwd)" --dry-run
+   ```
+
+2. If the preview looks correct, apply changes:
+
+   ```bash
+   python3 "$HOME/.claude/skills/setup-claude/scripts/apply_setup_claude.py" "$(pwd)"
+   ```
+
+   > Files marked `<!-- Generated by /setup-claude -->` are updated automatically if the template changed. Files without the marker are never touched.
+
+3. Optional: print detection details (JSON):
+
+   ```bash
+   python3 "$HOME/.claude/skills/setup-claude/scripts/apply_setup_claude.py" "$(pwd)" --print-detection
+   ```
+
+## Output
+
+After running, report:
+- ✅ Created
+- 🔄 Updated
+- ⏭️ Skipped (and why)

package/skills/sk:setup-claude/templates/commands/release.md.template

@@ -0,0 +1,74 @@
+---
+description: "Automate releases: bump version, update CHANGELOG, create tag, push to GitHub. Use --android and/or --ios flags for App Store / Play Store readiness audit."
+---
+
+<!-- Generated by /setup-claude -->
+
+# /release
+
+**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finalize → **Release**
+
+Automate the release process for your project. Supports optional mobile store submission review.
+
+## Usage
+
+```
+/release                    # Git release only
+/release --android          # Git release + Play Store audit
+/release --ios              # Git release + App Store audit
+/release --android --ios    # Git release + both store audits
+```
+
+## Hard Rules
+
+- **DO NOT** release without reviewing CHANGELOG.md changes
+- **DO NOT** proceed if CHANGELOG.md has no [Unreleased] section
+- You **must** have a git remote origin (GitHub, GitLab, etc.)
+- Version format must follow semantic versioning (e.g., v1.0.0, v0.2.0-beta)
+- When `--android` or `--ios` flags are present, **always run the store audit after the git release**
+
+## Steps
+
+1. **Parse flags** — Check for `--android` and/or `--ios` in the user's invocation.
+
+2. **Verify CHANGELOG.md** — Check that the [Unreleased] section has the changes you want to release. If not, update CHANGELOG.md first and commit.
+
+3. **Run the release script** — This will:
+   - Auto-detect: project name, current version, GitHub URL
+   - Prompt for: new version number
+   - Suggest: release title based on changes
+   - Update: CHANGELOG.md (move [Unreleased] -> [Version])
+   - Update: version in CLAUDE.md (if it has a Version line)
+   - Create: git commit with release message
+   - Create: annotated git tag
+   - Push: tag to GitHub (with confirmation at each step)
+
+4. **Complete the release on GitHub** — The script will show you the GitHub releases link. Go there and:
+   - Click "Create release from tag"
+   - Use the suggested title
+   - Copy the changelog section as release notes
+   - Publish the release
+
+5. **(If --android or --ios)** **Run Store Readiness Audit** — The release skill will:
+   - Auto-detect the mobile framework (Expo, React Native, Flutter, native, Capacitor)
+   - Detect if this is a first-time submission or an update
+   - Walk through every item in the store checklist, checking config files
+   - Report status for each item: PASS / FAIL / WARN / MANUAL CHECK NEEDED
+   - Propose fixes for config issues (with your approval)
+   - Guide you through manual steps (screenshots, store listing, etc.)
+   - Present a summary report with next steps and build/submit commands
+
+## When Done
+
+> "Release {version} completed! Check GitHub to finalize the release."
+
+If store flags were used:
+> "Store readiness audit complete. See the summary report above for remaining action items."
+
+## Notes
+
+- Each step (commit, tag, push) requires your confirmation
+- You can skip any step and do it manually later
+- The script works with any project type: Node, Python, Go, Rust, etc.
+- Requires: CHANGELOG.md file with [Unreleased] section
+- Store audits support: Expo, React Native, Flutter, native Android/iOS, Capacitor/Ionic, .NET MAUI

package/skills/sk:setup-claude/templates/commands/security-check.md.template

@@ -0,0 +1,172 @@
+---
+description: "Audit changed code for security best practices, production-grade quality, and industry gold standards."
+---
+
+<!-- Generated by /setup-claude -->
+
+# /security-check
+
+**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → **Security** → Performance → Review → Finalize → Release
+
+Audit code for security vulnerabilities, production-grade quality, and industry gold-standard compliance.
+
+By default, this checks only files changed on the current branch. Use `--all` to scan the entire project.
+
+## Hard Rules
+
+- **DO NOT fix code.** This is an audit — report only. The user decides what to fix.
+- **DO NOT skip checks** because the project is small or simple. Production is production.
+- **Every finding must cite a specific file and line number.**
+- **Every finding must reference the standard it violates** (OWASP, CWE, NIST, etc.).
+
+## Before You Start
+
+1. Read `CLAUDE.md` to understand the project's stack and conventions.
+2. If `tasks/security-findings.md` exists, read it — check if prior findings have been addressed.
+3. If `tasks/lessons.md` exists, read it — apply security-related lessons as targeted checks.
+
+## Determine Scope
+
+**Default (changed files only):**
+```bash
+git diff main..HEAD --name-only
+```
+
+**If the user says `--all` or "scan everything":**
+```bash
+find . -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx" -o -name "*.py" -o -name "*.go" -o -name "*.rs" -o -name "*.php" -o -name "*.rb" -o -name "*.java" \) \
+  -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/vendor/*" -not -path "*/dist/*" -not -path "*/build/*"
+```
+
+Read each file in scope before auditing.
+
+## Security Audit Checklist
+
+### 1. OWASP Top 10 (2021)
+
+- **A01 Broken Access Control** — Missing auth checks, IDOR, privilege escalation, CORS misconfiguration
+- **A02 Cryptographic Failures** — Weak hashing, plaintext secrets, missing TLS, insecure random
+- **A03 Injection** — SQL, NoSQL, OS command, LDAP, template injection, XSS (reflected/stored/DOM)
+- **A04 Insecure Design** — Missing rate limiting, no abuse-case thinking, trust boundary violations
+- **A05 Security Misconfiguration** — Default credentials, verbose errors in production, unnecessary features enabled, missing security headers
+- **A06 Vulnerable Components** — Known CVEs in dependencies, outdated packages
+- **A07 Auth Failures** — Weak passwords allowed, missing brute-force protection, session fixation, missing MFA where needed
+- **A08 Data Integrity Failures** — Untrusted deserialization, missing integrity checks, insecure CI/CD
+- **A09 Logging Failures** — Missing audit logs, PII in logs, no alerting on security events
+- **A10 SSRF** — Unvalidated URLs, internal network access, DNS rebinding
+
+### 2. Stack-Specific Checks ([LANGUAGE] / [FRAMEWORK])
+
+**If [FRAMEWORK] includes React/Next.js:**
+- `dangerouslySetInnerHTML` usage without sanitization
+- Client-side secrets (API keys in browser bundles)
+- Missing CSP headers
+- Server component data leaking to client
+- `getServerSideProps`/Server Actions exposing internal data
+
+**If [FRAMEWORK] includes Express/Node.js:**
+- Missing helmet/security headers
+- Unsanitized user input in `req.params`, `req.query`, `req.body`
+- Path traversal via `req.params` in file operations
+- Missing rate limiting on auth endpoints
+- Prototype pollution
+
+**If [LANGUAGE] is Python:**
+- `eval()`, `exec()`, `pickle.loads()` with untrusted input
+- SQL string formatting instead of parameterized queries
+- `subprocess.shell=True` with user input
+- Missing input validation on FastAPI/Django endpoints
+- Jinja2 `| safe` filter misuse
+
+**If [LANGUAGE] is Go:**
+- Unchecked error returns on security-critical operations
+- `html/template` vs `text/template` confusion
+- Missing context cancellation/timeouts
+- Race conditions on shared state
+
+**If [LANGUAGE] is PHP:**
+- `include`/`require` with user-controlled paths
+- `mysqli_query` without prepared statements
+- Missing CSRF tokens
+- `extract()` with user input
+
+### 3. Production Readiness
+
+- **Error handling** — No swallowed errors, no stack traces leaked to users, graceful degradation
+- **Input validation** — All external inputs validated at system boundaries (API, forms, file uploads)
+- **Environment separation** — No hardcoded dev/staging URLs, secrets not committed, `.env` in `.gitignore`
+- **Dependency hygiene** — Lock files committed, no `*` version ranges, no known vulnerabilities
+- **Logging** — Structured logging present, no sensitive data logged, appropriate log levels
+- **Configuration** — Secrets via env vars (not code), feature flags for risky features, timeouts on external calls
+
+### 4. Data Protection
+
+- **PII handling** — Personal data encrypted at rest, masked in logs, retention policy considered
+- **Authentication tokens** — HttpOnly + Secure + SameSite cookies, short-lived JWTs, refresh token rotation
+- **Database** — Parameterized queries everywhere, principle of least privilege on DB users, backups configured
+- **File uploads** — Type validation (not just extension), size limits, sandboxed storage
+
+## Generate Report
+
+Write findings to `tasks/security-findings.md` using this format:
+
+```markdown
+# Security Audit — YYYY-MM-DD
+
+**Scope:** Changed files on branch `<branch-name>` | Full project scan
+**Stack:** [LANGUAGE] / [FRAMEWORK]
+**Files audited:** N
+
+## Critical (must fix before deploy)
+
+- **[FILE:LINE]** Description of vulnerability
+  **Standard:** OWASP A03 — Injection (CWE-89)
+  **Risk:** What could happen if exploited
+  **Recommendation:** How to fix it
+
+## High (fix before production)
+
+- **[FILE:LINE]** Description
+  **Standard:** ...
+  **Risk:** ...
+  **Recommendation:** ...
+
+## Medium (should fix)
+
+- **[FILE:LINE]** Description
+  **Standard:** ...
+  **Recommendation:** ...
+
+## Low / Informational
+
+- **[FILE:LINE]** Description
+  **Recommendation:** ...
+
+## Passed Checks
+
+- List of categories that passed with no findings
+
+## Summary
+
+| Severity | Count |
+|----------|-------|
+| Critical | N |
+| High     | N |
+| Medium   | N |
+| Low      | N |
+| **Total** | **N** |
+```
+
+## When Done
+
+Tell the user:
+
+> "Security audit complete. Findings saved to `tasks/security-findings.md`.
+> - **Critical:** N | **High:** N | **Medium:** N | **Low:** N
+>
+> Review the findings, then run `/finish-feature` when ready to finalize."
+
+If there are Critical or High findings:
+> "There are critical/high findings that should be addressed before merging. Fix them, then re-run `/security-check` to verify."
+
+**Do not auto-fix.** The user decides what to address.

package/skills/sk:setup-claude/templates/commands/status.md.template

@@ -0,0 +1,17 @@
+---
+description: "Show planning status at a glance from tasks/todo.md."
+---
+
+<!-- Generated by /setup-claude -->
+
+# /status
+
+Read `tasks/todo.md` and display a compact status summary.
+
+## What to show
+- Total plan items vs completed plan items (checkbox count)
+- Errors count (if the file has an Errors section/table)
+- Whether `tasks/findings.md` and `tasks/progress.md` exist
+
+Keep it brief: answer “where am I?” and “what’s next?”.
+

package/skills/sk:setup-claude/templates/commands/write-plan.md.template

@@ -0,0 +1,34 @@
+---
+description: "Write a decision-complete plan into tasks/todo.md (no code yet)."
+---
+
+<!-- Generated by /setup-claude -->
+
+# /write-plan
+
+**Workflow:** Read → Explore → Design → Accessibility → **Plan** → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finalize → Release
+
+Create a decision-complete plan **before** writing code.
+
+## Steps
+
+1. Ensure planning files exist:
+   - `tasks/todo.md`
+   - `tasks/findings.md`
+   - `tasks/progress.md`
+2. Read context files:
+   - `tasks/findings.md` — requirements + discoveries; extract problem statement,
+     constraints, and open questions explicitly into the plan
+   - `tasks/lessons.md` — if it exists, apply all active lessons as constraints
+     before writing any plan steps
+3. Update `tasks/todo.md` with:
+   - **Goal** (1–2 lines)
+   - **Plan** as checkboxes (small, verifiable steps)
+   - **Verification** commands (exact commands + expected outcomes)
+   - **Acceptance criteria** (clear "done" conditions)
+   - **Risks/unknowns** (anything still ambiguous)
+4. Present the plan to the user and wait for approval.
+
+## Rules
+- No implementation until the plan is approved.
+- If something is unclear, add a plan step to explore it first.

package/skills/sk:setup-claude/templates/finish-feature.md.template

@@ -0,0 +1,3 @@
+<!-- Deprecated template path. -->
+<!-- Source of truth: templates/commands/finish-feature.md.template -->
+

package/skills/sk:setup-claude/templates/plan.md.template

@@ -0,0 +1,3 @@
+<!-- Deprecated template path. -->
+<!-- Source of truth: templates/commands/plan.md.template -->
+

package/skills/sk:setup-claude/templates/status.md.template

@@ -0,0 +1,3 @@
+<!-- Deprecated template path. -->
+<!-- Source of truth: templates/commands/status.md.template -->
+

package/skills/sk:setup-claude/templates/tasks/findings.md.template

@@ -0,0 +1,19 @@
+# Findings — YYYY-MM-DD — [Topic]
+
+## Requirements
+- (captured from user request)
+
+## Repo / Stack Notes
+- (detected frameworks, key paths, scripts)
+
+## Decisions
+| Decision | Rationale |
+|----------|-----------|
+|          |           |
+
+## Resources
+- (paths, docs links)
+
+## Visual / Browser Findings
+- (only if applicable; write down what won’t persist)
+

package/skills/sk:setup-claude/templates/tasks/lessons.md.template

@@ -0,0 +1,26 @@
+# Lessons Learned
+
+Accumulated corrections from past mistakes. Read this file at the **start of any task** and apply all active lessons before proceeding.
+
+## How to Add a Lesson
+
+**Explicit trigger** — say any of:
+- `lesson:` / `remember:` / `don't do this again:` / `add to lessons`
+→ Claude appends immediately.
+
+**Implicit trigger** — correction language detected ("no", "don't", "instead", "wrong"):
+→ Claude asks: *"Should I add this to lessons.md?"* → appends on confirmation.
+
+## Entry Format
+
+```markdown
+### [YYYY-MM-DD] [Brief title]
+**Mistake:** What went wrong (symptom)
+**Root cause:** Why it happened
+**Prevention:** What to do differently next time
+```
+
+## Active Lessons
+
+<!-- Add entries here. Never remove a lesson unless the root cause is permanently fixed or the user explicitly asks to remove it. -->
+

package/skills/sk:setup-claude/templates/tasks/progress.md.template

@@ -0,0 +1,20 @@
+# Progress Log
+
+## Session: YYYY-MM-DD
+- Started: HH:MM
+- Summary:
+  - (what changed)
+
+## Work Log
+- YYYY-MM-DD HH:MM — did X (files: a, b) (verify: cmd)
+
+## Test Results
+| Command | Expected | Actual | Status |
+|---------|----------|--------|--------|
+|         |          |        |        |
+
+## Error Log
+| Timestamp | Error | Attempt | Resolution |
+|-----------|-------|---------|------------|
+|           |       | 1       |            |
+

package/skills/sk:setup-claude/templates/tasks/security-findings.md.template

@@ -0,0 +1,5 @@
+# Security Findings
+
+> Populated by `/security-check`. Never overwritten — new audits append below.
+> Referenced by `/review`, `/finish-feature`, and `/brainstorm` for security context.
+

package/skills/sk:setup-claude/templates/tasks/todo.md.template

@@ -0,0 +1,26 @@
+# TODO — YYYY-MM-DD — [Short Title]
+
+## Goal
+[1–2 lines]
+
+## Plan
+- [ ] Step 1
+- [ ] Step 2
+
+## Verification
+- `command` → expected result
+
+## Acceptance Criteria
+- [ ] Condition 1
+
+## Risks / Unknowns
+- TBD
+
+## Results
+- (fill after execution)
+
+## Errors
+| Error | Attempt | Resolution |
+|-------|---------|------------|
+|       | 1       |            |
+

package/skills/sk:setup-claude/templates/tasks/workflow-status.md.template

@@ -0,0 +1,31 @@
+# Workflow Status
+
+> Tracks progress through the development workflow. Reset this file when starting a new feature, bug fix, or task.
+> Updated automatically after every slash command. Do not edit manually.
+
+| # | Step | Status | Notes |
+|---|------|--------|-------|
+| 1 | Read Todo | >> next << | |
+| 2 | Read Lessons | not yet | |
+| 3 | Explore (`/brainstorm`) | not yet | |
+| 4 | Design (`/frontend-design` or `/api-design`) | not yet | optional |
+| 5 | Accessibility (`/accessibility`) | not yet | optional |
+| 6 | Plan (`/write-plan`) | not yet | |
+| 7 | Branch (`/branch`) | not yet | |
+| 8 | Migrate (`/schema-migrate`) | not yet | optional |
+| 9 | Write Tests (`/write-tests`) | not yet | |
+| 10 | Implement (`/execute-plan`) | not yet | |
+| 11 | Commit (`/smart-commit`) | not yet | |
+| 12 | **Lint** (`/lint`) | not yet | HARD GATE — loop until clean |
+| 13 | Commit (`/smart-commit`) | not yet | conditional |
+| 14 | **Verify Tests** (`/test`) | not yet | HARD GATE — 100% coverage |
+| 15 | Commit (`/smart-commit`) | not yet | conditional |
+| 16 | **Security** (`/security-check`) | not yet | HARD GATE — 0 issues |
+| 17 | Commit (`/smart-commit`) | not yet | conditional |
+| 18 | Performance (`/perf`) | not yet | optional gate |
+| 19 | Commit (`/smart-commit`) | not yet | conditional |
+| 20 | **Review** (`/review`) | not yet | HARD GATE — 0 issues |
+| 21 | Commit (`/smart-commit`) | not yet | conditional |
+| 22 | Update (`/update-task`) | not yet | |
+| 23 | Finalize (`/finish-feature`) | not yet | |
+| 24 | Release (`/release`) | not yet | optional |

package/skills/sk:setup-claude/templates/tasks-findings.md.template

@@ -0,0 +1,3 @@
+<!-- Deprecated template path. -->
+<!-- Source of truth: templates/tasks/findings.md.template -->
+