@kennethsolomon/shipkit 3.0.3 → 3.0.6

package/commands/sk/config

@@ -0,0 +1,92 @@
+#!/usr/bin/env python3
+"""Manage ShipKit project configuration."""
+
+import json
+import os
+import sys
+from pathlib import Path
+
+def get_defaults():
+    return {
+        "profile": "balanced",
+        "auto_commit": True,
+        "skip_gates": [],
+        "coverage_threshold": 100,
+        "branch_pattern": "feature/{slug}",
+        "model_overrides": {}
+    }
+
+def get_config():
+    """Read current config or return defaults."""
+    config_file = Path(".shipkit/config.json")
+    if config_file.exists():
+        try:
+            with open(config_file) as f:
+                return json.load(f)
+        except json.JSONDecodeError:
+            return get_defaults()
+    return get_defaults()
+
+def get_models_for_profile(profile):
+    """Get model assignments for a profile."""
+    models = {
+        "full-sail": {"planning": "opus", "implementation": "opus", "audits": "opus", "gates": "sonnet"},
+        "quality": {"planning": "opus", "implementation": "sonnet", "audits": "sonnet", "gates": "sonnet"},
+        "balanced": {"planning": "sonnet", "implementation": "sonnet", "audits": "sonnet", "gates": "haiku"},
+        "budget": {"planning": "sonnet", "implementation": "sonnet", "audits": "haiku", "gates": "haiku"}
+    }
+    return models.get(profile, models["balanced"])
+
+def display_config(config):
+    """Display current configuration in a table."""
+    print("\n## Current Configuration\n")
+    print("| Setting | Value | Description |")
+    print("|---------|-------|-------------|")
+    print(f"| `profile` | `{config['profile']}` | Model routing profile (full-sail / quality / balanced / budget) |")
+    print(f"| `auto_commit` | `{str(config['auto_commit']).lower()}` | Auto-run `/sk:smart-commit` after each gate passes |")
+    skip_gates_str = ", ".join(config['skip_gates']) if config['skip_gates'] else "(none)"
+    print(f"| `skip_gates` | `{skip_gates_str}` | Gates to skip |")
+    print(f"| `coverage_threshold` | `{config['coverage_threshold']}%` | Minimum test coverage on new code |")
+    print(f"| `branch_pattern` | `{config['branch_pattern']}` | Branch naming pattern |")
+    print(f"| `model_overrides` | `{json.dumps(config['model_overrides'])}` | Per-skill model overrides |")
+
+    profile = config['profile']
+    models = get_models_for_profile(profile)
+    print(f"\n## Model Assignments — `{profile}` profile\n")
+    print("| Skill group | Model |")
+    print("|-------------|-------|")
+    print(f"| brainstorm, write-plan, debug, execute-plan, review | `{models['planning']}` |")
+    print(f"| write-tests, frontend-design, api-design, security-check | `{models['implementation']}` |")
+    print(f"| perf, schema-migrate, accessibility | `{models['audits']}` |")
+    print(f"| lint, test | `{models['gates']}` |")
+    print(f"| smart-commit, branch, update-task | `haiku` |")
+
+def save_config(config):
+    """Save config to .shipkit/config.json."""
+    Path(".shipkit").mkdir(exist_ok=True)
+    config_file = Path(".shipkit/config.json")
+
+    with open(config_file, "w") as f:
+        json.dump(config, f, indent=2)
+
+    # Add to .gitignore
+    gitignore = Path(".gitignore")
+    if gitignore.exists():
+        content = gitignore.read_text()
+        if ".shipkit/config.json" not in content:
+            with open(gitignore, "a") as f:
+                f.write("\n.shipkit/config.json\n")
+    else:
+        gitignore.write_text(".shipkit/config.json\n")
+
+    print(f"\n✅ Config saved to `.shipkit/config.json`")
+
+def main():
+    config = get_config()
+    display_config(config)
+
+    print("\n---\n")
+    print("To change a setting, run: `/sk:set-profile <profile>` or edit `.shipkit/config.json` directly")
+
+if __name__ == "__main__":
+    main()

package/commands/sk/finish-feature.md

@@ -1,7 +1,10 @@
-<!-- Generated by /sk:setup-claude -->
-<!-- Template Hash: 7deba6efd53c -->
+---
+description: "Finalize a feature/bug-fix: changelog, arch log, verification, and PR creation."
+---
 
-# Finish Feature Command
+# /sk:finish-feature
+
+Finalize a feature/bug-fix branch and create a pull request.
 
 Finalize a feature/bug-fix branch: changelog, arch log, security gate, verification, and PR creation.
 
@@ -80,22 +83,24 @@ If unresolved Critical/High findings remain, warn the user before proceeding.
 
    Tests should have been created during `/sk:execute-plan`. Verify:
 
+   Detect the project stack from `CLAUDE.md`, `package.json`, `composer.json`, etc. before running checks.
+
    a) **Automated Tests**
-      - Execute: `npm test`
+      - Execute the detected test runner (e.g. `npm test`, `./vendor/bin/pest`, `python -m pytest`)
       - Verify all tests pass with no failures
-      - Check test coverage (target: >80% for new code in `Unknown` projects)
+      - Check test coverage (target: >80% for new code)
       - No skipped tests (`test.skip`, `it.skip`, `@skip`, etc.)
-      - Run other CI checks: lint (`npm run lint` or equivalent), build (`npm run build` or equivalent)
+      - Run other CI checks: lint and build using project-detected commands
 
-   b) **Manual Testing - Unknown / Unknown**
-      - For frontend (Unknown): Render the component/page in browser, verify state updates work correctly, test all user interactions (clicks, form inputs, navigation), verify conditional rendering, check edge cases and error states
-      - For backend/API (Unknown): Test HTTP status codes and responses, verify request/response bodies match spec, test error cases and input validation, check database transactions/state, verify authentication/authorization if applicable
-      - For CLI/desktop (Unknown): Test command-line arguments and flags, verify output format and readability, test error messages and help text, check file I/O operations
-      - Using Unknown framework: Verify test structure matches project conventions, assertions are clear and specific, setup/teardown is properly handled
+   b) **Manual Testing**
+      - For frontend (if detected): Render the component/page in browser, verify state updates work correctly, test all user interactions (clicks, form inputs, navigation), verify conditional rendering, check edge cases and error states
+      - For backend/API (if detected): Test HTTP status codes and responses, verify request/response bodies match spec, test error cases and input validation, check database transactions/state, verify authentication/authorization if applicable
+      - For CLI/desktop (if detected): Test command-line arguments and flags, verify output format and readability, test error messages and help text, check file I/O operations
+      - Verify test structure matches project conventions, assertions are clear and specific, setup/teardown is properly handled
 
    c) **Regression Testing**
       - Test related existing functionality to ensure no breakage
-      - For Unknown projects: check related components/endpoints/commands work correctly
+      - Check related components/endpoints/commands work correctly
       - Verify no new console errors, warnings, or debug statements
       - Confirm existing tests still pass
 
@@ -104,7 +109,7 @@ If unresolved Critical/High findings remain, warn the user before proceeding.
       - Proper error handling and validation
       - No debugging code (`console.log`, `debugger`, `pdb`, `print` statements, etc.)
       - Comments explain *why*, not *what*
-      - Follows Unknown conventions and style guide (see `CLAUDE.md`)
+      - Follows project conventions and style guide (see `CLAUDE.md`)
 
 6. **Security Gate**
    - If `/sk:security-check` has not been run on this branch, recommend: "Run `/sk:security-check` before creating a PR."

package/commands/sk/help.md

@@ -2,6 +2,16 @@
 description: "Show all ShipKit commands and workflow overview."
 ---
 
+# Meta
+
+| Command | Description |
+|---------|-------------|
+| `/sk:help` | Show all commands and workflow overview |
+| `/sk:status` | Show workflow and task status at a glance |
+| `/sk:skill-creator` | Create or improve ShipKit skills |
+
+---
+
 # /sk:help — ShipKit
 
 A structured workflow toolkit for Claude Code.
@@ -19,7 +29,6 @@ Run these commands in order for a complete, quality-gated feature build.
 | `/sk:schema-migrate` | Analyze schema changes *(skip if no DB changes)* |
 | `/sk:write-tests` | TDD red: write failing tests first |
 | `/sk:execute-plan` | TDD green: implement until tests pass |
-| `/sk:change` | Requirements changed? Re-enter at the right step |
 | `/sk:smart-commit` | Conventional commit with approval |
 | `/sk:lint` | **GATE** — all linters must pass |
 | `/sk:test` | **GATE** — 100% coverage on new code |
@@ -70,7 +79,7 @@ Requirements change mid-workflow? Run `/sk:change` — it classifies the scope a
 | `/sk:lint` | Auto-detect and run all linters |
 | `/sk:perf` | Performance audit |
 | `/sk:plan` | Create/refresh task planning files |
-| `/sk:release` | Version bump + changelog + tag |
+| `/sk:release` | Automate releases: bump version, update CHANGELOG, create tag, push to GitHub. Use --android and/or --ios flags for App Store / Play Store readiness audit |
 | `/sk:review` | Self-review of branch changes |
 | `/sk:schema-migrate` | Multi-ORM schema change analysis |
 | `/sk:security-check` | OWASP security audit |
@@ -113,4 +122,4 @@ Config lives in `.shipkit/config.json` — per project, gitignored by default.
 
 ---
 
-**ShipKit** by Kenneth Solomon · `npm install -g @kennethsolomon/shipkit` to install/update
+**ShipKit** by Kenneth Solomon · `npx @kennethsolomon/shipkit` to install/update

package/commands/sk/security-check.md

@@ -53,36 +53,38 @@ Read each file in scope before auditing.
 - **A09 Logging Failures** — Missing audit logs, PII in logs, no alerting on security events
 - **A10 SSRF** — Unvalidated URLs, internal network access, DNS rebinding
 
-### 2. Stack-Specific Checks (Unknown / Unknown)
+### 2. Stack-Specific Checks
 
-**If Unknown includes React/Next.js:**
+Detect the project stack from `CLAUDE.md`, `package.json`, `composer.json`, `pyproject.toml`, `go.mod`, `Cargo.toml`, etc. Apply the relevant checks below for every detected framework/language.
+
+**If the project uses React/Next.js:**
 - `dangerouslySetInnerHTML` usage without sanitization
 - Client-side secrets (API keys in browser bundles)
 - Missing CSP headers
 - Server component data leaking to client
 - `getServerSideProps`/Server Actions exposing internal data
 
-**If Unknown includes Express/Node.js:**
+**If the project uses Express/Node.js:**
 - Missing helmet/security headers
 - Unsanitized user input in `req.params`, `req.query`, `req.body`
 - Path traversal via `req.params` in file operations
 - Missing rate limiting on auth endpoints
 - Prototype pollution
 
-**If Unknown is Python:**
+**If the project uses Python:**
 - `eval()`, `exec()`, `pickle.loads()` with untrusted input
 - SQL string formatting instead of parameterized queries
 - `subprocess.shell=True` with user input
 - Missing input validation on FastAPI/Django endpoints
 - Jinja2 `| safe` filter misuse
 
-**If Unknown is Go:**
+**If the project uses Go:**
 - Unchecked error returns on security-critical operations
 - `html/template` vs `text/template` confusion
 - Missing context cancellation/timeouts
 - Race conditions on shared state
 
-**If Unknown is PHP:**
+**If the project uses PHP/Laravel:**
 - `include`/`require` with user-controlled paths
 - `mysqli_query` without prepared statements
 - Missing CSRF tokens
@@ -112,7 +114,7 @@ Write findings to `tasks/security-findings.md` using this format:
 # Security Audit — YYYY-MM-DD
 
 **Scope:** Changed files on branch `<branch-name>` | Full project scan
-**Stack:** Unknown / Unknown
+**Stack:** `<detected stack — e.g. Laravel / React>`
 **Files audited:** N
 
 ## Critical (must fix before deploy)

package/commands/sk/set-profile

@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+"""Switch ShipKit model routing profile."""
+
+import json
+import sys
+from pathlib import Path
+
+VALID_PROFILES = ["full-sail", "quality", "balanced", "budget"]
+
+def get_defaults():
+    return {
+        "profile": "balanced",
+        "auto_commit": True,
+        "skip_gates": [],
+        "coverage_threshold": 100,
+        "branch_pattern": "feature/{slug}",
+        "model_overrides": {}
+    }
+
+def get_config():
+    """Read current config or return defaults."""
+    config_file = Path(".shipkit/config.json")
+    if config_file.exists():
+        try:
+            with open(config_file) as f:
+                return json.load(f)
+        except json.JSONDecodeError:
+            return get_defaults()
+    return get_defaults()
+
+def get_models_for_profile(profile):
+    """Get model assignments for a profile."""
+    models = {
+        "full-sail": {"planning": "opus", "implementation": "opus", "audits": "opus", "gates": "sonnet"},
+        "quality": {"planning": "opus", "implementation": "sonnet", "audits": "sonnet", "gates": "sonnet"},
+        "balanced": {"planning": "sonnet", "implementation": "sonnet", "audits": "sonnet", "gates": "haiku"},
+        "budget": {"planning": "sonnet", "implementation": "sonnet", "audits": "haiku", "gates": "haiku"}
+    }
+    return models.get(profile, models["balanced"])
+
+def get_profile_description(profile):
+    """Get profile philosophy and use case."""
+    descriptions = {
+        "full-sail": ("Opus on everything that matters", "High-stakes work, client projects, production features"),
+        "quality": ("Opus for planning + review, Sonnet for implementation", "Most professional projects"),
+        "balanced": ("Sonnet across the board", "Day-to-day development (default)"),
+        "budget": ("Haiku where possible, Sonnet for gates", "Side projects, exploration, prototyping")
+    }
+    return descriptions.get(profile, ("", ""))
+
+def save_config(config):
+    """Save config to .shipkit/config.json."""
+    Path(".shipkit").mkdir(exist_ok=True)
+    config_file = Path(".shipkit/config.json")
+
+    with open(config_file, "w") as f:
+        json.dump(config, f, indent=2)
+
+    # Add to .gitignore
+    gitignore = Path(".gitignore")
+    if gitignore.exists():
+        content = gitignore.read_text()
+        if ".shipkit/config.json" not in content:
+            with open(gitignore, "a") as f:
+                f.write("\n.shipkit/config.json\n")
+    else:
+        gitignore.write_text(".shipkit/config.json\n")
+
+def main():
+    # Get profile argument
+    profile = None
+    if len(sys.argv) > 1:
+        profile = sys.argv[1].lower()
+
+    # Validate profile
+    if profile and profile not in VALID_PROFILES:
+        print(f"❌ Invalid profile: `{profile}`")
+        print(f"\nValid profiles: {' · '.join(VALID_PROFILES)}")
+        sys.exit(1)
+
+    # If no profile provided, show options
+    if not profile:
+        print("## Available Profiles\n")
+        print("| Profile | Philosophy | Best for |")
+        print("|---------|-----------|---------|")
+        for p in VALID_PROFILES:
+            philosophy, use_case = get_profile_description(p)
+            default = " *(default)*" if p == "balanced" else ""
+            print(f"| `{p}` | {philosophy}{default} | {use_case} |")
+        print("\nUsage: `/sk:set-profile <profile>`")
+        sys.exit(0)
+
+    # Read current config
+    config = get_config()
+    old_profile = config['profile']
+
+    # Update profile
+    config['profile'] = profile
+    save_config(config)
+
+    # Confirm and display new assignments
+    models = get_models_for_profile(profile)
+    print(f"\n✅ Profile set to: `{profile}` (was `{old_profile}`)\n")
+    print("## Model assignments for this project:\n")
+    print(f"  brainstorm, write-plan, debug, execute-plan, review → `{models['planning']}`")
+    print(f"  write-tests, frontend-design, api-design, security-check → `{models['implementation']}`")
+    print(f"  perf, schema-migrate, accessibility → `{models['audits']}`")
+    print(f"  lint, test → `{models['gates']}`")
+    print(f"  smart-commit, branch, update-task → `haiku`\n")
+    print("Run `/sk:config` to see all settings or make further changes.")
+
+if __name__ == "__main__":
+    main()

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kennethsolomon/shipkit",
-  "version": "3.0.3",
+  "version": "3.0.6",
   "description": "A structured workflow toolkit for Claude Code.",
   "keywords": [
     "claude",

package/skills/sk:test/SKILL.md

@@ -72,7 +72,7 @@ npm install -D vitest @testing-library/react @testing-library/jest-dom @testing-
 
 Create `vitest.config.ts`:
 ```ts
-import { defineConfig } from 'vitest/sk:config';
+import { defineConfig } from 'vitest/config';
 import react from '@vitejs/plugin-react';
 
 export default defineConfig({