@kennethsolomon/shipkit 3.0.7 → 3.1.0

package/README.md

@@ -62,7 +62,7 @@ npm install -g @kennethsolomon/shipkit && shipkit
 
 ShipKit installs slash commands and skills into `~/.claude/`. Each command is a focused instruction set that Claude follows — no magic, just structured prompts that enforce quality gates.
 
-The workflow is linear: **Brainstorm → Plan → Branch → Test → Implement → Lint → Security → Review → Ship.**
+The workflow is linear: **Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features**
 
 Every gate must pass before the next step. If lint fails, fix it. If tests don't cover new code, write them. Security issues block the PR. This isn't optional — it's the whole point.
 
@@ -76,7 +76,7 @@ Every gate must pass before the next step. If lint fails, fix it. If tests don't
 
 ```
 Brainstorm → Plan → Branch → [Schema] → Write Tests → Implement → Commit
-  → Lint ✓ → Test ✓ → Security ✓ → Review ✓ → Update Task → Finish
+  → Lint ✓ → Test ✓ → Security ✓ → Review ✓ → E2E ✓ → Update Task → Finish → Sync Features
 ```
 
 | # | Command | Purpose |
@@ -84,26 +84,32 @@ Brainstorm → Plan → Branch → [Schema] → Write Tests → Implement → Co
 | 1 | read `tasks/todo.md` | Pick the next task |
 | 2 | read `tasks/lessons.md` | Review past corrections |
 | 3 | `/sk:brainstorm` | Clarify requirements — no code |
-| 4 | `/sk:frontend-design` | UI design spec *(skip if backend-only)*. Add `--pencil` to also generate a Pencil visual mockup |
-| 5 | `/sk:api-design` | API contracts *(skip if no new endpoints)* |
-| 6 | `/sk:accessibility` | WCAG 2.1 AA audit on design *(skip if no frontend)* |
-| 7 | `/sk:write-plan` | Write plan to `tasks/todo.md` |
-| 8 | `/sk:branch` | Create branch from current task |
-| 9 | `/sk:schema-migrate` | Schema change analysis *(skip if no DB changes)* |
-| 10 | `/sk:write-tests` | TDD red: write failing tests first |
-| 11 | `/sk:execute-plan` | TDD green: make tests pass |
-| 12 | `/sk:smart-commit` | Conventional commit |
-| 13 | **`/sk:lint`** | **GATE** — all linters must pass |
-| 14 | `/sk:smart-commit` | Auto-skip if already clean |
-| 15 | **`/sk:test`** | **GATE** — 100% coverage on new code |
-| 16 | `/sk:smart-commit` | Auto-skip if already clean |
-| 17 | **`/sk:security-check`** | **GATE** — 0 issues |
-| 18 | `/sk:smart-commit` | Auto-skip if already clean |
-| 19 | **`/sk:review`** | **GATE** — 0 issues including nitpicks |
-| 20 | `/sk:smart-commit` | Auto-skip if already clean |
-| 21 | `/sk:update-task` | Mark done, log completion |
-| 22 | `/sk:finish-feature` | Changelog + PR |
-| 23 | `/sk:release` | Version bump + tag *(optional)* |
+| 4 | `/sk:frontend-design` or `/sk:api-design` | Design spec *(skip if not needed)*. Frontend: add `--pencil` for Pencil visual mockup. API: REST/GraphQL contracts. |
+| 5 | `/sk:accessibility` | WCAG 2.1 AA audit on design *(skip if no frontend)* |
+| 6 | `/sk:write-plan` | Write plan to `tasks/todo.md` |
+| 7 | `/sk:branch` | Create branch from current task |
+| 8 | `/sk:schema-migrate` | Schema change analysis *(skip if no DB changes)* |
+| 9 | `/sk:write-tests` | TDD red: write failing tests first |
+| 10 | `/sk:execute-plan` | TDD green: make tests pass |
+| 11 | `/sk:smart-commit` | Conventional commit |
+| 12 | **`/sk:lint`** | **GATE** — Lint + Dep Audit — all linters must pass |
+| 13 | `/sk:smart-commit` | Auto-skip if already clean |
+| 14 | **`/sk:test`** | **GATE** — 100% coverage on new code |
+| 15 | `/sk:smart-commit` | Auto-skip if already clean |
+| 16 | **`/sk:security-check`** | **GATE** — 0 issues |
+| 17 | `/sk:smart-commit` | Auto-skip if already clean |
+| 18 | **`/sk:perf`** | **GATE** *(optional)* — critical/high findings = 0 |
+| 19 | `/sk:smart-commit` | Auto-skip if already clean |
+| 20 | **`/sk:review`** | **GATE** — Review + Simplify — 0 issues including nitpicks |
+| 21 | `/sk:smart-commit` | Auto-skip if already clean |
+| 22 | **`/sk:e2e`** | **GATE** — E2E Tests — all end-to-end tests must pass |
+| 23 | `/sk:smart-commit` | Auto-skip if already clean |
+| 24 | `/sk:update-task` | Mark done, log completion |
+| 25 | `/sk:finish-feature` | Changelog + PR |
+| 26 | `/sk:features` | Sync Features — update docs/features/ specs *(required)* |
+| 27 | `/sk:release` | Version bump + tag *(optional)* |
+
+> **Fix & Retest Protocol:** All code-producing gates (Lint, Test, Security, Performance, Review, E2E) apply the Fix & Retest Protocol: logic changes require updating unit tests before committing the fix. Fix immediately, then re-run — never ask the user to re-run.
 
 ### Bug Fix Flow
 
@@ -118,8 +124,8 @@ Debug → Plan → Branch → Write Tests → Implement → Lint ✓ → Test
 | 3 | `/sk:branch` | Create branch |
 | 4 | `/sk:write-tests` | Reproduce the bug in a test |
 | 5 | `/sk:execute-plan` | Fix — make the test pass |
-| 6–9 | lint → test → security → review | Quality gates |
-| 10 | `/sk:finish-feature` | Changelog + PR |
+| 6–10 | `/sk:lint` → `/sk:test` → `/sk:security-check` → `/sk:review` → `/sk:e2e` | Quality gates |
+| 11 | `/sk:finish-feature` | Changelog + PR |
 
 ### Hotfix Flow
 

package/commands/sk/security-check.md

@@ -171,6 +171,20 @@ If there are Critical or High findings:
 
 **Do not auto-fix.** The user decides what to address.
 
+### Fix & Retest Protocol
+
+When applying a fix, classify it before committing:
+
+**a. Config/hardening change** (adding security header, fixing CORS config, adding rate limit, sanitizing output without changing logic) → commit and re-run `/sk:security-check`. No test update needed.
+
+**b. Logic change** (new input validation branch, modified query parameterization, changed auth check, refactored data handling) → trigger protocol:
+1. Update or add failing unit tests for the new secure behavior
+2. Re-run `/sk:test` — must pass at 100% coverage
+3. Commit (tests + fix together in one commit)
+4. Re-run `/sk:security-check` from scratch
+
+**Why:** Security fixes often change logic (e.g., adding parameterized queries, sanitizing inputs). Tests must cover the new secure behavior, not just the old vulnerable path.
+
 ---
 
 ## Model Routing

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kennethsolomon/shipkit",
-  "version": "3.0.7",
+  "version": "3.1.0",
   "description": "A structured workflow toolkit for Claude Code.",
   "keywords": [
     "claude",

package/skills/sk:e2e/SKILL.md

@@ -0,0 +1,147 @@
+---
+name: sk:e2e
+description: "Run E2E behavioral verification using agent-browser as the final quality gate before finalize. Tests the complete, reviewed, secure implementation from a user's perspective."
+---
+
+# /sk:e2e
+
+E2E behavioral verification — the final quality gate before `/sk:finish-feature`. Runs after Review to verify the complete, reviewed, secure implementation works end-to-end from a user's perspective.
+
+**Hard gate:** all scenarios must pass. Zero failures allowed.
+
+## Allowed Tools
+
+Bash, Read, Glob, Grep
+
+## Steps
+
+### 1. Read Context
+
+Read these files to understand what to test:
+- `tasks/todo.md` — planned features and acceptance criteria
+- `tasks/findings.md` — design decisions and expected behaviors
+- `tasks/progress.md` — implementation notes
+
+### 2. Check agent-browser is Available
+
+```bash
+agent-browser --version
+```
+
+If not found, instruct the user:
+```
+agent-browser is required. Install it:
+  npm install -g agent-browser
+  agent-browser install   # downloads Chrome (~100MB)
+Then re-run /sk:e2e.
+```
+Stop if not available.
+
+### 3. Detect Local Server
+
+Determine what URL to test against:
+- Check for a dev server command in `package.json` scripts (`dev`, `start`)
+- Check for `artisan serve` in Laravel projects (`php artisan serve`)
+- Check for `vite` or `next dev`
+- If a server is already running (check common ports: 3000, 5173, 8000, 8080), use it
+- If no server is running, start one in the background and note the URL
+
+### 4. Locate E2E Test Files
+
+Find E2E test scenarios written during the Write Tests step:
+```bash
+find . -name "*.e2e.*" -o -name "*.spec.*" | grep -v node_modules
+ls tests/e2e/ 2>/dev/null
+```
+
+If no E2E test files exist, derive scenarios from `tasks/todo.md` acceptance criteria and `tasks/findings.md`.
+
+### 5. Run E2E Scenarios
+
+For each scenario, use agent-browser following this core pattern:
+
+```bash
+# Navigate to the page
+agent-browser open <url>
+
+# Get interactive elements (token-efficient ref-based snapshot)
+agent-browser snapshot -i
+
+# Interact using @refs (never CSS selectors)
+agent-browser click @e1
+agent-browser fill @e2 "input value"
+agent-browser press Enter
+
+# Use semantic locators when @refs aren't stable
+agent-browser find role button
+agent-browser find text "Expected Text"
+agent-browser find label "Email"
+
+# Assert expected state
+agent-browser snapshot   # check content
+agent-browser find text "Success Message"
+```
+
+**Ref-based interaction is required.** Never use CSS selectors (`#id`, `.class`) — use semantic locators (`find role`, `find text`, `find label`, `find placeholder`) for stability.
+
+For each scenario, record:
+- Scenario name
+- Steps executed
+- Result: PASS or FAIL
+- On FAIL: what was expected vs. what was found (include snapshot excerpt)
+
+### 6. Report Results
+
+```
+E2E Results:
+  PASS  [scenario name]
+  PASS  [scenario name]
+  FAIL  [scenario name] — expected "X" but found "Y"
+
+Total: X passed, Y failed
+```
+
+If all pass → proceed to Fix & Retest Protocol section (no action needed).
+If any fail → apply Fix & Retest Protocol.
+
+## Fix & Retest Protocol
+
+When this gate requires a fix, classify it before committing:
+
+**a. Style/config/wording change** (CSS tweak, copy change, selector fix) → commit and re-run `/sk:e2e` (no unit test update needed)
+
+**b. Logic change** (new branch, modified condition, new data path, query change, new function, API change) → trigger protocol:
+1. Update or add failing unit tests for the new behavior
+2. Re-run `/sk:test` — must pass at 100% coverage
+3. Commit (tests + fix together in one commit)
+4. Re-run `/sk:e2e` from scratch
+
+**Exception:** Formatter auto-fixes are never logic changes — bypass protocol automatically.
+
+**This gate cannot be skipped.** All scenarios must pass before proceeding to `/sk:update-task`.
+
+## Next Steps
+
+If all scenarios pass:
+> "E2E gate clean. Run `/sk:update-task` to mark the task done."
+
+If failures remain after fixes:
+> "Re-running /sk:e2e — [N] scenarios still failing."
+
+---
+
+## Model Routing
+
+Read `.shipkit/config.json` from the project root if it exists.
+
+- If `model_overrides["sk:e2e"]` is set, use that model — it takes precedence.
+- Otherwise use the `profile` field. Default: `balanced`.
+
+| Profile | Model |
+|---------|-------|
+| `full-sail` | opus (inherit) |
+| `quality` | sonnet |
+| `balanced` | sonnet |
+| `budget` | haiku |
+
+> `opus` = inherit (uses the current session model). When spawning sub-agents via the Agent tool, pass `model: "<resolved-model>"`.

package/skills/sk:lint/SKILL.md

@@ -66,15 +66,38 @@ Agent 2: "Run vendor/bin/rector --dry-run. Report all suggested changes with fil
 Agent 3: "Run npx eslint . Report all errors with file:line."
 ```
 
-### 5. Fix and Re-run
+### 5. Run Dependency Audit
 
-If any analyzer reports errors:
+Run dependency vulnerability checks for detected stacks:
+
+| Stack | Command | Block on |
+|-------|---------|----------|
+| PHP (composer.json) | `composer audit` | any severity with fix available (`composer audit` has no severity filter) |
+| Node (package.json) | `npm audit --audit-level=high` | high or critical |
+| Node (yarn.lock) | `yarn audit --level high` | high or critical |
+| Node (pnpm-lock.yaml) | `pnpm audit --audit-level high` | high or critical |
+| Python (pyproject.toml / requirements.txt) | `pip-audit` | high or critical |
+
+For each detected package manager, run the audit command and capture output.
+
+**Block (fail this gate):**
+- PHP: any vulnerability that has a fix available (`composer audit` exits non-zero for all severities — no filtering option exists)
+- Node/Python: critical or high severity vulnerabilities that have a fix available
+
+**Warn (pass with note):** medium/low severity for Node/Python, or any severity with no available fix — note in report but do not block.
+
+Skip stacks not present in the project.
+
+### 6. Fix and Re-run
+
+If any analyzer reports errors or the dep audit blocks:
 1. Fix all reported issues
 2. Re-run formatters (fixes may need formatting)
 3. Re-launch all analyzers in parallel
-4. Loop until every tool exits clean
+4. Re-run dep audit if any dependency was fixed
+5. Loop until every tool exits clean
 
-### 6. Report Results
+### 7. Report Results
 
 Print one line per tool:
 
@@ -90,12 +113,34 @@ ESLint:        X errors fixed / clean
 ruff check:    X issues fixed / clean
 golangci-lint: X issues fixed / clean
 cargo clippy:  X warnings fixed / clean
+composer audit: clean / X vulns blocked
+npm audit:     clean / X vulns blocked
 ```
 
 Only include lines for detected tools. All must show "clean" before this skill passes.
 
 ---
 
+## Fix & Retest Protocol
+
+When this gate requires a fix, classify it before committing:
+
+**a. Formatter auto-fix** (Pint, Prettier, gofmt, cargo fmt changed whitespace/style) → commit and re-run `/sk:lint`. Never a logic change — bypass protocol.
+
+**b. Analyzer fix** (PHPStan type error, Rector suggestion, ESLint error, ruff violation) → classify each fix:
+  - Type annotation, import order, unused var, style rule → **style fix** → commit and re-run
+  - New guard clause, changed condition, extracted function, modified data flow → **logic change** → trigger protocol:
+    1. Update or add failing unit tests for the new behavior
+    2. Re-run `/sk:test` — must pass at 100% coverage
+    3. Commit (tests + fix together in one commit)
+    4. Re-run `/sk:lint` from scratch
+
+**c. Dependency vulnerability fix** (composer audit / npm audit finding) → classify:
+  - Version bump with no API change → **style fix** → commit and re-run
+  - Version bump with API/behavior change → **logic change** → trigger protocol
+
+---
+
 ## Model Routing
 
 Read `.shipkit/config.json` from the project root if it exists.

package/skills/sk:perf/SKILL.md

@@ -171,6 +171,27 @@ If there are no critical or high findings:
 
 ---
 
+## Fix & Retest Protocol
+
+When applying a performance fix, classify it before committing:
+
+**a. Config/infrastructure change** (adding cache headers, enabling compression, changing CDN config, adjusting connection pool size) → commit and re-run `/sk:perf`. No test update needed.
+
+**b. Logic change** (fixing N+1 query by changing data-fetching logic, refactoring algorithm, modifying data structure, changing pagination logic) → trigger protocol:
+1. Update or add failing unit tests for the new optimized behavior
+2. Re-run `/sk:test` — must pass at 100% coverage
+3. Commit (tests + fix together in one commit)
+4. Re-run `/sk:perf` to verify the fix resolved the finding
+
+**Common logic-change performance fixes:**
+- N+1 fix: changes how related data is fetched → update tests that assert on query count or data shape
+- Algorithm change: O(n²) → O(n log n) → update tests that assert on output correctness
+- Pagination: adding LIMIT/offset → update tests that assert on result set size
+
+**Why:** Performance fixes often change how data is fetched or processed. Tests must verify the optimized path produces correct results.
+
+---
+
 ## Model Routing
 
 Read `.shipkit/config.json` from the project root if it exists.

package/skills/sk:review/SKILL.md

@@ -15,14 +15,31 @@ This is a **report-only** step. If Critical or Warning issues are found, the use
 
 ## Allowed Tools
 
-Bash, Read, Glob, Grep
+Bash, Read, Glob, Grep, Skill
 
-**Intentionally NO Write or Edit** — this skill is report-only. If issues are found, the user decides what to fix.
+**Step 0 only:** the `simplify` skill is invoked via the Skill tool, which carries its own Write/Edit permissions. All other steps are read-only — no direct Write or Edit calls. If issues are found in the main review, the user decides what to fix.
 
 ## Steps
 
 You MUST complete these steps in order:
 
+### 0. Run Simplify First
+
+Before reviewing, invoke the built-in `simplify` skill on the changed files to catch reuse, quality, and efficiency issues automatically:
+
+> "Review the changed files on this branch for reuse, quality, and efficiency. Fix any issues found."
+
+Use `git diff main..HEAD --name-only` to identify the changed files, then run simplify on them.
+
+If simplify makes any changes:
+1. Verify the changes are correct
+2. Commit them with `/sk:smart-commit` before continuing the review
+3. Note in the review report: "Simplify pre-pass: X files updated"
+
+If simplify makes no changes, proceed directly to step 1.
+
+**Note:** Simplify runs automatically as part of `/sk:review` — users do not need to run it separately.
+
 ### 1. Read Project Context
 
 ```
@@ -327,6 +344,20 @@ If the user wants to fix nitpicks, loop back to `/sk:debug` + `/sk:smart-commit`
 If the review is **completely clean**:
 > "Review complete — no issues found. Run `/sk:finish-feature` to finalize the branch and create a PR."
 
+### Fix & Retest Protocol
+
+When applying a fix from this review, classify it before committing:
+
+**a. Style/naming/comment change** (rename variable, add doc comment, reorder imports, extract constant) → commit and re-run `/sk:review`. No test update needed.
+
+**b. Logic change** (fix incorrect condition, add missing null check, change data flow, refactor algorithm, fix async bug) → trigger protocol:
+1. Update or add failing unit tests for the corrected behavior
+2. Re-run `/sk:test` — must pass at 100% coverage
+3. Commit (tests + fix together in one commit)
+4. Re-run `/sk:review` from scratch
+
+**Why:** Review catches logic bugs. Fixing a logic bug without updating tests leaves the test suite asserting on the old (wrong) behavior.
+
 ---
 
 ## Model Routing

package/skills/sk:setup-claude/templates/CLAUDE.md.template

@@ -34,7 +34,7 @@
 ## Workflow — Follow This Order
 <!-- LOCK -->
 
-**Flow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finish
+**Flow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 
 Progress is tracked in `tasks/workflow-status.md`. This file persists across conversations.
 
@@ -42,55 +42,61 @@ Progress is tracked in `tasks/workflow-status.md`. This file persists across con
 |---|------|---------|------|-------|
 | 1 | Read Todo | read `tasks/todo.md` | required | no |
 | 2 | Read Lessons | read `tasks/lessons.md` | required | no |
-| 3 | Explore | `/brainstorm` | required | no |
-| 4 | Design | `/frontend-design` or `/api-design` | optional (confirm to skip) | no |
-| 5 | Accessibility | `/accessibility` | optional (confirm to skip) | no |
-| 6 | Plan | `/write-plan` | required | no |
-| 7 | Branch | `/branch` | required | no |
-| 8 | Migrate | `/schema-migrate` | optional (confirm to skip) | no |
-| 9 | Write Tests | `/write-tests` | required | no |
-| 10 | Implement | `/execute-plan` | required | no |
-| 11 | Commit | `/smart-commit` | required | no |
-| 12 | Lint | `/lint` | required | yes — must be clean |
-| 13 | Commit | `/smart-commit` | conditional (skip if lint was clean) | no |
-| 14 | Verify Tests | `/test` | required | yes — 100% coverage required |
-| 15 | Commit | `/smart-commit` | conditional (skip if tests passed clean) | no |
-| 16 | Security | `/security-check` | required | yes — must reach 0 issues |
-| 17 | Commit | `/smart-commit` | conditional (skip if security was clean) | no |
-| 18 | Performance | `/perf` | optional (confirm to skip) | yes — loop until critical/high = 0 |
-| 19 | Commit | `/smart-commit` | conditional (skip if perf was clean) | no |
-| 20 | Review | `/review` | required | yes — must reach 0 issues |
-| 21 | Commit | `/smart-commit` | conditional (skip if review was clean) | no |
-| 22 | Update | `/update-task` | required | no |
-| 23 | Finalize | `/finish-feature` | required | no |
-| 24 | Release | `/release` | optional (confirm to skip) | no |
+| 3 | Explore | `/sk:brainstorm` | required | no |
+| 4 | Design | `/sk:frontend-design` or `/sk:api-design` | optional (confirm to skip) | no |
+| 5 | Accessibility | `/sk:accessibility` | optional (confirm to skip) | no |
+| 6 | Plan | `/sk:write-plan` | required | no |
+| 7 | Branch | `/sk:branch` | required | no |
+| 8 | Migrate | `/sk:schema-migrate` | optional (confirm to skip) | no |
+| 9 | Write Tests | `/sk:write-tests` | required | no |
+| 10 | Implement | `/sk:execute-plan` | required | no |
+| 11 | Commit | `/sk:smart-commit` | required | no |
+| 12 | Lint + Dep Audit | `/sk:lint` | required | yes — must be clean |
+| 13 | Commit | `/sk:smart-commit` | conditional (skip if lint was clean) | no |
+| 14 | Verify Tests | `/sk:test` | required | yes — 100% coverage required |
+| 15 | Commit | `/sk:smart-commit` | conditional (skip if tests passed clean) | no |
+| 16 | Security | `/sk:security-check` | required | yes — must reach 0 issues |
+| 17 | Commit | `/sk:smart-commit` | conditional (skip if security was clean) | no |
+| 18 | Performance | `/sk:perf` | optional (confirm to skip) | yes — loop until critical/high = 0 |
+| 19 | Commit | `/sk:smart-commit` | conditional (skip if perf was clean) | no |
+| 20 | Review + Simplify | `/sk:review` | required | yes — must reach 0 issues |
+| 21 | Commit | `/sk:smart-commit` | conditional (skip if review was clean) | no |
+| 22 | E2E Tests | `/sk:e2e` | required | yes — all scenarios must pass |
+| 23 | Commit | `/sk:smart-commit` | conditional (skip if E2E was clean) | no |
+| 24 | Update | `/sk:update-task` | required | no |
+| 25 | Finalize | `/sk:finish-feature` | required | no |
+| 26 | Sync Features | `/sk:features` | required | no |
+| 27 | Release | `/sk:release` | optional (confirm to skip) | no |
 
 ### Step Details
 
 1.  **Read** `tasks/todo.md` — pick the next incomplete task
 2.  **Read** `tasks/lessons.md` — review past corrections before writing code
-3.  **Explore** — run `/brainstorm` to clarify requirements, constraints, and approach. No code in this step.
-4.  **Design** — run `/frontend-design` for UI mockup or `/api-design` for API contracts. No code — design only. Skip if pure backend with no UI and no new API. After the design summary, the skill asks if you want a Pencil visual mockup — answer `y` only if you have the Pencil app open and Pencil MCP connected. Use `/frontend-design --pencil` to jump directly to the Pencil phase.
-5.  **Accessibility** — run `/accessibility` to audit the design spec for WCAG 2.1 AA compliance. Produces `tasks/accessibility-findings.md`. Skip if backend-only with no frontend.
-6.  **Plan** — run `/write-plan` to write a decision-complete plan into `tasks/todo.md` using brainstorm + design outputs. No code in this step.
-7.  **Branch** — run `/branch` to create a feature branch auto-named from the current task.
-8.  **Migrate** — run `/schema-migrate` for database changes. Skip if no schema changes needed.
-9.  **Write Tests** — run `/write-tests` (TDD red phase). Write failing tests for all planned code. If modifying existing behavior, update existing tests first. Tests SHOULD fail — no implementation yet.
-10. **Implement** — run `/execute-plan` to execute `tasks/todo.md` checkboxes in small batches, making the failing tests pass (TDD green phase). Log progress to `tasks/progress.md`.
-11. **Commit** — run `/smart-commit` to commit tests + implementation
-12. **Lint** — run `/lint` — auto-detects and runs all project linters. Fix all issues immediately, then re-run until clean. Do not ask to re-run — fix and re-run automatically.
-13. **Commit** — run `/smart-commit` if lint required fixes. Auto-skip if lint was clean.
-14. **Verify Tests** — run `/test` — auto-detects and runs all project test suites. **100% test coverage required.** Fix failures immediately, then re-run. Do not ask to re-run — fix and re-run automatically.
-15. **Commit** — run `/smart-commit` if test fixes were needed. Auto-skip if tests passed first try.
-16. **Security** — run `/security-check`. Must reach 0 issues across all severities. Fix issues immediately, commit, then re-run. Loop until clean.
-17. **Commit** — run `/smart-commit` if security required fixes. Auto-skip if clean.
-18. **Performance** — run `/perf` to audit for performance issues. Produces `tasks/perf-findings.md`. Fix critical/high findings, commit, then re-run. Loop until critical/high = 0. Skip if confirmed with user.
-19. **Commit** — run `/smart-commit` if perf required fixes. Auto-skip if clean.
-20. **Review** — run `/review`. Must reach 0 issues including nitpicks. Fix issues immediately, commit, then re-run. Loop until clean.
-21. **Commit** — run `/smart-commit` if review required fixes. Auto-skip if clean.
-22. **Update** — run `/update-task` to mark the task done in `tasks/todo.md` and log completion to `tasks/progress.md`.
-23. **Finalize** — run `/finish-feature` for changelog + PR
-24. **Release** — run `/release` if deploying. Skip if not ready.
+3.  **Explore** — run `/sk:brainstorm` to clarify requirements, constraints, and approach. No code in this step.
+4.  **Design** — run `/sk:frontend-design` for UI mockup or `/sk:api-design` for API contracts. No code — design only. Skip if pure backend with no UI and no new API. After the design summary, the skill asks if you want a Pencil visual mockup — answer `y` only if you have the Pencil app open and Pencil MCP connected. Use `/sk:frontend-design --pencil` to jump directly to the Pencil phase.
+5.  **Accessibility** — run `/sk:accessibility` to audit the design spec for WCAG 2.1 AA compliance. Produces `tasks/accessibility-findings.md`. Skip if backend-only with no frontend.
+6.  **Plan** — run `/sk:write-plan` to write a decision-complete plan into `tasks/todo.md` using brainstorm + design outputs. No code in this step.
+7.  **Branch** — run `/sk:branch` to create a feature branch auto-named from the current task.
+8.  **Migrate** — run `/sk:schema-migrate` for database changes. Skip if no schema changes needed.
+9.  **Write Tests** — run `/sk:write-tests` (TDD red phase). Write failing tests for all planned code. If modifying existing behavior, update existing tests first. Tests SHOULD fail — no implementation yet.
+10. **Implement** — run `/sk:execute-plan` to execute `tasks/todo.md` checkboxes in small batches, making the failing tests pass (TDD green phase). Log progress to `tasks/progress.md`.
+11. **Commit** — run `/sk:smart-commit` to commit tests + implementation
+12. **Lint + Dep Audit** — run `/sk:lint` — auto-detects and runs all project linters plus dependency vulnerability audits. Fix all issues immediately, then re-run until clean. Do not ask to re-run — fix and re-run automatically.
+13. **Commit** — run `/sk:smart-commit` if lint required fixes. Auto-skip if lint was clean.
+14. **Verify Tests** — run `/sk:test` — auto-detects and runs all project test suites. **100% test coverage required.** Fix failures immediately, then re-run. Do not ask to re-run — fix and re-run automatically.
+15. **Commit** — run `/sk:smart-commit` if test fixes were needed. Auto-skip if tests passed first try.
+16. **Security** — run `/sk:security-check`. Must reach 0 issues across all severities. Fix issues immediately, commit, then re-run. Loop until clean.
+17. **Commit** — run `/sk:smart-commit` if security required fixes. Auto-skip if clean.
+18. **Performance** — run `/sk:perf` to audit for performance issues. Produces `tasks/perf-findings.md`. Fix critical/high findings, commit, then re-run. Loop until critical/high = 0. Skip if confirmed with user.
+19. **Commit** — run `/sk:smart-commit` if perf required fixes. Auto-skip if clean.
+20. **Review + Simplify** — run `/sk:review`. First runs a simplify pre-pass on changed files, then performs full multi-dimensional review. Must reach 0 issues including nitpicks. Fix issues immediately, commit, then re-run. Loop until clean.
+21. **Commit** — run `/sk:smart-commit` if review required fixes. Auto-skip if clean.
+22. **E2E Tests** — run `/sk:e2e`. Verifies the complete, reviewed, secure implementation works end-to-end from a user's perspective using agent-browser. All scenarios must pass. Cannot be skipped.
+23. **Commit** — run `/sk:smart-commit` if E2E required fixes. Auto-skip if E2E was clean.
+24. **Update** — run `/sk:update-task` to mark the task done in `tasks/todo.md` and log completion to `tasks/progress.md`.
+25. **Finalize** — run `/sk:finish-feature` for changelog + PR
+26. **Sync Features** — run `/sk:features` to sync `docs/sk:features/` specs with what was actually shipped.
+27. **Release** — run `/sk:release` if deploying. Skip if not ready.
 
 ### Workflow Tracker Rules
 
@@ -103,21 +109,22 @@ Progress is tracked in `tasks/workflow-status.md`. This file persists across con
    - Add relevant Notes (e.g., "clean on attempt 2", "backend-only, no UI")
    - Move `>> next <<` to the next pending step
 
-3. **Optional steps** (4, 5, 7, 18, 24): Ask the user "Skip [step]?" and require explicit confirmation. Record the reason in Notes.
+3. **Optional steps** (4, 5, 8, 18, 27): Ask the user "Skip [step]?" and require explicit confirmation. Record the reason in Notes.
 
-4. **Conditional commits** (13, 15, 17, 19, 21): Auto-skip if no changes were made. Record reason (e.g., "lint was clean", "tests passed first try").
+4. **Conditional commits** (13, 15, 17, 19, 21, 23): Auto-skip if no changes were made. Record reason (e.g., "lint was clean", "tests passed first try").
 
-5. **Loop steps are HARD GATES** (12, 14, 16, 20): These steps BLOCK all forward progress until they pass clean. Fix issues immediately and re-run. Do NOT ask the user to re-run — fix and re-run automatically. Track attempt number in Notes (e.g., "clean on attempt 3").
+5. **Loop steps are HARD GATES** (12, 14, 16, 20, 22): These steps BLOCK all forward progress until they pass clean. Fix issues immediately and re-run. Do NOT ask the user to re-run — fix and re-run automatically. Track attempt number in Notes (e.g., "clean on attempt 3").
    - **Step 12 (Lint)**: All detected linting tools must pass — every single one.
    - **Step 14 (Verify Tests)**: All detected test suites (BE + FE) must pass with 100% coverage on new code.
    - **Step 16 (Security)**: 0 issues across all severities.
    - **Step 20 (Review)**: 0 issues including nitpicks.
+   - **Step 22 (E2E Tests)**: All scenarios must pass. 0 failures allowed.
    - **Step 18 (Performance)**: Optional gate — if run, loop until critical/high findings = 0. Can be skipped with explicit confirmation.
    - **DO NOT mark these steps as `done` until every check passes.** If even one tool fails, the step is NOT done. Never proceed to the next step with errors remaining.
 
-6. **Never skip steps without confirmation.** Steps cannot run out of order. Hard gate steps (12, 14, 16, 20) can NEVER be skipped. Optional gate step (18) requires explicit confirmation to skip.
+6. **Never skip steps without confirmation.** Steps cannot run out of order. Hard gate steps (12, 14, 16, 20, 22) can NEVER be skipped. Optional gate step (18) requires explicit confirmation to skip.
 
-7. **Requirements change mid-workflow?** Stop the current step and run `/change` immediately. It will classify the scope (behavior tweak / new requirements / scope shift) and tell you exactly where to re-enter the workflow. Never continue implementing stale requirements.
+7. **Requirements change mid-workflow?** Stop the current step and run `/sk:change` immediately. It will classify the scope (behavior tweak / new requirements / scope shift) and tell you exactly where to re-enter the workflow. Never continue implementing stale requirements.
 
 7. **Never auto-advance.** When one step completes, stop and tell the user which step is next. Do not proceed automatically.
 
@@ -133,6 +140,22 @@ Next step: [#] [Name] — run `[command]`
 
 This tells the user exactly what happened and what to do next. Never finish a step silently.
 
+### Fix & Retest Protocol
+
+**Applies to steps 12, 14, 16, 18, 20, 22 — any step that can produce code changes.**
+
+When any of these steps require a fix, classify the fix before committing:
+
+**a. Format/style/config/wording change** → commit and re-run the gate. No test update needed.
+
+**b. Logic change** (new branch, modified condition, new data path, query change, new function, changed algorithm, API change) → trigger protocol:
+1. Update or add failing unit tests for the new behavior
+2. Re-run `/sk:test` — must pass at 100% coverage
+3. Commit (tests + fix together in one commit)
+4. Re-run the current gate from scratch
+
+**Exception:** Lint formatter auto-fixes (Prettier, Pint, gofmt, cargo fmt) are never logic changes — bypass protocol automatically.
+
 ### Tracker Reset
 
 - When starting a new task, check if `tasks/workflow-status.md` has any `done` or `skipped` steps. If yes, ask: "Existing workflow detected. Start fresh and reset tracker?"
@@ -140,52 +163,65 @@ This tells the user exactly what happened and what to do next. Never finish a st
 
 ### Bug Fix Flow
 
-When fixing a bug (not building a feature), use `/debug` as the entry point. This sets up a shorter workflow:
+When fixing a bug (not building a feature), use `/sk:debug` as the entry point. This sets up a shorter workflow:
 
 | # | Step | Command |
 |---|------|---------|
-| 1 | Debug | `/debug` |
-| 2 | Branch | `/branch` |
-| 3 | Write Tests | `/write-tests` (regression test) |
+| 1 | Debug | `/sk:debug` |
+| 2 | Branch | `/sk:branch` |
+| 3 | Write Tests | `/sk:write-tests` (regression test) |
 | 4 | Fix | implement the fix |
-| 5 | Commit | `/smart-commit` |
-| 6 | Lint | `/lint` |
-| 7 | Commit | `/smart-commit` (skip if clean) |
-| 8 | Verify Tests | `/test` |
-| 9 | Commit | `/smart-commit` (skip if clean) |
-| 10 | Security | `/security-check` |
-| 11 | Commit | `/smart-commit` (skip if clean) |
-| 12 | Review | `/review` |
-| 13 | Commit | `/smart-commit` (skip if clean) |
-| 14 | Update | `/update-task` |
-| 15 | Finalize | `/finish-feature` |
-
-Start with `/debug` to investigate, then follow the abbreviated flow.
+| 5 | Commit | `/sk:smart-commit` |
+| 6 | Lint | `/sk:lint` |
+| 7 | Commit | `/sk:smart-commit` (skip if clean) |
+| 8 | Verify Tests | `/sk:test` |
+| 9 | Commit | `/sk:smart-commit` (skip if clean) |
+| 10 | Security | `/sk:security-check` |
+| 11 | Commit | `/sk:smart-commit` (skip if clean) |
+| 12 | Review | `/sk:review` |
+| 13 | Commit | `/sk:smart-commit` (skip if clean) |
+| 14 | Update | `/sk:update-task` |
+| 15 | Finalize | `/sk:finish-feature` |
+
+Start with `/sk:debug` to investigate, then follow the abbreviated flow.
 
 ### Hotfix Flow
 
-For production emergencies that need to ship immediately, use `/hotfix`. Skips brainstorm, design, and write-tests. Quality gates still apply.
+For production emergencies that need to ship immediately, use `/sk:hotfix`. Skips brainstorm, design, and write-tests. Quality gates still apply.
 
 | # | Step | Command |
 |---|------|---------|
-| 1 | Investigate | `/debug` |
-| 2 | Branch | `/branch` |
+| 1 | Investigate | `/sk:debug` |
+| 2 | Branch | `/sk:branch` |
 | 3 | Fix | implement directly |
 | 4 | Smoke Test | run existing tests |
-| 5 | Commit | `/smart-commit` |
-| 6 | Lint | `/lint` |
-| 7 | Commit | `/smart-commit` (skip if clean) |
-| 8 | Verify Tests | `/test` |
-| 9 | Commit | `/smart-commit` (skip if clean) |
-| 10 | Security | `/security-check` |
-| 11 | Commit | `/smart-commit` (skip if clean) |
-| 12 | Review | `/review` |
-| 13 | Commit | `/smart-commit` (skip if clean) |
-| 14 | Update | `/update-task` |
-| 15 | Finalize | `/finish-feature` |
+| 5 | Commit | `/sk:smart-commit` |
+| 6 | Lint | `/sk:lint` |
+| 7 | Commit | `/sk:smart-commit` (skip if clean) |
+| 8 | Verify Tests | `/sk:test` |
+| 9 | Commit | `/sk:smart-commit` (skip if clean) |
+| 10 | Security | `/sk:security-check` |
+| 11 | Commit | `/sk:smart-commit` (skip if clean) |
+| 12 | Review | `/sk:review` |
+| 13 | Commit | `/sk:smart-commit` (skip if clean) |
+| 14 | Update | `/sk:update-task` |
+| 15 | Finalize | `/sk:finish-feature` |
 
 After merging: add a regression test and a lessons.md entry.
 
+### Requirement Change Flow
+
+When requirements change mid-workflow, run `/sk:change` to avoid implementing the wrong behavior:
+
+| # | Step | Command |
+|---|------|---------|
+| 1 | Assess | `/sk:change` — classify scope (Tier 1/2/3) |
+| 2 | Tier 1 (test update only) | update tests → re-enter at step 9 |
+| 3 | Tier 2 (plan revision) | revise plan → re-enter at step 6 |
+| 4 | Tier 3 (re-brainstorm) | re-enter at step 3 |
+
+Never update tests or implementation based on a changed requirement without going through `/sk:change` first.
+
 ## Sub-Agent Patterns
 <!-- BEGIN:sub-agent-patterns -->
 
@@ -281,9 +317,9 @@ Tests are written **before** implementation (step 9) and verified **after** (ste
 
 ### TDD Flow
 
-1. `/write-tests` — write failing tests based on the plan (RED)
-2. `/execute-plan` — implement code to make tests pass (GREEN)
-3. `/test` — verify all tests pass with 100% coverage (VERIFY)
+1. `/sk:write-tests` — write failing tests based on the plan (RED)
+2. `/sk:execute-plan` — implement code to make tests pass (GREEN)
+3. `/sk:test` — verify all tests pass with 100% coverage (VERIFY)
 
 Every new function, endpoint, component, and module needs tests. No code proceeds past step 13 without 100% coverage on new code.
 
@@ -299,3 +335,32 @@ Never retry the same failing approach.
 ## Architectural Change Log
 
 Create entries in: `[ARCH_CHANGELOG_DIR]`
+
+## Commands
+
+| Command | Purpose |
+|---------|---------|
+| `/sk:brainstorm` | Explore requirements and design |
+| `/sk:frontend-design` | UI mockup before implementation. Prompts to create Pencil visual mockup |
+| `/sk:api-design` | Design API contracts (endpoints, payloads, auth, errors) before implementation |
+| `/sk:accessibility` | WCAG 2.1 AA audit — runs after design, before implementation |
+| `/sk:write-plan` | Write decision-complete plan into `tasks/todo.md` |
+| `/sk:branch` | Create feature branch auto-named from current task |
+| `/sk:write-tests` | TDD: Write failing tests before implementation |
+| `/sk:execute-plan` | Execute `tasks/todo.md` checkboxes in batches |
+| `/sk:smart-commit` | Conventional commit with approval |
+| `/sk:lint` | Auto-detect and run all project linters + dependency audits |
+| `/sk:test` | Auto-detect and run all project test suites |
+| `/sk:debug` | Investigate and debug issues (bug fix entry point) |
+| `/sk:security-check` | OWASP security audit on changed files |
+| `/sk:perf` | Performance audit — bundle, N+1, Core Web Vitals, memory |
+| `/sk:review` | Self-review with simplify pre-pass + multi-dimensional review |
+| `/sk:e2e` | E2E behavioral verification using agent-browser (final quality gate) |
+| `/sk:hotfix` | Emergency fix workflow — skip design/TDD, quality gates enforced |
+| `/sk:change` | Handle mid-workflow requirement changes — re-enter at correct step |
+| `/sk:update-task` | Mark task done and log completion |
+| `/sk:finish-feature` | Changelog + PR creation |
+| `/sk:features` | Sync feature specs with shipped implementation |
+| `/sk:release` | Version bump + changelog + tag |
+| `/sk:status` | Show workflow + task status |
+| `/sk:setup-optimizer` | Diagnose + update workflow + enrich CLAUDE.md |

package/skills/sk:setup-claude/templates/commands/brainstorm.md.template

@@ -6,14 +6,14 @@ description: "Start with design questions before writing code."
 
 # /brainstorm
 
-**Workflow:** Read → **Explore** → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finalize → Release
+**Workflow:** Read → **Explore** → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 
 Explore design and clarify requirements **before** any code is written.
 
 ## Hard Rules
 
 - **DO NOT write, edit, or generate any code.** No files, no snippets, no pseudo-implementations.
-- **DO NOT create a plan.** That is `/write-plan`'s job.
+- **DO NOT create a plan.** That is `/sk:write-plan`'s job.
 - **DO NOT run build/test/lint commands.** You are in design mode only.
 - You may **read** existing code to understand the current state, but nothing more.
 
@@ -65,10 +65,10 @@ Explore design and clarify requirements **before** any code is written.
 
 ## When Done
 
-1. Update `tasks/workflow-status.md`: set step 1 (`/brainstorm`) to `done`, move `>> next <<` to the next pending step.
+1. Update `tasks/workflow-status.md`: set step 1 (`/sk:brainstorm`) to `done`, move `>> next <<` to the next pending step.
 2. Print the full workflow status dashboard table.
 3. Tell the user:
    > "Brainstorming complete. Findings saved to `tasks/findings.md`."
-4. If step 2 (`/frontend-design`) is next, ask: "Step 2 is `/frontend-design` (optional). Run it or skip?"
+4. If step 2 (`/sk:frontend-design`) is next, ask: "Step 2 is `/sk:frontend-design` (optional). Run it or skip?"
 
 **Do not proceed to planning or implementation yourself.** The user must explicitly invoke the next step.

package/skills/sk:setup-claude/templates/commands/execute-plan.md.template

@@ -6,7 +6,7 @@ description: "Execute tasks/todo.md checkboxes in small batches; log to tasks/pr
 
 # /execute-plan
 
-**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → **Implement** → Lint → Verify Tests → Security → Performance → Review → Finalize → Release
+**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → **Implement** → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 
 Execute the plan in `tasks/todo.md` in small batches with clear checkpoints.
 
@@ -33,7 +33,7 @@ Execute the plan in `tasks/todo.md` in small batches with clear checkpoints.
    - verification results
    - what's next
    - After all items in this batch pass verification, the code is ready to stage.
-     Run `/commit` after any passed batch, or accumulate and commit at plan completion.
+     Run `/sk:smart-commit` after any passed batch, or accumulate and commit at plan completion.
      Never combine more than one logical unit of work in a single commit.
 4. Stop and wait for user feedback before continuing.
 

package/skills/sk:setup-claude/templates/commands/finish-feature.md.template

@@ -2,11 +2,11 @@
 
 # Finish Feature Command
 
-**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → **Finalize** → Release
+**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → **Finish** → Sync Features
 
 Finalize a feature/bug-fix branch: changelog, arch log, security gate, verification, and PR creation.
 
-This is the **last step before `/release`**. It auto-commits documentation changes (changelog, arch log) so you don't need to loop back to `/commit` for docs-only work.
+This is the **last step before `/sk:release`**. It auto-commits documentation changes (changelog, arch log) so you don't need to loop back to `/sk:smart-commit` for docs-only work.
 
 ## Before You Start
 
@@ -16,7 +16,7 @@ before marking the feature done. This is the last gate before merge — catch re
 mistakes here rather than in review.
 
 If `tasks/security-findings.md` exists, read it. Check that any Critical or High
-severity findings from the most recent `/security-check` audit have been addressed.
+severity findings from the most recent `/sk:security-check` audit have been addressed.
 If unresolved Critical/High findings remain, warn the user before proceeding.
 
 ## Steps
@@ -69,7 +69,7 @@ If unresolved Critical/High findings remain, warn the user before proceeding.
         - Migration/Compatibility: Any breaking changes?
       - Verify the auto-filled sections (Summary, Type, What Changed, Impact)
 
-   c) **Auto-commit the arch log** (no need to go back to `/commit`):
+   c) **Auto-commit the arch log** (no need to go back to `/sk:smart-commit`):
       ```bash
       git add .claude/docs/architectural_change_log/
       git commit -m "docs: add architectural changelog entry"
@@ -79,7 +79,7 @@ If unresolved Critical/High findings remain, warn the user before proceeding.
 
 5. **Verification** (with Test Checklist for Reviewers)
 
-   Tests should have been created during `/execute-plan`. Verify:
+   Tests should have been created during `/sk:execute-plan`. Verify:
 
    a) **Automated Tests**
       - Execute: `[TEST_COMMAND]`
@@ -108,7 +108,7 @@ If unresolved Critical/High findings remain, warn the user before proceeding.
       - Follows [LANGUAGE] conventions and style guide (see `CLAUDE.md`)
 
 6. **Security Gate**
-   - Read `tasks/security-findings.md`. If it doesn't exist or has no audit for this branch, recommend: "Run `/security-check` before creating a PR."
+   - Read `tasks/security-findings.md`. If it doesn't exist or has no audit for this branch, recommend: "Run `/sk:security-check` before creating a PR."
    - If the most recent audit has unresolved Critical or High findings, list them and ask the user to confirm they've been addressed before proceeding.
 
 7. **Create Pull Request**
@@ -126,7 +126,7 @@ If unresolved Critical/High findings remain, warn the user before proceeding.
 
    c) **Generate PR title and body:**
       - Title: Short, imperative, under 70 characters
-      - Body: Summary of changes, review findings (if any from `/review`), test status
+      - Body: Summary of changes, review findings (if any from `/sk:review`), test status
 
    d) **Create PR:**
    ```bash
@@ -152,4 +152,4 @@ EOF
 
 ## When Done
 
-> "Feature finalized and PR created! Run `/release` when ready to tag and publish."
+> "Feature finalized and PR created! Run `/sk:release` when ready to tag and publish."

package/skills/sk:setup-claude/templates/commands/security-check.md.template

@@ -6,7 +6,7 @@ description: "Audit changed code for security best practices, production-grade q
 
 # /security-check
 
-**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → **Security** → Performance → Review → Finalize → Release
+**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → **Security** → Performance → Review → E2E Tests → Finish → Sync Features
 
 Audit code for security vulnerabilities, production-grade quality, and industry gold-standard compliance.
 
@@ -164,9 +164,9 @@ Tell the user:
 > "Security audit complete. Findings saved to `tasks/security-findings.md`.
 > - **Critical:** N | **High:** N | **Medium:** N | **Low:** N
 >
-> Review the findings, then run `/finish-feature` when ready to finalize."
+> Review the findings, then run `/sk:finish-feature` when ready to finalize."
 
 If there are Critical or High findings:
-> "There are critical/high findings that should be addressed before merging. Fix them, then re-run `/security-check` to verify."
+> "There are critical/high findings that should be addressed before merging. Fix them, then re-run `/sk:security-check` to verify."
 
 **Do not auto-fix.** The user decides what to address.

package/skills/sk:setup-claude/templates/commands/write-plan.md.template

@@ -6,7 +6,7 @@ description: "Write a decision-complete plan into tasks/todo.md (no code yet)."
 
 # /write-plan
 
-**Workflow:** Read → Explore → Design → Accessibility → **Plan** → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finalize → Release
+**Workflow:** Read → Explore → Design → Accessibility → **Plan** → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 
 Create a decision-complete plan **before** writing code.
 

package/skills/sk:setup-claude/templates/tasks/workflow-status.md.template

@@ -7,25 +7,28 @@
 |---|------|--------|-------|
 | 1 | Read Todo | >> next << | |
 | 2 | Read Lessons | not yet | |
-| 3 | Explore (`/brainstorm`) | not yet | |
-| 4 | Design (`/frontend-design` or `/api-design`) | not yet | optional |
-| 5 | Accessibility (`/accessibility`) | not yet | optional |
-| 6 | Plan (`/write-plan`) | not yet | |
-| 7 | Branch (`/branch`) | not yet | |
-| 8 | Migrate (`/schema-migrate`) | not yet | optional |
-| 9 | Write Tests (`/write-tests`) | not yet | |
-| 10 | Implement (`/execute-plan`) | not yet | |
-| 11 | Commit (`/smart-commit`) | not yet | |
-| 12 | **Lint** (`/lint`) | not yet | HARD GATE — loop until clean |
-| 13 | Commit (`/smart-commit`) | not yet | conditional |
-| 14 | **Verify Tests** (`/test`) | not yet | HARD GATE — 100% coverage |
-| 15 | Commit (`/smart-commit`) | not yet | conditional |
-| 16 | **Security** (`/security-check`) | not yet | HARD GATE — 0 issues |
-| 17 | Commit (`/smart-commit`) | not yet | conditional |
-| 18 | Performance (`/perf`) | not yet | optional gate |
-| 19 | Commit (`/smart-commit`) | not yet | conditional |
-| 20 | **Review** (`/review`) | not yet | HARD GATE — 0 issues |
-| 21 | Commit (`/smart-commit`) | not yet | conditional |
-| 22 | Update (`/update-task`) | not yet | |
-| 23 | Finalize (`/finish-feature`) | not yet | |
-| 24 | Release (`/release`) | not yet | optional |
+| 3 | Explore (`/sk:brainstorm`) | not yet | |
+| 4 | Design (`/sk:frontend-design` or `/sk:api-design`) | not yet | optional |
+| 5 | Accessibility (`/sk:accessibility`) | not yet | optional |
+| 6 | Plan (`/sk:write-plan`) | not yet | |
+| 7 | Branch (`/sk:branch`) | not yet | |
+| 8 | Migrate (`/sk:schema-migrate`) | not yet | optional |
+| 9 | Write Tests (`/sk:write-tests`) | not yet | |
+| 10 | Implement (`/sk:execute-plan`) | not yet | |
+| 11 | Commit (`/sk:smart-commit`) | not yet | |
+| 12 | **Lint + Dep Audit** (`/sk:lint`) | not yet | HARD GATE — loop until clean |
+| 13 | Commit (`/sk:smart-commit`) | not yet | conditional |
+| 14 | **Verify Tests** (`/sk:test`) | not yet | HARD GATE — 100% coverage |
+| 15 | Commit (`/sk:smart-commit`) | not yet | conditional |
+| 16 | **Security** (`/sk:security-check`) | not yet | HARD GATE — 0 issues |
+| 17 | Commit (`/sk:smart-commit`) | not yet | conditional |
+| 18 | Performance (`/sk:perf`) | not yet | optional gate |
+| 19 | Commit (`/sk:smart-commit`) | not yet | conditional |
+| 20 | **Review + Simplify** (`/sk:review`) | not yet | HARD GATE — 0 issues |
+| 21 | Commit (`/sk:smart-commit`) | not yet | conditional |
+| 22 | **E2E** (`/sk:e2e`) | not yet | HARD GATE — all E2E scenarios must pass |
+| 23 | Commit (`/sk:smart-commit`) | not yet | conditional — skip if E2E was clean |
+| 24 | Update (`/sk:update-task`) | not yet | |
+| 25 | Finalize (`/sk:finish-feature`) | not yet | |
+| 26 | Sync Features (`/sk:features`) | not yet | required — sync feature specs after ship |
+| 27 | Release (`/sk:release`) | not yet | optional |

package/skills/sk:setup-optimizer/SKILL.md

@@ -43,7 +43,7 @@ Before making any changes, runs a diagnostic pass on the existing CLAUDE.md:
 - **Stale content** — detects outdated info (stale model/route counts, removed dependencies, old command names like `/laravel-lint` instead of `/sk:lint`)
 - **Inconsistencies** — compares documented vs actual project state (directories, scripts, workflows)
 - **Section completeness** — flags sections that exist but are empty or have only placeholder text
-- **Outdated workflow** — checks if the workflow matches the current 24-step TDD flow with hard gates
+- **Outdated workflow** — checks if the workflow matches the current 27-step TDD flow with hard gates
 
 Reports findings before proceeding. If issues are found, they inform subsequent steps.
 
@@ -51,15 +51,15 @@ Reports findings before proceeding. If issues are found, they inform subsequent
 
 If the workflow section is outdated or missing, replace it with the latest version:
 
-**Current workflow (24 steps, TDD with hard gates):**
+**Current workflow (27 steps, TDD with hard gates):**
 ```
-Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finish
+Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 ```
 
 **What gets updated:**
-- Workflow table (24 steps with correct commands: `/sk:write-tests`, `/sk:lint`, `/sk:test`, `/sk:accessibility`, `/sk:perf`)
+- Workflow table (27 steps with correct commands: `/sk:write-tests`, `/sk:lint`, `/sk:test`, `/sk:accessibility`, `/sk:perf`, `/sk:e2e`)
 - Step details (TDD red/green/verify descriptions)
-- Tracker rules (hard gates at 12, 14, 16, 20; optional steps 4, 5, 7, 18, 24)
+- Tracker rules (hard gates at 12, 14, 16, 20, 22; optional steps 4, 5, 8, 18, 27)
 - Step completion summary rule (NON-NEGOTIABLE)
 - Bug fix flow section
 - Sub-Agent Patterns section (if missing)
@@ -67,6 +67,8 @@ Read → Explore → Design → Accessibility → Plan → Branch → Migrate
 - Lessons Capture section (if missing)
 - Testing TDD section (if missing)
 - 3-Strike Protocol (if missing)
+- Fix & Retest Protocol section (if missing)
+- Requirement Change Flow section (if missing)
 
 **What gets preserved:**
 - Everything marked with `<!-- LOCK -->` is never touched

package/skills/sk:test/SKILL.md

@@ -154,6 +154,23 @@ All detected suites pass with 100% coverage on new code. Both lines of the repor
 
 ---
 
+## Fix & Retest Protocol
+
+When a test failure requires an implementation fix, classify the fix before committing:
+
+**a. Bug fix — same behavior contract** (the code was wrong, the test expectation was right) → fix the implementation, re-run `/sk:test`. No test update needed.
+
+**b. Logic change** (new behavior, changed data contract, modified function signature, new code path) → trigger protocol:
+1. Update or add failing unit tests to reflect the new behavior (RED first)
+2. Fix the implementation to make the updated tests pass (GREEN)
+3. Re-run `/sk:test` — must pass at 100% coverage
+4. Commit (tests + fix together in one commit)
+5. Re-run the gate that triggered this fix (Security, Performance, Review, or E2E)
+
+**Why this matters:** quality gates (Security, Performance, Review, E2E) run after tests pass. If those gates require logic fixes, tests can become stale. This protocol ensures tests always reflect the actual implementation.
+
+---
+
 ## Model Routing
 
 Read `.shipkit/config.json` from the project root if it exists.