@kennethsolomon/shipkit 3.0.7 → 3.2.0

package/skills/sk:seo-audit/SKILL.md

@@ -0,0 +1,283 @@
+---
+name: sk:seo-audit
+description: "SEO audit for web projects. Dual-mode: scans source templates + optionally fetches from running dev server. Ask-before-fix for mechanical issues. Outputs checklist findings to tasks/seo-findings.md."
+license: Complete terms in LICENSE.txt
+---
+
+# /sk:seo-audit
+
+## Purpose
+
+Standalone optional command — audits any web project for SEO issues regardless of framework (Laravel, Next.js, Nuxt, plain HTML, etc.). Run at any point after implementation is complete. NOT a numbered workflow step — invoke it independently like `/sk:debug`.
+
+Two modes:
+- **Source mode** (always runs): scans template files directly for SEO signals
+- **Server mode** (optional): fetches from a running dev server to validate rendered output
+
+Run when: before shipping a client site, after adding new pages, or any time you want to check SEO health.
+
+## Hard Rules
+
+- **Never auto-apply fixes without explicit user confirmation.**
+- **Every finding must cite a specific `file:line`.**
+- **Every finding is a checkbox:** `- [ ]` (open) or `- [x]` (auto-fixed this run)
+- **Append to `tasks/seo-findings.md`** — never overwrite (use date header per run)
+- **Degrade gracefully** if no server is running — skip Phase 2, note it in report
+- **Structured data validation requires external tools** (Google Rich Results Test) — flag it, don't skip silently
+
+## Before You Start
+
+1. Read `tasks/findings.md` if it exists — look for site context, target audience, business type (helps tailor content strategy recommendations)
+2. Read `tasks/lessons.md` if it exists — apply any SEO-related lessons
+3. Check if `tasks/seo-findings.md` exists — if yes, read the last dated section to identify previously flagged items (used to populate "Passed Checks" in the new report)
+
+## Mode Detection
+
+### Source Mode — Always Active
+
+Scan the project for template files:
+
+| Extension | Framework |
+|-----------|-----------|
+| `.blade.php` | Laravel |
+| `.jsx`, `.tsx` | React / Next.js |
+| `.vue` | Vue / Nuxt |
+| `.html` | Plain HTML / static |
+| `.ejs` | Express / Node |
+| `.njk` | Nunjucks |
+| `.twig` | Twig / Symfony |
+| `.erb` | Ruby on Rails |
+| `.astro` | Astro |
+
+Print: `"Source mode: found N template files ([extensions detected])"`
+
+### Server Mode — Optional
+
+Probe ports in parallel (background curl processes) to avoid 14-second worst-case serial timeout:
+- Ports: 3000, 5173, 8000, 8080, 4321, 4000, 8888
+- Command: `curl -s -I --max-time 2 http://localhost:PORT` (HEAD request to capture both status code and headers)
+- Use the first port that returns HTTP 200 **and** has a `Content-Type: text/html` response header
+
+If a port returns 200 but no `Content-Type: text/html` header, skip it — it is likely a non-HTTP service (e.g., a database, gRPC server) and not a web app. Try the next port.
+
+If any port qualifies: `"Server mode: detected running dev server at http://localhost:PORT"`
+
+If none respond or qualify: `"Server mode: no dev server detected — skipping Phase 2. Start your dev server and re-run for full audit."`
+
+> Note: confirm the detected URL looks correct before trusting Phase 2 results.
+
+## Phase 1 — Source Audit
+
+### Technical SEO
+
+- `robots.txt` — exists in project root or `public/`; does NOT contain `Disallow: /` blocking all crawlers
+- `sitemap.xml` — exists in project root or `public/`; referenced in `robots.txt` via `Sitemap:` directive
+- `<html lang="">` — present on all layout/root templates (not empty)
+- Canonical tags — `<link rel="canonical">` present on key page templates
+- No accidental `<meta name="robots" content="noindex">` on public-facing pages
+- No hardcoded `http://` asset URLs in templates (mixed content risk)
+
+### On-Page SEO
+
+- `<title>` — present in `<head>`, unique across pages, 50–60 characters
+- `<meta name="description">` — present in `<head>`, unique across pages, 150–160 characters
+- Exactly one `<h1>` per page template (not zero, not two+)
+- Heading hierarchy not skipped (no jumping from `<h2>` to `<h4>`)
+- All `<img>` tags have `alt` attribute (even if empty for decorative — but flag empty alt on non-decorative images)
+- Internal `<a>` link text is descriptive — flag anchors with text: "click here", "here", "read more", "link", "this"
+- Image filenames are descriptive — flag patterns like `img001`, `IMG_`, `photo`, `image`, `DSC_`, `screenshot` with no context
+
+### Content Signals
+
+- Open Graph tags: `og:title`, `og:description`, `og:url`, `og:image` all present in layout
+- Twitter Card tags: `twitter:card` present
+- JSON-LD structured data block: look for `<script type="application/ld+json">` — note presence/absence; do NOT validate schema (requires external tool)
+- Page `<html lang="">` matches expected locale
+
+## Phase 2 — Server Audit (Optional)
+
+If server detected:
+
+1. Fetch `/` and discover up to 4 additional pages (from `<a>` href values in homepage, or from sitemap.xml)
+2. For each page fetched, extract and compare:
+   - Rendered `<title>` vs source template value
+   - Rendered `<meta name="description">` vs source template value
+   - Rendered `<h1>` vs source template value
+   - Rendered OG tags vs source template
+3. Flag mismatches: `"/about — Source template declares <title>About Us</title> but rendered output shows <title>My App</title> — framework may be overriding"`
+4. Check HTTP status codes — flag any key page returning non-200
+5. Check for redirect chains on common pages (/ → /home → /index is a chain)
+
+> Note in report: "Structured data detected but NOT validated — use Google Rich Results Test (https://search.google.com/test/rich-results) to verify schema markup."
+
+## Phase 3 — Ask Before Fix
+
+After completing Phase 1 (and Phase 2 if run):
+
+1. Collect all auto-fixable findings (see Mechanical Fixes Reference below)
+2. Display numbered list:
+
+```
+Found N auto-fixable issues:
+1. Missing <title> in resources/views/layouts/app.blade.php
+2. Missing alt attribute on <img> in resources/views/home.blade.php:42
+3. Missing robots.txt
+... (all N items)
+
+Apply mechanical fixes? [y/N]
+```
+
+3. Wait for user response
+4. On `y`: apply each fix in order, log `"Fixed: [description] in [file:line]"`, mark as `- [x]` in report. On individual fix failure: log the error, mark that item `- [ ]`, and continue with remaining fixes.
+5. On `n`: mark all as `- [ ]` in report with Fix instructions
+
+## Mechanical Fixes Reference
+
+What this skill CAN auto-apply when user confirms:
+
+| Issue | Fix Applied |
+|-------|------------|
+| Missing `<title>` in `<head>` | Add `<title>TODO: Add page title (50-60 chars)</title>` |
+| Missing `<meta name="description">` | Add `<meta name="description" content="TODO: Add description (150-160 chars)">` |
+| `<img>` missing `alt` attribute | Add `alt="TODO: Describe this image for screen readers"` |
+| Missing `<link rel="canonical">` | Add `<link rel="canonical" href="TODO: Add canonical URL">` |
+| Missing `robots.txt` | Create `robots.txt`: `User-agent: *\nAllow: /\nSitemap: /sitemap.xml` |
+| Missing `sitemap.xml` | Create `sitemap.xml` scaffold with homepage entry |
+| Multiple `<h1>` on same page | Demote 2nd, 3rd... `<h1>` to `<h2>` |
+| Missing OG tags | Add `og:title`, `og:description`, `og:url` block (with TODO placeholders) |
+| Missing `<html lang="">` | Add `lang="en"` — **note in output: verify correct language code** |
+
+Things this skill CANNOT auto-apply (report only):
+- Content quality improvements
+- Keyword targeting
+- Title/description CONTENT (only adds TODOs)
+- Schema markup content (only flags missing)
+- Backlink strategy
+- `<meta name="robots" content="noindex">` removal — only the developer can confirm whether a page is intentionally noindexed
+
+## Generate Report
+
+Write to `tasks/seo-findings.md` — append with date header, never overwrite.
+
+```markdown
+# SEO Audit — YYYY-MM-DD
+
+**Mode:** Source only | Source + Server (`http://localhost:PORT`)
+**Templates scanned:** N files ([detected extensions])
+**Pages fetched:** N | none — server not detected
+
+---
+
+## Critical
+
+- [x] `resources/views/layouts/app.blade.php` — Missing `<title>` tag *(auto-fixed — add real title)*
+- [ ] `resources/views/about.blade.php:1` — Missing `<meta name="description">`
+  **Impact:** Google may auto-generate a description from page content, often poorly.
+  **Fix:** Add `<meta name="description" content="150-160 char description">` in `<head>`
+
+## High
+
+- [ ] `public/robots.txt` — File missing
+  **Impact:** Search engines have no crawl guidance — may index unwanted pages.
+  **Fix:** Create `robots.txt` with `User-agent: *`, `Allow: /`, `Sitemap:` directive
+
+## Medium
+
+- [ ] `resources/views/home.blade.php:42` — `<img src="hero.jpg">` missing alt attribute
+  **Impact:** Accessibility violation + missed keyword opportunity.
+  **Fix:** Add descriptive `alt="..."` text
+
+## Low
+
+- [ ] Image filename `IMG_4521.jpg` — not descriptive
+  **Impact:** Minor missed keyword signal.
+  **Fix:** Rename to describe the image content
+
+## Content Strategy — Manual Action
+
+- [ ] No JSON-LD structured data detected — consider adding schema markup (Article / Product / LocalBusiness / FAQPage) based on your content type. Validate at: https://search.google.com/test/rich-results
+- [ ] `og:image` missing — social shares will have no preview image. Add a default OG image in your layout.
+- [ ] Submit `sitemap.xml` to Google Search Console for faster indexing
+- [ ] Title tags are present but content is generic ("TODO") — research target keywords for each page
+
+## Passed Checks
+
+- `robots.txt` exists and allows crawling *(was: missing — fixed in 2026-03-10 audit)*
+- All `<img>` tags have alt attributes
+- Single `<h1>` per page
+
+(or "First run — no prior baseline to compare against")
+
+## Applied Fixes
+
+- Fixed: Added `<title>` placeholder to `resources/views/layouts/app.blade.php`
+- Fixed: Created `public/robots.txt`
+
+(or "No fixes applied this run")
+
+---
+
+## Summary
+
+| Severity | Open | Fixed this run |
+|----------|------|----------------|
+| Critical | 1 | 1 |
+| High | 1 | 0 |
+| Medium | 3 | 0 |
+| Low | 2 | 0 |
+| Content Strategy | 4 | — |
+| **Total** | **11** | **1** |
+```
+
+**Never overwrite** `tasks/seo-findings.md` — append new audits with a date header.
+
+## When Done
+
+If Critical or High items are open:
+> "SEO audit complete. **N critical/high issues** need attention before this site will rank well. Findings and checklist in `tasks/seo-findings.md`."
+
+If only Medium/Low/Content Strategy open:
+> "Technical SEO is solid. **N medium/low polish items** and **N content strategy items** noted in `tasks/seo-findings.md`. Check off items as you address them."
+
+If all clean:
+> "SEO audit passed — no issues found. `tasks/seo-findings.md` updated with clean baseline."
+
+If fixes were declined (`n`):
+> "SEO audit complete. **N auto-fixable issues** left open (fixes declined). Checklist in `tasks/seo-findings.md` — check off items as you manually address them."
+
+---
+
+## Fix & Retest Protocol
+
+When applying an SEO fix, classify it before committing:
+
+**a. Template/config change** (adding a meta tag, fixing alt text, scaffolding robots.txt, adding lang attribute, creating sitemap.xml) → commit and re-run `/sk:seo-audit`. No test update needed.
+
+**b. Logic change** (changing how a framework generates meta tags, modifying a layout component's data-fetching or rendering logic, changing routing that affects canonical URLs) → trigger protocol:
+1. Update or add failing unit tests for the new behavior
+2. Re-run `/sk:test` — must pass at 100% coverage
+3. Commit (tests + fix together in one commit)
+4. Re-run `/sk:seo-audit` to verify the fix resolved the finding
+
+**Common logic-change SEO fixes:**
+- Changing a Next.js `generateMetadata()` function → update tests asserting metadata output
+- Modifying a Laravel controller that sets page title → update feature tests
+- Changing a Vue component that injects `<head>` tags → update component tests
+
+---
+
+## Model Routing
+
+Read `.shipkit/config.json` from the project root if it exists.
+
+- If `model_overrides["sk:seo-audit"]` is set, use that model — it takes precedence.
+- Otherwise use the `profile` field. Default: `balanced`.
+
+| Profile | Model |
+|---------|-------|
+| `full-sail` | sonnet |
+| `quality` | sonnet |
+| `balanced` | sonnet |
+| `budget` | haiku |
+
+> `opus` = inherit (uses the current session model). When spawning sub-agents via the Agent tool, pass `model: "<resolved-model>"`.

package/skills/sk:setup-claude/templates/CLAUDE.md.template

@@ -34,7 +34,7 @@
 ## Workflow — Follow This Order
 <!-- LOCK -->
 
-**Flow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finish
+**Flow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 
 Progress is tracked in `tasks/workflow-status.md`. This file persists across conversations.
 
@@ -42,55 +42,61 @@ Progress is tracked in `tasks/workflow-status.md`. This file persists across con
 |---|------|---------|------|-------|
 | 1 | Read Todo | read `tasks/todo.md` | required | no |
 | 2 | Read Lessons | read `tasks/lessons.md` | required | no |
-| 3 | Explore | `/brainstorm` | required | no |
-| 4 | Design | `/frontend-design` or `/api-design` | optional (confirm to skip) | no |
-| 5 | Accessibility | `/accessibility` | optional (confirm to skip) | no |
-| 6 | Plan | `/write-plan` | required | no |
-| 7 | Branch | `/branch` | required | no |
-| 8 | Migrate | `/schema-migrate` | optional (confirm to skip) | no |
-| 9 | Write Tests | `/write-tests` | required | no |
-| 10 | Implement | `/execute-plan` | required | no |
-| 11 | Commit | `/smart-commit` | required | no |
-| 12 | Lint | `/lint` | required | yes — must be clean |
-| 13 | Commit | `/smart-commit` | conditional (skip if lint was clean) | no |
-| 14 | Verify Tests | `/test` | required | yes — 100% coverage required |
-| 15 | Commit | `/smart-commit` | conditional (skip if tests passed clean) | no |
-| 16 | Security | `/security-check` | required | yes — must reach 0 issues |
-| 17 | Commit | `/smart-commit` | conditional (skip if security was clean) | no |
-| 18 | Performance | `/perf` | optional (confirm to skip) | yes — loop until critical/high = 0 |
-| 19 | Commit | `/smart-commit` | conditional (skip if perf was clean) | no |
-| 20 | Review | `/review` | required | yes — must reach 0 issues |
-| 21 | Commit | `/smart-commit` | conditional (skip if review was clean) | no |
-| 22 | Update | `/update-task` | required | no |
-| 23 | Finalize | `/finish-feature` | required | no |
-| 24 | Release | `/release` | optional (confirm to skip) | no |
+| 3 | Explore | `/sk:brainstorm` | required | no |
+| 4 | Design | `/sk:frontend-design` or `/sk:api-design` | optional (confirm to skip) | no |
+| 5 | Accessibility | `/sk:accessibility` | optional (confirm to skip) | no |
+| 6 | Plan | `/sk:write-plan` | required | no |
+| 7 | Branch | `/sk:branch` | required | no |
+| 8 | Migrate | `/sk:schema-migrate` | optional (confirm to skip) | no |
+| 9 | Write Tests | `/sk:write-tests` | required | no |
+| 10 | Implement | `/sk:execute-plan` | required | no |
+| 11 | Commit | `/sk:smart-commit` | required | no |
+| 12 | Lint + Dep Audit | `/sk:lint` | required | yes — must be clean |
+| 13 | Commit | `/sk:smart-commit` | conditional (skip if lint was clean) | no |
+| 14 | Verify Tests | `/sk:test` | required | yes — 100% coverage required |
+| 15 | Commit | `/sk:smart-commit` | conditional (skip if tests passed clean) | no |
+| 16 | Security | `/sk:security-check` | required | yes — must reach 0 issues |
+| 17 | Commit | `/sk:smart-commit` | conditional (skip if security was clean) | no |
+| 18 | Performance | `/sk:perf` | optional (confirm to skip) | yes — loop until critical/high = 0 |
+| 19 | Commit | `/sk:smart-commit` | conditional (skip if perf was clean) | no |
+| 20 | Review + Simplify | `/sk:review` | required | yes — must reach 0 issues |
+| 21 | Commit | `/sk:smart-commit` | conditional (skip if review was clean) | no |
+| 22 | E2E Tests | `/sk:e2e` | required | yes — all scenarios must pass |
+| 23 | Commit | `/sk:smart-commit` | conditional (skip if E2E was clean) | no |
+| 24 | Update | `/sk:update-task` | required | no |
+| 25 | Finalize | `/sk:finish-feature` | required | no |
+| 26 | Sync Features | `/sk:features` | required | no |
+| 27 | Release | `/sk:release` | optional (confirm to skip) | no |
 
 ### Step Details
 
 1.  **Read** `tasks/todo.md` — pick the next incomplete task
 2.  **Read** `tasks/lessons.md` — review past corrections before writing code
-3.  **Explore** — run `/brainstorm` to clarify requirements, constraints, and approach. No code in this step.
-4.  **Design** — run `/frontend-design` for UI mockup or `/api-design` for API contracts. No code — design only. Skip if pure backend with no UI and no new API. After the design summary, the skill asks if you want a Pencil visual mockup — answer `y` only if you have the Pencil app open and Pencil MCP connected. Use `/frontend-design --pencil` to jump directly to the Pencil phase.
-5.  **Accessibility** — run `/accessibility` to audit the design spec for WCAG 2.1 AA compliance. Produces `tasks/accessibility-findings.md`. Skip if backend-only with no frontend.
-6.  **Plan** — run `/write-plan` to write a decision-complete plan into `tasks/todo.md` using brainstorm + design outputs. No code in this step.
-7.  **Branch** — run `/branch` to create a feature branch auto-named from the current task.
-8.  **Migrate** — run `/schema-migrate` for database changes. Skip if no schema changes needed.
-9.  **Write Tests** — run `/write-tests` (TDD red phase). Write failing tests for all planned code. If modifying existing behavior, update existing tests first. Tests SHOULD fail — no implementation yet.
-10. **Implement** — run `/execute-plan` to execute `tasks/todo.md` checkboxes in small batches, making the failing tests pass (TDD green phase). Log progress to `tasks/progress.md`.
-11. **Commit** — run `/smart-commit` to commit tests + implementation
-12. **Lint** — run `/lint` — auto-detects and runs all project linters. Fix all issues immediately, then re-run until clean. Do not ask to re-run — fix and re-run automatically.
-13. **Commit** — run `/smart-commit` if lint required fixes. Auto-skip if lint was clean.
-14. **Verify Tests** — run `/test` — auto-detects and runs all project test suites. **100% test coverage required.** Fix failures immediately, then re-run. Do not ask to re-run — fix and re-run automatically.
-15. **Commit** — run `/smart-commit` if test fixes were needed. Auto-skip if tests passed first try.
-16. **Security** — run `/security-check`. Must reach 0 issues across all severities. Fix issues immediately, commit, then re-run. Loop until clean.
-17. **Commit** — run `/smart-commit` if security required fixes. Auto-skip if clean.
-18. **Performance** — run `/perf` to audit for performance issues. Produces `tasks/perf-findings.md`. Fix critical/high findings, commit, then re-run. Loop until critical/high = 0. Skip if confirmed with user.
-19. **Commit** — run `/smart-commit` if perf required fixes. Auto-skip if clean.
-20. **Review** — run `/review`. Must reach 0 issues including nitpicks. Fix issues immediately, commit, then re-run. Loop until clean.
-21. **Commit** — run `/smart-commit` if review required fixes. Auto-skip if clean.
-22. **Update** — run `/update-task` to mark the task done in `tasks/todo.md` and log completion to `tasks/progress.md`.
-23. **Finalize** — run `/finish-feature` for changelog + PR
-24. **Release** — run `/release` if deploying. Skip if not ready.
+3.  **Explore** — run `/sk:brainstorm` to clarify requirements, constraints, and approach. No code in this step.
+4.  **Design** — run `/sk:frontend-design` for UI mockup or `/sk:api-design` for API contracts. No code — design only. Skip if pure backend with no UI and no new API. After the design summary, the skill asks if you want a Pencil visual mockup — answer `y` only if you have the Pencil app open and Pencil MCP connected. Use `/sk:frontend-design --pencil` to jump directly to the Pencil phase.
+5.  **Accessibility** — run `/sk:accessibility` to audit the design spec for WCAG 2.1 AA compliance. Produces `tasks/accessibility-findings.md`. Skip if backend-only with no frontend.
+6.  **Plan** — run `/sk:write-plan` to write a decision-complete plan into `tasks/todo.md` using brainstorm + design outputs. No code in this step.
+7.  **Branch** — run `/sk:branch` to create a feature branch auto-named from the current task.
+8.  **Migrate** — run `/sk:schema-migrate` for database changes. Skip if no schema changes needed.
+9.  **Write Tests** — run `/sk:write-tests` (TDD red phase). Write failing tests for all planned code. If modifying existing behavior, update existing tests first. Tests SHOULD fail — no implementation yet.
+10. **Implement** — run `/sk:execute-plan` to execute `tasks/todo.md` checkboxes in small batches, making the failing tests pass (TDD green phase). Log progress to `tasks/progress.md`.
+11. **Commit** — run `/sk:smart-commit` to commit tests + implementation
+12. **Lint + Dep Audit** — run `/sk:lint` — auto-detects and runs all project linters plus dependency vulnerability audits. Fix all issues immediately, then re-run until clean. Do not ask to re-run — fix and re-run automatically.
+13. **Commit** — run `/sk:smart-commit` if lint required fixes. Auto-skip if lint was clean.
+14. **Verify Tests** — run `/sk:test` — auto-detects and runs all project test suites. **100% test coverage required.** Fix failures immediately, then re-run. Do not ask to re-run — fix and re-run automatically.
+15. **Commit** — run `/sk:smart-commit` if test fixes were needed. Auto-skip if tests passed first try.
+16. **Security** — run `/sk:security-check`. Must reach 0 issues across all severities. Fix issues immediately, commit, then re-run. Loop until clean.
+17. **Commit** — run `/sk:smart-commit` if security required fixes. Auto-skip if clean.
+18. **Performance** — run `/sk:perf` to audit for performance issues. Produces `tasks/perf-findings.md`. Fix critical/high findings, commit, then re-run. Loop until critical/high = 0. Skip if confirmed with user.
+19. **Commit** — run `/sk:smart-commit` if perf required fixes. Auto-skip if clean.
+20. **Review + Simplify** — run `/sk:review`. First runs a simplify pre-pass on changed files, then performs full multi-dimensional review. Must reach 0 issues including nitpicks. Fix issues immediately, commit, then re-run. Loop until clean.
+21. **Commit** — run `/sk:smart-commit` if review required fixes. Auto-skip if clean.
+22. **E2E Tests** — run `/sk:e2e`. Verifies the complete, reviewed, secure implementation works end-to-end from a user's perspective using agent-browser. All scenarios must pass. Cannot be skipped.
+23. **Commit** — run `/sk:smart-commit` if E2E required fixes. Auto-skip if E2E was clean.
+24. **Update** — run `/sk:update-task` to mark the task done in `tasks/todo.md` and log completion to `tasks/progress.md`.
+25. **Finalize** — run `/sk:finish-feature` for changelog + PR
+26. **Sync Features** — run `/sk:features` to sync `docs/sk:features/` specs with what was actually shipped.
+27. **Release** — run `/sk:release` if deploying. Skip if not ready.
 
 ### Workflow Tracker Rules
 
@@ -103,21 +109,22 @@ Progress is tracked in `tasks/workflow-status.md`. This file persists across con
    - Add relevant Notes (e.g., "clean on attempt 2", "backend-only, no UI")
    - Move `>> next <<` to the next pending step
 
-3. **Optional steps** (4, 5, 7, 18, 24): Ask the user "Skip [step]?" and require explicit confirmation. Record the reason in Notes.
+3. **Optional steps** (4, 5, 8, 18, 27): Ask the user "Skip [step]?" and require explicit confirmation. Record the reason in Notes.
 
-4. **Conditional commits** (13, 15, 17, 19, 21): Auto-skip if no changes were made. Record reason (e.g., "lint was clean", "tests passed first try").
+4. **Conditional commits** (13, 15, 17, 19, 21, 23): Auto-skip if no changes were made. Record reason (e.g., "lint was clean", "tests passed first try").
 
-5. **Loop steps are HARD GATES** (12, 14, 16, 20): These steps BLOCK all forward progress until they pass clean. Fix issues immediately and re-run. Do NOT ask the user to re-run — fix and re-run automatically. Track attempt number in Notes (e.g., "clean on attempt 3").
+5. **Loop steps are HARD GATES** (12, 14, 16, 20, 22): These steps BLOCK all forward progress until they pass clean. Fix issues immediately and re-run. Do NOT ask the user to re-run — fix and re-run automatically. Track attempt number in Notes (e.g., "clean on attempt 3").
    - **Step 12 (Lint)**: All detected linting tools must pass — every single one.
    - **Step 14 (Verify Tests)**: All detected test suites (BE + FE) must pass with 100% coverage on new code.
    - **Step 16 (Security)**: 0 issues across all severities.
    - **Step 20 (Review)**: 0 issues including nitpicks.
+   - **Step 22 (E2E Tests)**: All scenarios must pass. 0 failures allowed.
    - **Step 18 (Performance)**: Optional gate — if run, loop until critical/high findings = 0. Can be skipped with explicit confirmation.
    - **DO NOT mark these steps as `done` until every check passes.** If even one tool fails, the step is NOT done. Never proceed to the next step with errors remaining.
 
-6. **Never skip steps without confirmation.** Steps cannot run out of order. Hard gate steps (12, 14, 16, 20) can NEVER be skipped. Optional gate step (18) requires explicit confirmation to skip.
+6. **Never skip steps without confirmation.** Steps cannot run out of order. Hard gate steps (12, 14, 16, 20, 22) can NEVER be skipped. Optional gate step (18) requires explicit confirmation to skip.
 
-7. **Requirements change mid-workflow?** Stop the current step and run `/change` immediately. It will classify the scope (behavior tweak / new requirements / scope shift) and tell you exactly where to re-enter the workflow. Never continue implementing stale requirements.
+7. **Requirements change mid-workflow?** Stop the current step and run `/sk:change` immediately. It will classify the scope (behavior tweak / new requirements / scope shift) and tell you exactly where to re-enter the workflow. Never continue implementing stale requirements.
 
 7. **Never auto-advance.** When one step completes, stop and tell the user which step is next. Do not proceed automatically.
 
@@ -133,6 +140,22 @@ Next step: [#] [Name] — run `[command]`
 
 This tells the user exactly what happened and what to do next. Never finish a step silently.
 
+### Fix & Retest Protocol
+
+**Applies to steps 12, 14, 16, 18, 20, 22 — any step that can produce code changes.**
+
+When any of these steps require a fix, classify the fix before committing:
+
+**a. Format/style/config/wording change** → commit and re-run the gate. No test update needed.
+
+**b. Logic change** (new branch, modified condition, new data path, query change, new function, changed algorithm, API change) → trigger protocol:
+1. Update or add failing unit tests for the new behavior
+2. Re-run `/sk:test` — must pass at 100% coverage
+3. Commit (tests + fix together in one commit)
+4. Re-run the current gate from scratch
+
+**Exception:** Lint formatter auto-fixes (Prettier, Pint, gofmt, cargo fmt) are never logic changes — bypass protocol automatically.
+
 ### Tracker Reset
 
 - When starting a new task, check if `tasks/workflow-status.md` has any `done` or `skipped` steps. If yes, ask: "Existing workflow detected. Start fresh and reset tracker?"
@@ -140,52 +163,65 @@ This tells the user exactly what happened and what to do next. Never finish a st
 
 ### Bug Fix Flow
 
-When fixing a bug (not building a feature), use `/debug` as the entry point. This sets up a shorter workflow:
+When fixing a bug (not building a feature), use `/sk:debug` as the entry point. This sets up a shorter workflow:
 
 | # | Step | Command |
 |---|------|---------|
-| 1 | Debug | `/debug` |
-| 2 | Branch | `/branch` |
-| 3 | Write Tests | `/write-tests` (regression test) |
+| 1 | Debug | `/sk:debug` |
+| 2 | Branch | `/sk:branch` |
+| 3 | Write Tests | `/sk:write-tests` (regression test) |
 | 4 | Fix | implement the fix |
-| 5 | Commit | `/smart-commit` |
-| 6 | Lint | `/lint` |
-| 7 | Commit | `/smart-commit` (skip if clean) |
-| 8 | Verify Tests | `/test` |
-| 9 | Commit | `/smart-commit` (skip if clean) |
-| 10 | Security | `/security-check` |
-| 11 | Commit | `/smart-commit` (skip if clean) |
-| 12 | Review | `/review` |
-| 13 | Commit | `/smart-commit` (skip if clean) |
-| 14 | Update | `/update-task` |
-| 15 | Finalize | `/finish-feature` |
-
-Start with `/debug` to investigate, then follow the abbreviated flow.
+| 5 | Commit | `/sk:smart-commit` |
+| 6 | Lint | `/sk:lint` |
+| 7 | Commit | `/sk:smart-commit` (skip if clean) |
+| 8 | Verify Tests | `/sk:test` |
+| 9 | Commit | `/sk:smart-commit` (skip if clean) |
+| 10 | Security | `/sk:security-check` |
+| 11 | Commit | `/sk:smart-commit` (skip if clean) |
+| 12 | Review | `/sk:review` |
+| 13 | Commit | `/sk:smart-commit` (skip if clean) |
+| 14 | Update | `/sk:update-task` |
+| 15 | Finalize | `/sk:finish-feature` |
+
+Start with `/sk:debug` to investigate, then follow the abbreviated flow.
 
 ### Hotfix Flow
 
-For production emergencies that need to ship immediately, use `/hotfix`. Skips brainstorm, design, and write-tests. Quality gates still apply.
+For production emergencies that need to ship immediately, use `/sk:hotfix`. Skips brainstorm, design, and write-tests. Quality gates still apply.
 
 | # | Step | Command |
 |---|------|---------|
-| 1 | Investigate | `/debug` |
-| 2 | Branch | `/branch` |
+| 1 | Investigate | `/sk:debug` |
+| 2 | Branch | `/sk:branch` |
 | 3 | Fix | implement directly |
 | 4 | Smoke Test | run existing tests |
-| 5 | Commit | `/smart-commit` |
-| 6 | Lint | `/lint` |
-| 7 | Commit | `/smart-commit` (skip if clean) |
-| 8 | Verify Tests | `/test` |
-| 9 | Commit | `/smart-commit` (skip if clean) |
-| 10 | Security | `/security-check` |
-| 11 | Commit | `/smart-commit` (skip if clean) |
-| 12 | Review | `/review` |
-| 13 | Commit | `/smart-commit` (skip if clean) |
-| 14 | Update | `/update-task` |
-| 15 | Finalize | `/finish-feature` |
+| 5 | Commit | `/sk:smart-commit` |
+| 6 | Lint | `/sk:lint` |
+| 7 | Commit | `/sk:smart-commit` (skip if clean) |
+| 8 | Verify Tests | `/sk:test` |
+| 9 | Commit | `/sk:smart-commit` (skip if clean) |
+| 10 | Security | `/sk:security-check` |
+| 11 | Commit | `/sk:smart-commit` (skip if clean) |
+| 12 | Review | `/sk:review` |
+| 13 | Commit | `/sk:smart-commit` (skip if clean) |
+| 14 | Update | `/sk:update-task` |
+| 15 | Finalize | `/sk:finish-feature` |
 
 After merging: add a regression test and a lessons.md entry.
 
+### Requirement Change Flow
+
+When requirements change mid-workflow, run `/sk:change` to avoid implementing the wrong behavior:
+
+| # | Step | Command |
+|---|------|---------|
+| 1 | Assess | `/sk:change` — classify scope (Tier 1/2/3) |
+| 2 | Tier 1 (test update only) | update tests → re-enter at step 9 |
+| 3 | Tier 2 (plan revision) | revise plan → re-enter at step 6 |
+| 4 | Tier 3 (re-brainstorm) | re-enter at step 3 |
+
+Never update tests or implementation based on a changed requirement without going through `/sk:change` first.
+
 ## Sub-Agent Patterns
 <!-- BEGIN:sub-agent-patterns -->
 
@@ -281,9 +317,9 @@ Tests are written **before** implementation (step 9) and verified **after** (ste
 
 ### TDD Flow
 
-1. `/write-tests` — write failing tests based on the plan (RED)
-2. `/execute-plan` — implement code to make tests pass (GREEN)
-3. `/test` — verify all tests pass with 100% coverage (VERIFY)
+1. `/sk:write-tests` — write failing tests based on the plan (RED)
+2. `/sk:execute-plan` — implement code to make tests pass (GREEN)
+3. `/sk:test` — verify all tests pass with 100% coverage (VERIFY)
 
 Every new function, endpoint, component, and module needs tests. No code proceeds past step 13 without 100% coverage on new code.
 
@@ -299,3 +335,32 @@ Never retry the same failing approach.
 ## Architectural Change Log
 
 Create entries in: `[ARCH_CHANGELOG_DIR]`
+
+## Commands
+
+| Command | Purpose |
+|---------|---------|
+| `/sk:brainstorm` | Explore requirements and design |
+| `/sk:frontend-design` | UI mockup before implementation. Prompts to create Pencil visual mockup |
+| `/sk:api-design` | Design API contracts (endpoints, payloads, auth, errors) before implementation |
+| `/sk:accessibility` | WCAG 2.1 AA audit — runs after design, before implementation |
+| `/sk:write-plan` | Write decision-complete plan into `tasks/todo.md` |
+| `/sk:branch` | Create feature branch auto-named from current task |
+| `/sk:write-tests` | TDD: Write failing tests before implementation |
+| `/sk:execute-plan` | Execute `tasks/todo.md` checkboxes in batches |
+| `/sk:smart-commit` | Conventional commit with approval |
+| `/sk:lint` | Auto-detect and run all project linters + dependency audits |
+| `/sk:test` | Auto-detect and run all project test suites |
+| `/sk:debug` | Investigate and debug issues (bug fix entry point) |
+| `/sk:security-check` | OWASP security audit on changed files |
+| `/sk:perf` | Performance audit — bundle, N+1, Core Web Vitals, memory |
+| `/sk:review` | Self-review with simplify pre-pass + multi-dimensional review |
+| `/sk:e2e` | E2E behavioral verification using agent-browser (final quality gate) |
+| `/sk:hotfix` | Emergency fix workflow — skip design/TDD, quality gates enforced |
+| `/sk:change` | Handle mid-workflow requirement changes — re-enter at correct step |
+| `/sk:update-task` | Mark task done and log completion |
+| `/sk:finish-feature` | Changelog + PR creation |
+| `/sk:features` | Sync feature specs with shipped implementation |
+| `/sk:release` | Version bump + changelog + tag |
+| `/sk:status` | Show workflow + task status |
+| `/sk:setup-optimizer` | Diagnose + update workflow + enrich CLAUDE.md |

package/skills/sk:setup-claude/templates/commands/brainstorm.md.template

@@ -6,14 +6,14 @@ description: "Start with design questions before writing code."
 
 # /brainstorm
 
-**Workflow:** Read → **Explore** → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → Finalize → Release
+**Workflow:** Read → **Explore** → Design → Accessibility → Plan → Branch → Migrate → Write Tests → Implement → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 
 Explore design and clarify requirements **before** any code is written.
 
 ## Hard Rules
 
 - **DO NOT write, edit, or generate any code.** No files, no snippets, no pseudo-implementations.
-- **DO NOT create a plan.** That is `/write-plan`'s job.
+- **DO NOT create a plan.** That is `/sk:write-plan`'s job.
 - **DO NOT run build/test/lint commands.** You are in design mode only.
 - You may **read** existing code to understand the current state, but nothing more.
 
@@ -65,10 +65,10 @@ Explore design and clarify requirements **before** any code is written.
 
 ## When Done
 
-1. Update `tasks/workflow-status.md`: set step 1 (`/brainstorm`) to `done`, move `>> next <<` to the next pending step.
+1. Update `tasks/workflow-status.md`: set step 1 (`/sk:brainstorm`) to `done`, move `>> next <<` to the next pending step.
 2. Print the full workflow status dashboard table.
 3. Tell the user:
    > "Brainstorming complete. Findings saved to `tasks/findings.md`."
-4. If step 2 (`/frontend-design`) is next, ask: "Step 2 is `/frontend-design` (optional). Run it or skip?"
+4. If step 2 (`/sk:frontend-design`) is next, ask: "Step 2 is `/sk:frontend-design` (optional). Run it or skip?"
 
 **Do not proceed to planning or implementation yourself.** The user must explicitly invoke the next step.

package/skills/sk:setup-claude/templates/commands/execute-plan.md.template

@@ -6,7 +6,7 @@ description: "Execute tasks/todo.md checkboxes in small batches; log to tasks/pr
 
 # /execute-plan
 
-**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → **Implement** → Lint → Verify Tests → Security → Performance → Review → Finalize → Release
+**Workflow:** Read → Explore → Design → Accessibility → Plan → Branch → Migrate → Write Tests → **Implement** → Lint → Verify Tests → Security → Performance → Review → E2E Tests → Finish → Sync Features
 
 Execute the plan in `tasks/todo.md` in small batches with clear checkpoints.
 
@@ -33,7 +33,7 @@ Execute the plan in `tasks/todo.md` in small batches with clear checkpoints.
    - verification results
    - what's next
    - After all items in this batch pass verification, the code is ready to stage.
-     Run `/commit` after any passed batch, or accumulate and commit at plan completion.
+     Run `/sk:smart-commit` after any passed batch, or accumulate and commit at plan completion.
      Never combine more than one logical unit of work in a single commit.
 4. Stop and wait for user feedback before continuing.