@kennethsolomon/shipkit 3.10.1 → 3.11.0

package/README.md

@@ -48,6 +48,44 @@ That's it. `/sk:setup-claude` creates your project scaffolding: planning files,
 
 `/sk:start` is the recommended entry point — it classifies your task and routes you to the optimal flow automatically. You can also jump directly to `/sk:brainstorm`, `/sk:debug`, or any other flow entry point.
 
+### Updating ShipKit
+
+```bash
+# Update the package
+npm install -g @kennethsolomon/shipkit && shipkit
+
+# Then in each project, update CLAUDE.md + deploy new hooks:
+/sk:setup-optimizer
+```
+
+`shipkit` re-installs all skills and commands globally. `/sk:setup-optimizer` updates each project's CLAUDE.md with new commands and deploys any missing hooks.
+
+---
+
+## Lifecycle Hooks
+
+`/sk:setup-claude` installs lifecycle hooks that automate common tasks. Core hooks are always installed; enhanced hooks are opt-in.
+
+**Core hooks (always installed):**
+| Hook | Event | What it does |
+|------|-------|-------------|
+| `session-start` | SessionStart | Loads branch, recent commits, tech debt, code health |
+| `session-stop` | Stop | Logs session accomplishments to `tasks/progress.md` |
+| `pre-compact` | PreCompact | Saves git state before context compression |
+| `validate-commit` | PreToolUse (git commit) | Validates conventional commit format, detects secrets |
+| `validate-push` | PreToolUse (git push) | Warns before pushing to protected branches |
+| `log-agent` | SubagentStart | Logs sub-agent invocations to `tasks/agent-audit.log` |
+
+**Enhanced hooks (opt-in via `/sk:setup-claude` or `/sk:setup-optimizer`):**
+| Hook | Event | What it does |
+|------|-------|-------------|
+| `config-protection` | PreToolUse (Edit/Write) | Blocks modifications to linter/formatter configs |
+| `post-edit-format` | PostToolUse (Edit) | Auto-formats with Biome/Prettier/Pint/gofmt after edits |
+| `console-log-warning` | Stop | Warns about `console.log`, `dd()`, `var_dump()` in modified files |
+| `suggest-compact` | PreToolUse (Edit/Write) | Suggests `/compact` after 50+ tool calls |
+| `cost-tracker` | Stop | Logs session metadata to `.claude/sessions/cost-log.jsonl` |
+| `safety-guard` | PreToolUse (Bash/Edit/Write) | Enforces `/sk:safety-guard` freeze/careful mode |
+
 ---
 
 ## Pick Your Flow
@@ -55,8 +93,8 @@ That's it. `/sk:setup-claude` creates your project scaffolding: planning files,
 | I want to... | Run this | What happens |
 |--------------|----------|-------------|
 | **Not sure — let ShipKit decide** | `/sk:start` | Classifies your task, routes to optimal flow/mode/agents |
-| **Build a new feature** | `/sk:brainstorm` | Full workflow: plan → TDD → 6 quality gates → PR |
-| **Build hands-free** | `/sk:autopilot` | All 21 steps, auto-skip, auto-advance, auto-commit |
+| **Build a new feature** | `/sk:brainstorm` | Full workflow: plan → TDD → quality gates → PR |
+| **Build hands-free** | `/sk:autopilot` | All 8 steps, auto-skip, auto-advance, auto-commit |
 | **Full-stack feature (parallel)** | `/sk:team` | Parallel domain agents (backend + frontend + QA) |
 | **Make a small change** | `/sk:fast-track` | Skip planning, keep all quality gates |
 | **Fix a bug** | `/sk:debug` | Investigate → regression test → fix → gates → PR |
@@ -74,20 +112,13 @@ That's it. `/sk:setup-claude` creates your project scaffolding: planning files,
 | Step | Command | What it does | Phase |
 |------|---------|-------------|-------|
 | 1 | `/sk:brainstorm` | Explore requirements, propose approaches | Think |
-| 2 | `/sk:frontend-design` | *Optional* — UI mockup (`--pencil` for visual) | Think |
-| 3 | `/sk:api-design` | *Optional* — API contracts | Think |
-| 4 | `/sk:accessibility` | *Optional* — WCAG 2.1 AA audit on design | Think |
-| 5 | `/sk:write-plan` | Write decision-complete plan | Think |
-| 6 | `/sk:branch` | Create feature branch | Build |
-| 7 | `/sk:schema-migrate` | *Optional* — auto-skips if no migrations | Build |
-| 8 | `/sk:write-tests` | TDD red — write failing tests | Build |
-| 9 | `/sk:execute-plan` | TDD green — make tests pass | Build |
-| 10 | `/sk:smart-commit` | Conventional commit | Build |
-| 11 | `/sk:gates` | All 6 quality gates (parallel) | Verify |
-| 12 | `/sk:update-task` | Mark done | Ship |
-| 13 | `/sk:finish-feature` | Changelog + PR | Ship |
-| 14 | `/sk:features` | Sync feature specs | Ship |
-| 15 | `/sk:release` | *Optional* — version bump + tag | Ship |
+| 2 | `/sk:frontend-design` or `/sk:api-design` | *Optional* — UI mockup or API contracts (includes accessibility) | Think |
+| 3 | `/sk:write-plan` | Write decision-complete plan | Think |
+| 4 | `/sk:branch` | Create feature branch | Build |
+| 5 | `/sk:write-tests` + `/sk:execute-plan` | TDD: write failing tests, then implement | Build |
+| 6 | `/sk:smart-commit` | Conventional commit | Build |
+| 7 | `/sk:gates` | All 6 quality gates (parallel batches) | Verify |
+| 8 | `/sk:finish-feature` | Update task, changelog, PR, feature sync, release | Ship |
 
 ---
 
@@ -97,14 +128,11 @@ That's it. `/sk:setup-claude` creates your project scaffolding: planning files,
 
 | Step | Command | What it does | Phase |
 |------|---------|-------------|-------|
-| ~~1~~ | ~~/sk:brainstorm~~ | **Skipped** | — |
-| ~~2~~ | ~~/sk:write-plan~~ | **Skipped** | — |
-| ~~3~~ | ~~/sk:write-tests~~ | **Skipped** | — |
-| 4 | `/sk:branch` | Create feature branch | Build |
-| 5 | implement directly | No TDD — write code | Build |
-| 6 | `/sk:smart-commit` | Conventional commit | Build |
-| 7 | `/sk:gates` | All 6 quality gates (parallel) | Verify |
-| 8 | `/sk:finish-feature` | Changelog + PR | Ship |
+| 1 | `/sk:branch` | Create feature branch | Build |
+| 2 | implement directly | No TDD — write code | Build |
+| 3 | `/sk:smart-commit` | Conventional commit | Build |
+| 4 | `/sk:gates` | All quality gates (parallel batches) | Verify |
+| 5 | `/sk:finish-feature` | Changelog + PR | Ship |
 
 Guard rails: warns if diff > 300 lines or > 5 new files.
 
@@ -116,15 +144,13 @@ Guard rails: warns if diff > 300 lines or > 5 new files.
 
 | Step | Command | What it does | Phase |
 |------|---------|-------------|-------|
-| ~~1~~ | ~~/sk:brainstorm~~ | **Skipped** | — |
-| ~~2~~ | ~~/sk:write-plan~~ | **Skipped** | — |
-| 3 | `/sk:debug` | Reproduce, isolate, hypothesize, verify | Think |
-| 4 | `/sk:branch` | Create fix branch | Build |
-| 5 | `/sk:write-tests` | Regression test that reproduces the bug | Build |
-| 6 | implement the fix | Make regression test pass | Build |
-| 7 | `/sk:smart-commit` | Commit fix + test | Build |
-| 8 | `/sk:gates` | All 6 quality gates (parallel) | Verify |
-| 9 | `/sk:finish-feature` | Changelog + PR | Ship |
+| 1 | `/sk:debug` | Reproduce, isolate, hypothesize, verify | Think |
+| 2 | `/sk:branch` | Create fix branch | Build |
+| 3 | `/sk:write-tests` | Regression test that reproduces the bug | Build |
+| 4 | implement the fix | Make regression test pass | Build |
+| 5 | `/sk:smart-commit` | Commit fix + test | Build |
+| 6 | `/sk:gates` | All quality gates (parallel batches) | Verify |
+| 7 | `/sk:finish-feature` | Changelog + PR | Ship |
 
 ---
 
@@ -134,16 +160,12 @@ Guard rails: warns if diff > 300 lines or > 5 new files.
 
 | Step | Command | What it does | Phase |
 |------|---------|-------------|-------|
-| ~~1~~ | ~~/sk:brainstorm~~ | **Skipped** | — |
-| ~~2~~ | ~~/sk:write-plan~~ | **Skipped** | — |
-| ~~3~~ | ~~/sk:write-tests~~ | **Skipped** | — |
-| 4 | `/sk:debug` | Root-cause analysis | Think |
-| 5 | `/sk:branch` | Create hotfix branch | Build |
-| 6 | implement directly | Fix the issue | Build |
-| 7 | run existing tests | Must still pass | Build |
-| 8 | `/sk:smart-commit` | Commit the fix | Build |
-| 9 | `/sk:gates` | All 6 quality gates (parallel) | Verify |
-| 10 | `/sk:finish-feature` | Changelog + PR (marked as hotfix) | Ship |
+| 1 | `/sk:debug` | Root-cause analysis | Think |
+| 2 | `/sk:branch` | Create hotfix branch | Build |
+| 3 | implement directly | Fix the issue | Build |
+| 4 | `/sk:smart-commit` | Commit the fix | Build |
+| 5 | `/sk:gates` | All quality gates (parallel batches) | Verify |
+| 6 | `/sk:finish-feature` | Changelog + PR (marked as hotfix) | Ship |
 
 After merging: add regression test + lesson to `tasks/lessons.md`.
 
@@ -172,7 +194,7 @@ One command runs all 6 gates in parallel batches:
 | **3** | code review | Needs deep understanding |
 | **4** | E2E Tests | Needs review fixes |
 
-Each gate auto-fixes, auto-commits, and re-runs until clean. If a gate fails 3 times, it stops and asks for help.
+Each gate auto-fixes and re-runs until clean. Fixes are squashed into one commit per gate pass. If a gate fails 3 times, it stops and asks for help.
 
 Pre-existing issues are logged to `tasks/tech-debt.md` — not fixed inline.
 
@@ -182,15 +204,56 @@ Pre-existing issues are logged to `tasks/tech-debt.md` — not fixed inline.
 
 Use these anytime — they're not part of any workflow.
 
+### Intelligence
+
+| Command | Usage | What it does |
+|---------|-------|-------------|
+| `/sk:learn` | `/sk:learn` | Extract reusable patterns from the session with confidence scoring (0.3-0.9) |
+| `/sk:learn` | `/sk:learn --list` | Show all learned patterns |
+| `/sk:context-budget` | `/sk:context-budget` | Audit token consumption across skills, agents, MCP tools, CLAUDE.md |
+| `/sk:context-budget` | `/sk:context-budget --verbose` | Per-file token breakdown |
+| `/sk:health` | `/sk:health` | Scorecard across 7 categories (0-70): tools, context, gates, memory, evals, security, cost |
+| `/sk:eval` | `/sk:eval define auth` | Define eval criteria before coding |
+| `/sk:eval` | `/sk:eval check auth` | Run evals during implementation |
+| `/sk:eval` | `/sk:eval report` | Summary of all eval results with pass@k metrics |
+
+### Session Management
+
+| Command | Usage | What it does |
+|---------|-------|-------------|
+| `/sk:save-session` | `/sk:save-session` | Save branch, task, progress, open questions to `.claude/sessions/` |
+| `/sk:save-session` | `/sk:save-session --name "auth-flow"` | Save with a custom name |
+| `/sk:resume-session` | `/sk:resume-session` | List saved sessions and pick one to restore |
+| `/sk:resume-session` | `/sk:resume-session --latest` | Auto-pick most recent session |
+| `/sk:context` | `/sk:context` | Load all project context (automatic via hooks on session start) |
+
+### Safety
+
+| Command | Usage | What it does |
+|---------|-------|-------------|
+| `/sk:safety-guard` | `/sk:safety-guard careful` | Block destructive commands (rm -rf, force push, etc.) |
+| `/sk:safety-guard` | `/sk:safety-guard freeze --dir src/` | Lock edits to `src/` only |
+| `/sk:safety-guard` | `/sk:safety-guard guard --dir src/` | Both careful + freeze combined |
+| `/sk:safety-guard` | `/sk:safety-guard off` | Disable all guards |
+| `/sk:safety-guard` | `/sk:safety-guard status` | Show current mode + blocked action count |
+
+### Code Quality
+
 | Command | When to use |
 |---------|------------|
 | `/sk:scope-check` | Mid-implementation — detect scope creep (On Track / Minor / Significant / Out of Control) |
 | `/sk:retro` | After shipping — analyze velocity, blockers, patterns, generate action items |
+| `/sk:seo-audit` | Web projects — SEO audit with source + dev server scanning |
+
+### Documentation & Setup
+
+| Command | When to use |
+|---------|------------|
 | `/sk:reverse-doc` | Inherited codebase — generate architecture/design docs from existing code |
+| `/sk:setup-optimizer` | Maintenance — diagnose, update workflow, deploy hooks, enrich CLAUDE.md |
+| `/sk:mvp` | New idea — generate a complete MVP app from a single prompt |
 | `/sk:status` | Quick view of workflow and task status |
 | `/sk:dashboard` | Visual Kanban board across all git worktrees |
-| `/sk:mvp` | Generate a complete MVP app from a single idea prompt |
-| `/sk:seo-audit` | SEO audit for web projects |
 
 ---
 
@@ -209,7 +272,7 @@ Use these anytime — they're not part of any workflow.
 ## All Commands
 
 <details>
-<summary><strong>38 commands</strong> — click to expand</summary>
+<summary><strong>51 commands</strong> — click to expand</summary>
 
 | Command | Purpose |
 |---------|---------|
@@ -221,33 +284,42 @@ Use these anytime — they're not part of any workflow.
 | `/sk:change` | Handle mid-workflow requirement changes |
 | `/sk:config` | View/edit project config |
 | `/sk:context` | Load project context (automatic via hooks) |
+| `/sk:context-budget` | Audit context window token consumption |
 | `/sk:dashboard` | Live Kanban board — sk:dashboard across worktrees |
 | `/sk:debug` | Structured bug investigation |
 | `/sk:e2e` | E2E Tests — behavioral verification |
+| `/sk:eval` | Define, run, and report evals for agent reliability |
 | `/sk:execute-plan` | Execute plan checkboxes in batches |
 | `/sk:fast-track` | Small changes — skip planning, keep gates |
 | `/sk:features` | Sync feature specs with codebase |
 | `/sk:finish-feature` | Changelog + PR |
 | `/sk:frontend-design` | UI mockup + optional Pencil visual design |
 | `/sk:gates` | All quality gates in parallel batches |
+| `/sk:health` | Harness self-audit scorecard |
 | `/sk:help` | Show all commands |
 | `/sk:hotfix` | Emergency fix workflow |
 | `/sk:laravel-init` | Configure existing Laravel project |
 | `/sk:laravel-new` | Scaffold fresh Laravel app |
+| `/sk:learn` | Extract reusable patterns from sessions |
 | `/sk:lint` | Auto-detect and run all linters |
 | `/sk:mvp` | Generate MVP app from a prompt |
 | `/sk:perf` | Performance audit |
 | `/sk:plan` | Create/refresh planning files |
 | `/sk:release` | Version bump + tag (`--android` / `--ios` for store audit) |
+| `/sk:resume-session` | Resume a previously saved session |
 | `/sk:retro` | Post-ship retrospective |
 | `/sk:reverse-doc` | Generate docs from existing code |
 | `/sk:review` | 7-dimension code review |
+| `/sk:safety-guard` | Protect against destructive ops |
+| `/sk:save-session` | Save session state for continuity |
 | `/sk:schema-migrate` | Database schema change analysis |
 | `/sk:scope-check` | Detect scope creep mid-implementation |
 | `/sk:security-check` | OWASP security audit |
-| `/sk:seo-audit` | sk:seo-audit for web projects |
+| `/sk:seo-audit` | SEO audit for web projects |
 | `/sk:set-profile` | Switch model routing profile |
 | `/sk:setup-claude` | Bootstrap project scaffolding |
+| `/sk:setup-optimizer` | Diagnose + update workflow + deploy hooks + enrich CLAUDE.md |
+| `/sk:skill-creator` | Create or improve skills |
 | `/sk:smart-commit` | Conventional commit with approval |
 | `/sk:start` | Smart entry point — classifies task, routes to optimal flow |
 | `/sk:status` | Show workflow + task status |
@@ -265,7 +337,7 @@ Use these anytime — they're not part of any workflow.
 
 | Topic | Where |
 |-------|-------|
-| Detailed workflow steps (21-step table) | [DOCUMENTATION.md](.claude/docs/DOCUMENTATION.md) |
+| Detailed workflow steps (8-step flow) | [DOCUMENTATION.md](.claude/docs/DOCUMENTATION.md) |
 | Feature specifications | [docs/FEATURES.md](docs/FEATURES.md) |
 | Model routing profiles & config | [DOCUMENTATION.md — Config](.claude/docs/DOCUMENTATION.md#config-reference) |
 | Infrastructure (hooks, agents, rules) | [DOCUMENTATION.md — Setup](.claude/docs/DOCUMENTATION.md#what-gets-created) |

package/commands/sk/autopilot.md

@@ -1,5 +1,5 @@
 ---
-description: "Hands-free workflow — all 21 steps, auto-skip, auto-advance, auto-commit. Stops only for direction approval and PR push."
+description: "Hands-free workflow — all 8 steps, auto-skip, auto-advance, auto-commit. Stops only for direction approval and PR push."
 ---
 
 # /sk:autopilot
@@ -8,7 +8,7 @@ Run the full ShipIt workflow in hands-free mode.
 
 Usage: `/sk:autopilot <task description>`
 
-Executes all 21 workflow steps with:
+Executes all 8 workflow steps with:
 - **Auto-skip** — optional steps skipped when clearly not needed
 - **Auto-advance** — no manual step transitions
 - **Auto-commit** — conventional format, no approval prompt

package/commands/sk/context-budget.md

@@ -0,0 +1,5 @@
+---
+description: "Audit context window token consumption and find optimization opportunities."
+---
+
+Use the `sk:context-budget` skill to inventory all components consuming context tokens (agents, skills, rules, MCP tools, CLAUDE.md), classify usage frequency, detect bloat, and recommend top 3 optimizations with estimated token savings.

package/commands/sk/eval.md

@@ -0,0 +1,5 @@
+---
+description: "Define, run, and report on evaluations for agent reliability and code quality."
+---
+
+Use the `sk:eval` skill to define eval criteria before coding (`define`), verify during implementation (`check`), and summarize results after shipping (`report`). Supports code-based, model-based, and human graders with pass@k and pass^k metrics.

package/commands/sk/health.md

@@ -0,0 +1,5 @@
+---
+description: "Run harness self-audit and produce a health scorecard."
+---
+
+Use the `sk:health` skill to score your ShipKit setup across 7 categories (Tool Coverage, Context Efficiency, Quality Gates, Memory Persistence, Eval Coverage, Security Guardrails, Cost Efficiency). Produces a 0-70 scorecard with concrete findings and top 3 actions.

package/commands/sk/help.md

@@ -65,35 +65,55 @@ Requirements change mid-workflow? Run `/sk:change` — it classifies the scope a
 |---------|-------------|
 | `/sk:accessibility` | WCAG 2.1 AA audit on frontend code |
 | `/sk:api-design` | Design REST/GraphQL contracts before implementation |
-| `/sk:brainstorm` | Explore requirements, no code |
+| `/sk:autopilot` | Hands-free workflow — auto-skip, auto-advance, auto-commit |
+| `/sk:brainstorm` | Explore requirements and design (includes search-first research) |
 | `/sk:branch` | Create branch from current task |
-| `/sk:change` | Handle mid-workflow requirement change — re-enter at the right step |
+| `/sk:change` | Handle mid-workflow requirement change |
+| `/sk:config` | View and edit project config |
+| `/sk:context` | Load project context (automatic via hooks) |
+| `/sk:context-budget` | Audit context window token consumption and find savings |
+| `/sk:dashboard` | Read-only workflow Kanban board |
 | `/sk:debug` | Structured bug investigation |
+| `/sk:e2e` | E2E behavioral verification |
+| `/sk:eval` | Define, run, and report evals for agent reliability |
 | `/sk:execute-plan` | Implement plan in batches |
+| `/sk:fast-track` | Small changes — skip planning, keep gates |
 | `/sk:features` | Sync docs/sk:features/ specs with codebase |
 | `/sk:finish-feature` | Changelog + PR creation |
-| `/sk:frontend-design` | UI mockup + design spec before implementation. Add `--pencil` to also generate a Pencil visual mockup (requires Pencil app + MCP) |
+| `/sk:frontend-design` | UI mockup + optional Pencil visual mockup |
+| `/sk:gates` | All quality gates in parallel batches |
+| `/sk:health` | Harness self-audit scorecard (7 categories, 0-70) |
 | `/sk:hotfix` | Emergency fix workflow (skips design/TDD) |
 | `/sk:laravel-init` | Configure existing Laravel project |
 | `/sk:laravel-new` | Scaffold new Laravel project |
+| `/sk:learn` | Extract reusable patterns from sessions |
 | `/sk:lint` | Auto-detect and run all linters |
+| `/sk:mvp` | Generate MVP app from a prompt |
 | `/sk:perf` | Performance audit |
 | `/sk:plan` | Create/refresh task planning files |
-| `/sk:release` | Automate releases: bump version, update CHANGELOG, create tag, push to GitHub. Use --android and/or --ios flags for App Store / Play Store readiness audit |
-| `/sk:review` | Blast-radius-aware self-review of branch changes |
+| `/sk:release` | Version bump + tag (`--android` / `--ios` for store audit) |
+| `/sk:resume-session` | Resume a previously saved session |
+| `/sk:retro` | Post-ship retrospective |
+| `/sk:reverse-doc` | Generate docs from existing code |
+| `/sk:review` | 7-dimension self-review of branch changes |
+| `/sk:safety-guard` | Protect against destructive ops (careful/freeze/guard) |
+| `/sk:save-session` | Save session state for cross-session continuity |
 | `/sk:schema-migrate` | Multi-ORM schema change analysis |
+| `/sk:scope-check` | Detect scope creep mid-implementation |
 | `/sk:security-check` | OWASP security audit |
+| `/sk:seo-audit` | SEO audit for web projects |
+| `/sk:set-profile` | Switch model routing profile |
 | `/sk:setup-claude` | Bootstrap project scaffolding |
-| `/sk:setup-optimizer` | Enrich CLAUDE.md by scanning codebase |
+| `/sk:setup-optimizer` | Diagnose + update workflow + enrich CLAUDE.md |
 | `/sk:skill-creator` | Create or improve skills |
 | `/sk:smart-commit` | Conventional commit with approval |
+| `/sk:start` | Smart entry point — classifies task, routes to optimal flow |
 | `/sk:status` | Show workflow and task status |
+| `/sk:team` | Parallel domain agents for full-stack tasks |
 | `/sk:test` | Auto-detect and verify all tests pass |
 | `/sk:update-task` | Mark task done, log completion |
 | `/sk:write-plan` | Write plan to `tasks/todo.md` |
 | `/sk:write-tests` | TDD: write failing tests first |
-| `/sk:config` | View and edit project config |
-| `/sk:set-profile` | Switch model routing profile |
 
 ---
 
@@ -113,9 +133,13 @@ ShipKit routes each skill to the right model automatically. Set once per project
 | brainstorm, write-plan, debug, execute-plan, review | opus | opus | sonnet | sonnet |
 | write-tests, frontend-design, api-design, security-check | opus | sonnet | sonnet | sonnet |
 | change | opus | sonnet | sonnet | sonnet |
+| autopilot, team | opus | opus | sonnet | sonnet |
 | perf, schema-migrate, accessibility | opus | sonnet | sonnet | haiku |
+| eval | sonnet | sonnet | sonnet | haiku |
 | lint, test | sonnet | sonnet | haiku | haiku |
 | smart-commit, branch, update-task | haiku | haiku | haiku | haiku |
+| start, learn, context-budget, health | haiku | haiku | haiku | haiku |
+| save-session, resume-session, safety-guard | haiku | haiku | haiku | haiku |
 
 `opus` = inherit (uses your current session model).
 Config lives in `.shipkit/config.json` — per project, gitignored by default.

package/commands/sk/learn.md

@@ -0,0 +1,5 @@
+---
+description: "Extract reusable patterns from the current session into learned instincts."
+---
+
+Use the `sk:learn` skill to analyze the current session for extractable patterns (error resolutions, debugging techniques, workarounds, project conventions). Patterns are saved with confidence scoring and can be promoted from project-scoped to global.

package/commands/sk/resume-session.md

@@ -0,0 +1,5 @@
+---
+description: "Resume a previously saved session with full context restoration."
+---
+
+Use the `sk:resume-session` skill to list available saved sessions from `.claude/sessions/`, select one, and restore its context (branch, task state, progress, open questions, next steps) into the current conversation.

package/commands/sk/safety-guard.md

@@ -0,0 +1,5 @@
+---
+description: "Protect against destructive operations with careful, freeze, and guard modes."
+---
+
+Use the `sk:safety-guard` skill to activate protection modes: `careful` (block destructive commands), `freeze --dir <path>` (lock edits to a directory), `guard --dir <path>` (both), `off` (disable), or `status` (show current mode).

package/commands/sk/save-session.md

@@ -0,0 +1,5 @@
+---
+description: "Save current session state for cross-session continuity."
+---
+
+Use the `sk:save-session` skill to persist the current session state (branch, task, progress, findings, open questions) to `.claude/sessions/` for resumption in a future conversation. Essential for EPIC-scope multi-session workflows.

package/commands/sk/security-check.md

@@ -12,7 +12,7 @@ By default, this checks only files changed on the current branch. Use `--all` to
 
 ## Hard Rules
 
-- **Fix all in-scope findings** (files in `git diff main..HEAD --name-only`) immediately after the audit. auto-commit with `fix(security): resolve [severity] security findings`. Re-run the audit until 0 findings remain.
+- **Fix all in-scope findings** (files in `git diff main..HEAD --name-only`) immediately after the audit. Re-run the audit until 0 findings remain. Once clean, make ONE squash commit: `fix(security): resolve security findings`.
 - **Pre-existing findings** (files outside the current branch diff): log to `tasks/tech-debt.md` using this format — do NOT fix inline:
   ```
   ### [YYYY-MM-DD] Found during: sk:security-check
@@ -20,7 +20,7 @@ By default, this checks only files changed on the current branch. Use `--all` to
   Issue: description of the vulnerability
   Severity: critical | high | medium | low
   ```
-- **Gates own their commits** — the fix-commit-rerun loop is fully internal. No manual commit step needed after this gate.
+- **Squash gate commits** — collect all fixes for the pass, then one commit. Do not commit after each individual fix.
 - **DO NOT skip checks** because the project is small or simple. Production is production.
 - **Every finding must cite a specific file and line number.**
 - **Every finding must reference the standard it violates** (OWASP, CWE, NIST, etc.).

package/commands/sk/set-profile.md

@@ -30,6 +30,10 @@ Valid profiles: `full-sail` · `quality` · `balanced` · `budget`
 | smart-commit, branch, update-task | haiku | haiku | haiku | haiku |
 | autopilot, team | opus | opus | sonnet | sonnet |
 | start | haiku | haiku | haiku | haiku |
+| learn, context-budget, health | haiku | haiku | haiku | haiku |
+| save-session, resume-session | haiku | haiku | haiku | haiku |
+| safety-guard | haiku | haiku | haiku | haiku |
+| eval | sonnet | sonnet | sonnet | haiku |
 
 Note: `opus` = inherit (uses the current session model). Switch to Opus 4.5 in your session to get the full benefit.
 
@@ -70,6 +74,10 @@ Model assignments for this project:
   smart-commit, branch, update-task → haiku
   autopilot, team → <model>
   start → haiku
+  learn, context-budget, health → haiku
+  save-session, resume-session → haiku
+  safety-guard → haiku
+  eval → <model>
 
 Run /sk:config to see all settings or make further changes.
 ```

package/commands/sk/status.md

@@ -1,25 +1,20 @@
 ---
-description: “Show planning and workflow status at a glance.”
+description: "Show planning and workflow status at a glance."
 ---
 
 <!-- Generated by /sk:setup-claude -->
 
 # /sk:status
 
-Read `tasks/todo.md` and `tasks/workflow-status.md`, then display a compact status summary.
+Read `tasks/todo.md`, then display a compact status summary.
 
 ## What to show
 
-### Workflow Status (from `tasks/workflow-status.md`)
-- Current step: show the step marked `>> next <<`
-- Completed steps: count of `done` steps vs total
-- Any steps marked `partial` or with notable Notes
-- If no workflow file exists, say “No active workflow”
-
 ### Task Status (from `tasks/todo.md`)
 - Total plan items vs completed plan items (checkbox count)
+- Current git branch
 - Errors count (if the file has an Errors section/table)
 - Whether `tasks/findings.md` and `tasks/progress.md` exist
 
-Keep it brief: answer “where am I?” and “what’s next?”.
+Keep it brief: answer "where am I?" and "what's next?".
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kennethsolomon/shipkit",
-  "version": "3.10.1",
+  "version": "3.11.0",
   "description": "A structured workflow toolkit for Claude Code.",
   "keywords": [
     "claude",

package/skills/sk:accessibility/SKILL.md

@@ -43,6 +43,8 @@ Run this skill:
 - Visible focus indicator on all interactive elements (not removed with `outline: none` without replacement)
 - Modal/dialog focus management: focus moves into modal on open, returns to trigger on close
 - Skip navigation link present for pages with repeated navigation
+- Modals and multi-step flows must have a visible cancel/back affordance — no dead ends (WCAG 3.2.2)
+- Do not override or intercept system/platform keyboard shortcuts (Tab, arrow keys, Escape, VoiceOver gestures)
 
 ### 3. ARIA & Semantics (WCAG 4.1.2, 1.3.1)
 - Semantic HTML first (`<button>`, `<nav>`, `<main>`, `<header>`) — ARIA only when HTML is insufficient
@@ -70,7 +72,14 @@ Run this skill:
 - All non-essential animations respect `prefers-reduced-motion` media query
 - Auto-playing animations can be paused, stopped, or hidden
 
-### 7. Content & Structure (WCAG 1.3.1, 2.4.6, 2.4.2)
+### 7. iOS Dynamic Type (Apple HIG)
+- UI must remain fully readable and usable when system font size is at the largest accessibility setting
+- No text truncation at large sizes — prefer wrapping over ellipsis
+- All layouts must reflow correctly without overlapping or clipping at Dynamic Type XXL
+- Avoid fixed heights on elements that contain text — use dynamic sizing
+- Test at: Settings → Accessibility → Display & Text Size → Larger Text (max slider)
+
+### 8. Content & Structure (WCAG 1.3.1, 2.4.6, 2.4.2)
 - Single `<h1>` per page; heading hierarchy is logical (no skipped levels)
 - Page has a descriptive `<title>`
 - Link text is descriptive standalone ("Read the docs" not "Click here")