@kennethsolomon/shipkit 3.10.1 → 3.11.0

package/skills/sk:resume-session/SKILL.md

@@ -0,0 +1,95 @@
+---
+name: sk:resume-session
+description: "Resume a previously saved session with full context restoration."
+---
+
+# /sk:resume-session — Restore Session Context
+
+Lists available saved sessions and restores the selected one, injecting the saved context into the current conversation.
+
+## Usage
+
+```
+/sk:resume-session             # list sessions, pick one
+/sk:resume-session --latest    # auto-pick most recent session
+/sk:resume-session --name "auth-flow"  # resume specific named session
+```
+
+## Model Routing
+
+Read `.shipkit/config.json` from the project root if it exists.
+
+| Profile | Model |
+|---------|-------|
+| `full-sail` | haiku |
+| `quality` | haiku |
+| `balanced` | haiku |
+| `budget` | haiku |
+
+> Deserialization is lightweight — haiku is sufficient.
+
+## How It Works
+
+### Step 1: List Available Sessions
+
+Read `.claude/sessions/` and display:
+
+```
+Available sessions:
+
+  1. [2026-03-25] feat/auth-flow — "auth-flow" (3 hours ago)
+     Task: Implement OAuth2 login with Google
+     Step: 5 (Write Tests + Implement)
+
+  2. [2026-03-24] feat/api-redesign — "api-v2" (1 day ago)
+     Task: Redesign REST API to v2 spec
+     Step: 7 (Gates)
+
+  3. [2026-03-23] fix/queue-timeout — auto-save (2 days ago)
+     Task: Fix Redis queue timeout in production
+     Step: 4 (Branch)
+
+Select session (1-3) or 'q' to cancel:
+```
+
+### Step 2: Load Session
+
+Read the selected session file and inject context:
+
+1. **Verify branch** — check if the session's branch still exists
+   - If yes: suggest `git checkout [branch]` if not already on it
+   - If no: warn that the branch was deleted, proceed with context anyway
+2. **Load task state** — read `tasks/todo.md` and cross-reference with saved state
+3. **Load progress** — read `tasks/progress.md` for the full history
+4. **Restore context** — output the session's findings, open questions, and next steps
+
+### Step 3: Report
+
+```
+Resumed session from 2026-03-25 on branch feat/auth-flow
+
+  Task: Implement OAuth2 login with Google
+  Step: 5 (Write Tests + Implement)
+  Commits since save: 2
+
+  Open Questions:
+    - Should we support refresh token rotation?
+    - Which scopes are required for profile access?
+
+  Next Steps:
+    - Write integration test for token exchange
+    - Implement callback controller
+```
+
+### Step 4: Continue
+
+The workflow continues from wherever it left off. The session file provides enough context to avoid re-reading the entire codebase.
+
+## Session Cleanup
+
+Sessions older than 30 days are candidates for cleanup. Run manually:
+```bash
+find .claude/sessions/ -name "*.md" -mtime +30 -delete
+```
+
+Future: add `--cleanup` flag to auto-remove old sessions.

package/skills/sk:retro/SKILL.md

@@ -23,7 +23,6 @@ Read these files to build the retrospective:
 |------|----------------|
 | `tasks/todo.md` | Planned tasks — count total, completed, dropped |
 | `tasks/progress.md` | Work log — errors, resolutions, session timestamps |
-| `tasks/workflow-status.md` | Step-by-step status — attempt counts, skip reasons |
 | `tasks/findings.md` | Design decisions — were they validated? |
 | `tasks/lessons.md` | New lessons added during this task |
 | `tasks/tech-debt.md` | Tech debt logged during gates |
@@ -51,7 +50,7 @@ git rev-list main..HEAD --count
 |--------|-----|
 | **Completion rate** | Completed tasks / Planned tasks * 100 |
 | **Velocity** | Commits per day, files changed per day |
-| **Gate performance** | Extract attempt counts from workflow-status.md Notes (e.g., "clean on attempt 3") |
+| **Gate performance** | Count fix commits per gate from git log (e.g., `fix(lint):`, `fix(test):`) |
 | **Blocker count** | Count "FAIL", "error", "blocked", "3-Strike" entries in tasks/progress.md |
 | **Rework rate** | Count fix commits (fix(lint):, fix(test):, etc.) vs feature commits |
 

package/skills/sk:review/SKILL.md

@@ -450,14 +450,14 @@ After presenting the review report, fix **all** findings regardless of severity
   Severity: critical | high | medium | low
   ```
 
-After all in-scope fixes are applied: auto-commit with `fix(review): address review findings`. Do not ask the user. Re-run `/sk:review` from scratch.
+After all in-scope fixes are applied: make ONE squash commit with `fix(review): address review findings`. Do not ask the user. Re-run `/sk:review` from scratch.
 
 Loop until the review is completely clean (0 findings across all severities for in-scope code).
 
 When clean:
 > "Review complete — 0 findings. Run `/sk:finish-feature` to finalize the branch and create a PR."
 
-**Note:** Gates own their commits — the fix-commit-rerun loop is fully internal. No manual commit step needed after this gate.
+> Squash gate commits — collect all fixes for the pass, then one commit. Do not commit after each individual fix.
 
 ### Fix & Retest Protocol
 

package/skills/sk:safety-guard/SKILL.md

@@ -0,0 +1,134 @@
+---
+name: sk:safety-guard
+description: "Protect against destructive operations with careful, freeze, and guard modes."
+---
+
+# /sk:safety-guard — Destructive Operation Protection
+
+Three modes of protection that prevent accidental destructive operations and constrain file edits to specific directories.
+
+## Usage
+
+```
+/sk:safety-guard careful              # intercept destructive commands
+/sk:safety-guard freeze --dir src/    # lock edits to src/ only
+/sk:safety-guard guard --dir src/     # both careful + freeze
+/sk:safety-guard off                  # disable all guards
+/sk:safety-guard status               # show current mode
+```
+
+## Model Routing
+
+Read `.shipkit/config.json` from the project root if it exists.
+
+| Profile | Model |
+|---------|-------|
+| `full-sail` | haiku |
+| `quality` | haiku |
+| `balanced` | haiku |
+| `budget` | haiku |
+
+> Config read/write — haiku is sufficient.
+
+## Modes
+
+### Careful Mode
+
+Intercepts destructive commands before execution:
+
+| Command Pattern | Risk |
+|----------------|------|
+| `rm -rf`, `rm -fr` | File deletion |
+| `git push --force`, `git push -f` | History rewrite |
+| `git reset --hard` | Uncommitted changes lost |
+| `git clean -f` | Untracked files deleted |
+| `DROP TABLE`, `DROP DATABASE` | Data loss |
+| `chmod 777`, `chmod -R 777` | Security vulnerability |
+| `--no-verify` | Hook bypass |
+
+When a destructive command is detected:
+```
+BLOCKED by safety-guard (careful mode): destructive command detected.
+  Command: rm -rf /tmp/build
+  Pattern: rm -rf
+  Disable: /sk:safety-guard off
+```
+
+### Freeze Mode
+
+Locks file edits (Edit/Write tools) to a specific directory tree:
+
+```
+/sk:safety-guard freeze --dir src/api/
+```
+
+After activation:
+- Edit/Write to `src/api/**` → allowed
+- Edit/Write to `src/models/**` → **BLOCKED**
+- Edit/Write to `tests/**` → **BLOCKED**
+- Bash commands → not restricted (use careful mode for that)
+
+When a write outside the frozen directory is detected:
+```
+BLOCKED by safety-guard (freeze mode): write outside frozen directory.
+  File: tests/api/auth.test.ts
+  Allowed: src/api/
+  Disable: /sk:safety-guard off
+```
+
+### Guard Mode
+
+Combines careful + freeze. Both protections active simultaneously.
+
+### Off
+
+Disables all guards. Removes `.claude/safety-guard.json`.
+
+## Implementation
+
+### Configuration File
+
+Safety guard state is stored in `.claude/safety-guard.json`:
+
+```json
+{
+  "mode": "guard",
+  "freeze_dir": "src/api/",
+  "activated_at": "2026-03-25T10:30:00Z",
+  "activated_by": "user"
+}
+```
+
+### Hook Integration
+
+The `safety-guard.sh` hook (deployed to `.claude/hooks/`) reads this config file on every PreToolUse event for Bash/Edit/Write tools. If no config file exists, the hook exits immediately (no overhead).
+
+## Steps
+
+When invoked:
+
+1. Parse the mode argument (`careful` | `freeze` | `guard` | `off` | `status`)
+2. For freeze/guard: require `--dir` argument
+3. Write config to `.claude/safety-guard.json`
+4. Confirm activation:
+   ```
+   Safety guard activated: guard mode
+   Freeze directory: src/api/
+   Destructive commands: blocked
+   Disable: /sk:safety-guard off
+   ```
+
+For `status`:
+```
+Safety guard: guard mode (active since 2026-03-25 10:30)
+  Freeze directory: src/api/
+  Blocked actions: 3 (2 destructive commands, 1 out-of-scope write)
+  Log: .claude/safety-guard.log
+```
+
+## Best Practices
+
+- Use **freeze mode** during `/sk:autopilot` to prevent scope creep in file edits
+- Use **careful mode** as a default for new team members
+- Use **guard mode** for production hotfixes — maximum protection
+- Always disable after the focused task is complete

package/skills/sk:save-session/SKILL.md

@@ -0,0 +1,84 @@
+---
+name: sk:save-session
+description: "Save current session state for cross-session continuity."
+---
+
+# /sk:save-session — Persist Session State
+
+Saves the current session state to `.claude/sessions/` so you can resume work in a future conversation. Essential for EPIC-scope tasks that span multiple sessions.
+
+## Usage
+
+```
+/sk:save-session                    # save with auto-generated name
+/sk:save-session --name "auth-flow" # save with custom name
+```
+
+## Model Routing
+
+Read `.shipkit/config.json` from the project root if it exists.
+
+| Profile | Model |
+|---------|-------|
+| `full-sail` | haiku |
+| `quality` | haiku |
+| `balanced` | haiku |
+| `budget` | haiku |
+
+> Serialization is lightweight — haiku is sufficient.
+
+## What Gets Saved
+
+The session file captures:
+
+```markdown
+---
+saved: [YYYY-MM-DDTHH:MM:SSZ]
+branch: [current git branch]
+task: [current task title from tasks/todo.md]
+step: [current workflow step number]
+---
+
+## Active Task
+[Current task description from tasks/todo.md — first unchecked item]
+
+## Branch State
+- Branch: [name]
+- Commits since main: [count]
+- Uncommitted changes: [list of modified files]
+
+## Progress Summary
+[Last 10 lines from tasks/progress.md]
+
+## Key Findings This Session
+[Any entries added to tasks/findings.md during this session]
+
+## Open Questions
+[Questions that were raised but not resolved]
+
+## Next Steps
+[What should be done when resuming — derived from todo.md + progress]
+
+## Context Notes
+[Any important context that would be lost on session end]
+```
+
+## Storage
+
+- **Path**: `.claude/sessions/[YYYY-MM-DD]-[branch]-[name].md`
+- **Example**: `.claude/sessions/2026-03-25-feat-auth-flow-auth-flow.md`
+- **Gitignore**: Add `.claude/sessions/` to `.gitignore` (session state is personal, not shared)
+
+## Steps
+
+1. Read current git state (branch, uncommitted changes, recent commits)
+2. Read `tasks/todo.md` — extract current task and step
+3. Read `tasks/progress.md` — extract recent entries
+4. Read `tasks/findings.md` — extract entries from today
+5. Ask user: "Any open questions or context to preserve?" (optional)
+6. Write session file to `.claude/sessions/`
+7. Confirm save with file path
+
+## Auto-Save via Hook
+
+The `session-stop.sh` hook automatically saves a minimal session snapshot on every session end. The `/sk:save-session` command creates a richer, more detailed snapshot with user input.

package/skills/sk:setup-claude/SKILL.md

@@ -22,7 +22,7 @@ After bootstrapping a project, the recommended workflow becomes:
 ## What Gets Bootstrapped In The Target Repo
 
 ### Planning / Memory Files (in `tasks/`)
-- `tasks/todo.md` — plan + checkboxes + results
+- `tasks/todo.md` — plan + checkboxes + results (also tracks workflow progress via checkboxes)
 - `tasks/findings.md` — discoveries + decisions
 - `tasks/progress.md` — chronological work log + test results
 - `tasks/lessons.md` — durable “don’t repeat mistakes” log (**never overwrite**)
@@ -102,6 +102,28 @@ Never overwrite `tasks/lessons.md` — always append.
 - `.claude/docs/changelog-guide.md`
 - `.claude/docs/arch-changelog-guide.md`
 
+## Phase 0: Reconnaissance (first setup only)
+
+On **first-time setup** (no existing `CLAUDE.md` or `tasks/findings.md`), run a reconnaissance pass before stack detection:
+
+1. **Directory scan** — list top 2 levels of the project tree (excluding node_modules, vendor, .git, dist, build)
+2. **Entry point detection** — find main.*, index.*, app.*, server.*, manage.py, artisan, Makefile
+3. **Architecture classification**:
+   - Monorepo: multiple package.json/go.mod files, `packages/` or `apps/` directory
+   - Monolith: single manifest, `src/` or `app/` directory
+   - Microservices: `services/` directory with separate manifests
+4. **Data flow trace** — from entry point, identify: request handling → validation → business logic → data persistence
+5. **Output** — append architecture summary to `tasks/findings.md`:
+   ```
+   ## Reconnaissance (auto-generated by /sk:setup-claude)
+   - Architecture: [monolith/monorepo/microservices]
+   - Entry points: [list]
+   - Key directories: [list with purposes]
+   - Data flow: [request → ... → response]
+   ```
+
+Skip this phase on re-runs (when `tasks/findings.md` already contains "Reconnaissance").
+
 ## Generation Inputs
 
 This skill detects:
@@ -309,7 +331,7 @@ Additionally report:
 
 ### Hooks (in `.claude/hooks/`)
 
-Deployed from `templates/hooks/` to `.claude/hooks/` (made executable):
+**Core hooks** — always deployed from `templates/hooks/` to `.claude/hooks/` (made executable):
 
 - `session-start.sh` — runs on SessionStart, loads context
 - `session-stop.sh` — runs on Stop, persists session state
@@ -318,6 +340,21 @@ Deployed from `templates/hooks/` to `.claude/hooks/` (made executable):
 - `validate-push.sh` — PreToolUse hook for `git push*`, confirms before pushing
 - `log-agent.sh` — SubagentStart hook, logs sub-agent launches
 
+**Enhanced hooks** — deployed only when user opts in. After deploying core hooks, prompt:
+
+> "Install enhanced hooks? These add config protection, auto-formatting, debug statement warnings, compact suggestions, and cost tracking. [y/n]"
+
+If yes, deploy these additional hooks:
+
+- `config-protection.sh` — PreToolUse hook for Edit/Write, blocks linter/formatter config modifications
+- `post-edit-format.sh` — PostToolUse hook for Edit, auto-formats with project's formatter
+- `console-log-warning.sh` — Stop hook, warns about debug statements in modified files
+- `cost-tracker.sh` — Stop hook (async), logs session metadata to `.claude/sessions/cost-log.jsonl`
+- `suggest-compact.sh` — PreToolUse hook, suggests `/compact` after 50+ tool calls
+- `safety-guard.sh` — PreToolUse hook for Bash/Edit/Write, reads `.claude/safety-guard.json` for protection rules
+
+If no, skip enhanced hooks — core hooks are always installed.
+
 ### Agent Definitions (in `.claude/agents/`)
 
 Deployed from `templates/.claude/agents/` (create-if-missing):
@@ -345,14 +382,13 @@ Deployed from `templates/.claude/rules/` based on detected stack:
 Rendered from `templates/.claude/settings.json.template`. Contains:
 - Statusline configuration (points to `.claude/statusline.sh`)
 - Permission allow/deny lists for safe Bash commands
-- Hook wiring for all 6 hooks above
+- Hook wiring for all hooks (core 6 + enhanced 6 if opted in)
 
 ### Statusline Generation (`.claude/statusline.sh`)
 
 Copied from `templates/.claude/statusline.sh` (made executable). Displays:
 - Context window usage percentage
 - Current model
-- Current workflow step (from `tasks/workflow-status.md`)
 - Git branch
 - Current task name
 

package/skills/sk:setup-claude/scripts/apply_setup_claude.py

@@ -451,7 +451,6 @@ def apply(
     add("templates/tasks/progress.md.template", "tasks/progress.md", "missing")
     add("templates/tasks/lessons.md.template", "tasks/lessons.md", "missing")
     add("templates/tasks/security-findings.md.template", "tasks/security-findings.md", "missing")
-    add("templates/tasks/workflow-status.md.template", "tasks/workflow-status.md", "missing")
     add("templates/tasks/cross-platform.md.template", "tasks/cross-platform.md", "missing")
 
     # commands (update if generated)

package/skills/sk:setup-claude/templates/.claude/settings.json.template

@@ -26,50 +26,134 @@
   "hooks": {
     "SessionStart": [
       {
-        "type": "command",
-        "command": "bash .claude/hooks/session-start.sh",
-        "timeout": 10000
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/session-start.sh",
+            "timeout": 10000
+          }
+        ]
       }
     ],
     "PreCompact": [
       {
-        "type": "command",
-        "command": "bash .claude/hooks/pre-compact.sh",
-        "timeout": 10000
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/pre-compact.sh",
+            "timeout": 10000
+          }
+        ]
       }
     ],
     "PreToolUse": [
       {
-        "type": "command",
-        "command": "bash .claude/hooks/validate-commit.sh",
-        "timeout": 10000,
-        "matcher": {
-          "tool_name": "Bash",
-          "command_pattern": "git commit*"
-        }
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/validate-commit.sh",
+            "timeout": 10000
+          }
+        ]
       },
       {
-        "type": "command",
-        "command": "bash .claude/hooks/validate-push.sh",
-        "timeout": 5000,
-        "matcher": {
-          "tool_name": "Bash",
-          "command_pattern": "git push*"
-        }
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/validate-push.sh",
+            "timeout": 5000
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/config-protection.sh",
+            "timeout": 5000
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/suggest-compact.sh",
+            "timeout": 3000
+          }
+        ]
+      },
+      {
+        "matcher": "Bash|Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/safety-guard.sh",
+            "timeout": 5000
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/post-edit-format.sh",
+            "timeout": 10000
+          }
+        ]
       }
     ],
     "SubagentStart": [
       {
-        "type": "command",
-        "command": "bash .claude/hooks/log-agent.sh",
-        "timeout": 5000
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/log-agent.sh",
+            "timeout": 5000
+          }
+        ]
       }
     ],
     "Stop": [
       {
-        "type": "command",
-        "command": "bash .claude/hooks/session-stop.sh",
-        "timeout": 10000
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/session-stop.sh",
+            "timeout": 10000
+          }
+        ]
+      },
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/console-log-warning.sh",
+            "timeout": 10000
+          }
+        ]
+      },
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/cost-tracker.sh",
+            "timeout": 5000
+          }
+        ]
       }
     ]
   }

package/skills/sk:setup-claude/templates/.claude/statusline.sh

@@ -26,20 +26,6 @@ fi
 # Branch
 BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "none")
 
-# Current workflow step
-STEP="—"
-if [ -f "tasks/workflow-status.md" ]; then
-    NEXT_LINE=$(grep -E ">>\s*next\s*<<" "tasks/workflow-status.md" 2>/dev/null | head -1)
-    if [ -n "$NEXT_LINE" ]; then
-        # Extract step number and name from table row
-        STEP_NUM=$(echo "$NEXT_LINE" | grep -oE '^\|[[:space:]]*[0-9]+' | grep -oE '[0-9]+')
-        STEP_NAME=$(echo "$NEXT_LINE" | sed 's/.*| *>> next << *|.*//' | sed 's/|.*//;s/^ *//;s/ *$//')
-        if [ -n "$STEP_NUM" ]; then
-            STEP="Step ${STEP_NUM}"
-        fi
-    fi
-fi
-
 # Task name from todo.md
 TASK="—"
 if [ -f "tasks/todo.md" ]; then
@@ -47,4 +33,4 @@ if [ -f "tasks/todo.md" ]; then
 fi
 
 # Output single line
-echo "[${CTX_PCT}%] ${MODEL} | ${STEP} | ${BRANCH} | ${TASK}"
+echo "[${CTX_PCT}%] ${MODEL} | ${BRANCH} | ${TASK}"