@mikulgohil/ai-kit 1.1.0 → 1.3.0

package/guides/getting-started.md

@@ -4,11 +4,14 @@
 
 `ai-kit init` scanned your project and generated AI configuration files tailored to your tech stack. Here's what was created:
 
-| File | Purpose |
-|------|---------|
+| File / Directory | Purpose |
+|-----------------|---------|
 | `CLAUDE.md` | Rules for Claude Code — tells the AI about your project |
 | `.cursorrules` | Rules for Cursor — same purpose, Cursor format |
-| `.claude/commands/` | Slash commands — pre-built workflows for common tasks |
+| `.claude/skills/` | Skills — pre-built workflows for common tasks |
+| `.claude/agents/` | Agents — specialized AI assistants for delegation |
+| `.claude/contexts/` | Context modes — dev, review, and research modes |
+| `.claude/settings.local.json` | Hooks — automated checks that run as you code |
 | `ai-kit/guides/` | Guides — tips and playbooks for using AI effectively |
 | `docs/` | Doc templates — for tracking decisions and mistakes |
 | `ai-kit.config.json` | Config — what AI Kit detected and generated |
@@ -16,7 +19,7 @@
 ## First Thing to Do
 
 ### If you use Claude Code:
-Run the `/prompt-help` command. It's an interactive prompt builder that asks you all the right questions before generating a perfect prompt. No more "fix this" and getting garbage output.
+Run the `/prompt-help` command. It's an interactive prompt builder that asks you all the right questions before generating a perfect prompt.
 
 ```
 /prompt-help
@@ -25,18 +28,67 @@ Run the `/prompt-help` command. It's an interactive prompt builder that asks you
 ### If you use Cursor:
 Open any file and use Cmd+K or the chat panel. The `.cursorrules` file is automatically loaded and gives Cursor context about your project.
 
-## Available Slash Commands (Claude Code)
+## Available Skills (Claude Code)
 
-| Command | What it does |
-|---------|-------------|
+### Getting Started
+| Skill | What it does |
+|-------|-------------|
 | `/prompt-help` | Interactive prompt builder — **start here** |
-| `/review` | Deep code review as a Senior Engineer |
-| `/fix-bug` | Guided bug fix workflow |
+| `/understand` | Explain code in detail |
+| `/token-tips` | Token usage optimization |
+
+### Building
+| Skill | What it does |
+|-------|-------------|
 | `/new-component` | Scaffold a new component |
 | `/new-page` | Create a new page/route |
-| `/understand` | Explain code in detail |
+| `/api-route` | Scaffold an API route |
+| `/figma-to-code` | Implement Figma designs |
+
+### Quality & Review
+| Skill | What it does |
+|-------|-------------|
+| `/review` | Deep code review |
+| `/fix-bug` | Guided bug fix workflow |
 | `/test` | Generate tests |
-| `/optimize` | Performance optimization |
+| `/quality-gate` | Run ALL quality checks at once |
+| `/security-check` | Security vulnerability scan |
+| `/accessibility-audit` | WCAG 2.1 AA audit |
+
+### Session & Learning (NEW in v1.2.0)
+| Skill | What it does |
+|-------|-------------|
+| `/save-session` | Save current session for later resumption |
+| `/resume-session` | Pick up where you left off |
+| `/checkpoint` | Snapshot all quality check results |
+| `/orchestrate` | Coordinate multiple agents on complex tasks |
+| `/harness-audit` | Check AI configuration health |
+
+## Hooks (Automated Checks)
+
+Hooks run automatically as you code — no action needed. Based on your selected profile:
+
+- **Auto-format**: files are formatted on save (Prettier or Biome)
+- **Type-check**: TypeScript errors caught after every edit
+- **Console.log warning**: catches debug statements before commit
+- **Git push safety**: reminder to review before pushing
+
+See `ai-kit/guides/hooks-and-agents.md` for details on profiles and customization.
+
+## Agents
+
+Specialized AI assistants live in `.claude/agents/` and can be delegated to:
+
+| Agent | Specialization |
+|-------|---------------|
+| `planner` | Implementation planning |
+| `code-reviewer` | Quality review |
+| `security-reviewer` | Security audit |
+| `build-resolver` | Fix build errors |
+| `e2e-runner` | Playwright E2E tests |
+| `doc-updater` | Documentation sync |
+| `refactor-cleaner` | Dead code cleanup |
+| `sitecore-specialist` | Sitecore XM Cloud patterns |
 
 ## Tips
 
@@ -45,17 +97,18 @@ Open any file and use Cmd+K or the chat panel. The `.cursorrules` file is automa
 3. **Don't start from scratch** — ask the AI to read existing code first
 4. **One task per conversation** — keep conversations focused
 5. **Review AI output** — always read what it generates before accepting
+6. **Use `/checkpoint`** before and after major changes to track quality
+7. **Use `/save-session`** before ending a long session
 
-## Updating
-
-When you add new packages or change your project structure:
-```bash
-npx @mikulgohil/ai-kit update
-```
-
-## Removing
+## CLI Commands
 
-To remove all AI Kit generated files:
 ```bash
-npx @mikulgohil/ai-kit reset
+npx @mikulgohil/ai-kit update    # Re-scan and update configs
+npx @mikulgohil/ai-kit audit     # Security & config health check
+npx @mikulgohil/ai-kit doctor    # Diagnose setup issues
+npx @mikulgohil/ai-kit diff      # Preview what would change on update
+npx @mikulgohil/ai-kit stats     # Project complexity metrics
+npx @mikulgohil/ai-kit tokens    # Token usage and cost estimates
+npx @mikulgohil/ai-kit export    # Export to Windsurf, Aider, Cline
+npx @mikulgohil/ai-kit reset     # Remove all generated files
 ```

package/guides/hooks-and-agents.md

@@ -0,0 +1,124 @@
+# Hooks, Agents & Context Modes
+
+AI Kit v1.2.0 introduces automated hooks, specialized agents, and context modes to supercharge your AI-assisted development workflow.
+
+## Hooks
+
+Hooks are automated checks that run as you code — no manual invocation needed.
+
+### How They Work
+
+Hooks are configured in `.claude/settings.local.json` and fire on specific events:
+
+| Event | When It Fires |
+|-------|--------------|
+| **PreToolUse** | Before a tool runs (e.g., before `git push`) |
+| **PostToolUse** | After a file is edited or written |
+| **Stop** | After each AI response completes |
+
+### Hook Profiles
+
+AI Kit generates hooks based on your selected profile:
+
+| Profile | What Runs |
+|---------|-----------|
+| **Minimal** | Auto-format + git push safety warning |
+| **Standard** | Minimal + TypeScript type-check + console.log warnings |
+| **Strict** | Standard + ESLint check + stop-time console.log audit |
+
+### Changing Your Profile
+
+Re-run `ai-kit init` and select a different hook profile, or edit `.claude/settings.local.json` directly.
+
+### Disabling a Hook
+
+Remove or comment out the hook entry in `.claude/settings.local.json`. The file is gitignored by default, so your changes are local.
+
+---
+
+## Agents
+
+Agents are specialized AI assistants that can be delegated to for specific tasks. They live in `.claude/agents/`.
+
+### Available Agents
+
+| Agent | What It Does |
+|-------|-------------|
+| **planner** | Breaks down features into implementation plans |
+| **code-reviewer** | Deep code review for quality, patterns, and security |
+| **security-reviewer** | Focused security audit (XSS, CSRF, OWASP Top 10) |
+| **build-resolver** | Diagnoses and fixes build/type errors |
+| **e2e-runner** | Generates and runs Playwright E2E tests |
+| **doc-updater** | Syncs documentation with code changes |
+| **refactor-cleaner** | Finds and removes dead code |
+| **sitecore-specialist** | Sitecore XM Cloud patterns and debugging |
+
+### How to Use Agents
+
+In Claude Code, agents are automatically available for delegation. You can also invoke them directly:
+
+```
+@planner Plan the implementation for adding dark mode support
+@code-reviewer Review the changes in src/components/Header.tsx
+@e2e-runner Write E2E tests for the checkout flow
+```
+
+### Conditional Agents
+
+Some agents are only generated when their tools are detected:
+- **e2e-runner** — only if Playwright is installed
+- **sitecore-specialist** — only if Sitecore XM Cloud is detected
+
+---
+
+## Context Modes
+
+Context modes change how the AI approaches your work. They live in `.claude/contexts/`.
+
+### Available Modes
+
+| Mode | Best For |
+|------|----------|
+| **dev** | Building features — focus on implementation |
+| **review** | Reviewing code — focus on quality and security |
+| **research** | Exploring code — focus on understanding and documentation |
+
+### How to Use
+
+Reference the context in your prompt:
+
+```
+Using review context, check the authentication flow in src/lib/auth.ts
+```
+
+---
+
+## Session Management
+
+New skills help you persist context across sessions:
+
+| Skill | What It Does |
+|-------|-------------|
+| `/save-session` | Save current session state and decisions |
+| `/resume-session` | Restore context from a previous session |
+| `/checkpoint` | Run all quality checks and record results |
+
+### Quality & Orchestration
+
+| Skill | What It Does |
+|-------|-------------|
+| `/quality-gate` | Run all checks: types, lint, format, tests, a11y, security |
+| `/orchestrate` | Coordinate multiple agents for complex tasks |
+| `/harness-audit` | Check AI configuration health |
+
+---
+
+## Security Audit
+
+Run `ai-kit audit` to check your AI agent setup for:
+
+- Secrets accidentally committed in CLAUDE.md or settings
+- Missing hooks or misconfigured agents
+- .env files not gitignored
+- MCP server security
+- Overall configuration health score (A-F grade)

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mikulgohil/ai-kit",
-  "version": "1.1.0",
-  "description": "AI-assisted development setup kit. Auto-detects your tech stack and generates tailored CLAUDE.md, .cursorrules, slash commands, and developer guides.",
+  "version": "1.3.0",
+  "description": "AI-assisted development setup kit. Auto-detects your tech stack and generates tailored CLAUDE.md, .cursorrules, hooks, agents, context modes, slash commands, and developer guides.",
   "type": "module",
   "bin": {
     "ai-kit": "./dist/index.js"
@@ -11,7 +11,9 @@
     "templates",
     "commands",
     "guides",
-    "docs-scaffolds"
+    "docs-scaffolds",
+    "agents",
+    "contexts"
   ],
   "scripts": {
     "build": "tsup",
@@ -36,7 +38,10 @@
     "sitecore",
     "docker",
     "storybook",
-    "i18n"
+    "i18n",
+    "hooks",
+    "agents",
+    "security-audit"
   ],
   "author": "Mikul Gohil",
   "license": "MIT",

package/templates/claude-md/nextjs-app-router.md

@@ -22,8 +22,42 @@ app/
   api/                ← Route Handlers
 ```
 
+## Server Actions
+- Use `'use server'` directive at the top of the file or inline in a function
+- For form handling: pass Server Action directly to `<form action={myAction}>`
+- Use `useActionState` (React 19) for form state management with pending/error states
+- Always validate input with Zod before processing
+- Call `revalidatePath()` or `revalidateTag()` after mutations to update cached data
+- Return structured results `{ success, error, data }` — do not throw from Server Actions
+
+## Streaming & Suspense
+- Use `loading.tsx` for route-level loading states (automatic Suspense boundary)
+- Wrap slow data-fetching components in `<Suspense fallback={...}>` for granular streaming
+- Nested Suspense boundaries enable progressive page rendering
+- `loading.tsx` applies to the entire route segment; `<Suspense>` is per-component
+
+## Route Groups & Layouts
+- Use `(groupName)/` directories to organize routes without affecting URL structure
+- Route groups can have their own `layout.tsx` for section-specific layouts
+- Example: `(marketing)/about/page.tsx` → URL is `/about`, not `/(marketing)/about`
+- Use parallel routes (`@slot/`) for independent loading states within a layout
+
+## Middleware
+- Place `middleware.ts` in the project root (next to `app/`)
+- Use `matcher` config to scope middleware to specific routes
+- Common uses: authentication guards, redirects, i18n locale detection, Sitecore preview mode
+- Middleware runs on the Edge — use only Edge-compatible APIs (no Node.js fs, path, etc.)
+
+## ISR (Incremental Static Regeneration)
+- Set `revalidate` in `fetch()` options: `fetch(url, { next: { revalidate: 60 } })`
+- Use `export const revalidate = 60` at the page/layout level for time-based ISR
+- Use `revalidateTag(tag)` or `revalidatePath(path)` in Server Actions for on-demand ISR
+- Tag fetches with `fetch(url, { next: { tags: ['posts'] } })` for targeted revalidation
+
 ## Common Mistakes to Avoid
 - Don't use `useEffect` for data fetching in Server Components
 - Don't import server-only code in Client Components
 - Don't use `router.push` for simple navigation — use `<Link>`
-- Don't forget to add `loading.tsx` for route transitions
+- Don't forget to add `loading.tsx` for route transitions
+- Don't throw errors from Server Actions — return error objects instead
+- Don't use Node.js APIs in Middleware — it runs on the Edge runtime

package/templates/claude-md/sitecore-xmc.md

@@ -6,8 +6,9 @@
 - Use `@sitecore-jss/sitecore-jss-nextjs` or `@sitecore-content-sdk/nextjs` for component bindings
 
 ## Component Patterns
+
+### JSS-based (v21.x)
 ```typescript
-// Standard Sitecore component pattern
 import { Text, RichText, Image, Link } from '@sitecore-jss/sitecore-jss-nextjs';
 import type { ComponentRendering, ComponentFields } from '@sitecore-jss/sitecore-jss-nextjs';
 
@@ -31,6 +32,100 @@ const MyComponent = ({ fields }: MyComponentProps): JSX.Element => (
 export default MyComponent;
 ```
 
+### Content SDK v2.x
+```typescript
+import { Text, RichText, Image, Link } from '@sitecore-content-sdk/nextjs';
+import type { ComponentRendering, ComponentFields, Field } from '@sitecore-content-sdk/nextjs';
+
+interface MyComponentFields extends ComponentFields {
+  heading: Field<string>;
+  body: Field<string>;
+}
+
+type MyComponentProps = {
+  rendering: ComponentRendering;
+  fields: MyComponentFields;
+};
+
+const MyComponent = ({ fields }: MyComponentProps): JSX.Element => (
+  <div>
+    <Text field={fields.heading} tag="h2" />
+    <RichText field={fields.body} />
+  </div>
+);
+
+export default MyComponent;
+```
+
+## Experience Edge GraphQL
+- Use Experience Edge for cross-page queries: navigation, search indexes, content listings
+- Endpoint: `https://edge.sitecorecloud.io/api/graphql/v1`
+- Authenticate with `sc_apikey` header
+- Paginate with `first` and `after` parameters
+- Cache responses with appropriate TTL — Edge content is published/read-only
+
+```graphql
+query NavigationQuery($rootPath: String!, $language: String!) {
+  search(
+    where: {
+      AND: [
+        { name: "_path", value: $rootPath, operator: CONTAINS }
+        { name: "_language", value: $language }
+        { name: "_templatename", value: "Navigation Item" }
+      ]
+    }
+    first: 50
+  ) {
+    results {
+      name
+      url { path }
+      ... on NavigationItem {
+        title { value }
+        link { jsonValue }
+      }
+    }
+  }
+}
+```
+
+## Sitecore Image Optimization
+- Use `next/image` with Sitecore image fields for responsive images
+- Extract `src`, `alt`, `width`, `height` from the Sitecore `ImageField` value
+- Configure Sitecore CDN domain in `next.config.js` `images.remotePatterns`
+
+```typescript
+import NextImage from 'next/image';
+import type { ImageField } from '@sitecore-jss/sitecore-jss-nextjs';
+
+function OptimizedImage({ field }: { field: ImageField }) {
+  if (!field?.value?.src) return null;
+  const { src, alt, width, height } = field.value;
+  return (
+    <NextImage
+      src={src}
+      alt={alt || ''}
+      width={Number(width) || 800}
+      height={Number(height) || 600}
+    />
+  );
+}
+```
+
+## Personalization & Variants
+- Sitecore delivers personalized component variants via Layout Service
+- Personalized pages require SSR — they cannot be statically generated
+- Component variants are transparent to the React component — same props, different data
+- Test both default and personalized rendering in development
+
+## Environment Setup
+Required `.env.local` variables for XM Cloud:
+```
+SITECORE_API_KEY=your-api-key
+SITECORE_API_HOST=https://your-instance.sitecorecloud.io
+GRAPH_QL_ENDPOINT=https://edge.sitecorecloud.io/api/graphql/v1
+SITECORE_SITE_NAME=your-site-name
+```
+
 ## Rules
 - Always use Sitecore field helpers (`<Text>`, `<RichText>`, `<Image>`, `<Link>`) — never render field values directly
 - This enables Experience Editor / Pages inline editing
@@ -43,4 +138,6 @@ export default MyComponent;
 - Don't render `fields.heading.value` directly — use `<Text field={fields.heading} />`
 - Don't hardcode content that should come from Sitecore fields
 - Don't forget to register new components in the component factory
-- Don't use `getStaticProps` directly — use Sitecore's built-in SSG/SSR integration
+- Don't use `getStaticProps` directly — use Sitecore's built-in SSG/SSR integration
+- Don't statically generate personalized pages — they need SSR
+- Don't forget to configure Sitecore CDN domain in `next.config.js` for image optimization

package/templates/claude-md/typescript.md

@@ -11,9 +11,87 @@
 - Use `satisfies` for type-safe object literals when the type is known
 - Use discriminated unions for state management (loading/success/error)
 - Prefer `as const` for literal type inference
+- Use branded types for domain identifiers: `type UserId = string & { readonly __brand: 'UserId' }`
+
+## Sitecore Field Typing
+```typescript
+// Typed component props with Sitecore fields
+import type { Field, ImageField, LinkField, ComponentRendering } from '@sitecore-jss/sitecore-jss-nextjs';
+
+interface HeroBannerFields {
+  heading: Field<string>;
+  body: Field<string>;
+  image: ImageField;
+  cta: LinkField;
+}
+
+type HeroBannerProps = {
+  rendering: ComponentRendering;
+  fields: HeroBannerFields;
+};
+
+// Type guard for checking if a field has a value
+function hasFieldValue<T>(field: Field<T> | undefined): field is Field<T> & { value: T } {
+  return field !== undefined && field.value !== undefined && field.value !== null;
+}
+```
+
+## Next.js Typing
+```typescript
+// Page props (App Router)
+type PageProps = {
+  params: Promise<{ slug: string }>;
+  searchParams: Promise<Record<string, string | string[] | undefined>>;
+};
+
+// Layout props
+type LayoutProps = {
+  children: React.ReactNode;
+  params: Promise<{ locale: string }>;
+};
+
+// Server Action return type
+type ActionResult<T = void> =
+  | { success: true; data: T }
+  | { success: false; error: string };
+
+// Metadata generation
+import type { Metadata } from 'next';
+export async function generateMetadata({ params }: PageProps): Promise<Metadata> { ... }
+```
+
+## Tailwind Type Safety
+```typescript
+// Typed Tailwind config extensions
+import type { Config } from 'tailwindcss';
+
+const config: Config = {
+  content: ['./src/**/*.{ts,tsx}'],
+  theme: {
+    extend: {
+      colors: { brand: { primary: '#...', secondary: '#...' } },
+    },
+  },
+};
+```
+
+## Validation with Zod
+```typescript
+import { z } from 'zod';
+
+// Define schema once — derive TypeScript type from it
+const ContactFormSchema = z.object({
+  name: z.string().min(1, 'Name is required'),
+  email: z.string().email('Invalid email'),
+  message: z.string().min(10, 'Message too short'),
+});
+
+type ContactForm = z.infer<typeof ContactFormSchema>;
+```
 
 ## Common Mistakes to Avoid
 - Don't use `any` to bypass type errors — fix the underlying type issue
 - Don't create unnecessary generic types — use them only when the type genuinely varies
 - Don't duplicate types — import from a shared types file
-- Don't use optional chaining as a substitute for proper null checking
+- Don't use optional chaining as a substitute for proper null checking
+- Don't use `as` type assertions when a type guard or `satisfies` would be safer

package/templates/cursorrules/nextjs-app-router.md

@@ -5,4 +5,9 @@
 - Colocate `loading.tsx`, `error.tsx`, `not-found.tsx` with pages
 - Data fetching: use `fetch()` in Server Components, Server Actions for mutations
 - Use `<Link>` for navigation, `next/image` for images
-- No `useEffect` for data fetching in Server Components
+- No `useEffect` for data fetching in Server Components
+- Server Actions: validate with Zod, return `{ success, error }`, call `revalidatePath`/`revalidateTag` after mutations
+- Streaming: wrap slow components in `<Suspense fallback={...}>` for progressive rendering
+- ISR: use `fetch(url, { next: { revalidate: N } })` or `export const revalidate = N`
+- Middleware: place `middleware.ts` at project root, use `matcher` config, Edge-compatible APIs only
+- Route Groups: use `(groupName)/` for organization without affecting URL paths

package/templates/cursorrules/sitecore-xmc.md

@@ -6,4 +6,8 @@
 - Register new components in the component factory
 - GraphQL queries go in `.graphql` files alongside components
 - Don't use `getStaticProps` directly — use Sitecore's SSG/SSR integration
-- Don't hardcode content that should come from Sitecore fields
+- Don't hardcode content that should come from Sitecore fields
+- Content SDK v2.x: import from `@sitecore-content-sdk/nextjs` instead of `@sitecore-jss/sitecore-jss-nextjs`
+- Experience Edge: use `first`/`after` for pagination, cache responses appropriately
+- Personalized pages require SSR — do not statically generate them
+- Use `next/image` with Sitecore image fields — configure CDN domain in `next.config.js`

package/templates/cursorrules/typescript.md

@@ -5,4 +5,9 @@
 - Use `unknown` over `any` — narrow with type guards
 - No `@ts-ignore` without explanation comments
 - Use `satisfies` for type-safe literals, `as const` for inference
-- Import types from shared files — don't duplicate
+- Import types from shared files — don't duplicate
+- Sitecore: type component fields with `Field<string>`, `ImageField`, `LinkField`
+- Next.js: use `Promise<{ slug: string }>` for `params` in App Router page props
+- Server Actions: return `{ success: true; data: T } | { success: false; error: string }`
+- Validation: define Zod schemas, derive TS types with `z.infer<typeof Schema>`
+- Prefer type guards and `satisfies` over `as` type assertions

package/commands/ci-fix.md

@@ -1,102 +0,0 @@
-# CI/CD Pipeline Debugger
-
-> **Role**: You are a senior DevOps engineer who specializes in CI/CD pipelines, GitHub Actions, and build optimization for modern web applications.
-> **Goal**: Analyze CI/CD configuration files to identify failures, inefficiencies, missing steps, and security gaps, then produce a prioritized improvement plan with specific fixes.
-
-## Mandatory Steps
-
-You MUST follow these steps in order. Do not skip any step.
-
-1. **Identify the Target** — If no file(s) specified in `$ARGUMENTS`, scan for `.github/workflows/*.yml`, `vercel.json`, `.gitlab-ci.yml`, `Jenkinsfile`, and `bitbucket-pipelines.yml`. If none found, ask the user what CI system they use.
-2. **Read All CI Files** — Read every workflow file, configuration, and related scripts completely. Also check `package.json` scripts referenced by CI.
-3. **Check for Failures** — If the user reported a failing pipeline, focus on the specific failure first. Trace the error through the workflow steps.
-4. **Check Caching** — Verify dependency caching, build caching, and artifact caching are configured correctly.
-5. **Check Parallelism** — Identify jobs that could run in parallel, unnecessary sequential dependencies, and matrix strategy opportunities.
-6. **Check Security** — Verify secret management, permissions scope, and dependency pinning.
-
-## Analysis Checklist
-
-### Pipeline Failures
-- Missing environment variables or secrets
-- Incorrect Node.js or runtime version
-- Missing dependencies or build steps
-- Timeout issues on long-running steps
-- Permission errors on artifact uploads or deployments
-
-### Caching
-- Node modules caching (npm, pnpm, yarn)
-- Build cache (Next.js `.next/cache`, Turborepo)
-- Docker layer caching for container builds
-- Cache key strategy (hash of lockfile, not package.json)
-- Cache restoration fallback keys
-
-### Performance
-- Jobs that could run in parallel (lint, typecheck, test)
-- Unnecessary full checkout (fetch-depth: 0 when not needed)
-- Matrix builds for multi-version or multi-platform testing
-- Conditional steps (skip tests if only docs changed)
-- Artifact passing between jobs instead of rebuilding
-
-### Security
-- Permissions scope narrowed (permissions: read-all minimum)
-- Secrets not logged or exposed in step outputs
-- Third-party actions pinned to SHA, not tag
-- Branch protection rules enforced
-- No write permissions on PR workflows from forks
-
-### Missing Steps
-- Linting and type checking
-- Unit and integration tests
-- Build verification
-- Bundle size check
-- Lighthouse or performance audit
-- Security scanning (npm audit, Snyk)
-- Preview deployments for PRs
-
-## Output Format
-
-You MUST structure your response exactly as follows:
-
-```
-## CI/CD Analysis: `[file path]`
-
-### Summary
-- Issues found: [count]
-- Optimization opportunities: [count]
-- Estimated time savings: ~[amount]
-
-### Failures (if applicable)
-[Show error, root cause, and fix with before/after YAML]
-
-### Optimizations (ordered by impact)
-[Show current vs improved config with estimated time savings]
-
-### Recommended Workflow
-[Complete optimized workflow if significant changes needed]
-
-### Verification
-- [ ] Push to a branch and verify the workflow runs
-- [ ] Check that all jobs pass
-- [ ] Compare run time with previous runs
-```
-
-## Self-Check
-
-Before responding, verify:
-- [ ] You read all CI/CD configuration files
-- [ ] You checked every category in the analysis checklist
-- [ ] If a failure was reported, you addressed it first
-- [ ] Every finding includes specific file paths and line numbers
-- [ ] Every finding includes before/after configuration
-- [ ] You estimated the time impact of optimizations
-- [ ] You checked for security best practices
-
-## Constraints
-
-- Do NOT give generic CI/CD advice. Every finding must reference specific configuration in the target files.
-- Do NOT skip any checklist category. If a category has no issues, explicitly state "No issues found."
-- Do NOT suggest changes that would skip important checks (tests, linting) just for speed.
-- If the user reported a specific failure, prioritize diagnosing that failure above all else.
-- Always pin third-party GitHub Actions to a commit SHA in recommendations.
-
-Target: $ARGUMENTS