@slamb2k/mad-skills 2.0.29 → 2.0.31

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "mad-skills",
   "description": "AI-assisted planning, development and governance tools",
-  "version": "2.0.29",
+  "version": "2.0.31",
   "author": {
     "name": "slamb2k",
     "url": "https://github.com/slamb2k"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@slamb2k/mad-skills",
-  "version": "2.0.29",
+  "version": "2.0.31",
   "description": "Claude Code skills collection — full lifecycle development tools",
   "type": "module",
   "repository": {

package/skills/dock/SKILL.md

@@ -128,84 +128,9 @@ For each applicable row, in order:
    - **fallback**: notify user with Detail, continue with degraded behavior
 5. After all checks: summarize what's available and what's degraded
 
-### AzDO Tooling Detection
-
-When `PLATFORM == azdo`, determine which tooling is available. Set `AZDO_MODE`
-for use in all subsequent phases:
-
-```bash
-if az devops -h &>/dev/null; then
-  AZDO_MODE="cli"
-else
-  AZDO_MODE="rest"
-fi
-```
-
-- **`cli`**: Use `az repos` / `az pipelines` commands (preferred)
-- **`rest`**: Use Azure DevOps REST API via `curl`. Requires a PAT (personal
-  access token) in `AZURE_DEVOPS_EXT_PAT` or `AZDO_PAT` env var. If no PAT
-  is found, prompt the user to either install the CLI or set the env var.
-
-Report in pre-flight:
-- ✅ `az devops cli` — version found
-- ⚠️ `az devops cli` — not found → using REST API fallback
-- ❌ `az devops cli` — not found, no PAT configured → halt with setup instructions
-
-### AzDO Configuration Validation
-
-When `PLATFORM == azdo`, extract organization and project from the remote URL
-and validate they are usable. These values are needed by every `az repos` /
-`az pipelines` command and every REST API call.
-
-```bash
-# Extract org and project from remote URL patterns:
-#   https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
-#   https://{ORG}@dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
-#   {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}
-
-REMOTE_URL=$(git remote get-url origin 2>/dev/null)
-
-if echo "$REMOTE_URL" | grep -q 'dev\.azure\.com'; then
-  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/\([^/]*\)/.*|\1|p')
-  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/[^/]*/\([^/]*\)/.*|\1|p')
-  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
-elif echo "$REMOTE_URL" | grep -q 'vs-ssh\.visualstudio\.com'; then
-  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/\([^/]*\)/.*|\1|p')
-  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/[^/]*/\([^/]*\)/.*|\1|p')
-  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
-elif echo "$REMOTE_URL" | grep -q 'visualstudio\.com'; then
-  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*//\([^.]*\)\.visualstudio\.com.*|\1|p')
-  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*/\([^/]*\)/_git/.*|\1|p')
-  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
-fi
-
-if [ -z "$AZDO_ORG" ] || [ -z "$AZDO_PROJECT" ]; then
-  echo "❌ Could not extract organization/project from remote URL"
-  echo "   Remote: $REMOTE_URL"
-  echo ""
-  echo "Ensure the remote URL follows one of these formats:"
-  echo "  https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}"
-  echo "  https://{ORG}.visualstudio.com/{PROJECT}/_git/{REPO}"
-  echo "  {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}"
-  # HALT — cannot proceed without org/project context
-fi
-```
-
-When `AZDO_MODE == cli`, also configure the defaults so commands work correctly:
-```bash
-az devops configure --defaults organization="$AZDO_ORG_URL" project="$AZDO_PROJECT"
-```
-
-When `AZDO_MODE == rest`, store these for API calls:
-- Base URL: `$AZDO_ORG_URL/$AZDO_PROJECT/_apis`
-- Auth header: `Authorization: Basic $(echo -n ":$PAT" | base64)`
-
-Report in pre-flight:
-- ✅ `azdo context` — org: `{AZDO_ORG}`, project: `{AZDO_PROJECT}`
-- ❌ `azdo context` — could not parse from remote URL → halt with instructions
-
-Pass `{AZDO_MODE}`, `{AZDO_ORG}`, `{AZDO_PROJECT}`, `{AZDO_ORG_URL}` into
-all phase prompts alongside `{PLATFORM}`.
+When `PLATFORM == azdo`, follow `references/azdo-platform.md` for tooling
+detection (`AZDO_MODE`) and configuration validation (`AZDO_ORG`, `AZDO_PROJECT`).
+Pass these variables into all phase prompts alongside `{PLATFORM}`.
 
 ---
 

package/skills/dock/references/azdo-platform.md

@@ -0,0 +1,83 @@
+# Azure DevOps Platform Support
+
+Shared procedures for AzDO tooling detection and configuration validation.
+Referenced by SKILL.md during pre-flight when `PLATFORM == azdo`.
+
+## AzDO Tooling Detection
+
+When `PLATFORM == azdo`, determine which tooling is available. Set `AZDO_MODE`
+for use in all subsequent phases:
+
+```bash
+if az devops -h &>/dev/null; then
+  AZDO_MODE="cli"
+else
+  AZDO_MODE="rest"
+fi
+```
+
+- **`cli`**: Use `az repos` / `az pipelines` commands (preferred)
+- **`rest`**: Use Azure DevOps REST API via `curl`. Requires a PAT (personal
+  access token) in `AZURE_DEVOPS_EXT_PAT` or `AZDO_PAT` env var. If no PAT
+  is found, prompt the user to either install the CLI or set the env var.
+
+Report in pre-flight:
+- ✅ `az devops cli` — version found
+- ⚠️ `az devops cli` — not found → using REST API fallback
+- ❌ `az devops cli` — not found, no PAT configured → halt with setup instructions
+
+## AzDO Configuration Validation
+
+When `PLATFORM == azdo`, extract organization and project from the remote URL
+and validate they are usable. These values are needed by every `az repos` /
+`az pipelines` command and every REST API call.
+
+```bash
+# Extract org and project from remote URL patterns:
+#   https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
+#   https://{ORG}@dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
+#   {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}
+
+REMOTE_URL=$(git remote get-url origin 2>/dev/null)
+
+if echo "$REMOTE_URL" | grep -q 'dev\.azure\.com'; then
+  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/\([^/]*\)/.*|\1|p')
+  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/[^/]*/\([^/]*\)/.*|\1|p')
+  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
+elif echo "$REMOTE_URL" | grep -q 'vs-ssh\.visualstudio\.com'; then
+  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/\([^/]*\)/.*|\1|p')
+  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/[^/]*/\([^/]*\)/.*|\1|p')
+  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
+elif echo "$REMOTE_URL" | grep -q 'visualstudio\.com'; then
+  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*//\([^.]*\)\.visualstudio\.com.*|\1|p')
+  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*/\([^/]*\)/_git/.*|\1|p')
+  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
+fi
+
+if [ -z "$AZDO_ORG" ] || [ -z "$AZDO_PROJECT" ]; then
+  echo "❌ Could not extract organization/project from remote URL"
+  echo "   Remote: $REMOTE_URL"
+  echo ""
+  echo "Ensure the remote URL follows one of these formats:"
+  echo "  https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}"
+  echo "  https://{ORG}.visualstudio.com/{PROJECT}/_git/{REPO}"
+  echo "  {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}"
+  # HALT — cannot proceed without org/project context
+fi
+```
+
+When `AZDO_MODE == cli`, also configure the defaults so commands work correctly:
+```bash
+az devops configure --defaults organization="$AZDO_ORG_URL" project="$AZDO_PROJECT"
+```
+
+When `AZDO_MODE == rest`, store these for API calls:
+- Base URL: `$AZDO_ORG_URL/$AZDO_PROJECT/_apis`
+- Auth header: `Authorization: Basic $(echo -n ":$PAT" | base64)`
+
+Report in pre-flight:
+- ✅ `azdo context` — org: `{AZDO_ORG}`, project: `{AZDO_PROJECT}`
+- ❌ `azdo context` — could not parse from remote URL → halt with instructions
+
+Pass `{AZDO_MODE}`, `{AZDO_ORG}`, `{AZDO_PROJECT}`, `{AZDO_ORG_URL}` into
+all phase prompts alongside `{PLATFORM}`.

package/skills/keel/SKILL.md

@@ -124,84 +124,9 @@ For each applicable row, in order:
    - **fallback**: notify user with Detail, continue with degraded behavior
 5. After all checks: summarize what's available and what's degraded
 
-### AzDO Tooling Detection
-
-When `PLATFORM == azdo`, determine which tooling is available. Set `AZDO_MODE`
-for use in all subsequent phases:
-
-```bash
-if az devops -h &>/dev/null; then
-  AZDO_MODE="cli"
-else
-  AZDO_MODE="rest"
-fi
-```
-
-- **`cli`**: Use `az repos` / `az pipelines` commands (preferred)
-- **`rest`**: Use Azure DevOps REST API via `curl`. Requires a PAT (personal
-  access token) in `AZURE_DEVOPS_EXT_PAT` or `AZDO_PAT` env var. If no PAT
-  is found, prompt the user to either install the CLI or set the env var.
-
-Report in pre-flight:
-- ✅ `az devops cli` — version found
-- ⚠️ `az devops cli` — not found → using REST API fallback
-- ❌ `az devops cli` — not found, no PAT configured → halt with setup instructions
-
-### AzDO Configuration Validation
-
-When `PLATFORM == azdo`, extract organization and project from the remote URL
-and validate they are usable. These values are needed by every `az repos` /
-`az pipelines` command and every REST API call.
-
-```bash
-# Extract org and project from remote URL patterns:
-#   https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
-#   https://{ORG}@dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
-#   {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}
-
-REMOTE_URL=$(git remote get-url origin 2>/dev/null)
-
-if echo "$REMOTE_URL" | grep -q 'dev\.azure\.com'; then
-  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/\([^/]*\)/.*|\1|p')
-  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/[^/]*/\([^/]*\)/.*|\1|p')
-  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
-elif echo "$REMOTE_URL" | grep -q 'vs-ssh\.visualstudio\.com'; then
-  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/\([^/]*\)/.*|\1|p')
-  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/[^/]*/\([^/]*\)/.*|\1|p')
-  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
-elif echo "$REMOTE_URL" | grep -q 'visualstudio\.com'; then
-  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*//\([^.]*\)\.visualstudio\.com.*|\1|p')
-  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*/\([^/]*\)/_git/.*|\1|p')
-  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
-fi
-
-if [ -z "$AZDO_ORG" ] || [ -z "$AZDO_PROJECT" ]; then
-  echo "❌ Could not extract organization/project from remote URL"
-  echo "   Remote: $REMOTE_URL"
-  echo ""
-  echo "Ensure the remote URL follows one of these formats:"
-  echo "  https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}"
-  echo "  https://{ORG}.visualstudio.com/{PROJECT}/_git/{REPO}"
-  echo "  {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}"
-  # HALT — cannot proceed without org/project context
-fi
-```
-
-When `AZDO_MODE == cli`, also configure the defaults so commands work correctly:
-```bash
-az devops configure --defaults organization="$AZDO_ORG_URL" project="$AZDO_PROJECT"
-```
-
-When `AZDO_MODE == rest`, store these for API calls:
-- Base URL: `$AZDO_ORG_URL/$AZDO_PROJECT/_apis`
-- Auth header: `Authorization: Basic $(echo -n ":$PAT" | base64)`
-
-Report in pre-flight:
-- ✅ `azdo context` — org: `{AZDO_ORG}`, project: `{AZDO_PROJECT}`
-- ❌ `azdo context` — could not parse from remote URL → halt with instructions
-
-Pass `{AZDO_MODE}`, `{AZDO_ORG}`, `{AZDO_PROJECT}`, `{AZDO_ORG_URL}` into
-all phase prompts alongside `{PLATFORM}`.
+When `PLATFORM == azdo`, follow `references/azdo-platform.md` for tooling
+detection (`AZDO_MODE`) and configuration validation (`AZDO_ORG`, `AZDO_PROJECT`).
+Pass these variables into all phase prompts alongside `{PLATFORM}`.
 
 ---
 
@@ -247,160 +172,16 @@ Read the full interview flow from `references/interview-guide.md#interview-quest
 The interview covers these topics in order. Skip questions where detection provided
 high-confidence answers (but confirm with the user).
 
-### 2.1 — Cloud Provider
-
-```
-Which cloud provider(s) will host your infrastructure?
-
-Options:
-1. Azure (Recommended if Azure signals detected)
-2. AWS
-3. Google Cloud
-4. Multi-cloud
-5. Self-hosted / VPS (Dokku, Coolify, CapRover)
-```
-
-If /dock has already run, infer from the deployment targets chosen there.
-
-### 2.2 — IaC Tool
-
-Suggest based on cloud provider:
-- Azure → Bicep (native) or Terraform (universal)
-- AWS → Terraform or CDK
-- GCP → Terraform or Pulumi
-- Multi-cloud → Terraform
-- Self-hosted → Terraform (for VPS provisioning) or skip IaC
-
-```
-Which Infrastructure as Code tool do you want to use?
-
-Options:
-1. Terraform (Recommended — universal, multi-cloud)
-2. Bicep (Azure-native, simpler syntax)
-3. Pulumi (code-first, TypeScript/Python/Go)
-4. AWS CDK (AWS-native, TypeScript/Python)
-```
-
-### 2.3 — Infrastructure Components
-
-Present a checklist based on detected needs. The goal is to provision everything
-/dock needs to deploy to, plus supporting services.
+Topics covered (full prompts and options in `references/interview-guide.md`):
 
-```
-Which infrastructure components do you need?
-
-Container platform:
-  [x] Container registry (required for /dock)
-  [ ] Kubernetes cluster (AKS/EKS/GKE)
-  [ ] Serverless containers (Container Apps/Fargate/Cloud Run)
-  [ ] Self-hosted PaaS (Dokku/Coolify/CapRover on VPS)
-
-Data:
-  [ ] Managed database (PostgreSQL, MySQL, SQL Server, etc.)
-  [ ] Cache (Redis, Memcached)
-  [ ] Object storage (S3, Blob Storage, GCS)
-  [ ] Message queue (SQS, Service Bus, Pub/Sub)
-
-Networking:
-  [ ] DNS zone
-  [ ] CDN / Front Door
-  [ ] Virtual network / VPC
-  [ ] Load balancer (if not using platform-managed)
-  [ ] API Gateway
-
-Security:
-  [ ] Key Vault / Secrets Manager
-  [ ] Managed identity / IAM roles
-  [ ] SSL/TLS certificates
-
-Monitoring:
-  [ ] Log aggregation (Application Insights, CloudWatch, Cloud Logging)
-  [ ] Metrics / dashboards
-  [ ] Alerts
-```
-
-Auto-check components if /dock detection or the codebase signals them:
-- Dockerfile found → container registry checked
-- Database migrations found → managed database checked
-- Redis client in deps → cache checked
-- S3/Blob SDK in deps → object storage checked
-
-### 2.4 — Environment Topology
-
-Align with /dock's environments if it has run. Otherwise ask:
-
-```
-How many environments do you need?
-
-Options:
-1. Simple: dev + prod (Recommended for starting out)
-2. Standard: dev + staging + prod
-3. Custom: define your own
-```
-
-Each environment gets its own IaC state and variable set. Resource sizing
-scales with the environment tier (dev=small, staging=medium, prod=large).
-
-### 2.5 — State Management
-
-Where to store IaC state (critical for team collaboration):
-
-**Terraform:**
-```
-Where should Terraform state be stored?
-
-Options:
-1. Azure Blob Storage (Recommended for Azure)
-2. AWS S3 + DynamoDB (Recommended for AWS)
-3. Google Cloud Storage (Recommended for GCP)
-4. Terraform Cloud
-5. Local (not recommended for teams)
-```
-
-**Bicep:** No state management needed (Azure Resource Manager handles it).
-
-**Pulumi:** Pulumi Cloud (default) or self-managed backend.
-
-**CDK:** CloudFormation handles state.
-
-### 2.6 — CI/CD for Infrastructure
-
-```
-How should infrastructure changes be applied?
-
-Options:
-1. Plan on PR, apply on merge (Recommended)
-2. Plan on PR, manual apply via approval
-3. Plan and apply on merge (no PR preview)
-```
-
-All options generate a pipeline. Option 1 is the default and safest for teams.
-
-### 2.7 — Naming Convention
-
-```
-What naming convention should resources use?
-
-Options:
-1. Azure CAF style: {resource-type}-{project}-{env}-{region} (Recommended)
-2. Simple: {project}-{resource}-{env}
-3. Custom prefix: {user-defined}
-```
-
-### 2.8 — Integration with /dock
-
-If /dock artifacts exist, ask:
-```
-I found /dock deployment config. Should /keel provision the infrastructure
-those pipelines deploy to?
-
-Detected targets:
-  dev:     {platform}
-  staging: {platform}
-  prod:    {platform}
-
-I'll provision: container registry, {platform}-specific compute, networking.
-```
+1. **Cloud Provider** — Azure, AWS, GCP, Multi-cloud, Self-hosted. Infer from /dock if it has run.
+2. **IaC Tool** — Suggest by cloud: Azure→Bicep/Terraform, AWS→Terraform/CDK, GCP→Terraform/Pulumi, Multi-cloud→Terraform.
+3. **Infrastructure Components** — Checklist: container platform, data (DB, cache, storage, queues), networking, security, monitoring. Auto-check from codebase signals (Dockerfile→registry, migrations→DB, Redis client→cache).
+4. **Environment Topology** — Simple (dev+prod), Standard (dev+staging+prod), or Custom. Align with /dock if it has run.
+5. **State Management** — Terraform: cloud storage per provider. Bicep: ARM handles it. Pulumi: Pulumi Cloud. CDK: CloudFormation.
+6. **CI/CD Strategy** — Plan on PR + apply on merge (recommended), manual apply, or auto-apply.
+7. **Naming Convention** — CAF style, simple, or custom prefix.
+8. **Integration with /dock** — If /dock artifacts exist, offer to provision their deployment targets.
 
 **If `--skip-interview`**: Use detected defaults + sensible defaults.
 

package/skills/keel/references/azdo-platform.md

@@ -0,0 +1,83 @@
+# Azure DevOps Platform Support
+
+Shared procedures for AzDO tooling detection and configuration validation.
+Referenced by SKILL.md during pre-flight when `PLATFORM == azdo`.
+
+## AzDO Tooling Detection
+
+When `PLATFORM == azdo`, determine which tooling is available. Set `AZDO_MODE`
+for use in all subsequent phases:
+
+```bash
+if az devops -h &>/dev/null; then
+  AZDO_MODE="cli"
+else
+  AZDO_MODE="rest"
+fi
+```
+
+- **`cli`**: Use `az repos` / `az pipelines` commands (preferred)
+- **`rest`**: Use Azure DevOps REST API via `curl`. Requires a PAT (personal
+  access token) in `AZURE_DEVOPS_EXT_PAT` or `AZDO_PAT` env var. If no PAT
+  is found, prompt the user to either install the CLI or set the env var.
+
+Report in pre-flight:
+- ✅ `az devops cli` — version found
+- ⚠️ `az devops cli` — not found → using REST API fallback
+- ❌ `az devops cli` — not found, no PAT configured → halt with setup instructions
+
+## AzDO Configuration Validation
+
+When `PLATFORM == azdo`, extract organization and project from the remote URL
+and validate they are usable. These values are needed by every `az repos` /
+`az pipelines` command and every REST API call.
+
+```bash
+# Extract org and project from remote URL patterns:
+#   https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
+#   https://{ORG}@dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}
+#   {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}
+
+REMOTE_URL=$(git remote get-url origin 2>/dev/null)
+
+if echo "$REMOTE_URL" | grep -q 'dev\.azure\.com'; then
+  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/\([^/]*\)/.*|\1|p')
+  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*dev\.azure\.com/[^/]*/\([^/]*\)/.*|\1|p')
+  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
+elif echo "$REMOTE_URL" | grep -q 'vs-ssh\.visualstudio\.com'; then
+  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/\([^/]*\)/.*|\1|p')
+  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*vs-ssh\.visualstudio\.com:v3/[^/]*/\([^/]*\)/.*|\1|p')
+  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
+elif echo "$REMOTE_URL" | grep -q 'visualstudio\.com'; then
+  AZDO_ORG=$(echo "$REMOTE_URL" | sed -n 's|.*//\([^.]*\)\.visualstudio\.com.*|\1|p')
+  AZDO_PROJECT=$(echo "$REMOTE_URL" | sed -n 's|.*/\([^/]*\)/_git/.*|\1|p')
+  AZDO_ORG_URL="https://dev.azure.com/$AZDO_ORG"
+fi
+
+if [ -z "$AZDO_ORG" ] || [ -z "$AZDO_PROJECT" ]; then
+  echo "❌ Could not extract organization/project from remote URL"
+  echo "   Remote: $REMOTE_URL"
+  echo ""
+  echo "Ensure the remote URL follows one of these formats:"
+  echo "  https://dev.azure.com/{ORG}/{PROJECT}/_git/{REPO}"
+  echo "  https://{ORG}.visualstudio.com/{PROJECT}/_git/{REPO}"
+  echo "  {ORG}@vs-ssh.visualstudio.com:v3/{ORG}/{PROJECT}/{REPO}"
+  # HALT — cannot proceed without org/project context
+fi
+```
+
+When `AZDO_MODE == cli`, also configure the defaults so commands work correctly:
+```bash
+az devops configure --defaults organization="$AZDO_ORG_URL" project="$AZDO_PROJECT"
+```
+
+When `AZDO_MODE == rest`, store these for API calls:
+- Base URL: `$AZDO_ORG_URL/$AZDO_PROJECT/_apis`
+- Auth header: `Authorization: Basic $(echo -n ":$PAT" | base64)`
+
+Report in pre-flight:
+- ✅ `azdo context` — org: `{AZDO_ORG}`, project: `{AZDO_PROJECT}`
+- ❌ `azdo context` — could not parse from remote URL → halt with instructions
+
+Pass `{AZDO_MODE}`, `{AZDO_ORG}`, `{AZDO_PROJECT}`, `{AZDO_ORG_URL}` into
+all phase prompts alongside `{PLATFORM}`.

package/skills/manifest.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-03-12T15:57:08.604Z",
+  "generated": "2026-03-13T00:14:06.892Z",
   "count": 10,
   "skills": [
     {
@@ -36,7 +36,7 @@
       "name": "dock",
       "directory": "dock",
       "description": ">- Generate container-based release pipelines that build once and promote immutable artifacts through environments (dev → staging → prod). Detects your stack, interviews for infrastructure choices, then outputs deterministic CI/CD files (Dockerfile, workflows, deployment manifests) that run without an LLM. Use when setting up deployment pipelines, containerizing an app, creating release workflows, or connecting CI to container-friendly infrastructure (Azure Container Apps, AWS Fargate, Google Cloud Run, Kubernetes, Dokku, Coolify, CapRover, etc.).",
-      "lines": 506,
+      "lines": 431,
       "hasScripts": false,
       "hasReferences": true,
       "hasAssets": false,
@@ -46,7 +46,7 @@
       "name": "keel",
       "directory": "keel",
       "description": ">- Generate Infrastructure as Code (IaC) pipelines that provision the cloud and container infrastructure your app deploys to. Interview-driven: detects your stack and cloud provider, then outputs deterministic IaC files (Terraform, Bicep, Pulumi, or CDK) plus CI/CD pipelines that plan on PR and apply on merge. Use when setting up cloud infrastructure, provisioning container registries, databases, networking, DNS, or any infrastructure that containers deploy onto. Designed to run before /dock — /keel lays the infrastructure, /dock deploys to it.",
-      "lines": 638,
+      "lines": 419,
       "hasScripts": false,
       "hasReferences": true,
       "hasAssets": false,
@@ -76,7 +76,7 @@
       "name": "ship",
       "directory": "ship",
       "description": "\"Ship changes through the full PR lifecycle. Use after completing feature work to commit, push, create PR, wait for checks, and merge. Handles the entire workflow: syncs with main, creates feature branch if needed, groups commits logically with semantic messages, creates detailed PR, monitors CI, fixes issues, squash merges, and cleans up. Invoke when work is ready to ship.\"",
-      "lines": 356,
+      "lines": 374,
       "hasScripts": false,
       "hasReferences": true,
       "hasAssets": false,

package/skills/ship/SKILL.md

@@ -259,15 +259,21 @@ suggest the manual PR creation command. Do NOT revert the push.
 
 ---
 
-## Stage 3: Wait for CI
+## Stage 3 + 4: CI Watch & Fix Loop
 
-Launch **Bash subagent** in the **background** (haiku — just polling):
+Run CI monitoring in the **foreground** so failures are caught and fixed
+immediately. This stage loops: watch → detect failure → fix → push → watch again.
+
+**Maximum 2 fix attempts.** If CI still fails after 2 rounds, report to user and stop.
+
+### Watch
+
+Launch **Bash subagent** (haiku — polling):
 
 ```
 Task(
   subagent_type: "Bash",
   model: "haiku",
-  run_in_background: true,
   description: "Monitor CI checks",
   prompt: <read from references/stage-prompts.md#stage-3>
 )
@@ -276,18 +282,14 @@ Task(
 Substitute `{PR_NUMBER}`, `{BRANCH}`, `{PLATFORM}`, `{AZDO_MODE}`,
 `{AZDO_ORG}`, `{AZDO_ORG_URL}`, `{AZDO_PROJECT}`, `{PAT}` into the prompt.
 
-While CI runs in the background, briefly inform the user:
-```
-CI running for PR #{pr_number}... waiting for checks.
-```
+Briefly inform the user: `⏳ Watching CI for PR #{pr_number}...`
 
-When the background task completes, read the output file and parse CHECKS_REPORT.
+Parse CHECKS_REPORT when the subagent returns.
 
----
+### Fix (if needed)
 
-## Stage 4: Fix Failing Checks (if needed)
-
-If CHECKS_REPORT shows failures, launch **general-purpose subagent**:
+If CHECKS_REPORT shows `some_failed`, **immediately** launch a fix subagent —
+do not wait, do not ask the user:
 
 ```
 Task(
@@ -300,8 +302,24 @@ Task(
 Substitute `{PR_NUMBER}`, `{BRANCH}`, `{FAILING_CHECKS}`, `{PLATFORM}`,
 `{AZDO_MODE}`, `{AZDO_ORG}`, `{AZDO_ORG_URL}`, `{AZDO_PROJECT}`, `{PAT}` into the prompt.
 
-If fixed, return to Stage 3 (run CI watch again).
-If unable to fix after 2 attempts, report to user and stop.
+The fix subagent MUST commit and push before returning. Once it returns,
+**immediately loop back to Watch** to re-check CI.
+
+### Loop summary
+
+```
+attempt = 0
+while attempt < 2:
+  CHECKS = run_watch()
+  if CHECKS.status == "all_passed" or CHECKS.status == "no_checks":
+    break  → proceed to Stage 5
+  attempt += 1
+  run_fix(CHECKS.failing_checks)
+  → loop back to watch
+
+if attempt == 2 and still failing:
+  report failures to user, stop
+```
 
 ---
 

package/skills/ship/references/stage-prompts.md

@@ -147,7 +147,8 @@ SHIP_REPORT:
 **Agent:** Bash (haiku, background)
 
 ```
-Monitor PR/pipeline status checks until complete.
+Monitor PR/pipeline status checks until complete. Fail fast — stop polling the
+moment any check fails so fixes can start immediately.
 
 Limit CHECKS_REPORT to 10 lines maximum.
 
@@ -159,8 +160,8 @@ BRANCH: {BRANCH}
 
 **If PLATFORM == github:**
 
-1. **Wait for checks to complete**
-   gh pr checks {PR_NUMBER} --watch
+1. **Wait for checks — fail fast on first failure**
+   gh pr checks {PR_NUMBER} --watch --fail-fast
 
 2. **Report final status**
    gh pr checks {PR_NUMBER}
@@ -190,9 +191,9 @@ BRANCH: {BRANCH}
    ```
    If no policies exist either, report `no_checks`.
 
-2. **Wait for runs to complete — with fail-fast** (max 30 minutes, check every 30s)
+2. **Wait for runs to complete — with fail-fast** (max 30 minutes, check every 15s)
    ```
-   for i in $(seq 1 60); do
+   for i in $(seq 1 120); do
      # Check for failures FIRST — stop immediately if any run has failed
      FAILED=$(az pipelines runs list --branch "$BRANCH" --top 5 \
        --org "{AZDO_ORG_URL}" --project "{AZDO_PROJECT}" \
@@ -207,7 +208,7 @@ BRANCH: {BRANCH}
        --org "{AZDO_ORG_URL}" --project "{AZDO_PROJECT}" \
        --query "[?status=='inProgress'] | length(@)" -o tsv 2>/dev/null)
      if [ "$IN_PROGRESS" = "0" ] || [ -z "$IN_PROGRESS" ]; then break; fi
-     sleep 30
+     sleep 15
    done
    ```
 
@@ -259,9 +260,9 @@ BRANCH: {BRANCH}
    ```
    If no evaluations exist either, report `no_checks`.
 
-2. **Wait for runs to complete — with fail-fast** (max 30 minutes, check every 30s)
+2. **Wait for runs to complete — with fail-fast** (max 30 minutes, check every 15s)
    ```
-   for i in $(seq 1 60); do
+   for i in $(seq 1 120); do
      BUILDS_JSON=$(curl -s -H "$AUTH" "$BUILDS_URL")
 
      # Check for failures FIRST
@@ -274,7 +275,7 @@ BRANCH: {BRANCH}
      # Check if anything still running
      IN_PROGRESS=$(echo "$BUILDS_JSON" | jq '[.value[] | select(.status=="inProgress")] | length')
      if [ "$IN_PROGRESS" = "0" ]; then break; fi
-     sleep 30
+     sleep 15
    done
    ```