@slamb2k/mad-skills 2.0.49 → 2.0.51

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "mad-skills",
   "description": "AI-assisted planning, development and governance tools",
-  "version": "2.0.49",
+  "version": "2.0.51",
   "author": {
     "name": "slamb2k",
     "url": "https://github.com/slamb2k"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@slamb2k/mad-skills",
-  "version": "2.0.49",
+  "version": "2.0.51",
   "description": "Claude Code skills collection — full lifecycle development tools",
   "type": "module",
   "repository": {

package/skills/brace/SKILL.md

@@ -308,17 +308,23 @@ unknown). Platform detection and all CLI/REST commands are in
 1. Detect platform from `git remote get-url origin`
 2. **GitHub:** Check existing protection via `gh api`. If unprotected, ask via
    AskUserQuestion:
-   - "Yes, require PR reviews (Recommended)" — require 1 approval, block force push
+   - "Yes, require PR reviews (team project — Recommended)" — require 1 approval, block force push + deletion
+   - "Yes, protect branch without review requirement (solo project)" — block force push + deletion, no reviewer gate so `/ship` squash-merges without `--admin`
    - "Skip" — leave unprotected
 3. **Azure DevOps:** Extract org/project from remote URL. Check existing
    policies via `az repos` CLI or REST fallback. If no minimum reviewer
-   policy, ask via AskUserQuestion (same options as GitHub).
+   policy, ask via AskUserQuestion:
+   - "Yes, require PR reviews (team project — Recommended)" — 1 approver, creator votes do not count
+   - "Yes, PR required, author can self-approve (solo project)" — same approver policy but `creator-vote-counts=true` so the author's own vote satisfies the gate
+   - "Skip" — no policy applied
 4. **Unknown platform:** Skip and report.
 
-If user accepts, apply using the procedures in
-`references/branch-protection-steps.md`.
+Apply the variant matching the user's choice using the procedures in
+`references/branch-protection-steps.md` (see "Apply protection — team
+project" vs "Apply protection — solo project" for each platform).
 
-Include result in the final report under a "🔒 Branch protection" section.
+Include result in the final report under a "🔒 Branch protection" section,
+labelled with the chosen variant (team / solo / skipped).
 
 ---
 

package/skills/brace/assets/global-preferences-template.md

@@ -53,4 +53,24 @@ These defaults apply to all projects. Override in a project-level CLAUDE.md.
 - When a workflow fails mid-execution, preserve intermediate outputs
 - Verify output format before chaining into another tool or step
 
+## Commit Discipline
+
+Reinforces Claude Code's built-in "only commit when explicitly asked" rule.
+Restated here because LLMs drift on implicit system-prompt rules under
+long-session pressure.
+
+- **Do not commit, push, create PRs, or merge unless the user explicitly
+  asks.** A feature request ("can you add X") is an edit request, not a
+  ship request. Make the edits, run validate/lint/tests, then stop and
+  ask before any `git commit`, `git push`, `gh pr create`, or merge
+  operation.
+- **Skill invocation is the explicit authorization.** `/ship`, `/build`,
+  `/commit`, and similar skills constitute consent to commit as part of
+  their defined flow. Running their **component scripts** manually
+  (`merge.sh`, `ci-watch.sh`, `sync.sh`) is **not** — those are skill
+  internals, not a substitute for the skill.
+- **When shipping is warranted, invoke the skill.** Don't run individual
+  scripts to emulate `/ship` — the skill sequences stages correctly and
+  catches the errors piecemeal execution reintroduces.
+
 END TEMPLATE

package/skills/brace/references/branch-protection-steps.md

@@ -30,7 +30,10 @@ gh api repos/{owner}/{repo}/branches/{default_branch}/protection
 ```
 404 = unprotected.
 
-### Apply protection
+### Apply protection — team project (reviewer gate)
+
+Requires 1 approving review before merge. Use when multiple humans work on
+the repo.
 
 ```bash
 gh api repos/{owner}/{repo}/branches/{default_branch}/protection \
@@ -42,6 +45,34 @@ gh api repos/{owner}/{repo}/branches/{default_branch}/protection \
   -F allow_deletions=false
 ```
 
+### Apply protection — solo project (no reviewer gate)
+
+Keeps force-push and deletion prevention but drops the reviewer
+requirement. Use when you are the only contributor — this is what makes
+`/ship` squash-merge succeed without `gh pr merge --admin`.
+
+The only difference from the team variant is the absence of
+`-f required_pull_request_reviews=...`:
+
+```bash
+gh api repos/{owner}/{repo}/branches/{default_branch}/protection \
+  -X PUT \
+  -f enforce_admins=false \
+  -f restrictions=null \
+  -f required_status_checks=null \
+  -F allow_force_pushes=false \
+  -F allow_deletions=false
+```
+
+**Migrating an existing team-project repo to solo:** if a reviewer policy
+is already in place, remove just that sub-rule without tearing down the
+rest of the protection:
+
+```bash
+gh api --method DELETE \
+  repos/{owner}/{repo}/branches/{default_branch}/protection/required_pull_request_reviews
+```
+
 ---
 
 ## Azure DevOps
@@ -94,7 +125,10 @@ curl -s -H "$AUTH" \
   | jq "[.value[] | select(.settings.scope[]?.refName == \"refs/heads/$default_branch\" and .settings.scope[]?.repositoryId == \"$REPO_ID\")]"
 ```
 
-### Create minimum reviewer policy
+### Create minimum reviewer policy — team project (reviewer gate)
+
+Use when multiple humans review each other's PRs. The PR author's own
+vote does not count toward the minimum approver count.
 
 **CLI:**
 ```bash
@@ -133,3 +167,24 @@ curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \
     }
   }"
 ```
+
+### Create minimum reviewer policy — solo project (author self-approve)
+
+Use when you are the only contributor. A PR is still required before
+merge, but `--creator-vote-counts true` means the author's own vote
+satisfies the 1-approver gate — no second human needed.
+
+**CLI:**
+```bash
+az repos policy approver-count create \
+  --org "$AZDO_ORG_URL" --project "$AZDO_PROJECT" \
+  --repository-id "$REPO_ID" --branch "$default_branch" \
+  --minimum-approver-count 1 \
+  --creator-vote-counts true \
+  --allow-downvotes false \
+  --reset-on-source-push true \
+  --blocking true --enabled true
+```
+
+**REST fallback:** same body as the team variant, but with
+`"creatorVoteCounts": true`.

package/skills/brace/references/claude-md-template.md

@@ -3,11 +3,14 @@
 Template for the generated project CLAUDE.md. The Phase 4 agent substitutes
 `{VARIABLE}` placeholders and writes to the project root.
 
-`{UNIVERSAL_PRINCIPLES}` is populated with the Question & Assumption
-Accountability section when install_level is "project" AND those sections
-are not already present in `~/.claude/CLAUDE.md`. Left empty when
-install_level is "global" (principles are in the global config instead)
-or when the sections would be redundant with existing global content.
+`{UNIVERSAL_PRINCIPLES}` is populated with universal behavioral rules
+(currently: Question & Assumption Accountability and Commit Discipline)
+when install_level is "project" AND those sections are not already present
+in `~/.claude/CLAUDE.md`. Left empty when install_level is "global"
+(principles are in the global config instead) or when the sections would
+be redundant with existing global content. Redundancy is checked
+section-by-section — each section that already exists in global is
+skipped individually rather than dropping the whole substitution.
 
 ---
 

package/skills/brace/references/phase-prompts.md

@@ -164,6 +164,8 @@ skills-based workflow while preserving all other content.
     project CLAUDE.md. Add to SCAFFOLD_REPORT.skipped_redundant.
   - If global contains "## Universal Operating Principles" → SKIP that
     section in project CLAUDE.md. Add to SCAFFOLD_REPORT.skipped_redundant.
+  - If global contains "## Commit Discipline" → SKIP that section in
+    project CLAUDE.md. Add to SCAFFOLD_REPORT.skipped_redundant.
 - For any sections NOT found in global, substitute {UNIVERSAL_PRINCIPLES}
   in the project CLAUDE.md template with only the non-redundant sections
   from the Universal Principles Content below.
@@ -205,6 +207,26 @@ decision must be explicitly recorded and revisited.
 - At the start of new work, check for outstanding items from previous sessions
 - Never close a task with unacknowledged open questions
 
+## Commit Discipline
+
+Reinforces Claude Code's built-in "only commit when explicitly asked" rule.
+Restated here because LLMs drift on implicit system-prompt rules under
+long-session pressure.
+
+- **Do not commit, push, create PRs, or merge unless the user explicitly
+  asks.** A feature request ("can you add X") is an edit request, not a
+  ship request. Make the edits, run validate/lint/tests, then stop and
+  ask before any `git commit`, `git push`, `gh pr create`, or merge
+  operation.
+- **Skill invocation is the explicit authorization.** `/ship`, `/build`,
+  `/commit`, and similar skills constitute consent to commit as part of
+  their defined flow. Running their **component scripts** manually
+  (`merge.sh`, `ci-watch.sh`, `sync.sh`) is **not** — those are skill
+  internals, not a substitute for the skill.
+- **When shipping is warranted, invoke the skill.** Don't run individual
+  scripts to emulate `/ship` — the skill sequences stages correctly and
+  catches the errors piecemeal execution reintroduces.
+
 ## Output Format
 
 SCAFFOLD_REPORT:

package/skills/manifest.json

@@ -1,12 +1,12 @@
 {
-  "generated": "2026-04-20T02:26:55.864Z",
+  "generated": "2026-04-20T03:16:08.071Z",
   "count": 11,
   "skills": [
     {
       "name": "brace",
       "directory": "brace",
       "description": "'Initialize any project directory with a standard scaffold for AI-assisted development. Creates specs/ and context/ directories, a project CLAUDE.md with development workflow and guardrails, .gitignore, and branch protection. Recommends claude-mem for persistent memory. Idempotent — safe to run on existing projects. Triggers: \"init project\", \"setup brace\", \"brace\", \"initialize\", \"bootstrap\", \"scaffold\".'",
-      "lines": 424,
+      "lines": 430,
       "hasScripts": false,
       "hasReferences": true,
       "hasAssets": true,